CN115221487A - Identity authentication method and device - Google Patents

Identity authentication method and device Download PDF

Info

Publication number
CN115221487A
CN115221487A CN202210416172.1A CN202210416172A CN115221487A CN 115221487 A CN115221487 A CN 115221487A CN 202210416172 A CN202210416172 A CN 202210416172A CN 115221487 A CN115221487 A CN 115221487A
Authority
CN
China
Prior art keywords
authentication
information
mobile terminal
determining
fixed terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210416172.1A
Other languages
Chinese (zh)
Inventor
张天明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Didi Infinity Technology and Development Co Ltd
Original Assignee
Beijing Didi Infinity Technology and Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Didi Infinity Technology and Development Co Ltd filed Critical Beijing Didi Infinity Technology and Development Co Ltd
Publication of CN115221487A publication Critical patent/CN115221487A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs

Abstract

The embodiment of the invention discloses an identity authentication method and device, which respectively carry out two times of identity authentication based on position and face recognition when receiving an identity authentication request sent by a mobile terminal, carry out the second authentication under the condition that the first authentication result is successful, and determine the identity authentication result to be successful when the two times of authentication are successful. The embodiment of the invention respectively carries out double identity recognition through the position and the face, thereby improving the accuracy of identity recognition. Meanwhile, the vulnerability that the identity of the user can be identified through remote face image transmission under the identity identification scene in a specific position needing to be verified is filled.

