CN116167761A

CN116167761A - Face payment method, device, computer equipment, storage medium and product

Info

Publication number: CN116167761A
Application number: CN202111402850.0A
Authority: CN
Inventors: 洪哲鸣; 张晓翼; 崔齐; 杨伟明; 王少鸣; 郭润增
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2021-11-24
Filing date: 2021-11-24
Publication date: 2023-05-26

Abstract

The embodiment of the application discloses a face payment method, a face payment device, computer equipment, a storage medium and a product; according to the embodiment of the application, the original image sequence of the face payment can be obtained through the main control processing module, and the original image sequence comprises at least one original face image; image compression is carried out on the original face image to obtain a compressed image; carrying out hash processing on the compressed image to obtain abstract information of the compressed image; sending abstract information to a secure encryption module, and carrying out signature processing on the abstract information by the secure encryption module based on a preset private key to obtain a digital signature of the abstract information; and carrying out face payment processing according to the digital signature. The scheme is applied to various scenes such as cloud technology, artificial intelligence, intelligent traffic and the like, can improve the efficiency of signature processing on an original face image in the face payment process, and enhances the data security management in the face payment process, so that the face payment efficiency is improved.

Description

Face payment method, device, computer equipment, storage medium and product

Technical Field

The present application relates to the field of computer technologies, and in particular, to a face payment method, apparatus, computer device, storage medium, and product.

Background

Face payment is a payment method based on face recognition, wherein the face recognition refers to a technology of recognizing a face by using a computer technology of analysis and comparison, and the face recognition technology belongs to a biological feature recognition technology and is used for distinguishing organism individuals from biological features of organisms (generally, particularly persons). In practical applications, the steps of face payment may be cooperatively implemented by a face payment device.

In the research and practice process of the related art, the inventor of the application finds that the face payment device can perform signature processing on the collected face image so as to improve the data security in the face payment process, and the collected image stream data can include a plurality of face images in the face payment process, so that the data volume to be subjected to signature processing is large, and the input/output capability of the face payment device for data is limited, so that the efficiency of the face payment device for carrying out signature processing on the image stream data needs to be improved.

Disclosure of Invention

The embodiment of the application provides a face payment method, a device, computer equipment, a storage medium and a product, which can improve the efficiency of signature processing on an original face image in the face payment process, and enhance the data security management in the face payment process, thereby improving the face payment efficiency.

The embodiment of the application provides a face payment method, which is applicable to a terminal, wherein the terminal comprises a main control processing module and a secure encryption module, and comprises the following steps:

acquiring an original image sequence of face payment through the main control processing module, wherein the original image sequence comprises at least one original face image;

performing image compression on the original face image to obtain a compressed image;

carrying out hash processing on the compressed image to obtain abstract information of the compressed image;

the abstract information is sent to the secure encryption module, and the secure encryption module is used for carrying out signature processing on the abstract information based on a preset private key to obtain a digital signature of the abstract information;

and carrying out face payment processing according to the digital signature.

Correspondingly, the embodiment of the application also provides a face payment device, which comprises:

the acquisition unit is used for acquiring an original image sequence of face payment through the main control processing module, wherein the original image sequence comprises at least one original face image;

the compression unit is used for carrying out image compression on the original face image to obtain a compressed image;

the hash unit is used for carrying out hash processing on the compressed image to obtain abstract information of the compressed image;

The signature unit is used for sending the abstract information to the secure encryption module, and carrying out signature processing on the abstract information based on a preset private key through the secure encryption module to obtain a digital signature of the abstract information;

and the payment unit is used for carrying out face payment processing according to the digital signature.

In an embodiment, the payment unit comprises:

an image determination subunit configured to determine a target face image of a face payment from the original image sequence;

an identification determination subunit, configured to determine image identification information of the target face image;

a generation subunit, configured to generate target data required for performing face payment based on the digital signature corresponding to the image identification information and the target face image;

and the sending subunit is used for sending the target data to a server so as to trigger the server to carry out face payment processing based on the target data.

In an embodiment, the identification determination subunit is configured to:

reading a history image identification record of face payment from a storage unit, wherein the storage unit is provided with a data update period for the history image identification record; and calculating the image identification information of the target face image according to the data updating period and the historical image identification record.

In an embodiment, the storage unit includes a nonvolatile storage unit and a volatile storage unit, where the volatile storage unit is used to store a first image identification record of face payment, and the nonvolatile storage unit is used to store a second image identification record of face payment; the identification determination subunit is specifically configured to:

when the first image identification record in the volatile storage unit is detected to meet the preset condition, updating the second image identification record stored in the nonvolatile storage unit according to the data updating period of the second image identification record in the nonvolatile storage unit; and reading the updated second image identification record from the nonvolatile storage unit, and taking the updated second image identification record as a historical image identification record of face payment.

In an embodiment, the storage unit includes a nonvolatile storage unit for storing a second image identification record of the face payment; the identification determination subunit is specifically configured to:

resetting the historical image identification record according to the data updating period of the second image identification record in the nonvolatile storage unit; based on the processing result, image identification information of the target face image is determined.

In an embodiment, the storage unit includes a volatile storage unit for storing a first image identification record of the face payment; the identification determination subunit is specifically configured to:

according to the data updating period of the first image identification record in the volatile storage unit, performing incremental processing on the historical image identification record; based on the processing result, image identification information of the target face image is determined.

In an embodiment, the transmitting subunit is configured to:

triggering the server to verify the data signature based on a preset public key to obtain a first verification result; verifying the target identification information according to the history identification information stored by the server to obtain a second verification result; and carrying out face payment processing on the target face image based on the first verification result and the second verification result.

In an embodiment, the compression unit includes:

a transformation subunit, configured to perform data transformation on pixel information in the original face image, so as to obtain a transformed image;

a quantization subunit, configured to perform data quantization on pixel information in the transformed image, so as to obtain a quantized image;

And the compression subunit is used for carrying out image compression on the pixel information in the quantized image to obtain a compressed image.

In an embodiment, the signature unit comprises:

a function determining subunit, configured to determine an encryption function required for encrypting the summary information;

and the encryption subunit is used for carrying out encryption processing on the abstract information through the encryption function based on the preset private key to obtain an encrypted ciphertext of the abstract information, and taking the encrypted ciphertext as a digital signature of the abstract information.

Accordingly, the embodiments of the present application also provide a storage medium having a computer program stored thereon, wherein the computer program when executed by a processor implements the steps of the face payment method as shown in the embodiments of the present application.

Accordingly, the embodiment of the application further provides a computer device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the computer program to realize the steps of the face payment method shown in the embodiment of the application.

The embodiment of the application can be applied to a terminal, wherein the terminal comprises a main control processing module and a secure encryption module, and specifically, the embodiment of the application can acquire an original image sequence of face payment through the main control processing module, wherein the original image sequence comprises at least one original face image; performing image compression on the original face image to obtain a compressed image; carrying out hash processing on the compressed image to obtain abstract information of the compressed image; the abstract information is sent to the secure encryption module, and the secure encryption module is used for carrying out signature processing on the abstract information based on a preset private key to obtain a digital signature of the abstract information; and carrying out face payment processing according to the digital signature.

