CN110647641A - Identity authentication method, identity authentication device, computer equipment and storage medium - Google Patents

Identity authentication method, identity authentication device, computer equipment and storage medium Download PDF

Info

Publication number
CN110647641A
CN110647641A CN201910753696.8A CN201910753696A CN110647641A CN 110647641 A CN110647641 A CN 110647641A CN 201910753696 A CN201910753696 A CN 201910753696A CN 110647641 A CN110647641 A CN 110647641A
Authority
CN
China
Prior art keywords
image
user
face image
data
sub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910753696.8A
Other languages
Chinese (zh)
Inventor
杨力郎
吴元新
周水彪
雷志凌
汪艳群
金明
魏尧东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910753696.8A priority Critical patent/CN110647641A/en
Publication of CN110647641A publication Critical patent/CN110647641A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/50Information retrieval; Database structures therefor; File system structures therefor of still image data
    • G06F16/53Querying
    • G06F16/535Filtering based on additional data, e.g. user or group profiles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/50Information retrieval; Database structures therefor; File system structures therefor of still image data
    • G06F16/58Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
    • G06F16/583Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using metadata automatically derived from the content
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Library & Information Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The application relates to an identity authentication method, an identity authentication device, computer equipment and a storage medium. The method comprises the following steps: acquiring service data; the service data comprises a user identification of a target user and a field face image; determining an identity authentication type according to the service scene corresponding to the service data and the user identification; when the identity authentication type is a preset type, generating a query statement of the user identification; inquiring and pulling a reference face image corresponding to the user identification in a multiplexing library based on the inquiry statement; and when the comparison between the field face image and the reference face image is consistent, the identity verification of the target user is passed. By adopting the method, the interaction resources can be saved.

Description

Identity authentication method, identity authentication device, computer equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to an identity authentication method and apparatus, a computer device, and a storage medium.
Background
In various service scenarios, it is often necessary to verify whether a user is himself or herself. With the development of computer technology, a variety of authentication methods have emerged. For example, identity verification based on biological characteristics such as face images and fingerprints. In the traditional mode, the identity verification based on the face image mainly adopts a networking verification mode, a biological feature library interface of a pedestrian or public security department needs to be called, and the face image acquired on site is compared with the corresponding face image in the biological feature library constructed by the pedestrian or the public security department. However, this method requires frequent interface calls and occupies a large amount of interactive resources.
Disclosure of Invention
In view of the foregoing, it is desirable to provide an identity authentication method, apparatus, computer device and storage medium capable of saving interaction resources.
A method of identity verification, the method comprising: acquiring service data; the service data comprises a user identification of a target user and a field face image; determining an identity authentication type according to the service scene corresponding to the service data and the user identification; when the identity authentication type is a preset type, generating a query statement of the user identification; inquiring and pulling a reference face image corresponding to the user identification in a multiplexing library based on the inquiry statement; and when the comparison between the field face image and the reference face image is consistent, the identity verification of the target user is passed.
In one embodiment, the acquiring the service data includes: running the selected first sub-application in the environment provided by the first parent application for running the sub-applications; establishing communication connection between the first sub application program and the second sub application program; the second sub application program runs in the environment for running the sub application program, which is provided by the second parent application program on the user terminal; and receiving a user identifier sent by the user terminal through the sub-application, wherein the user identifier is the identity information of the user stored in the second parent application, acquired by the user terminal through the second sub-application program.
In one embodiment, the acquiring the service data includes: acquiring service data to be transmitted, and screening image data in the service data; storing the screened image data to a first server; receiving an image identifier which is returned by the first server and corresponds to the stored image data; sending character data and image identification in the service data to a second server; when the image data is required to be used, the image data is pulled from the first server according to the image identification.
In one embodiment, before the pulling the reference facial image corresponding to the user identifier in the multiplexing library based on the query statement, the method further includes: synchronizing verified field face images and corresponding attribute information in a plurality of service libraries; the attribute information comprises a user identifier; symmetrically decrypting the on-site face image according to a pre-stored public key; carrying out asymmetric encryption on the field face image obtained by decryption; and storing the encrypted on-site face image as a reference face image of the corresponding user identifier in a multiplexing library.
