CN114048453A

CN114048453A - User feature generation method and device, computer equipment and storage medium

Info

Publication number: CN114048453A
Application number: CN202111349442.3A
Authority: CN
Inventors: 任骏锋; 李帅宇; 蒋家堂; 周迪雯
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2021-11-15
Filing date: 2021-11-15
Publication date: 2022-02-15

Abstract

The application relates to a user feature generation method, a user feature generation device, a computer device, a storage medium and a computer program product, and relates to the fields of biological identification and information security. The method comprises the following steps: calculating the biological characteristics of a target object and the terminal characteristics of a terminal used by the target object to obtain mixed characteristics; and performing homomorphic encryption calculation on the mixed features through a preset homomorphic encryption algorithm to obtain the mixed encryption features. Because the process of the mixed encryption characteristic is carried out at the local client of the user, and only the mixed encryption characteristic is transmitted to the cloud, even if the cloud data is leaked, the safety of the biological characteristic of the target object and the safety of the terminal characteristic are ensured because the mixed decryption fingerprint cannot be analyzed.

Description

User feature generation method and device, computer equipment and storage medium

Technical Field

The present application relates to the field of data processing technologies, and in particular, to a method and an apparatus for generating user characteristics, a computer device, and a storage medium.

Background

With the rapid development of biometric identification technology, biometric identification methods are also increasing. Various biometric algorithms are also successfully applied to the fields of identity authentication such as mobile payment and electronic commerce.

In the related art, when the user performs identity authentication, the user characteristic information to be authenticated needs to be acquired and compared with the user characteristic information pre-stored in the cloud end, so as to determine whether the identity authentication of the user to be authenticated passes or not. And the user characteristic information compared in the related technology is a biological characteristic related to the privacy of the user. Therefore, once the biometric data stored in the cloud in advance is stolen, the privacy data of the user can be leaked, and the privacy data of the user is seriously threatened.

Disclosure of Invention

In view of the above, it is necessary to provide a method, an apparatus, a computer device, a computer-readable storage medium, and a computer program product for generating a user feature that can ensure that private data is not leaked, in order to solve the above technical problems.

In a first aspect, the present application provides a method for generating user characteristics. The method comprises the following steps:

acquiring a target biological characteristic of a target object and a terminal characteristic of a terminal corresponding to the target object, wherein the terminal characteristic comprises a physical characteristic and/or an environmental characteristic of the terminal;

mixing the target biological characteristics and the terminal characteristics to obtain mixed characteristics;

and carrying out encryption calculation on the mixed features through an encryption algorithm to obtain mixed encryption features, and transmitting the mixed encryption features to a cloud server by taking the mixed encryption features as user features.

In one embodiment, the acquiring the target biological feature of the target object includes:

acquiring original biological characteristics of the target object;

calculating the confidence corresponding to the original biological characteristics through a preset confidence determination algorithm;

and if the confidence degree corresponding to the original biological characteristics is larger than a preset confidence degree threshold value, determining the original biological characteristics as target biological characteristics.

In one embodiment, before the step of acquiring the original biometric characteristic of the target object, the method further comprises:

responding to an identity binding request, and acquiring identity authentication information in the identity binding request;

and if the identity authentication information is confirmed to pass the verification, outputting the acquisition prompt information of the original biological characteristics.

In one embodiment, the mixing the target biometric characteristic and the terminal characteristic to obtain a mixed characteristic includes:

and respectively carrying out mixed calculation on the biological characteristics and each terminal characteristic to obtain mixed characteristics.

In one embodiment, the method further comprises:

acquiring biological characteristics to be detected and a plurality of terminal characteristics to be detected;

for each terminal feature to be detected, carrying out encryption calculation on the biological feature to be detected and the terminal feature to be detected through an encryption algorithm to obtain a mixed encryption feature to be detected;

comparing the plurality of to-be-detected mixed encryption features with the mixed encryption features in the cloud server to obtain a plurality of comparison results;

and if the comparison results meet preset verification passing conditions, determining that the biological characteristics to be detected and the terminal characteristics to be detected pass verification.

In one embodiment, the determining that the biometric characteristic to be detected and the plurality of terminal characteristics to be detected pass verification if the comparison results satisfy a preset verification passing condition includes:

determining the target number of comparison results which represent comparison failure in the plurality of comparison results;

determining the fault-tolerant quantity according to a preset fault-tolerant algorithm and the target quantity;

and if the fault-tolerant quantity is not more than the quantity of the types of the terminal characteristics to be detected, determining that the biological characteristics to be detected and the various terminal characteristics to be detected pass verification.

In a second aspect, the present application further provides a device for generating user characteristics. The device comprises:

the terminal comprises an acquisition module, a processing module and a display module, wherein the acquisition module is used for acquiring target biological characteristics of a target object and terminal characteristics of a terminal corresponding to the target object, and the terminal characteristics comprise one or more physical characteristics or environmental characteristics of the terminal;

the mixing module is used for mixing the target biological characteristics and the terminal characteristics to obtain mixed characteristics;

and the encryption calculation module is used for carrying out encryption calculation on the mixed characteristics through an encryption algorithm to obtain mixed encryption characteristics, and transmitting the mixed encryption characteristics to the cloud server.

In one embodiment, the obtaining module includes:

the acquisition unit is used for acquiring the original biological characteristics of the target object;

the computing unit is used for computing the confidence coefficient corresponding to the original biological characteristics through a preset confidence coefficient determining algorithm;

and the comparison unit is used for determining the original biological characteristics as the target biological characteristics if the confidence degree corresponding to the original biological characteristics is greater than a preset confidence degree threshold value.

In one embodiment, the apparatus further comprises:

the binding module is used for responding to an identity binding request and acquiring identity authentication information in the identity binding request;

and the output prompt information module is used for outputting the acquisition prompt information of the original biological characteristics if the identity authentication information is confirmed to pass the verification.

In one embodiment, the mixing module is specifically configured to:

In one embodiment, the apparatus further comprises:

the to-be-detected characteristic acquisition module is used for acquiring the biological characteristics to be detected and various terminal characteristics to be detected;

the to-be-detected mixed encryption feature determining module is used for carrying out encryption calculation on the to-be-detected biological feature and the to-be-detected terminal feature through an encryption algorithm aiming at each to-be-detected terminal feature to obtain to-be-detected mixed encryption features;

the comparison result acquisition module is used for comparing the plurality of to-be-detected mixed encryption features with the mixed encryption features in the cloud server to obtain a plurality of comparison results;

and the verification module is used for determining that the biological characteristics to be detected and the characteristics of the various terminals to be detected pass verification if the comparison results meet preset verification passing conditions.

In one embodiment, the verification module includes:

a target number determination unit configured to determine a target number of comparison results indicating a failure of the comparison among the plurality of comparison results;

the fault-tolerant quantity determining unit is used for determining the fault-tolerant quantity according to a preset fault-tolerant algorithm and the target quantity;

and the verification unit is used for determining that the biological characteristics to be detected and the various terminal characteristics to be detected pass verification if the fault-tolerant quantity is not greater than the quantity of the types of the terminal characteristics to be detected.

In a third aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor implementing the following steps when executing the computer program:

In a fourth aspect, the present application further provides a computer-readable storage medium. The computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:

In a fifth aspect, the present application further provides a computer program product. The computer program product comprising a computer program which when executed by a processor performs the steps of:

The user characteristic generation method, the user characteristic generation device, the computer equipment, the storage medium and the computer program product are used for obtaining mixed characteristics by calculating the biological characteristics of the target object and the terminal characteristics of the terminal used by the target object; and performing homomorphic encryption calculation on the mixed features through a preset homomorphic encryption algorithm to obtain the mixed encryption features. Because the process of the mixed encryption characteristic is carried out at the local client of the user, and only the mixed encryption characteristic is transmitted to the cloud, even if the cloud data is leaked, the safety of the biological characteristic of the target object and the safety of the terminal characteristic are ensured because the mixed decryption fingerprint cannot be analyzed.

Drawings

FIG. 1 is a flow diagram illustrating a method for generating user profiles in one embodiment;

FIG. 2 is a schematic flow chart of the step of determining a target biometric in one embodiment;

FIG. 3 is a flowchart illustrating the step of outputting a biometric acquisition prompt in one embodiment;

FIG. 4 is a schematic flow chart of the verification step performed in one embodiment;

FIG. 5 is a schematic flow chart illustrating the alignment step performed in one embodiment;

FIG. 6 is a block diagram illustrating an embodiment of an authentication process;

FIG. 7 is a schematic diagram illustrating a hybrid biometric fingerprinting stage performed in one embodiment;

FIG. 8 is a schematic diagram illustrating a hybrid biometric fingerprint verification stage performed in one embodiment;

FIG. 9 is a block diagram showing the configuration of a user feature generation device in one embodiment;

FIG. 10 is a diagram showing an internal structure of a computer device according to an embodiment.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.

With the rapid development of biometric identification technology, various biometric identification algorithms are also applied to identity authentication scenes such as mobile payment and electronic commerce. However, it follows that the privacy information of the biometric fingerprint of the user is revealed, the biometric information is illegally tampered and the monitoring and replaying are carried out, further leading to the problems of fraud, replaying, imitation and the like. Therefore, how to protect the privacy of the biometric features of the individual and how to avoid the reproducible utilization of the biometric identification are important in the development process of the identity authentication technology based on the biometric identification.