The scheme can support the realization of the data stream signature for the face payment based on the existing low-performance, low-cost and low-bandwidth face recognition equipment in the industry. Specifically, when the method is applied to a face-brushing camera, a face-brushing payment system or other face payment scenes, the scheme can acquire an original face image of face payment through the main control processing module, compress the original face image, hash the compressed image to obtain abstract information corresponding to the compressed image, and then compress image data to be subjected to signature processing by the security encryption module by utilizing the data processing capability of the main control processing module, so that the signature of stream data paid by the face by the security encryption module is realized on the basis of meeting the input/output throughput capability of the security encryption module, thereby resisting data tampering, guaranteeing service safety and improving the efficiency of face payment.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic view of a face payment method according to an embodiment of the present application;

FIG. 2 is a flow chart of a face payment method provided by an embodiment of the present application;

FIG. 3 is another flow chart of a face payment method provided in an embodiment of the present application;

FIG. 4 is another flow chart of a face payment method provided by an embodiment of the present application;

fig. 5 is a schematic diagram of a face payment device of the face payment method provided in the embodiment of the present application;

FIG. 6 is another flow chart of a face payment method provided by an embodiment of the present application;

fig. 7 is a schematic structural diagram of a face payment device provided in an embodiment of the present application;

fig. 8 is another schematic structural diagram of a face payment device provided in an embodiment of the present application;

fig. 9 is another schematic structural diagram of a face payment device provided in an embodiment of the present application;

fig. 10 is another schematic structural diagram of a face payment device provided in an embodiment of the present application;

fig. 11 is a schematic structural diagram of a computer device according to an embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.

The embodiment of the application provides a face payment method, a face payment device, computer equipment, a storage medium and a product. Specifically, the embodiment of the application provides a face payment device suitable for computer equipment. The computer device may be a terminal or the like. Specifically, the terminal may be a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, a car computer, etc., but is not limited thereto. The terminal and the server may be directly or indirectly connected through wired or wireless communication, which is not limited herein.

The embodiment of the application will take a face payment device as an example to describe a face payment method.

Referring to fig. 1, the face payment apparatus may include a main control processing module 10 and a security encryption module 20, and an original image sequence of face payment may be acquired through the main control processing module 10, wherein the original image sequence may include at least one original face image; image compression is carried out on the original face image to obtain a compressed image; and carrying out hash processing on the compressed image to obtain abstract information of the compressed image. Further, the digest information may be sent to the secure encryption module 20, and the digest information may be signed by the secure encryption module 20 based on a preset private key, to obtain a digital signature of the digest information, so that the face payment device may perform the face payment process according to the generated digital signature.

The following will describe in detail. The following description of the embodiments is not intended to limit the preferred embodiments.

The face payment method provided by the embodiment of the application can be executed by a terminal; the embodiment of the application is described by taking the face payment method performed by the terminal as an example, and specifically, the computer device may be a device such as a terminal. Specifically, the terminal may be a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, a car computer, etc., but is not limited thereto. In the embodiment of the present application, the method may be performed by a face payment device integrated in a terminal, and as illustrated in fig. 2, a specific flow of the face payment method may be as follows:

101. and acquiring an original image sequence of the face payment through a main control processing module, wherein the original image sequence comprises at least one original face image.

Wherein the face payment may be one way of paying based on facial feature information, for example, the face payment may be one way of paying for the face. The face-brushing payment is a novel payment mode realized based on artificial intelligence, machine vision, 3D sensing, big data and other technologies, and has the advantages of being more convenient, safer, good in experience and the like.

The main control processing module is a module for orchestrating and controlling steps involved in the face payment process, for example, the main control processing module may be a module for orchestrating and controlling image processing involved in the face payment process. As an example, the main control processing module may be integrated on a Chip, such as a System on Chip (SoC). In general, a SoC is referred to as a system-on-chip, also known as a system-on-chip, meaning that it is a product that is an integrated circuit with dedicated targets, containing the entire system and having embedded software. It is also a technique to achieve the whole process from determining the system functions, to software/hardware partitioning, and to complete the design.

In an embodiment, the main control processing module may include an SoC in the face payment device, in particular, the chip may be referred to as a main control chip, and the main control chip may be capable of supporting image processing in the face payment process, for example, compression processing, hash processing, and the like.

In practical applications, the images for face payments may include color maps, depth maps, and infrared maps. Wherein, the color image can comprise an image obtained by natural light imaging acquired by a color sensor, and can be used for face preference and recognition in face payment. The depth map may include an image obtained by collecting speckle-structured infrared light by an infrared sensor and resolving the speckle by a depth unit, and in 3D computer graphics and computer vision, the depth map is an image or image channel containing information about the distance of the surface of the scene object to the viewpoint. Each pixel of the depth map represents the vertical distance between the depth camera plane and the object plane, typically expressed in 16 bits, in millimeters. In face payment, the depth map may be used for in vivo detection, assisting in contrast recognition. The infrared map may include an image imaged by the infrared sensor capturing floodlight, and in face payment, the infrared map may be used for in vivo detection.

In face payment, face preferably refers to selecting a set of color, depth and infrared maps that meet the pre-conditions of the in-vivo detection and contrast recognition algorithm, such a set of maps may be referred to as a preferred payment frame, which may be used for in-vivo detection and contrast recognition. Specifically, face preference may be performed on a color map by using evaluation indexes such as face angle, face size, face centering, and color map sharpness, infrared map is performed on an infrared map by using evaluation indexes such as infrared map brightness, and depth map is performed by using evaluation indexes such as depth map integrity.

In face payment, the living body test is a judging method for judging whether the face brushing person is a real person or a photo, a head model or the like, and as an example, whether the face brushing person is a photo can be judged through a depth map, whether the face brushing person is a silica gel headgear is judged through brightness information of an infrared map, and the judgment of the living body test is carried out by combining other technical means.

In face payment, the comparison recognition refers to recognizing which user the face brusher is specifically, and as an example, five-point special similarity can be extracted through a color map, five-point special three-bit similarity is assisted and compared through a depth map, and the comparison recognition is performed by combining other technical means.

Wherein the original image sequence refers to an image set composed of original images paid for by at least one frame of face, wherein the original images may include an original color map, an original depth map, and an original infrared map.

In an embodiment, the main control processing module may acquire the aligned original color map, the original depth map, and the original infrared map, and the main control processing module may use the acquired original color map as an original image sequence of face payment, where the original image sequence includes at least one frame of original color map correspondingly. For example, the face payment device may acquire a color map stream of face payment at a frequency of 25 frames per second, where the color map stream acquired per second may include 25 frames of original color maps, and the main control processing module may acquire the color map stream, use the color map stream as an original image sequence of face payment, and execute the face payment method in the present application.

102. And carrying out image compression on the original face image to obtain a compressed image.

In an embodiment, the master processing module has better data throughput and data computation capability than the secure encryption module, so that the master processing module is more suitable for performing processing with higher data throughput and data computation capability than the secure encryption module, for example, performing image compression on the original face image in the original image sequence. It is noted that what is achieved in the present application is that the image compression operation is performed on at least one original face image in the original image sequence, for example, the image compression operation is performed on all original color images of 25 frames per second in the color image stream, so that the present application can implement stream processing, and has better real-time experience.

In the present application, there are various methods for image compression of an original face image, for example, it is considered that the original face image may be composed of at least one pixel, each pixel may have corresponding pixel information, and thus, image compression may be achieved by processing the pixel information.

As an example, the original face image may be image compressed based on a run-length compression (RunLengthEncoding, RLE) mechanism, and specifically, adjacent pixels having the same pixel information in a scan line may be replaced with a count value and pixel information for those pixels. For images having a large area and the same color area, the RLE compression method is very effective. In practical applications, a number of specific run-length compression methods, such as PCX run-length compression, bi_rle8 compression, bi_rle compression, compact-bit compression, etc., are derived from RLE principles.

As another example, the image compression may be performed on the original face image based on a huffman coding compression scheme, and in particular, since the probability of occurrence of each pixel information in the original face image is different, pixel information having a high probability may be represented by a shorter code, and pixel information having a low probability may be represented by a longer code, each of which is different in code.

As another example, the original face image may be image compressed based on an arithmetic compression method mechanism, in particular, different sequences of pixel information may be mapped into an area between 0 and 1, which area is represented as binary decimal numbers of variable precision (number of bits), the less common the higher the precision (more bits) required for the pixel information.

In an embodiment, a video processing unit (Video Processing Unit, VPU) module may be integrated in the main control processing module, and the main control processing module may perform image compression on an original face image through the VPU module, for example, may process pixel information in the original face image, for example, may perform data transformation and data quantization on the pixel information, and further perform image compression, and specifically, the step of performing image compression on the original face image to obtain a compressed image may include:

carrying out data transformation on pixel information in an original face image to obtain a transformed image;

carrying out data quantization on pixel information in the transformed image to obtain a quantized image;

and carrying out image compression on pixel information in the quantized image to obtain a compressed image.

Where a pixel refers to a square that makes up an image, the squares all have a definite position and assigned color value, and the color and position of the square determine what the image appears to be. Thus, in the present application, the pixel information corresponding to the pixel may include pixel position information and pixel color values.

It should be noted that, in practical application, the image segmentation of the original face image may also be performed before the step of "transforming the pixel information in the original face image" to segment the original face image into at least one sub-original face image, for example, the original face image may be segmented into 8×8 sub-original face images. Taking each sub-original face image as a new original face image, and further executing data transformation on pixel information in the original face image to obtain a transformed image; carrying out data quantization on pixel information in the transformed image to obtain a quantized image; and carrying out image compression on pixel information in the quantized image to obtain a compressed image. And step (2), the difficulty of data processing is reduced, and the data processing efficiency is improved.

Optionally, before performing the step of "performing data transformation on pixel information in the original face image", if the color space corresponding to the original face image is not suitable for performing image processing, the color space conversion may be performed on the original face image, for example, when the original face image is specifically an original color image and the color space corresponding to the original face image is RGB, the color space corresponding to the original face image may be converted from RGB to YCbCr. Further, the original face image after the color space conversion can be used as a new original face image, and the data transformation of the pixel information in the original face image is performed to obtain a transformed image; carrying out data quantization on pixel information in the transformed image to obtain a quantized image; and carrying out image compression on pixel information in the quantized image to obtain a compressed image. "step.

Wherein the data transformation is used to transform the pixel information to further perform the relevant steps of image compression based on the transformation result, for example, the pixel information is used as a spatial domain signal, and the pixel information can be transformed from the spatial domain signal to a frequency domain signal by performing the data transformation on the pixel information, so that the original face image can be correspondingly transformed from the spatial domain to the frequency domain. The manner of data transformation can be varied, for example, by discrete cosine transformation (Discrete Cosine Transform, DCT), which is a transformation related to Fourier transformation, similar to discrete Fourier transformation but using only real numbers. The DCT corresponds to a discrete fourier transform of approximately twice its length, which is performed on a real even function (since the fourier transform of a real even function is still a real even function), in some variants the position of the input or output needs to be shifted by half a unit (DCT has 8 standard types, of which 4 are common).

The data quantization is used for performing approximate processing on the value of the signal so as to reduce the complexity of the quantized signal. There are various ways of data quantization, for example, the pixel information may be quantized based on a quantization table, for example, the pixel information may be divided by a value corresponding to the quantization table, so as to implement the data quantization.

As an example, image segmentation, color space conversion, and DCT processing may be performed on the original face images, so that each of the original face images may be transformed into three floating point matrices representing Y, cr, cb data, respectively. Further, a quantization table required for quantization may be obtained, for example, a quantization coefficient matrix required for processing the luminance data Y and a quantization coefficient matrix required for processing the color difference data Cr and Cb may be obtained, and the floating point number matrix corresponding to the Y, cr and Cb channels and the corresponding quantization coefficient matrix are divided and rounded to implement data quantization of the transformed image.

There are various ways to compress the quantized image, for example, the image compression may be implemented based on a huffman compression mechanism, so that the original face image may be compressed into an image in a joint photographic experts group (Joint Photographic Experts Group, JPEG) format. It should be noted that, only the compression of the original face image into the JPEG format is taken as an example in the present application, and in practical application, the original face image may be compressed into other formats, which is not limited in this application.

103. And carrying out hash processing on the compressed image to obtain abstract information of the compressed image.

The hash processing is used for transforming an input with any length into an output with a fixed length through a digest algorithm, wherein the output is digest information corresponding to the input, and the digest algorithm refers to an algorithm capable of converting data with any length into a data string with a fixed length. Therefore, in the application, hash processing is performed on the compressed image, so that summary information corresponding to the compressed image can be obtained.

In the application, the method of hashing the compressed image by the main control processing module may be various, for example, a required digest algorithm may be selected, and the selected digest algorithm is applied to the compressed image by the main control processing module, so as to perform hash processing on the compressed image, so as to obtain digest information of the compressed image; for another example, various digest algorithms can be used in combination, that is, various digest algorithms are applied to the compressed image through the main control processing module so as to perform hash processing on the compressed image, so as to obtain digest information of the compressed image; for another example, the main control processing module may send the compressed image to other terminals or servers with idle computing resources, trigger the terminals or servers to perform hash processing on the compressed image, and send the summary information of the compressed image to the main control processing module, so that the main control processing module may obtain the summary information of the compressed image; etc.

As an example, the digest algorithm may include secure hash algorithm 2 (Secure Hash Algorithm 2, SHA-2), MD5, SHA-512, and the like.

It should be noted that what is achieved in the present application is that the image compression operation is performed on at least one original face image in the original image sequence, so as to obtain at least one compressed image, for example, the image compression operation is performed on all original color images of 25 frames per second in the color image stream, and compressed images corresponding to the original color images are obtained. On the basis, hash processing is carried out on each compressed image, and abstract information of each compressed image is obtained. That is, the present application is directed to the steps of performing image compression, hash processing, and the like on image stream data.

104. And sending the abstract information to the secure encryption module, and carrying out signature processing on the abstract information by the secure encryption module based on a preset private key to obtain the digital signature of the abstract information.

The secure encryption module is a module for encrypting data, for example, the secure encryption module can encrypt the data based on a preset private key.

As an example, the secure encryption module may comprise a secure element (SecureElement, SE) in the face payment device, in particular, the SE is typically provided in chip form and, to protect the data from external malicious parsing attacks, may have encryption/decryption logic in the chip.

In the asymmetric encryption technology, the key pair specifically includes a public key (public key) and a private key (private key). The public key and the private key are a pair, specifically, if the data is encrypted by the public key, the data can be decrypted only by the corresponding private key; if the private key is used for signing, the corresponding public key may be used for signing. Because two different keys are used for encryption and decryption, this algorithm is called an asymmetric encryption algorithm.

In practical application, the basic process of realizing confidential information exchange by using an asymmetric encryption algorithm is as follows: the first party generates a pair of secret keys and discloses the public keys, and other roles (second party) needing to send information to the first party encrypt confidential information by using the secret keys (first party's public keys) and then send the encrypted confidential information to the first party; and the first party decrypts the encrypted information by using the private key. The opposite is true when the first party wants to reply to the second party, the public key of the second party is used for encrypting the data, and the second party uses the private key of the second party for decrypting. On the other hand, the private key of the first party can be used for signing the confidential information and then sending the confidential information to the second party, and correspondingly, the second party can use the public key of the first party to sign the data sent back by the first party.

The signature processing is a method for authenticating digital information, specifically, signing a data unit, and refers to a process of generating a data signature corresponding to the data unit.

The digital signature is a section of digital string which can not be forged by others only generated by the sender of the information, and the section of digital string is also a valid proof for the authenticity of the information sent by the sender of the information. As an example, the digital signature may be some data attached to the data unit or a cryptographic transformation of the data unit. Such data or transformations allow the recipient of the data unit to confirm the source of the data unit and the integrity of the data unit and to protect the data from forgery by a person (e.g., the recipient). It is a method of signing messages in electronic form, a signed message being capable of being transmitted in a communications network.

It should be noted that what is achieved in the present application is that the image compression operation is performed on at least one original face image in the original image sequence, so as to obtain at least one compressed image, for example, the image compression operation is performed on all original color images of 25 frames per second in the color image stream, and compressed images corresponding to the original color images are obtained. On the basis, hash processing is carried out on each compressed image to obtain the abstract information of each compressed image, and the abstract information of each compressed image is sent to the security encryption module to carry out signature processing on the abstract information based on a preset private key through the security encryption module to obtain the digital signature of each abstract information. That is, the steps of image compression, hash processing, and signature processing are performed on the image stream data in this application.

In this application, the main control processing module may send summary information to the secure encryption module, and perform signature processing on the summary information by the secure encryption module based on a preset private key to obtain a digital signature of the summary information, specifically, the step of "performing signature processing on the summary information by the secure encryption module based on the preset private key to obtain a digital signature of the summary information" may include:

determining an encryption function required for encrypting the summary information;

based on a preset private key, the summary information is encrypted through an encryption function to obtain an encrypted ciphertext of the summary information, and the encrypted ciphertext is used as a digital signature of the summary information.

Where the encryption function refers to a function obtained based on a digital signature algorithm by which signature processing can be performed, for example, the digital signature algorithm may include an RSA (RivestShamir Adleman, RSA) algorithm, a digital signature algorithm (Digital Signature Algorithm, DSA), an elliptic curve signature algorithm (Elliptic Curve Digital Signature Algorithm, ECDSA), or the like.

In the present application, there may be various ways to determine the encryption function required for encrypting the summary information, for example, when the secure encryption module is generated, that is, the required encryption function is built in, so that the secure encryption module can directly call the encryption function to execute the encryption process on the summary information; for another example, an instruction may be sent to the secure encryption module, where the instruction may indicate an encryption function required for encrypting the summary information, so that the secure encryption module may determine, by parsing the instruction, the encryption function required for encrypting the summary information; etc.

After determining the digest function, the secure encryption module may encrypt the digest information by applying the encryption function based on a preset private key, and use the obtained encrypted ciphertext as a digital signature of the digest information.

In an embodiment, the main control processing module may be specifically integrated in a main control chip, the secure encryption module may be specifically integrated in an SE chip, and the original face image may be an original color image. Referring to fig. 3, a key pair corresponding to the SE chip may be generated in a secure environment, and a public key may be uploaded to a background server, specifically, in a secure factory during production of the SE chip, the key pair may be generated in a secure environment inside the SE chip, where a private key may be kept and stored inside the SE chip by the SE chip, and the public key may be exported and uploaded to the background server for data flow signature verification.

Further, the main control chip can acquire an original image sequence of face payment, namely a color image stream, and call the VPU module to compress the color image into a JPEG image, specifically, the main control chip can acquire an aligned three image, wherein the three image can specifically comprise a color image in YUV format, a depth image in RAWDATA format and an infrared image in YUV format. And the main control chip can call the VPU module to compress the color image in the YUV format to obtain a compressed image in the JPEG format.

Still further, the main control chip can cooperate with the SE chip to sign the compressed image in the JPEG format. Specifically, the main control chip can perform hash processing on the compressed image to obtain abstract information of the compressed image, and send the abstract information to the secure encryption module, so that the secure encryption module can perform signature processing on the abstract information based on a preset private key to obtain a digital signature of the abstract information.

105. And carrying out face payment processing according to the digital signature.

In the method, the security encryption module is used for signing the original face image in the original image sequence based on the preset private key, so that data tampering can be effectively prevented, and service security is guaranteed. However, considering that in practical application, in the face payment service, replay attack is also an attack means for reducing the security of data in face payment, specifically, the basic principle of replay attack is to resend the data that is stolen before to the receiver as it is, for example, in face payment, if the replay attack is not resisted, a hacker may impersonate the user to make face payment by stealing the signed image of the user, which may bring about a significant security risk.

Therefore, in the application, besides the SE-level stream signature mechanism, a mechanism for defending against replay attacks is further provided, so that when the application is applied to face payment, the risk of data tampering and the data replay attacks can be effectively resisted, and the data security in the face payment is improved. Specifically, the step of "performing face payment processing according to digital signature" may include:

determining a target face image of the face payment from the original image sequence;

determining image identification information of a target face image;

generating target data required for carrying out face payment based on the digital signature of the image identification information corresponding to the target face image;

and sending the target data to the server to trigger the server to conduct face payment processing based on the target data.

The step of determining a target face image of face payment from an original image sequence is to determine an image to be sent to a server from a signed image corresponding to the original face image, so that the server can execute a subsequent step of face payment processing based on the received image, and the image to be sent to the server is the target face image.

In the present application, there are various methods for determining the target face image, for example, all the signed images may be regarded as the target face image; for another example, a preferred payment frame may be determined from the signed image and taken as the target face image; etc.

Wherein the image identification information is used to uniquely identify the target face image. In this application, the captured facial image may also be referred to as a frame, and thus, the image identification information may be a frame identification (FrameIdentityDocument, FID).

In practice, the server may receive a face payment request, and the face payment request may include a target face image required for performing face payment. The server can judge whether the target face image is an image under replay attack by checking whether the image identification information corresponding to the target face image is incremental. Specifically, the server may store the current latest image identification information (for distinction, may be simply referred to as the current image identification information), and if the received image identification information of the target face image (for distinction, may be simply referred to as the target image identification information) is less than or equal to the current image identification information, the server may determine that the target face image is an image under replay attack, and further reject the payment request, and initiate an alarm.

In the present application, after the face payment device determines the target face image from the original image sequence, the image identification information corresponding to the target face image may be determined before the target face image is sent to the server, and it should be noted that the face payment device needs to ensure that the image identification information is incremented. In an embodiment, the history image identification record of the face payment device may be read, and the identification increment may be performed based on the history image identification record, so as to obtain the target image identification information after the increment, so as to ensure that the image identification information of the face payment device is incremental, specifically, the step of determining the image identification information of the target face image may include:

Reading a history image identification record of face payment from a storage unit, wherein the storage unit is provided with a data update period for the history image identification record;

and calculating the image identification information of the target face image according to the data updating period and the historical image identification record.

The storage unit refers to a structure capable of storing data, and optionally, the storage unit can also have a function of reading and writing data. The types of memory cells may be varied, and may include nonvolatile memory cells and volatile memory cells, for example.

The nonvolatile memory unit is a memory unit in a nonvolatile memory (NVM), and the NVM refers to a computer memory in which stored data cannot disappear after current is turned off. For example, the NVM may include Read-Only Memory (ROM) and flash Memory (English)

The volatile memory unit is a memory unit in a volatile memory (Random Access Memory, RAM) which can be read and written at any time, and which is usually used as a temporary storage medium for an operating system or other running programs. However, RAM cannot retain data when power is turned off, and if it is required to store data, they must be written to a long-term memory.

Wherein the data update period refers to an interval in which data update is performed. For example, the data update period may include a time interval, and the data update operation is performed at intervals of a predetermined time, such as at intervals of 10 minutes; for another example, the data update period may include a count interval, and the data update operation is performed every predetermined count interval, for example, every 1 ten thousand increments of the count of the image identification information.

The history image identification record refers to related data obtained by recording the history image identification information of the face payment device, and specifically, since the face payment device needs to ensure that the image identification information of the target face image is increased, in the application, the history image identification record of the face payment can be read from the storage unit, so that the image identification information of the target face image can be obtained by increasing the history image identification record. It should be noted that, in the present application, the data update period for the history image identification record may be different due to different storage units, so that the history image identification record in different storage units may also be different.

In the present application, for different storage units, the data update period of the history image identifier record may be different, for example, for a volatile storage unit, since the volatile storage unit may be read and written at any time, the image identifier information may be incrementally processed each time, for example, when the FID is added with 1, the data update period of the history image identifier record by the volatile storage unit may be a count interval of 1; however, for the nonvolatile memory unit, although the data will not disappear after the nonvolatile memory unit is powered off, the nonvolatile memory unit has a read-write limitation, so that a larger data update period can be set for the nonvolatile memory unit, for example, when the increment count of the image identification information is detected to satisfy a preset value, for example, when the FID increment count is 1 ten thousand times, the data can be read from and written to the nonvolatile memory unit.

In practical application, the image identification information is generally stored in an internal memory of a secure encryption module, such as SE, and is powered by a battery to ensure that the image identification information is increased along with each frame of target face image. However, in the low-cost and small-volume solution, the battery and the hardware tamper-proof design cannot be used due to cost and volume limitations, that is, the image identification information increment of the face payment device cannot be ensured by integrating the battery. In order to solve the problem, in the application, by designing and applying different kinds of storage units and combining different data updating periods of the storage units, after reading the history image identification record of the face payment from the storage units, further calculating the image identification information of the target face image according to the data updating periods and the history image identification record. Specifically, the following will exemplify.

In an embodiment, the storage unit may include a nonvolatile storage unit and a volatile storage unit, the volatile storage unit may be used to store a first image identification record of the face payment, the nonvolatile storage unit may be used to store a second image identification record of the face payment, and specifically, the step of "reading a history image identification record of the face payment from the storage unit" may include:

when the first image identification record in the volatile storage unit is detected to meet the preset condition, updating the second image identification record stored in the nonvolatile storage unit according to the data updating period of the second image identification record in the nonvolatile storage unit;

and reading the updated second image identification record from the nonvolatile storage unit, and taking the updated second image identification record as a historical image identification record of face payment.

In the present application, since different storage units may have different data update periods for the history image identification record, the history image identification record recorded in different storage units may also be different. Wherein the first image identification record refers to a history image identification record recorded in the volatile storage unit. The second image identification record refers to a history image identification record recorded in the nonvolatile storage unit.

The preset condition is a condition set for updating data of the second image identification record in the nonvolatile storage unit, for example, the preset condition may be that 10000 is taken as a count judgment unit, and the preset condition is determined to be satisfied whenever the first image identification record is detected to reach a new count judgment unit. As an example, the second image identification record may be incremented by 1 at a count interval, and then the second image identification record may be incremented from 1 to 2,3, …,9999, and then when it is detected that the second image identification record is incremented to 10000, it is determined that the preset condition is satisfied; similarly, the second image identification record may continue to increment from 10000 to 10001,10002,10003, …,19999, and when an increment of the second image identification record to 2000 is detected, it is determined that the preset condition … … is satisfied.

When the first image identification record in the volatile storage unit is detected to meet the preset condition, the second image identification record stored in the nonvolatile storage unit can be updated according to the data updating period of the second image identification record in the nonvolatile storage unit.

As an example, the data update period of the first image identification record in the volatile storage unit may be a count interval, which may be specifically 1; the data update period of the second image identification record in the nonvolatile memory unit may be a count interval, and the count interval may specifically be 10000. Then when it is detected that the first image identification record in the volatile storage unit is incremented from 9999 to 10000, the second image identification record stored in the nonvolatile storage unit may be updated to 10000; when the first image identification record in the volatile storage unit is detected to be increased from 19999 to 20000, the second image identification record stored in the nonvolatile storage unit can be updated to 20000; when it is detected that the first image identification record in the volatile memory unit is incremented from 29999 to 30000, the second image identification record stored in the nonvolatile memory unit may be updated to 30000 … ….

Further, the updated second image identification record can be read from the nonvolatile storage unit, and the updated second image identification record is used as a historical image identification record of face payment. For example, if the updated second image identifier record is 10000, the value 10000 can be read from the nonvolatile storage unit, and the value 10000 is used as a history image identifier record of face payment; if the updated second image identification record is 20000, reading the value 20000 from the nonvolatile storage unit, and using the value 20000 as a history image identification record of face payment; if the updated second image identification record is 30000, the value 30000 can be read from the nonvolatile memory unit, and the value 30000 can be used as the history image identification record … … of face payment

It should be noted that, since the volatile storage unit cannot retain data when power is off, it may be set that each time the power is turned off and restarted or each time the face payment device is turned on, the second image identification record that is currently latest is directly read from the nonvolatile storage unit, and the second image identification record is used as the history image identification record of face payment. For example, since the volatile storage unit cannot retain data when power is off, it may be configured to perform the step of "reading the second image identification record currently latest from the nonvolatile storage unit and using the second image identification record as the history image identification record of the face payment" every time the power is turned off and restarted or every time the face payment device is turned on. "

In another embodiment, the storage unit may include a nonvolatile storage unit and a volatile storage unit, the volatile storage unit may be used to store a first image identification record of the face payment, the nonvolatile storage unit may be used to store a second image identification record of the face payment, and specifically, the step of "reading a history image identification record of the face payment from the storage unit" may include:

the stored first image identification record is read from the volatile storage unit and used as a history image identification record of face payment.

It should be noted that although the volatile storage unit cannot retain data when the power is off, the volatile storage unit can stably store and read/write data under the condition that the power supply is stable or the face payment device does not need to be restarted, so that the stored first image identification record can be directly read from the volatile storage unit and used as the historical image identification record of the face payment. For example, in the case where the power supply is stable or the face payment apparatus does not need to be restarted, if the first image identification record stored in the volatile storage unit is 8999, the value 8999 may be read from the volatile storage unit, and the value 8999 may be recorded as the history image identification record of the face payment.

The above description of the step of "reading the history image identification record of the face payment from the storage unit provided with the data update period for the history image identification record" is made in addition to the description thereof, and the step of "calculating the image identification information of the target face image from the data update period and the history image identification record" may be further explained below.

As described above, the following two application scenarios may be included in practical applications: for both application scenarios, the step of calculating the image identification information of the target face image according to the data update period and the history image identification record may have different implementations.

In an embodiment, in a case where power supply is unstable (for example, power-off is restarted) or the face payment device is restarted, the image identification information of the target face image may be ensured to be incremented by performing a reset process on the read history image identification record. In this embodiment, the storage unit includes a nonvolatile storage unit that stores a second image identification record of the face payment, specifically, the step of "calculating image identification information of the target face image from the data update period and the history image identification record" may include:

Resetting the historical image identification record according to the data updating period of the second image identification record in the nonvolatile storage unit;

based on the processing result, image identification information of the target face image is determined.

The reset process is one of the data update processes, and is specifically implemented by resetting data to other data.

The method for resetting the history image identification record according to the data update period of the second image identification record in the nonvolatile memory unit may have various modes, for example, a numerical value of the data update period may be taken, and the numerical value and the history image identification record are operated, so that the history image identification record is reset to an operation result. By way of example, the types of operations may include addition, multiplication, weighting, and the like, as well as complex operations of various operations, which the present application is not limited to.

As an example, the data update period of the second image identification record in the nonvolatile storage unit may be a count interval, which may specifically be 10000, and the read history image identification record may be 20000, and the reset process may be implemented by performing an addition operation on the history image identification record and the value of the data update period, that is, by performing 20000+10000=30000.

Further, the image identification information of the target face image may be determined based on the processing result, and for example, a numerical value corresponding to the processing result may be determined as the image identification information of the target face image. In the above example, that is, the image identification information of the target face image is determined to be 30000. In this way, it is ensured that the image identification information of the target face image is also incremented in the event of unstable power supply (e.g., power-off restart) or restarting of the face payment device in time.

In another embodiment, for the case that the power supply is stable or the face payment device does not need to be restarted, the image identification information of the target face image can be ensured to be incremented by performing the increment processing on the read history image identification record. In this embodiment, the storage unit may include a volatile storage unit, and the volatile storage unit may be configured to store a first image identification record of the face payment, specifically, the step of "calculating image identification information of the target face image from the data update period and the history image identification record" may include:

according to the data updating period of the first image identification record in the volatile storage unit, performing incremental processing on the history image identification record;

The increment process is one of data update processes, and is specifically implemented by incrementing data.

The method for increasing the historical image identification record according to the data update period of the first image identification record in the volatile storage unit can be various, for example, the numerical value of the data update period can be taken, and the historical image identification record is increased by the numerical value, so that the increasing process of the historical image identification record is realized.

As an example, the data update period of the first image identification record in the volatile storage unit may be a count interval, which may be specifically 1, and the read history image identification record may be 15712, and the incrementing process may be performed by incrementing the history image identification record by this value, that is, by performing 15712+1= 15713.

Further, the image identification information of the target face image may be determined based on the processing result, and for example, a numerical value corresponding to the processing result may be determined as the image identification information of the target face image. In the above example, that is, the image identification information of the target face image is determined to be 15713. In this way, the image identification information of the target face image is increased under the condition that the power supply is stable or the face payment equipment does not need to be restarted, the characteristic that the volatile storage unit does not limit the read-write times is properly utilized, and the resource utilization rate is improved.

The above is repeated for the step of "determining a target face image for face payment from the original image sequence; the description is made on the determination of the image identification information of the target face image, in the application, after the determination of the image identification information of the target face image, the target data required for carrying out face payment can be generated further based on the digital signature corresponding to the image identification information and the target face image; and sending the target data to the server to trigger the server to conduct face payment processing based on the target data.

For example, the target face image, the digital signature corresponding to the target face image, and the image identification information of the target face image may be appended to the target data transmitted to the server, and the target data may be transmitted to the server to trigger the server to perform the face payment process based on the target data. It should be noted that, the process of generating the target data may further include a conventional process of data processing such as data encryption and data compression, which is not described herein.

Because the compressed image is signed and processed based on the preset private key through the secure encryption module, and the replay attack is effectively defended through designing a processing mechanism for ensuring the increment of the image identification information, when the server side executes the face payment processing, the digital signature can be correspondingly verified to detect whether the data tampering problem occurs or not, and the image identification information of the target face image is checked to detect whether the data replay attack occurs or not. Specifically, the step of "triggering the server to perform face payment processing based on the target data" may include:

The triggering server verifies the data signature based on a preset public key to obtain a first verification result;

verifying the target identification information according to the history identification information stored by the server to obtain a second verification result;

and carrying out face payment processing on the target face image based on the first verification result and the second verification result.

It is noted that the preset private key and the preset public key in the application are a pair of secret keys, so that the face payment device signs the summary information of the compressed image based on the preset private key and then sends the generated digital signature to the server, the server can correspondingly use the preset public key to check the signature to obtain a first verification result, and specifically, if the first verification result is verification passing, the fact that the signature is checked by the server is indicated, and the fact that the data sent to the server by the face payment device is not tampered can be confirmed.

The target identification information refers to image identification information of a target face image transmitted to the server by the face payment device. In practical application, after receiving the image identification information corresponding to the historical face image sent by the face payment device, the server may store the image identification information, where the image identification information stored by the server may be referred to as the historical identification information stored by the server in this application.

Since the face payment device needs to ensure that the image identification information of the target face image is incremented in order to resist replay attack, the server side can also detect whether the received face payment request belongs to replay attack by checking whether the received target identification information is incremented accordingly. Therefore, the server can verify the target identification information according to the stored history identification information to obtain a second verification result.

For example, the server may select a maximum value from the history identification information and determine whether the target identification information is incremental by comparing the target identification information with the maximum value. Specifically, if the target identification information is smaller than or equal to the maximum value, it may be determined that the target identification information is not incremented, that is, the second verification result is that verification is failed, it may be further determined that the currently received face payment request belongs to replay attack and an alarm is given for the replay attack; if the target identification information is greater than the maximum value, it may be determined that the target identification information is incremental, that is, the second verification result is verification passing, and then the relevant steps required for face payment may be further performed.

After the first verification result and the second verification result are determined, face payment processing can be further performed on the target face image based on the first verification result and the second verification result. For example, when the first verification result and the second verification result are both verification passing, the server determines a relevant step of performing face payment processing for the target face image; otherwise, the server issues an alert and refuses to perform the relevant steps of the face payment process for the target face image.

As can be seen from the above, the present embodiment may obtain an original image sequence of face payment through the main control processing module, where the original image sequence includes at least one original face image; image compression is carried out on the original face image to obtain a compressed image; carrying out hash processing on the compressed image to obtain abstract information of the compressed image; the method comprises the steps of sending abstract information to a secure encryption module, and carrying out signature processing on the abstract information based on a preset private key through the secure encryption module to obtain a digital signature of the abstract information; and carrying out face payment processing according to the digital signature.

The scheme can be realized based on the existing low-performance, low-cost and low-bandwidth face recognition equipment in the industry, and the data flow signature for face payment is realized. Specifically, when the method is applied to a face-brushing camera, a face-brushing payment system or other face payment scenes, the scheme can acquire an original face image of face payment through the main control processing module, compress the original face image, hash the compressed image to obtain abstract information corresponding to the compressed image, and then compress image data to be subjected to signature processing by the security encryption module by utilizing the data processing capability of the main control processing module, so that the signature of stream data paid by the face by the security encryption module is realized on the basis of meeting the input/output throughput capability of the security encryption module, thereby resisting data tampering, guaranteeing service safety and improving the efficiency of face payment.

In addition, the embodiment of the application can realize the SE level flow signature method, and can defend data tampering and data replay attack when applied to the face-brushing payment camera and the face-brushing payment system, thereby guaranteeing the service safety. And the method can be applied to a face-brushing payment camera and a face-brushing payment system based on the current state of the industry, and can realize business safety with low cost.

According to the method described in the above examples, examples are further detailed below.

In this embodiment, the face payment device is described as being integrated in a server and a terminal, where the server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, and basic cloud computing services such as big data and artificial intelligence platforms. The terminal may include a main control processing module and a secure encryption module, for example, the terminal may be a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, a car computer, etc., but is not limited thereto. The terminal and the server may be directly or indirectly connected through wired or wireless communication, which is not limited herein.

As shown in fig. 4, a face payment method specifically includes the following steps:

201. the terminal acquires an original image sequence of face payment through a main control processing module, wherein the original image sequence comprises at least one original face image.

In an embodiment, the terminal may be a face payment device, and the face payment device may include a main control processing module and a secure encryption module. As an example, the main control processing module may include an SoC in the face payment device, in particular, the chip may be referred to as a main control chip, which may be capable of supporting image processing in the face payment process, for example, compression processing, hash processing, and the like; the secure encryption module may be inherited in particular at the SE chip.

In practice, the face payment device may be a device that supports face payment, which may include at least one camera, at least one screen, a scanner, a keyboard, a sensor, etc.; optionally, the face payment device may also support a plurality of payment modes such as code scanning payment and password payment. For example, the face recognition device may include a 3D (3D) camera, which is analogous to a conventional camera, and which adds living related software and hardware, including a depth camera and an infrared camera, to help ensure information security. As an example, fig. 5 illustrates one type of face recognition device.

202. And the terminal performs image compression on the original face image to obtain a compressed image.

In an embodiment, taking an original face image as an example, referring to fig. 3, a color image stream may be obtained by a main control chip, where the color image stream may include at least one frame of original color image. After the main control chip obtains the color image stream, the VPU module can be used for compressing the original color image into a JPEG format image to obtain a compressed image.

203. The terminal carries out hash processing on the compressed image to obtain abstract information of the compressed image.

In an embodiment, referring to fig. 6, a hash module integrated in the main control chip may be used to perform hash processing on the compressed JPEG color map to obtain summary information of the compressed image.

204. The terminal sends the abstract information to the secure encryption module, and the secure encryption module performs signature processing on the abstract information based on a preset private key to obtain a digital signature of the abstract information.

In an embodiment, referring to fig. 6, the main control chip may transmit the JPEG color map hash to the SE chip, that is, send the summary information of the compressed image to the SE chip, and encrypt the color map hash by presetting a private key in the SE chip, where the encrypted ciphertext of the SE chip chinese JEPG color map hash is the SE key signature of the JPEG color map, that is, perform signature processing on the summary information, to obtain the digital signature of the summary information.

205. The terminal determines a target face image of the face payment from the original image sequence, and determines image identification information of the target face image.

In one embodiment, the terminal may determine the target facial image through facial preferences and store the FID in a 64-bit integer memory variable, incremented each frame of the color map signature. The FLASH is written into every increment count for 1 ten thousand times, the FID is read out from the FLASH every time the FLASH is started and added for 1 ten thousand times, so that the FID increment can be realized even if the power is off under the premise of not using a battery, and the replay attack is defended.

206. The terminal generates target data required for carrying out face payment based on the digital signature of the image identification information corresponding to the target face image.

In an embodiment, the terminal may append the target face image, the digital signature of the target face image, and the image identification information of the target face image to the target data to generate target data required for making the face payment.

207. And the terminal sends the target data to the server to trigger the server to carry out face payment processing based on the target data.

From the above, the embodiment of the application can support the realization of the data stream signature for the face payment based on the existing low-performance, low-cost and low-bandwidth face recognition equipment in the industry. Specifically, when the method is applied to a face-brushing camera, a face-brushing payment system or other face payment scenes, the scheme can acquire an original face image of face payment through the main control processing module, compress the original face image, hash the compressed image to obtain abstract information corresponding to the compressed image, and then compress image data to be subjected to signature processing by the security encryption module by utilizing the data processing capability of the main control processing module, so that the signature of stream data paid by the face by the security encryption module is realized on the basis of meeting the input/output throughput capability of the security encryption module, thereby resisting data tampering, guaranteeing service safety and improving the efficiency of face payment.

In order to better implement the above method, correspondingly, the embodiment of the application also provides a face payment device, wherein the face payment device can be integrated in the terminal. The terminal may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, a car computer, etc.

For example, as shown in fig. 7, the face payment apparatus may include an acquisition unit 301, a compression unit 302, a hash unit 303, a signature unit 304, and a payment unit 305, as follows:

an obtaining unit 301, configured to obtain, by using a main control processing module, an original image sequence of face payment, where the original image sequence includes at least one original face image;

the compression unit 302 may be configured to perform image compression on the original face image to obtain a compressed image;

A hash unit 303, configured to perform hash processing on the compressed image to obtain summary information of the compressed image;

the signature unit 304 may be configured to send the summary information to a secure encryption module, and perform signature processing on the summary information by using the secure encryption module based on a preset private key, to obtain a digital signature of the summary information;

a payment unit 305 may be used to perform facial payment processing based on the digital signature.

In an embodiment, referring to fig. 8, the payment unit 305 may include:

an image determination subunit 3051, configured to determine a target face image of a face payment from the original image sequence;

an identification determination sub-unit 3052 that may be used to determine image identification information of the target face image;

a generating subunit 3053, configured to generate target data required for performing face payment based on the digital signature corresponding to the target face image and the image identification information;

the sending subunit 3054 may be configured to send the target data to a server, so as to trigger the server to perform a face payment processing based on the target data.

In an embodiment, the identification determination subunit 3052 may be configured to:

In an embodiment, the storage unit includes a nonvolatile storage unit and a volatile storage unit, where the volatile storage unit is used to store a first image identification record of face payment, and the nonvolatile storage unit is used to store a second image identification record of face payment; the identification determination subunit 3052 may specifically be configured to:

In an embodiment, the storage unit includes a nonvolatile storage unit for storing a second image identification record of the face payment; the identification determination subunit 3052 may specifically be configured to:

In an embodiment, the storage unit includes a volatile storage unit for storing a first image identification record of the face payment; the identification determination subunit 3052 may specifically be configured to:

In an embodiment, the transmitting subunit 3054 may be configured to:

In an embodiment, referring to fig. 9, the compression unit 302 may include:

a transforming subunit 3021, configured to perform data transformation on pixel information in the original face image to obtain a transformed image;

a quantization subunit 3022, configured to perform data quantization on pixel information in the transformed image to obtain a quantized image;

the compression subunit 3023 may be configured to perform image compression on the pixel information in the quantized image to obtain a compressed image.

In an embodiment, referring to fig. 10, the signature unit 304 may include:

a function determination subunit 3041 operable to determine an encryption function required for encrypting the digest information;

the encryption subunit 3042 may be configured to encrypt the summary information by using the encryption function based on the preset private key to obtain an encrypted ciphertext of the summary information, and use the encrypted ciphertext as a digital signature of the summary information.

In the implementation, each unit may be implemented as an independent entity, or may be implemented as the same entity or several entities in any combination, and the implementation of each unit may be referred to the foregoing method embodiment, which is not described herein again.

As can be seen from the above, in the face payment device of the present embodiment, the acquiring unit 301 acquires an original image sequence of face payment through the main control processing module, where the original image sequence includes at least one original face image; image compression is carried out on the original face image by a compression unit 302 to obtain a compressed image; hashing the compressed image by a hashing unit 303 to obtain abstract information of the compressed image; the signature unit 304 sends the abstract information to a secure encryption module, and the secure encryption module performs signature processing on the abstract information based on a preset private key to obtain a digital signature of the abstract information; the face payment processing is performed by the payment unit 305 according to the digital signature.

In addition, the embodiment of the application also provides computer equipment, and the computer equipment can be equipment such as a terminal. The terminal may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, a car computer, etc. As shown in fig. 11, a schematic structural diagram of a computer device according to an embodiment of the present application is shown, specifically:

the computer device may include a memory 401 having one or more computer-readable storage media, an input unit 402, a processor 403 having one or more processing cores, and a power supply 404. Those skilled in the art will appreciate that the computer device structure shown in FIG. 11 is not limiting of the computer device and may include more or fewer components than shown in FIG. 11, or may be a combination of certain components, or a different arrangement of components. Wherein:

the memory 401 may be used to store software programs and modules, and the processor 403 executes various functional applications and data processing by executing the software programs and modules stored in the memory 401. The memory 401 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like; the storage data area may store data created according to the use of the computer device (such as audio data, phonebooks, etc.), and the like. In addition, memory 401 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory 401 may further include a memory controller to provide access to the memory 401 by the processor 403 and the input unit 402.

The input unit 402 may be used to receive input numeric or character information and to generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, in one particular embodiment, the input unit 402 may include a touch-sensitive surface, as well as other input devices. The touch-sensitive surface, also referred to as a touch display screen or a touch pad, may collect touch operations thereon or thereabout by a user (e.g., operations thereon or thereabout by a user using any suitable object or accessory such as a finger, stylus, etc.), and actuate the corresponding connection means according to a predetermined program. Alternatively, the touch-sensitive surface may comprise two parts, a touch detection device and a touch controller. The touch detection device detects the touch azimuth of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch detection device and converts it into touch point coordinates, which are then sent to the processor 403, and can receive commands sent from the processor 403 and execute them. In addition, touch sensitive surfaces may be implemented in a variety of types, such as resistive, capacitive, infrared, and surface acoustic waves. In addition to the touch-sensitive surface, the input unit 402 may also include other input devices. In particular, other input devices may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, mouse, joystick, etc.

Processor 403 is the control center of the computer device, and uses various interfaces and lines to connect the various parts of the overall handset, by running or executing software programs and/or modules stored in memory 401, and invoking data stored in memory 401, performing various functions of the computer device and processing the data, thereby performing overall monitoring of the handset. Optionally, processor 403 may include one or more processing cores; preferably, the processor 403 may integrate an application processor and a modem processor, wherein the application processor primarily handles operating systems, user interfaces, application programs, etc., and the modem processor primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 403.

The computer device also includes a power supply 404 (e.g., a battery) for powering the various components, which may be logically connected to the processor 403 via a power management system so as to perform functions such as managing charge, discharge, and power consumption via the power management system. The power supply 404 may also include one or more of any of a direct current or alternating current power supply, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.

Although not shown, the computer device may further include a camera, a bluetooth module, etc., which will not be described herein. In particular, in this embodiment, the processor 403 in the computer device loads executable files corresponding to the processes of one or more application programs into the memory 401 according to the following instructions, and the processor 403 executes the application programs stored in the memory 401, so as to implement various functions, as follows:

acquiring an original image sequence of face payment through a main control processing module, wherein the original image sequence comprises at least one original face image; image compression is carried out on the original face image to obtain a compressed image; carrying out hash processing on the compressed image to obtain abstract information of the compressed image; the method comprises the steps of sending abstract information to a secure encryption module, and carrying out signature processing on the abstract information based on a preset private key through the secure encryption module to obtain a digital signature of the abstract information; and carrying out face payment processing according to the digital signature.

The specific implementation of each operation above may be referred to the previous embodiments, and will not be described herein.

As can be seen from the above, the computer device of the present embodiment can support the realization of the data stream signature for face payment based on the existing low-performance, low-cost and low-bandwidth face recognition device in the industry. Specifically, when the method is applied to a face-brushing camera, a face-brushing payment system or other face payment scenes, the scheme can acquire an original face image of face payment through the main control processing module, compress the original face image, hash the compressed image to obtain abstract information corresponding to the compressed image, and then compress image data to be subjected to signature processing by the security encryption module by utilizing the data processing capability of the main control processing module, so that the signature of stream data paid by the face by the security encryption module is realized on the basis of meeting the input/output throughput capability of the security encryption module, thereby resisting data tampering, guaranteeing service safety and improving the efficiency of face payment.

Those of ordinary skill in the art will appreciate that all or a portion of the steps of the various methods of the above embodiments may be performed by instructions, or by instructions controlling associated hardware, which may be stored in a computer-readable storage medium and loaded and executed by a processor.

To this end, embodiments of the present application provide a storage medium having stored therein a plurality of instructions capable of being loaded by a processor to perform steps in any of the facial payment methods provided by embodiments of the present application. For example, the instructions may perform the steps of:

Wherein the storage medium may include: read Only Memory (ROM), random access Memory (RAM, random Access Memory), magnetic or optical disk, and the like.

The instructions stored in the storage medium may perform steps in any face payment method provided in the embodiments of the present application, so that the beneficial effects that any face payment method provided in the embodiments of the present application can be achieved, which are detailed in the previous embodiments and are not described herein.

According to one aspect of the present application, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions are read from the computer-readable storage medium by a processor of a computer device, and executed by the processor, cause the computer device to perform the methods provided in various alternative implementations of the face payment aspects described above.

The foregoing has described in detail the face payment method, apparatus, computer device, storage medium and product provided by the embodiments of the present application, and specific examples have been applied herein to illustrate the principles and embodiments of the present application, and the description of the foregoing embodiments is only for aiding in the understanding of the method and core idea of the present application; meanwhile, those skilled in the art will have variations in the specific embodiments and application scope in light of the ideas of the present application, and the present description should not be construed as limiting the present application in view of the above.

Claims

1. The face payment method is suitable for a terminal, wherein the terminal comprises a main control processing module and a secure encryption module, and comprises the following steps:

and carrying out face payment processing according to the digital signature.

2. The face payment method of claim 1, wherein performing face payment processing based on the digital signature comprises:

determining a target face image of a face payment from the original image sequence;

determining image identification information of the target face image;

generating target data required for carrying out face payment based on the digital signature corresponding to the image identification information and the target face image;

And sending the target data to a server to trigger the server to carry out face payment processing based on the target data.

3. The face payment method of claim 2, wherein determining the image identification information of the target face image comprises:

4. A face payment method as recited in claim 3, wherein the storage unit includes a nonvolatile storage unit for storing a first image identification record of the face payment and a volatile storage unit for storing a second image identification record of the face payment;

reading a history image identification record of face payment from a storage unit, comprising:

5. A face payment method as recited in claim 3, wherein the storage unit includes a nonvolatile storage unit for storing a second image identification record of the face payment;

calculating the image identification information of the target face image according to the data updating period and the historical image identification record, wherein the image identification information comprises the following steps:

6. A face payment method as recited in claim 3, wherein the storage unit includes a volatile storage unit for storing a first image identification record of the face payment;

According to the data updating period of the first image identification record in the volatile storage unit, performing incremental processing on the historical image identification record;

7. The face payment method of claim 2, wherein triggering the server to perform a face payment process based on the target data comprises:

triggering the server to verify the data signature based on a preset public key to obtain a first verification result;

8. The face payment method of claim 1, wherein image compressing the original face image to obtain a compressed image comprises:

performing data transformation on pixel information in the original face image to obtain a transformed image;

9. The face payment method according to claim 1, wherein the signing process is performed on the summary information by the secure encryption module based on a preset private key to obtain a digital signature of the summary information, including:

and based on the preset private key, encrypting the abstract information through the encryption function to obtain an encrypted ciphertext of the abstract information, and taking the encrypted ciphertext as a digital signature of the abstract information.

10. A face payment device, comprising:

11. An electronic device comprising a memory and a processor; the memory stores an application program, and the processor is configured to execute the application program in the memory to perform the operations in the face payment method according to any one of claims 1 to 9.

12. A storage medium storing a plurality of instructions adapted to be loaded by a processor to perform the steps in facial payment according to any one of claims 1 to 9.

13. A computer program product comprising computer programs/instructions which when executed by a processor implement the steps in the face payment method of any one of claims 1 to 9.