GB2620664A - Access permission verification method, device, and system and identity authentication terminal - Google Patents
Access permission verification method, device, and system and identity authentication terminal Download PDFInfo
- Publication number
- GB2620664A GB2620664A GB2305443.0A GB202305443A GB2620664A GB 2620664 A GB2620664 A GB 2620664A GB 202305443 A GB202305443 A GB 202305443A GB 2620664 A GB2620664 A GB 2620664A
- Authority
- GB
- United Kingdom
- Prior art keywords
- access
- identity
- information
- person
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 73
- 238000012795 verification Methods 0.000 title claims abstract description 41
- 230000006854 communication Effects 0.000 claims description 36
- 238000003860 storage Methods 0.000 claims description 35
- 238000004891 communication Methods 0.000 claims description 34
- 238000012545 processing Methods 0.000 claims description 28
- 238000012549 training Methods 0.000 claims description 21
- 230000005540 biological transmission Effects 0.000 claims description 20
- 238000013136 deep learning model Methods 0.000 claims description 13
- 238000010295 mobile communication Methods 0.000 claims description 13
- 238000001514 detection method Methods 0.000 claims description 4
- 238000012360 testing method Methods 0.000 claims description 4
- 238000004806 packaging method and process Methods 0.000 claims 1
- 230000000007 visual effect Effects 0.000 abstract 1
- 238000013475 authorization Methods 0.000 description 37
- 230000006870 function Effects 0.000 description 17
- 230000008569 process Effects 0.000 description 10
- 230000008859 change Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 230000009467 reduction Effects 0.000 description 8
- 238000004422 calculation algorithm Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 5
- 238000007906 compression Methods 0.000 description 4
- 230000006835 compression Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 238000007781 pre-processing Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000012790 confirmation Methods 0.000 description 3
- 238000013135 deep learning Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 235000002566 Capsicum Nutrition 0.000 description 2
- 239000006002 Pepper Substances 0.000 description 2
- 241000722363 Piper Species 0.000 description 2
- 235000016761 Piper aduncum Nutrition 0.000 description 2
- 235000017804 Piper guineense Nutrition 0.000 description 2
- 235000008184 Piper nigrum Nutrition 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000011478 gradient descent method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 150000003839 salts Chemical class 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000002146 bilateral effect Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013527 convolutional neural network Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000013144 data compression Methods 0.000 description 1
- 238000013479 data entry Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000009499 grossing Methods 0.000 description 1
- 238000010191 image analysis Methods 0.000 description 1
- 238000003709 image segmentation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011176 pooling Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 230000001755 vocal effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/38—Individual registration on entry or exit not involving the use of a pass with central registration
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C2209/00—Indexing scheme relating to groups G07C9/00 - G07C9/38
- G07C2209/02—Access control comprising means for the enrolment of users
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Human Computer Interaction (AREA)
- Collating Specific Patterns (AREA)
Abstract
The present invention relates to the technical field of security, and provides an access permission verification method, device, and system and an identify authentication terminal. The method comprises: acquiring a face feature of a face in the visual field of a camera; on the basis of the face feature and identity information of a legitimate personnel, identifying the personnel identity of a target personnel corresponding to the face feature, so as to obtain an identity identification result; generating access application information on the basis of the identity identification result, and sending the access application information to a remote permission terminal, so as to verify whether the target personnel have an access permission by means of the remote permission terminal; if the target personnel have the access permission, sending access indication information to the identify authentication terminal; and when the access indication information sent by the remote permission terminal is received, controlling the target personnel to access.
Description
Verification Method, Apparatus and System of Access Authority, and Identity Authentication Terminal
Cross-Reference to Related Application
The present disclosure claims priority to Chinese Patent Application No. 202210270111.9 filed to the China National Intellectual Property Administration on March 18, 2022 and entitled "Verification Method, Apparatus and System of Access Authority, and Identity Authentication Terminal", the present disclosure of which is hereby incorporated by reference in its entirety.
Technical Field
The present disclosure relates to the technical field of security, and in particular to a verification method, apparatus and system of access authority, and an identity authentication terminal.
Background
For some important sites, in order to ensure security, it is necessary to strictly control and manage the access of persons. For example, a substation is an important site in a power grid system, and is a power facility for the power grid system to change voltage, receive and distribute electric energy, control power flow and adjust voltage. The normal operation of the substation can guarantee the operation security of the whole power grid. Therefore, it is necessary to strictly control the persons entering and leaving the substation. In a related art, manners such as a key, an access card and face recognition are usually employed to manage the persons in and out. However, there are big security loopholes in these management methods. For example, a person who does not have the access authority may enter a site after getting a key or an access card and pose a security threat to the site. In addition, a face recognition device has limited single-machine processing capacity, which easily leads to low recognition efficiency and accuracy, thus resulting in miss-recognition of a person who does not have the access authority, making it difficult to ensure the security of important sites.
Summary
In view of the above security loopholes, embodiments of the present disclosure provide a verification method, apparatus and system of access authority, and an identity authentication terminal, which may prevent a person who does not have the access authority from entering an important site with an access card or a key, improve the processing capacity of authentication, improve the recognition efficiency and accuracy, and ensure the security of the important site.
According to a first aspect, the embodiments of the present disclosure provide a verification method of access authority. The method is applied to an identity authentication terminal. The identity authentication terminal is in communication connection with a remote license terminal, and the identity authentication terminal stores identity information, which is transmitted in advance by the remote license terminal, of a person who has access authority. A camera is installed in the identity authentication terminal. The method may include that: a face feature of a face in a field of vision of the camera is acquired, based on the face feature and the identity information of the person who has the access authority, an identity of a target person corresponding to the face feature is recognized to obtain an identity recognition result, wherein the face feature of the face in the field of vision of the camera is acquired in a case where first texture data corresponding to an image shot by the camera is input to a pre-trained texture model to detect the face in the image, access request information is generated based on the identity recognition result, and the access request information is sent to the remote license terminal to verify whether the target person has access authority; in a case where the target person has the access authority, access-allowed indication information is sent to the identity authentication terminal; and in a case where the access-allowed indication information sent by the remote license terminal is received, the target person is allowed to access.
According to a second aspect, the embodiments of the present disclosure provide a verification apparatus of access authority. The apparatus is arranged on an identity authentication terminal. The identity authentication terminal is in communication connection with a remote license terminal, and the identity authentication terminal stores identity information, which is transmitted in advance by the remote license terminal, of a person who has access authority. A camera is installed in the identity authentication terminal. The apparatus may include: an identity recognition module, configured to acquire a face feature of a face in a field of vision of the camera, and recognize, based on the face feature and the identity information of the person who has the access authority, an identity of a target person corresponding to the face feature to obtain an identity recognition result; an access request module, configured to generate access request information based on the identity recognition result, and send the access request information to the remote license terminal to verify whether the target person has access authority; and send, in a case where the target person has the access authority, access-allowed indication information to the identity authentication terminal; and an access control module, configured to allow the target person to access in a case where the access-allowed indication information sent by the remote license terminal is received.
According to a third aspect, the embodiments of the present disclosure provide an identity authentication terminal, including a processor and a memory. The memory stores a machine executable instruction executable by the processor, and the processor executes the machine executable instruction to implement the above verification method of access authority.
According to a fourth aspect, the embodiments of the present disclosure provide a verification system of access authority, including an identity authentication terminal, a remote license terminal, a mobile communication transmission module, an administrator terminal and a cloud storage platform. Herein, the mobile communication transmission module is configured between the identity authentication terminal and the remote license terminal, and is configured to implement communication between the identity authentication terminal and the remote license terminal.
According to a fifth aspect, the embodiments of the present disclosure provide a machine readable storage medium. A machine executable instruction is stored on the machine readable storage medium. When the machine executable instruction is called and executed by a processor, the machine executable instruction causes the processor to implement the above verification method of access authority.
The embodiments of the present disclosure provide a verification method, apparatus and system of access authority, and an identity authentication terminal. The method includes that: a face feature of a face in the field of vision of a camera is acquired; based on the face feature and identity information of a person who has access authority, an identity of a target person corresponding to the face feature is recognized to obtain an identity recognition result; access request information is generated based on the identity recognition result, and the access request information is sent to a remote license terminal to verify whether the target person has access authority; in a case where the target person has the access authority, access-allowed indication information is sent to an identity authentication terminal; and in a case where the access-allowed indication information sent by the remote license terminal is received, the target person is allowed to access. By virtue of the solution, the identity authentication terminal recognizes the identity of a person by face recognition, and then the remote license terminal determines whether the person has access authority. On the one hand, a person who does not have the access authority may be prevented from entering an important site with an access card or a key. On the other hand, the processing capacity of authentication may be improved, the recognition efficiency and accuracy are improved, and the security of the important site is ensured.
Other features and advantages of the embodiments of the present disclosure will be set forth in the specification that follows, and in part will be apparent from the specification, or may be learned by implementing the embodiments of the present disclosure. The purposes and other advantages of the embodiments of the present disclosure are implemented and obtained by the structure specified in the specification, claims and accompanying drawings.
In order to make the above-mentioned purposes, features and advantages of the embodiments of the present disclosure more obvious and easy to understand, detailed descriptions of exemplary embodiments are made below with reference to the accompanying drawings
Brief Description of the Drawings
In order to describe the technical solutions in the exemplary implementations of the present disclosure or the related art, the drawings required to be used in descriptions about the exemplary implementations or the related art will be simply introduced below. It is apparent that the drawings described below are some implementations of the present disclosure, and other drawings may further be obtained by those skilled in the art according to the drawings without creative work.
Fig. 1 is a schematic diagram of an exemplary hardware scenario involved in the embodiments of the present disclosure Fig. 2 is a flowchart of a verification method of access authority provided in the embodiments of the present disclosure Fig 3 is a flowchart of another verification method of access authority provided in the embodiments of the present disclosure Fig. 4 is an interaction diagram of an administrator, an authentication system and an identity authentication terminal provided in the embodiments of the present disclosure.
Fig. 5 is a flowchart of lack-of-access-authority event reporting and temporary authorization request provided in the embodiments of the present disclosure.