Description

Identity authentication method and device
The present application claims priority from a chinese patent application, entitled "identity authentication method and apparatus," filed 20/04/2021 under application number 2021104257630, the entire contents of which are incorporated herein by reference.
Technical Field
The invention relates to the technical field of computers, in particular to an identity authentication method and device.
Background
At present, in some specific scenes, the identity of the user needs to be identified, for example, in scenes such as online car booking, and the like, the identity of the driver needs to be verified when the driver leaves the car due to the consideration of the safety of the user. When identity recognition is performed, the most common means is face recognition. However, when the face image acquisition angle has a certain deviation from the preset angle, it is difficult to accurately identify the user identity. Meanwhile, when the identity of a user at a specific position needs to be identified, the identity identification mode of identifying the identity through the face image has the loophole of identity counterfeiting.
Disclosure of Invention
In view of this, embodiments of the present invention provide an identity authentication method and apparatus, which aim to improve accuracy of identity identification.
In a first aspect, an embodiment of the present invention provides an identity authentication method, where the method includes:
responding to an identity authentication request sent by a mobile terminal, and performing first authentication;
responding to the result of the first authentication as success, and performing second authentication;
in response to the result of the second authentication being successful, determining that the identity authentication result is successful;
and the first authentication and the second authentication are respectively one of position recognition and face recognition.
In a second aspect, an embodiment of the present invention provides an identity authentication apparatus, where the apparatus includes:
the first authentication module is used for responding to an identity authentication request sent by the mobile terminal and performing first authentication;
the second authentication module is used for responding to the success of the first authentication result and performing second authentication;
the result determining module is used for responding to the success of the second authentication result and determining the identity authentication result as the authentication success;
and the first authentication and the second authentication are respectively one of position recognition and face recognition.
In a third aspect, an embodiment of the present invention provides a computer-readable storage medium for storing computer program instructions, which when executed by a processor implement the method according to the first aspect.
In a fourth aspect, an embodiment of the present invention provides an electronic device, including a memory and a processor, the memory being configured to store one or more computer program instructions, wherein the one or more computer program instructions are executed by the processor to implement the method according to the first aspect.
In a fifth aspect, embodiments of the present invention provide a computer program product comprising a computer program/instructions for execution by a processor to implement the method according to the first aspect.
The embodiment of the invention respectively carries out identity authentication twice based on position and face identification when receiving the identity authentication request sent by the mobile terminal, carries out authentication for the second time under the condition that the first authentication result is successful, and determines the identity authentication result to be successful when the authentication for the two times is successful. The embodiment of the invention respectively carries out double identity recognition through the position and the face, thereby improving the accuracy of identity recognition. Meanwhile, the vulnerability that the identity of the user can be identified through remote face image transmission under the identity identification scene in a specific position needing to be verified is filled.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent from the following description of the embodiments of the present invention with reference to the accompanying drawings, in which:
FIG. 1 is a schematic diagram of an identity authentication system to which an identity authentication method according to an embodiment of the present invention is applied;
FIG. 2 is a flow chart of an identity authentication method according to an embodiment of the present invention;
FIG. 3 is a flow chart of determining a position relationship in an alternative implementation of an embodiment of the invention;
FIG. 4 is a schematic diagram of a mark to be identified according to an embodiment of the present invention;
FIG. 5 is a flow chart of determining a position relationship according to another alternative implementation of the embodiments of the present invention;
fig. 6 is a schematic diagram of location authentication failure information according to an alternative implementation manner of the embodiment of the present invention;
fig. 7 is a schematic diagram of an identity authentication method according to an alternative implementation manner of the embodiment of the present invention;
fig. 8 is a schematic diagram of an identity authentication method according to another alternative implementation manner of the embodiment of the present invention;
FIG. 9 is a diagram of an identity authentication device according to an embodiment of the present invention;
fig. 10 is a schematic diagram of an electronic device according to an embodiment of the invention.
Detailed Description
The present invention will be described below based on examples, but the present invention is not limited to only these examples. In the following detailed description of the present invention, certain specific details are set forth. It will be apparent to one skilled in the art that the present invention may be practiced without these specific details. Well-known methods, procedures, flows, components and circuits have not been described in detail so as not to obscure the present invention.
Further, those of ordinary skill in the art will appreciate that the drawings provided herein are for illustrative purposes and are not necessarily drawn to scale.
Unless the context clearly requires otherwise, throughout the description, the words "comprise", "comprising", and the like are to be construed in an inclusive sense as opposed to an exclusive or exhaustive sense; that is, what is meant is "including but not limited to".
In the description of the present invention, it is to be understood that the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In addition, in the description of the present invention, "a plurality" means two or more unless otherwise specified.
Fig. 1 is a schematic diagram of an identity authentication system to which the identity authentication method of the embodiment of the present invention is applied. As shown in fig. 1, the identity authentication system includes a server 10, a mobile terminal 11, and a fixed terminal 12 corresponding to the mobile terminal 11, which are connected via a network. Alternatively, the server 10 may store the correspondence between a plurality of mobile terminals 11 and a plurality of fixed terminals 12, so as to determine the corresponding fixed terminal 12 or mobile terminal 11 when receiving the related information sent by the mobile terminal 11 or fixed terminal 12.
In the embodiment of the present invention, the server 10 may be a single server, or may be a server cluster configured in a distributed manner. The mobile terminal 11 may be a general data processing terminal capable of running a computer program and having a communication function, such as a smart phone or a tablet computer. The fixed terminal 12 may be a data processing terminal having a communication function, which is installed at a fixed location and is capable of running a computer program, such as a car communication device and a face recognition device of a card punch.
In the application process, an identity authentication request is sent to the server 10 by the mobile terminal 11, so that the server 10 determines the position relationship between the mobile terminal 11 and the corresponding fixed terminal 12 after receiving the identity authentication request, and performs the first authentication based on the position. After the first authentication is passed, the server 10 acquires a face image through the mobile terminal 11 or the fixed terminal 12, and performs a second authentication based on the face image. Or, after receiving the identity authentication request, the server 10 obtains a face image through the mobile terminal 11 or the fixed terminal 12, performs a first authentication based on the face image, and after the first authentication is passed, the server 10 determines the position relationship between the mobile terminal 11 and the fixed terminal 12 corresponding to the mobile terminal, and performs a second authentication based on the position. When the first authentication result and the second authentication result are both successful, the server 10 determines that the identity identification result is successful.