In one embodiment, the method further comprises: and when the identity authentication type does not belong to a preset type or the reference face image corresponding to the user identifier does not exist in the multiplexing library, calling a data interface to pull the reference face image corresponding to the user identifier from a third-party library.
An authentication apparatus comprising: the field image acquisition module is used for acquiring service data; the service data comprises a user identification of a target user and a field face image; the reference image acquisition module is used for determining an identity authentication type according to the service scene corresponding to the service data and the user identifier; when the identity authentication type is a preset type, generating a query statement of the user identification; inquiring and pulling a reference face image corresponding to the user identification in a multiplexing library based on the inquiry statement; and the image comparison and verification module is used for passing the identity verification of the target user when the comparison between the field face image and the reference face image is consistent.
In one embodiment, the live image acquisition module is further configured to run the selected first sub-application in an environment provided by the first parent application for running the sub-applications; establishing communication connection between the first sub application program and the second sub application program; the second sub application program runs in the environment for running the sub application program, which is provided by the second parent application program on the user terminal; and receiving a user identifier sent by the user terminal through the sub-application, wherein the user identifier is the identity information of the user stored in the second parent application, acquired by the user terminal through the second sub-application program.
In one embodiment, the field image obtaining module is further configured to obtain service data to be transmitted, and filter image data in the service data; storing the screened image data to a first server; receiving an image identifier which is returned by the first server and corresponds to the stored image data; sending character data and image identification in the service data to a second server; when the image data is required to be used, the image data is pulled from the first server according to the image identification.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the authentication method provided in any one of the embodiments of the present application when the processor executes the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the authentication method as provided in any one of the embodiments of the application.
The identity authentication method, the identity authentication device, the computer equipment and the storage medium construct a local multiplexing library for storing the existing client information, and preset different identity authentication modes aiming at the service data of different service scenes. When a service of a preset type of service scene is handled, if the identity of a user needs to be verified, a reference face image serving as a reference can be obtained on the basis of a multiplexing library; if the certificate picture corresponding to the corresponding identity card number exists in the multiplexing library, the reference face image corresponding to the corresponding user identification can be directly extracted from the local multiplexing library, identity verification can be achieved by comparing the reference face image with the field face image, a networking check interface is not required to be called, interaction frequency with a third-party library is reduced, and therefore interaction resources are saved.
Drawings
FIG. 1 is a diagram of an embodiment of an application of the authentication method;
FIG. 2 is a flow diagram of a method of identity verification in one embodiment;
FIG. 3 is a block diagram of the structure of an authentication device in one embodiment;
FIG. 4 is a diagram illustrating an internal structure of a computer device according to an embodiment;
fig. 5 is an internal structural view of a computer device in another embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The identity authentication method provided by the application can be applied to the application environment shown in fig. 1. Referring to fig. 1, the authentication method is applied to an authentication system. The authentication system includes a terminal 110 and a server 120. The authentication method may be performed at the terminal 110 or the server 120. After the terminal 110 may obtain the service data, the terminal 110 performs the authentication on the target user by using the above authentication method. Or the terminal 110 may obtain the service data and then send the service data to the server 120 through the network, and the server 120 performs the authentication on the target user by using the above authentication method. The terminal 102 may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the server 104 may be implemented by a stand-alone server or a server cluster composed of a plurality of servers.
In one embodiment, as shown in fig. 2, an authentication method is provided, which is described by taking the method as an example applied to the terminal or the server in fig. 1, and includes the following steps:
step S202, acquiring service data; the service data comprises a user identification of the target user and a field face image.
When a target user needs to handle a certain service, the service data can be input based on the user terminal of the target user for service handling, or the target user goes to a counter and is assisted by service personnel to input the service data at the service terminal for service handling. For convenience of description, the user terminal, the service terminal, and the server are hereinafter collectively referred to as a computer device. And the computer equipment acquires the service data acquired on site. The content of the service data may be different according to the service to be handled. For example, in the service application scene to be loaned, the service data to be transmitted may be loan approval data, including at least one of loan character data, identity card image data, business license image data, and property card image data.
And if the transacted service needs to be subjected to identity verification, the service data comprises the user identification of the target user and the field face image. The user identifier is identity information capable of uniquely identifying a target user, such as a certificate number, a mobile phone number and the like. The on-site face image refers to a face image acquired in a business handling real scene.
