CN112152976A - Identity authentication method and system - Google Patents
Identity authentication method and system Download PDFInfo
- Publication number
- CN112152976A CN112152976A CN201910576172.6A CN201910576172A CN112152976A CN 112152976 A CN112152976 A CN 112152976A CN 201910576172 A CN201910576172 A CN 201910576172A CN 112152976 A CN112152976 A CN 112152976A
- Authority
- CN
- China
- Prior art keywords
- identity authentication
- information
- server
- terminal
- facial feature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 230000001815 facial effect Effects 0.000 claims abstract description 67
- 230000006854 communication Effects 0.000 claims description 18
- 238000004891 communication Methods 0.000 claims description 17
- 238000012795 verification Methods 0.000 claims description 17
- 230000005540 biological transmission Effects 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 9
- 210000004709 eyebrow Anatomy 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 abstract description 4
- 230000001360 synchronised effect Effects 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 7
- 230000007547 defect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 210000000887 face Anatomy 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relates to an identity authentication method and an identity authentication system, wherein the method comprises the following steps: the server acquires first position information and facial feature information of a body to be recognized; the server acquires second position information of the mobile terminal carried by the body to be identified; and the server judges whether the facial feature information is matched with the locally stored facial feature information, and if the facial feature information is matched with the locally stored facial feature information and the distance between the second position and the first position is within a preset position deviation range, the body to be identified passes the authentication. By implementing the method, the position information is dynamically acquired and updated in combination with high-security face recognition of the geographical position information, and the geographical position information is synchronized with the cloud server, so that a user side does not need to be recycled and maintained, the maintenance cost is reduced, and the maintenance is quick and effective; when the identity authentication is carried out, the user has no touch, and the user experience can be improved.
Description
Technical Field
The present invention relates to the field of security technologies, and in particular, to an identity authentication method and system.
Background
Nowadays, occasions using identity authentication technology are increasing, and ways such as IC card and two-dimensional code authentication are widely used in the security field, and data is bound in a user IC card or a presented two-dimensional code as an identity. The IC card and the two-dimensional code are used for identity authentication certificates, and the defects exist: firstly, in terms of safety, once an IC card is lost, the authority of the IC card is lost, and during the period that the card is not completely lost, the safety faces huge hidden dangers; once an illegal and malicious code is placed at a cash register end, the safety of a user cannot be guaranteed; secondly, in terms of labor cost, the cost for processing the loss of the traditional IC card is higher, and the cost of card re-supplementing, data updating and manual card sending is combined; finally, both of the above authentication methods are deficient in maintainability and user experience. There is therefore a need for an authentication scheme that can have significant improvements in security, use cost, maintainability and user experience.
Disclosure of Invention
The invention provides a scheme combining face recognition and geographic information verification aiming at the defects of safety and use experience of the existing IC card authentication and two-dimensional code authentication modes so as to overcome the defects in the prior art.
The solution of the present invention to the above problems is as follows:
in one aspect, the present invention provides an identity authentication method, including:
s11, the server acquires first position information and facial feature information of the body to be recognized;
s12, the server acquires second position information of the mobile terminal carried by the body to be identified;
s13, the server judges whether the facial feature information is matched with the facial feature information stored locally, and if the facial feature information is matched with the facial feature information stored locally and the distance between the second position and the first position is within a preset position deviation range, the body to be identified passes authentication.
Preferably, the method further comprises: and acquiring the ID information of the mobile terminal carried by the body to be identified, and matching the ID information with the ID information stored locally.
Preferably, the method further comprises: and acquiring the MAC address information of the mobile terminal carried by the body to be identified, and matching the MAC address information with the MAC address information stored locally.
Preferably, the method further comprises: and acquiring the user registration information of the mobile terminal carried by the body to be identified, and matching the user registration information with locally stored user registration information.
Preferably, the facial feature information includes: eye characteristic information, eyebrow characteristic information, mouth characteristic information, nose characteristic information, and ear characteristic information.
Preferably, the mobile terminal further comprises an identity authentication terminal in communication connection with the mobile terminal and the server, and the identity authentication terminal is located within a preset range of the first position information.
Preferably, before executing step S11, the method further includes:
s101, a mobile terminal carried by a body to be identified sends first position information and facial feature information to a server;
s102, the server receives the first position information and the facial feature information;
s103, the server verifies the first position information and the facial feature information;
and S104, if the first position information and the facial feature information of the body to be recognized pass the verification, generating the personal identity ID of the body to be recognized, otherwise, returning the personal identity information verification failure information of the body to be recognized.
Preferably, before the step S11, the method further includes initializing the authentication terminal.
Preferably, before the step S11, the method further includes the step of the server exchanging a key for encrypting transmission information with the identity authentication terminal.