The embodiment of the invention can be applied to any application scene of carrying out identity authentication at a specific position through a fixed terminal. For example, the identity authentication scene of the card punching of the unit card puncher, the identity authentication scene when the service personnel go to a specific place for service, and the like. The embodiment of the invention is applied to the network car booking software, and the identity authentication of a network car booking driver is taken as an example for explanation. The server 10 is a server of a network booking platform, corresponds to a plurality of mobile terminals 11 used by drivers and fixed terminals 12 built in vehicles used by the drivers, and determines and stores the corresponding relation between each mobile terminal 11 and each fixed terminal 12 according to the corresponding driver.
When the first recognition is position recognition and the second recognition is face recognition, the driver sends an identity authentication request to the server 10 before preparing to acquire the online taxi appointment order through online taxi appointment software, and the server 10 starts to send the online taxi appointment order to the mobile terminal 11 of the driver when the identity authentication result is successful, so that the situation of impersonation is prevented. The identity identification process comprises the steps that an identity authentication request is sent through a mobile terminal 11 used by a driver, the server 10 determines the position relation between the mobile terminal 11 of the driver and a fixed terminal 12 built in the driver vehicle according to the identity authentication request to carry out first authentication, and whether the mobile terminal 11 is near the vehicle at present is determined. After the first authentication is passed, the server 10 acquires the face image of the driver through the mobile terminal 11 of the driver or the fixed terminal 12 in the vehicle to perform a second authentication, and determines whether the person currently using the mobile terminal 11 is the driver corresponding to the current mobile terminal 11 and the fixed terminal 12.
Therefore, the embodiment of the invention can carry out double identity recognition through the position and the face, improves the accuracy of identity recognition, fills in the loophole that identity recognition can be carried out through remote face image transmission at a specific position, and prevents the situation of imposition during identity recognition.
Fig. 2 is a flowchart of an identity authentication method according to an embodiment of the present invention. As shown in fig. 2, the identity authentication method according to the embodiment of the present invention includes the following steps:
step S100, responding to the received identity authentication request sent by the mobile terminal, and performing first authentication. Specifically, when the user needs to perform identity authentication, an identity authentication request is sent to the server through the mobile terminal, and after the server receives the identity authentication request, the user using the mobile terminal is authenticated for the first time according to the identity authentication request. The server stores a plurality of user identity information, and mobile terminal information and fixed terminal information corresponding to each user identity information in advance. Therefore, after receiving the identity authentication request sent by the mobile terminal, the server determines the corresponding user identity information and the corresponding fixed terminal information according to the mobile terminal information sending the identity authentication request, so as to further determine the user and the fixed terminal corresponding to the mobile terminal to perform identity identification. Alternatively, the first authentication may be an identity authentication method for authenticating the identity of the user, which is any one of face recognition and location recognition.
In an optional implementation manner of the embodiment of the present invention, the server uses the location identification as a first authentication method. That is, after receiving the identity authentication request, the server determines the location relationship between the mobile terminal and the corresponding fixed terminal, so as to determine the first authentication result through the location relationship.
In the embodiment of the invention, the position relationship is used for representing whether the mobile terminal and the corresponding fixed terminal are adjacent, and when the position relationship is adjacent, the server determines that the first authentication result is successful. Alternatively, the server may determine the position relationship between the mobile terminal and the corresponding fixed terminal in a variety of different ways.
Fig. 3 is a flowchart of determining a position relationship according to an alternative implementation manner of the embodiment of the present invention. As shown in fig. 3, in an optional implementation manner of the embodiment of the present invention, the server determines the position relationship between the mobile terminal and the fixed terminal by randomly sending a unique identifier to be identified to the fixed terminal corresponding to the mobile terminal. The above process of determining the positional relationship may include the steps of:
and step S110, sending the identification to be identified to a fixed terminal corresponding to the mobile terminal so as to output the identification through the fixed terminal.
Specifically, the fixed terminal corresponding to the mobile terminal is a terminal device capable of performing communication connection with the server, and includes an information output device having an information output function. Alternatively, the information output device may be a display device capable of outputting the identifier to be recognized in a format of text information, video information, image information, or the like, or may be an audio output device capable of outputting the identifier to be recognized in an audio information format. The server receives an identity authentication request sent by the mobile terminal, and after determining a fixed terminal corresponding to the mobile terminal, sends a randomly generated unique identifier to be identified to the fixed terminal, and outputs the identifier to be identified through the fixed terminal, so that the identifier to be identified is identified through the mobile terminal to obtain an identification result. Alternatively, the identification to be recognized may be audio information, text information, and image information such as a two-dimensional code and a barcode.
Fig. 4 is a schematic diagram of a to-be-recognized identifier according to an embodiment of the present invention. As shown in fig. 4, the fixed terminal corresponding to the mobile terminal includes a display device 40, and after receiving the identifier 41 to be recognized sent by the server, the fixed terminal displays the identifier 41 to be recognized through the display device 40. Alternatively, the identifier 41 to be recognized may be displayed in a two-dimensional code format.
And step S120, receiving identification information obtained by identifying the identification to be identified by the mobile terminal.
Specifically, after the fixed terminal displays the identifier to be recognized, the user recognizes the identifier to be recognized displayed by the fixed terminal through the mobile terminal to obtain the recognition information, and sends the recognition information to the server. The identification information comprises identification information of a fixed terminal displaying the identification information, the server acquires the identification information of the fixed terminal in the identification information after receiving the identification information, and judges whether the fixed terminal represented by the identification information of the fixed terminal is a fixed terminal corresponding to the mobile terminal.
Further, the mobile terminal can acquire first position information of the mobile terminal and second position information of the fixed terminal while identifying the identifier to be identified, and generates identification information according to the identification result of the identifier to be identified, the first position information and the second position information. And when the server receives the identification information and determines that the identification information is generated by identifying the identifier to be identified, which is displayed corresponding to the fixed terminal, for the mobile terminal, the server further acquires the first position information and the second position information to determine the position relationship.
And step S130, determining the position relation between the mobile terminal and the corresponding fixed terminal according to the identification information.
Specifically, after receiving the identification information obtained by identifying the identifier to be identified by the mobile terminal, the server determines whether the identifier to be identified corresponding to the identification information is displayed by the fixed terminal corresponding to the mobile terminal, that is, determines whether the mobile terminal obtains the identifier to be identified at the corresponding fixed terminal. And when the identification information is judged to be the information generated by the mobile terminal acquiring and identifying the identifier to be identified at the corresponding fixed terminal, further determining the position relation between the mobile terminal and the fixed terminal according to the identification information.