And step S204, determining the authentication type according to the service scene corresponding to the service data and the user identification.
The identity authentication method provided by the embodiment is suitable for various service scenes. Different business scenarios differ with respect to the way of authentication (hereinafter "authentication type"). For example, the service in some service scenarios allows authentication according to a preset authentication type, while the service in some service scenarios does not allow authentication. One of the preset authentication types (hereinafter referred to as a "preset type") is that a corresponding reference face image is first queried in a pre-constructed multiplexing library according to a user identifier, and when the multiplexing library does not have the corresponding reference face image, a third-party interface is called to pull the corresponding reference face image from a third-party library.
And step S206, when the identity verification type is a preset type, generating an inquiry statement of the user identification.
The computer device stores SQL statement templates corresponding to various business scenes in advance. And the computer equipment replaces the query tag in the SQL statement template by using the user identifier of the target user to be verified to obtain a query statement for querying the reference facial image corresponding to the user identifier in the multiplexing library.
And S208, inquiring a reference face image corresponding to the user identification in the multiplexing library based on the inquiry statement.
And the computer equipment inquires whether a reference face image corresponding to the user identification exists in the multiplexing library based on the generated inquiry statement. If the target user is the old user, the computer equipment directly pulls the corresponding reference face image from the multiplexing library for identity verification.
In one embodiment, the authentication method further includes: and when the identity authentication type does not belong to the preset type or the reference face image corresponding to the user identification does not exist in the multiplexing library, calling a data interface to pull the reference face image corresponding to the user identification from the third-party library.
If the identity authentication type does not belong to the preset type, the fact that the identity authentication is not allowed to be carried out according to the mode in the current business is shown, the computer equipment calls a biological feature library interface of the pedestrian or the public security department to pull the reference face image from a third-party library such as a biological feature library of the pedestrian or the public security department.
If the reference face image corresponding to the user identification does not exist in the multiplexing library, the target user is a new user, the computer equipment calls the third-party interface to pull the reference face image from the third-party library according to the mode, and the on-site face image of the target user is compared with the reference face image to realize networking check.
And step S210, when the comparison between the field face image and the reference face image is consistent, the identity verification of the target user is passed.
The computer equipment respectively extracts the image characteristics of the field face image and the reference face image, calculates the similarity of the two image characteristics and compares whether the similarity reaches a threshold value. If yes, passing the identity authentication; and contrarily, the authentication fails.
In one embodiment, the multiplexing library also stores the image features corresponding to each reference face image, so that the corresponding image features can be directly pulled when the subsequent reference face images are used for identity verification, the complexity of frequently extracting the image features from the same image is reduced, the image comparison efficiency is improved, and the identity verification efficiency is further improved.
The unique face image used as the identity verification comparison reference of the user can be accurately determined according to the user identification, so that the face image acquired on site is only required to be compared with the unique face image determined according to the user identification, the identity verification efficiency is further improved, the interference of other biological characteristics in a biological characteristic library on the characteristic comparison process is reduced, and the accuracy of the identity verification result can also be improved.
In this embodiment, a local multiplexing library for storing existing customer information is constructed, and different authentication modes are preset for service data of different service scenarios. When a service of a preset type of service scene is handled, if the identity of a user needs to be verified, a reference face image serving as a reference can be obtained on the basis of a multiplexing library; if the certificate picture corresponding to the corresponding identity card number exists in the multiplexing library, the reference face image corresponding to the corresponding user identification can be directly extracted from the local multiplexing library, identity verification can be achieved by comparing the reference face image with the field face image, a networking check interface is not required to be called, interaction frequency with a third-party library is reduced, and therefore interaction resources are saved.
In one embodiment, obtaining the service data comprises: running the selected first sub-application in the environment provided by the first parent application for running the sub-applications; establishing communication connection between the first sub application program and the second sub application program; the second sub application program runs in the environment for running the sub application program, which is provided by the second parent application program on the user terminal; and receiving a user identifier sent by the user terminal through the sub-application, wherein the user identifier is the identity information of the user stored in the second parent application, acquired by the user terminal through the second sub-application program.