Preferably, initializing the identity authentication terminal includes:
s201, a server generates an identity authentication terminal device ID and a first secret key for encrypting the identity authentication terminal device ID;
s202, the server binds and stores the ID of the identity authentication terminal equipment, the first secret key and the geographical position information of the identity authentication terminal;
s203, the server sends the ID of the identity authentication terminal equipment and the first secret key to the identity authentication terminal.
Preferably, the exchanging of the key for encrypting the transmission information between the server and the authentication terminal includes:
s211, the identity authentication terminal encrypts and sends the ID and the geographic position information of the identity authentication terminal equipment obtained in the initialization process to a server;
s212, the server decrypts the information to obtain the ID and the geographic position information of the identity authentication terminal equipment;
s213, the server confirms the ID and the geographic position information of the identity authentication terminal equipment, verifies the validity of the identity authentication terminal, and returns authentication failure information when the verification fails; when the authentication is passed, step S214 is executed;
s214, the identity authentication terminal generates a second key and sends the second key to the server, and the server generates a third key and sends the third key to the identity authentication terminal.
Preferably, the first key is an AES key.
Preferably, the second key is an RSA key, and the third key is an RSA key.
Preferably, the identity authentication terminal periodically transmits the identity authentication terminal device ID and the location information encrypted by the third key to the server.
In another aspect, the present invention further provides a storage medium, where the storage medium includes a stored program, and the program executes the above identity authentication method when running.
In another aspect, the present invention further provides a processor, where the processor is configured to execute a program, where the program executes the identity authentication method described above.
On the other hand, the invention also provides an identity authentication system, which comprises a mobile terminal and a server, wherein the mobile terminal and the server are carried by the body to be identified through communication connection;
the body to be recognized sends first position information and facial feature information to the server through the mobile terminal; the server acquires second position information of the mobile terminal carried by the body to be recognized, the server judges whether the facial feature information is matched with the locally stored facial feature information, and if the facial feature information is matched with the locally stored facial feature information and the distance between the second position and the first position is within a position deviation preset range, the body to be recognized passes authentication.
Preferably, the system further comprises an identity authentication terminal in communication connection with the mobile terminal and the server, and the identity authentication terminal is located within a preset range of the first location information.
Preferably, after receiving the information sent by the mobile terminal, the server sends first facial feature information matched with the identity ID to be recognized to the identity authentication terminal;
and the identity authentication terminal carries out facial recognition on the body to be recognized, acquires and sends second facial feature information to the server.
Preferably, a GPS chip is provided in the mobile terminal.
Preferably, the mobile terminal (100) is a portable mobile terminal.
Preferably, the portable mobile terminal comprises a mobile phone, a bracelet, a watch, an IPAD, a badge, a cap badge and an electronic pen.
Preferably, the mobile terminal is any one of a mobile phone, a bracelet, a watch or an IPAD.
Preferably, the identity authentication terminal comprises a computer and a camera connected to the computer.
The implementation scheme of the invention has the following beneficial effects: the safety of identity authentication is effectively improved by dynamically acquiring and updating the position information and comprehensively studying and judging by combining face recognition; the invention combines the high-safety face recognition of the geographical position information, can completely replace and process the traditional IC card, has higher cost for losing the IC card, and combines the cost for re-supplementing the card, updating the data and manually sending the card; in maintainability, the user side of the invention synchronizes the geographical position information with the cloud server by deploying the geographical position information synchronization program, and the user side does not need to be recovered and maintained, so that the maintenance cost is reduced, and the maintenance is quick and effective; in the aspect of user experience, geographical position information can be provided through the intelligent terminal at any time, a user does not have touch feeling during identity authentication, and compared with an IC card and two-dimensional code authentication mode, the user liberates two hands completely.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a flowchart illustrating a first embodiment of an identity authentication method according to the present invention;
FIG. 2 is a flowchart illustrating a second embodiment of an identity authentication method according to the present invention;
FIG. 3 is a diagram illustrating the initialization of identity information of a user according to the present invention;
fig. 4 is a schematic diagram of an authentication terminal in an initialization step;
fig. 5 is a flow chart of the exchange of keys between the server and the authentication terminal prior to the transmission of information;
FIG. 6 is a diagram of a preferred embodiment of an identity authentication system;
FIG. 7 is a diagram of a mobile terminal according to a preferred embodiment of the present invention;
fig. 8 is a schematic diagram of an identity authentication terminal according to a preferred embodiment of the present invention;
FIG. 9 is a diagram of a preferred embodiment of a server.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
It is noted that, unless otherwise indicated, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.
In the present invention, unless specified to the contrary, use of the terms of orientation such as "upper, lower, top, bottom" or the like, generally refer to the orientation as shown in the drawings, or to the component itself in a vertical, perpendicular, or gravitational orientation; likewise, for ease of understanding and description, "inner and outer" refer to the inner and outer relative to the profile of the components themselves, but the above directional words are not intended to limit the invention.
Example one
Fig. 1 is a schematic flow chart of an identity authentication method according to a first embodiment of the present invention. In the embodiment, the user to be identified carries the mobile terminal to perform identity authentication at the server side. In step S11, the server acquires first position information and facial feature information of the body to be recognized; in step S12, the server acquires second location information of the mobile terminal carried by the body to be recognized; in step S13, it is determined whether the facial feature information matches the facial feature information stored locally by the server, and if the facial feature information matches the facial feature information stored locally by the server and the distance between the second location and the first location is within a preset range, the user of the object to be identified is authenticated.
In the above-described embodiment, the information stored locally by the server includes ID information, MAC address information of the mobile terminal, user registration information of the mobile terminal, a facial feature of the object to be identified, fingerprint information, and the like. The ID information stored locally by the server comprises the ID number of the user of the body to be identified. The facial features include feature information of specific parts such as eye feature information, eyebrow feature information, mouth feature information, nose feature information, ear feature information, and overall feature information.
The mobile terminal can be a portable mobile terminal, such as a smart device with a GPS chip, for example, a mobile smart device such as a mobile phone, a bracelet, a watch, an IPAD, a badge, a cap badge, an electronic pen, and the like, and can transmit user location information. Or other equipment with the positioning function of a Beidou system and the positioning function of Galileo. As long as it can satisfy the requirement of accurately transmitting the location of the user.
The server used in the above embodiments is in communication connection with the mobile terminal in a wired or wireless manner, receives the location information of the mobile terminal, and verifies the validity and validity of the user.
By adopting the scheme of the embodiment, the mobile terminal carried by the user indicates the position of the current user, the server only sends the related matched face characteristic value to the legal equipment within the position range threshold, the phenomenon that the authentication right is out of control due to the fact that the IC card is lost similarly is avoided, the validity check function is achieved, the illegally issued identity verification terminal can be effectively eliminated, the potential safety hazard caused by the illegally issued identity verification terminal is improved, and property loss or important identity information loss caused by mistaken code scanning of the user is effectively prevented.
Fig. 2 is a flowchart illustrating an identity authentication method according to a second embodiment of the present invention. In this embodiment, the user to be identified carries the mobile terminal to perform identity authentication before the identity authentication terminal. In step S100, after receiving information sent by a mobile terminal carried by a body to be recognized, a server sends first facial feature information matched with an identity ID of the body to be recognized to an identity authentication terminal within a preset range of first location information; in step S200, after receiving information sent by a mobile terminal carried by a body to be recognized, a server sends first facial feature information matched with an identity ID of the body to be recognized to identity authentication terminals within a preset range of first location information, for example, a location deviation setting threshold is 10 meters, and all identity authentication terminals within 10 meters of the location send first facial feature values matched with the identity ID; in step S300, the identity authentication terminal performs facial recognition on the body to be recognized, obtains and sends second facial feature information to the server; in step S400, the first facial feature information and the second facial feature information from the server are compared, and when the first facial feature information and the second facial feature information match, the authentication is performed by using the facial feature information.
In the above embodiments, the mobile terminal may be a portable mobile terminal, such as a smart device with a GPS chip, for example, a mobile smart device such as a mobile phone, a bracelet, a watch, an IPAD, a badge, a cap badge, an electronic pen, and the like, and is capable of sending user location information. Or other equipment with the positioning function of a Beidou system and the positioning function of Galileo. As long as it can satisfy the requirement of accurately transmitting the location of the user.
In the above embodiment, the identity authentication terminal is an intelligent device having a camera, a storage chip, a memory chip, and a computing chip, and is capable of collecting user face features, comparing the user face features locally, and synchronizing the user face features with the user face feature library in the server.
In the above embodiment, the server is in communication connection with the mobile terminal in a wired or wireless manner, receives the location information of the mobile terminal, issues the face features meeting the conditions to each authentication terminal, and verifies the validity and legitimacy of each authentication terminal.
By adopting the scheme of the embodiment, the mobile terminal carried by the user indicates the position of the current user, the server only sends the related matched face characteristic value to the legal equipment within the position range threshold, the phenomenon that the authentication right is out of control due to the fact that the IC card is lost similarly is avoided, the validity check function is achieved, the illegally issued identity verification terminal can be effectively eliminated, the potential safety hazard caused by the illegally issued identity verification terminal is improved, and property loss or important identity information loss caused by mistaken code scanning of the user is effectively prevented.
Fig. 3 is a schematic diagram illustrating initialization of identity information of a user according to the present invention. In this embodiment, before the previous embodiment performs step S100, the identity information of the user is bound with the user ID, so as to ensure that the user ID can uniquely represent the user. The identity information of the user needs to be initialized, the binding with the biological information is completed, and the binding information is stored in the server.
The steps of this example are as follows:
in step S101, the mobile terminal carried by the body to be recognized sends information for proving the personal identity of the body to be recognized to the server, for example, a user accesses the server through the TCP/IP, UDP, HTTPS protocol via the intelligent terminal, and sends information capable of proving the personal identity to the server;
in step S102, the server receives information for proving the personal identity of the to-be-recognized person, for example, the server receives a data packet containing identity information sent from the selected port through the socket;
in step S103, the server verifies the individual identification information of the to-be-identified entity.
In step S104, if the personal identification information of the to-be-recognized person passes the verification, the personal identification ID of the to-be-recognized person is generated, otherwise, the personal identification information verification failure information of the to-be-recognized person is returned. If the identity authentication is passed, generating an identity ID, binding personal identity information (such as an identity card number), human face characteristics and other biological information (such as fingerprints) with the identity ID, and storing the binding relationship in a file system of a server; if the verification fails, failure information is returned.
Preferably, the intelligent terminal in the above steps can be a smart phone, a bracelet, a smart watch, a PAD, and the like.
After the steps are completed, the users are assigned with unique ID, and in a specific authentication system, each user is only assigned with one ID to distinguish the users; the same user may have different IDs in different authentication systems, for example, the user may have one ID in a shopping system and another ID in another book borrowing system.
The identity ID is used for verification, sensitive information (such as an identity card number) and the like cannot be directly transmitted in the transmission process in the verification stage, and the transmission process is ensured not to transmit related important information, so that the safety of the whole system is improved.
The invention also provides a legal authentication scheme aiming at the identity authentication terminal so as to ensure that the identity authentication terminal is legal equipment, avoid illegal equipment from carrying out identity identification authentication on a user and prevent safety risk caused by authentication abuse.
Fig. 4 is a schematic diagram of the authentication terminal in the initialization step. The initialization step of the identity authentication terminal provided in this embodiment needs to be performed and completed before step S200 in the first embodiment, so as to ensure that the server can send the relevant identity ID and the facial features to the legitimate identity authentication terminal in step S200.
The initialization step of the identity authentication terminal comprises the following steps:
s201, firstly, at a server end, generating a unique ID of the identity authentication terminal equipment by the server, and simultaneously generating a key for encrypting the ID of the identity authentication terminal equipment, wherein the key can be an AES key for example;
s202, binding the ID of the identity authentication terminal equipment, the AES key and the geographical position information of the identity authentication terminal to be initialized, which are generated in the S201, at a server side, and storing the bound information at the server side;
and S203, sending information such as the ID of the identity authentication terminal equipment and the AES key in the S202 to the identity authentication terminal to be initialized, and storing the information after the identity authentication terminal receives the information.
Preferably, in step S203, in a secure and reliable environment, the device ID and the AES key are transmitted to the authentication terminal through RS-485 or RS-232 serial communication and ethernet communication, and stored in the MCU or EPROM and the hard disk of the authentication terminal.
In order to more clearly illustrate the initialization process, a specific scenario is described below. In this example, a checkout terminal of an unmanned shop, that is, an identity authentication terminal in the present invention, needs to be arranged somewhere. Before the checkout terminal is started, initialization is needed, firstly, at a server side, a device ID for the checkout terminal is generated by the server, and an AES key is also generated, wherein the device ID is unique and is used for distinguishing from other checkout terminals. The geographical location of the ready-to-initialize checkout terminal, the device ID and the AES key are then bound by the server so that the relevant information is associated. The generated device ID and the corresponding AES key are transmitted through an appropriate channel, and the checkout terminal stores the device ID and the corresponding AES key after receiving them. After the device ID and the corresponding AES key received by the checkout terminal, they can be used in the actual checkout process, i.e. the initialization of the device is completed.
In the present invention, in order to improve the security of transmission, the authentication terminal and the server need to transmit information through an encryption mechanism, and both sides exchange a key, for example, in step S200 of the first embodiment, encryption transmission needs to be performed. The present invention provides an embodiment as shown in fig. 4 to realize high security information transmission between the identity authentication terminal and the server.
As shown in fig. 5, it is a flowchart of exchanging a key between the server and the authentication terminal before transmitting information, and after exchanging the key, all information transmitted between the server and the authentication terminal is encrypted by using the key exchanged in this embodiment and then transmitted.
Firstly, in step S211, the identity authentication terminal encrypts the ID and the geographical location information of the identity authentication terminal device obtained in the initialization process by using a specified AES key, and transmits the encrypted information to the server;
then, in step S212, the server decrypts the ID and the geographic position information of the identity authentication terminal equipment by adopting the same algorithm;
s213, the server compares the decrypted ID and the geographic position information of the identity authentication terminal device, and confirms whether the ID and the geographic position information of the identity authentication terminal device exist in a record stored by the server so as to verify the validity of the identity authentication terminal. If the verification fails, giving a prompt of authentication failure; if the authentication is passed, entering the next step;
s214, the identity authentication terminal and the server respectively generate a group of keys and exchange the keys. Specifically, the authentication terminal and the server are in RSA communication, the authentication terminal generates a group of RSA keys (A group), the server generates a group of RSA keys (B group), and the authentication terminal transmits the public key (or private key) of the A group to the server after encryption by adopting AES (advanced encryption standard); and the server encrypts the B group public key (or private key) by adopting AES and transmits the encrypted public key or private key to the authentication terminal.