In the embodiment of the invention, the server determines the position relationship by determining first position information representing the position of the mobile terminal and second position information representing the position of the fixed terminal, and then determining the corresponding position relationship according to the first position information and the second position information. Optionally, the server determines the distance between the first location information and the second location information by calculating the distance between the location corresponding to the first location information and the location corresponding to the second location information, and then compares the distance with a preset distance threshold, and determines that the location relationship between the mobile terminal and the fixed terminal is adjacent, that is, the user holding the mobile terminal is currently near the fixed terminal, when the calculated threshold is smaller than the distance threshold. And determining that the position relation between the mobile terminal and the fixed terminal is not adjacent under the condition that the calculated threshold is not smaller than the distance threshold, namely that the user holding the mobile terminal is not near the fixed terminal currently.
Further, the server may determine the first location information and the second location information in different manners under different circumstances. For example, in the case where the mobile terminal identifies the identifier to be identified and also acquires the first location information of the mobile terminal and the second location information of the fixed terminal, the server may directly acquire the first location information and the second location information included in the identification information. Or, when the identification information does not include the first location information and the second location information, the server may receive the fed back first location information and second location information by sending a location query instruction to the mobile terminal and the fixed terminal after receiving the identification information.
By taking the application of the embodiment of the invention to the online car booking software as an example, a driver sends identity authentication information to the server through the corresponding mobile terminal before preparing to start receiving the online car booking task based on the online car booking with the corresponding fixed terminal. The server determines the fixed terminal corresponding to the mobile terminal after receiving the identity authentication information, and sends a random and unique two-dimensional code to the corresponding fixed terminal to be displayed through the fixed terminal. A driver scans a two-dimensional code displayed by a fixed terminal through a mobile terminal to determine identification information comprising the position of the mobile terminal and the position of the fixed terminal, and a server acquires the identification information and determines the position relationship between the mobile terminal and the fixed terminal according to the identification information, namely, determines whether the mobile terminal and the driver holding the mobile terminal are in a networked car appointment system with the corresponding fixed terminal.
Fig. 5 is a flowchart of determining a position relationship according to another alternative implementation manner of the embodiment of the present invention. In another alternative implementation of the embodiment of the present invention, as shown in fig. 5, the server determines the position relationship between the mobile terminal and the fixed terminal by determining whether the mobile terminal and the corresponding fixed terminal are connected in short-distance communication. The above process of determining the positional relationship may include the steps of:
and step S140, acquiring the communication information of the mobile terminal.
Specifically, in the case where the fixed terminal has a short-range communication function, the mobile terminal can establish a short-range communication connection in the case where the distance from the corresponding fixed terminal satisfies a communication connection condition. Optionally, the short-distance communication connection may be a communication connection mode in which two terminal devices that establish connection need to be in a short distance, such as a bluetooth connection, a wifi hotspot connection, and an NFC connection. The server acquires the communication information of the mobile terminal after receiving the identity authentication request sent by the mobile terminal and determining the fixed terminal corresponding to the mobile terminal. In the embodiment of the invention, the communication information comprises the identification information of the terminal equipment connected with the mobile terminal through the short-distance communication technology, and the server can determine whether the terminal establishing the short-distance communication connection with the mobile terminal is a fixed terminal corresponding to the mobile terminal according to the communication information.
And S150, responding to the fixed terminal corresponding to the identification information used for representing the mobile terminal, and determining that the position relation is adjacent.
Specifically, when the server determines that the terminal currently establishing short-distance communication connection with the mobile terminal is the corresponding fixed terminal according to the identification information, the server judges that the mobile terminal is currently located at a short distance from the corresponding fixed terminal, and further determines that the mobile terminal and the corresponding fixed terminal are adjacent in position relation. Further, when the fixed terminal represented by the identification information is not a fixed terminal of the mobile terminal, or when no identification information exists in the communication information and the identification information does not represent any fixed terminal, the server determines that the position relationship between the mobile terminal and the fixed terminal is not adjacent.
The embodiment of the invention is applied to the network car booking software as an example, and a driver performs Bluetooth connection with a fixed terminal installed in a network car booking before the driver starts to receive a network car booking task based on the network car booking with the corresponding fixed terminal. After receiving the identity authentication information, the server determines a fixed terminal corresponding to the mobile terminal and acquires the current communication information of the mobile terminal. The server obtains the identification information in the communication information to determine whether the fixed terminal connected with the mobile terminal is the fixed terminal corresponding to the mobile terminal, namely, whether the mobile terminal and a driver holding the mobile terminal are in the network appointment car provided with the corresponding fixed terminal.
Further, when the server determines that the mobile terminal and the corresponding fixed terminal are not adjacent, the server determines that the first authentication result based on the position relationship is failure. And when the server fails to identify the identity based on the position relation, sending position authentication failure information to the mobile terminal or the mobile terminal according to different position determination modes, so as to perform identity authentication again through the mobile terminal according to the authentication failure information. For example, when the location determination mode is to determine the location relationship by generating identification information by identifying the identifier to be identified, the server transmits location authentication failure information including the content of re-performing identifier identification to the mobile terminal when the location authentication fails. And the mobile terminal rescans the to-be-identified mark displayed by the fixed terminal to generate new identification information after receiving the position authentication identification information. Optionally, the server may also randomly send a new identifier to be identified to the fixed terminal. When the position determining mode is that the position relation is determined by obtaining the communication information of the mobile terminal, the server sends position authentication failure information including the content of re-performing the short-distance communication connection to the mobile terminal when the position authentication fails. And the mobile terminal reestablishes short-distance communication connection with the fixed terminal after receiving the position authentication identification information.