The service terminal runs a first parent application program and a first child application program running on the first parent application program. The user terminal runs a second parent application program and a second child application program running on the second parent application program. And the second sub-application program operated by the user terminal and the first sub-application program operated on the service terminal are in relay communication through the second service platform and the first service platform. The first service platform is a platform for providing services for the first parent application program, and the second service platform is a platform for providing services for the second parent application program. The business terminal can be a tablet personal computer, a gate, a cash register and the like with a face image acquisition function.
The second parent application and the first parent application are native applications running directly on the operating system. For example, the second parent application may be a social application, a mail reference, a payment application, or a gaming application, etc. that is capable of providing identity information of the user to be authenticated. The Social applications include an instant messaging application, an SNS (Social Network Service) application, or a live broadcast application. The first parent application may be a social application, a payment application, or a ticket checking application, etc. capable of performing authentication and performing different business operations according to the authentication result. The second sub-application and the first sub-application are applications that can run in the environment provided by the native application. The second parent application and the first parent application may specifically be communication clients used for interaction between the service party and the user, and the corresponding second child application and the first child application may be referred to as applets (Mini programs). The second sub application and the first sub application may be the same-style sub application having the same function.
The user can automatically run the second sub application program on the second parent application program in advance after the second parent application program is started, can be found by surrounding service terminals, and authorizes the reading authority of the user identification. And when the target user needs to be authenticated, the service terminal sends a connection request to the user terminal through the first sub-application program. The second sub-application responds to the connection request and establishes a communication link with the service terminal. The communication link is a point-to-point transmission channel established between the user terminal and the service terminal based on a preset near field communication mode.
And the user terminal acquires the user identification belonging to the second parent application program through the second child application program. The user identifier is an identifier which is displayed or recorded in the second parent application program and is used for referring to a target user, and specifically may be identity information input by the user when logging in the second parent application program, such as a user account number, a user mobile phone number, and the like; or a character string obtained by encrypting the user identifier and used for uniquely identifying the current user identity may be stored in the identity identifier of the second service platform, such as an openid (user unique identifier) belonging to the instant messaging application, corresponding to the user identifier. And if the user identification read from the second parent application program is the user account, the second child application program further reads the user mobile phone number associated with the user account from the second parent application program, and the read user mobile phone number is determined as the final user identification. And the user terminal sends the user identification to the service terminal based on the communication link, so that the service terminal pulls the reference face image based on the user identification.
In this embodiment, a second sub application having a capability of communicating with the authentication device is run in the second parent application, and the second sub application further has a capability of reading the user identifier from the second parent application based on a connection request initiated by the service terminal and automatically feeding back the read user identifier. By means of the second sub application program, automatic acquisition of the user identification can be achieved, the trouble that the user manually inputs the user identification is avoided, and the authentication efficiency is improved.
In one embodiment, establishing, by a first sub-application on a first parent application, a communication link with a second sub-application on a second parent application on a user terminal comprises: initiating a connection request through a first sub-application running on a first parent application, and sending the connection request to a second sub-application running on a second parent application on a user terminal sequentially through a first service platform corresponding to the first parent application and a second service platform corresponding to the second parent application; and after receiving the response of the second sub application program to the connection request, establishing a communication link with the second sub application program on the second parent application program on the user terminal.
The user can establish a connection with the business party across applications through the second sub-application. Specifically, the user terminal starts and runs the second parent application program, and invokes the second child application program through the second parent application program. The service terminal starts and runs the first parent application program, and invokes the first child application program through the first parent application program. When the target user needs to be authenticated, the service terminal adopts a preset near field communication technology to detect surrounding signals for establishing a communication link in real time, and determines the terminal identification of the user terminal sending the signal with the strength meeting the preset condition through the first sub-application program. The terminal identification can uniquely identify the terminal of the target user, and may be an identification of a signal sent for establishing a communication link. The terminal identifier may specifically be a bluetooth mac Address (media access Control Address) or the like according to different ways of sending the signal for establishing the communication link.
And the first sub application program acquires the second parent application program identifier, and generates a connection request according to the second parent application program identifier and the determined terminal identifier. The first sub-application sends the connection request to the first service platform through the first parent application. After receiving the connection request, the first service platform checks that the second parent application program identifier belongs to the application identifier of the second parent application program, marks the connection request as a cross-application request, and initiates the cross-application connection request to the second service platform corresponding to the second parent application program identifier. And according to the terminal identification carried by the connection request, the second service platform sends the connection request to the corresponding user terminal. And the user terminal responds to the connection request through a second sub application program running on the second parent application program and establishes a communication link with the service terminal.
In this embodiment, only the second sub-application needs to be run in the second parent application, and the first sub-application runs in the first parent application, so that the connection between the user terminal and the service terminal can be realized based on the second service platform corresponding to the existing second parent application and the first service platform corresponding to the first parent application, and the user identifier can be quickly obtained without adding any hardware device.
In one embodiment, obtaining the service data comprises: acquiring service data to be transmitted, and screening image data in the service data; storing the screened image data to a first server; receiving an image identifier which is returned by the first server and corresponds to the stored image data; sending character data and image identification in the service data to a second server; when the image data is required to be used, the image data is pulled from the first server according to the image identification.
If the terminal sends the acquired service data to the server for auditing and checking, the terminal needs to transmit a large amount of service data including image data, and the data volume of the image data is large, so that the transmission time of the service data can be prolonged in the transmission process of the service data, and network congestion is easily caused. In this embodiment, if the terminal sends the service data to the server, and the server performs the authentication on the target user by using the above authentication method, the image data in the service data can be separately stored when the service data is uploaded, so as to improve the data transmission efficiency.
Specifically, the terminal analyzes the service data uploaded by the user, and extracts the identified image data from the service data by analyzing and identifying the image data in the service data. For example, if the service data is loan audit data, the loan audit data comprises loan character data and identity card image data, and the terminal screens the loan audit data to obtain the identity card image data.
The terminal prestores the server address of the first server. The first server is a server for storing image data. And the terminal root sends the screened image data to a first server corresponding to the server address.
In one embodiment, after screening image data, the terminal counts the data volume of the screened image data, compares the counted data volume with a preset data volume, and stores the screened image data to the first server when the counted data volume is larger than the preset data volume; when the counted data amount is smaller than the preset data amount, the service data is directly sent to the second server, i.e., the server 120.
The first server stores the received image data and generates an image identifier corresponding to the stored image data. And the first server returns the generated image identifier to the terminal. The icon identifications correspond to the stored image data one to one. The image identifier may be a storage address of the image data, a result value of a hash operation performed on image feature data in the image data, or a storage number generated in the storage order of the image data. It is easy to understand that the image identifier may also be other identification information, such as a randomly generated number uniquely corresponding to the image data, and the like, which is not limited herein.
The service data includes image data and character data. And the terminal encapsulates the character data in the service data and the received image identification to obtain a transmission data packet corresponding to the service data, and sends the transmission data packet to the second server. The second server analyzes the transmission data packet to obtain character data and an image identifier in the service data, and pulls the image data from the first server according to the obtained image identifier.
In this embodiment, image data is screened from the service data, and the screened image data is stored in the first server; only the image identification of the image data returned by the first server and the character data in the service data are transmitted to the second server, and the second server pulls the image data from the first server according to the image identification, so that the data volume of the service data sent to the second server is reduced, and the transmission efficiency of the service data can be improved.
In one embodiment, before pulling the reference facial image corresponding to the user identifier in the multiplexing library based on the query statement, the method further includes: synchronizing verified field face images and corresponding attribute information in a plurality of service libraries; the attribute information includes a user identifier; symmetrically decrypting the on-site face image according to a pre-stored public key; carrying out asymmetric encryption on the field face image obtained by decryption; and storing the encrypted on-site face image as a reference face image of the corresponding user identifier in a multiplexing library.
The reference facial image in the multiplexing library may be a verified user field facial image collected during a historical business transaction. For a group company, the verification method can be obtained by collecting on-site face images collected by a plurality of subsidiaries and passing verification. Specifically, in order to protect the privacy of the user information, different subsidiaries may use different encryption logics such as AES (advanced encryption Standard) and binary encryption to encrypt the user information including the user identifier, and store the encrypted user information in respective service libraries.