After the keys are exchanged, the identity authentication terminal and the server respectively obtain the keys generated by the other party, and when the identity authentication terminal and the server adopt the obtained keys to encrypt information, only the other party can decrypt the information, so that the safety performance of information transmission is improved.
In addition, after the key is exchanged, the identity authentication terminal can report the state of the identity authentication terminal to the server periodically, so that the validity of the identity authentication terminal and the validity of the identity authentication terminal in the whole system are guaranteed. Specifically, the identity authentication terminal encrypts the ID and the position information of the identity authentication terminal equipment by a B group public key (or private key) and transmits the encrypted ID and the encrypted position information to the server, and the server decrypts the encrypted ID and the encrypted position information by using the B group private key (or public key) and judges the validity of the identity authentication terminal; and if the terminal passes the judgment, the identity authentication information sent by the terminal is considered to be valid, otherwise, the identity authentication information is considered to be invalid. The regular time may be set according to the security requirement of the system, for example, the payment system in the foregoing may be set to update the device on a daily basis.
Example two
The embodiment of the invention also provides a storage medium, which comprises a stored program, wherein the identity authentication method is executed when the program runs.
Optionally, in this embodiment, the storage medium may be configured to store program codes for executing the following procedures of the identity authentication method:
s11, the server acquires first position information and facial feature information of the body to be recognized;
s12, the server acquires second position information of the mobile terminal carried by the body to be identified;
s13, the server judges whether the facial feature information is matched with the facial feature information stored locally, and if the facial feature information is matched with the facial feature information stored locally and the distance between the second position and the first position is within a preset position deviation range, the body to be identified passes authentication.
Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing program codes, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Therefore, by adopting the storage medium of the invention, the storage capacity is reduced, and the program running speed of the built-in identity authentication method flow is higher, thereby quickly and efficiently completing identity authentication.
EXAMPLE III
The embodiment of the invention also provides a processor, which is used for running the program, wherein the program executes the steps in the identity authentication method when running.
Optionally, in this embodiment, the program is configured to perform the following steps:
s11, the server acquires first position information and facial feature information of the body to be recognized;
s12, the server acquires second position information of the mobile terminal carried by the body to be identified;
s13, the server judges whether the facial feature information is matched with the facial feature information stored locally, and if the facial feature information is matched with the facial feature information stored locally and the distance between the second position and the first position is within a preset position deviation range, the body to be identified passes authentication.
Optionally, for a specific example in this embodiment, reference may be made to the above-described embodiment and examples described in the specific implementation, and details of this embodiment are not described herein again.
Therefore, by adopting the processor, the data volume to be processed is reduced, and the program running speed of the built-in identity authentication method flow is higher, so that the identity authentication is completed quickly and efficiently.
Example four
The invention also provides an identity authentication system as shown in fig. 6. The identity authentication system in this embodiment includes a mobile terminal 100 carried by a user 400 to be identified, and in this embodiment, the mobile terminal is a smart phone, and the smart phone has a positioning function and can provide current geographical location information. The identity authentication system further comprises an identity authentication terminal 200, wherein the identity authentication terminal 200 is used for carrying out face recognition authentication on the user 100, and is configured with a shooting device and a computing device which stores face feature data, device ID data, geographic position information data, a secret key and the like.
In this embodiment, the identity authentication system further includes a server 300 in communication connection with the mobile terminal 100 and the identity authentication terminal 200, respectively. The server 300 receives the location information of the mobile terminal 100, issues a face feature meeting the condition to each authentication terminal 200, and verifies the validity and legitimacy of each authentication terminal 200.
Before the user 400 carries the mobile terminal 100 to the identity authentication terminal 200 for identity authentication, the user 400 needs to bind the identity information of the user with the user ID: the user 400 performs a registration operation on the smartphone (mobile terminal 100). The user 400 registers through the APP installed on the smart phone, and when the user 400 registers, data such as a mobile phone number, an identification number, or face information are provided to the server 300. The server 300 receives the relevant data packet and then performs identity authentication of the user to determine whether the identity of the registrant is authentic. After passing the identity authentication, the server 300 selects an unused identity ID from the pool of identity IDs, binds the identity ID with data such as a mobile phone number, an identification number, or face information provided when the user registers, and stores the bound identity ID in the server 300. After storing, the information of successful registration is returned to the user 400.
In addition, before the user 400 carries the mobile terminal 100 to the authentication terminal 200 for authentication, the authentication terminal 200 is initialized first. After the authentication terminal 200 is configured, at the server 300, the server 300 generates a unique device ID from the device ID pool, and also generates an AES key for encrypting the device ID. The device ID, AES key, and geographical location information of the authentication terminal 200 to be initialized are bound, and the bound information is stored at the server 300. The server 300 sends the relevant device ID and AES key to the authentication terminal 200, and completes initialization after the authentication terminal 200 receives and stores the device ID and AES key.
Returning to fig. 6, before the user 400 who has finished assigning the identity ID comes to the identification range of the authentication terminal 200 after having initialized with the mobile terminal 100, the mobile terminal 100 sends the identity ID and the location information to the server 300; at this time, after receiving the information sent by the mobile terminal 100, the server 300 sends the first face feature value matched with the identity ID to all the identity authentication terminals 200 within the threshold range according to the location information. The first face feature value is a result of performing a correlation operation on a face image provided to the server 300 when the user registers to obtain the identity ID. After receiving the first face feature value, the identity authentication terminal 200 performs face recognition on the user 400 in the authentication area, and obtains a face feature value of the current user 400, that is, a second face feature value, through the face recognition. The identity authentication terminal 200 compares the received first face characteristic value with a second face characteristic value obtained by field recognition, and passes authentication when the comparison result is consistent.
From the perspective of the user 400, after the user 400 performs the first registration to obtain the user ID, when the identity authentication is performed before each identity authentication terminal 200 in the system, no operation is required, and the user can directly walk to the identification area to complete the identity authentication. Compared with the existing fingerprint authentication, two-dimensional code authentication and the like, the user experience greatly reduces the operation of the user. And the identity authentication terminal for identity authentication is limited by the server, and only the equipment in the corresponding geographic range can start the authentication process, so that the unsafe condition caused by misuse of authentication is greatly reduced.
Fig. 7 is a diagram of a mobile terminal 100 according to a preferred embodiment of the invention. The embodiment is a smart phone, which is internally provided with a positioning chip, wherein the positioning chip can be a GPS chip, a Beidou positioning chip, a Galileo positioning chip and the like. The positioning chip provides the current real-time position information of the smart phone.
In this embodiment, the smartphone further includes a camera, and the camera is configured to acquire a face image of the user when the user registers to obtain the user ID. Besides acquiring the face image through the camera, the user can also finish sending the face image by uploading the photo by himself.
Fig. 8 is a schematic diagram of the authentication terminal 200. The authentication terminal 200 of the present embodiment includes a computer and a camera connected to the computer. The camera is used for acquiring the face image of the user in the authentication area in the authentication field and sending the face image to the computer for feature recognition. The computer and the server are connected through Ethernet communication. On one hand, in an authentication site, a computer performs feature extraction processing on an acquired face image; on the other hand, the computer also carries out on-site comparison operation by receiving the face characteristic value provided by the server.
Preferably, a storage device, such as a mechanical hard disk, an SSD, etc., is disposed in the computer, and the storage device is used for storing the device ID, the AES key, etc., obtained in the initialization process of the identity authentication terminal 200. The storage device is also used for storing an RSA key sent by the server, and the RSA key is used for encrypting all information in the process of communicating the identity authentication terminal and the server.
Fig. 9 is a schematic diagram of a preferred embodiment of the server. The server includes a processor, a memory, and a communication module. In this embodiment, the processor is configured to provide a computing capability, and perform feature value calculation on a face image provided by a user when the user performs user registration; when communicating with the identity recognition terminal, carrying out encryption and decryption operation of RSA; and calculating the identity ID of the user, the distribution of the equipment ID and the like.
In this embodiment, the memory of the server may be a RAID disk array, which stores the binding relationship between the identity ID and the user identity information, and also stores the binding relationship between the device ID of the identity authentication terminal and the geographic location information, the AES key and the RSA key used in the communication process, and the like.
In this embodiment, the communication module of the server performs communication connection with the mobile terminal, and performs encrypted secure communication connection with the identity authentication terminal.
It is to be understood that the above-described embodiments are only a few, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments according to the present application. As used herein, the singular is intended to include the plural unless the context clearly dictates otherwise, and it should be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of features, steps, operations, devices, components, and/or combinations thereof.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (23)
1. An identity authentication method, comprising:
s11, the server acquires first position information and facial feature information of the body to be recognized;
s12, the server acquires second position information of the mobile terminal carried by the body to be identified;
s13, the server judges whether the facial feature information is matched with the facial feature information stored locally, and if the facial feature information is matched with the facial feature information stored locally and the distance between the second position and the first position is within a preset position deviation range, the body to be identified passes authentication.
2. The identity authentication method of claim 1, further comprising: and acquiring the ID information of the mobile terminal carried by the body to be identified, and matching the ID information with the ID information stored locally.
3. The identity authentication method of claim 1, further comprising: and acquiring the MAC address information of the mobile terminal carried by the body to be identified, and matching the MAC address information with the MAC address information stored locally.
4. The identity authentication method of claim 1, further comprising: and acquiring the user registration information of the mobile terminal carried by the body to be identified, and matching the user registration information with locally stored user registration information.
5. The identity authentication method of claim 1, wherein the facial feature information comprises: eye characteristic information, eyebrow characteristic information, mouth characteristic information, nose characteristic information, and ear characteristic information.
6. The identity authentication method according to claim 1, further comprising an identity authentication terminal in communication connection with the mobile terminal and the server, wherein the identity authentication terminal is located within a preset range of the first location information.
7. The identity authentication method of claim 1, wherein before performing step S11, the method further comprises:
s101, a mobile terminal carried by a body to be identified sends first position information and facial feature information to a server;
s102, the server receives the first position information and the facial feature information;
s103, the server verifies the first position information and the facial feature information;
and S104, if the first position information and the facial feature information of the body to be recognized pass the verification, generating the personal identity ID of the body to be recognized, otherwise, returning the personal identity information verification failure information of the body to be recognized.
8. The identity authentication method according to claim 6, wherein before the step S11, the method further comprises initializing the identity authentication terminal.
9. The identity authentication method according to claim 6, wherein before the step S11, the method further comprises the step of the server and the identity authentication terminal exchanging a key for encrypting transmission information.
10. The identity authentication method of claim 8, wherein initializing the identity authentication terminal comprises:
s201, a server generates an identity authentication terminal device ID and a first secret key for encrypting the identity authentication terminal device ID;
s202, the server binds and stores the ID of the identity authentication terminal equipment, the first secret key and the geographical position information of the identity authentication terminal;
s203, the server sends the ID of the identity authentication terminal equipment and the first secret key to the identity authentication terminal.
11. The identity authentication method of claim 9, wherein the server and the identity authentication terminal exchanging a key for encrypting transmission information comprises:
s211, the identity authentication terminal encrypts and sends the ID and the geographic position information of the identity authentication terminal equipment obtained in the initialization process to a server;
s212, the server decrypts the information to obtain the ID and the geographic position information of the identity authentication terminal equipment;
s213, the server confirms the ID and the geographic position information of the identity authentication terminal equipment, verifies the validity of the identity authentication terminal, and returns authentication failure information when the verification fails; when the authentication is passed, step S214 is executed;
s214, the identity authentication terminal generates a second key and sends the second key to the server, and the server generates a third key and sends the third key to the identity authentication terminal.
12. The identity authentication method of claim 10, wherein the first key is an AES key.
13. The identity authentication method of claim 11, wherein the second key is an RSA key and the third key is an RSA key.
14. The method according to claim 11, wherein the authentication terminal periodically transmits the authentication terminal device ID and the location information encrypted by the third key to the server.
15. A storage medium comprising a stored program, wherein the program when executed performs the method of identity authentication of any one of claims 1 to 14.
16. A processor, configured to execute a program, wherein the program executes to perform the identity authentication method according to any one of claims 1 to 14.
17. An identity authentication system, comprising a mobile terminal (100) carried by a body to be identified through communication connection, a server (300), wherein;
the body to be identified sends first position information and facial feature information to the server (300) through the mobile terminal (100); the server (300) acquires second position information of the mobile terminal (100) carried by the body to be recognized, the server (300) judges whether the facial feature information is matched with the locally stored facial feature information, and if the facial feature information is matched with the locally stored facial feature information and the distance between the second position and the first position is within a position deviation preset range, the body to be recognized passes authentication.
18. The identity authentication system according to claim 17, further comprising an identity authentication terminal (200) in communication connection with the mobile terminal (100) and the server (300), wherein the identity authentication terminal (200) is located within a first preset range of location information.
19. The identity authentication system of claim 17,
the server (300) sends first facial feature information matched with the identity ID of the body to be identified to the identity authentication terminal (200) after receiving the information sent by the mobile terminal (100);
the identity authentication terminal (200) carries out face recognition on a body to be recognized, obtains second face feature information and sends the second face feature information to the server (300).
20. The identity authentication system according to claim 17, wherein a GPS chip is provided in the mobile terminal (100).
21. An identity authentication system according to claim 17, characterized in that the mobile terminal (100) is a portable mobile terminal.
22. The identity authentication system of claim 21, wherein the portable mobile terminal comprises a cell phone, a bracelet, a watch, an IPAD, a badge, a cap badge, an electronic pen.
23. The identity authentication system according to claim 18, wherein the identity authentication terminal (200) comprises a computer and a camera connected to the computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910576172.6A CN112152976A (en) | 2019-06-28 | 2019-06-28 | Identity authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910576172.6A CN112152976A (en) | 2019-06-28 | 2019-06-28 | Identity authentication method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112152976A true CN112152976A (en) | 2020-12-29 |
Family
ID=73870115
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910576172.6A Pending CN112152976A (en) | 2019-06-28 | 2019-06-28 | Identity authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112152976A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113157833A (en) * | 2021-01-07 | 2021-07-23 | 北京码牛科技有限公司 | One-standard three-real information acquisition method and device and electronic equipment |
| CN113556395A (en) * | 2021-07-21 | 2021-10-26 | 黑龙江祥辉通信工程有限公司 | Safe type network information dynamic management platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104504767A (en) * | 2014-11-26 | 2015-04-08 | 广东安居宝数码科技股份有限公司 | Check-in information verification method and system |
| CN107483416A (en) * | 2017-07-27 | 2017-12-15 | 湖南浩丰文化传播有限公司 | The method and device of authentication |
| CN108989038A (en) * | 2017-05-31 | 2018-12-11 | 国民技术股份有限公司 | It is a kind of for the identification equipment of geographic position authentication, system and method |
| CN109670428A (en) * | 2018-12-07 | 2019-04-23 | 深圳市集虹鼎源科技有限公司 | Identity identifying method and device |
-
2019
- 2019-06-28 CN CN201910576172.6A patent/CN112152976A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104504767A (en) * | 2014-11-26 | 2015-04-08 | 广东安居宝数码科技股份有限公司 | Check-in information verification method and system |
| CN108989038A (en) * | 2017-05-31 | 2018-12-11 | 国民技术股份有限公司 | It is a kind of for the identification equipment of geographic position authentication, system and method |
| CN107483416A (en) * | 2017-07-27 | 2017-12-15 | 湖南浩丰文化传播有限公司 | The method and device of authentication |
| CN109670428A (en) * | 2018-12-07 | 2019-04-23 | 深圳市集虹鼎源科技有限公司 | Identity identifying method and device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113157833A (en) * | 2021-01-07 | 2021-07-23 | 北京码牛科技有限公司 | One-standard three-real information acquisition method and device and electronic equipment |
| CN113556395A (en) * | 2021-07-21 | 2021-10-26 | 黑龙江祥辉通信工程有限公司 | Safe type network information dynamic management platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6821828B6 (en) | A method of approving card use using a blockchain-based token ID and a server using this {METHOD FOR APPROVING USE OF CARD BY USING BLOCKCHAIN-BASED TOKEN ID AND SERVER USING METHOD} | |
| CN107251477B (en) | System and method for securely managing biometric data | |
| CN108292334B (en) | Wireless biometric authentication system and method | |
| US8799670B2 (en) | Biometric authentication method, computer program, authentication server, corresponding terminal and portable object | |
| CN109711847B (en) | Near field information authentication method and device, electronic equipment and computer storage medium | |
| KR101702748B1 (en) | Method, system and recording medium for user authentication using double encryption | |
| CN105117910B (en) | Electronic consumption method | |
| US10140614B2 (en) | User authentication method and device for credentials back-up service to mobile devices | |
| CN105868970B (en) | authentication method and electronic equipment | |
| US20100131414A1 (en) | Personal identification device for secure transactions | |
| WO2019010669A1 (en) | Method, apparatus and system for identity validity verification | |
| US20180308101A1 (en) | A system for proximate and/or remote electronic transaction authorization based on user authentication and/or biometric identification | |
| CN112152976A (en) | Identity authentication method and system | |
| JP2011165102A (en) | Biometrics authentication system and portable terminal | |
| KR101545129B1 (en) | System And Method for Electronic Payment | |
| US20180075450A1 (en) | Effecting pin change for payment devices | |
| KR20190045495A (en) | Method for Managing Distributed Commuting Record by using Sound Wave Signal | |
| KR102348823B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
| KR20190045486A (en) | Method for Managing Distributed Commuting Record | |
| KR102122555B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
| CN112152965B (en) | Identity authentication method, server and system | |
| CN101443722A (en) | Wireless telecommunication device with output control function and transaction authentication system using the same | |
| US10771970B2 (en) | Method of authenticating communication of an authentication device and at least one authentication server using local factor | |
| TWI696963B (en) | Ticket issuing and admission verification system and method, and user terminal device used in ticket issuing and admission verification system | |
| KR20180111010A (en) | The Method for Non-face-to-face Identification utilizing the Shared-ID and the Convenient-Safe-OTP |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20221215 Address after: 710000 second floor, building B3, yunhuigu, No. 156, Tiangu 8th Road, software new town, high tech Zone, Xi'an, Shaanxi Applicant after: Xi'an Guangqi Intelligent Technology Co.,Ltd. Address before: 710003 2nd floor, B3, yunhuigu, 156 Tiangu 8th Road, software new town, Xi'an City, Shaanxi Province Applicant before: Xi'an Guangqi Future Technology Research Institute |