CN113177797A

CN113177797A - User identity information authentication method, system, device, equipment and storage medium

Info

Publication number: CN113177797A
Application number: CN202110492466.8A
Authority: CN
Inventors: 简伟明; 皮爱平; 黄飞鹰; 梁华贵; 陈吉宏; 黄伟涛; 郑则润; 陈秋榕
Original assignee: Sundang Guangdong Technology Co ltd
Current assignee: Sundang Guangdong Technology Co ltd; Xunteng Guangdong Technology Co Ltd
Priority date: 2021-05-06
Filing date: 2021-05-06
Publication date: 2021-07-27
Also published as: WO2022233313A1

Abstract

The embodiment of the application discloses a method, a system, a device, equipment and a storage medium for authenticating user identity information. According to the technical scheme provided by the embodiment of the application, the server matches the first check code with a third check code stored by the server by receiving first user information sent by trusted equipment, generating the first check code according to the first user information and determining equipment to be authenticated matched with the first user information based on the first user information, and if the first check code is the same as the third check code, modifying the trusted level of the stored equipment to be authenticated and finishing authentication of user identity information; the whole identity information authentication process greatly reduces the steps of needing the user to directly participate, avoids the complex operation of the user, can reduce the time of queuing operation of the user, greatly improves the use convenience of the user, increases the user experience, reduces the equipment investment cost, is convenient for the old to use, and has strong universality.

Description

User identity information authentication method, system, device, equipment and storage medium

Technical Field

The embodiment of the application relates to the technical field of identity authentication, in particular to a user identity information authentication method, a system, a device, user identity information authentication equipment and a storage medium.

Background

The identity authentication means that the identity of a user is confirmed by a special means, and the identity authentication process is required to be realized in industrial and commercial, tax, finance, public inspection, traffic and other industrial scenes, and when the user goes to a bank to handle business, the identity of the user needs to be authenticated to determine business handling permission.

One of the important links of identity authentication is personal identity information verification, i.e. ensuring the credibility of the face, name and identification number of a user.

Currently, the method is commonly used in combination with an APP or an applet, that is, when a user registers the APP or the applet, the user inputs personal identity information such as personal information and face information and then sends the personal identity information to a server, or a piece of personal identity information is reserved at an APP or an applet terminal. The personal identity information in the process is completed by the user, and the credibility of the personal identity information cannot be ensured without identity information verification. To ensure the trustworthiness of personal identity information, there are several methods in general: one is to carry on the online verification to the identity through the authority personal information certification authority, such speed is fast, convenient, swift, but the certification expense is relatively higher; the other is to carry out authentication through offline equipment, the common method is to place an identity card on identity verification equipment with an identity card reader, read identity card information, collect a live human face image on site and carry out face recognition comparison with the face of the identity card, generate a two-dimensional code after the identity card is determined, a user completes information verification of personal identity information and a user account through a corresponding APP or a two-dimensional code on a small program recognition screen, and whether the personal identity information of a server end and a mobile phone end is credible is ensured.

Disclosure of Invention

The embodiment of the application provides a method, a system, a device, equipment and a storage medium for authenticating user identity information, so that the minimization of user operation steps in the identity information authentication process is realized, and the convenience of identity authentication is improved.

In a first aspect, an embodiment of the present application provides a method for authenticating user identity information, including:

receiving first user information sent by trusted equipment, wherein the first user information is acquired by the trusted equipment;

generating a first check code based on the first user information, and determining equipment to be authenticated matched with the first user information, wherein second user information is prestored in the equipment to be authenticated, and the credibility level of the first user information acquired by the credible equipment is higher than that of the second user information stored in the equipment to be authenticated;

and determining a third check code corresponding to the stored equipment to be authenticated, and if the first check code is the same as the third check code, modifying the stored credibility level of the equipment to be authenticated to finish authentication of the user identity information.

Further, after modifying the stored trust level of the device to be authenticated, the method further includes:

and sending the first check code to the equipment to be authenticated, wherein the first check code is used for matching the first check code and the second check code by the equipment to be authenticated, if the matching is successful, the equipment to be authenticated performs authentication level modification and notifies a user, and the second check code is generated according to the second user information stored in the equipment to be authenticated.

Further, the trusted device comprises an identity card reading device, a trusted identity reader and a passport reader, the first user information comprises the identity card reading device, the trusted identity reader and the passport reader, and the first user information comprises identity card information, citizenship certification, a citizen card, qualification certification, a driving license and a passport.

Further, the generating a first check code based on the first user information includes:

and calculating the hash value of the name and the identity card number in the identity card information through a hash algorithm to generate a first check code.

Further, the determining the device to be authenticated matched with the first user information includes:

acquiring the position information of the trusted device, and determining the terminal device within the preset range of the position information;

inquiring the stored face characteristics of the user corresponding to the terminal equipment;

extracting the features of the face image in the identity card information to obtain machine-readable face features;

and comparing the machine-readable face features with user face features stored correspondingly to each terminal device, and determining the terminal devices meeting the comparison result as the devices to be authenticated.

Further, before querying the stored face features of the user corresponding to the terminal device, the method further includes:

determining the recorded authentication level of the terminal equipment within the preset range;

correspondingly, the querying the stored user face features corresponding to the terminal device includes:

and inquiring the face features of the user corresponding to the terminal equipment of which the authentication level meets the preset level.

In a second aspect, an embodiment of the present application provides a user identity information authentication system, including a server, a device to be authenticated, and a trusted device;

the trusted device is used for sending first user information to the server, and the first user information is acquired through the trusted device; the server is used for receiving the first user information, generating a first check code based on the first user information, and determining equipment to be authenticated matched with the first user information, wherein the credibility level of the first user information acquired through the credible equipment is higher than the credibility level of second user information stored in the equipment to be authenticated; and

determining a third check code corresponding to the stored equipment to be authenticated, if the first check code is the same as the third check code, modifying the stored credibility level of the equipment to be authenticated, and sending the first check code and the modified authentication level to the equipment to be authenticated;

and the equipment to be authenticated is used for generating a second check code based on the stored second user information, receiving the first check code sent by the server, and updating the stored authentication level to the modified authentication level if the first check code is consistent with the second check code.

Further, the first user information includes identification card information, and the server is configured to:

Further, the server is further configured to:

determining the recorded authentication level of the terminal equipment within the preset range; and inquiring the face features of the user corresponding to the terminal equipment of which the authentication level meets the preset level.

In a third aspect, an embodiment of the present application provides a user identity information authentication apparatus, including:

a user information receiving module: the first user information is acquired by the trusted device;

a check code generation module: the authentication device is used for generating a first check code based on the first user information and determining a device to be authenticated matched with the first user information, wherein second user information is prestored in the device to be authenticated, and the credibility level of the first user information acquired by the credible device is higher than the credibility level of the second user information stored in the device to be authenticated;

authentication equipment verification module: and the verification module is used for determining a stored third check code corresponding to the equipment to be authenticated, and modifying the stored credibility level of the equipment to be authenticated if the first check code is the same as the third check code, so as to complete authentication of the user identity information.

Further, the method also comprises the following steps:

and the check code sending module is used for sending the first check code to the equipment to be authenticated and matching the first check code with the second check code by the equipment to be authenticated, if the matching is successful, the equipment to be authenticated performs authentication level modification and notifies a user, wherein the second check code is generated according to the second user information stored in the equipment to be authenticated.

In a fourth aspect, an embodiment of the present application provides a user identity information authentication device, including: a memory and one or more processors;

the memory for storing one or more programs;

when executed by the one or more processors, cause the one or more processors to implement the method for authenticating user identity information according to any one of the first aspects of the present application.

In a fifth aspect, embodiments of the present application provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the user identity information authentication method according to the first aspect.

In a fifth aspect, an embodiment of the present application further provides a method for authenticating user identity information, including:

receiving a first check code sent by trusted equipment, wherein the first check code is generated by the trusted equipment based on collected first user information;

determining equipment to be authenticated matched with the first check code, wherein second user information is prestored in the equipment to be authenticated, and the credibility level of the first user information acquired by the credible equipment is higher than the credibility level of the second user information stored in the equipment to be authenticated;

In a sixth aspect, an embodiment of the present application further provides a user identity information authentication system, which includes a server, a device to be authenticated, and a trusted device, where,

the trusted device is used for sending a first check code to the server, and the first check code is calculated by the trusted device based on the collected first user information; the server is used for receiving the first check code and determining equipment to be authenticated matched with the first check code, wherein the credibility level of the first user information acquired by the credible equipment is higher than the credibility level of the second user information stored in the equipment to be authenticated; and

The method is applied to a server, first user information sent by trusted equipment is received, a first check code is generated according to the first user information, equipment to be authenticated matched with the first user information is determined based on the first user information, the server matches the first check code with a third check code stored in the server, and if the first check code is the same as the third check code, the trusted level of the stored equipment to be authenticated is modified, and authentication of user identity information is completed; the whole identity information authentication process greatly reduces the steps of needing the user to directly participate, avoids the complex operation of the user, can reduce the time of queuing operation of the user, greatly improves the use convenience of the user, increases the user experience, reduces the equipment investment cost, is convenient for the old to use, and has strong universality.

Drawings

Fig. 1 is a flowchart of a method for authenticating user identity information according to an embodiment of the present application;

fig. 2 is a flowchart of another method for authenticating user identity information according to an embodiment of the present application;

fig. 3 is a flowchart of another method for authenticating user identity information according to an embodiment of the present application;

fig. 4 is a flowchart of another method for authenticating user identity information according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of a user identity information authentication system according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of a user identity information authentication apparatus according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of another user identity information authentication apparatus according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a user identity information authentication device according to an embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, specific embodiments of the present application will be described in detail with reference to the accompanying drawings. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be further noted that, for the convenience of description, only some but not all of the relevant portions of the present application are shown in the drawings. Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.

The embodiment of the application provides a method, a system and a device for authenticating user identity information, user identity information authentication equipment and a storage medium. The method is applied to a server, first user information sent by trusted equipment is received, a first check code is generated according to the first user information, equipment to be authenticated matched with the first user information is determined based on the first user information, the server matches the first check code with a third check code stored in the server, and if the first check code is the same as the third check code, the trusted level of the stored equipment to be authenticated is modified, and authentication of user identity information is completed; the whole identity information authentication process greatly reduces the steps of needing the user to directly participate, avoids the complex operation of the user, can reduce the time of queuing operation of the user, greatly improves the use convenience of the user, increases the user experience, reduces the equipment investment cost, is convenient for the old to use, and has strong universality.

As an example of a complete business process of the application, firstly, the authentication level of the trusted device is determined, and the trusted device acquires an identity card photo and personal information, wherein the personal information comprises personal identity information such as a country, a name, an identity card number and the like on an identity card; and then the trusted device sends the personal identity information and the identity information device ID or the personal identity information and the device position information to the server, wherein the identity information device ID refers to the device ID of the trusted device, and the position information of the trusted device can be obtained through the device ID. The server generates a first check code for the personal identity information by using a Hash algorithm or a national secret algorithm, and determines the mobile equipment within a preset range according to the position information of the trusted equipment. The identity authentication grade and the second check code of the equipment to be authenticated, namely the mobile equipment, are recorded in a database connected with the server, whether the personal identity authentication grade managed by the mobile equipment is lower than the authentication grade of the credible equipment or not is judged, whether the second check code of the mobile equipment meeting the conditions is matched with the first check code or not is further judged, the face characteristics of the user associated with the mobile equipment meeting the conditions are further subjected to face recognition comparison with the identity card photo acquired by the credible equipment, and the authentication grade of the mobile equipment meeting the conditions is modified. The server informs the application program of the corresponding mobile equipment, sends the first check code and the authentication level, the mobile equipment verifies whether the second check code of the user is matched with the first check code, and when the matching is successful, the user authentication level of the mobile equipment can be modified and the user is informed. Wherein, the server also stores a third verification code.

The following are detailed below.

Fig. 1 is a flowchart of a user identity information authentication method according to an embodiment of the present disclosure, where the user identity information authentication method according to the embodiment of the present disclosure may be implemented by a user identity information authentication apparatus, and the user identity information authentication apparatus may be implemented by hardware and/or software and integrated in a computer device.

The following description will be given taking as an example a method for the user identification information authentication device to perform user identification information authentication.

Referring to fig. 1, the user identity information authentication method includes:

101: receiving first user information sent by trusted equipment, wherein the first user information is acquired by the trusted equipment.

In the embodiment of the application, the main body executing the user identity information authentication method may be a server, including a cloud server. The trusted device is usually installed in a device installed in a place where identity authentication is required, and performs user information collection and identification. The trusted device may be a dedicated device only providing user identity information acquisition, or may be a terminal device combining other functions, such as an identity authentication terminal device arranged in a bank handling hall, an integrated terminal device arranged in a tax handling hall, a high-speed rail automatic ticket-taking terminal device, and the like. The first user information may include user name, biometric information, identification number, mobile phone number, and other information. The biological characteristic information comprises one or more of face information, iris information, sclera information, fingerprint information, palm print information, voiceprint information and DNA information, wherein the face information comprises living face information and face information analyzed based on a face photo, and the living face information is used for acquiring the face information of a user through a face recognition technology, so that the accuracy of identity recognition is improved. In other examples, the first user information may also include a country of ownership. For example, if the user is a person in country a but owns his identity card in country B, the nationality of the user is nationality in country a but nationality in country B.

In this embodiment, the first user information is collected by a trusted device, preferably, the trusted device includes an identification card reading device, a trusted identification reader, a passport reader, a driving license reader, and the like, and then the first user information includes identification card information. The identification card information may be, for example, a complete identification card number or a partial identification card number, and may further include a user name, user photo information of the certificate (print user photo information of the certificate and/or chip user photo information of the certificate), and based on the user photo information of the certificate, face feature information of the user may be acquired. And only when the trusted device reads the identity card, the identity card information is acquired and uploaded to the server. That is, reading the identity card by the trusted device is equivalent to starting an identity information authentication process.

102: generating a first check code based on the first user information, and determining a device to be authenticated matched with the first user information, wherein a second check code is stored in the device to be authenticated, second user information is prestored in the device to be authenticated, and the credibility level of the first user information acquired by the credible device is higher than the credibility level of the second user information stored in the device to be authenticated.

The server generates a first check code aiming at first user information from the trusted device, wherein the first check code is used for performing handshaking and identity confirmation with the device to be authenticated. Meanwhile, the server matches the qualified equipment to be authenticated based on the first user information. The device to be authenticated is a terminal device usually held by a user, and comprises a smart phone, a smart bracelet, a smart key ring, a smart necklace, a smart watch, a notebook computer, a tablet computer and other mobile terminal devices. The second user information is pre-stored in the device to be authenticated, and it can be understood that the device to be authenticated has a function of inputting the second user information, and similarly, the second user information includes a user name, face feature information, an identification number, a mobile phone number, and the like. The face feature information can be acquired through face acquisition equipment such as a face scanner, a camera and a camera, and personal face photos can be uploaded on equipment to be authenticated by a user. And when the second user information is prestored, the device to be authenticated calculates and generates a second check code based on the second user information.

In the embodiment, the first check code generated by the server for the first user information can be a complete name plus an identity card number, and at the moment, the complete identity card number is added behind the complete name to form the first check code; it may also be a private message, such as a CTID, which is an encrypted identification card message consisting of 256 characters. In addition, the name of the name, the total number of the name, the first three digits of the ID card and the last three digits of the ID card can be added, and the name is, for example, pinyin, English, letter or other language of the name. The three first check codes are expressed by way of example only and are not limited to the three first check codes.

In this embodiment, the trust level of the first user information acquired by the trusted device is higher than the trust level of the second user information stored in the device to be authenticated. Specifically, in the present embodiment, the data authentication level is divided into five levels in the data authentication level, where the level 0 indicates no identity information, and meanwhile, when the application program is just installed and the user does not perform any identity information operation on the application program; level 1 represents virtual information, which is usually a user-defined head portrait, a nickname, and an Open ID automatically generated by combining a system; 2, the level 2 represents no credibility, and generally refers to the self-filled identity information of the user, and the identity information comes from the self-filling of the user and is not subjected to any verification, so the identity information belongs to the untrusted information; level 3 is a preliminary credibility, and usually needs OCR (Optical Character Recognition) identification authentication on the basis of level 3 information; the 4-level represents commercial credibility, and the representation information is authenticated by a third-party mechanism, so that the authentication of commercial transaction operation can be performed, wherein the authentication comprises third-party mechanism authentication such as Ali authentication, WeChat authentication, Baidu authentication, Unionpay authentication, telecommunication authentication, Google authentication, Amazon authentication, commercial NFC identity card authentication and the like; level 5 represents legal credibility, including legal certifications of local countries such as ID card reader certification, eID certification, CTID (network card) certification, passport reader, driving license reader, police NFC ID card certification and police bureau certification. Preferably, the data authentication in the trusted device disclosed in the embodiment of the present application conforms to a 5-level identity card authentication manner, that is, the first user information collected by the trusted device is legal and trusted and belongs to the highest level of the data authentication; or the data authentication in the trusted device disclosed in the embodiment of the application conforms to a 4-level identity card authentication mode, that is, the first user information collected by the trusted device is commercial trusted and belongs to a level with higher data authentication reliability. The second user information pre-stored in the device to be authenticated is usually entered by the user autonomously, and belongs to the second level of data authentication without other verification. The second user information pre-stored in the device to be authenticated comes from other devices, or is automatically entered by the user but is verified by other platforms, such as wechat authentication, and the actual level of the second user information is defined according to the actual situation.

In this embodiment, it is intended to verify user information with a low trust level to determine the trust level of the user information, and if the data trust level corresponding to the device to be authenticated is the highest level, it indicates legal trust, and verification is not required. Therefore, in this embodiment, the step of determining the matched device to be authenticated includes checking the data level of the terminal device, and selecting only the device to be authenticated whose credibility level is lower than that of the credible device to perform the next action. In fact, each terminal device reports the location information to the server periodically or uninterruptedly, and reports the data authentication level of the terminal device to the server periodically or uninterruptedly, so that when the server receives the first user information of the trusted device and determines the device to be authenticated matched with the first user information, the device to be authenticated, of which the data authentication level is equal to or higher than that of the trusted device, can be excluded according to the data authentication level reported by each terminal device.

Since the individual identification information relates to individual privacy, in order to ensure the security of the individual identification information, common devices and enterprises cannot store the individual identification information. In order to ensure the safety of personal identity information, for example, in a scene that an identity card reading device is selected as a trusted device, the trusted device reads the identity card information, acquires mobile phone numbers of all corresponding users according to the identity card information, and selects the last n digits of the mobile phone numbers, wherein n is an integer greater than 1. And packaging n-digit numbers behind the user photo, the user name and the mobile phone number in the identity card information as first user information. Therefore, when the first check code is generated by calculation based on the first user information, the hash value of n digits after the user name and the mobile phone number are calculated by the hash algorithm can be generated. From the perspective of convenience, the content category included in the second user information may be the same as that of the first user information, including user identification card information, and the user mobile phone number or n digits after the mobile phone number. The second check code can also be generated by calculating a hash value of n digits after the user name and the mobile phone number are calculated by a hash algorithm.

In another example, the first user information may only include the identity card information of the user, that is, not include the mobile phone number, but include the identity card number, the name, and the face information. The first check code may be generated by calculating a hash value of the name and the identification number in the identification card information through a hash algorithm. Similarly, the second user information may include an identification card number, a name, and face information, and correspondingly, the second check code may also be generated by calculating a hash value of the name and the identification card number in the identification card information through a hash algorithm.

103: and determining a third check code corresponding to the stored equipment to be authenticated, and if the first check code is the same as the third check code, modifying the stored credibility level of the equipment to be authenticated to finish authentication of the user identity information.

The server cannot store the identity information, and thus the server stores a third check code in advance, the third check code being generated from user information respectively corresponding to different users. And the server generates a first check code based on the first user information and matches the first check code with the equipment to be authenticated, so that a third check code corresponding to the equipment to be authenticated is associated. Specifically, the server detects the consistency of the first check code and the second check code, and in the case that the first check code and the second check code are consistent, the server proves that the first check code is matched with the second check code, so that the credibility level of the equipment to be authenticated can be modified, and the authentication of the user identity information is completed.

In another embodiment, a method for authenticating user identity information provided by the present application is described in fig. 2, and includes:

201: receiving first user information sent by trusted equipment, wherein the first user information is acquired by the trusted equipment.

202: and generating a first check code based on the first user information, and determining the equipment to be authenticated matched with the first user information. Similarly, in this example, the second user information is prestored in the device to be authenticated, and the trust level of the first user information collected by the trusted device is higher than the trust level of the second user information stored in the device to be authenticated.

203: and determining a third check code corresponding to the stored equipment to be authenticated, and if the first check code is the same as the third check code, modifying the stored credibility level of the equipment to be authenticated to finish authentication of the user identity information.

In the foregoing steps 201 to 203, the execution flow and principle are the same as those in the foregoing previous embodiment, and are not described again in this embodiment. The main difference between this embodiment and the previous embodiment is that, after modifying the stored trust level of the device to be authenticated, this embodiment further includes:

204: and sending the first check code to the equipment to be authenticated, wherein the first check code is used for matching the first check code and the second check code by the equipment to be authenticated, if the matching is successful, the equipment to be authenticated performs authentication level modification and notifies a user, and the second check code is generated according to the second user information stored in the equipment to be authenticated.

In this embodiment, on the basis of the consistency check of the server based on the first check code and the third check code, the consistency of the first check code and the second check code is detected at the end of the device to be authenticated, and when the first check code and the second check code are consistent, it is indicated that the first check code and the second check code are matched, the matching is successful, and the device to be authenticated modifies the authentication level and notifies the user.

And the equipment to be authenticated sends the matching result to the user. In this embodiment, when the matching result is that the matching is successful, the second user information of the device to be authenticated is authenticated to be trusted. In the server, after receiving the credibility levels reported by the terminal devices, the server stores the credibility levels of the terminal devices, so that when the matching result of the device to be authenticated is received as a successful matching, the server indicates that the identity authentication is successful, and updates the credibility levels.

As shown in fig. 3, an embodiment of the present application further provides another method for authenticating user identity information, including:

301: receiving first user information sent by trusted equipment, wherein the first user information is acquired by the trusted equipment.

The embodiment is applied to the server, and the server authenticates the identity information of other terminal equipment based on the trusted equipment which has obtained the trusted level authentication. Wherein, the user inputs the first user information through the trusted device, and the first user information is usually generated immediately and is not pre-stored in the trusted device. The trusted device is generally applied to occasions of banks, high-speed rails and government affairs handling certificates, for example, as a bank identity authentication terminal, a high-speed rail identity card ticket checking terminal and a government affairs handling self-service terminal, as a device for obtaining the trusted level authentication. The first user information is typically identification card information.

302: and generating a first check code based on the first user information.

In this embodiment, the server performs calculation of the first check code on the basis of obtaining the first user information, optionally, the first user information includes an identity card number, a name, and face biometric information, and the first check code may be generated by calculating a hash value of the name and the identity card number in the identity card information through a hash algorithm.

303: and acquiring the position information of the trusted device, and determining the terminal device within the preset range of the position information.

When the user inputs the first user information through the trusted device, which is equivalent to starting an identity information authentication process, the server immediately receives the first user information, and searches the terminal device within the preset range according to the first user information. It should be noted that, since the terminal device reports its own location information to the server periodically or without interruption, the server actually stores the location information of each terminal device. In one example, the server also stores location information of the trusted device. And selecting the terminal equipment within the preset range according to the preset range set in advance based on the position information of the trusted equipment. In other examples, it may be that the first user information includes, in addition to the personal identity information of the user, a device ID of the trusted device, and the device ID may correspond to a registration address of the trusted device. In addition, the position information of the trusted device can be acquired by a satellite positioning device, a bluetooth positioning device or other positioning devices, and similarly, the position information of the terminal device can also be acquired by a satellite positioning device, a bluetooth positioning device or other positioning devices. The preset range is, for example, a circular area formed based on the center of the circle and a preset radius with the trusted device as the center. Therefore, searching for the terminal device within the preset range is to select a circular area formed by taking the trusted device as a circle center according to the position information of the trusted device and the preset radius, and determine the terminal device located in the circle center area as the candidate device to be authenticated according to the position information of the terminal device to perform the next matching process.

304: and inquiring the stored face characteristics of the user corresponding to the terminal equipment.

The matching of the geographic position is the first step of determining the device to be authenticated in the embodiment of the application, so as to exclude other terminal devices within a preset range and reduce subsequent workload. And further matching the device to be authenticated based on the face features of the user. Specifically, each terminal device pair uses the face features of the user. The user face features are, for example, face images collected as one type of content of the second user information when the user enters the second user information, and include two different types, namely a face photo and live face features.

305: and extracting the features of the face image in the identity card information to obtain machine-readable face features.

The trusted device scans the identity card to read identity card information including face images in the identity card, and after the identity card information is uploaded to the server, the server further identifies and analyzes the face images to obtain machine-readable face characteristics. In the last step, the face image of the second user information is assumed to be a face image, and because the shooting time of the face image of the second user information is different from the shooting time of the face image in the identity card information, even if the face images of the same user in different light, time, scene and person states are not completely the same, the terminal device is further verified and matched based on the face image in the application.

306: and comparing the machine-readable face features with user face features stored correspondingly to each terminal device, and determining the terminal devices meeting the comparison result as the devices to be authenticated.

In this embodiment, the device to be authenticated stores a second check code, and the second check code is generated by the device to be authenticated through calculation according to prestored second user information, wherein the trust level of the first user information acquired by the trusted device is higher than the trust level of the second user information stored in the device to be authenticated.

307: and determining a third check code corresponding to the stored equipment to be authenticated, and if the first check code is the same as the third check code, modifying the stored credibility level of the equipment to be authenticated to finish authentication of the user identity information.

Referring to fig. 4, an embodiment of the present application further provides another user identity information authentication method, including:

401: receiving first user information sent by trusted equipment, wherein the first user information is acquired by the trusted equipment.

Similarly, in this embodiment, the main body executing the user identity information authentication method may be a server, and the first user information includes a user face feature, a name, and an identity card number, or includes n digits after the user face feature, the name, and the mobile phone number.

402: and generating a first check code based on the first user information.

The server generates the first check code based on the first user information, wherein the first check code is a unique value, and therefore reliability is particularly sufficient. Specifically, the hash value of n digits after the user name and the mobile phone number is calculated through a hash algorithm to generate the first check code, or the hash value of the user name and the identity card number is calculated through the hash algorithm to generate the first check code.

403: and acquiring the position information of the trusted device, and determining the terminal device within the preset range of the position information.

When the user inputs the first user information through the trusted device, which is equivalent to starting an identity information authentication process, the server immediately receives the first user information, and searches the terminal device within the preset range according to the first user information. It should be noted that, since the terminal device reports its own location information to the server periodically or without interruption, the server actually stores the location information of each terminal device. Meanwhile, the server also stores the position information of the trusted device. And selecting the terminal equipment within the preset range according to the preset range set in advance based on the position information of the trusted equipment. Specifically, the position information of the trusted device may be acquired by a satellite positioning device, a bluetooth positioning device, or other positioning devices, and similarly, the position information of the terminal device may also be acquired by a satellite positioning device, a bluetooth positioning device, or other positioning devices. The predetermined range is, for example, a grid area formed by using the trusted device as a reference point and selecting a predetermined grid number based on the reference point. For example, the preset number of grids is 8, so that searching for a terminal device within the preset range includes all regions with 8 grids above, below, to the left, and to the right of the position information as grid regions according to the position information of the trusted device, and determines the terminal device located in the grid region as a device to be authenticated according to the position information of the terminal device.

404: and determining the recorded authentication level of the terminal equipment within the preset range.

The method and the device aim at authenticating the terminal equipment with the data authentication lower than the credibility level of the credible equipment so as to upgrade and update the credibility level of the terminal equipment in the follow-up process. In this embodiment, in order to determine the device to be authenticated, the terminal device which is within the preset range and whose authentication level also meets the condition is selected for subsequent matching.

405: and inquiring the face features of the user corresponding to the terminal equipment of which the authentication level meets the preset level.

In the present application, the authentication level meeting the preset level actually means that a terminal device with an authentication level lower than that of a trusted device is selected, and since the authentication level of the terminal device is low, the corresponding trusted level is lower than level 4, which is usually untrusted, further authentication is required to make the data of the terminal device trusted. Therefore, the terminal equipment with the authentication grade lower than that of the credible equipment is screened to carry out next face comparison and matching.

406: and extracting the features of the face image in the identity card information to obtain machine-readable face features.

407: and comparing the machine-readable face features with user face features stored correspondingly to each terminal device, and determining the terminal devices meeting the comparison result as the devices to be authenticated.

The device to be authenticated stores a second check code, the second check code is generated by the device to be authenticated through calculation according to prestored second user information, and the credibility level of the first user information acquired through the credible device is higher than that of the second user information stored in the device to be authenticated.

408: and determining a third check code corresponding to the stored equipment to be authenticated, and if the first check code is the same as the third check code, modifying the stored credibility level of the equipment to be authenticated to finish authentication of the user identity information.

Fig. 5 shows a schematic structural diagram of a user identity information authentication system provided in an embodiment of the present application, and as shown in fig. 5, a user identity information authentication system provided in an embodiment of the present application includes a server 501, a device to be authenticated 502, and a trusted device 503, specifically:

the trusted device 503 is configured to send first user information to a server, where the first user information is acquired by the trusted device; in this embodiment, the first user information may be identity card information, and the identity card information is obtained by reading an identity card of the user by the trusted device. The second user information may be pre-stored in the device to be authenticated, and is entered by the user through the device to be authenticated, including the face feature, the name, and the identification number of the user.

The server 501 is configured to receive the first user information, generate a first check code based on the first user information, and determine a device to be authenticated that is matched with the first user information, where a trust level of the first user information acquired by the trusted device is higher than a trust level of second user information stored in the device to be authenticated; and

the device to be authenticated 502 is configured to generate a second check code based on the stored second user information, receive the first check code sent by the server, and update the stored authentication level to the modified authentication level if the first check code is identical to the second check code.

Continuing to refer to fig. 5, this embodiment shows another user identity information authentication system, which includes a server 501, a device to be authenticated 502, and a trusted device 503, where:

the trusted device 503 is configured to send first user information to a server, where the first user information is acquired by the trusted device; the first user information includes identification card information.

The server 502 is configured to obtain location information of the trusted device, and determine a terminal device within a preset range of the location information; inquiring the stored face characteristics of the user corresponding to the terminal equipment; and comparing the machine-readable face features with user face features stored correspondingly to each terminal device, and determining the terminal devices meeting the comparison result as the devices to be authenticated.

The device to be authenticated 501 is configured to generate a second check code based on the stored second user information, receive the first check code sent by the server, and update the stored authentication level to the modified authentication level if the first check code is identical to the second check code.

Preferably, the trusted device is an identity card reading device, and the identity card reading device can scan an identity card to identify identity card information, so in the embodiment of the basic application, the first user information includes identity card information.

In this embodiment, the device to be authenticated is determined by combining the screening of the terminal device based on the location information and the comparison of the name and the identification number. The trusted device is internally provided with a geographic information acquisition device such as a satellite positioning device, a Bluetooth positioning device or other positioning devices, and acquires and uploads the position information of the trusted device to the server for storage. Correspondingly, the terminal equipment is also provided with positioning equipment for collecting the position information of the terminal equipment and uploading the collected position information to the server. Therefore, when a preset range considered to be set is set, terminal devices conforming to the preset range can be screened out according to the position information of the trusted device and the position information of each terminal device.

As a supplement to the position information acquisition in this embodiment, the current position information of the terminal device can be further obtained by acquiring the displacement of the terminal device through an acceleration sensor, a direction sensor, and the like, and the method is suitable for being used in places such as basements where there is no signal or a poor signal, and still being capable of acquiring the position information of the terminal device under the condition that a geographic information acquisition device such as a satellite fails.

When the terminal device which meets the preset range is selected, other terminal devices outside the preset range are screened, the workload of the subsequent process is reduced, and the range is narrowed. In this step, the name and the identification number corresponding to the terminal device are queried, and the name and the identification number may be included in the second user information or may be previously entered by the user corresponding to the terminal device for each terminal device. Further, a relationship table may be formed, in which each terminal device and the name and the identification number respectively corresponding to each terminal device are recorded. Therefore, when the name and the identity card number of the terminal equipment need to be inquired, the required name and the identity card number can be obtained by traversing the relation table.

In this step, the server analyzes and identifies the identity card information from the trusted device, and can acquire the name and the identity card number in the identity card information. Specifically, when the trusted device reads the identity card, the identity card information is obtained, the identity card information may be embodied in a picture form, the picture is equivalent to scanning and copying of the identity card, or in a list form, that is, by reading the identity card, the name, the identity card number and the face features of the user are directly obtained, and the identity card information is displayed in the list form, or in a display form of characters and pictures, and the like. And comparing the name contained in the identity card information of the first user information with the name stored corresponding to the terminal equipment, and simultaneously comparing the identity card number of the identity card information with the identity card number stored corresponding to the terminal equipment.

In this step, the step of specifically determining the device to be authenticated that is matched with the first user information may be to select the terminal device within a preset range on the basis of the trusted device, and then compare the name and the identification number obtained by identifying the identification card information of the first user information with the stored name and identification number.

In this embodiment, the second user information includes a user face feature corresponding to the device to be authenticated, and the server stores a trust level of each terminal device and also stores a trust level of a trusted device, where the trust level of the trusted device in this embodiment is legal trust, that is, the trust level with the highest level.

In the embodiment of the present application, the comparison between the machine-readable face features and the user face features corresponding to the device to be authenticated is actually the similarity between the computer-readable face features and the user face features of the device to be authenticated.

And the comparison result meets a preset condition, namely the similarity between the machine-readable face feature and the user face feature of the equipment to be authenticated reaches a preset threshold value, the identity authentication is successful, and the credibility level of the equipment to be authenticated is updated. It is common practice to upgrade the level of trust of the terminal device to be consistent with that of the trusted device, i.e. legislated trusted.

As shown in fig. 6, an embodiment of the present application provides a user identity information authentication apparatus, including: a user information receiving module 601, a check code generating module 602 and an authentication device checking module 603. Specifically, the user information receiving module 601 is configured to receive first user information sent by a trusted device, where the first user information is acquired by the trusted device; the check code generation module 602 is configured to generate a first check code based on the first user information, and determine a device to be authenticated that is matched with the first user information, where second user information is pre-stored in the device to be authenticated, and a trust level of the first user information acquired by the trusted device is higher than a trust level of the second user information stored in the device to be authenticated; the authentication device checking module 603 is configured to determine a third check code corresponding to the device to be authenticated, and if the first check code is the same as the third check code, modify the stored trust level of the device to be authenticated, and complete authentication of the user identity information.

In this embodiment, the trusted device includes an identity card reading device, a trusted identity reader, and a passport reader, and the first user information includes identity card information, citizen certification, a citizen card, a qualification certificate, a driver's license, and a passport, and the first check code is generated by calculating a hash value of a name and an identity card number in the identity card information through a hash algorithm. Correspondingly, the hash value of the name and the identity card number in the identity card information can be calculated through a hash algorithm to generate the first check code.

The determining, in the check code generating module 602, the device to be authenticated that is matched with the first user information includes: acquiring the position information of the trusted device, and determining the terminal device within the preset range of the position information; inquiring the stored face characteristics of the user corresponding to the terminal equipment; extracting the features of the face image in the identity card information to obtain machine-readable face features; and comparing the machine-readable face features with user face features stored correspondingly to each terminal device, and determining the terminal devices meeting the comparison result as the devices to be authenticated.

Further, before querying the stored face features of the user corresponding to the terminal device, the method further includes: and determining the recorded authentication level of the terminal equipment within the preset range. Correspondingly, the querying the stored user face features corresponding to the terminal device includes: and inquiring the face features of the user corresponding to the terminal equipment of which the authentication level meets the preset level.

As a preferable implementable aspect of this embodiment, the server stores a trust level of each terminal device, and the receiving the matching result sent by the device to be authenticated and completing the identity authentication based on the matching result includes: and receiving a matching result sent by the equipment to be authenticated, if the matching is successful, the identity authentication is successful, and updating the credibility level.

As shown in fig. 7, another user identity information authentication device is further provided in the embodiment of the present application, and a check code sending module 704 is added to the user identity information authentication device shown in fig. 6, that is, the user identity information authentication device in the embodiment of the present application includes: a user information receiving module 701, a check code generating module 702, an authentication device checking module 703 and a check code sending module 704.

Specifically, the check code sending module 704 is configured to send the first check code to the device to be authenticated, and is configured to enable the device to be authenticated to perform matching between the first check code and the second check code, and if matching is successful, the device to be authenticated performs authentication level modification and notifies a user, where the second check code generates the second user information according to the second user information stored in the device to be authenticated

The user information receiving module 701 is configured to receive first user information sent by a trusted device, where the first user information is acquired by the trusted device; the authentication device determining module 702 is configured to determine a device to be authenticated that is matched with the first user information, and acquire second user information corresponding to the stored device to be authenticated, where a trust level of the first user information acquired by the trusted device is higher than a trust level of the stored second user information; the identity authentication completion module 703 is configured to generate a matching result according to the first user information and the second user information, and complete identity authentication based on the matching result.

In this embodiment, the determining of the device to be authenticated, which is matched with the first user information, in the authentication device determining module 702 includes: acquiring the position information of the trusted device, and determining the terminal device within the preset range of the position information; inquiring the stored name and identity card number corresponding to the terminal equipment; comparing the name and the identification card number obtained by identifying the identification card information with the stored name and identification card number; and determining the terminal equipment with the consistent comparison result as the equipment to be authenticated.

Further optionally, the second user information includes a user face feature corresponding to the device to be authenticated, and the server stores a trust level of each terminal device. In the identity authentication completing module 803, the generating a matching result according to the first user information and the second user information, and completing identity authentication based on the matching result includes: extracting the features of the face image in the identity card information to obtain machine-readable face features; comparing the machine-readable face features with user face features corresponding to the equipment to be authenticated; and if the comparison result meets the preset condition, the identity authentication is successful, and the credibility grade is updated.

As shown in fig. 8, an embodiment of the present application further provides a user identity information authentication device, including: a memory 801 and one or more processors 802; the memory 801 for storing one or more programs; when executed by the one or more processors 802, the one or more programs cause the one or more processors to implement the user identity information authentication method as described herein.

Embodiments of the present application further provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the method for authenticating user identity information provided in the foregoing embodiments, where the method for authenticating user identity information includes: receiving first user information sent by trusted equipment, wherein the first user information is acquired by the trusted equipment; generating a first check code based on the first user information, and determining equipment to be authenticated matched with the first user information, wherein second user information is prestored in the equipment to be authenticated, and the credibility level of the first user information acquired by the credible equipment is higher than that of the second user information stored in the equipment to be authenticated; and determining a third check code corresponding to the stored equipment to be authenticated, and if the first check code is the same as the third check code, modifying the stored credibility level of the equipment to be authenticated to finish authentication of the user identity information.

Storage medium-any of various types of memory devices or storage devices. The term "storage medium" is intended to include: mounting media such as CD-ROM, floppy disk, or tape devices; computer system memory or random access memory such as DRAM, DDR RAM, SRAM, EDO RAM, Lanbas (Rambus) RAM, etc.; non-volatile memory such as flash memory, magnetic media (e.g., hard disk or optical storage); registers or other similar types of memory elements, etc. The storage medium may also include other types of memory or combinations thereof. In addition, the storage medium may be located in a first computer system in which the program is executed, or may be located in a different second computer system connected to the first computer system through a network (such as the internet). The second computer system may provide program instructions to the first computer for execution. The term "storage medium" may include two or more storage media that may reside in different locations, such as in different computer systems that are connected by a network. The storage medium may store program instructions (e.g., embodied as a computer program) that are executable by one or more processors.

Of course, the storage medium provided in this embodiment of the present application and containing computer-executable instructions is not limited to the user identity information authentication method described above, and may also perform related operations in the user identity information authentication method provided in any embodiment of the present application.

The user identity information authentication device, the apparatus, and the storage medium provided in the above embodiments may execute the user identity information authentication method provided in any embodiment of the present application, and reference may be made to the user identity information authentication method provided in any embodiment of the present application without detailed technical details described in the above embodiments.

The foregoing is considered as illustrative of the preferred embodiments of the invention and the technical principles employed. The present application is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present application has been described in more detail with reference to the above embodiments, the present application is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present application, and the scope of the present application is determined by the scope of the claims.

Claims

1. A method for authenticating user identity information is characterized by comprising the following steps:

2. The method for authenticating user identity information according to claim 1, further comprising, after modifying the stored trust level of the device to be authenticated:

3. The method of claim 2, wherein the trusted device comprises an identification card reading device, a trusted identity reader, and a passport reader, and the first user information comprises identification card information, citizenship authentication, a citizenship card, a certification, a driver's license, and a passport.

4. The method for authenticating user identity information according to claim 3, wherein the generating a first check code based on the first user information includes:

5. The method according to claim 3, wherein the determining the device to be authenticated that matches the first user information includes:

6. The method for authenticating user identity information according to claim 5, further comprising, before querying the stored face features of the user corresponding to the terminal device:

7. A method for authenticating user identity information is characterized by comprising the following steps:

8. A user identity information authentication system comprises a server, a device to be authenticated and a trusted device, and is characterized in that,

9. The system of claim 8, wherein the first user information comprises identification card information, and wherein the server is configured to:

10. The system of claim 9, wherein the server is further configured to:

11. A user identity information authentication system comprises a server, equipment to be authenticated and trusted equipment, and is characterized in that:

12. A user identification information authentication apparatus, comprising:

13. The apparatus for authenticating user identification information according to claim 12, further comprising:

14. A user identification information authentication apparatus, comprising: a memory and one or more processors;

the memory for storing one or more programs;

when executed by the one or more processors, cause the one or more processors to implement a method of authenticating user identity information as recited in any one of claims 1-7.

15. A storage medium containing computer-executable instructions, which when executed by a computer processor, perform the method of authenticating user identity information according to any one of claims 1 to 7.