Fig. 6 is a schematic diagram of location authentication failure information in an optional implementation manner according to an embodiment of the present invention, as shown in fig. 6, when the location determination manner is that a location relationship is determined by obtaining communication information of the mobile terminal 60, and the server sends location authentication failure information 61 to the mobile terminal 60 when the location authentication fails, so as to display the location authentication failure information to the user through the display interface of the mobile terminal 60, and remind the user to establish a communication connection with a corresponding fixed terminal through the mobile terminal 60 again. Alternatively, when the connection mode of the mobile terminal 60 and the fixed terminal is bluetooth connection, the content of the corresponding location authentication failure information 61 may be "confirm authorized bluetooth connection? And includes corresponding authorization control and cancellation authorization control, which are used to perform corresponding operations under the condition of being triggered.
Furthermore, in order to prevent inconvenience caused by excessive number of location authentication requests, the server may further preset a number threshold, and when the number of failed location authentication times is greater than the number threshold, the identity authentication request is not received within a preset time. Still taking the application of the embodiment of the present invention to the field of online taxi appointment as an example for explanation, before preparing to start receiving the online taxi appointment task based on the online taxi appointment equipped with the corresponding fixed terminal, the driver sends an identity authentication request to the server, and when the number of times of failure of the location authentication result is greater than a preset number threshold 5, the driver does not receive the identity authentication request sent by the mobile terminal corresponding to the driver within one day, that is, the driver cannot receive the online taxi appointment task within 24 hours.
In an optional implementation manner of the embodiment of the present invention, the first authentication performed based on the location relationship can determine that the user holding the mobile terminal is near the corresponding fixed terminal, thereby solving the problem of impersonation by remote identity recognition in the existing identity recognition method.
And S200, responding to the result of the first authentication as success, and performing second authentication.
Specifically, the server performs the second authentication on the premise that the first authentication result is successful. Optionally, the second authentication is another authentication method of face recognition and location recognition, except for the first authentication. And when the first authentication is face identification, the second authentication is position identification, and when the first authentication is position identification, the second authentication is face identification.
In an optional implementation manner of the embodiment of the present invention, the server performs the second authentication by acquiring a face image of a user currently using the mobile terminal, and performing the second authentication by using a face recognition method. Optionally, the server may obtain the face image by sending face image obtaining information to the mobile terminal, and the mobile terminal performs face image acquisition and uploading on a user currently holding the mobile terminal based on the face image obtaining information.
And when the authentication mode of the second authentication is face recognition, after receiving the face image sent by the mobile terminal, the server performs face recognition according to the face image to determine corresponding user information. The user information is used for representing a user corresponding to the face image. Optionally, the embodiment of the present invention may perform face recognition through any face recognition technology, which is not limited herein. For example, the server may perform operations such as face detection and key point positioning on a face image based on a face recognition model obtained through pre-training, and obtain a corresponding recognition result as user information.
Further, after determining user information for representing the currently used terminal device, the server matches a target user corresponding to the terminal device pre-stored in the server, and under the condition that the user information obtained through face recognition corresponds to the target user, the server judges that the user currently using the mobile terminal is the user, completes secondary authentication based on the face image and determines that the identity authentication result is successful. For example, in the field of online car booking, when user information obtained after face recognition is performed by a server is used for representing a driver corresponding to a mobile terminal and prestored in the server, the driver requesting to receive the online car booking task is determined as the principal, and the identity authentication result is determined as authentication success.
In the face recognition process, under the condition that the server determines that the user information does not correspond to the target user corresponding to the mobile terminal, face authentication failure information is sent to an operation terminal connected with the server so as to inform a manager of the current identity authentication failure result.
In an optional implementation manner of the embodiment of the invention, the second authentication is performed based on the face image, so that the situation that other people use the mobile terminal to replace the mobile terminal holder for face recognition is avoided. Meanwhile, the accuracy of the identity recognition result is improved by two times of identity recognition.
And step S300, responding to the result of the second authentication as success, and determining that the identity authentication result is authentication success.
Specifically, the server performs a first authentication through face recognition or position recognition, and performs a second authentication through another recognition mode when the authentication result is successful. And under the condition that the two authentication results are successful, determining that the identity authentication result of the identity authentication process is successful.
Fig. 7 is a schematic diagram of an identity authentication method in an alternative implementation manner according to an embodiment of the present invention. As shown in fig. 7, the method for performing identity authentication according to the embodiment of the present invention includes that the first authentication is identity authentication based on face recognition, and the second authentication is identity authentication based on location recognition. Specifically, the method comprises the following steps:
and step S70, receiving an identity authentication request sent by the mobile terminal to start an identity authentication process.
And step S71, starting first authentication, namely acquiring a face image to perform face recognition so as to obtain user information.
And step S72, after the user information is obtained, performing first authentication based on the user information.
And S73, determining that the identity authentication result is failure under the condition that the user information does not correspond to the target user, and generating and sending face authentication failure information.
And step S74, determining that the first authentication result is successful under the condition that the user information corresponds to the target user, and determining the position relation between the mobile terminal and the corresponding fixed terminal so as to start the second authentication.
Step S75, second authentication is performed based on whether or not the positional relationship is adjacent.
And step S76, when the position relationship is not adjacent, further determining the times of the second authentication in the identity authentication process, and when the times are not more than the quantity threshold value, re-determining the position relationship again through the step S74.
And step S77, when the times are more than the quantity threshold value, determining that the identity authentication result is failure, and no identity authentication request is received within preset time.
And S78, if the position relation is adjacent, the second authentication is passed, and the identity authentication result is determined to be successful.
Fig. 8 is a schematic diagram of an identity authentication method according to another alternative implementation manner of the embodiment of the present invention. As shown in fig. 8, the method for performing identity authentication according to the embodiment of the present invention includes that the first authentication is identity authentication based on location identification, and the second authentication is identity authentication based on face identification. Specifically, the method comprises the following steps:
and step S80, receiving an identity authentication request sent by the mobile terminal to start an identity authentication process.
And S81, determining the position relation between the mobile terminal and the corresponding fixed terminal.
Step S82, based on whether the position relation is adjacent or not, the first authentication is carried out.
And S83, if the position relations are adjacent, acquiring a face image through first authentication to perform face recognition so as to obtain user information and performing second authentication.