In an embodiment, as shown in fig. 1, a user characteristic generation method is provided, and this embodiment is illustrated by applying the method to a terminal, it is to be understood that the method may also be applied to a server, and may also be applied to a system including the terminal and the server, and is implemented by interaction between the terminal and the server, where the terminal may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices, and portable wearable devices, and the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart car-mounted devices, and the like. The portable wearable device can be a smart watch, a smart bracelet, a head-mounted device and the like, and the server can be realized by an independent server or a server cluster formed by a plurality of servers. In this embodiment, the method for generating the user characteristics, applied to a terminal, includes the following steps:

step 402, acquiring a target biological characteristic of a target object and a terminal characteristic of a terminal corresponding to the target object.

Wherein the terminal characteristics include physical characteristics and/or environmental characteristics of the terminal. That is, the number of terminal features may be one or more, and the kind of terminal features may include one or more of physical features of the terminal and environmental features of the terminal.

Specifically, the target object may be any user, for example, a user whose identity is to be verified; the terminal corresponding to the target object may be a terminal device used by a user to be authenticated, such as a mobile phone, a tablet computer, and the like; the physical characteristics of the terminal may be factory id (Identity document) of the terminal device, a Media Access Control Address (MAC Address) of a 4G (4generation, fourth generation Mobile communication network) network of the terminal device, a MAC Address of a wireless network of the terminal device, an IMEI (International Mobile Equipment Identity) of the terminal device, a uuid (universal Unique Identifier) of the terminal device, and the like; the environment characteristic of the terminal may be login location information, login time information, etc. of the terminal. The target biological characteristics of the target object may be physiological characteristics of the user to be authenticated, and may include one or more of iris characteristics, fingerprint characteristics, face image characteristics, voiceprint characteristics, and gait characteristics.

And step 404, mixing the target biological characteristics and the terminal characteristics to obtain mixed characteristics.

Specifically, in a local environment corresponding to the terminal, the terminal may perform a mixing process on the target biometric characteristic and the terminal device to obtain a processed mixed characteristic.

Alternatively, the terminal may acquire multiple biometrics and multiple terminal characteristics, for example, the terminal may acquire m target biometrics and n terminal characteristics. For each target biometric feature, the terminal may mix the target biometric feature with each terminal feature to obtain n mixed sub-features. Thus, the blend feature corresponding to each target biometric may be a set of n blend sub-features. When m target biological characteristics are acquired, m mixed characteristics can be calculated correspondingly, and each mixed characteristic comprises n mixed sub-characteristics.

Optionally, the terminal may further mix a plurality of biometrics with each terminal feature, respectively, to obtain a mixed feature. That is, the terminal may perform hybrid calculation on the m target biometrics characteristics and each terminal characteristic, respectively, to obtain a hybrid characteristic group. Thus, the set of blending features includes n blending features. Each mixed feature is obtained by performing mixed calculation on the m target biological features and one terminal feature.

And 406, carrying out encryption calculation on the mixed features through an encryption algorithm to obtain mixed encryption features, and transmitting the mixed encryption features to the cloud server as user features.

Specifically, the encryption Algorithm may be any Algorithm having an encryption function, for example, a homomorphic encryption Algorithm, an MD5(MD5 Message-Digest Algorithm, MD5 Message Digest) Algorithm, or the like. The terminal can input the mixed feature into the encryption algorithm in the local environment, so that the terminal can perform encryption calculation on the mixed feature to obtain an encryption result output by the encryption algorithm, and the encryption result is used as the mixed encryption feature. Therefore, the terminal can take the mixed encryption characteristics as the user characteristics of the target object and transmit the user characteristics of the target object and the identification information of the target object to the cloud server.

In the method for generating the user characteristics, the biological characteristics of the target object and the terminal characteristics of the terminal used by the target object are calculated to obtain mixed characteristics; and performing homomorphic encryption calculation on the mixed features through a preset homomorphic encryption algorithm to obtain the mixed encryption features. Because the process of the mixed encryption characteristic is carried out at the local client of the user, and only the mixed encryption characteristic is transmitted to the cloud, even if the cloud data is leaked, because the mixed decryption fingerprint cannot be analyzed, the safety of the biological characteristic and the terminal characteristic of the target object is ensured, and the hidden danger that the personal privacy data of the user is excessively collected by the service provider of the cloud server is also avoided.

In one embodiment, as shown in fig. 2, the specific process of "acquiring the target biometric characteristic of the target object" in step 402 includes:

step 502, collecting the original biological characteristics of the target object.

In particular, the terminal may comprise a biometric acquisition device. In this way, the terminal can directly acquire the original biological characteristics of the target object through the biological characteristic acquisition device. The original biological characteristics are characteristics which are directly acquired by acquisition equipment and are not screened by a terminal.

Step 506, calculating the confidence corresponding to the original biological characteristics through a preset confidence determination algorithm.

Specifically, the preset confidence algorithm may be a recognition algorithm corresponding to the target biometric feature, and if the target biometric feature is a face image feature, the corresponding preset confidence determination algorithm may be a face recognition algorithm, for example, the deep id1 recognition algorithm. The confidence corresponding to the original biometric feature may be a degree of whether the original biometric feature can be applied to authentication, that is, an application degree. If the target biological feature is a face image feature, the meaning represented by the corresponding confidence level may be the definition, integrity, and the like of the acquired face image feature. The terminal can identify and calculate the acquired original biological characteristics through a preset confidence coefficient determining algorithm, and the calculation result output by the algorithm is the confidence coefficient of the acquired original biological characteristics.

And step 508, if the confidence degree corresponding to the original biological characteristics is greater than a preset confidence degree threshold value, determining the original biological characteristics as the target biological characteristics.

Specifically, the terminal compares the calculated confidence corresponding to the original biometric feature with a preset confidence threshold corresponding to the original biometric feature, and if the calculated confidence is greater than the preset confidence threshold, it may be determined that the original biometric feature acquired by the terminal can be used for identity verification. Therefore, the terminal can take the acquired original biological characteristics as target biological characteristics, and store the target biological characteristics and the corresponding identification information of the target object together with a local database of the terminal.

For example, when the original biometric features are face image features, if the confidence corresponding to the acquired face image is greater than a pre-configured face feature confidence threshold, it may be determined that the sharpness, integrity, and the like of the face image features acquired by the terminal all meet the sharpness requirement and the integrity requirement of face recognition. If the preset confidence determination algorithm is the deep id1 recognition algorithm, then the corresponding preset confidence threshold may be 97.45%.

Alternatively, the terminal may collect m raw biometrics, each of which may be denoted as x_mThe confidence degree corresponding to the original biological characteristics calculated by the terminal can be recorded as f (x)_m) And m is a positive integer.

In this embodiment, the acquired original biometric features are calculated and identified, and the original biometric features larger than the preset confidence threshold are stored, so that the convenience and accuracy of identity verification based on the original biometric features can be improved.

It should be noted that the scenario of performing authentication by the user may be a scenario of performing authentication when the user logs in the terminal device, or a scenario of performing authentication when the user logs in a software program in the terminal device. The user performs authentication based on the corresponding terminal, and the user may perform authentication through username information, a mobile phone authentication code, static Password information, OTP Password information (One Time Password), and the like.

In order to improve the verification experience of the user at the terminal side, the user can conveniently perform identity verification at the terminal side, and the identity verification can also be performed through the biological characteristics of the user. The cloud server needs to store the biological characteristics of the user in advance, and the biological characteristic information of the user stored in the cloud server has hidden privacy leakage risks, so that the user characteristic generation method provided by the invention can avoid the problem that the biological characteristics of the user are leaked.

In one embodiment, as shown in fig. 3, before the step of acquiring the original biometric features of the target object, the method for generating the user features further includes:

step 602, in response to the identity binding request, obtaining identity authentication information in the identity binding request.

Specifically, the identity binding request may be a request for binding a user feature corresponding to the user on the terminal; the identity authentication information can be user name information, a mobile phone verification code, static password information and OTP password information. The user sends an identity binding request to the terminal equipment and inputs identity authentication information to the terminal equipment. And the terminal judges whether the user sending the identity binding request can pass the verification or not according to the identity authentication information in the identity binding request.

And step 604, outputting the acquisition prompt information of the original biological characteristics if the identity authentication information is verified.

Specifically, an identity authentication information database may be pre-stored in the terminal, the terminal compares the identity authentication information in the identity binding request with the identity authentication information in the identity authentication information database, and if the terminal determines that the two kinds of identity authentication information are consistent, it may be determined that the identity authentication information in the identity binding request passes verification. In this way, the terminal can issue a collection prompt for the user's original biometric.

In one embodiment, the specific processing procedure of step 404 "performing a mixing process on the target biometric characteristic and the terminal characteristic to obtain a mixed characteristic" includes:

and respectively carrying out mixed calculation on the target biological characteristics and each terminal characteristic to obtain mixed characteristics.

Specifically, if the terminal characteristics acquired by the terminal are multiple, when performing the hybrid calculation, the terminal needs to perform the hybrid calculation on the target biometric characteristics and each terminal respectively to obtain the hybrid sub-characteristics corresponding to each terminal characteristic. In this way, the terminal may combine the plurality of hybrid sub-features into a hybrid sub-feature set, i.e., a hybrid feature.

In one embodiment, as shown in fig. 4, the method for generating user characteristics further includes:

step 702, acquiring the biological characteristics to be detected and a plurality of terminal characteristics to be detected.

Specifically, when a user performs authentication based on a terminal, the terminal needs to acquire a biometric feature of the user performing the authentication and a plurality of terminal features.

And 704, carrying out encryption calculation on the biological characteristics to be detected and the terminal characteristics to be detected through an encryption algorithm aiming at each terminal characteristic to be detected to obtain mixed encryption characteristics to be detected.

Specifically, for each terminal feature to be detected, the terminal needs to perform hybrid calculation on the terminal feature to be detected and the biological feature to be detected, and after a hybrid calculation result is obtained, the terminal performs encryption calculation on the hybrid calculation result through an encryption algorithm to obtain the corresponding hybrid encryption feature to be detected. That is to say, the terminal can obtain a plurality of hybrid encryption features to be detected, and the number of the hybrid encryption features to be detected is consistent with the number of the terminal features acquired by the terminal.

Step 706, comparing the multiple hybrid encryption features to be detected with the hybrid encryption features in the cloud server to obtain multiple comparison results.

Specifically, for each user, the cloud server stores the hybrid encryption feature corresponding to the user. The terminal can wait to detect a plurality of mixed encryption characteristics and transmit to the high in the clouds server, compares a plurality of mixed encryption characteristics that wait to detect in mixed encryption characteristics and the high in the clouds server respectively on the high in the clouds server, obtains each and waits to detect the contrast result that mixed encryption characteristics correspond.

Specifically, some mixed encryption features stored in the cloud server may be a mixed encryption feature group, which may include a plurality of mixed encryption features obtained after the target biological features are respectively mixed and encrypted with the plurality of terminal features. Therefore, each mixed encryption feature to be detected and the corresponding mixed encryption feature of the mixed encryption feature group can be compared in the cloud server to obtain a plurality of comparison results.

Step 708, if the comparison results meet the preset verification passing conditions, determining that the biological characteristics to be detected and the terminal characteristics to be detected pass verification.

Specifically, if the terminal determines that the obtained comparison results meet the preset verification passing conditions, the terminal may determine that the biometric features to be detected and the various terminal features to be detected pass verification, that is, the user identity verification passes.

In one embodiment, as shown in fig. 5, the specific processing procedure of step 708 "determining that the biometric characteristic to be detected and the plurality of terminal characteristics to be detected pass verification if the plurality of comparison results satisfy the preset verification passing condition" includes:

step 802, determining a target number of comparison results indicating a comparison failure in the plurality of comparison results.

Specifically, the terminal needs to determine the number of comparison results indicating a comparison failure as the target number. That is, the terminal needs to determine the number of terminal features that fail authentication.

And step 804, determining the fault-tolerant number according to a preset fault-tolerant algorithm and the target number.

Specifically, the preset fault-tolerant algorithm may be a byzantine fault-tolerant algorithm. The terminal can perform fault-tolerant calculation through a preset fault-tolerant algorithm and the target number to obtain the fault-tolerant number.

Step 806, if the fault tolerance number is not larger than the number of the types of the terminal features to be detected, determining that the biological features to be detected and the various terminal features to be detected pass verification.

Specifically, if the fault-tolerant number calculated by the terminal is less than or equal to the number of the types of the terminal features to be detected, the terminal may determine that the obtained multiple comparison results meet the preset verification passing condition, that is, the terminal may determine that the biological features to be detected and the multiple terminal features to be detected pass the verification.

In the following, the generation method of the user characteristic may be described in detail in conjunction with a specific embodiment.

Specifically, the biometric feature may be a face image feature, and the terminal feature may be a login location feature, a factory id of the terminal device, and an MAC address of a 4G network of the terminal device. In this way, the terminal can calculate the confidence coefficient corresponding to the face image features through a preset confidence coefficient determining algorithm corresponding to the face image features acquired by the acquisition device, and when the calculated confidence coefficient is greater than a preset face image feature threshold value, the biological features acquired by the acquisition device can be used as target biological features. In this way, the terminal can perform mixed calculation on the terminal characteristics and the target biological characteristics respectively aiming at each terminal characteristic, and perform encryption calculation through an encryption algorithm to obtain mixed encryption characteristics corresponding to each terminal characteristic. And transmitting a plurality of mixed encryption characteristics corresponding to the user to the cloud server for storage.

Therefore, in a scene that a user needs to perform identity authentication, the terminal can acquire the biological characteristics to be detected and various terminal characteristics to be detected. The terminal can obtain the facial image characteristics to be detected, the login position characteristics to be detected, the login time characteristics to be detected, the factory id of the terminal equipment to be detected and the MAC address of the 4G network of the terminal equipment to be detected. The terminal needs to perform mixed calculation on the facial image features to be detected and the login position features to be detected and obtain the mixed encryption features to be detected corresponding to the login position features to be detected through an encryption algorithm, and the terminal needs to compare the mixed encryption features to be detected corresponding to the login position features to be detected with the corresponding mixed encryption features stored in the cloud server to obtain a comparison result corresponding to the login position features to be detected.

Similarly, the terminal needs to perform mixed calculation on the facial image features to be detected and the factory id of the terminal device to be detected and obtain the mixed encryption features to be detected corresponding to the factory id of the terminal device to be detected through an encryption algorithm, and the terminal needs to compare the mixed encryption features to be detected corresponding to the factory id of the terminal device to be detected with the corresponding mixed encryption features stored in the cloud server to obtain the comparison result corresponding to the factory id of the terminal device to be detected.

Similarly, the terminal needs to perform mixed calculation on the facial image features to be detected and the MAC address of the 4G network of the terminal device to be detected and obtain the mixed encryption features to be detected corresponding to the MAC address of the 4G network of the terminal device to be detected through an encryption algorithm, and the terminal needs to compare the mixed encryption features to be detected corresponding to the MAC address of the 4G network of the terminal device to be detected with the corresponding mixed encryption features stored in the cloud server to obtain the comparison result corresponding to the MAC address of the 4G network of the terminal device to be detected.

Similarly, the terminal needs to perform hybrid calculation on the face image features to be detected and the login time features to be detected and obtain the hybrid encryption features to be detected corresponding to the login time features to be detected through an encryption algorithm, and the terminal needs to compare the hybrid encryption features to be detected corresponding to the login time features to be detected with the corresponding hybrid encryption features stored in the cloud server to obtain a comparison result corresponding to the login time features to be detected.

In this way, the terminal may obtain four comparison results, for example, the target number of the comparison results indicating the comparison failure in the three comparison results may be 1, and for example, the comparison failure may be the MAC address of the 4G network of the terminal device to be detected. The fault-tolerant number obtained by the terminal through the Byzantine fault-tolerant algorithm and the target number calculation can be 4. And because the number of the types of the terminal features can be 4, the authentication can be determined to pass, and only the 4G network used for identity authentication of the user is replaced, so that the authenticity of the identity of the user is not influenced.

The invention forms the fingerprint with the terminal characteristics by the unique physical identification of the intelligent terminals such as the biological characteristic fingerprint mixing equipment id, uuid, imei, wireless mac and the like, and sends various non-original biological characteristic fingerprints to the server. A Byzantine fault-tolerant problem algorithm is introduced to verify a plurality of mixed fingerprints, and a novel matching verification mechanism of mixed biological characteristic information and customer identity information is provided. The biometric fingerprint hybrid terminal is physically and uniquely identified, so that a series of biometric identification copying and utilizing methods such as biometric fingerprint embezzlement, biometric fingerprint imitation, digital simulation, face mask, 3D printing, recording and the like can be prevented. By sending the non-original biological characteristic fingerprint to the cloud server, the requirement that the personal biological characteristic fingerprint privacy information is not excessively collected and leaked by a service provider is met, and the requirement that the personal information is not stored in the cloud end to store the personal biological characteristic fingerprint in a personal information protection law is met.

In addition, a homomorphic encryption algorithm is introduced, so that the condition that the characteristic fingerprint satisfies the characteristic recognition algorithm after the terminal physical characteristics are mixed in a certain threshold range in the verification process is ensured. By introducing the Byzantine fault-tolerant algorithm, the client can be ensured not to need to be verified again when the client normally changes the terminal equipment, changes WIFI and the like, and meanwhile, the client can be ensured not to successfully log in even if the biometric fingerprint is illegally copied and utilized.

It should be understood that, although the steps in the flowcharts related to the embodiments as described above are sequentially displayed as indicated by arrows, the steps are not necessarily performed sequentially as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a part of the steps in the flowcharts related to the embodiments described above may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the execution order of the steps or stages is not necessarily sequential, but may be rotated or alternated with other steps or at least a part of the steps or stages in other steps.

The present invention further provides an identity verification system, as shown in fig. 6, the identity verification system may include a biometric feature extraction module 101, a biometric feature fingerprint identification algorithm module 102, a terminal physical unique identifier collection module 103, a homomorphic encryption algorithm module 104, an identity authentication gateway module 105, and a cloud computing and data storage module 106. The biological feature extraction module 101 is configured to collect biological features of a target object, such as iris features, fingerprint features, face image features, voiceprint features, and gait features; the biometric fingerprint identification algorithm module 102 mainly includes a plurality of biometric algorithms, wherein each biometric algorithm corresponds to a plurality of types of biometric features, and in a scene of verifying an acquired biometric fingerprint (biometric feature), if a threshold of the biometric fingerprint calculated by the biometric algorithm is greater than a preset threshold, it can be determined that the acquired biometric fingerprint is verified.

The identity authentication system also comprises a terminal physical unique identifier collection module 103, which is used for collecting terminal physical identifiers such as terminal equipment factory id, 4G communication MAC address, wireless communication MAC address, IMEI, uuid and the like and environmental characteristics in the physical intelligent terminal according to different service scenes; a homomorphic encryption algorithm module 104, configured to enable the biometric fingerprint to meet a defined threshold through a homomorphic encryption algorithm, and then meet the defined threshold after adding the terminal identifier; the identity authentication gateway module 105 is used for performing identity authentication through traditional authentication information such as account number and password collection provided by a user in the stage of primary collection of the biological fingerprint, and verifying whether the acquired mixed biological characteristics input by the user are matched with the biological characteristics stored by the server side or not in the stage of biological characteristic authentication; and a cloud computing and data storage module 106, configured to store cloud data.

Optionally, with reference to fig. 7, detailed steps of the present invention at the stage of collecting the user features are described in detail:

step 201: the user initiates an identity binding request at the client, and the identity binding request can comprise a login request and a user feature binding request. The identity authentication gateway in the server authenticates the traditional identity authentication information input by the user through the client, the next step can be carried out after the authentication is passed, otherwise, the step 201 needs to be executed again, or prompt information of identity binding failure is output. The conventional identity authentication information may include a user name, a mobile phone verification code, a static password, an OTP password, and the like.

Step 202: if the authentication gateway determines that the conventional authentication information input by the user is verified, the authentication gateway enables the client to provide the user characteristics (hybrid encryption characteristics, i.e., hybrid biometric value information).

Step 203: the client outputs the biological characteristic value information acquisition prompt information for prompting the user to provide biological characteristics through the client. That is, the client may acquire the biometric features of the user through various biometric acquisition devices. The biometric characteristic may includeIris features, fingerprint features, facial image features, voice print features, gait features, and the like. The client can record the biological characteristics acquired by the acquisition equipment as original biological characteristics x_mAnd m represents the number of biometric categories.

Step 204: the client side sends x_mF (x) is obtained by calculation through a biological characteristic fingerprint identification algorithm_m) And storing the obtained calculation result in a local safe execution environment. The local secure execution environment may be a TEE (Trusted execution environment).

Step 205: the client needs to collect physical characteristics and environmental characteristics of the terminal device currently used by the user, the physical characteristics include a device id of the terminal leaving a factory, a current WIFI network connection physical address, a 4G network connection physical address, a universal unique identification code, an international mobile device identification code and the like, and the environmental characteristics may include a currently connected WIFI state, a geographic position when the terminal is currently logged in, a time period when the terminal is currently logged in, and the like. The currently connected WIFI states may include encrypted WIFI, trusted WIFI, and common WIFI. The above physical and environmental characteristics may be denoted as y_nAnd n represents the number of kinds of physical features and environmental features.

Step 206: the client side adopts a homomorphic encryption algorithm (g (y)_n) Y) is mixed with_nAdding f (x)_m) And calculates g (f (x)_m)+y_n) The value of (c).

Step 207: the client transmits the encryption result of the mixed biometric fingerprint to the cloud data storage module 106, stores the data, and synchronizes the data to the identity authentication gateway module. The encryption result of the mixed biometric fingerprint is the mixed encryption characteristic, namely the user characteristic required to be collected by the identity authentication gateway.

Optionally, in the embodiment of the present invention, a specific process of performing identity authentication on a user may also be described with reference to fig. 8, where the detailed steps are as follows:

in particular, the terminal may note a biometric fingerprint input as x_mRecording a terminal physical characteristic input as y_n。f(x_m) Is a biological agentFingerprint identification algorithm,

Is the algorithm threshold.

Is a homomorphic encryption algorithm which satisfies

Step 301: the user uses the terminal biological characteristics to carry out identity verification, and the biological characteristic fingerprint module collects the biological characteristics x 'at this time'_mCalculating and recording as f (x ') through a biometric fingerprint identification algorithm'_m)。

Step 302: f (x'_m) And f (x)_m) Comparing, and when the threshold value represented by the obtained comparison result is greater than the preset threshold value

If yes, go to step 303; otherwise, go back to step 301 to continue the biometric collection. f (x)_m) Is a biometric previously stored in a local database.

Step 303: and collecting the terminal characteristics of the current terminal, wherein the terminal characteristics comprise physical characteristics and environmental characteristics, and the currently collected terminal characteristics are the characteristics of the terminal to be detected. The physical characteristics include but are not limited to the equipment id of the terminal leaving the factory, the current wifi, 4G and other network connection physical MAC addresses, the universal unique identification code uuid, the international mobile equipment identification code imei and the like are marked as y_nAnd n represents a physical feature or an environmental feature number.

Step 304: the terminal pair collects the characteristics y of the terminal to be detected_n' and the biological feature x to be detected_m' mixing to obtain a mixing characteristic f (x)_m')+y_n'. And the terminal carries out encryption calculation on the mixed characteristics through a homomorphic encryption algorithm to obtain the mixed encryption characteristics.

Step 305: the terminal will g (f (x)_m')+y_n')' value (i.e., hybrid encryption feature), encrypted and transmitted to the cloudAnd (4) an end server. Decrypting the encrypted and transmitted mixed encrypted fingerprint at the cloud server to obtain a mixed encrypted fingerprint, namely obtaining a group of mixed encrypted fingerprints g (x)_m')+y₁')'、g(f(x_m')+y2')'...g(f(x_m')+y_n')'. Wherein, g (f (x)_m')+y₁')' may represent a mixed encryption feature obtained by homomorphically encrypting a first feature, where the first feature may be obtained by performing mixed calculation on a biological feature and a device id of a terminal leaving a factory; g (f (x)_m') + y2') ' may represent a mixed encrypted feature obtained by homomorphic encryption of a second feature, which may be a mixed calculation of a biometric feature and a universally unique identification code uuid; g (f (x)_m')+y_n')' may indicate a mixed encryption feature obtained by homomorphically encrypting the nth feature, which may be obtained by performing mixed calculation on the biometric feature and the nth terminal feature.

And in the cloud server, comparing the obtained group of mixed encrypted fingerprints to be detected with mixed encrypted fingerprints stored in the cloud server in advance. And if the comparison threshold represented by the obtained comparison result is greater than the preset comparison threshold, determining that the mixed encryption feature to be detected passes the authentication.

Step 306: in addition, a Byzantine fault-tolerant algorithm can be introduced, and for a biological characteristic m, when the physical characteristic number n of the terminal meets 3f (x)_m) When n is more than or equal to +1, the current user biological characteristic fingerprint can be considered not to be embezzled, wherein f (x)_m) The number of failed alignments is indicated. A particular example is: when the user biological characteristics voiceprint mixing id, uuid, imei and mac parameters are n is equal to 4, the mixed biological characteristics do not pass for the mac, i.e. f (x)_m) Equal to 1 and the other three terms pass. At the moment, 3 x 1+1 is less than or equal to 4, the current user can be determined to be the user, no biological fingerprint is stolen, and the user can be regarded as replacing wifi.

Step 307: and if the conditions in the step 306 are met, the mixed biological characteristic authentication is passed and synchronized to the identity authentication gateway, otherwise, the terminal outputs prompt information, and the prompt information is used for prompting a client to log in a traditional mode such as account number password, mobile phone verification code and the like again when the client uses biological characteristic identification or the current verification environment is changed and the like in an emergency terminal.

Based on the same inventive concept, the embodiment of the present application further provides a user feature generation apparatus 900 for implementing the above-mentioned user feature generation method. The implementation scheme for solving the problem provided by the device is similar to the implementation scheme described in the above method, so specific limitations in the following embodiment of the device for generating one or more user features may refer to the limitations in the above method for generating user features, and details are not described here.

In one embodiment, as shown in fig. 9, there is provided a user feature generation apparatus 900, including: an obtaining module 901, a mixing module 902 and an encryption calculation module 903, wherein:

an obtaining module 901, configured to obtain a target biological characteristic of a target object and a terminal characteristic of a terminal corresponding to the target object, where the terminal characteristic includes one or more physical characteristics or environmental characteristics of the terminal.

And a mixing module 902, configured to mix the target biometric characteristic and the terminal characteristic to obtain a mixed characteristic.

And the encryption calculation module 903 is configured to perform encryption calculation on the mixed feature through an encryption algorithm to obtain a mixed encryption feature, and transmit the mixed encryption feature to the cloud server.

In one embodiment, the obtaining module includes:

In one embodiment, the apparatus further comprises:

In one embodiment, the mixing module is specifically configured to:

In one embodiment, the apparatus further comprises:

In one embodiment, the verification module includes:

The respective modules in the user feature generation apparatus described above may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.

In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 10. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing data related to the user characteristics. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of generating user characteristics.

Those skilled in the art will appreciate that the architecture shown in fig. 10 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.

In one embodiment, a computer device is further provided, which includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the above method embodiments when executing the computer program.

In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.

In an embodiment, a computer program product is provided, comprising a computer program which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.

It should be noted that the method and apparatus described in the embodiments of the present disclosure may be applied to the field of artificial intelligence, the field of financial technology, or other related fields, and the method and apparatus described in the embodiments of the present disclosure are not limited to the application fields.

It should be noted that, the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party.

It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high-density embedded nonvolatile Memory, resistive Random Access Memory (ReRAM), Magnetic Random Access Memory (MRAM), Ferroelectric Random Access Memory (FRAM), Phase Change Memory (PCM), graphene Memory, and the like. Volatile Memory can include Random Access Memory (RAM), external cache Memory, and the like. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others. The databases referred to in various embodiments provided herein may include at least one of relational and non-relational databases. The non-relational database may include, but is not limited to, a block chain based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic devices, quantum computing based data processing logic devices, etc., without limitation.

The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.

The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.

Claims

1. A method for generating user characteristics is applied to a terminal, and comprises the following steps:

2. The method of claim 1, wherein the obtaining of the target biometric characteristic of the target object comprises:

acquiring original biological characteristics of the target object;

3. The method of claim 2, wherein prior to the step of acquiring the raw biometric characteristic of the target object, the method further comprises:

4. The method according to claim 1, wherein the mixing the target biometric characteristic and the terminal characteristic to obtain a mixed characteristic comprises:

5. The method of claim 4, further comprising:

6. The method according to claim 5, wherein the determining that the biometric characteristic to be detected and the plurality of terminal characteristics to be detected pass verification if the comparison results satisfy a preset verification passing condition comprises:

7. An apparatus for generating user characteristics, the apparatus comprising:

8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 6.

9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.

10. A computer program product comprising a computer program, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 6 when executed by a processor.