Fig. 6 is a flowchart of another verification method of access authority provided in the embodiments of the present disclosure.
Fig. 7 is an interaction diagram of an administrator operating authorization data provided in the embodiments of the present disclosure.
Fig. 8 is a schematic structural diagram of a verification apparatus of access authority provided in the embodiments of the present disclosure Fig. 9 is a schematic diagram of an identity authentication terminal or a remote license terminal provided in the embodiments of the present disclosure Fig. 10 is a flowchart of communication between an identity authentication terminal and a remote license terminal through a mobile communication transmission module provided in the embodiments of the present disclosure.
Detailed Description
In order to make the purposes, technical solutions and advantages of the embodiments of the present disclosure clearer, the technical solutions provided in the embodiments of the present disclosure will be clearly and completely described below in combination with the drawings, and it is apparent that the described embodiments are only a part rather all of embodiments of the present disclosure. All other embodiments obtained by those skilled in the art based on the embodiments of the present disclosure without creative efforts shall fall within the protection scope of the present disclosure.
For the convenience of understanding, description is made below in the embodiments with a substation as an example site. A substation is a power facility for a power grid system to change voltage, receive and distribute electric energy, control power flow and adjust voltage, and is a core site of the power grid system. In order to ensure the secure operation of the substation and the whole power grid system, it is necessary to strictly control and manage the access of persons to the substation. In the related art, the access of persons to the substation may be controlled and managed in any of the following manners.
In manner 1, a mechanical lock is installed at an entrance of the substation, and a key is kept by a specific person. The management is mainly performed by verbal permission, and there is no record information of the person entering the substation. In addition, since the key has no identity recognition function, if some outsiders or persons who do not have the access authority get the key, they may directly open the door to enter the substation without leaving any record information of entrance. Therefore, the manner of installing a mechanical lock at the door has great potential safety hazards. For example, it is impossible to verify whether a person entering the substation has access authority. For an operator, relevant information in a station building cannot be obtained before entering or leaving the substation, the person flow cannot be monitored in real time, and the number of persons entering the substation cannot be counted. If there is a safety accident during the operation, timely rescue cannot be conducted. Moreover, it is difficult to trace the entrance record when a safety accident occurs.
In manner 2, a technical protection system is installed at an entrance of a 110 kV/35 kV substation, and deploying and withdrawing of protection are implemented by the combination of a card reader and an access card For example, the access card is given to a person who has access authority to enter the substation and the access authority of the access card is set to limit the doors that the person can open, which has certain security assurance functions. However, since the access card, like the key, has no identity recognition function, anyone can open the door as long as he gets the access card without leaving any record information of the entrance. There are also the above-mentioned potential safety hazards and the problem that it is difficult to trace the entrance record when a safety accident occurs.
In manner 3, a face recognition system is established based on deep learning convolutional neural network. In this manner, face recognition and authentication are performed by a single device, which may lead to problems such as poor processing capacity of the single device, limited recognition range and too long recognition time, resulting in low face recognition efficiency and accuracy.
Based on the above, the embodiments of the present disclosure provide a verification method, apparatus, system of access authority, and an identity authentication terminal. The technology may be set in a substation or other sites in a power grid system, and may also be applied to a data privacy room or a site where important property is placed, so as to verify the access authority in various sites.
To facilitate the understanding of the embodiments, Fig. 1 is an exemplary hardware scenario involved in the embodiments of the present disclosure. The verification system of access authority includes an identity authentication terminal, a remote license terminal, a mobile communication transmission module, an administrator terminal and a cloud storage platform. Herein, the identity authentication terminal is usually a device arranged at the entrance of a site, and the remote license terminal may be, for example, a server, a computer, a cloud server or a mobile terminal. The identity authentication terminal is equipped with a camera to judge the identity by face recognition. The mobile communication transmission module may specifically be a 5th Generation Mobile Communication Technology (50) transmission network module in Fig. 1, is usually arranged between the identity authentication terminal and the remote license terminal, and is arranged to implement communication between the identity authentication terminal and the remote license terminal. The remote license terminal may receive the information sent by the identity authentication terminal, make a judgment based on a preset condition, and then send feedback information to the identity authentication terminal, another remote system and the cloud storage platform. The administrator terminal may be, for example, a computer or another mobile terminal device, and is arranged for an administrator to implement data entry, authority change and other operations.
The embodiments provide a verification method of access authority. The method is applied to the identity authentication terminal. The identity authentication terminal is in communication connection with the remote license terminal, the identity authentication terminal stores identity information, which is transmitted in advance by the remote license terminal, of a person who has access authority, and a camera is amounted in the identity authentication terminal. As shown in Fig. 2, the verification method of access authority includes the following operations.
At S201, a face feature of a face in a field of vision of the camera is acquired, and based on the face feature and identity information of a person who has access authority, an identity of a target person corresponding to the face feature is recognized to obtain an identity recognition result Generally, at the entrance of a site, such as the entrance of a substation, an identity authentication terminal is installed, and the identity authentication terminal is in communication connection with a remote license terminal. The identity authentication terminal stores the identity information, which is transmitted in advance by the remote license terminal, of the person who has the access authority, and the identity information may be, for example, a photo, identity card information or access card information of the person who has the access authority. The camera is mounted in the identity authentication terminal. The identity authentication terminal may control the camera to collect face data of a person in the field of vision of the camera.
In an implementation, when a target person appears in the field of vision of the camera, the camera may shoot a face image including the target person. Since the face image shot by the camera is a color image, the information data contained is too large, which increases the calculation of an image recognition process. In addition, the clarity of the image may be affected by factors such as light intensity, so it is necessary to preprocess the face image, such as gray processing, noise reduction processing and compression processing.
In an exemplary implementation, the image is grayed. The grayed image is changed from three channels to one channel, and dimension reduction on the image may be performed to reduce the amount of calculation and facilitate data processing. In practical implementation, gray processing may be implemented in many manners, such as a component method, a maximum value method, an average value method and a weighted average value method.
In another exemplary implementation, noise reduction is performed on the image. The image is usually polluted by noise, such as salt and pepper noise, impulse noise and Gaussian noise. Herein, the salt and pepper noise contains random black and white intensity values, the impulse noise only contains a random white intensity value (positive impulse noise) or a black intensity value (negative impulse noise), and the Gaussian noise contains noise whose intensity obeys Gaussian or normal distribution. In an implementation, a multi-directional filter of derivative of a two-dimensional Gaussian function is used to perform noise reduction on a related picture. The purpose of filtering the picture with the Gaussian filter is to eliminate noise interference, which may reduce the "sharp" change of the gray level of the picture, that is, making the picture fuzzy. It may be understood that each pixel takes the average value of surrounding pixels.
In another exemplary implementation, the image is compressed. That is, image data is transformed and combined according to a certain rule, and the image is represented with the amount of data as small as possible. Most of the adjacent pixels in the image have a large correlation, and in a sequence of images, the images in adjacent frames also have a large correlation, that is, spatial redundancy and temporal redundancy exist in the images. By compressing the image, the waste of bits caused by the redundancy of the original image data may be solved, and the purpose of data compression may further be achieved.
Based on the above-mentioned preprocessing of the picture, the picture may be input to a pre-trained face recognition model, and a face feature is obtained by the face recognition model In an implementation, the identity authentication terminal stores the identity information, which is transmitted in advance by the remote license terminal, of a person who has access authority. In practical implementation, an administrator manages, through the administrator terminal, the identity information of operators who have access authority to enter the substation. First, a person allowed to enter and exit the substation submits registration information to the administrator, and then the administrator stores the registration information of the person allowed to enter and exit the substation into the remote license terminal. The registration information may include name, age, gender, company, photo, identity card number, contact information and other important information related to the person. The person who has submitted the registration information and has been approved by the administrator is set to have the access authority. The registration information of the person who has the access authority is stored in the remote license terminal and cloud storage platform. In addition, the remote license terminal also stores information such as accessible time and accessible place of the person who has the access authority. If the person who has the access authority enters the accessible place during the inaccessible time, or enters an inaccessible place during the accessible time, or enters the inaccessible place during the inaccessible time, the person who has the access authority at this time may also be regarded as a person who does not have the access authority.
After the face feature of the face in the field of view is acquired by the camera, the identity of the target person corresponding to the face feature is recognized according to the identity information, which is transmitted in advance by the remote license terminal and stored in the identity authentication terminal, of the person who has the access authority. If the face feature is consistent with the identity information, which is stored in the identity authentication terminal, of one of persons who have the access authority, the identity recognition result shows that the person has access authority. In some implementations, the identity information of the person who has the access authority includes a photo of the person. If the above face feature is consistent with the face feature in the photo of the person who has the access authority, the identity recognition result shows that the person has access authority. If the face feature of the person does not match the identity information, which is stored in the identity authentication terminal, of any person who has the access authority, the identity recognition result shows that the person does not have the access authority. In addition, other identity information may also be used for recognition. For example, the identity card information and access card information of the target person are collected by a relevant device. If the face feature of the target person is consistent with the face feature in the photo of a person who has access authority, the identity card information of the target person is consistent with the identity card information of the person who has the access authority, and the access card information of the target person is consistent with the access card information of the person who has the access authority, the identity recognition result shows that the target person has the access authority.
At S202, access request information is generated based on the identity recognition result, and the access request information is sent to the remote license terminal to verify whether the target person has access authority; and in a case where the target person has the access authority, access-allowed indication information is sent to the identity authentication terminal.
In an implementation, if the identity recognition result shows that the target person has the access authority, the identity authentication terminal may generate access request information and send the access request information to the remote license terminal through the mobile communication transmission module. The access request information includes the name of the target person recognized by the identity authentication terminal, the recognition time, the successful identity recognition result of the target person, the requested entry time, etc. After receiving the access request information, the remote license terminal verifies whether the target person has access authority. If so, access-allowed indication information is sent to the identity authentication terminal, and if not, the remote license terminal sends access-denied warning information to the identity authentication terminal.
In addition, if the site state corresponding to the identity authentication terminal does not allow a person to enter, after the remote license terminal receives the access request information, the target person still does not have the access authority, and then the indication information of denying access is sent to the identity authentication terminal.
In another implementation, if the identity recognition result shows that the target person does not have the access authority, for example, an outsider enters a working area of the substation, or a person who has access authority enters an accessible place at an inaccessible time, or enters an inaccessible place at an accessible time, or enters the inaccessible place at the inaccessible time, the identity authentication terminal may report a lack-of-access-authority event to the remote license terminal. After receiving the reported lack-of-access-authority event, the remote license terminal may inform an administrator to make corresponding handling. At the same time, the remote license terminal may also store data and record the on-site situation.
At S203, the target person is allowed to access in a case where the access-allowed indication information sent by the remote license terminal is received.
In some exemplary implementations, after receiving the access-allowed indication information sent by the remote license terminal, the identity authentication terminal confirms that the target person has the access authority, and then the target person is allowed to access a target area For example, the identity authentication terminal may be connected to a gate, and if the access-allowed indication information is received, the gate is controlled to open and allow the target person to enter.
In practical implementation, the remote license terminal is also in communication connection with the administrator terminal, and the administrator terminal may judge the device security of the substation. If the administrator terminal detects that a device is live or detects other dangerous situations, the information of denying access may be sent to the remote license terminal, and even if the identity recognition result shows that the target person has the access authority, the target person is still not allowed to enter. Based thereon, before entering the substation, an operator acquires the relevant information in the station building, thus improving the security of the operator.
According to the verification method, apparatus and system of access authority, and the identity authentication terminal, a face feature of a face in a field of vision of a camera is acquired; based on the face feature and identity information of a person who has access authority, an identity of a target person corresponding to the face feature is recognized to obtain an identity recognition result; access request information is generated based on the identity recognition result, and the access request information is sent to a remote license terminal to verify whether the target person has access authority; in a case where the target person has the access authority, access-allowed indication information is sent to an identity authentication terminal; and in a case where the access-allowed indication information sent by the remote license terminal is received, the target person is allowed to access. By virtue of the solution, the identity authentication terminal recognizes the identity of a person by face recognition, and then the remote license terminal determines whether the person has access authority. On the one hand, a person who does not have the access authority may be prevented from entering an important site with an access card or a key. On the other hand the processing capacity of authentication may be improved, the recognition efficiency and accuracy are improved, and the security of the important site is ensured.
The following embodiment provides an exemplary implementation for the process that a face feature of a face in a field of vision of a camera is acquired, and based on the face feature and identity information of a person who has access authority, an identity of a target person corresponding to the face feature is recognized to obtain an identity recognition result An initial frame image shot by a camera is acquired, and first texture data of the initial frame image is obtained; the first texture data is input to a pre-trained texture model to detect whether there is a face in the initial frame image through the texture model, and if there is a face, the texture feature data of the face is obtained; and based on the texture feature data and the identity information of the person who has the access authority, the identity of the target person corresponding to the face feature is recognized to obtain an identity recognition result.
Generally, after the frame image shot by the camera is acquired, it is usually necessary to preprocess the frame image. Preprocessing includes one or more of gray processing, noise reduction processing and compression processing. In practical implementation, when a target person near the identity authentication terminal appears in the field of vision of the camera, the camera may shoot the image of the target person. When the target person appears, for the first time, in the image shot in the field of vision of the camera, that is, the above initial frame image, the initial frame image is preprocessed, for example, the initial frame image is subjected to gray processing, noise reduction processing and compression processing to make preparations for subsequent image segmentation, image recognition and image analysis.
Further, the first texture data of the preprocessed initial frame image is obtained, and the first texture data may reflect a texture feature of the initial frame image. Herein, the texture feature is a global feature, which may reflect the surface properties of a scene corresponding to the picture or a picture area. By quantifying a certain rule of gray scale change or color change in the area, the intra-class gap of texture can be reduced as much as possible, while the inter-class gap of texture can be increased as much as possible. In practical implementation, the weighted average method is used to take a weighted average of pixel values in a local window or non-local window of the face picture as an output pixel value. According to the characteristics of regional openness and uncertainty of person flow in the substation, in an implementation, using a bilateral filtering weighting algorithm to extract the texture feature may achieve the effect of edge preservation and noise reduction smoothing, which works well with scenarios such as high dynamic toning, mapping and picture detail enhancement.
Further, feature fuzzy processing is performed on the initial frame image, and initial texture data of the processed initial frame image is obtained. The initial texture data is weighted based on preset weight parameters to obtain the first texture data. Herein, a weight parameter corresponding to a data point at an edge position in the first texture data is lower than a weight parameter corresponding to a data point other than the data point at the edge position in the first texture data.
The weight parameter corresponding to a data point at the edge position in the first texture data is set to be lower than the weight parameter corresponding to the data point other than the data point at the edge position in the first texture data. Based thereon, an abnormal pixel value may be avoided at the edge.
In the above implementation, the texture model recognizes the face in the image based on the texture data of the image. This implementation may improve the recognition speed, quickly capture the face in the image, avoid missing detection of the face of a person who does not have the access authority, and improve the detection efficiency. The texture model is trained by the obtained texture data instead of the initial frame image. This method avoids the direct extraction of the image feature. Since the weighted operation may reduce the dimension of face feature value, the dimension of obtained face feature is halved, thus improving the recognition efficiency.
The texture model is trained in a following manner. A target sample image is determined based on a preset training sample set, wherein a sample label of the target sample image includes an identity label of the face in the target sample image; texture sample data of the target sample image is obtained, and the texture sample data is input to an initial model to output intermediate data; a loss value is calculated based on the intermediate data and the sample label, and a model parameter of the initial model is updated by regression test based on the loss value; and the operation of determining the target sample image based on the preset training sample set is continuously executed until the loss value converges to obtain the texture model The preset training sample set includes a plurality of sample images, and the sample images are randomly selected from the training sample set or sequentially selected as the target sample image, and an identity label including the face in the target sample image is identified by a sample label. In some exemplary implementations, the sample label may include the identity information of the face, and the model is trained to learn the association between the face and the identity information of the face through the sample label. First, the target sample image is preprocessed. Preprocessing includes gray processing, noise reduction processing, compression processing, etc. The texture sample data of the preprocessed target sample image is obtained, the texture sample data is input to the initial model to extract feature point data of the preprocessed target sample image, and intermediate data is generated based on the feature point data. After the intermediate data is obtained, the training effect of the initial model is measured by the preset loss function. Herein, the loss function is used to indicate the gap between predicted data and actual data, for example, in the current embodiment, the loss function is used to indicate the gap between the sample label and the intermediate data. Therefore, the smaller the loss function value is, the better the training effect of the model is. In order to reduce the loss value, regression test may be used to optimize the algorithm and update the model parameter of the initial model. The operation of determining the target sample image based on the preset training sample set is continuously executed until the loss value no longer changes, and the initial model is set to be the texture model.
Considering that the recognition precision of the texture model is limited, in an exemplary implementation, the texture feature data is compared with the identity information of the person who has the access authority, and the identity information, which matches with the texture feature data, in the identity information of the person who has the access authority is determined as a first recognition result of the target person; the face feature of the face in a target frame image subsequent to the initial frame image is obtained through a pre-trained deep learning model; the face feature is compared with the identity information of the person who has the access authority, and the identity information, which matches with the face feature, in the identity information of the person who has the access authority is determined as a second recognition result of the target person; and the identity recognition result of the target person is determined based on the first recognition result and the second recognition result.
For example, by comparing the texture feature data with the identity information of the person who has the access authority, the first recognition result obtained shows that the target person has the access authority, and by comparing the face feature with the identity information of the person who has the access authority, the second recognition result obtained shows that the target person has the access authority. In such a case, the identity recognition result shows that the target person has the access authority.
In the above process, the operation of obtaining the face feature of the face in a target frame image subsequent to the initial frame image through a pre-trained deep learning model may be implemented in a following manner. A movement trend of the face in the initial frame image is determined; positions of the face in frame images subsequent to the initial frame image are determined based on the movement trend; a frame image, which contains the face and is a specified number of frames away from the initial frame image, subsequent to the initial frame image is determined as the target frame image subsequent to the initial frame image; and the target frame image is input to a pre-trained deep learning model, and the face feature of the face in the target frame image is output.
In practical implementation, a tracking algorithm may be used to judge the movement trend of face coordinates in multiple frames so as to determine whether the currently locked person is the same person. In practical implementation, if the initial frame image contains face 1, considering that the difference of the same face in two adjacent frame images is small, in a next frame image of the initial frame image, face 1 is searched near the position area of the initial frame image, and the found face is determined as face 1. Meanwhile, the specific position of face 1 in the next frame image is acquired, and based on the positions of face 1 in the initial frame image and the next frame image, the movement trend of the face may be determined. The position of the face in the subsequent frame image may be speculated about based on the movement trend.
The target frame image may be a frame image, which is a specified number of frames away from the initial frame image, subsequent to the initial frame image, and the specified number of frames may be 50 frames, 100 frames, etc. The position of the face 1 in the target frame image may be speculated about based on the movement trend.
The above-mentioned deep learning model may be trained in a following manner. In some exemplary implementations, a first sample image is determined based on a preset training set, and a first sample label of the first sample image includes: an area identifier of the area where the face is located in the first sample image; the first sample image is preprocessed, and the preprocessed first sample image is input to an initial model to obtain first intermediate data; based on the first intermediate data, the first sample label and the preset first loss function, the model parameter of the initial model is updated by gradient descent; the operation of determining the first sample image based on the preset training set is continuously executed until the first intermediate data output by the initial model converges to obtain a basic model; and based on the preset texture sample data, the basic model is retrained to obtain the face recognition model.
The preset training set includes a plurality of groups of training images. Sample images are randomly selected or sequentially selected from the training set as the first sample image, and the first sample image includes a face area and a non-face area. Herein, the face area in the first sample image is identified by the first sample label. For example, the first sample label may specifically be a rectangular frame, and the image area in the rectangular frame is the face area. Then, the first sample image is preprocessed. Preprocessing may include gray processing, scaling processing, etc. The preprocessed first sample image is input to the initial model to obtain the first intermediate data. The initial model may be a convolution model or another artificial intelligence model, such as You Only Look Once (YOLO) neural network model.
After the initial model outputs the first intermediate data, the training effect of the initial model is measured by the preset first loss function. The first loss function is used to indicate the gap between the predicted data and the actual data. For example, in the current embodiment, the first loss function is used to indicate the gap between the first intermediate data and the first sample label. Therefore, the smaller the first loss function value is, the better the training effect of the model is. In order to reduce the first loss function value, gradient descent is used to optimize the algorithm and update the model parameter of the initial model. The operation of determining the first sample image based on the preset training set is continuously executed until the first intermediate data output by the initial model converges. That is, when the first loss function value remains unchanged, the initial model is set as the basic model, and then the basic model is retrained based on the texture sample data to obtain the face recognition model.
In an exemplary implementation, the YOLO neural network is used for deep learning training for the preprocessed first sample image, the first sample image is compressed and transformed into an image with 608 x 608 pixels as input, the image pixels are calculated with parameters of multiple convolution pooling layers and full connection layers, and finally a boundary box of the detected face pixels is output. A gradient descent method is used to solve the model, then a convolution neural network is used to extract eigenvalues of 1024 dimensions, and the gradient descent method is used to converge the eigenvalue of each dimension to complete basic model manufacturing The texture feature data is compared with the identity information of the person who has the access authority to obtain a first recognition result, and the face feature is compared with the identity information of the person who has the access authority to obtain a second recognition result Considering the limited accuracy of the first recognition result obtained by the texture feature data, in a case where the first recognition result is different from the second recognition result, the second recognition result is determined as the identity recognition result of the target person.
After the identity recognition result of the target person is determined, the identity recognition result may be sent to the remote license terminal for authentication. In the process, the deep learning model may be called several times to extract the face feature of the target person, and the face feature is compared with the identity information of the person who has the access authority. If the comparison results indicate that the target person is the same person who has the access authority, access authority authentication is performed on the remote license terminal.
Further, in a case where no identity information matching with the texture feature data is found after comparing the texture feature data with the identity information of the person who has the access authority, the face feature of the face in the target frame image subsequent to the initial frame image is obtained through the pre-trained deep learning model; the face feature is compared with the identity information of the person who has the access authority; and in a case where no identity information matching with the face feature is found after comparing the face feature with the identity information of the person who has the access authority, it is determined that the target person does not have the access authority.
In some exemplary implementations, in a case where no identity information matching with the texture feature data is found after comparing the texture feature data with the identity information of the person who has the access authority, it may be preliminarily judged that the target person does not have the access authority. In such a case, the comparison is made again based on the face feature. If no identity information matching with the face feature is found after comparing the face feature with the identity information of the person who has the access authority, it is confirmed that the target person does not have the access authority. In such a case, the result showing that the person does not have the access authority may be reported.
The following embodiment provides an exemplary implementation of the identity recognition result In some exemplary implementations, collected certificate information of the target person corresponding to the face feature is acquired The collected certificate information includes identity card information and/or access card information. The face feature and the collected certificate information are compared with the identity information of the person who has the access authority, and the identity information, which matches with the face feature and the collected certificate information, in the identity information of the person who has the access authority is determined as an identity recognition result of the target person.
In an exemplary implementation, after obtaining the face feature, the identity authentication terminal also needs to obtain the collected certificate information of the target person corresponding to the face feature. The collected certificate information includes identity card information and access card information, or the collected certificate information only includes the identity card information, or the collected certificate information only includes the access card information. The collected certificate information is a physical certificate for the target person to enter the access site.
Herein, the identity card information needs to be the information consistent with registration information within a validity period, and the access card is the card identification of an Integrated Circuit (IC) card provided by the administrator for the target person after the target person makes a real-name registration and the remote license terminal stores the real-name registration information. The face feature and the collected certificate information are compared with the identity information of the person who has the access authority. The identity information of the person who has the access authority is sent to the identity authentication terminal in advance by the remote license terminal. The person who submitted registration information and has been approved by the administrator and whose registration information is stored in the remote license terminal is set to have the access authority. In addition, the remote license terminal also stores information such as accessible time and accessible place of the person who has the access authority. If the person who has the access authority enters an accessible place during an inaccessible time, or enters an inaccessible place during an accessible time, or enters the inaccessible place during the inaccessible time, the person who has the access authority may lose the access authority and become a person who does not have the access authority.
In one case, if the identity information of one of the persons who have the access authority corresponds to the face feature and the collected certificate information, that is, identity information matching with the face feature and the collected certificate information is found in the identity information of the person who has the access authority, the identity information matching with the face feature and the collected certificate information is determined as the identity recognition result of the target person In another case, if there is no identity information, which matches with the face feature and the collected certificate information, in the identity information of the person who has the access authority, it is determined that the target person does not have the access authority, and an image containing the target person is collected through the camera, and alarm information is generated based on the image of the target person, and the alarm information is sent to the remote license terminal.
That is, after the target person swipes the face, the access card and identity card are swiped, or only the access card is swiped, or only the identity card is swiped. As long as one of the access card and the identity card does not correspond to the pre-stored identity information of the person who has the access authority, the identity comparison fails. In other words, if there is no identity information matching with the access card and the identity card, it is determined that the target person does not have the access authority. Then, a plurality of groups of images including the target person are collected by the camera, and one or more images that can best highlight the identity feature of the target person are selected by comparing the plurality of groups of images of the target person, so as to generate alarm information and send the alarm information to the remote license terminal.
The following embodiment provides an exemplary implementation of sending access request information.
In some exemplary implementations, based on a preset data packet format, the identity recognition result is packaged into the access request information. Herein, the access request information includes packet header data and packet body data, arid the packet header data at least includes: an instruction identifier, an event instruction code, an event instruction code type, an identifier of the remote license terminal and an event creation time. The event instruction code is used for indicating an analytic format of the access request information. The instruction identifier is used for checking whether the access request information is complete. The packet body data includes the identity recognition result. The access request information is sent to the remote license terminal.
After the above the identity recognition result shows that the target person has the access authority, the identity recognition result needs to be packaged into the access request information. The access request information includes the packet header data and the packet body data. The packet header data at least includes: an instruction identifier, an event instruction code, an event instruction code type, an identifier of the remote license terminal and an event creation time. The name of the instruction identifier is order ID, and the type is string. The instruction identifier is used for checking whether the access request information is complete, and a Universal Unique Identifier (UUID) is used. orderIDs of instructions of response and reply to the same packet body format need to be kept consistent. The name of the event instruction code is order Code, and the type is int. The event instruction code is used for indicating the analytic format of the access request information and corresponds to the package body data. The name of the event instruction code type is order Type, and the type is int. The event instruction code type is set to the following events: an execution event, a response event, a result return event, and a heartbeat packet event. The name of the identifier of the remote license terminal is client Type, the type is int, and the identifier may be set as a remote license terminal or an identity authentication terminal. The name of the event creation time is create Time, the type is Date, and unix timestamp is adopted, which may be accurate to milliseconds. The packet body data includes the identity recognition result, and if the identity recognition result shows that the target person has the access authority, the access request information is sent to the remote license terminal. Table 1 below shows the exemplary content of data packet format.
Table 1
Data packet fommt Packet header data
Name Type Description Nuliable or not
orderID string Unique identifier of the instruction represented by uuid, orderlDs of instructions of response and reply to the same packet body format need to be kept consistent No orderCode int Event instruction code, which indicates what the event is, and corresponds to the package body data No ordertype int Event instruction code Type 1: execution event; 2: response event; 3: result return event; and 4: heartbeat packet event No clientType int Client type 1: remote license terminal 2: Identity authentication apparatus No webClientId string Unique identifier of web client Yes appClientId string Unique identifier of identity Yes authentication apparatus, that is, mac address createTime Date Event creation time, unix timestamp, accurate to milliseconds No employeeId int Unique Identifier of a person (person id) Yes Packet body data
Name Type Description Nullable or not
eventData Object Description of corresponding event package body Yes In the above data packet format, the analytic format of the access request information is indicated by the event instruction code, and whether the access request information is complete is verified by the instruction identifier. The purpose of data communication may be completed by only sending one message between communication devices, which reduces the communication quantity and improves the communication efficiency. Meanwhile, a naming code of communication is included in the data of orderCode, and the content of communication is included in the format of eventData. As a result of the design, a final analytic format can be directly determined according to oederCode when a JSON string is analyzed, which can avoid errors in processing the JSON string according to the instruction sequence and improve the efficiency of obtaining target data from the JSON string. The instruction set contains orderlD for checking, which can effectively solve information loss caused by an asynchronous communication process. Designing such a format avoids the process of deserializing an unrelated element string of a processing instruction, thus improving the efficiency of obtaining the target data from the JSON string. Meanwhile, a related check field is designed to achieve the purpose of information integrity checking.
The following embodiment provides an exemplary implementation of allowing a target person to access In some exemplary implementations, in a case where the access-allowed indication information sent by the remote license terminal is received, an instruction identifier is obtained from packet header data of the access-allowed indication information, and it is verified, based on the instruction identifier, whether the access-allowed indication information is complete or not. In a case where the access-allowed indication information is complete, an event instruction code is obtained from the packet header data of the access-allowed indication information, and an analytic format of the access-allowed indication information is determined based on the event instruction code; and packet body data in the access-allowed indication information is analyzed based on the analytic format to obtain an access-allowed indication, and the target person is allowed to access based on the access-allowed indication.
If the identity authentication terminal receives an access information indication sent by the remote license terminal, and the access request indication information includes packet header data and packet body data, the instruction identifier may be obtained from the packet header data, and whether the access-allowed indication information is complete or not may be checked based on the instruction identifier. In order to ensure that the indication information is complete, the embodiment provides a transmission protocol. During communication, the naming code is included in the order Code data and the content of communication is included in the event Date format, which avoids incomplete access-allowed indication information and effectively solves the information loss caused by the asynchronous communication process. Further, the event instruction code is obtained from the packet header data of the access-allowed indication information, an analytic format of the access-allowed indication information is determined according to the event instruction code, and the packet body data is acquired from the access-allowed indication information. The packet body data includes the operation instructions of the corresponding data, so the access-allowed indication may be obtained based on the packet body data. The identity authentication terminal allows the target person to access according to the access-allowed indication.
In practical implementation, after the target person is allowed to access, an access record of the target person is sent to the remote license terminal, herein, the access record includes: the identity information, access time and an access place of the target person. After the identity authentication terminal allows the target person to access, the access record of the target person is sent to the remote license terminal. Based thereon, the person entering and leaving the site corresponding to the identity authentication terminal may be registered and recorded. The access record includes: the identity information, the access time and the access place of the target person, and the access record may also be stored in a cloud storage platform. When a safety accident occurs, the person in the substation may be rescued in time, and the follow-up tracing work may be performed smoothly.
In another implementation, a temporary person who needs to enter the substation also needs access authorization before entering.
In some exemplary implementations, the identity information of the temporary person is acquired, and a temporary authorization request is generated based on the identity information of the temporary person; the temporary authorization request is sent to the remote license terminal, so as to issue temporary access authority of the temporary person through the remote license terminal, and the information of the temporary access authority of the temporary person is received, and the temporary person is allowed to access Before entering a target area, the temporary person needs to apply for temporary authorization and submit real-name registration information to the administrator. The registration information includes name, age, gender, unit, photo, identity card number, contact information and other important information related to the person Or, the temporary person fills in the registration information at the remote license terminal and submits the registration information to the administrator. After obtaining the identity information of the temporary person, the administrator examines and verifies the identity information, and after confirming that the temporary person has the access authority, a temporary authorization request is generated based on the identity information of the temporary person, and the temporary authorization request is sent to the remote license terminal. The remote license terminal sends the temporary access authority to the identity authentication terminal, and the identity authentication terminal may allow the temporary person to access after receiving the temporary access authority of the temporary person The temporary access authority includes information such as accessible time and accessible place of the temporary person.
If the temporary person does not enter at the accessible time or enters an inaccessible place, the identity authentication terminal may generate a lack-of-access-authority event and report the lack-of-access-authority event to the remote license terminal, and store a record of the on-site situation. Meanwhile, a notice is sent to the administrator terminal.
The following embodiment provides another verification method of access authority, and the method is applied to a remote license terminal. The remote license terminal is in communication connection with an identity authentication terminal. As shown in Fig. 3, the verification method of access authority includes the following operations.
At S301, access request information sent by the identity authentication terminal is received. The access request information is generated by the identity authentication terminal in a following manner: a face feature of a face in the field of vision of a camera is acquired; based on the face feature and identity information of a person who has access authority, an identity of a target person corresponding to the face feature is recognized to obtain an identity recognition result; and the access request information is generated based on the identity recognition result.
After successfully recognizing the identity of the target person, the identity authentication terminal may send the access request information to the remote license terminal through the mobile communication transmission module. The access request information is generated by the identity authentication terminal. In some exemplary implementations, when a target person appears in the field of vision of the camera, the camera may shoot a face image including the target person, preprocess the face image and input same into the face recognition model to extract the face feature, recognize the identity of the target person corresponding to the face feature based on the face feature and the identity information, which is transmitted to the identity authentication terminal by the remote license terminal in advance, of the person who has the access authority, and if the recognition shows that the target person has the access authority, generate the access request information based on the successful identity recognition result. The access request information includes the name of the target person recognized by the identity authentication terminal, the recognition time, the successful identity recognition result of the target person, the requested entry time, etc. At S302, it is determined whether the target person corresponding to the access request information has access authority based on a preset access condition.
An access condition is preset in the remote license terminal. The access condition includes that: the person applying for envy must be a qualified person who has the access authority and has received relevant security training, the requested entry time is within an authorized accessible time range, the requested entry place is an accessible place, and the working environment of the target accessible place is a safe environment when applying for entry, etc. According to the preset access condition, the remote license terminal judges whether the target person corresponding to the access request information sent by the identity authentication terminal has the access authority.
In some exemplary implementations, if the access request information meets the preset access condition, the target person corresponding to the access request information has the access authority. If the access request information does not meet the preset access condition, the target person corresponding to the access request information does not have the access authority.
At S303, in a case where the target person has the access authority, the access-allowed indication information is sent to the identity authentication terminal so that the identity authentication terminal allows the target person to access Based on the above judgment that, if the target person corresponding to the access request information sent by the identity authentication terminal has the access authority, the remote license terminal sends the access-allowed indication information to the identity authentication terminal, the access-allowed indication information is implemented in various manners, such as check mark indication information and text indication information. The access-allowed indication information is set to enable the identity authentication terminal to allow the target person to access In another implementation, based on the above judgment that, if the target person corresponding to the access request information sent by the identity authentication terminal does not have the access authority, the remote license terminal sends warning information to the identity authentication terminal, the warning information is implemented in various manners, such as cross mark alarm information, exclamation point alarm information and text warning information. The warning information is set to control the identity authentication terminal not to allow the target person to access. After receiving the warning information, the identity authentication terminal may collect the image information of the target person through the camera, generate alarm information, and send same to the remote license terminal, and the remote license terminal may send the alarm information to the administrator terminal, store the data, and record the on-site situation. Meanwhile, the remote license terminal may also store the lack-of-access-authority event to the cloud storage pl atform.
The verification method of access authority determines whether the target person has the access authority or not by presetting the access condition at the remote license terminal and based on the access request information sent by the identity authentication terminal, and strictly controls the persons entering and leaving the substation, thereby ensuring the secure operation of the substation.
An exemplary implementation of determining whether the target person corresponding to the access request information has the access condition is provided below.
In some exemplary implementations, the access request information is sent to the administrator terminal, and if an access instruction of the administrator terminal is received, it is determined that the target person corresponding to the access request information has the access condition Or, the status of a site corresponding to the identity authentication terminal is acquired, and it is determined whether the target person corresponding to the access request information has the access condition based on the site status The remote license terminal is in communication connection with the administrator terminal. In an implementation, when receiving the access request information sent by the identity authentication terminal, the remote license terminal sends the access request information to the administrator terminal, and the administrator terminal may check according to the identity information of the target person in the access request. If the check is successful, it is determined that the target person corresponding to the access request information has the access condition. In another implementation, the administrator terminal may acquire the status of the site corresponding to the identity authentication terminal, and determine whether the target person corresponding to the access request information has the access condition according to the site status. For example, if a device on the site corresponding to the identity authentication terminal is live, that is, the site is in a dangerous state, even if the target person corresponding to the access request information is a person who has access authority, it is to be determined that the target person has no access condition. Based thereon, the security information of the site corresponding to the identity authentication terminal is detected in advance, and the access condition is determined, thus providing a secure working environment for the operator.
Further, the remote license terminal receives the access record of the target person sent by the identity authentication terminal, and counts the current number of persons on the site corresponding to the identity authentication terminal; and judges whether the current number of persons reaches a preset person number threshold, and if so, sets the status of the site corresponding to the identity authentication terminal as a first site status. The first site status is used for indicating that: the site corresponding to the identity authentication terminal is full and no longer has the access condition.
In an implementation, the identity authentication terminal may send the access record of the target person to the remote license terminal. The access record includes information of a person who enters the site corresponding to the identity authentication terminal on that day before the access request information is sent, such as information of the person who enters the site, information of the entry time, information of a person who leaves the site, information of the departure time, etc. After receiving the access record of the target person sent by the identity authentication terminal, the remote license terminal calculates and counts the current number of persons on the site corresponding to the identity authentication terminal when the access request is submitted. Furthermore, the remote license terminal is preset with a person number threshold. The person number threshold represents the maximum number of persons that can be accommodated on the site corresponding to the identity authentication terminal. The counted current number of persons on the site corresponding to the identity authentication terminal is compared with the preset person number threshold. If the current number of persons on the site corresponding to the identity authentication terminal is greater than the preset person number threshold, it means that the site corresponding to the identity authentication terminal is full, that is, the first site status, and the site corresponding to the identity authentication terminal no longer has the access condition.
The remote license terminal is in communication connection with the cloud storage platform, and further receives the access record of the target person sent by the identity authentication terminal, and stores the access record in the cloud storage platform. The access record includes: the identity information of the target person, the access time and the access place.
In an implementation, the cloud storage platform is mainly arranged to store and manage the data of the substation, such as data collection, picture display and data record. After receiving the access record of the target person sent by the identity authentication terminal, the remote license terminal stores the access record in the cloud storage platform. The access record includes information such as the identity information of a person on the site corresponding to the identity authentication terminal, the access time and the access place. Based thereon, if a safety accident occurs, the number and information of persons in the place in a dangerous status may be judged in time based on the access information, and then the persons in the dangerous status may be rescued in time and accurately. Meanwhile, it is convenient for the follow-up tracing work to proceed smoothly.
Further, the remote license terminal is in communication connection with the cloud storage platform, and if receiving the alarm information sent by the identity authentication terminal, sends the alarm information to a designated administrator terminal and stores the alarm information to the cloud storage platform. After receiving the alarm information sent by the identity authentication terminal, the remote license terminal may send the alarm information to the designated administrator terminal, and an administrator may process the alarm information. Meanwhile, the remote license terminal may also send the alarm information to the cloud storage platform to store the alarm information. The number of times of the alarm information of the target person may affect the result of the access request. If a target person has alarm information many times, it may be judged that the target person is a malicious person who does not have the access authority, and may be added to a blacklist, without passing the access request of the target person.
Further, the remote license terminal is in communication connection with the administrator terminal, and if receiving a temporary authorization request sent by the identity authentication terminal, sends the temporary authorization request to the administrator terminal, receives a confirmation instruction returned by the administrator terminal, and sends the information of temporary access authority of a temporary person to the identity authentication terminal. After receiving the temporary authorization request sent by the identity authentication terminal, the remote license terminal may send the temporary authorization request to the administrator terminal, and an administrator checks the identity information of the temporary person to judge whether the temporary person has the access authority. If the temporary person has the access authority, a confirmation instruction is sent to the remote license terminal. After receiving the confirmation instruction returned by the administrator terminal, the remote license terminal may send the information of the temporary access authority of the temporary person to the identity authentication terminal.
To facilitate the understanding of the above embodiment, referring to Fig. 4, which is an interaction diagram of an administrator, an authentication system and an identity authentication terminal. In some exemplary implementations, the administrator may authorize a target person through the administrator terminal according to real-name registration information of the target person and the real-time status of the site, and issue an authorization instruction to the authentication system. First, the system converts the data of the authorization instruction into an instruction set meeting a data packet format, and then issues an operation instruction set to the identity authentication terminal through a WebSocket protocol. After the identity authentication terminal receives the instruction set, the instruction information is obtained and authentication data of the target person is collected, including IC card number, identity card, a face recognition result, etc., and an authorization record is generated. Then, the authorization record is sent to the authentication system, cloud storage is performed on the authorization record, and report data of the authorization record is generated and sent to the administrator. Based thereon, the administrator may obtain the identity information of the target person and the information of an identity authentication method, and show the report data to the target person, so that the target person can know the access information clearly.
An embodiment of a lack-of-access-authority event and a temporary person applying for temporary authorization is provided below, as shown in Fig. 5. Before entering the station for operation, a worker needs to swipe card and face to complete identity authentication. If the authorization verification of the identity authentication terminal fails, the event is determined as a lack-of-access-authority event and reported to the remote license terminal, and the remote license terminal may store data, record the on-site situation and notify the administrator. For a temporary person entering the station, it is necessary to apply for temporary authorization from the administrator. After verification by the administrator, the target temporary person meets the access condition and has the access authority. The temporary authorization of the temporary person is approved, and an authorization receipt is sent to the remote license terminal, and sent to the identity authentication terminal via the remote license terminal. Based on the authorization receipt, the temporary person gets the access authority, and the authorization is successful.
The following embodiment provides an embodiment of another verification method of access authority, which may be shown in Fig. 6.
The identity authentication terminal stores the identity information, which is transmitted by the remote license terminal in advance, of a person who has access authority. Before the target person enters the station building, the identity authentication terminal recognizes whether the target person has the access authority, and reports the information of the person who has the access authority (i.e., the authorization information) to the remote license terminal. Meanwhile, the camera may take a picture of the face and send the picture to the remote license terminal. Based thereon, the remote license terminal may statistically analyze the access situation of the station building, store and record the information of the access person, and inform the administrator terminal about the access situation. In an implementation, if the site corresponding to an identity authentication terminal is full, there may be an authorization change. That is, even if the target person is a person who has the access authority, the access request is not passed. The remote license terminal sends the authorization change information to the identity authentication terminal to update the authorization.
Fig. 7 is an interaction diagram of an administrator operating authorization data. The administrator may perform operation such as adding, editing, or deleting the registration data and authorization record of the person who has the access authority. The authorization record may include a station site, a concierge, an area, authorization time, etc. The authorization data is managed on a Web workbench, and an Application Programming Interface (API) provided by the cloud is called through a Hypertext Transfer Protocol Over Secure Socket Layer protocol (HTTPS) for storage. The cloud service stores data to a database through Object Relational Mapping (ORM) mapping storage. The Web workbench requests the API interface provided by the cloud service, requiring Authorization token verification by request header, encrypting and transmitting key data by IVID5 information digest algorithm, and encrypting and storing a key table and key field data by the database.
An operation system of the verification method of access authority provided in the embodiment includes an identity authentication apparatus, a 5G transmission network module, a cloud storage platform and an authentication system. The identity authentication apparatus performs identity judgment through face recognition, and the 5G transmission network module provides a 5G network architecture for the identity authentication apparatus to speed up the data transmission rate and reduce the network delay. The cloud storage platform is responsible for the storage and backup of authentication data, and the authentication system judges the access authority of a person. The authentication operations of the system are as follows: a face collection module collects face data, 3D face model data is locally built to extract a face feature, a pre-recognition model is prepared by deep learning, thus improving the recognition efficiency, an authentication request is sent to the authentication system after the identity authentication is completed to recognize the authority of the person, a recognition result is uploaded through the 5G transmission network module after the recognition, and a record is stored on the cloud storage platform. The system greatly shortens the network transmission time through the 50 network transmission mode, and improves the recognition efficiency of the whole process. Meanwhile, the cloud storage platform is deployed in the cloud to improve the security of data, and the authentication and authorization are separated by the authentication system, thus implementing batch authorization of persons.
Corresponding to the above method embodiment, referring to a verification apparatus of access authority shown in Fig. 8, the apparatus is arranged on an identity authentication terminal. The identity authentication terminal is in communication connection with a remote license terminal, the identity authentication terminal stores identity information, which is transmitted in advance by the remote license terminal, of a person who has access authority, and a camera is installed in the identity authentication terminal. The apparatus includes: an identity recognition module 81, an access request module 82 and an access control module 83.
The identity recognition module 81 is arranged to acquire a face feature of a face in the field of vision of a camera, and recognize, based on the face feature and identity information of a person who has access authority, an identity of a target person corresponding to the face feature to obtain an identity recognition result.
The access request module 82 is arranged to generate access request information based on the identity recognition result, and send the access request information to the remote license terminal to verify whether the target person has access authority; and send, in a case where the target person has the access authority, access-allowed indication information to the identity authentication terminal.
The access control module 83 is arranged to allow the target person to access in a case where the access-allowed indication information sent by the remote license terminal is received The verification apparatus of access authority acquires a face feature of a face in the field of vision of a camera; recognizes, based on the face feature and identity information of a person who has access authority, an identity of a target person corresponding to the face feature to obtain an identity recognition result; generates access request information based on the identity recognition result, and sends the access request information to a remote license terminal to verify whether the target person has access authority; sends, in a case where the target person has the access authority, access-allowed indication information to an identity authentication terminal; and allows the target person to access in a case where the access-allowed indication information sent by the remote license terminal is received. By virtue of the solution, the identity authentication terminal shoots a face picture through the camera, acquires the face feature through a face recognition model, and then compares the face feature with the identity information, which is transmitted by the remote license terminal in advance, of the person who has the access authority to obtain an identity recognition result. In this manner, the identity authentication work is completed by the cooperation between the identity authentication terminal and the remote license terminal, which improves the efficiency and accuracy of identity authentication and ensures the security of the substation.
The identity recognition module is further arranged to acquire an initial frame image shot by the camera, and extract the first texture data of the initial frame image; input the first texture data to a pre-trained texture model to detect whether there is a face in the initial frame image through the texture model, and extract, if there is a face, the texture feature data of the face, and recognize, based on the texture feature data and the identity information of the person who has the access authority, the identity of the target person corresponding to the face feature to obtain an identity recognition result.
The identity recognition module is further arranged to: perform feature fuzzy processing on the initial frame image, and extract initial texture data of the processed initial frame image; and weight the initial texture data based on preset weight parameters to obtain the first texture data. Herein, a weight parameter corresponding to a data point at an edge position in the first texture data is lower than a weight parameter corresponding to a data point other than the data point at the edge position in the first texture data.
The identity recognition module is further arranged to train the texture model in a following manner: a target sample image is determined based on a preset training sample set, and a sample label of the target sample image includes an identity label of the face in the target sample image; texture sample data of the target sample image is obtained, and the texture sample data is input to an initial model to output intermediate data; a loss value is calculated based on the intermediate data and the sample label, and a model parameter of the initial model is updated by regression test based on the loss value; and the operation of determining the target sample image based on the preset training sample set is continuously executed until the loss value converges to obtain the texture model The identity recognition module is further arranged to: compare the texture feature data with the identity information of the person who has the access authority, and determine identity information, which matches with the texture feature data, in the identity information of the person who has the access authority as a first recognition result of the target person; extract the face feature of the face in a target frame image subsequent to the initial frame image through a pre-trained deep learning model; compare the face feature with the identity information of the person who has the access authority, and determine identity information, which matches with the face feature, in the identity information of the person who has the access authority as a second recognition result of the target person; and determine the identity recognition result of the target person based on the first recognition result and the second recognition result.
The identity recognition module is further arranged to: determine a movement trend of the face in the initial frame image; determine positions of the face in frame images subsequent to the initial frame image based on the movement trend; determine a frame image, which contains the face and is a specified number of frames away from the initial frame image, subsequent to the initial frame image as the target frame image subsequent to the initial frame image, and input the target frame image to a pre-trained deep learning model, and output the face feature of the face in the target frame image.
The identity recognition module is further arranged to determine the second recognition result as the identity recognition result of the target person in a case where the first recognition result is different from the second recognition result The apparatus further includes: a person who does not have the access authority determination module, arranged to extract, in a case where no identity information matching with the texture feature data is found after comparing the texture feature data with the identity information of the person who has the access authority, the face feature of the face in the target frame image subsequent to the initial frame image through the pre-trained deep learning model; compare the face feature with the identity information of the person who has the access authority; and determine, in a case where no identity information matching with the face feature is found after comparing the face feature with the identity information of the person who has the access authority, that indicates the target person does not have the access authority.
The access request module is further arranged to: package, based on a preset data packet format, the identity recognition result into the access request information. Herein, the access request information includes packet header data and packet body data, and the packet header data at least includes: an instruction identifier, an event instruction code, an event instruction code type, an identifier of the remote license terminal and an event creation time; the event instruction code is used for indicating an analytic format of the access request information; the instruction identifier is used for checking whether the access request information is complete; the packet body data includes the identity recognition result; and the access request information is sent to the remote license terminal.
The access control module is further arranged to: extract, in a case where the access-allowed indication information sent by the remote license terminal is received, an instruction identifier from packet header data of the access-allowed indication information, and verify whether the access-allowed indication information is complete or not based on the instruction identifier; extract, in a case where the access-allowed indication information is complete, an event instruction code from the packet header data of the access-allowed indication information, and determine an analytic format of the access-allowed indication information based on the event instruction code; and analyze packet body data in the access-allowed indication information based on the analytic format to obtain an access-allowed indication, and allow the target person to access based on the access-allowed indication.
The present disclosure further provides an identity authentication terminal and a remote license terminal. The identity authentication terminal or the remote license terminal includes a processor and a memory. The memory stores a machine executable instruction executable by the processor, and the processor executes the machine executable instruction to implement the above verification method of access authority.
Referring to Fig. 9, the identity authentication terminal or the remote license terminal includes a processor 100 and a memory 101. The memory 101 stores a machine executable instruction executable by the processor 100, and the processor 100 executes the machine executable instruction to implement the verification method of access authority.
Further, the identity authentication terminal and the remote license terminal shown in Fig 9 further include a bus 102 and a communication interface 103, and the processor 100, the communication interface 103 and the memory 101 are connected through the bus 102.
The memory 101 may include a high-speed Random Access Memory (RAM) or a non-volatile memory, such as at least one disk memory. At least one communication interface 103 (which may be wired or wireless) is used to implement communication connection between a network element of the system and at least one other network element, and the Internet, wide area network, local area network, metropolitan area network and the like may be used. The bus 102 may be an ISA bus, a PCI bus or an EISA bus, etc. The bus may be divided into an address bus, a data bus, a control bus, etc. For convenience, Fig. 9 is only indicated by a double-headed arrow, but it does not mean that there is only one bus or one type of bus.
The processor 100 may be an integrated circuit chip with signal processing capabilities. In an implementation process, each operation of the methods may be completed by an integrated logical circuit of hardware in the processor 100 or an instruction in a software font The processor 100 may be a general-purpose processor, including a Central Processing Unit (CPU), a Network Processor (NP), etc., and may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field-Programmable Gate Array (FPGA) or other programmable logic devices, a discrete gate or transistor logic device, or a discrete hardware component. Various methods, operations, and logic block diagrams disclosed in the embodiments of the present disclosure may be implemented or executed. The general-purpose processor may be a microprocessor, or the processor may also be any conventional processor, etc. The operations of the method disclosed in combination with the embodiment of the present disclosure may be directly embodied as a hardware decoding processor for execution and completion or a combination of hardware and software modules in the decoding processor for execution and completion. The software module may be located in a mature storage medium in this field such as a Random Access Memory (RAM), a flash memory, a Read-Only Memory (ROM), a Programmable ROM (PROM) or Electrically Erasable PROM (EEPROM), and a register. The storage medium is in a memory 101. The processor 100 reads information in the memory 101 and completes the operations of the method of the embodiments in combination with hardware.
The present disclosure further provides a verification system of access authority. The system includes an identity authentication terminal, a remote license terminal, a mobile communication transmission module, an administrator terminal and a cloud storage platform. Herein, the mobile communication transmission module is arranged between the identity authentication terminal and the remote license terminal, and is arranged to implement communication between the identity authentication terminal and the remote license terminal.
The remote license terminal is arranged to: receive access request information sent by the identity authentication terminal. Herein, the access request information is generated by the identity authentication terminal in a following manner: a face feature of a face in the field of vision of a camera is acquired; an identity of a target person corresponding to the face feature is recognized based on the face feature and the identity information of the person who has the access authority to obtain an identity recognition result; access request information is generated based on the identity recognition result; it is determined whether the target person corresponding to the access request information has access authority based on a preset access condition; and in a case where the target person has the access authority, access-allowed indication information is sent to the identity authentication terminal, so that the identity authentication terminal allows the target person to access.
A SG Data Transfer Unit (DTU) is taken as the target mobile communication transmission module as an example, for ease of understanding, referring to Fig. 10.
The identity authentication terminal is equipped with a reading configuration, and is in communication connection with the 5G DTU. The identity authentication terminal sends data to the SG DTU through an RJ45 network port, the SG DTU is in wireless communication with the remote license terminal through SG, and then an agent forwards the data sent by the identity authentication terminal. Based thereon, the remote license terminal may quickly receive the data sent by the identity authentication terminal and reply the data to the identity authentication terminal.
The present disclosure further provides a machine readable storage medium. A machine executable instruction is stored on the machine readable storage medium. When the machine executable instruction is called and executed by a processor, the machine executable instruction causes the processor to implement the above verification method of access authority.
A computer program product of the verification method, apparatus, system of access authority, and the identity authentication terminal provided in the embodiments of the present disclosure includes a computer-readable storage medium storing a program code. Instructions included in the program code may be configured to execute the method in the method embodiments. The detailed implementations may refer to the above-mentioned method embodiments, which are not repeated here.
Those skilled in the art may clearly learn about that exemplary working processes of the system and apparatus described above may refer to the corresponding processes in the above-mentioned method embodiments and will not be elaborated herein for ease and briefness of description.
In addition, in the descriptions of the embodiments of the present disclosure, unless otherwise specified and defined, terms "mounting" "fixed connection" and "connection" should be generally understood. For example, the term may be fixed connection, or detachable connection, or integral connection, or mechanical connection, or electric connection. The term may be direct connection, or indirect connection through an intermediate, or communication inside two elements. Those skilled in the art may understand the specific meanings of the terms in the present disclosure according to specific conditions.
When realized in form of software function unit and sold or used as an independent product, the function may be stored in a computer-readable storage medium. Based on such an understanding, the technical solutions of the embodiments of the present disclosure substantially or parts making contributions to the conventional art or part of the technical solutions may be embodied in form of software product. The computer software product is stored in a storage medium, including a plurality of instructions configured to enable a computer device (which may be a personal computer, an operation and maintenance management device, or a network device, etc.) to execute all or part of the operations of the method in each embodiment of the present disclosure. The above-mentioned storage medium includes: various media capable of storing program codes such as a U disk, a mobile hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
In the descriptions of the embodiments of the present disclosure, it is to be understood that the orientation or location relationships indicated by the terms "center", "upper", "lower", "left-, "right", "vertical", "horizontal", "inner" and "outer" are orientation or location relationships shown on the basis of the drawings, which are only for the convenience of describing the present disclosure and simplifying the descriptions, rather than indicating or implying that the referred apparatuses or elements must have a specific orientation, and be constructed and operated in the specific orientation. Therefore, it cannot be understood as a limitation to the present disclosure. In addition, terms "first", "second" and "third" are only used for describing purposes, and cannot be understood as indicating or implying relative importance.
It is finally to be noted that the above embodiments are only the exemplary implementation modes of the embodiments of the present disclosure and are adopted not to limit the present disclosure but to describe the technical solutions of the embodiments of the present disclosure. The scope of protection of the present disclosure is not limited thereto. Although the present disclosure is described with reference to the embodiments in detail, those skilled in the art should know that those skilled in the art may still make modifications or apparent variations to the technical solutions recorded in the embodiments or make equivalent replacements to part of technical features within the technical scope disclosed in the present disclosure, and these modifications, variations, or replacements do not make the essence of the corresponding technical solutions departs from the spirit and scope of the technical solutions of the embodiments of the present disclosure and shall fall within the scope of protection of the present disclosure. Therefore, the scope of protection of the present disclosure shall be subject to the scope of protection of the claims.
Claims (1)
- What is claimed is: 1. A verification method of access authority, applied to an identity authentication terminal, wherein the identity authentication terminal is in communication connection with a remote license terminal, the identity authentication terminal stores identity information, which is transmitted in advance by the remote license terminal, of a person who has access authority, and a camera is installed in the identity authentication terminal, and the method comprises: acquiring a face feature of a face in a field of vision of the camera, and recognizing, based on the face feature and the identity information of the person who has the access authority, an identity of a target person corresponding to the face feature to obtain an identity recognition result, wherein texture feature data of the face in the field of vision of the camera is acquired in a case where first texture data corresponding to an image shot by the camera is input to a pre-trained texture model to detect the face in the image; generating access request information based on the identity recognition result, and sending the access request information to the remote license terminal to verify whether the target person has access authority; sending, in a case where the target person has the access authority, access-allowed indication information to the identity authentication terminal; and allowing the target person to access in a case where the access-allowed indication information sent by the remote license terminal is received 2. The method according to claim 1, wherein acquiring a face feature of a face in a field of vision of the camera, and recognizing, based on the face feature and the identity information of the person who has the access authority, an identity of a target person corresponding to the face feature to obtain an identity recognition result comprises: acquiring an initial frame image shot by the camera, and obtaining the first texture data of the initial frame image, wherein the image comprises the initial frame image; and recognizing, based on the texture feature data and the identity information of the person who has the access authority, the identity of the target person corresponding to the face feature to obtain the identity recognition result 3. The method according to claim 2, wherein obtaining the first texture data of the initial frame image comprises: performing feature fuzzy processing on the initial frame image, and obtaining initial texture data of the processed initial frame image; and weighting the initial texture data based on preset weight parameters to obtain the first texture data, wherein a weight parameter corresponding to a data point at an edge position in the first texture data is lower than a weight parameter corresponding to a data point other than the data point at the edge position in the first texture data.4. The method according to claim 2, wherein the texture model is trained in a following manner: determining a target sample image based on a preset training sample set, wherein a sample label exists in the target sample image, and the sample label comprises an identity label of a face in the target sample image; obtaining texture sample data of the target sample image, inputting the texture sample data into an initial model, and outputting intermediate data; calculating a loss value based on the intermediate data and the sample label, and updating a model parameter of the initial model by a regression test based on the loss value; and continuing executing the operation of determining the target sample image based on the preset training sample set until the loss value converges to obtain the texture model.5. The method according to claim 2, wherein recognizing, based on the texture feature data and the identity information of the person who has the access authority, the identity of the target person corresponding to the face feature to obtain the identity recognition result comprises: comparing the texture feature data with the identity information of the person who has the access authority, and determining identity information, which matches with the texture feature data, in the identity information of the person who has the access authority as a first recognition result of the target person; obtaining the face feature of the face in a target frame image subsequent to the initial frame image through a pre-trained deep learning model; comparing the face feature with the identity information of the person who has the access authority, and determining identity information, which matches with the face feature, in the identity information of the person who has the access authority as a second recognition result of the target person; and determining the identity recognition result of the target person based on the first recognition result and the second recognition result.6. The method according to claim 5, wherein obtaining the face feature of the face in a target frame image subsequent to the initial frame image through a pre-trained deep learning model comprises: determining a movement trend of the face in the initial frameimage; determining positions of the face in frame images subsequent to the initial frame image based on the movement trend; determining a frame image, which contains the face and is a specified number of frames away from the initial frame image, subsequent to the initial frame image as the target frame image subsequent to the initial frame image; and inputting the target frame image into the pre-trained deep learning model, and outputting the face feature of the face in the target frame image.7. The method according to claim 5, wherein determining the identity recognition result of the target person based on the first recognition result and the second recognition result comprises: determining the second recognition result as the identity recognition result of the target person in a case where the first recognition result is different from the second recognition result.8. The method according to claim 5, further comprising: obtaining, in a case where no identity information matching with the texture feature data is found after comparing the texture feature data with the identity information of the person who has the access authority, the face feature of the face in the target frame image subsequent to the initial frame image through the pre-trained deep learning model; comparing the face feature with the identity information of the person who has the access authority; and determining, in a case where no identity information matching with the face feature is found after comparing the face feature with the identity information of the person who has the access authority, that the target person does not have the access authority.9. The method according to claim 1, wherein generating access request information based on the identity recognition result, and sending the access request information to the remote license terminal comprises: packaging, based on a preset data packet format, the identity recognition result into the access request information, wherein the access request information comprises packet header data and packet body data, the packet header data at least comprising: an instruction identifier, an event instruction code, an event instruction code type, an identifier of the remote license terminal and an event creation time, the event instruction code being used for indicating an analytic format of the access request information, the instruction identifier being used for checking whether the access request information is complete, and the packet body data comprising the identity recognition result; and sending the access request information to the remote license terminal.10. The method according to claim 1_, wherein allowing the target person to access in a case where the access-allowed indication information sent by the remote license terminal is received comprises: obtaining, in a case where the access-allowed indication information sent by the remote license terminal is received, an instruction identifier from packet header data of the access-allowed indication information, and checking whether the access-allowed indication information is complete or not based on the instruction identifier; obtaining, in a case where the access-allowed indication information is complete, an event instruction code from the packet header data of the access-allowed indication information, and determining an analytic format of the access-allowed indication information based on the event instruction code; and analyzing packet body data in the access-allowed indication information based on the analytic format to obtain an access-allowed indication, and allowing the target person to access based on the access-allowed indication.11. The method according to claim 1, before sending, in a case where the target person has the access authority, access-allowed indication information to the identity authentication terminal, further comprising.in a case where the remote license terminal is also in communication connection with an administrator terminal, acquiring, from the administrator terminal, a detection result for security of devices in an access target area indicated by the access-allowed indication information; and sending, in a case where the detection result for the security of the devices indicates that a device is live or there are other dangers, target information of denying access to the identity authentication terminal, wherein the target information is used for indicating that the identity recognition result shows that the target person has the access authority but the access target area is dangerous, and the target person is prohibited from entering.12. A verification apparatus of access authority, applied to an identity authentication terminal, wherein the identity authentication terminal is in communication connection with a remote license terminal, the identity authentication terminal stores identity information, which is transmitted in advance by the remote license terminal, of a person who has access authority, and a camera is installed in the identity authentication terminal, and the apparatus comprises: an identity recognition module, configured to acquire a face feature of a face in a field of vision of the camera, and recognize, based on the face feature and the identity information of the person who has the access authority, an identity of a target person corresponding to the face feature to obtain an identity recognition result, wherein texture feature data of the face in the field of vision of the camera is acquired in a case where first texture data corresponding to an image shot by the camera is input to a pre-trained texture model to detect the face in the image; an access request module, configured to generate access request information based on the identity recognition result, and send the access request information to the remote license terminal to verify whether the target person has access authority; and send, in a case where the target person has the access authority, access-allowed indication information to the identity authentication terminal; and an access control module, configured to allow the target person to access in a case where the access-allowed indication information sent by the remote license terminal is received.13. An identity authentication terminal, comprising a processor and a memory, wherein the memory stores a machine executable instruction executable by the processor, the processor executing the machine executable instruction to implement the verification method of access authority of any one of claims 1-11.14. A verification system of access authority, comprising an identity authentication terminal, a remote license terminal, a mobile communication transmission module, an administrator terminal and a cloud storage platform, wherein the mobile communication transmission module is configured between the identity authentication terminal and the remote license terminal, and is configured to implement communication between the identity authentication terminal and the remote license terminal.15. The system according to claim 14, wherein the remote license terminal is configured to receive access request information sent by the identity authentication terminal, wherein the access request information is generated by the identity authentication terminal in a following manner: acquiring a face feature of a face in a field of vision of a camera; recognizing, based on the face feature and the identity information of the person who has the access authority, an identity of a target person corresponding to the face feature to obtain an identity recognition result; generating access request information based on the identity recognition result; determining whether the target person corresponding to the access request information has access authority based on a preset access condition; sending, in a case where the target person has the access authority, access-allowed indication information to the identity authentication terminal, so that the identity authentication terminal allows the target person to access.16 A machine readable storage medium, wherein a machine executable instruction is stored on the machine readable storage medium, when the machine executable instruction is called and executed by a processor, the machine executable instruction causing the processor to implement the verification method of access authority of any one of claims 1-11.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210270111.9A CN114863506B (en) | 2022-03-18 | 2022-03-18 | Authentication method, device and system of admission permission and identity authentication terminal |
| PCT/CN2022/132285 WO2023173785A1 (en) | 2022-03-18 | 2022-11-16 | Access permission verification method, device, and system and identity authentication terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| GB202305443D0 GB202305443D0 (en) | 2023-05-31 |
| GB2620664A true GB2620664A (en) | 2024-01-17 |
Family
ID=89321376
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB2305443.0A Pending GB2620664A (en) | 2022-03-18 | 2022-11-16 | Access permission verification method, device, and system and identity authentication terminal |
Country Status (1)
| Country | Link |
|---|---|
| GB (1) | GB2620664A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107066969A (en) * | 2017-04-12 | 2017-08-18 | 南京维睛视空信息科技有限公司 | A kind of face identification method |
| CN109508700A (en) * | 2018-12-28 | 2019-03-22 | 广州粤建三和软件股份有限公司 | A kind of face identification method, system and storage medium |
| CN110232323A (en) * | 2019-05-13 | 2019-09-13 | 特斯联(北京)科技有限公司 | A kind of parallel method for quickly identifying of plurality of human faces for crowd and its device |
| CN111079514A (en) * | 2019-10-28 | 2020-04-28 | 湖北工业大学 | Face recognition method based on CLBP and convolutional neural network |
| WO2021217912A1 (en) * | 2020-04-28 | 2021-11-04 | 深圳壹账通智能科技有限公司 | Facial recognition-based information generation method and apparatus, computer device and storage medium |
| CN114863506A (en) * | 2022-03-18 | 2022-08-05 | 珠海优特电力科技股份有限公司 | Method, device and system for verifying access permission and identity authentication terminal |
-
2022
- 2022-11-16 GB GB2305443.0A patent/GB2620664A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107066969A (en) * | 2017-04-12 | 2017-08-18 | 南京维睛视空信息科技有限公司 | A kind of face identification method |
| CN109508700A (en) * | 2018-12-28 | 2019-03-22 | 广州粤建三和软件股份有限公司 | A kind of face identification method, system and storage medium |
| CN110232323A (en) * | 2019-05-13 | 2019-09-13 | 特斯联(北京)科技有限公司 | A kind of parallel method for quickly identifying of plurality of human faces for crowd and its device |
| CN111079514A (en) * | 2019-10-28 | 2020-04-28 | 湖北工业大学 | Face recognition method based on CLBP and convolutional neural network |
| WO2021217912A1 (en) * | 2020-04-28 | 2021-11-04 | 深圳壹账通智能科技有限公司 | Facial recognition-based information generation method and apparatus, computer device and storage medium |
| CN114863506A (en) * | 2022-03-18 | 2022-08-05 | 珠海优特电力科技股份有限公司 | Method, device and system for verifying access permission and identity authentication terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| GB202305443D0 (en) | 2023-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114863506B (en) | Authentication method, device and system of admission permission and identity authentication terminal | |
| US10997809B2 (en) | System and method for provisioning a facial recognition-based system for controlling access to a building | |
| WO2017202169A1 (en) | Access control data processing method, access control method, and electronic apparatus | |
| CN111191532B (en) | Face recognition method and device based on construction area and computer equipment | |
| CN106845368A (en) | Airport boarding safety check based on recognition of face confirms system and method again | |
| CN111918039B (en) | Artificial intelligence high risk operation management and control system based on 5G network | |
| CN114070654B (en) | Safety management and control method and system based on big data | |
| CN105701885A (en) | Face identification access control system and implementation method thereof | |
| KR101459024B1 (en) | Security System for Monitoring Facilities | |
| CN109784028B (en) | Face unlocking method and related device | |
| CN110852148A (en) | Visitor destination verification method and system based on target tracking | |
| CN113971782B (en) | Comprehensive monitoring information management method and system | |
| CN109657580B (en) | Urban rail transit gate traffic control method | |
| CN112866647A (en) | Intelligent property management system based on smart community | |
| CN111675059A (en) | Elevator control method and device based on face recognition and computer equipment | |
| CN113094244B (en) | Machine room operation intelligent detection system for data center | |
| GB2620664A (en) | Access permission verification method, device, and system and identity authentication terminal | |
| CN111932755A (en) | Personnel passage verification method and device, computer equipment and storage medium | |
| CN106157417A (en) | A kind of iris identification method, device, smart lock and intelligent identifying system | |
| GB2618918A (en) | Vehicle maintenance method and system | |
| CN115860979A (en) | Artificial intelligence management system for field operation of power grid | |
| CN115953815A (en) | Monitoring method and device for infrastructure site | |
| CN109389708A (en) | It is a kind of to reduce the high safety entrance checking system and method for breaking in probability | |
| CN116343419B (en) | Intelligent video monitoring alarm management system | |
| KR102462434B1 (en) | Security-enhanced access number check system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 789A | Request for publication of translation (sect. 89(a)/1977) |
Ref document number: 2023173785 Country of ref document: WO |