And the computer equipment synchronizes the verified field face images and the corresponding attribute information in a plurality of service libraries. The attribute information comprises user identification, acquisition time, a verification result, a data provider, encryption information and the like corresponding to the on-site face image. The data provider refers to a subsidiary company which collects corresponding live face images. The encryption information includes an encryption method and corresponding decryption logic. For example, when the encryption method is asymmetric encryption, the corresponding decryption logic includes a public key for decryption.
And the computer equipment decrypts the live face image by using the public key. And the computer equipment re-encrypts each field face image obtained by decryption according to a uniform encryption logic, and stores the encrypted field face image as a reference face image of the corresponding user identifier in a multiplexing library.
In another embodiment, the computer device further normalizes the attribute information of the live face image, and stores the normalized attribute information into the multiplexing library together. And subsequently, whether the corresponding reference face image in the multiplexing library meets the calling condition provided by the calling party or not can be judged based on the attribute information. For example, the calling condition may be that the acquisition time is within 6 months, etc.
In the embodiment, the multiplexing library can be obtained by collecting the field face images in the plurality of service libraries, so that the construction efficiency of the multiplexing library is improved.
It should be understood that, although the steps in the flowchart of fig. 2 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 2 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 3, there is provided an authentication apparatus including: a live image acquisition module 302, and an image comparison verification module 306, wherein:
a field image acquisition module 302, configured to acquire service data; the service data comprises a user identification of the target user and a field face image.
A reference image obtaining module 304, configured to determine an authentication type according to a service scene corresponding to the service data and the user identifier; when the identity authentication type is a preset type, generating a query statement of a user identifier; and inquiring the reference face image corresponding to the user identification in the multiplexing library based on the inquiry statement.
And the image comparison and verification module 306 is configured to, when the live face image is consistent with the reference face image in comparison, pass the identity verification of the target user.
In one embodiment, the live image acquisition module 302 is further configured to run the selected first sub-application in an environment provided by the first parent application for running the sub-applications; establishing communication connection between the first sub application program and the second sub application program; the second sub application program runs in the environment for running the sub application program, which is provided by the second parent application program on the user terminal; and receiving a user identifier sent by the user terminal through the sub-application, wherein the user identifier is the identity information of the user stored in the second parent application, acquired by the user terminal through the second sub-application program.
In an embodiment, the field image obtaining module 302 is further configured to obtain service data to be transmitted, and filter image data in the service data; storing the screened image data to a first server; receiving an image identifier which is returned by the first server and corresponds to the stored image data; sending character data and image identification in the service data to a second server; when the image data is required to be used, the image data is pulled from the first server according to the image identification.
In one embodiment, the above identity authentication apparatus further includes a multiplexing library construction module 308, configured to synchronize the verified live face images and the corresponding attribute information in multiple service libraries; the attribute information comprises a user identifier, and the on-site face image is symmetrically decrypted according to a pre-stored public key; carrying out asymmetric encryption on the field face image obtained by decryption; and storing the encrypted on-site face image as a reference face image of the corresponding user identifier in a multiplexing library.
In one embodiment, the reference image obtaining module 304 is further configured to invoke a data interface to pull the reference facial image corresponding to the user identifier from the third-party repository when the authentication type does not belong to the preset type or the reference facial image corresponding to the user identifier does not exist in the multiplex repository.
For the specific definition of the authentication device, reference may be made to the above definition of the authentication method, which is not described herein again. The modules in the authentication device can be implemented in whole or in part by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 4. The computer device includes a processor, a memory, a network interface, and a multiplexing library connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a multiplexing library. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The multiplexing library of the computer device is used for storing the reference face image. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an authentication method.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 5. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an authentication method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the configurations shown in fig. 4 and 5 are merely block diagrams of some configurations relevant to the present disclosure, and do not constitute a limitation on the computing devices to which the present disclosure may be applied, and that a particular computing device may include more or less components than those shown, or combine certain components, or have a different arrangement of components.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the authentication method provided in any one of the embodiments of the present application.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A method of identity verification, the method comprising:
acquiring service data; the service data comprises a user identification of a target user and a field face image;
determining an identity authentication type according to the service scene corresponding to the service data and the user identification;
when the identity authentication type is a preset type, generating a query statement of the user identification;
inquiring and pulling a reference face image corresponding to the user identification in a multiplexing library based on the inquiry statement;
and when the comparison between the field face image and the reference face image is consistent, the identity verification of the target user is passed.