And S84, when the position relationship is not adjacent, further determining the number of times of the first identity authentication in the identity authentication process, and when the number of times is not more than the number threshold, re-determining the position relationship again through the step S81.
And S85, determining that the identity authentication result is failure when the times are greater than the number threshold, and no identity authentication request is received within preset time.
And S86, after the user information is obtained, performing second authentication based on the user information.
And step S87, determining that the second authentication is successful under the condition that the user information corresponds to the target user, namely that the identity authentication result is successful.
And S88, determining that the identity authentication result is failure under the condition that the user information does not correspond to the target user, and generating and sending face authentication failure information.
The identity authentication method of the embodiment of the invention respectively carries out double identity recognition through the position and the face, thereby improving the accuracy of identity recognition. Meanwhile, the vulnerability that the identity of the user can be identified through remote face image transmission under the identity identification scene in a specific position needing to be verified is filled.
Fig. 9 is a schematic diagram of an identity authentication device according to an embodiment of the present invention. As shown in fig. 9, the identity authentication apparatus according to the embodiment of the present invention includes a first authentication module 90, a second authentication module 91, and a result determination module 92.
Specifically, the first authentication module 90 is configured to perform a first authentication in response to receiving an identity authentication request sent by the mobile terminal;
the second authentication module 91 is configured to perform a second authentication in response to a result of the first authentication being successful;
the result determining module 92 is configured to determine, in response to that the result of the second authentication is successful, that the identity authentication result is successful;
and the first authentication and the second authentication are respectively one of position recognition and face recognition.
Further, the first authentication module includes:
the position determining submodule is used for determining the position relation between the mobile terminal and the corresponding fixed terminal;
and the first authentication result determining submodule is used for determining that the first authentication result is successful in response to the position relation being adjacent.
Further, the second authentication module includes:
the image determining submodule is used for determining a face image corresponding to the mobile terminal;
the face recognition submodule is used for carrying out face recognition according to the face image to obtain corresponding user information;
and the second authentication result determining submodule is used for responding to the user information corresponding to the target user corresponding to the mobile terminal and determining that the second authentication result is successful.
Further, the position determination sub-module includes:
the identification sending unit is used for sending an identification to be identified to a fixed terminal corresponding to the mobile terminal so as to output the identification through the fixed terminal;
the first information receiving unit is used for receiving identification information obtained by identifying the identifier to be identified by the mobile terminal;
and the first position determining unit is used for determining the position relation between the mobile terminal and the corresponding fixed terminal according to the identification information.
Further, the first position determination unit includes:
the position acquisition subunit is used for determining first position information used for representing the position of the mobile terminal and second position information used for representing the position of the fixed terminal according to the identification information;
and the first position determining subunit is used for determining a position relation according to the first position information and the second position information.
Further, the position acquiring subunit specifically includes:
and the position receiving subunit is used for responding to the received identification information and respectively acquiring the first position information uploaded by the mobile terminal and the second position information uploaded by the fixed terminal.
Further, the first position determining subunit includes:
a distance calculating subunit, configured to determine a distance between the first location information and the second location information;
a position determining subunit, configured to determine that the position relationship is adjacent in response to the distance being smaller than a distance threshold.
Further, the information position determination submodule includes:
a second information receiving unit, configured to acquire communication information of the mobile terminal, where the communication information includes identification information of a terminal device connected to the mobile terminal by using a short-range communication technology;
and the second position determining unit is used for responding to the fixed terminal corresponding to the identification information used for representing the mobile terminal and determining that the position relation is adjacent.
Further, the image determination sub-module includes:
an identification information sending unit for sending face identification information;
and the image receiving unit is used for receiving the corresponding face image returned by the mobile terminal based on the face identification information.
Further, the apparatus further comprises:
a first authentication information sending module, configured to send location authentication failure information in response to that the location relationship is not adjacent, so as to perform location authentication again;
and the quantity judging module is used for responding that the quantity of the position authentication failures is larger than a quantity threshold value and not receiving the identity authentication request within preset time.
Further, the apparatus further comprises:
and the second authentication information sending module is used for responding to the fact that the user information does not correspond to the target user corresponding to the mobile terminal and sending face authentication failure information.
The identity authentication device of the embodiment of the invention respectively carries out double identity recognition through the position and the face, thereby improving the accuracy of identity recognition. Meanwhile, the vulnerability that the identity of the user can be identified through remote face image transmission under the identity identification scene in a specific position needing to be verified is filled.
Fig. 10 is a schematic diagram of an electronic device of an embodiment of the invention. As shown in fig. 10, the electronic device shown in fig. 10 is a general address query device, which includes a general computer hardware structure, which includes at least a processor 100 and a memory 101. The processor 100 and the memory 101 are connected by a bus 102. The memory 101 is adapted to store instructions or programs executable by the processor 100. Processor 100 may be a stand-alone microprocessor or a collection of one or more microprocessors. Thus, processor 100 implements the processing of data and the control of other devices by executing instructions stored by memory 101 to perform the method flows of embodiments of the present invention as described above. The bus 102 connects the above-described components together, and also connects the above-described components to a display controller 103 and a display device and an input/output (I/O) device 104. Input/output (I/O) devices 104 may be a mouse, keyboard, modem, network interface, touch input device, motion sensitive input device, printer, and other devices known in the art. Typically, the input/output devices 104 are connected to the system through input/output (I/O) controllers 105.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, apparatus (device) or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may employ a computer program product embodied on one or more computer-readable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations of methods, apparatus (devices) and computer program products according to embodiments of the application. It will be understood that each flow in the flow diagrams can be implemented by computer program instructions.
These computer program instructions may be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows.
These computer program instructions may also be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows.
Another embodiment of the invention is directed to a non-transitory storage medium storing a computer-readable program for causing a computer to perform some or all of the above-described method embodiments.
That is, as can be understood by those skilled in the art, all or part of the steps in the method for implementing the embodiments described above may be accomplished by specifying the relevant hardware through a program, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (25)

1. An identity authentication method, the method comprising:
responding to an identity authentication request sent by a mobile terminal, and performing first authentication;
responding to the result of the first authentication as success, and performing second authentication;
in response to the result of the second authentication being successful, determining that the identity authentication result is successful;
and the first authentication and the second authentication are respectively one of position recognition and face recognition.
2. The method of claim 1, wherein the performing the first authentication comprises:
determining the position relation between the mobile terminal and the corresponding fixed terminal;
and determining that the first authentication result is successful in response to the position relation being adjacent.
3. The method of claim 1, wherein the performing the second authentication comprises:
determining a face image corresponding to the mobile terminal;
carrying out face recognition according to the face image to obtain corresponding user information;
and determining that the second authentication result is successful in response to the fact that the user information corresponds to the target user corresponding to the mobile terminal.
4. The method of claim 2, wherein determining the location relationship between the mobile terminal and the corresponding fixed terminal comprises:
sending a mark to be identified to a fixed terminal corresponding to the mobile terminal so as to be output through the fixed terminal;
receiving identification information obtained by identifying the identification to be identified by the mobile terminal;
and determining the position relation between the mobile terminal and the corresponding fixed terminal according to the identification information.
5. The method according to claim 3, wherein the determining the position relationship between the mobile terminal and the corresponding fixed terminal according to the identification information comprises:
determining first position information used for representing the position of the mobile terminal and second position information used for representing the position of the fixed terminal according to the identification information;
and determining a position relation according to the first position information and the second position information.
6. The method according to claim 5, wherein the determining, according to the identification information, first location information for characterizing a location of a mobile terminal and second location information for characterizing a fixed terminal specifically comprises:
and respectively acquiring first position information uploaded by the mobile terminal and second position information uploaded by the fixed terminal in response to the received identification information.
7. The method of claim 5, wherein determining the location relationship based on the first and second location information comprises:
determining a distance between the first location information and the second location information;
determining the positional relationship as adjacent in response to the distance being less than a distance threshold.
8. The method of claim 2, wherein determining the location relationship between the mobile terminal and the corresponding fixed terminal comprises:
acquiring communication information of the mobile terminal, wherein the communication information comprises identification information of terminal equipment connected with the mobile terminal through a short-distance communication technology;
and responding to the fixed terminal corresponding to the identification information used for representing the mobile terminal, and determining that the position relation is adjacent.
9. The method according to claim 3, wherein the determining the face image corresponding to the mobile terminal comprises:
sending face recognition information;
and receiving a corresponding face image returned by the mobile terminal based on the face recognition information.
10. The method of claim 2, further comprising:
responding to the position relation is not adjacent, sending position authentication failure information to carry out position authentication again;
and in response to the number of the position authentication failures being larger than the number threshold, the identity authentication request is not received within a preset time.
11. The method of claim 3, further comprising:
and sending face authentication failure information in response to the fact that the user information does not correspond to the target user corresponding to the mobile terminal.
12. An identity authentication apparatus, the apparatus comprising:
the first authentication module is used for responding to an identity authentication request sent by the mobile terminal and performing first authentication;
the second authentication module is used for responding to the success of the first authentication result and carrying out second authentication;
the result determining module is used for responding to the result of the second authentication as success, and determining the identity authentication result as success of authentication;
and the first authentication and the second authentication are respectively one of position recognition and face recognition.
13. The apparatus of claim 12, wherein the first authentication module comprises:
the position determining submodule is used for determining the position relation between the mobile terminal and the corresponding fixed terminal;
and the first authentication result determining submodule is used for determining that the first authentication result is successful in response to the position relation being adjacent.
14. The apparatus of claim 12, wherein the second authentication module comprises:
the image determining sub-module is used for determining a face image corresponding to the mobile terminal;
the face recognition submodule is used for carrying out face recognition according to the face image to obtain corresponding user information;
and the second authentication result determining submodule is used for responding to the user information corresponding to the target user corresponding to the mobile terminal and determining that the second authentication result is successful.
15. The apparatus of claim 13, wherein the location determination submodule comprises:
the identification sending unit is used for sending an identification to be identified to a fixed terminal corresponding to the mobile terminal so as to output the identification through the fixed terminal;
the first information receiving unit is used for receiving identification information obtained by identifying the identifier to be identified by the mobile terminal;
and the first position determining unit is used for determining the position relation between the mobile terminal and the corresponding fixed terminal according to the identification information.
16. The apparatus of claim 12, wherein the first position determination unit comprises:
the position acquisition subunit is used for determining first position information used for representing the position of the mobile terminal and second position information used for representing the position of the fixed terminal according to the identification information;
and the first position determining subunit is used for determining a position relation according to the first position information and the second position information.
17. The apparatus according to claim 16, wherein the location obtaining subunit specifically includes:
and the position receiving subunit is used for responding to the received identification information and respectively acquiring the first position information uploaded by the mobile terminal and the second position information uploaded by the fixed terminal.
18. The apparatus of claim 16, wherein the first position determining subunit comprises:
a distance calculating subunit, configured to determine a distance between the first location information and the second location information;
a position determining subunit, configured to determine that the position relationship is adjacent in response to the distance being smaller than a distance threshold.
19. The apparatus of claim 13, wherein the information location determination submodule comprises:
a second information receiving unit, configured to acquire communication information of the mobile terminal, where the communication information includes identification information of a terminal device connected to the mobile terminal through a short-range communication technology;
and the second position determining unit is used for responding to the fixed terminal corresponding to the identifier information used for representing the mobile terminal and determining that the position relation is adjacent.
20. The apparatus of claim 14, wherein the image determination sub-module comprises:
an identification information sending unit for sending face identification information;
and the image receiving unit is used for receiving the corresponding face image returned by the mobile terminal based on the face identification information.
21. The apparatus of claim 13, further comprising:
a first authentication information sending module, configured to send location authentication failure information in response to that the location relationship is not adjacent, so as to perform location authentication again;
and the quantity judging module is used for responding to the condition that the quantity of the position authentication failures is larger than a quantity threshold value and not receiving the identity authentication request within preset time.
22. The apparatus of claim 14, further comprising:
and the second authentication information sending module is used for responding to the fact that the user information does not correspond to the target user corresponding to the mobile terminal and sending face authentication failure information.
23. A computer readable storage medium storing computer program instructions, which when executed by a processor implement the method of any one of claims 1-11.
24. An electronic device comprising a memory and a processor, wherein the memory is configured to store one or more computer program instructions, wherein the one or more computer program instructions are executed by the processor to implement the method of any of claims 1-11.
25. A computer program product comprising computer programs/instructions, characterized in that the computer programs/instructions are executed by a processor to implement the method according to any of claims 1-11.
CN202210416172.1A 2021-04-20 2022-04-20 Identity authentication method and device Pending CN115221487A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110425763.0A CN113204748A (en) 2021-04-20 2021-04-20 Identity authentication method and device
CN2021104257630 2021-04-20

Publications (1)

Publication Number Publication Date
CN115221487A true CN115221487A (en) 2022-10-21

Family

ID=77027636

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202110425763.0A Withdrawn CN113204748A (en) 2021-04-20 2021-04-20 Identity authentication method and device
CN202210416172.1A Pending CN115221487A (en) 2021-04-20 2022-04-20 Identity authentication method and device

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202110425763.0A Withdrawn CN113204748A (en) 2021-04-20 2021-04-20 Identity authentication method and device

Country Status (1)

Country Link
CN (2) CN113204748A (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115273300A (en) * 2022-07-21 2022-11-01 平安信托有限责任公司 Gate control method, device, equipment and medium

Also Published As

Publication number Publication date
CN113204748A (en) 2021-08-03

Similar Documents

Publication Publication Date Title
US10659457B2 (en) Information processing device, information processing system, and information processing method
EP2525594A1 (en) Method and service management platform equipment for performing the value-added service instruction processing
CN110086799B (en) Identity verification method and device
CN104901936A (en) Business processing method and device, terminal and server
CN111860016A (en) Information display method and device for Near Field Communication (NFC) and electronic equipment
CN115221487A (en) Identity authentication method and device
TW201933208A (en) Data processing method, terminal device, and data processing system
CN105871903A (en) Information security control method and system as well as mobile terminal
CN111770075B (en) Task processing method and device, readable storage medium and electronic equipment
CN111400684A (en) Electronic certificate information acquisition method, system, device, equipment and storage medium
CN104378202B (en) Information processing method, electronic terminal and server
CN113238696A (en) Control method and device of electronic control equipment and computer readable storage medium
CN115456812A (en) Intelligent construction site management method, device, equipment and medium
CN111586074B (en) Communication method, server, Internet of things system and readable storage medium
CN109634509B (en) Processing method, plug-in and first electronic device
CN116438589A (en) System for generating a contact between users associated with a vehicle
CN113851012A (en) Automatic vehicle searching method, device, system and computer readable storage medium
CN109697097B (en) Data processing method and system
CN107423604B (en) Application control method and related product
CN108696850B (en) Synchronous induction method, device and system
CN115174124B (en) Data security calculation method and system of processor
CN111343297B (en) Bluetooth identifier generation method and device
CN107750469B (en) Stamp device, its operation method and recording medium
CN117851997A (en) Identity verification method, device, electronic equipment and storage medium
JP6350697B1 (en) In-vehicle device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination