CN110955677A

CN110955677A - Identity verification method, device and system

Info

Publication number: CN110955677A
Application number: CN201911409569.2A
Authority: CN
Inventors: 朱江波; 丁正君; 高鹏; 张盛素; 黄毅昕; 王铮; 朱振勇; 羡迪海; 董宝璐
Original assignee: Bank of China Ltd
Current assignee: Bank of China Ltd
Priority date: 2019-12-31
Filing date: 2019-12-31
Publication date: 2020-04-03

Abstract

The embodiment of the specification discloses an identity verification method, an identity verification device and an identity verification system, wherein the method can be applied to a business handling system, the business handling system comprises one or more information acquisition terminals, a server and a business handling terminal, and the business handling terminal and the information acquisition terminal are associated in a business handling area; the information acquisition terminal acquires the biological characteristic information of a user and sends the biological characteristic information to the server; the server compares the biological characteristic information to obtain one or more comparison results corresponding to one or more information acquisition terminals, and then sends the comparison results to the service handling terminal; and after receiving the service handling request, the service handling terminal determines the authentication result of the user corresponding to the service handling request based on the authentication information set. Thereby improving the business handling efficiency and the business handling experience of the user.

Description

Identity verification method, device and system

Technical Field

The present disclosure relates to the field of computer data processing technologies, and in particular, to an identity authentication method, apparatus, and system.

Background

In many business transaction processes at banking sites, biometric information of a customer is usually required to be verified. At present, the verification of the biological characteristic information during the business handling generally requires that a user cooperates with a business handling terminal to collect the biological characteristic information during the business handling, and then a background server compares the information and feeds back the comparison result to the business handling terminal. The coordination of information acquisition and the waiting of comparison results have great influence on the efficiency of service handling, and are easy to bring bad use experience to customers.

Disclosure of Invention

An object of the embodiments of the present specification is to provide an identity authentication method, apparatus, and system, which can improve service transaction efficiency and service transaction experience of a user.

The present specification provides an identity authentication method, apparatus and system, which are implemented in the following manner:

a method for verifying the identity of a user,

the method is applied to a business handling system, the business handling system comprises one or more information acquisition terminals, a server and a business handling terminal, wherein the business handling terminal and the one or more information acquisition terminals are associated in a business handling area;

the information acquisition terminal acquires biological characteristic information of a user and sends the acquired biological characteristic information to a server based on a user identification of the user;

the server receives the user identification and the biological characteristic information sent by the one or more information acquisition terminals, compares the biological characteristic information with a biological characteristic information set prestored in the server by the user identification, and acquires one or more comparison results corresponding to the one or more information acquisition terminals;

the server sends the user identification and one or more comparison results to a service handling terminal; the business handling terminal receives the user identification and one or more comparison results sent by the server, and stores the one or more comparison results into an identity verification information set corresponding to the user identification;

after receiving a service handling request, the service handling terminal acquires a corresponding authentication information set based on a user identifier in the service handling request, and determines an authentication result of a user corresponding to the service handling request according to the acquired authentication information set.

On the other hand, an embodiment of the present specification further provides an identity authentication method, which is applied to a service handling terminal, and the method includes:

receiving a user identifier and one or more comparison results sent by a server, wherein the one or more comparison results are obtained by comparing the biological characteristic information with a biological characteristic information set prestored in the server by the user identifier after the server receives the user identifier sent by one or more information acquisition terminals and the biological characteristic information corresponding to the user identifier, the comparison results correspond to the information acquisition terminals one by one, and the one or more information acquisition terminals and the service transaction terminal are associated in a service transaction area;

storing the one or more comparison results into an identity authentication information set corresponding to the user identifier;

after receiving a service handling request, acquiring a corresponding authentication information set based on a user identifier in the service handling request, and determining an authentication result of a user corresponding to the service handling request according to the acquired authentication information set.

In another embodiment of the method provided in this specification, the method further comprises:

receiving comparison time of each comparison result sent by the server, associating the comparison time with the corresponding comparison result, and storing the comparison time and the corresponding comparison result into the identity verification information set;

the determining the authentication result of the user corresponding to the service transaction request according to the acquired authentication information set includes: calculating a first weight coefficient corresponding to each comparison result according to the time interval between the service handling time and the comparison time of each comparison result; and determining the identity verification result of the user according to the one or more comparison results and the first weight coefficient corresponding to each comparison result. In another embodiment of the method provided in this specification, the method further comprises:

receiving information acquisition terminal types corresponding to the comparison results sent by the server, associating the information acquisition terminal types with the corresponding comparison results, and storing the information acquisition terminal types and the corresponding comparison results into the identity verification information set;

the determining the authentication result of the user corresponding to the service transaction request according to the acquired authentication information set includes: determining a second weight coefficient corresponding to each comparison result according to the type of the information acquisition terminal;

and determining the identity verification result of the user according to the one or more comparison results and the second weight coefficient corresponding to each comparison result.

In another embodiment of the method provided in this specification, the authentication result includes a confidence level, and the method further includes:

determining a reliability threshold value according to the type of the current service;

and when the reliability is greater than the reliability threshold value, outputting prompt information that the user identity verification passes.

In another embodiment of the method provided in the present specification, the received comparison result is deleted after a specified time interval of receiving the comparison result.

On the other hand, an embodiment of the present specification further provides an identity authentication method, which is applied to one or more information acquisition terminals, and the method includes:

collecting biological characteristic information of a user;

sending the collected biological characteristic information to a server based on the user identification of the user, so that the server receives the user identification and the biological characteristic information sent by the one or more information collection terminals, comparing the biological characteristic information with a biological characteristic information set prestored in the server by the user identification to obtain one or more comparison results corresponding to the one or more information collection terminals, and sending the user identification and the one or more comparison results to a service handling terminal so that the service handling terminal stores the one or more comparison results into an identity verification information set corresponding to the user identification; and after receiving a service handling request, acquiring a corresponding authentication information set based on a user identifier in the service handling request, and determining an authentication result of a user corresponding to the service handling request according to the acquired authentication information set, wherein the service handling terminal and the one or more information acquisition terminals are associated in a service handling area. .

On the other hand, an embodiment of the present specification further provides an identity authentication method, which is applied to a server, and the method includes:

receiving user identifications and biological characteristic information corresponding to the user identifications sent by one or more information acquisition terminals;

comparing the biological characteristic information with a biological characteristic information set prestored in a server by the user identification to obtain one or more comparison results corresponding to the one or more information acquisition terminals;

and sending the user identification and the one or more comparison results to a service handling terminal, so that the service handling terminal stores the one or more comparison results into an authentication information set corresponding to the user identification, acquires the corresponding authentication information set based on the user identification in the service handling request after receiving the service handling request, and determines an authentication result of a user corresponding to the service handling request according to the acquired authentication information set, wherein the service handling terminal and the one or more information acquisition terminals are associated in a service handling area.

On the other hand, an embodiment of the present specification further provides an identity authentication apparatus, which is applied to a service handling terminal, and the apparatus includes:

the system comprises a first data receiving module, a second data receiving module and a service handling module, wherein the first data receiving module is used for receiving a user identifier and one or more comparison results sent by a server, and the one or more comparison results are obtained by comparing biological characteristic information with a biological characteristic information set prestored in the server by the user identifier after the server receives the user identifier sent by one or more information collecting terminals and the biological characteristic information corresponding to the user identifier, the comparison results are in one-to-one correspondence with the information collecting terminals, and the one or more information collecting terminals and the service handling terminal are associated with each other in a service handling area;

a first data storage module, configured to store the one or more comparison results in an authentication information set corresponding to the user identifier

And the verification result determining module is used for acquiring a corresponding authentication information set based on the user identifier in the service handling request after receiving the service handling request, and determining the authentication result of the user corresponding to the service handling request according to the acquired authentication information set.

In another embodiment of the apparatus provided in this specification, the apparatus further comprises:

the second data receiving module is used for receiving the comparison time of each comparison result sent by the server;

the second data storage module is used for associating the comparison time with the corresponding comparison result and then storing the comparison time into the identity verification information set;

correspondingly, the verification result determination module includes:

a first weight coefficient determining unit, configured to calculate a first weight coefficient corresponding to each comparison result according to a time interval between a service transaction time and a comparison time of each comparison result;

and the first result determining unit is used for determining the identity verification result of the user according to the one or more comparison results and the first weight coefficient corresponding to each comparison result.

the third data receiving module is used for receiving the information acquisition terminal types corresponding to the comparison results sent by the server;

the third data storage module is used for associating the type of the information acquisition terminal with the corresponding comparison result and then storing the information acquisition terminal in the identity verification information set;

correspondingly, the verification result determination module includes:

the second weight coefficient determining unit is used for determining a second weight coefficient corresponding to each comparison result according to the type of the information acquisition terminal;

and the second result determining unit is used for determining the identity verification result of the user according to the one or more comparison results and the second weight coefficients corresponding to the comparison results.

In another embodiment of the apparatus provided in this specification, the authentication result includes a confidence level, and the apparatus further includes:

the threshold value determining module is used for determining a reliability threshold value according to the service type handled by the current service;

and the result output module is used for outputting prompt information that the user identity verification passes when the credibility is greater than the credibility threshold.

and the information deleting module is used for deleting the received comparison result after receiving the specified time interval of the comparison result.

On the other hand, an embodiment of the present specification further provides an identity authentication device, which is applied to one or more information acquisition terminals, and the device includes:

the information acquisition module is used for acquiring the biological characteristic information of the user;

a first data sending module, configured to send the collected biometric information to a server based on a user identifier of the user, so that the server receives the user identifier and the biometric information sent by the one or more information collection terminals, compare the biometric information with a biometric information set pre-stored in the server by the user identifier, obtain one or more comparison results corresponding to the one or more information collection terminals, and send the user identifier and the one or more comparison results to a service transaction terminal, so that the service transaction terminal stores the one or more comparison results in an identity verification information set corresponding to the user identifier; and after receiving a service handling request, acquiring a corresponding authentication information set based on a user identifier in the service handling request, and determining an authentication result of a user corresponding to the service handling request according to the acquired authentication information set, wherein the service handling terminal and the one or more information acquisition terminals are associated in a service handling area.

On the other hand, the embodiment of this specification also provides an authentication apparatus, applied to a server, the apparatus includes:

the fourth data receiving module is used for receiving the user identification and the biological characteristic information corresponding to the user identification, which are sent by one or more information acquisition terminals;

the information comparison module is used for comparing the biological characteristic information with a biological characteristic information set prestored in a server by the user identification to obtain one or more comparison results corresponding to the one or more information acquisition terminals;

and the second data sending module is used for sending the user identification and the one or more comparison results to a service handling terminal so that the service handling terminal stores the one or more comparison results into an authentication information set corresponding to the user identification, acquires the corresponding authentication information set based on the user identification in the service handling request after receiving the service handling request, and determines the authentication result of the user corresponding to the service handling request according to the acquired authentication information set, wherein the service handling terminal and the one or more information acquisition terminals are associated in a service handling area.

In another aspect, an embodiment of the present specification further provides an identity authentication device, where the identity authentication device includes a processor and a memory for storing processor-executable instructions, and the instructions, when executed by the processor, implement the steps of the method described in one or more embodiments above.

On the other hand, the embodiment of the present specification further provides an identity authentication system, which includes one or more information acquisition terminals, a server, and a service transaction terminal, wherein,

the information acquisition terminal comprises at least one processor and a memory for storing computer executable instructions, and the processor executes the instructions to realize the steps of the method of one or more embodiments;

the server comprises at least one processor and a memory for storing computer-executable instructions, wherein the processor executes the instructions to realize the steps of the method of one or more of the embodiments;

the business handling terminal comprises at least one processor and a memory storing computer executable instructions, and the processor executes the instructions to realize the steps of the method of one or more of the embodiments.

In the identity authentication method, the identity authentication device, and the identity authentication system provided in one or more embodiments of the present specification, when a user uses each terminal device capable of implementing user identification information determination and biological information acquisition in a target service handling area, the corresponding terminal device acquires biological characteristic information of the user, and sends the biological characteristic information to a server together with a user identification, and the server compares the biological characteristic information of the user in advance. And after the comparison is completed, the server sends the comparison result to each service transaction terminal or the target service transaction terminal in the target service transaction area, and the service transaction terminals perform local storage. Therefore, when the user uses the service handling terminal to handle the service, the corresponding service handling terminal can determine the authentication result of the user according to the existing comparison result. If the identity authentication is passed, the service handling can be directly carried out for the user, and the identity authentication link when the user handles the current service is omitted, so that the service handling efficiency and the service handling experience of the user are greatly improved.

Drawings

In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort. In the drawings:

fig. 1 is a schematic flow chart of an embodiment of an identity verification method provided in the present specification;

FIG. 2 is a schematic diagram of an authentication process in one embodiment provided herein;

FIG. 3 is a schematic diagram of an authentication process in one embodiment provided herein;

fig. 4 is a schematic block diagram of an authentication apparatus provided in the present specification;

fig. 5 is a schematic block diagram of a server according to an exemplary embodiment of the present description.

Detailed Description

In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in one or more embodiments of the present specification will be clearly and completely described below with reference to the drawings in one or more embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the specification, and not all embodiments. All other embodiments obtained by a person skilled in the art based on one or more embodiments of the present specification without making any creative effort shall fall within the protection scope of the embodiments of the present specification.

In one example scenario provided by an embodiment of the present specification, one or more information collection devices within a target business transaction area of a financial institution may collect biometric information of a user. The information acquisition equipment can be number taking equipment, an ATM (automatic teller machine), a service intelligent terminal, a service navigation robot and the like. The information acquisition devices can send the acquired biological characteristic information of the user to the server, and the server compares the acquired biological characteristic information with the biological characteristic information set pre-stored in the server according to the user to obtain comparison results corresponding to the information acquisition devices. And the server sends the comparison result to one or more service handling terminals in the target service handling area, and the comparison result is prestored by the service handling terminals.

When the user transacts the service, the service transacting terminal can determine whether the user needs to perform authentication again according to the prestored comparison result. If the user identity authentication is determined to pass according to the comparison result, the service can be directly transacted for the user, and if the user identity authentication is determined not to pass according to the comparison result, the user is prompted to cooperate to carry out secondary identity authentication. By the embodiment of the specification, the authentication links in the business handling process can be effectively reduced, and the business handling efficiency and the business handling experience of the user are improved.

Fig. 1 is a schematic flow chart of an embodiment of the identity authentication method provided in this specification. Although the present specification provides the method steps or apparatus structures as shown in the following examples or figures, more or less steps or modules may be included in the method or apparatus structures based on conventional or non-inventive efforts. In the case of steps or structures which do not logically have the necessary cause and effect relationship, the execution order of the steps or the block structure of the apparatus is not limited to the execution order or the block structure shown in the embodiments or the drawings of the present specification. When the described method or module structure is applied to a device, a server or an end product in practice, the method or module structure according to the embodiment or the figures may be executed sequentially or in parallel (for example, in a parallel processor or multi-thread processing environment, or even in an implementation environment including distributed processing and server clustering).

In a specific embodiment of the identity verification method provided in this specification, as shown in fig. 1, the method may be applied to a business handling system, where the business handling system may include one or more information acquisition terminals, a server, and a business handling terminal, where the business handling terminal and the one or more information acquisition terminals are associated in a business handling area, and the method may include the following steps:

s20: the information acquisition terminal acquires the biological characteristic information of a user and sends the acquired biological characteristic information to a server based on the user identification of the user.

The information collecting device may include an intelligent terminal device collecting biometric information of a user. For example, the information collecting device may be a number obtaining device, an ATM, a service intelligent terminal, a service navigation robot, a mobile terminal device of a user, or the like, and may also be a service handling terminal capable of collecting biometric information. When being used for collecting the biological characteristic information of the user, each terminal device in the target business handling area of the financial institution can be used as an information collecting device. The target service handling area may be a service handling area selected by the user for this service handling, may be a fixed area where a branch office for service handling is located, or may be a mobile service handling area, which is not limited herein.

In some embodiments, the associating the service handling terminal and the one or more information collecting terminals on the service handling area may include: and the service handling terminal and the one or more information acquisition terminals are correlated on the service handling area according to the IP address. For example, the server may be configured with IP addresses of each service handling terminal and information acquisition terminal in the same target service handling area in advance, and then each service handling terminal and information acquisition terminal in the same target service handling area may be determined by the IP addresses. For the mobile terminal device of the user, the server may use the service transaction area selected by the user when performing service transaction on the mobile terminal device as the target service transaction area, or the server may obtain the position of the user when performing service transaction on the mobile terminal device, and use the service transaction area where the position is located as the target service transaction area. Of course, the service handling terminals and the one or more information acquisition terminals located in the same target service handling area may also be determined in other manners, and then the service handling terminals and the information acquisition terminals located in the same target service handling area are associated.

The information acquisition equipment can be provided with a biological characteristic information acquisition module for acquiring biological characteristic information of a user. The biometric information may include face information, iris information, fingerprint information, palm print information, and the like. The biological characteristic information acquisition module can be a camera, a fingerprint acquisition device, a palm print acquisition device and the like and is respectively used for acquiring face information, iris information, fingerprint information, palm print information and the like of a user.

The information acquisition device may also acquire or acquire a user identification of the user. For example, the information acquisition device may obtain a user identifier that a user has previously left in the information acquisition device or temporarily input in the information acquisition device; or, the identity information that the user pre-stored in the information acquisition device or temporarily input in the information acquisition device can be acquired, and the user identifier of the corresponding user is acquired according to the identity information. Or, an identity information acquisition module can be further arranged in the information acquisition equipment, and the identity information of the user is acquired through the identity information acquisition module, so that the user identification of the user is acquired according to the identity information. The identity information acquisition module can be an identity card information acquisition module.

The order of collecting the user identifier and the biometric information is not limited herein. After the information acquisition device acquires the biological characteristic information of the user and acquires the user identifier of the user, the information acquisition device can associate the acquired biological characteristic information of the user with the user identifier and send the information and the user identifier to the server.

S22: the server receives the user identification and the biological characteristic information sent by the one or more information acquisition terminals, compares the biological characteristic information with a biological characteristic information set prestored in the server by the user identification to obtain one or more comparison results corresponding to the one or more information acquisition terminals, and sends the user identification and the one or more comparison results to the service handling terminal.

After the information acquisition terminal acquires the biological characteristic information of the user, the biological characteristic information and the user identification can be sent to the server. After receiving the biometric information and the user identifier, the server can call a biometric information set pre-stored in the server by the user identifier according to the user identifier. The biometric information set may include pre-collected biometric information of the user for authenticating the user. The set of biometric information may include only one type of biometric information, or may include a plurality of types of biometric information. If a plurality of types of biometric information are included, they may be stored in respective subsets. The set of biometric information may include, for example, a subset of face information, a subset of fingerprint information, a subset of iris information, etc.

The server may compare the received biometric information with the biometric information in the set of retrieved biometric information. When more than one type of biometric information in the set of biometric information is available, the comparison may be made with a corresponding type of biometric information subset. For example, if the face information is collected, the face information may be compared with the face information in the face information subset. The server may send the comparison result to the service handling terminal. The comparison result may be the reliability, or may be the result of passing or not. If the user identity authentication is credibility, the credibility value can be set to be between 0 and 1, and the higher the credibility value is, the higher the possibility that the user identity authentication is passed is.

The server can receive the user identification and the biological characteristic information sent by one or more information acquisition terminals. Different information acquisition terminals may acquire different biological characteristic information of the user, each information acquisition terminal can transmit the biological characteristic information of the user to the server together with the user identification after acquiring the biological characteristic information of the user, the server performs comparison according to the scheme, and then the comparison result can be transmitted to the service terminal together with the user identification.

S24: and the service handling terminal receives the user identification and one or more comparison results sent by the server and stores the one or more comparison results into an identity authentication information set corresponding to the user identification.

The service handling terminal can comprise terminal equipment for carrying out service handling on the to-be-handled service of the user. Such as a service terminal or an intelligent service terminal that can be a service handling counter. The service handling terminal may be all service handling terminal devices in the target service handling area, or may be one or more service handling terminal devices pre-designated in the target service handling area. The pre-designated one or more service transaction terminal devices can be determined according to the service type transacted by the user, the user identification of the user and the like. For example, the server may determine one or more pre-designated service handling terminal devices in the target service handling area according to the service type selected by the user during service handling reservation or during number taking by the number taking device; or, the server may also determine the grade of the user according to the user identifier sent by the information acquisition device, such as whether the user is a VIP user, and then determine one or more service transaction terminal devices pre-designated in the target service transaction area according to the grade of the user.

The service handling terminal can receive the user identification and the comparison result sent by the server, and store the one or more comparison results into the identity authentication information set corresponding to the user identification. After the information collected by different information collection devices is compared and verified by the server, the information can be respectively sent to the service handling terminal, and the information is stored to the identity verification information set corresponding to the user identification by the service handling terminal. Correspondingly, for a user identifier, one or more comparison results may be stored in the service handling terminal.

S26: after receiving a service handling request, a service handling terminal acquires a corresponding authentication information set based on a user identifier in the service handling request, and determines an authentication result of a user corresponding to the service handling request according to the acquired authentication information set.

After receiving a service handling request, a service handling terminal may obtain a corresponding authentication information set based on a user identifier in the service handling request, and determine an authentication result of a user corresponding to the service handling request according to the obtained authentication information set. For example, if one comparison result in the authentication information set shows that the user passes the authentication, the authentication given to the user is determined to pass; or, the credibility of each comparison result in the identity verification information set can be integrated, normalization processing is carried out, the integrated credibility is normalized to be 0-1, then, whether the integrated credibility is larger than a preset threshold value or not is judged, if yes, the identity verification of the user is passed, and otherwise, the identity verification is not passed.

According to the scheme provided by the embodiment, when the user uses each terminal device which can realize user identification information determination and biological information acquisition in the target service handling area, the corresponding terminal device acquires the biological characteristic information of the user, sends the biological characteristic information to the server together with the user identification, and the server compares the biological characteristic information of the user in advance. And after the comparison is completed, the server sends the comparison result to each service transaction terminal or the target service transaction terminal in the target service transaction area, and the service transaction terminals perform local storage. Therefore, when the user uses the service handling terminal to handle the service, the corresponding service handling terminal can determine the authentication result of the user according to the existing comparison result. If the identity authentication is passed, the service handling can be directly carried out for the user, and the identity authentication link when the user handles the current service is omitted, so that the service handling efficiency and the service handling experience of the user are greatly improved.

Fig. 2 is a schematic diagram of an authentication process in other embodiments. In other embodiments of the present description, as shown in fig. 2, the method may further include: the service handling terminal also receives the comparison time of each comparison result sent by the server, associates the comparison time with the corresponding comparison result and stores the comparison time into the identity verification information set; correspondingly, the determining the authentication result of the user corresponding to the service transaction request according to the acquired authentication information set may include: calculating a first weight coefficient corresponding to each comparison result according to the time interval between the service handling time and the comparison time of each comparison result; and determining the identity verification result of the user according to the one or more comparison results and the first weight coefficient corresponding to each comparison result.

The server can send the comparison time of the comparison at the same time when sending the comparison result. The service handling terminal can store the comparison result and the comparison time of the corresponding comparison result into the identity authentication information set corresponding to the user identifier after associating the comparison result and the comparison time of the corresponding comparison result. Different comparison results correspond to different comparison times, and the first weight coefficient corresponding to each comparison result can be calculated according to the time interval between the service transaction time and the comparison time of each comparison result. The longer the time interval, the lower the reliability of the comparison result, the smaller the corresponding first weight coefficient may be set. For example, a relationship may be calculated by analyzing a large amount of data to determine a fit between the time intervals and the first weighting factors, and then the first weighting factors corresponding to different time intervals may be calculated and determined according to the relationship. Of course, the calculated relationship between the time interval and the first weight factor may also be determined in other ways.

After determining the first weight coefficient corresponding to each comparison result, the authentication result of the user may be determined according to the first weight coefficient and the comparison result. For example, the alignment result is confidence, assuming that there are N alignment results X₁、X₂、…、X_NThe corresponding first weight coefficients are respectively K₁、K₂、…、K_NThen, the summation of the multiplication factors between each first weight coefficient and the comparison result can be calculated as the identity verification result Y₁. For example, Y1 ═ K₁X₁+K₂X₂+…+K_NX_N。

Fig. 3 is a schematic diagram of an authentication process in other embodiments. In other embodiments of the present description, as shown in fig. 3, the method may further include: the service handling terminal also receives the information acquisition terminal types corresponding to the comparison results sent by the server, associates the information acquisition terminal types with the corresponding comparison results and stores the information acquisition terminal types and the corresponding comparison results into the identity verification information set; correspondingly, the determining the authentication result of the user corresponding to the service transaction request according to the acquired authentication information set may include: determining a second weight coefficient corresponding to each comparison result according to the type of the information acquisition terminal; and determining the identity verification result of the user according to the one or more comparison results and the second weight coefficient corresponding to each comparison result.

The server can simultaneously send the type of the information acquisition equipment compared this time when sending the comparison result. The service handling terminal can store the comparison result and the information acquisition equipment type of the corresponding comparison result into the identity verification information set corresponding to the user identification after associating the comparison result and the information acquisition equipment type of the corresponding comparison result. Different comparison results correspond to different information acquisition equipment types, and the second weight coefficient corresponding to each comparison result can be determined according to the information acquisition equipment types. The second weight coefficients corresponding to different information acquisition device types may be configured in the terminal device in advance.

For example, when a user transacts business at a business intelligent terminal or other business transaction terminals, the corresponding device may also be used as an information acquisition device to acquire biometric information of the user, and such a device usually performs authentication of the user during business transaction, so that the reliability of the comparison result of the biometric information of such a device is higher, and a higher second weight coefficient may be set. And terminal devices such as an ATM (automatic Teller machine) and a queuing machine may not have a link specially prompting a user to acquire biological characteristic information, so that the acquired biological characteristic information of the user is obviously influenced by the environment, the reliability of a comparison result may be lower, and a lower second weight coefficient can be set for the equipment.

After determining the second weight coefficient corresponding to each comparison result, the authentication result of the user may be determined according to the second weight coefficient and the comparison result. For example, the alignment result is confidence, assuming that there are N alignment results X₁、X₂、…、X_NTheir corresponding second weight coefficients are M₁、M₂、…、M_NThen, the summation of the multiplication factors between each second weight coefficient and the comparison result can be calculated as the identity verification result Y₂,. For example, Y₂＝M₁X₁+M₂X₂+…+M_NX_N。

In other embodiments, the first weight coefficient and the second weight coefficient may be combined to determine the authentication result Y of the user₃. For example Y₃＝K₁M₁X₁+K₂M₂X₂+…+K_NM_NX_N。

Then, whether the user passes the authentication may be determined according to the authentication result determined in the above embodiment, for example, the authentication result may be normalized to be between 0 and 1, and then, whether the authentication result is greater than a preset threshold may be determined. If the number of the authentication codes is larger than the preset number, the prompt message that the identity authentication is passed can be output; if not, a prompt message that the identity authentication fails can be output.

In other embodiments of the present description, the authentication result may include a confidence level, and the method may further include: determining a reliability threshold value according to current service handling; and when the reliability is greater than the reliability threshold value, outputting prompt information that the user identity verification passes.

The service types can comprise withdrawal, account transfer, password modification, identity information modification, account opening, financial product purchase and the like, and different credibility thresholds can be set corresponding to different service types. For the service types with higher safety requirements, a higher credibility threshold value can be set; for traffic types with somewhat lower security requirements, a lower confidence threshold may be set. Then, whether the identity authentication result is larger than a corresponding credibility threshold value or not can be judged, and if yes, prompt information that the identity authentication is passed can be output; if not, prompt information that the identity authentication fails can be output. The credibility threshold is determined based on the service type of the current service handled by the user, and then whether the authentication of the user passes or not is determined, so that the authentication can better accord with the actual service application scene, and the service handling experience of the user is further improved on the basis of ensuring the service handling safety.

In other embodiments, the service handling terminal may further delete the received comparison result after receiving a specified time interval of a certain comparison result, so that the unnecessary comparison result can be cleared in time while the comparison result for effectively verifying the user identity is retained. Meanwhile, when the user has finished transacting the business and leaves the target business transaction area, the corresponding comparison result can be completely cleaned after a certain time.

In other embodiments of the present disclosure, there is further provided an identity authentication method, which may be applied to a service handling terminal, where the method includes:

In still other embodiments, the method may further comprise:

the determining the authentication result of the user corresponding to the service transaction request according to the acquired authentication information set includes: calculating a first weight coefficient corresponding to each comparison result according to the time interval between the service handling time and the comparison time of each comparison result; and determining the identity verification result of the user according to the one or more comparison results and the first weight coefficient corresponding to each comparison result.

In still other embodiments, the method may further comprise:

In some embodiments, the authentication result may include a confidence level, and the method may further include: determining a reliability threshold value according to the type of the current service; and when the reliability is greater than the reliability threshold value, outputting prompt information that the user identity verification passes.

It should be noted that the method described above may also include other embodiments according to the description of the foregoing method embodiments. The specific implementation manner may refer to the description of the related method embodiment, and is not described in detail herein.

In still other embodiments of the present specification, there is provided an identity authentication method, where the method may be applied to one or more information acquisition terminals, and the method may include the following steps:

collecting biological characteristic information of a user;

sending the collected biological characteristic information to a server based on the user identification of the user, so that the server receives the user identification and the biological characteristic information sent by the one or more information collection terminals, comparing the biological characteristic information with a biological characteristic information set prestored in the server by the user identification to obtain one or more comparison results corresponding to the one or more information collection terminals, and sending the user identification and the one or more comparison results to a service handling terminal so that the service handling terminal stores the one or more comparison results into an identity verification information set corresponding to the user identification; and after receiving a service handling request, acquiring a corresponding authentication information set based on a user identifier in the service handling request, and determining an authentication result of a user corresponding to the service handling request according to the acquired authentication information set, wherein the service handling terminal and the one or more information acquisition terminals are associated in a service handling area.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. For details, reference may be made to the description of the related embodiments of the related processing, and details are not repeated herein.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

In the identity authentication method provided in one or more embodiments of the present specification, when a user uses each terminal device capable of implementing user identification information determination and biological information acquisition in a target service transaction area, the corresponding terminal device acquires biological characteristic information of the user and sends the biological characteristic information to a server together with a user identification, and the server compares the biological characteristic information of the user in advance. And after the comparison is completed, the server sends the comparison result to each service transaction terminal or the target service transaction terminal in the target service transaction area, and the service transaction terminals perform local storage. Therefore, when the user uses the service handling terminal to handle the service, the corresponding service handling terminal can determine the authentication result of the user according to the existing comparison result. If the identity authentication is passed, the service handling can be directly carried out for the user, and the identity authentication link when the user handles the current service is omitted, so that the service handling efficiency and the service handling experience of the user are greatly improved.

Based on the above identity authentication method, one or more embodiments of the present specification further provide an identity authentication device. The apparatus may include systems, software (applications), modules, components, servers, etc. that utilize the methods described in the embodiments of the present specification in conjunction with hardware implementations as necessary. Based on the same innovative conception, embodiments of the present specification provide an apparatus as described in the following embodiments. Since the implementation scheme of the apparatus for solving the problem is similar to that of the method, the specific implementation of the apparatus in the embodiment of the present specification may refer to the implementation of the foregoing method, and repeated details are not repeated. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated. Specifically, fig. 4 is a schematic block diagram of an embodiment of an identity authentication apparatus provided in the specification, and as shown in fig. 4, the apparatus may be applied to a business handling terminal, and the apparatus may include:

the first data receiving module 102 may be configured to receive a user identifier and one or more comparison results sent by a server, where the one or more comparison results are obtained by comparing, by the server, the biometric information with a biometric information set prestored in the server by the user identifier after receiving the user identifier sent by one or more information acquisition terminals and biometric information corresponding to the user identifier, where the comparison results are in one-to-one correspondence with the information acquisition terminals, and the one or more information acquisition terminals and the service handling terminal are associated with each other in a service handling area;

a first data storage module 104, configured to store the one or more comparison results in an authentication information set corresponding to the user identifier;

the verification result determining module 106 may be configured to, after receiving the service handling request, obtain a corresponding authentication information set based on the user identifier in the service handling request, and determine an authentication result of the user corresponding to the service handling request according to the obtained authentication information set.

In another embodiment of the present specification, the apparatus may further include:

the second data receiving module may be configured to receive comparison time of each comparison result sent by the server;

the second data storage module may be configured to associate the comparison time with the corresponding comparison result and store the associated comparison time in the identity verification information set;

accordingly, the verification result determining module 106 may include:

the first weight coefficient determining unit may be configured to calculate a first weight coefficient corresponding to each comparison result according to a time interval between a service transaction time and a comparison time of each comparison result;

the first result determining unit may be configured to determine an authentication result of the user according to the one or more comparison results and the first weight coefficients corresponding to the comparison results.

the third data receiving module can be used for receiving the information acquisition terminal types corresponding to the comparison results sent by the server;

the third data storage module can be used for associating the information acquisition terminal type with the corresponding comparison result and then storing the information acquisition terminal type and the corresponding comparison result into the identity verification information set;

accordingly, the verification result determination module may include: the second weight coefficient determining unit may be configured to determine, according to the type of the information acquisition terminal, a second weight coefficient corresponding to each comparison result;

the second result determining unit may be configured to determine the authentication result of the user according to the one or more comparison results and the second weight coefficients corresponding to the comparison results.

In another embodiment of the present specification, the authentication result may include a confidence level, and the apparatus may further include:

the threshold value determining module can be used for determining a reliability threshold value according to the service type handled by the current service;

and the result output module can be used for outputting prompt information that the user identity verification is passed when the credibility is greater than the credibility threshold.

the information deleting module may be configured to delete the received comparison result after receiving the specified time interval of the comparison result.

In still other embodiments of the present specification, an identity verification apparatus is further provided, where the apparatus may be applied to one or more information acquisition terminals, and the apparatus may include:

the information acquisition module can be used for acquiring the biological characteristic information of the user;

the first data sending module may be configured to send the collected biometric information to a server based on a user identifier of the user, so that the server receives the user identifier and the biometric information sent by the one or more information collection terminals, compare the biometric information with a biometric information set pre-stored in the server by the user identifier, obtain one or more comparison results corresponding to the one or more information collection terminals, and send the user identifier and the one or more comparison results to a service transaction terminal, so that the service transaction terminal stores the one or more comparison results in an identity verification information set corresponding to the user identifier; and after receiving a service handling request, acquiring a corresponding authentication information set based on a user identifier in the service handling request, and determining an authentication result of a user corresponding to the service handling request according to the acquired authentication information set, wherein the service handling terminal and the one or more information acquisition terminals are associated in a service handling area.

In still other embodiments of the present specification, there is provided an authentication apparatus, which may be applied to a server, the apparatus including:

the fourth data receiving module can be used for receiving user identifications sent by one or more information acquisition terminals and biological characteristic information corresponding to the user identifications;

the information comparison module can be used for comparing the biological characteristic information with a biological characteristic information set prestored in a server by the user identification to obtain one or more comparison results corresponding to the one or more information acquisition terminals;

the second data sending module may be configured to send the user identifier and the one or more comparison results to a service handling terminal, so that the service handling terminal stores the one or more comparison results in an authentication information set corresponding to the user identifier, and after receiving a service handling request, obtains a corresponding authentication information set based on the user identifier in the service handling request, and determines an authentication result of a user corresponding to the service handling request according to the obtained authentication information set, where the service handling terminal and the one or more information acquisition terminals are associated in a service handling area.

It should be noted that the above-described apparatus may also include other embodiments according to the description of the method embodiment. The specific implementation manner may refer to the description of the related method embodiment, and is not described in detail herein.

In the identity authentication device provided in one or more embodiments of the present specification, when a user uses each terminal device capable of implementing user identification information determination and biological information acquisition in a target service transaction area, the corresponding terminal device acquires biological characteristic information of the user and sends the biological characteristic information to a server together with a user identification, and the server compares the biological characteristic information of the user in advance. And after the comparison is completed, the server sends the comparison result to each service transaction terminal or the target service transaction terminal in the target service transaction area, and the service transaction terminals perform local storage. Therefore, when the user uses the service handling terminal to handle the service, the corresponding service handling terminal can determine the authentication result of the user according to the existing comparison result. If the identity authentication is passed, the service handling can be directly carried out for the user, and the identity authentication link when the user handles the current service is omitted, so that the service handling efficiency and the service handling experience of the user are greatly improved.

The method or apparatus provided by the present specification and described in the foregoing embodiments may implement service logic through a computer program and record the service logic on a storage medium, where the storage medium may be read and executed by a computer, so as to implement the effect of the solution described in the embodiments of the present specification. Accordingly, the present specification also provides an authentication device comprising a processor and a memory storing processor-executable instructions which, when executed by the processor, perform steps comprising the method of any one of the above embodiments.

The identity authentication device provided in the embodiments of the present specification may be a computer terminal, a server, or a similar computing device. Taking a server as an example, fig. 5 is a hardware configuration block diagram of a server to which the embodiments of the present specification are applied. As shown in fig. 5, the server 100 may include one or more (only one shown) processors 200 (the processors 200 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA, etc.), a memory 300 for storing data, and a transmission module 400 for communication functions. It will be understood by those skilled in the art that the structure shown in fig. 5 is only an illustration and is not intended to limit the structure of the electronic device. For example, the server 100 may also include more or fewer components than shown in FIG. 5, and may also include other processing hardware, such as a database or multi-level cache, a GPU, or have a different configuration than shown in FIG. 5, for example.

The memory 300 may be used to store software programs and modules of application software, such as program instructions/modules corresponding to the search method in the embodiment of the present invention, and the processor 200 executes various functional applications and data processing by operating the software programs and modules stored in the memory 300. The memory 300 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 300 may further include memory located remotely from the processor 200, which may be connected to a computer terminal through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The transmission module 400 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the computer terminal. In one example, the transmission module 400 includes a Network adapter (NIC) that can be connected to other Network devices through a base station so as to communicate with the internet. In one example, the transmission module 400 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.

The storage medium may include a physical device for storing information, and typically, the information is digitized and then stored using an electrical, magnetic, or optical media. The storage medium may include: devices that store information using electrical energy, such as various types of memory, e.g., RAM, ROM, etc.; devices that store information using magnetic energy, such as hard disks, floppy disks, tapes, core memories, bubble memories, and usb disks; devices that store information optically, such as CDs or DVDs. Of course, there are other ways of storing media that can be read, such as quantum memory, graphene memory, and so forth.

It should be noted that the above description of the apparatus according to the method embodiment may also include other embodiments. The specific implementation manner may refer to the description of the related method embodiment, and is not described in detail herein.

When the user uses each terminal device capable of realizing user identification information determination and biological information acquisition in the target service handling area, the corresponding terminal device acquires the biological characteristic information of the user and sends the biological characteristic information to the server together with the user identification, and the server compares the biological characteristic information of the user in advance. And after the comparison is completed, the server sends the comparison result to each service transaction terminal or the target service transaction terminal in the target service transaction area, and the service transaction terminals perform local storage. Therefore, when the user uses the service handling terminal to handle the service, the corresponding service handling terminal can determine the authentication result of the user according to the existing comparison result. If the identity authentication is passed, the service handling can be directly carried out for the user, and the identity authentication link when the user handles the current service is omitted, so that the service handling efficiency and the service handling experience of the user are greatly improved.

The present specification also provides an authentication system, which may be an independent authentication system, or may be applied to a data processing system for handling various services. The system may be a single server, or may include a server cluster, a system (including a distributed system), software (applications), an actual operating device, a logic gate device, a quantum computer, etc. using one or more of the methods or one or more of the example devices of the present specification, in combination with a terminal device implementing hardware as necessary. The system can comprise one or more information acquisition terminals, a server and a service handling terminal; the information acquisition terminal may include at least one processor and a memory storing computer-executable instructions, where the processor executes the instructions to implement the steps of the method according to one or more of the foregoing embodiments; the server may include at least one processor and a memory storing computer-executable instructions that when executed by the processor perform the steps of the method of one or more of the foregoing embodiments; the business process terminal may include at least one processor and memory storing computer-executable instructions that when executed by the processor implement the steps of the method of one or more of the foregoing embodiments.

It should be noted that the above-mentioned system may also include other implementation manners according to the description of the method or apparatus embodiment, and specific implementation manners may refer to the description of the related method embodiment, which is not described in detail herein.

In the authentication system according to the embodiment, when the user uses each terminal device capable of implementing user identification information determination and biological information acquisition in the target service handling area, the corresponding terminal device acquires the biological characteristic information of the user and sends the biological characteristic information to the server together with the user identification, and the server compares the biological characteristic information of the user in advance. And after the comparison is completed, the server sends the comparison result to each service transaction terminal or the target service transaction terminal in the target service transaction area, and the service transaction terminals perform local storage. Therefore, when the user uses the service handling terminal to handle the service, the corresponding service handling terminal can determine the authentication result of the user according to the existing comparison result. If the identity authentication is passed, the service handling can be directly carried out for the user, and the identity authentication link when the user handles the current service is omitted, so that the service handling efficiency and the service handling experience of the user are greatly improved.

The embodiments of the present description are not limited to what must be consistent with a standard data model/template or described in the embodiments of the present description. Certain industry standards, or implementations modified slightly from those described using custom modes or examples, may also achieve the same, equivalent, or similar, or other, contemplated implementations of the above-described examples. The embodiments using these modified or transformed data acquisition, storage, judgment, processing, etc. may still fall within the scope of the alternative embodiments of the present description.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, when implementing one or more of the present description, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units, etc. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method or apparatus that comprises the element.

As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the present specification can also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description of the specification, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.

The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.

Claims

1. An identity authentication method is characterized by being applied to a business handling system, wherein the business handling system comprises one or more information acquisition terminals, a server and a business handling terminal, wherein the business handling terminal and the one or more information acquisition terminals are associated in a business handling area;

2. An identity authentication method is applied to a service handling terminal, and comprises the following steps:

3. The method of claim 2, further comprising:

4. A method according to claim 2 or 3, characterized in that the method further comprises:

the determining the authentication result of the user corresponding to the service transaction request according to the acquired authentication information set includes: determining a second weight coefficient corresponding to each comparison result according to the type of the information acquisition terminal; and determining the identity verification result of the user according to the one or more comparison results and the second weight coefficient corresponding to each comparison result.

5. The method of claim 4, wherein the authentication result comprises a trustworthiness, the method further comprising:

6. The method of claim 2, further comprising: and deleting the received comparison result after receiving the specified time interval of the comparison result.

7. An identity authentication method is applied to one or more information acquisition terminals, and comprises the following steps:

collecting biological characteristic information of a user;

8. An identity authentication method applied to a server, the method comprising:

9. An identity authentication device, which is applied to a service handling terminal, the device comprising:

And the verification result determining module is used for acquiring a corresponding authentication information set based on the user identification in the service handling request after receiving the service handling request, and determining the authentication result of the user corresponding to the service handling request according to the acquired authentication information set.

10. The apparatus of claim 9, further comprising:

correspondingly, the verification result determination module includes:

11. The apparatus of claim 9, further comprising:

correspondingly, the verification result determination module includes:

12. The apparatus of claim 10 or 11, wherein the authentication result comprises a trust level, the apparatus further comprising:

13. The apparatus of claim 9, further comprising:

14. An identity authentication device, applied to one or more information acquisition terminals, the device comprising:

15. An identity authentication device applied to a server, the device comprising:

16. An authentication device comprising a processor and a memory for storing processor-executable instructions which, when executed by the processor, perform steps comprising the method of any one of claims 2 to 8.

17. An identity authentication system is characterized in that the system comprises one or more information acquisition terminals, a server and a service handling terminal, wherein,

the information acquisition terminal comprising at least one processor and a memory storing computer-executable instructions that when executed by the processor implement the steps of the method of claim 7;

the server comprising at least one processor and a memory storing computer-executable instructions that when executed by the processor implement the steps of the method of claim 8;

the service handling terminal comprises at least one processor and a memory storing computer executable instructions which when executed by the processor implement the steps of the method of any of claims 2 to 6.