2. The method of claim 1, wherein the obtaining the service data comprises:
running the selected first sub-application in the environment provided by the first parent application for running the sub-applications;
establishing communication connection between the first sub application program and the second sub application program; the second sub application program runs in the environment for running the sub application program, which is provided by the second parent application program on the user terminal;
and receiving a user identifier sent by the user terminal through the sub-application, wherein the user identifier is the identity information of the user stored in the second parent application, acquired by the user terminal through the second sub-application program.
3. The method of claim 1, wherein the obtaining the service data comprises:
acquiring service data to be transmitted, and screening image data in the service data;
storing the screened image data to a first server;
receiving an image identifier which is returned by the first server and corresponds to the stored image data;
sending character data and image identification in the service data to a second server;
when the image data is required to be used, the image data is pulled from the first server according to the image identification.
4. The method of claim 1, wherein before the pulling the reference facial image corresponding to the user identifier in a multiplexing library based on the query statement, the method further comprises:
synchronizing verified field face images and corresponding attribute information in a plurality of service libraries; the attribute information comprises a user identifier;
symmetrically decrypting the on-site face image according to a pre-stored public key;
carrying out asymmetric encryption on the field face image obtained by decryption;
and storing the encrypted on-site face image as a reference face image of the corresponding user identifier in a multiplexing library.
5. The method of claim 1, further comprising:
and when the identity authentication type does not belong to a preset type or the reference face image corresponding to the user identifier does not exist in the multiplexing library, calling a data interface to pull the reference face image corresponding to the user identifier from a third-party library.
6. An authentication apparatus comprising:
the field image acquisition module is used for acquiring service data; the service data comprises a user identification of a target user and a field face image;
the reference image acquisition module is used for determining an identity authentication type according to the service scene corresponding to the service data and the user identifier; when the identity authentication type is a preset type, generating a query statement of the user identification; inquiring and pulling a reference face image corresponding to the user identification in a multiplexing library based on the inquiry statement;
and the image comparison and verification module is used for passing the identity verification of the target user when the comparison between the field face image and the reference face image is consistent.
7. The apparatus of claim 6, wherein the live image obtaining module is further configured to establish a communication link with the first sub-application on the first parent application on the user terminal through the second sub-application on the second parent application; receiving, by the second sub-application, a user identifier sent by the user terminal based on the communication link; the user identifier is identity information of the user belonging to the second parent application, which is acquired by the user terminal through the second child application.
8. The apparatus according to claim 6, wherein the live image acquiring module is further configured to acquire service data to be transmitted, and filter image data in the service data; storing the screened image data to a first server; receiving an image identifier which is returned by the first server and corresponds to the stored image data; sending character data and image identification in the service data to a second server; when the image data is required to be used, the image data is pulled from the first server according to the image identification.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 5.
CN201910753696.8A 2019-08-15 2019-08-15 Identity authentication method, identity authentication device, computer equipment and storage medium Pending CN110647641A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910753696.8A CN110647641A (en) 2019-08-15 2019-08-15 Identity authentication method, identity authentication device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910753696.8A CN110647641A (en) 2019-08-15 2019-08-15 Identity authentication method, identity authentication device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN110647641A true CN110647641A (en) 2020-01-03

Family

ID=69009674

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910753696.8A Pending CN110647641A (en) 2019-08-15 2019-08-15 Identity authentication method, identity authentication device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110647641A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111275448A (en) * 2020-02-22 2020-06-12 腾讯科技(深圳)有限公司 Face data processing method and device and computer equipment
CN111428263A (en) * 2020-03-10 2020-07-17 岭东核电有限公司 Work order processing method and device, computer equipment and storage medium
CN111464819A (en) * 2020-03-30 2020-07-28 腾讯音乐娱乐科技(深圳)有限公司 Live image detection method, device, equipment and storage medium
CN113011883A (en) * 2021-01-28 2021-06-22 腾讯科技(深圳)有限公司 Data processing method, device, equipment and storage medium
WO2024144602A1 (en) * 2022-12-29 2024-07-04 Kobil Teknoloji Limited Sirketi A digital authentication system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306876A (en) * 2018-01-30 2018-07-20 平安普惠企业管理有限公司 Client identity verification method, device, computer equipment and storage medium
CN109492367A (en) * 2018-10-17 2019-03-19 平安国际融资租赁有限公司 Electronic contract signature processing method, device, computer equipment and storage medium
CN109842611A (en) * 2018-12-14 2019-06-04 平安科技(深圳)有限公司 Auth method, device, computer equipment and storage medium
CN110086799A (en) * 2019-04-23 2019-08-02 广州腾讯科技有限公司 Auth method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108306876A (en) * 2018-01-30 2018-07-20 平安普惠企业管理有限公司 Client identity verification method, device, computer equipment and storage medium
CN109492367A (en) * 2018-10-17 2019-03-19 平安国际融资租赁有限公司 Electronic contract signature processing method, device, computer equipment and storage medium
CN109842611A (en) * 2018-12-14 2019-06-04 平安科技(深圳)有限公司 Auth method, device, computer equipment and storage medium
CN110086799A (en) * 2019-04-23 2019-08-02 广州腾讯科技有限公司 Auth method and device

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111275448A (en) * 2020-02-22 2020-06-12 腾讯科技(深圳)有限公司 Face data processing method and device and computer equipment
CN111428263A (en) * 2020-03-10 2020-07-17 岭东核电有限公司 Work order processing method and device, computer equipment and storage medium
CN111428263B (en) * 2020-03-10 2023-07-21 岭东核电有限公司 Work order processing method, device, computer equipment and storage medium
CN111464819A (en) * 2020-03-30 2020-07-28 腾讯音乐娱乐科技(深圳)有限公司 Live image detection method, device, equipment and storage medium
CN111464819B (en) * 2020-03-30 2022-07-15 腾讯音乐娱乐科技(深圳)有限公司 Live image detection method, device, equipment and storage medium
CN113011883A (en) * 2021-01-28 2021-06-22 腾讯科技(深圳)有限公司 Data processing method, device, equipment and storage medium
CN113011883B (en) * 2021-01-28 2024-07-23 腾讯科技(深圳)有限公司 Data processing method, device, equipment and storage medium
WO2024144602A1 (en) * 2022-12-29 2024-07-04 Kobil Teknoloji Limited Sirketi A digital authentication system

Similar Documents

Publication Publication Date Title
CN113574838B (en) System and method for filtering internet traffic through client fingerprint
CN110365670B (en) Blacklist sharing method and device, computer equipment and storage medium
CN108346191B (en) Attendance checking method and device, computer equipment and storage medium
CN110647641A (en) Identity authentication method, identity authentication device, computer equipment and storage medium
US8312521B2 (en) Biometric authenticaton system and method with vulnerability verification
US8254572B2 (en) Secure provisioning of a portable device using a representation of a key
WO2021184755A1 (en) Application access method and apparatus, and electronic device and storage medium
US20230379160A1 (en) Non-fungible token authentication
EP4007984A1 (en) Self-sovereign identity systems and methods for identification documents
CN110719203B (en) Operation control method, device and equipment of intelligent household equipment and storage medium
CN112949545B (en) Method, apparatus, computing device and medium for recognizing face image
US20210099431A1 (en) Synthetic identity and network egress for user privacy
CN106464502B (en) Method and system for authentication of a communication device
US11824850B2 (en) Systems and methods for securing login access
CN104660589A (en) Method and system for controlling encryption of information and analyzing information as well as terminal
US20200334430A1 (en) Self-sovereign identity systems and methods for identification documents
CN110719265A (en) Method, device and equipment for realizing network security communication
CN115543646A (en) Contact processing method and device, computer equipment and storage medium
CN116962021A (en) Method, device, equipment and medium for user real name authentication in financial cooperative institution
CN116743481A (en) Service security management and control method, device, equipment and storage medium
CN113052045B (en) Method, apparatus, computing device and medium for identifying finger vein image
CN106161365B (en) Data processing method and device and terminal
US20220053123A1 (en) Method and apparatus for independent authentication of video
De et al. Trusted cloud-and femtocell-based biometric authentication for mobile networks
CN113052044A (en) Method, apparatus, computing device, and medium for recognizing iris image

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination