WO2019210698A1 - Authentication method - Google Patents

Authentication method Download PDF

Info

Publication number
WO2019210698A1
WO2019210698A1 PCT/CN2018/124942 CN2018124942W WO2019210698A1 WO 2019210698 A1 WO2019210698 A1 WO 2019210698A1 CN 2018124942 W CN2018124942 W CN 2018124942W WO 2019210698 A1 WO2019210698 A1 WO 2019210698A1
Authority
WO
WIPO (PCT)
Prior art keywords
face data
user
face
authentication
data
Prior art date
Application number
PCT/CN2018/124942
Other languages
French (fr)
Chinese (zh)
Inventor
陈晓磊
Original Assignee
上海掌门科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海掌门科技有限公司 filed Critical 上海掌门科技有限公司
Publication of WO2019210698A1 publication Critical patent/WO2019210698A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the embodiments of the present application relate to the field of computer technologies, and in particular, to an authentication method.
  • Face recognition authentication is fast and safe.
  • face data In the process of face recognition authentication, face data needs to be collected and stored in advance for use as a basis for authentication. Then, the face data to be verified is compared with the face data stored in advance to determine whether the authentication is passed.
  • the embodiment of the present application proposes an authentication method.
  • an embodiment of the present application provides an authentication method, where the method includes: acquiring an authentication request, where the authentication request includes user face data and a user identifier; determining whether the pre-stored first face database includes the foregoing The face data matched by the user face data, wherein the face database includes face data and an identity corresponding to the face data; and in response to determining that the first face database does not include a face that matches the user face data Data, generating and transmitting a data request to a predetermined electronic device, wherein the data request includes the user face data and/or the user identifier, and the electronic device generates the second face database based on the data request and the pre-stored data. And returning the result of the request, wherein the second face database and the first face database are isolated from each other; and the authentication result is generated according to the result of the request, wherein the authentication result is used to indicate that the authentication passes or the authentication fails.
  • the data request includes the user identifier
  • the electronic device searches for the identity identifier matching the user identifier in the second face database, and returns the face data corresponding to the found identity identifier as a result of the request.
  • generating the authentication result according to the foregoing request result comprising: determining whether the received face data matches the user face data; and in response to determining that the received face data matches the user face data, generating Indicates the certification result passed by the certification.
  • the data request includes the user face data; the electronic device searches for the face data matching the user face data in the second face database, and the identity corresponding to the found face data is And the identifier is returned as the result of the request; and the generating the authentication result according to the foregoing request result, comprising: determining whether the received identity identifier matches the foregoing user identifier; and generating, in response to determining that the received identity identifier matches the user identifier, generating The certification result passed by the certification.
  • the data request includes the user face data and the user identifier; the electronic device searches for the identity identifier matching the user identifier in the second face database, and determines the person corresponding to the found identity identifier. Whether the face data matches the user face data, and in response to determining that the face data corresponding to the found identity identifier matches the user face data, the authentication consistency information is returned as a request result; and the foregoing generating the authentication according to the request result As a result, in response to receiving the above-described authentication matching information, an authentication result indicating that the authentication is passed is generated.
  • determining whether the pre-stored first face database includes the face data matching the user face data includes: searching, in the first face database, the matching with the user face data.
  • the method further includes: determining, in response to finding the face data that matches the user face data, whether the identity identifier corresponding to the found face data matches the user identifier; and determining the found The identity identifier corresponding to the face data matches the foregoing user identifier, and generates an authentication result indicating that the authentication is passed.
  • determining whether the pre-stored first face database includes face data matching the user face data includes: searching, in the first face database, an identity that matches the user identifier. Determining whether the face data corresponding to the found identity identifier matches the user face data in response to finding the identity identifier that matches the user identifier; and the method further includes: responding to determining the corresponding identity identifier that is found The face data matches the user face data described above, and generates an authentication result indicating that the authentication is passed.
  • determining whether the pre-stored first face database includes the face data matching the user face data further comprising: determining, according to the user face data, the person indicated by the user face data Whether the face is a living human face; in response to determining that the face indicated by the user face data is not a living face, an authentication result indicating that the authentication fails is generated.
  • the terminal acquires the user face data and the user identifier, and generates an authentication request according to the user face data and the user identifier, in response to receiving operation information for triggering a predefined operation.
  • the terminal performs the above predefined operation in response to obtaining an authentication result indicating that the authentication is passed.
  • the embodiment of the present application provides an authentication apparatus, where the apparatus includes: an obtaining unit configured to acquire an authentication request, where the authentication request includes user face data and a user identifier; and the determining unit is configured to determine Whether the pre-stored first face database includes face data matching the user face data, wherein the face database includes face data and an identity corresponding to the face data; the first generating unit is configured to respond Determining that the first face database does not include face data matching the user face data, generating and transmitting a data request to the predetermined electronic device, wherein the data request includes the user face data and/or the user
  • the identifier, the electronic device generates and returns a request result based on the data request and the pre-stored second face database, wherein the second face database and the first face database are isolated from each other; and the second generating unit, Is configured to generate an authentication result according to the result of the request, wherein the above recognition
  • the result of the certificate is used to indicate that the certification has passed or the certification has not passed.
  • an embodiment of the present application provides an electronic device, where the electronic device includes: one or more processors; and a storage device, configured to store one or more programs, when the one or more programs are When executed by a plurality of processors, the one or more processors described above are implemented as described in any one of the first aspects.
  • an embodiment of the present application provides a computer readable medium having stored thereon a computer program, wherein the computer program is executed by a processor to implement the method as described in any one of the first aspects.
  • the authentication method provided by the embodiment of the present application determines whether the first face database includes face data matching the user face data by using the execution body first; if not, sending a data request to the predetermined electronic device, the electronic The device returns the request result by using the second face database; the execution body further generates an authentication result according to the request result, and may invoke the second face of the other civil subject if the face data of the first face database lacks face data.
  • the database for authentication support, provides a new face recognition authentication method.
  • FIG. 1 is an exemplary system architecture diagram to which the present application can be applied;
  • FIG. 2 is a flow chart of one embodiment of an authentication method in accordance with the present application.
  • 3A is a schematic diagram showing an exemplary relationship between a first face database and a second face database according to the present application
  • 3B is a schematic diagram showing an exemplary relationship between a first face database and a second face database according to the present application
  • 3C is a schematic diagram showing an exemplary relationship between a first face database and a second face database according to the present application
  • FIG. 4 is a schematic diagram of an application scenario of an authentication method according to the present application.
  • FIG. 5 is a schematic diagram of another application scenario of an authentication method according to the present application.
  • FIG. 6 is a flow chart of still another embodiment of an authentication method in accordance with the present application.
  • FIG. 7 is a flow chart of still another embodiment of an authentication method in accordance with the present application.
  • FIG. 8 is a flow chart of still another embodiment of an authentication method in accordance with the present application.
  • FIG. 9 is a flow chart of still another embodiment of an authentication method in accordance with the present application.
  • FIG. 10 is a flow chart of still another embodiment of an authentication method in accordance with the present application.
  • FIG. 11 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server of an embodiment of the present application.
  • FIG. 1 illustrates an exemplary system architecture 100 in which an embodiment of an authentication method of the present application may be applied.
  • the system architecture 100 can include a terminal device 101, a network 102, a first server 103, and a second server 104.
  • the network 102 is used to provide a medium for a communication link between the terminal device 101, the first server 103, and the second server 104.
  • Network 102 can include a variety of connection types, such as wired, wireless communication links, fiber optic cables, and the like.
  • the user can use the terminal device 101 to interact with the first server 103 or the second server 104 via the network 102 to receive or send a message or the like.
  • the terminal device 101 can be installed with various communication client applications, such as a payment application, a web browser application, a shopping application, a search application, an instant communication tool, a mailbox client, a social platform software, and the like.
  • the terminal device 101 may be hardware or software.
  • the terminal device 101 may be various electronic devices with image capturing functions, including but not limited to smart phones, tablets, e-book readers, MP3 players (Moving Picture Experts Group Audio Layer III, motion picture experts) Compress standard audio level 3), MP4 (Moving Picture Experts Group Audio Layer IV) player, laptop portable computer and desktop computer, etc.
  • the terminal device 101 is software, it can be installed in the above-listed electronic devices. It can be implemented as a plurality of software or software modules (for example to provide distributed services) or as a single software or software module. This is not specifically limited.
  • the first server 103 may be a server that provides various services, such as a background server that provides support for applications installed on the terminal device 101.
  • the background server may perform processing such as analyzing the received authentication request and the like, and feed back the processing result (for example, the authentication result) to the terminal device.
  • the second server 104 may be a server that provides various services, such as a background server that provides support for the authentication function of the first server 103.
  • the background server may perform processing such as analyzing data such as the received data request, and feed back the processing result (for example, the result of the request) to the first server 103.
  • the first server or the second server is a server that can provide services in response to a user's service request. It can be understood that one server can provide one or more services, and the same service can also be provided by multiple servers.
  • the authentication method provided by the embodiment of the present application may be performed by the first server 103 or the terminal device 101. Accordingly, the authentication device may be disposed in the first server 103 or the terminal device 101.
  • first server 103 and the second server 104 may be hardware or software.
  • first server 103 and the second server 104 are hardware, a distributed server cluster composed of a plurality of servers may be implemented, or may be implemented as a single server.
  • first server 103 and the second server 104 are software, they may be implemented as multiple software or software modules (for example, to provide distributed services), or may be implemented as a single software or software module. This is not specifically limited.
  • terminal devices, networks, first servers, and second servers in FIG. 1 are merely illustrative. Depending on the implementation needs, there may be any number of terminal devices, networks, first servers, and second servers.
  • a flow 200 of one embodiment of an authentication method is illustrated. This embodiment is mainly illustrated by the method being applied to an electronic device having a certain computing capability.
  • the electronic device may be the first server 103 shown in FIG. 1 or the terminal device 101 shown in FIG.
  • the authentication method includes the following steps:
  • Step 201 Acquire an authentication request.
  • an execution body of the authentication method (for example, the first server shown in FIG. 1) can acquire an authentication request.
  • the first server may receive the authentication request from the terminal used by the user by using a wired connection manner or a wireless connection manner, and then store the authentication request, and then obtain the authentication request locally.
  • the terminal may generate an authentication request, which is equivalent to obtaining an authentication request.
  • the foregoing authentication request may include user face data and a user identifier.
  • the user face data may be capable of indicating data of the user's face features.
  • the user face data may include, but is not limited to, at least one of: a face image of the user and a feature map extracted from the face image of the user.
  • the user identifier may be an identifier of an collection object for indicating user face data.
  • the user identification may include, but is not limited to, at least one of the following: an identification assigned to the user's face data, an identification number of the user, a terminal identification of the terminal used by the user, and a telephone number of the user. It should be noted that the user identifier may indicate the identity of the foregoing collection object, or may not indicate the identity of the collection object.
  • the authentication request may be used to request authentication: the collection object of the user face data is instructed by the user identifier. The object is consistent.
  • the authentication request may be used to request the following items: whether the object of the user face data can be authenticated. (has passed permissions).
  • the terminal can collect the user face data of the person to be identified. At this time, the terminal does not know the identity of the person to be identified, in which case the terminal can assign the user identifier to the collected user face data.
  • the user identification can be a string of numbers used to identify the collected user face data.
  • the terminal can send the user face data to the first server.
  • the first server stores a release list, and the release list includes a releaseable identity.
  • the first server may determine the user identity corresponding to the user face data through the first face database, or receive the user identity corresponding to the user face data returned by the second server. Then, the first server may determine whether the user identity corresponding to the user face data is in the release list.
  • the first server may generate an authentication result indicating that the authentication is passed. If the user identity corresponding to the user face data is not in the release list, the first server may generate an authentication result indicating that the authentication fails.
  • the terminal may receive operation information for triggering a predefined operation. Then, the terminal may acquire the user face data and the user identifier in response to receiving the operation information. Then, the terminal may generate an authentication request according to the user face data and the user identifier.
  • the above predefined operations may include, but are not limited to, at least one of the following: a login operation and a payment operation.
  • Step 202 Determine whether the pre-stored first face database includes face data matching the user face data.
  • the pre-stored first face database includes face data matching the above-described face data.
  • the face database may include face data and an identity corresponding to the face data.
  • the face data may include, but is not limited to, at least one of the following: a face image and an image feature extracted from the face image.
  • the identity may include, but is not limited to, at least one of the following: an identification number, a terminal identification, and a telephone number.
  • determining whether the user face data matches the face data in the face database can be implemented by calculating the similarity between the user face data and the face data in the face database.
  • calculating the similarity between the face data refer to the calculation method in the face recognition technology, and details are not described herein again.
  • the step 202 may include: determining, according to the user face data, whether the face indicated by the user face data is a living face; and determining the user face data in response to determining The indicated face is not a living face, and an authentication result indicating that the authentication is not passed is generated.
  • the terminal collects the object of the user face data as a living face.
  • how to determine whether the face indicated by the user face data is a living face according to the user face data may be implemented by: predetermining some features, and summarizing the characteristics of the living face for these features. Parameters and characteristic parameters of non-living faces.
  • the feature parameters of the user face data are analyzed, and then compared with the feature parameters of the living face and the feature parameters of the non-living face to determine whether the face indicated by the user face data is a living face.
  • the above features may include, but are not limited to, at least one of the following: color features, texture features, two-dimensional shape features, two-dimensional spatial relationship features, three-dimensional shape features, three-dimensional spatial relationship features, face features, facial features, facial features, and Proportional characteristics.
  • the user face data is compared with the face data in the face database, it is detected in advance whether the face indicated by the user face data is a living face, and the illegal user can be prevented from impersonating the legitimate user.
  • Step 203 in response to determining that the first face database does not include face data matching the user face data, generating and transmitting a data request to the predetermined electronic device.
  • the electronic device (such as the second server shown in Figure 1) sends a data request.
  • the above data request can be used to request data.
  • the above data request may include user face data and/or user identification.
  • the association information may be pre-stored in the execution entity, and the association information may indicate an electronic device identifier of the electronic device having an association relationship with the execution entity.
  • the above-mentioned execution entity can learn the predetermined electronic device by acquiring the associated information.
  • the electronic device may generate and return a request result based on the data request and the pre-stored second face database.
  • the electronic device for example, the second server shown in FIG. 1
  • the execution body for example, the first server shown in FIG. 1
  • the electronic device may be electronic devices or different electronic devices.
  • first face database and the second face database in the present application are both face databases.
  • both the first face database and the second face database may include face data and an identity corresponding to the face data.
  • first face database and the second face database are isolated from each other. The isolation between the first face database and the second face database can be at least reflected in the following aspects:
  • Face recognition using the first face database and face recognition using the second face database are two independent use processes that do not interfere with each other.
  • the included face data is different.
  • a set of face data in the first face database may be referred to as a first face data set 301.
  • a set of face data in the second face database may be referred to as a second face data set 302.
  • FIG. 3A illustrates an exemplary relationship between the first face data set and the second face data set (which may also be said to be an exemplary relationship between the first face database and the second face database), ie, The intersection of a face data set and a second face data set is an empty set.
  • FIG. 3B illustrates another exemplary relationship between the first face data set and the second face data set, that is, the intersection of the first face data set and the second face data set is not empty, and is not The first face data collection.
  • FIG. 3C illustrates still another exemplary relationship of the first face data set and the second face data set, that is, the intersection of the first face data set and the second face data set is the first face data set.
  • civil subjects can also be called "the subject of civil legal relations.”
  • the civil subject may be a person who enjoys the rights and obligations under the civil legal relationship, and can be a civil subject with citizens (natural persons) and legal persons. It can be understood that the ownership of the face database can be attributed to the civil subject.
  • the first face database and the second face database may belong to different civil subjects respectively.
  • the first face database and the second face database belong to different civil subjects, respectively, and the ownership of the first face database and the ownership of the second face database belong to different civil subjects respectively;
  • the right to use the face database and the right to use the second face database belong to different civil subjects.
  • the first face database may belong to company A
  • the second face database may belong to company B
  • the first face database may belong to company A
  • the second face database may belong to a public security organ. It should be noted that when the public security organ opens a face database (or provides an interface for use) to a civil subject, and participates in civil activities. Public security organs can be considered as civil subjects.
  • the first face database may be stored in the above-described execution body (for example, the first server in FIG. 1).
  • the second face database may be stored in the above electronic device (eg, the second server in FIG. 1).
  • Step 204 Generate an authentication result according to the result of the request.
  • the execution body (for example, the first server shown in FIG. 1) may generate an authentication result according to the result of the request returned by the electronic device.
  • the foregoing authentication result is used to indicate that the authentication is passed or the authentication is not passed.
  • the authentication pass may be: the collection object of the user face data is consistent with the object indicated by the user identifier.
  • the authentication failure may mean that the collection object of the user face data is inconsistent with the object indicated by the user identifier.
  • the authentication object may refer to the collection object of the user face data having the permission of the user; the authentication failure may mean that the collection object of the user face data does not have the permission.
  • the terminal in a case that the terminal receives the operation information for triggering the predefined operation, the terminal may perform the predefined in response to acquiring the authentication result for indicating the authentication pass. operating.
  • the foregoing operation information may trigger a login operation, and the terminal performs a login operation when receiving an authentication result indicating that the authentication is passed.
  • the operation information may trigger a payment operation, and the terminal performs a payment operation when receiving an authentication result indicating that the authentication is passed.
  • the terminal may generate an authentication result by itself, which is equivalent to obtaining an authentication result. If the execution entity is not a terminal but a server, the terminal may receive an authentication result returned by the server to obtain an authentication result.
  • FIG. 4 is a schematic diagram of an application scenario of the authentication method according to the present embodiment.
  • the application scenario of Figure 4 :
  • the terminal 401 generates an authentication request and then transmits the authentication request 402 to the server 403.
  • Server 403 can obtain authentication request 402.
  • the server 403 may determine whether the pre-stored first face database includes face data that matches the user face data described above.
  • the server 403 may generate and send a data request 405 to the predetermined server 404 in response to determining that the first face database does not include face data that matches the user face data.
  • the server 404 can generate the request result 406 based on the data request 405 and the pre-stored second face database, and then return the request result 406 to the server 403.
  • the server 403 can generate an authentication result 407 according to the above request result 406.
  • the server 403 can transmit the authentication result 407 to the terminal 401.
  • FIG. 5 is a schematic diagram of another application scenario of the authentication method according to the present embodiment.
  • the application scenario of Figure 5 :
  • the terminal 501 can generate an authentication request, which is equivalent to obtaining an authentication request.
  • the terminal 501 may determine whether the pre-stored first face database includes face data that matches the user face data described above.
  • the terminal 501 may generate a data request 502 in response to determining that the first face database does not include face data that matches the user face data. Terminal 501 then sends a data request 502 to predetermined server 503.
  • the server 503 can generate the request result 504 based on the data request 502 and the pre-stored second face database, and then return the request result 504 to the terminal 501.
  • the terminal 501 can generate an authentication result according to the above request result 504.
  • the method provided by the above embodiment of the present application first determines whether the first face database includes face data matching the user face data by the execution body; if not, sends a data request to the predetermined electronic device, the electronic The device returns the request result by using the second face database; the execution entity further generates an authentication result according to the request result, and may be indirectly separated from the first face database if the face data of the first face database lacks face data.
  • the second face database is used for authentication support.
  • the current civil subject can reduce the collection and storage capacity of the face database. Furthermore, it is possible to establish a cooperative relationship of cooperation between each civil subject and other civil subjects, which can reduce the amount of face data collection and processing in the face recognition field as a whole.
  • the face data sharing of the same user can be realized, and the face image of the same user does not need to be repeatedly collected. Thereby, the user's time can be saved. Moreover, reducing the collection and storage opportunities of the face image can improve the security of the user information.
  • the process 600 of the authentication method includes the following steps:
  • Step 601 Acquire an authentication request.
  • an execution body of the authentication method (for example, the first server shown in FIG. 1) can acquire an authentication request.
  • the foregoing authentication request may include user face data and a user identifier.
  • Step 602 In the first face database, find an identity that matches the user identifier.
  • an execution body of the authentication method may search for an identity identifier matching the user identifier in the first face database.
  • the user identifier may indicate identity information of the user.
  • determining whether the user identifier and the identity identifier match may be implemented by: directly comparing whether the user identifier and the identity identifier are consistent; calculating a similarity between the two, and the similarity is greater than the similarity threshold to confirm the match. .
  • Step 603 Determine, according to the identifier that matches the user identifier, whether the face data corresponding to the found identity identifier matches the user face data.
  • the execution entity of the authentication method may determine the face data corresponding to the found identity identifier and the user in response to finding the identity identifier that matches the user identifier. Whether the face data matches.
  • Step 604 in response to determining that the face data corresponding to the found identity identifier matches the user face data, generating an authentication result for indicating that the authentication is passed.
  • the execution body of the authentication method may generate, in response to determining that the face data corresponding to the found identity identifier matches the user face data, Certification results.
  • Step 605 In response to determining that the face data corresponding to the found identity identifier does not match the user face data, determine that the first face database does not include face data that matches the user face data.
  • the execution entity of the authentication method may determine that the face data corresponding to the found identity does not match the user face data, and is generated to indicate that the authentication fails. Certification results.
  • Step 606 in response to determining that the first face database does not include face data matching the user face data, generating and transmitting a data request to the predetermined electronic device.
  • the electronic device (such as the second server shown in Figure 1) sends a data request.
  • Step 607 Generate an authentication result according to the result of the request.
  • the execution body (for example, the first server shown in FIG. 1) may generate an authentication result according to the result of the request returned by the electronic device.
  • step 601, the step 606, and the step 607 in the embodiment are substantially the same as the operations in the step 201, the step 203, and the step 204 in the embodiment shown in FIG. 2, and details are not described herein again.
  • the flow 600 of the authentication method in this embodiment highlights the following aspects compared to the embodiment corresponding to FIG. 2:
  • the user identifier can indicate the identity information of the user, first look up the identity identifier matching the user identifier in the first face database, and then determine the face data that matches the user face data with the found identity identifier. , whether it matches. It can be understood that the calculation amount of the search identity is smaller than the calculation amount of the face data match.
  • the target face data in the first face database is locked by the identity identifier, and it is determined whether the target face data matches the user face data, which can reduce the calculation amount.
  • the data request is sent to the predetermined electronic device.
  • the first face database determines that the target face data does not match the user face data, it does not conclude that the authentication fails, but uses the second face database for further verification, thereby improving the accuracy of the authentication. rate.
  • the process 700 of the authentication method includes the following steps:
  • Step 701 Acquire an authentication request.
  • an execution body of the authentication method (for example, the first server shown in FIG. 1) can acquire an authentication request.
  • the foregoing authentication request may include user face data and a user identifier.
  • the user identifier may not indicate the identity of the user.
  • Step 702 In the first face database, look for face data that matches the user face data.
  • the execution body of the authentication method e.g., the first server shown in Fig. 1
  • the execution body of the authentication method can look up the face data matching the user face data in the first face database.
  • Step 703 Determine, according to the face data that matches the user face data, whether the identity identifier corresponding to the found face data matches the user identifier.
  • the execution body of the authentication method may determine the identity identifier corresponding to the found face data in response to finding the face data matching the user face data. Whether it matches the above user ID.
  • Step 704 In response to determining that the identity identifier corresponding to the found face data matches the user identifier, generate an authentication result for indicating that the authentication is passed.
  • the execution body of the authentication method may generate an authentication for indicating the passing of the authentication by determining that the identity identifier corresponding to the found face data matches the user identifier. result.
  • Step 705 In response to determining that the identity identifier corresponding to the found face data does not match the user identifier, generate an authentication result indicating that the authentication fails.
  • the execution body of the authentication method may generate, in response to determining that the identity identifier corresponding to the found face data does not match the foregoing user identifier, to generate an indication that the authentication fails. Certification results.
  • Step 706 in response to not finding the face data matching the user face data, determining that the first face database does not include face data matching the user face data.
  • the first face database does not include the user person in response to not finding the face data matching the user face data. Face data matching face data.
  • Step 707 in response to determining that the first face database does not include face data matching the user face data, generating and transmitting a data request to the predetermined electronic device.
  • the electronic device (such as the second server shown in Figure 1) sends a data request.
  • Step 708 Generate an authentication result according to the result of the request.
  • the execution body (for example, the first server shown in FIG. 1) may generate an authentication result according to the result of the request returned by the electronic device.
  • step 701, step 707, and step 708 in the embodiment are substantially the same as those in step 201, step 203, and step 204 in the embodiment shown in FIG. 2, and details are not described herein again.
  • the process 700 of the authentication method in this embodiment highlights that the user is accessed through the first face database if the user identity cannot indicate the identity of the user.
  • the step of identifying and authenticating the face data can implement more comprehensive face recognition authentication.
  • the process 800 of the authentication method includes the following steps:
  • Step 801 Acquire an authentication request.
  • an execution body of the authentication method (for example, the first server shown in FIG. 1) can acquire an authentication request.
  • Step 802 Determine whether the pre-stored first face database includes face data matching the user face data.
  • Step 803 in response to determining that the first face database does not include face data matching the user face data, generating and transmitting the user identifier to the predetermined electronic device.
  • the electronic device searches for the identity identifier matching the user identifier in the second face database, and returns the face data corresponding to the found identity identifier as a result of the request, where the second face database includes the face data and the person User ID corresponding to the face data.
  • Step 804 Determine whether the received face data matches the user face data.
  • Step 805 in response to the received face data matching the user face data, generating an authentication result indicating that the authentication is passed.
  • Step 806 in response to the received face data not matching the user face data, generating an authentication result indicating that the authentication fails.
  • the process 800 of the authentication method in this embodiment highlights that the execution entity sends a user identifier to the electronic device and receives face data from the electronic device, as compared with the embodiment corresponding to FIG. 2 . Then, the execution body confirms whether the received face data matches the user face data.
  • the solution described in this embodiment can provide a more comprehensive interaction.
  • the process 900 of the authentication method includes the following steps:
  • step 901 an authentication request is obtained.
  • an execution body of the authentication method (for example, the first server shown in FIG. 1) can acquire an authentication request.
  • Step 902 Determine whether the pre-stored first face database includes face data matching the user face data.
  • Step 903 in response to determining that the first face database does not include face data matching the user face data, generating and transmitting the user face data to the predetermined electronic device.
  • the electronic device searches for the face data matching the user face data in the second face database, and returns the identity identifier corresponding to the found face data as a result of the request.
  • Step 904 Determine whether the received identity identifier matches the user identifier.
  • Step 905 In response to the received identity identifier matching the user identifier, generate an authentication result indicating that the authentication is passed.
  • Step 906 In response to the received identity identifier not matching the user identifier, generate an authentication result indicating that the authentication fails.
  • the flow 900 of the authentication method in this embodiment highlights that the execution entity sends user face data to the electronic device and receives an identity from the electronic device, as compared with the embodiment corresponding to FIG. 2 . And the step of confirming, by the above-mentioned execution entity, whether the received identity matches the user identifier.
  • the solution described in this embodiment can provide a more comprehensive interaction.
  • the process 1000 of the authentication method includes the following steps:
  • Step 1001 Acquire an authentication request.
  • an execution body of the authentication method (for example, the first server shown in FIG. 1) can acquire an authentication request.
  • Step 1002 Determine whether the pre-stored first face database includes face data matching the user face data.
  • Step 1003 in response to determining that the first face database does not include face data matching the user face data, generating and transmitting the user face data and the user identifier to the predetermined electronic device.
  • the electronic device searches for the identity identifier that matches the user identifier in the second face database, and determines the face data corresponding to the found identity identifier and the user face. Whether the data matches; determining that the face data corresponding to the found identity matches the user face data, and returning the authentication consistency information as a result of the request; and responding to determining the face data corresponding to the found identity and the user The face data does not match, and the authentication inconsistency information is returned as the result of the request.
  • the electronic device searches for the face data corresponding to the user face data in the second face database, and determines the identity identifier corresponding to the found face data and the foregoing Whether the user identifier matches or not; in response to determining that the identity identifier corresponding to the searched face data matches the user identifier, the authentication consistency information is returned as the request information; and the identity identifier corresponding to the determined face data does not match the user identifier. , the authentication inconsistency information is returned as the request information.
  • Step 1004 In response to receiving the authentication consistency information, generate an authentication result indicating that the authentication is passed.
  • Step 1005 In response to receiving the authentication inconsistency information, generate an authentication result indicating that the authentication fails.
  • the process 1000 of the authentication method in this embodiment highlights that the execution entity sends the user face data and the user identifier to the electronic device from the execution body.
  • FIG. 11 a block diagram of a computer system 1100 suitable for use in implementing a terminal device or server of an embodiment of the present application is shown.
  • the terminal device or server shown in FIG. 11 is merely an example, and should not impose any limitation on the function and scope of use of the embodiments of the present application.
  • the computer system 1100 includes a central processing unit (CPU) 1101, which can be loaded into random access according to a program stored in a read only memory (ROM) 1102 or from a storage portion 1108. Various appropriate operations and processes are executed by the program in the RAM (Random Access Memory) 1103. In the RAM 1103, various programs and data required for the operation of the system 1100 are also stored.
  • the CPU 1101, the ROM 1102, and the RAM 1103 are connected to each other through a bus 1104.
  • An input/output (I/O, Input/Output) interface 1105 is also coupled to bus 1104.
  • the following components are connected to the I/O interface 1105: an input portion 1106 including a keyboard, a mouse, etc.; an output portion 1107 including a cathode ray tube (CRT, a cathode crystal ray), a liquid crystal display (LCD), and the like, and a speaker or the like.
  • a storage portion 1108 including a hard disk or the like; and a communication portion 1109 including a network interface card such as a LAN (Local Area Network) card, a modem, and the like.
  • the communication section 1109 performs communication processing via a network such as the Internet.
  • Driver 1110 is also connected to I/O interface 1105 as needed.
  • a removable medium 1111 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory or the like is mounted on the drive 1110 as needed so that a computer program read therefrom is installed into the storage portion 1108 as needed.
  • an embodiment of the present disclosure includes a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for executing the method illustrated in the flowchart.
  • the computer program can be downloaded and installed from the network via the communication portion 1109, and/or installed from the removable medium 1111.
  • the central processing unit (CPU) 1101 the above-described functions defined in the method of the present application are performed.
  • the computer readable medium described above may be a computer readable signal medium or a computer readable storage medium or any combination of the two.
  • the computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the above. More specific examples of computer readable storage media may include, but are not limited to, electrical connections having one or more wires, portable computer disks, hard disks, random access memory (RAM), read only memory (ROM), erasable Programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the foregoing.
  • a computer readable storage medium may be any tangible medium that can contain or store a program, which can be used by or in connection with an instruction execution system, apparatus or device.
  • a computer readable signal medium may include a data signal that is propagated in the baseband or as part of a carrier, carrying computer readable program code. Such propagated data signals can take a variety of forms including, but not limited to, electromagnetic signals, optical signals, or any suitable combination of the foregoing.
  • the computer readable signal medium can also be any computer readable medium other than a computer readable storage medium, which can transmit, propagate, or transport a program for use by or in connection with the instruction execution system, apparatus, or device.
  • Program code embodied on a computer readable medium can be transmitted by any suitable medium, including but not limited to wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
  • Computer program code for performing the operations of the present application may be written in one or more programming languages, or combinations thereof, including an object oriented programming language such as Java, Smalltalk, C++, and conventional Procedural programming language—such as the "C" language or a similar programming language.
  • the program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer, partly on the remote computer, or entirely on the remote computer or server.
  • the remote computer can be connected to the user's computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or can be connected to an external computer (eg, using an Internet service provider) Internet connection).
  • LAN local area network
  • WAN wide area network
  • Internet service provider Internet service provider
  • each block of the flowchart or block diagram can represent a module, a program segment, or a portion of code that includes one or more of the logic functions for implementing the specified.
  • Executable instructions can also occur in a different order than that illustrated in the drawings. For example, two successively represented blocks may in fact be executed substantially in parallel, and they may sometimes be executed in the reverse order, depending upon the functionality involved.
  • each block of the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts can be implemented in a dedicated hardware-based system that performs the specified function or operation. Or it can be implemented by a combination of dedicated hardware and computer instructions.
  • the units involved in the embodiments of the present application may be implemented by software or by hardware.
  • the described unit may also be provided in the processor, for example, as a processor including an acquisition unit, a determination unit, a first generation unit, and a second generation unit.
  • the names of these units do not constitute a limitation on the unit itself under certain circumstances.
  • the obtaining unit may also be described as “acquiring an authentication request”.
  • the present application also provides a computer readable medium, which may be included in the apparatus described in the above embodiments, or may be separately present and not incorporated into the apparatus.
  • the computer readable medium carries one or more programs, when the one or more programs are executed by the device, causing the device to: obtain an authentication request, wherein the authentication request includes user face data and a user identifier; Whether the stored first face database includes face data matching the user face data, wherein the face database includes face data and an identity corresponding to the face data; and in response to determining that the first face database is not Included with the face data matching the user face data, generating and transmitting a data request to a predetermined electronic device, wherein the data request includes the user face data and/or the user identifier, and the electronic device is based on the data request And generating, by the second face database, and returning the result of the request, wherein the second face database and the first face database are isolated from each other; and the authentication result is generated according to the result of the request, wherein the authentication result

Abstract

Disclosed in embodiments of the present application is an authentication method. One specific embodiment of the method comprises: obtaining an authentication request, the authentication request comprising user face data and a user identifier; determining whether a pre-stored first face database comprises face data matching the user face data; in response to the determination that the first face database does not comprise the face data matching the user face data, generating a data request and sending same to a predetermined electronic device, the electronic device generating and returning a request result on the basis of the data request and a pre-stored second face database, and the second face database being isolated from the first face database; and generating an authentication result according to the request result. The embodiment provides a novel face recognition authentication approach.

Description

认证方法Authentication method 技术领域Technical field
本申请实施例涉及计算机技术领域,具体涉及认证方法。The embodiments of the present application relate to the field of computer technologies, and in particular, to an authentication method.
背景技术Background technique
随着人脸识别技术的发展,越来越多的认证场景利用人脸识别技术进行认证。人脸识别认证,速度快并且安全性较高。With the development of face recognition technology, more and more authentication scenarios use face recognition technology for authentication. Face recognition authentication is fast and safe.
在人脸识别认证的过程中,需要预先采集并存储人脸数据,用作认证基础。然后,将需要验证的人脸数据与预先存储的人脸数据进行比对,确定是否认证通过。In the process of face recognition authentication, face data needs to be collected and stored in advance for use as a basis for authentication. Then, the face data to be verified is compared with the face data stored in advance to determine whether the authentication is passed.
发明内容Summary of the invention
本申请实施例提出了认证方法。The embodiment of the present application proposes an authentication method.
第一方面,本申请实施例提供了一种认证方法,该方法包括:获取认证请求,其中,上述认证请求包括用户人脸数据和用户标识;确定预先存储的第一人脸数据库是否包括与上述用户人脸数据匹配的人脸数据,其中,人脸数据库包括人脸数据和与人脸数据对应的身份标识;响应于确定上述第一人脸数据库不包括与上述用户人脸数据匹配的人脸数据,生成以及向预先确定的电子设备发送数据请求,其中,上述数据请求包括上述用户人脸数据和/或上述用户标识,上述电子设备基于上述数据请求和预先存储的第二人脸数据库,生成以及返回请求结果,其中,上述第二人脸数据库与上述第一人脸数据库之间相互隔离;根据上述请求结果,生成认证结果,其中,上述认证结果用于指示认证通过或者认证不通过。In a first aspect, an embodiment of the present application provides an authentication method, where the method includes: acquiring an authentication request, where the authentication request includes user face data and a user identifier; determining whether the pre-stored first face database includes the foregoing The face data matched by the user face data, wherein the face database includes face data and an identity corresponding to the face data; and in response to determining that the first face database does not include a face that matches the user face data Data, generating and transmitting a data request to a predetermined electronic device, wherein the data request includes the user face data and/or the user identifier, and the electronic device generates the second face database based on the data request and the pre-stored data. And returning the result of the request, wherein the second face database and the first face database are isolated from each other; and the authentication result is generated according to the result of the request, wherein the authentication result is used to indicate that the authentication passes or the authentication fails.
在一些实施例中,上述数据请求包括上述用户标识;上述电子设备在第二人脸数据库中,查找与上述用户标识匹配的身份标识,将查找到的身份标识对应的人脸数据作为请求结果返回;以及上述根据上 述请求结果,生成认证结果,包括:确定接收到的人脸数据与上述用户人脸数据是否匹配;响应于确定接收到的人脸数据与上述用户人脸数据匹配,生成用于指示认证通过的认证结果。In some embodiments, the data request includes the user identifier, and the electronic device searches for the identity identifier matching the user identifier in the second face database, and returns the face data corresponding to the found identity identifier as a result of the request. And generating the authentication result according to the foregoing request result, comprising: determining whether the received face data matches the user face data; and in response to determining that the received face data matches the user face data, generating Indicates the certification result passed by the certification.
在一些实施例中,上述数据请求包括上述用户人脸数据;上述电子设备在第二人脸数据库中,查找与上述用户人脸数据匹配的人脸数据,将查找到的人脸数据对应的身份标识作为请求结果返回;以及上述根据上述请求结果,生成认证结果,包括:确定接收到的身份标识与上述用户标识是否匹配;响应于确定接收到的身份标识与上述用户标识匹配,生成用于指示认证通过的认证结果。In some embodiments, the data request includes the user face data; the electronic device searches for the face data matching the user face data in the second face database, and the identity corresponding to the found face data is And the identifier is returned as the result of the request; and the generating the authentication result according to the foregoing request result, comprising: determining whether the received identity identifier matches the foregoing user identifier; and generating, in response to determining that the received identity identifier matches the user identifier, generating The certification result passed by the certification.
在一些实施例中,上述数据请求包括上述用户人脸数据和上述用户标识;上述电子设备在第二人脸数据库中,查找与上述用户标识匹配的身份标识,确定查找到的身份标识对应的人脸数据与上述用户人脸数据是否匹配,响应于确定查找到的身份标识对应的人脸数据与上述用户人脸数据匹配,将认证一致信息作为请求结果返回;以及上述根据上述请求结果,生成认证结果,包括:响应于接收到上述认证一致信息,生成用于指示认证通过的认证结果。In some embodiments, the data request includes the user face data and the user identifier; the electronic device searches for the identity identifier matching the user identifier in the second face database, and determines the person corresponding to the found identity identifier. Whether the face data matches the user face data, and in response to determining that the face data corresponding to the found identity identifier matches the user face data, the authentication consistency information is returned as a request result; and the foregoing generating the authentication according to the request result As a result, in response to receiving the above-described authentication matching information, an authentication result indicating that the authentication is passed is generated.
在一些实施例中,上述确定预先存储的第一人脸数据库是否包括与上述用户人脸数据匹配的人脸数据,包括:在上述第一人脸数据库中,查找与上述用户人脸数据匹配的人脸数据;以及上述方法还包括:响应于查找到与上述用户人脸数据匹配的人脸数据,确定查找到的人脸数据对应的身份标识与上述用户标识是否匹配;响应于确定查找到的人脸数据对应的身份标识与上述用户标识匹配,生成用于指示认证通过的认证结果。In some embodiments, determining whether the pre-stored first face database includes the face data matching the user face data includes: searching, in the first face database, the matching with the user face data. The method further includes: determining, in response to finding the face data that matches the user face data, whether the identity identifier corresponding to the found face data matches the user identifier; and determining the found The identity identifier corresponding to the face data matches the foregoing user identifier, and generates an authentication result indicating that the authentication is passed.
在一些实施例中,上述确定预先存储的第一人脸数据库是否包括与上述用户人脸数据匹配的人脸数据,包括:在上述第一人脸数据库中,查找与上述用户标识匹配的身份标识;响应于查找到与上述用户标识匹配的身份标识,确定查找到的身份标识对应的人脸数据与上述用户人脸数据是否匹配;以及上述方法还包括:响应于确定查找到的身份标识对应的人脸数据与上述用户人脸数据匹配,生成用于指示认证通过的认证结果。In some embodiments, determining whether the pre-stored first face database includes face data matching the user face data includes: searching, in the first face database, an identity that matches the user identifier. Determining whether the face data corresponding to the found identity identifier matches the user face data in response to finding the identity identifier that matches the user identifier; and the method further includes: responding to determining the corresponding identity identifier that is found The face data matches the user face data described above, and generates an authentication result indicating that the authentication is passed.
在一些实施例中,上述确定预先存储的第一人脸数据库是否包括与上述用户人脸数据匹配的人脸数据,还包括:根据上述用户人脸数据,确定上述用户人脸数据所指示的人脸是否是活体人脸;响应于确定上述用户人脸数据所指示的人脸不是活体人脸,生成用于指示认证不通过的认证结果。In some embodiments, determining whether the pre-stored first face database includes the face data matching the user face data, further comprising: determining, according to the user face data, the person indicated by the user face data Whether the face is a living human face; in response to determining that the face indicated by the user face data is not a living face, an authentication result indicating that the authentication fails is generated.
在一些实施例中,终端响应于接收到用于触发预定义操作的操作信息,获取上述用户人脸数据和上述用户标识,以及根据上述用户人脸数据和上述用户标识生成认证请求。In some embodiments, the terminal acquires the user face data and the user identifier, and generates an authentication request according to the user face data and the user identifier, in response to receiving operation information for triggering a predefined operation.
在一些实施例中,上述终端响应于获取到用于指示认证通过的认证结果,执行上述预定义操作。In some embodiments, the terminal performs the above predefined operation in response to obtaining an authentication result indicating that the authentication is passed.
第二方面,本申请实施例提供了一种认证装置,该装置包括:获取单元,被配置成获取认证请求,其中,上述认证请求包括用户人脸数据和用户标识;确定单元,被配置成确定预先存储的第一人脸数据库是否包括与上述用户人脸数据匹配的人脸数据,其中,人脸数据库包括人脸数据和与人脸数据对应的身份标识;第一生成单元,被配置成响应于确定上述第一人脸数据库不包括与上述用户人脸数据匹配的人脸数据,生成以及向预先确定的电子设备发送数据请求,其中,上述数据请求包括上述用户人脸数据和/或上述用户标识,上述电子设备基于上述数据请求和预先存储的第二人脸数据库,生成以及返回请求结果,其中,上述第二人脸数据库与上述第一人脸数据库之间相互隔离;第二生成单元,被配置成根据上述请求结果,生成认证结果,其中,上述认证结果用于指示认证通过或者认证不通过。In a second aspect, the embodiment of the present application provides an authentication apparatus, where the apparatus includes: an obtaining unit configured to acquire an authentication request, where the authentication request includes user face data and a user identifier; and the determining unit is configured to determine Whether the pre-stored first face database includes face data matching the user face data, wherein the face database includes face data and an identity corresponding to the face data; the first generating unit is configured to respond Determining that the first face database does not include face data matching the user face data, generating and transmitting a data request to the predetermined electronic device, wherein the data request includes the user face data and/or the user The identifier, the electronic device generates and returns a request result based on the data request and the pre-stored second face database, wherein the second face database and the first face database are isolated from each other; and the second generating unit, Is configured to generate an authentication result according to the result of the request, wherein the above recognition The result of the certificate is used to indicate that the certification has passed or the certification has not passed.
第三方面,本申请实施例提供了一种电子设备,该电子设备包括:一个或多个处理器;存储装置,用于存储一个或多个程序,当上述一个或多个程序被上述一个或多个处理器执行时,使得上述一个或多个处理器实现如第一方面中任一实现方式描述的方法。In a third aspect, an embodiment of the present application provides an electronic device, where the electronic device includes: one or more processors; and a storage device, configured to store one or more programs, when the one or more programs are When executed by a plurality of processors, the one or more processors described above are implemented as described in any one of the first aspects.
第四方面,本申请实施例提供了一种计算机可读介质,其上存储有计算机程序,其中,该计算机程序被处理器执行时实现如第一方面中任一实现方式描述的方法。In a fourth aspect, an embodiment of the present application provides a computer readable medium having stored thereon a computer program, wherein the computer program is executed by a processor to implement the method as described in any one of the first aspects.
本申请实施例提供的认证方法,通过首先上述执行主体确定第一 人脸数据库是否包括与用户人脸数据匹配的人脸数据;如果不包括,则向预先确定的电子设备发送数据请求,上述电子设备利用第二人脸数据库返回请求结果;上述执行主体再根据请求结果生成认证结果,可以在第一人脸数据库的人脸数据缺少人脸数据的情况下,调用其它民事主体的第二人脸数据库,进行认证支持,提供了新的人脸识别认证方式。The authentication method provided by the embodiment of the present application determines whether the first face database includes face data matching the user face data by using the execution body first; if not, sending a data request to the predetermined electronic device, the electronic The device returns the request result by using the second face database; the execution body further generates an authentication result according to the request result, and may invoke the second face of the other civil subject if the face data of the first face database lacks face data. The database, for authentication support, provides a new face recognition authentication method.
附图说明DRAWINGS
通过阅读参照以下附图所作的对非限制性实施例所作的详细描述,本申请的其它特征、目的和优点将会变得更明显:Other features, objects, and advantages of the present application will become more apparent from the detailed description of the accompanying drawings.
图1是本申请可以应用于其中的示例性系统架构图;1 is an exemplary system architecture diagram to which the present application can be applied;
图2是根据本申请的认证方法的一个实施例的流程图;2 is a flow chart of one embodiment of an authentication method in accordance with the present application;
图3A是根据本申请的第一人脸数据库和第二人脸数据库的示例性关系示意图;3A is a schematic diagram showing an exemplary relationship between a first face database and a second face database according to the present application;
图3B是根据本申请的第一人脸数据库和第二人脸数据库的示例性关系示意图;3B is a schematic diagram showing an exemplary relationship between a first face database and a second face database according to the present application;
图3C是根据本申请的第一人脸数据库和第二人脸数据库的示例性关系示意图;3C is a schematic diagram showing an exemplary relationship between a first face database and a second face database according to the present application;
图4是根据本申请的认证方法的一个应用场景的示意图;4 is a schematic diagram of an application scenario of an authentication method according to the present application;
图5是根据本申请的认证方法的另一个应用场景的示意图;FIG. 5 is a schematic diagram of another application scenario of an authentication method according to the present application; FIG.
图6是根据本申请的认证方法的又一个实施例的流程图;6 is a flow chart of still another embodiment of an authentication method in accordance with the present application;
图7是根据本申请的认证方法的又一个实施例的流程图;7 is a flow chart of still another embodiment of an authentication method in accordance with the present application;
图8是根据本申请的认证方法的又一个实施例的流程图;8 is a flow chart of still another embodiment of an authentication method in accordance with the present application;
图9是根据本申请的认证方法的又一个实施例的流程图;9 is a flow chart of still another embodiment of an authentication method in accordance with the present application;
图10是根据本申请的认证方法的又一个实施例的流程图;10 is a flow chart of still another embodiment of an authentication method in accordance with the present application;
图11是适于用来实现本申请实施例的终端设备或服务器的计算机系统的结构示意图。11 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server of an embodiment of the present application.
具体实施方式detailed description
下面结合附图和实施例对本申请作进一步的详细说明。可以理解 的是,此处所描述的具体实施例仅仅用于解释相关发明,而非对该发明的限定。另外还需要说明的是,为了便于描述,附图中仅示出了与有关发明相关的部分。The present application will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention, rather than the invention. It is also to be noted that, for the convenience of description, only the parts related to the related invention are shown in the drawings.
需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。下面将参考附图并结合实施例来详细说明本申请。It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The present application will be described in detail below with reference to the accompanying drawings.
图1示出了可以应用本申请的认证方法的实施例的示例性系统架构100。FIG. 1 illustrates an exemplary system architecture 100 in which an embodiment of an authentication method of the present application may be applied.
如图1所示,系统架构100可以包括终端设备101、网络102、第一服务器103和第二服务器104。网络102用以在终端设备101、第一服务器103和第二服务器104之间提供通信链路的介质。网络102可以包括各种连接类型,例如有线、无线通信链路或者光纤电缆等等。As shown in FIG. 1, the system architecture 100 can include a terminal device 101, a network 102, a first server 103, and a second server 104. The network 102 is used to provide a medium for a communication link between the terminal device 101, the first server 103, and the second server 104. Network 102 can include a variety of connection types, such as wired, wireless communication links, fiber optic cables, and the like.
用户可以使用终端设备101可以通过网络102与第一服务器103或第二服务器104交互,以接收或发送消息等。终端设备101上可以安装有各种通讯客户端应用,例如支付类应用、网页浏览器应用、购物类应用、搜索类应用、即时通信工具、邮箱客户端、社交平台软件等。The user can use the terminal device 101 to interact with the first server 103 or the second server 104 via the network 102 to receive or send a message or the like. The terminal device 101 can be installed with various communication client applications, such as a payment application, a web browser application, a shopping application, a search application, an instant communication tool, a mailbox client, a social platform software, and the like.
终端设备101可以是硬件,也可以是软件。当终端设备101为硬件时,可以是具有图像采集功能的各种电子设备,包括但不限于智能手机、平板电脑、电子书阅读器、MP3播放器(Moving Picture Experts Group Audio Layer III,动态影像专家压缩标准音频层面3)、MP4(Moving Picture Experts Group Audio Layer IV,动态影像专家压缩标准音频层面4)播放器、膝上型便携计算机和台式计算机等等。当终端设备101为软件时,可以安装在上述所列举的电子设备中。其可以实现成多个软件或软件模块(例如用来提供分布式服务),也可以实现成单个软件或软件模块。在此不做具体限定。The terminal device 101 may be hardware or software. When the terminal device 101 is hardware, it may be various electronic devices with image capturing functions, including but not limited to smart phones, tablets, e-book readers, MP3 players (Moving Picture Experts Group Audio Layer III, motion picture experts) Compress standard audio level 3), MP4 (Moving Picture Experts Group Audio Layer IV) player, laptop portable computer and desktop computer, etc. When the terminal device 101 is software, it can be installed in the above-listed electronic devices. It can be implemented as a plurality of software or software modules (for example to provide distributed services) or as a single software or software module. This is not specifically limited.
第一服务器103可以是提供各种服务的服务器,例如对终端设备101上安装的应用提供支持的后台服务器。后台服务器可以对接收到的认证请求等数据进行分析等处理,并将处理结果(例如认证结果)反馈给终端设备。The first server 103 may be a server that provides various services, such as a background server that provides support for applications installed on the terminal device 101. The background server may perform processing such as analyzing the received authentication request and the like, and feed back the processing result (for example, the authentication result) to the terminal device.
第二服务器104可以是提供各种服务的服务器,例如对第一服务器103的认证功能提供支持的后台服务器。后台服务器可以对接收到的数据请求等数据进行分析等处理,并将处理结果(例如请求结果)反馈给第一服务器103。The second server 104 may be a server that provides various services, such as a background server that provides support for the authentication function of the first server 103. The background server may perform processing such as analyzing data such as the received data request, and feed back the processing result (for example, the result of the request) to the first server 103.
第一服务器器或第二服务器均为服务器,可以响应于用户的服务请求而提供服务。可以理解,一个服务器可以提供一种或多种服务,同一种服务也可以由多个服务器来提供。The first server or the second server is a server that can provide services in response to a user's service request. It can be understood that one server can provide one or more services, and the same service can also be provided by multiple servers.
需要说明的是,本申请实施例所提供的认证方法可以由第一服务器103或终端设备101执行,相应地,认证装置可以设置于第一服务器103或终端设备101中。It should be noted that the authentication method provided by the embodiment of the present application may be performed by the first server 103 or the terminal device 101. Accordingly, the authentication device may be disposed in the first server 103 or the terminal device 101.
需要说明的是,第一服务器103、第二服务器104可以是硬件,也可以是软件。当第一服务器103、第二服务器104为硬件时,可以实现成多个服务器组成的分布式服务器集群,也可以实现成单个服务器。当上述第一服务器103、第二服务器104为软件时,可以实现成多个软件或软件模块(例如用来提供分布式服务),也可以实现成单个软件或软件模块。在此不做具体限定。It should be noted that the first server 103 and the second server 104 may be hardware or software. When the first server 103 and the second server 104 are hardware, a distributed server cluster composed of a plurality of servers may be implemented, or may be implemented as a single server. When the first server 103 and the second server 104 are software, they may be implemented as multiple software or software modules (for example, to provide distributed services), or may be implemented as a single software or software module. This is not specifically limited.
应该理解,图1中的终端设备、网络、第一服务器和第二服务器的数目仅仅是示意性的。根据实现需要,可以具有任意数目的终端设备、网络、第一服务器和第二服务器。It should be understood that the number of terminal devices, networks, first servers, and second servers in FIG. 1 are merely illustrative. Depending on the implementation needs, there may be any number of terminal devices, networks, first servers, and second servers.
请参考图2,其示出了认证方法的一个实施例的流程200。本实施例主要以该方法应用于有一定运算能力的电子设备中来举例说明,该电子设备可以是图1示出的第一服务器103,也可以是图1示出的终端设备101。该认证方法,包括以下步骤:Referring to Figure 2, a flow 200 of one embodiment of an authentication method is illustrated. This embodiment is mainly illustrated by the method being applied to an electronic device having a certain computing capability. The electronic device may be the first server 103 shown in FIG. 1 or the terminal device 101 shown in FIG. The authentication method includes the following steps:
步骤201,获取认证请求。Step 201: Acquire an authentication request.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务器)可以获取认证请求。In the present embodiment, an execution body of the authentication method (for example, the first server shown in FIG. 1) can acquire an authentication request.
可选的,如果上述执行主体为第一服务器,第一服务器可以通过有线连接方式或者无线连接方式从用户使用的终端接收认证请求,然后存储认证请求,再从本地获取认证请求。Optionally, if the execution entity is the first server, the first server may receive the authentication request from the terminal used by the user by using a wired connection manner or a wireless connection manner, and then store the authentication request, and then obtain the authentication request locally.
可选的,如果上述执行主体为终端,上述终端可以生成认证请求,相当于获取认证请求。Optionally, if the foregoing execution entity is a terminal, the terminal may generate an authentication request, which is equivalent to obtaining an authentication request.
在本实施例中,上述认证请求可以包括用户人脸数据和用户标识。In this embodiment, the foregoing authentication request may include user face data and a user identifier.
在本实施例中,用户人脸数据可以能够指示用户的人脸特征的数据。作为示例,用户人脸数据可以包括但不限于以下至少一项:用户的人脸图像和从用户的人脸图像提取出的图像特征(feature map)。In this embodiment, the user face data may be capable of indicating data of the user's face features. As an example, the user face data may include, but is not limited to, at least one of: a face image of the user and a feature map extracted from the face image of the user.
在本实施例中,用户标识可以是用于指示用户人脸数据的采集对象的标识。作为示例,用户标识可以包括但不限于以下至少一项:为用户人脸数据分配的标识、用户的身份证号码、用户所使用的终端的终端标识和用户的电话号码。需要说明的是,用户标识可能指示上述采集对象的身份,也可能不指示上述采集对象的身份。In this embodiment, the user identifier may be an identifier of an collection object for indicating user face data. As an example, the user identification may include, but is not limited to, at least one of the following: an identification assigned to the user's face data, an identification number of the user, a terminal identification of the terminal used by the user, and a telephone number of the user. It should be noted that the user identifier may indicate the identity of the foregoing collection object, or may not indicate the identity of the collection object.
在本实施例的一些可选的实现方式中,如果上述用户标识指示上述采集对象的身份,上述认证请求可以用于请求认证以下事项:上述用户人脸数据的采集对象,与上述用户标识所指示的对象,是否一致。In some optional implementation manners of the embodiment, if the user identifier indicates the identity of the collection object, the authentication request may be used to request authentication: the collection object of the user face data is instructed by the user identifier. The object is consistent.
在本实施例的一些可选的实现方式中,如果上述用户标识不指示上述采集对象的身份,上述认证请求还可以用于请求认证以下事项:上述用户人脸数据的采集对象,是否可以通过认证(具有通过权限)。In some optional implementation manners of the embodiment, if the user identifier does not indicate the identity of the collection object, the authentication request may be used to request the following items: whether the object of the user face data can be authenticated. (has passed permissions).
作为示例,在闸机放行这一应用场景中,终端可以采集待识别人物的用户人脸数据。这时,终端并不知晓待识别人物的身份,在这种情况下,终端可以为采集到的用户人脸数据分配用户标识。作为示例,用户标识可以是一串数字,用来标识采集到的用户人脸数据。终端可以将用户人脸数据发送到第一服务器。第一服务器中存储有可放行名单,可放行名单包括可放行身份标识。第一服务器可以通过第一人脸数据库确定与用户人脸数据对应的用户身份标识,或者,接收第二服务器返回的与用户人脸数据对应的用户身份标识。再后,第一服务器可以确定与用户人脸数据对应的用户身份标识是否在可放行名单中。最后,如果与用户人脸数据对应的用户身份标识在可放行名单中,那么第一服务器可以生成用于指示认证通过的认证结果。如果与用户人脸数据对应的用户身份标识不在可放行名单中,那么第一服务器可以生成用于指示认证不通过的认证结果。As an example, in the application scenario where the gate is released, the terminal can collect the user face data of the person to be identified. At this time, the terminal does not know the identity of the person to be identified, in which case the terminal can assign the user identifier to the collected user face data. As an example, the user identification can be a string of numbers used to identify the collected user face data. The terminal can send the user face data to the first server. The first server stores a release list, and the release list includes a releaseable identity. The first server may determine the user identity corresponding to the user face data through the first face database, or receive the user identity corresponding to the user face data returned by the second server. Then, the first server may determine whether the user identity corresponding to the user face data is in the release list. Finally, if the user identity corresponding to the user face data is in the playable list, the first server may generate an authentication result indicating that the authentication is passed. If the user identity corresponding to the user face data is not in the release list, the first server may generate an authentication result indicating that the authentication fails.
在本实施例的一些可选的实现方式中,终端可以接收用于触发预定义操作的操作信息。然后,上述终端可以响应于接收到上述操作信息,获取用户人脸数据和用户标识。再后,上述终端可以根据上述用户人脸数据和上述用户标识生成认证请求。In some optional implementation manners of this embodiment, the terminal may receive operation information for triggering a predefined operation. Then, the terminal may acquire the user face data and the user identifier in response to receiving the operation information. Then, the terminal may generate an authentication request according to the user face data and the user identifier.
作为示例,上述预定义操作可以包括但不限于以下至少一项:登录操作和支付操作。As an example, the above predefined operations may include, but are not limited to, at least one of the following: a login operation and a payment operation.
步骤202,确定预先存储的第一人脸数据库是否包括与用户人脸数据匹配的人脸数据。Step 202: Determine whether the pre-stored first face database includes face data matching the user face data.
在本实施例中,基于上述执行主体(例如图1所示的第一服务器)可以确定预先存储的第一人脸数据库是否包括与上述人脸数据匹配的人脸数据。In the present embodiment, based on the above-described execution subject (for example, the first server shown in FIG. 1), it can be determined whether the pre-stored first face database includes face data matching the above-described face data.
在本实施例中,人脸数据库可以包括人脸数据和与人脸数据对应的身份标识。作为示例,人脸数据可以包括但不限于以下至少一项:人脸图像和从人脸图像提取出的图像特征。身份标识可以包括但不限于以下至少一项:身份证号、终端标识和电话号码。In this embodiment, the face database may include face data and an identity corresponding to the face data. As an example, the face data may include, but is not limited to, at least one of the following: a face image and an image feature extracted from the face image. The identity may include, but is not limited to, at least one of the following: an identification number, a terminal identification, and a telephone number.
在本实施例中,确定用户人脸数据与人脸数据库中的人脸数据是否匹配,可以通过计算用户人脸数据与人脸数据库中的人脸数据之间的相似度实现。如何计算人脸数据之间的相似度,可以参考人脸识别技术中的计算方法,在此不再赘述。In this embodiment, determining whether the user face data matches the face data in the face database can be implemented by calculating the similarity between the user face data and the face data in the face database. For how to calculate the similarity between the face data, refer to the calculation method in the face recognition technology, and details are not described herein again.
在本实施例的一些可选的实现方式中,步骤202可以包括:根据上述用户人脸数据,确定上述用户人脸数据所指示的人脸是否是活体人脸;响应于确定上述用户人脸数据所指示的人脸不是活体人脸,生成用于指示认证不通过的认证结果。In some optional implementation manners of the embodiment, the step 202 may include: determining, according to the user face data, whether the face indicated by the user face data is a living face; and determining the user face data in response to determining The indicated face is not a living face, and an authentication result indicating that the authentication is not passed is generated.
需要说明的是,正常情况下,上述用户人脸数据所指示的人脸是活体人脸,换句话说,终端采集用户人脸数据的对象,为活体人脸。但是,可能存在非正常情况,比如非法用户想要用其它人的人脸图像(例如照片)或三维人脸模型,冒充合法用户进行操作,这时,上述用户人脸数据所指示的人脸不是活体人脸。如果确定上述用户人脸数据所指示的人脸不是活体人脸,则属于非正常情况,这时,可以生成用于指示认证不通过的认证结果。It should be noted that, under normal circumstances, the face indicated by the user face data is a living face, in other words, the terminal collects the object of the user face data as a living face. However, there may be abnormal situations. For example, an illegal user wants to use another person's face image (such as a photo) or a three-dimensional face model to impersonate a legitimate user to operate. In this case, the face indicated by the user face data is not Living face. If it is determined that the face indicated by the user face data is not a living face, it is an abnormal situation. At this time, an authentication result indicating that the authentication is not passed may be generated.
可选的,如何根据上述用户人脸数据,确定上述用户人脸数据所指示的人脸是否是活体人脸,可以利用以下方式实现:预先确定一些特征,针对这些特征,总结活体人脸的特征参数和非活体人脸的特征参数。分析用户人脸数据的特征参数,然后与活体人脸的特征参数和非活体人脸的特征参数进行比对,确定用户人脸数据指示的人脸是否是活体人脸。上述特征可以包括但不限于以下至少一项:颜色特征、纹理特征、二维形状特征、二维空间关系特征、三维形状特征、三维空间关系特征、脸型特征、五官的形状特征、五官的位置及比例特征。Optionally, how to determine whether the face indicated by the user face data is a living face according to the user face data, may be implemented by: predetermining some features, and summarizing the characteristics of the living face for these features. Parameters and characteristic parameters of non-living faces. The feature parameters of the user face data are analyzed, and then compared with the feature parameters of the living face and the feature parameters of the non-living face to determine whether the face indicated by the user face data is a living face. The above features may include, but are not limited to, at least one of the following: color features, texture features, two-dimensional shape features, two-dimensional spatial relationship features, three-dimensional shape features, three-dimensional spatial relationship features, face features, facial features, facial features, and Proportional characteristics.
需要说明的是,在将用户人脸数据与人脸数据库中的人脸数据进行比对前,预先检测用户人脸数据所指示的人脸是否是活体人脸,既可以避免非法用户冒充合法用户,提高认证的有效性,还可以通过减少人脸数据比对的计算量,节约计算资源。It should be noted that before the user face data is compared with the face data in the face database, it is detected in advance whether the face indicated by the user face data is a living face, and the illegal user can be prevented from impersonating the legitimate user. To improve the effectiveness of authentication, it is also possible to save computing resources by reducing the amount of calculation of face data comparison.
步骤203,响应于确定第一人脸数据库不包括与用户人脸数据匹配的人脸数据,生成以及向预先确定的电子设备发送数据请求。 Step 203, in response to determining that the first face database does not include face data matching the user face data, generating and transmitting a data request to the predetermined electronic device.
在本实施例中,基于上述执行主体(例如图1所示的第一服务器)可以响应于确定上述第一人脸数据库不包括与上述用户人脸数据匹配的人脸数据,生成以及向预先确定的电子设备(例如图1所示的第二服务器)发送数据请求。In this embodiment, based on the execution body (for example, the first server shown in FIG. 1), in response to determining that the first face database does not include face data matching the user face data, generating and predetermining The electronic device (such as the second server shown in Figure 1) sends a data request.
在本实施例中,上述数据请求可以用于请求数据。上述数据请求可以包括用户人脸数据和/或用户标识。In this embodiment, the above data request can be used to request data. The above data request may include user face data and/or user identification.
在本实施例中,可以在上述执行主体中预先存储关联信息,关联信息可以指示:与上述执行主体具有关联关系的电子设备的电子设备标识。上述执行主体可以通过获取关联信息,得知预先确定的电子设备。In this embodiment, the association information may be pre-stored in the execution entity, and the association information may indicate an electronic device identifier of the electronic device having an association relationship with the execution entity. The above-mentioned execution entity can learn the predetermined electronic device by acquiring the associated information.
在本实施例中,上述电子设备可以基于上述数据请求和预先存储的第二人脸数据库,生成以及返回请求结果。In this embodiment, the electronic device may generate and return a request result based on the data request and the pre-stored second face database.
需要说明的是,上述电子设备(例如图1所示的第二服务器)与上述执行主体(例如图1所示的第一服务器),可以是电子设备,也可以是不同电子设备。It should be noted that the electronic device (for example, the second server shown in FIG. 1) and the execution body (for example, the first server shown in FIG. 1) may be electronic devices or different electronic devices.
需要说明的是,本申请中的第一人脸数据库和第二人脸数据库, 均为人脸数据库。如上文对人脸数据库的定义,第一人脸数据库和第二人脸数据库均可以包括人脸数据和与人脸数据对应的身份标识。但是,第一人脸数据库和第二人脸数据库之间相互隔离。第一人脸数据库和第二人脸数据库之间的相互隔离,至少可以体现在以下方面:It should be noted that the first face database and the second face database in the present application are both face databases. As defined above for the face database, both the first face database and the second face database may include face data and an identity corresponding to the face data. However, the first face database and the second face database are isolated from each other. The isolation between the first face database and the second face database can be at least reflected in the following aspects:
第一,使用过程相互独立。利用第一人脸数据库进行人脸识别,与利用第二人脸数据库进行人脸识别,是两个相互独立的使用过程,互不干扰。First, the process of use is independent of each other. Face recognition using the first face database and face recognition using the second face database are two independent use processes that do not interfere with each other.
第二,所包含的人脸数据不同。Second, the included face data is different.
作为示例,请参考图3A、3B和3C。可以将第一人脸数据库中的人脸数据组成的集合称为第一人脸数据集合301。可以将第二人脸数据库中的人脸数据组成的集合称为第二人脸数据集合302。图3A示出了第一人脸数据集合和第二人脸数据集合的一种示例性关系(也可以说是第一人脸数据库和第二人脸数据库之间的示例性关系),即第一人脸数据集合和第二人脸数据集合的交集为空集。图3B示出了第一人脸数据集合和第二人脸数据集合的另一种示例性关系,即第一人脸数据集合和第二人脸数据集合的交集不为空,并且,不为第一人脸数据集合。图3C示出了第一人脸数据集合和第二人脸数据集合的再一种示例性关系,即第一人脸数据集合和第二人脸数据集合的交集为第一人脸数据集合。As an example, please refer to Figures 3A, 3B and 3C. A set of face data in the first face database may be referred to as a first face data set 301. A set of face data in the second face database may be referred to as a second face data set 302. FIG. 3A illustrates an exemplary relationship between the first face data set and the second face data set (which may also be said to be an exemplary relationship between the first face database and the second face database), ie, The intersection of a face data set and a second face data set is an empty set. FIG. 3B illustrates another exemplary relationship between the first face data set and the second face data set, that is, the intersection of the first face data set and the second face data set is not empty, and is not The first face data collection. FIG. 3C illustrates still another exemplary relationship of the first face data set and the second face data set, that is, the intersection of the first face data set and the second face data set is the first face data set.
第三,所属的民事主体不同。Third, the civil subject is different.
一般情况下,民事主体又可以称为“民事法律关系主体”。民事主体可以是参加民事法律关系享受权利和承担义务的人,能够作为民事主体的有公民(自然人)和法人。可以理解,人脸数据库的所有权可以归属于民事主体。Under normal circumstances, civil subjects can also be called "the subject of civil legal relations." The civil subject may be a person who enjoys the rights and obligations under the civil legal relationship, and can be a civil subject with citizens (natural persons) and legal persons. It can be understood that the ownership of the face database can be attributed to the civil subject.
在本实施例中,第一人脸数据库和第二人脸数据库可以分别属于不同的民事主体。作为示例,第一人脸数据库和第二人脸数据库分别属于不同的民事主体,可以是第一人脸数据库的所有权和第二人脸数据库的所有权分别属于不同的民事主体;还可以是第一人脸数据库的使用权和第二人脸数据库的使用权分别属于不同的民事主体。In this embodiment, the first face database and the second face database may belong to different civil subjects respectively. As an example, the first face database and the second face database belong to different civil subjects, respectively, and the ownership of the first face database and the ownership of the second face database belong to different civil subjects respectively; The right to use the face database and the right to use the second face database belong to different civil subjects.
例如,第一人脸数据库可以属于A公司,第二人脸数据库可以属 于B公司。再例如,第一人脸数据库可以属于A公司,第二人脸数据库可以属于公安机关,需要注意的是,当公安机关向民事主体开放人脸数据库(或者说提供使用接口),参与民事活动时,公安机关可以被认为是民事主体。For example, the first face database may belong to company A, and the second face database may belong to company B. For another example, the first face database may belong to company A, and the second face database may belong to a public security organ. It should be noted that when the public security organ opens a face database (or provides an interface for use) to a civil subject, and participates in civil activities. Public security organs can be considered as civil subjects.
可选的,第四,存储的位置不同。第一人脸数据库可以存储于上述执行主体(例如图1中的第一服务器)。第二人脸数据库可以存储于上述电子设备(例如图1中的第二服务器)。Optionally, fourth, the storage location is different. The first face database may be stored in the above-described execution body (for example, the first server in FIG. 1). The second face database may be stored in the above electronic device (eg, the second server in FIG. 1).
步骤204,根据请求结果,生成认证结果。Step 204: Generate an authentication result according to the result of the request.
在本实施例中,基于上述执行主体(例如图1所示的第一服务器)可以根据上述电子设备返回的请求结果,生成认证结果。In this embodiment, the execution body (for example, the first server shown in FIG. 1) may generate an authentication result according to the result of the request returned by the electronic device.
在本实施例中,上述认证结果用于指示认证通过或者认证不通过。In this embodiment, the foregoing authentication result is used to indicate that the authentication is passed or the authentication is not passed.
在本实施例的一些可选的实现方式中,认证通过可以指:上述用户人脸数据的采集对象,与上述用户标识所指示的对象,一致。认证不通过可以指:上述用户人脸数据的采集对象,与上述用户标识所指示的对象,不一致。In some optional implementation manners of the embodiment, the authentication pass may be: the collection object of the user face data is consistent with the object indicated by the user identifier. The authentication failure may mean that the collection object of the user face data is inconsistent with the object indicated by the user identifier.
在本实施例的一些可选的实现方式中,认证通过可以指上述用户人脸数据的采集对象具有通过权限;认证不通过可以指上述用户人脸数据的采集对象不具有通过权限。In some optional implementation manners of the embodiment, the authentication object may refer to the collection object of the user face data having the permission of the user; the authentication failure may mean that the collection object of the user face data does not have the permission.
在本实施例的一些可选的实现方式中,在终端接收到用于触发预定义操作的操作信息的情况下,上述终端可以响应于获取到用于指示认证通过的认证结果,可以执行预定义操作。In some optional implementation manners of this embodiment, in a case that the terminal receives the operation information for triggering the predefined operation, the terminal may perform the predefined in response to acquiring the authentication result for indicating the authentication pass. operating.
例如,上述操作信息可以触发登录操作,上述终端在接收到用于指示认证通过的认证结果的时候,执行登录操作。再例如,上述操作信息可以触发支付操作,上述终端在接收到用于指示认证通过的认证结果的时候,执行支付操作。For example, the foregoing operation information may trigger a login operation, and the terminal performs a login operation when receiving an authentication result indicating that the authentication is passed. For another example, the operation information may trigger a payment operation, and the terminal performs a payment operation when receiving an authentication result indicating that the authentication is passed.
在本实施例的一些可选的实现方式中,如果上述执行主体为终端,终端可以自己生成认证结果,相当于获取认证结果。如果上述执行主体不是终端而是服务器,上述终端可以接收服务器返回的认证结果,以获取认证结果。In some optional implementation manners of the embodiment, if the execution entity is a terminal, the terminal may generate an authentication result by itself, which is equivalent to obtaining an authentication result. If the execution entity is not a terminal but a server, the terminal may receive an authentication result returned by the server to obtain an authentication result.
继续参见图4,图4是根据本实施例的认证方法的一个应用场景 的示意图。在图4的应用场景中:With continued reference to Fig. 4, Fig. 4 is a schematic diagram of an application scenario of the authentication method according to the present embodiment. In the application scenario of Figure 4:
终端401生成认证请求,然后将认证请求402发送至服务器403。The terminal 401 generates an authentication request and then transmits the authentication request 402 to the server 403.
服务器403可以获取认证请求402。 Server 403 can obtain authentication request 402.
服务器403可以确定预先存储的第一人脸数据库是否包括与上述用户人脸数据匹配的人脸数据。The server 403 may determine whether the pre-stored first face database includes face data that matches the user face data described above.
服务器403可以响应于确定上述第一人脸数据库不包括与上述用户人脸数据匹配的人脸数据,生成以及向预先确定的服务器404发送数据请求405。The server 403 may generate and send a data request 405 to the predetermined server 404 in response to determining that the first face database does not include face data that matches the user face data.
服务器404可以基于上述数据请求405和预先存储的第二人脸数据库,生成请求结果406,然后将请求结果406返回至服务器403。The server 404 can generate the request result 406 based on the data request 405 and the pre-stored second face database, and then return the request result 406 to the server 403.
服务器403可以根据上述请求结果406,生成认证结果407。The server 403 can generate an authentication result 407 according to the above request result 406.
服务器403可以将认证结果407发送至终端401。The server 403 can transmit the authentication result 407 to the terminal 401.
继续参见图5,图5是根据本实施例的认证方法的另一个应用场景的示意图。在图5的应用场景中:With continued reference to FIG. 5, FIG. 5 is a schematic diagram of another application scenario of the authentication method according to the present embodiment. In the application scenario of Figure 5:
终端501可以生成认证请求,相当于获取认证请求。The terminal 501 can generate an authentication request, which is equivalent to obtaining an authentication request.
终端501可以确定预先存储的第一人脸数据库是否包括与上述用户人脸数据匹配的人脸数据。The terminal 501 may determine whether the pre-stored first face database includes face data that matches the user face data described above.
终端501可以响应于确定上述第一人脸数据库不包括与上述用户人脸数据匹配的人脸数据,生成数据请求502。然后,终端501向预先确定的服务器503发送数据请求502。The terminal 501 may generate a data request 502 in response to determining that the first face database does not include face data that matches the user face data. Terminal 501 then sends a data request 502 to predetermined server 503.
服务器503可以基于上述数据请求502和预先存储的第二人脸数据库,生成请求结果504,然后将请求结果504返回至终端501。The server 503 can generate the request result 504 based on the data request 502 and the pre-stored second face database, and then return the request result 504 to the terminal 501.
终端501可以根据上述请求结果504,生成认证结果。The terminal 501 can generate an authentication result according to the above request result 504.
本申请的上述实施例提供的方法通过首先上述执行主体确定第一人脸数据库是否包括与用户人脸数据匹配的人脸数据;如果不包括,则向预先确定的电子设备发送数据请求,上述电子设备利用第二人脸数据库返回请求结果;上述执行主体再根据请求结果生成认证结果,可以在第一人脸数据库的人脸数据缺少人脸数据的情况下,调用与第一人脸数据库隔离的第二人脸数据库,进行认证支持,技术效果至少包括:The method provided by the above embodiment of the present application first determines whether the first face database includes face data matching the user face data by the execution body; if not, sends a data request to the predetermined electronic device, the electronic The device returns the request result by using the second face database; the execution entity further generates an authentication result according to the request result, and may be indirectly separated from the first face database if the face data of the first face database lacks face data. The second face database is used for authentication support. The technical effects include at least:
第一,提供新的人脸识别认证方式。First, provide a new face recognition authentication method.
第二,减少采集存储人脸数据所耗费的计算资源。如果一个人脸数据库与其它人脸数据库建立了联合认证的合作关系,那么此人脸数据库可以减少人脸数据的采集存储量。从而,在人脸识别认证领域,通过联合认证这一机制,减少这一领域所耗费的计算资源,提高人脸识别认证的普及率。Second, reduce the computational resources required to collect and store face data. If a face database establishes a cooperative authentication relationship with other face databases, the face database can reduce the amount of face data collected and stored. Therefore, in the field of face recognition authentication, through the mechanism of joint authentication, the computational resources consumed in this field are reduced, and the popularity of face recognition authentication is improved.
可选的,如果一个民事主体与其它民事主体的人脸数据库建立了联合认证的合作关系,那么此当前民事主体可以减少自己的人脸数据库的采集存储量。进而,可以通过各个民事主体与其它民事主体建立联合认证的合作关系,可以减少人脸识别领域整体的人脸数据采集处理量。Optionally, if a civil subject establishes a cooperative relationship with the face database of other civil subjects, the current civil subject can reduce the collection and storage capacity of the face database. Furthermore, it is possible to establish a cooperative relationship of cooperation between each civil subject and other civil subjects, which can reduce the amount of face data collection and processing in the face recognition field as a whole.
第三,避免对用户重复采集人脸图像。人脸数据库的建立,需要采集用户的人脸图像。现有技术中,同一用户可能为众多人脸数据库的建立过程提供人脸图像,存在着用户需要向不同的人脸数据库重复提交个人信息(包括人脸图像)的问题。Third, avoid repeatedly collecting face images for users. The establishment of the face database requires the collection of the user's face image. In the prior art, the same user may provide a face image for the process of establishing a plurality of face databases, and there is a problem that the user needs to repeatedly submit personal information (including a face image) to different face databases.
在建立了联合认证的合作关系后,可以实现同一用户的人脸数据共享,不需要重复采集同一用户的人脸图像。从而,可以节省用户的时间。并且,减少人脸图像的采集存储机会,可以提高用户信息的安全性。After the cooperative relationship of the joint authentication is established, the face data sharing of the same user can be realized, and the face image of the same user does not need to be repeatedly collected. Thereby, the user's time can be saved. Moreover, reducing the collection and storage opportunities of the face image can improve the security of the user information.
进一步参考图6,其示出了认证方法的又一个实施例的流程600。该认证方法的流程600,包括以下步骤:With further reference to FIG. 6, a flow 600 of yet another embodiment of an authentication method is illustrated. The process 600 of the authentication method includes the following steps:
步骤601,获取认证请求。Step 601: Acquire an authentication request.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务器)可以获取认证请求。In the present embodiment, an execution body of the authentication method (for example, the first server shown in FIG. 1) can acquire an authentication request.
在本实施例中,上述认证请求可以包括用户人脸数据和用户标识。In this embodiment, the foregoing authentication request may include user face data and a user identifier.
步骤602,在第一人脸数据库中,查找与用户标识匹配的身份标识。Step 602: In the first face database, find an identity that matches the user identifier.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务器)可以在上述第一人脸数据库中,查找与上述用户标识匹配的身份 标识。In this embodiment, an execution body of the authentication method (for example, the first server shown in FIG. 1) may search for an identity identifier matching the user identifier in the first face database.
在本实施例中,上述用户标识可以指示用户的身份信息。In this embodiment, the user identifier may indicate identity information of the user.
在本实施例中,确定用户标识与身份标识是否匹配,可以通过以下方式实现:直接比对用户标识与身份标识是否一致;计算两者之间的相似度,相似度大于相似度阈值则确认匹配。In this embodiment, determining whether the user identifier and the identity identifier match may be implemented by: directly comparing whether the user identifier and the identity identifier are consistent; calculating a similarity between the two, and the similarity is greater than the similarity threshold to confirm the match. .
步骤603,响应于查找到与用户标识匹配的身份标识,确定查找到的身份标识对应的人脸数据与用户人脸数据是否匹配。Step 603: Determine, according to the identifier that matches the user identifier, whether the face data corresponding to the found identity identifier matches the user face data.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务器)可以响应于查找到与上述用户标识匹配的身份标识,确定查找到的身份标识对应的人脸数据与上述用户人脸数据是否匹配。In this embodiment, the execution entity of the authentication method (for example, the first server shown in FIG. 1) may determine the face data corresponding to the found identity identifier and the user in response to finding the identity identifier that matches the user identifier. Whether the face data matches.
在本实施例的一些可选的实现方式中,如果不匹配,可以生成用于指示认证不通过的信息,然后流程停止,步骤605、步骤606和步骤607不执行。In some optional implementation manners of this embodiment, if there is no match, information indicating that the authentication fails, and then the process stops, and steps 605, 606, and 607 are not performed.
步骤604,响应于确定查找到的身份标识对应的人脸数据与上述用户人脸数据匹配,生成用于指示认证通过的认证结果。 Step 604, in response to determining that the face data corresponding to the found identity identifier matches the user face data, generating an authentication result for indicating that the authentication is passed.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务器)可以响应于确定查找到的身份标识对应的人脸数据与上述用户人脸数据匹配,生成用于指示认证通过的认证结果。In this embodiment, the execution body of the authentication method (for example, the first server shown in FIG. 1) may generate, in response to determining that the face data corresponding to the found identity identifier matches the user face data, Certification results.
步骤605,响应于确定查找到的身份标识对应的人脸数据与上述用户人脸数据不匹配,确定第一人脸数据库不包括与用户人脸数据匹配的人脸数据。Step 605: In response to determining that the face data corresponding to the found identity identifier does not match the user face data, determine that the first face database does not include face data that matches the user face data.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务器)可以确定查找到的身份标识对应的人脸数据与上述用户人脸数据不匹配,生成用于指示认证不通过的认证结果。In this embodiment, the execution entity of the authentication method (for example, the first server shown in FIG. 1) may determine that the face data corresponding to the found identity does not match the user face data, and is generated to indicate that the authentication fails. Certification results.
步骤606,响应于确定第一人脸数据库不包括与用户人脸数据匹配的人脸数据,生成以及向预先确定的电子设备发送数据请求。 Step 606, in response to determining that the first face database does not include face data matching the user face data, generating and transmitting a data request to the predetermined electronic device.
在本实施例中,基于上述执行主体(例如图1所示的第一服务器)可以响应于确定上述第一人脸数据库不包括与上述用户人脸数据匹配的人脸数据,生成以及向预先确定的电子设备(例如图1所示的第二服务器)发送数据请求。In this embodiment, based on the execution body (for example, the first server shown in FIG. 1), in response to determining that the first face database does not include face data matching the user face data, generating and predetermining The electronic device (such as the second server shown in Figure 1) sends a data request.
步骤607,根据请求结果,生成认证结果。Step 607: Generate an authentication result according to the result of the request.
在本实施例中,基于上述执行主体(例如图1所示的第一服务器)可以根据上述电子设备返回的请求结果,生成认证结果。In this embodiment, the execution body (for example, the first server shown in FIG. 1) may generate an authentication result according to the result of the request returned by the electronic device.
在本实施例中步骤601、步骤606和步骤607的具体操作与图2所示的实施例中步骤201、步骤203和步骤204的操作基本相同,在此不再赘述。The specific operations of the step 601, the step 606, and the step 607 in the embodiment are substantially the same as the operations in the step 201, the step 203, and the step 204 in the embodiment shown in FIG. 2, and details are not described herein again.
从图6中可以看出,与图2对应的实施例相比,本实施例中的认证方法的流程600突出了以下方面:As can be seen from FIG. 6, the flow 600 of the authentication method in this embodiment highlights the following aspects compared to the embodiment corresponding to FIG. 2:
第一,在用户标识可以指示用户的身份信息的情况下,先在第一人脸数据库中查找与用户标识匹配的身份标识,再确定用户人脸数据与查找到的身份标识匹配的人脸数据,是否匹配。可以理解,查找身份标识的计算量小于人脸数据匹配的计算量。在可以确定用户身份的情况下,利用身份标识锁定第一人脸数据库中的目标人脸数据,确定目标人脸数据与用户人脸数据是否匹配,可以减少计算量。First, in the case that the user identifier can indicate the identity information of the user, first look up the identity identifier matching the user identifier in the first face database, and then determine the face data that matches the user face data with the found identity identifier. , whether it matches. It can be understood that the calculation amount of the search identity is smaller than the calculation amount of the face data match. In the case that the identity of the user can be determined, the target face data in the first face database is locked by the identity identifier, and it is determined whether the target face data matches the user face data, which can reduce the calculation amount.
第二,在第一用户人脸数据库确定目标人脸数据与用户人脸数据不匹配的情况下,向预先确定的电子设备发送数据请求。这一过程中,即使第一人脸数据库确定目标人脸数据与用户人脸数据不匹配,也不就此断定认证不通过,而是再利用第二人脸数据库进行进一步验证,提高了认证的准确率。Second, in a case where the first user face database determines that the target face data does not match the user face data, the data request is sent to the predetermined electronic device. In this process, even if the first face database determines that the target face data does not match the user face data, it does not conclude that the authentication fails, but uses the second face database for further verification, thereby improving the accuracy of the authentication. rate.
进一步参考图7,其示出了认证方法的又一个实施例的流程700。该认证方法的流程700,包括以下步骤:With further reference to FIG. 7, a flow 700 of yet another embodiment of an authentication method is illustrated. The process 700 of the authentication method includes the following steps:
步骤701,获取认证请求。Step 701: Acquire an authentication request.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务器)可以获取认证请求。In the present embodiment, an execution body of the authentication method (for example, the first server shown in FIG. 1) can acquire an authentication request.
在本实施例中,上述认证请求可以包括用户人脸数据和用户标识。In this embodiment, the foregoing authentication request may include user face data and a user identifier.
在本实施例中,上述用户标识可以不指示用户身份。In this embodiment, the user identifier may not indicate the identity of the user.
步骤702,在第一人脸数据库中,查找与用户人脸数据匹配的人脸数据。Step 702: In the first face database, look for face data that matches the user face data.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务 器)可以在第一人脸数据库中,查找与上述用户人脸数据匹配的人脸数据。In the present embodiment, the execution body of the authentication method (e.g., the first server shown in Fig. 1) can look up the face data matching the user face data in the first face database.
步骤703,响应于查找到与用户人脸数据匹配的人脸数据,确定查找到的人脸数据对应的身份标识与用户标识是否匹配。Step 703: Determine, according to the face data that matches the user face data, whether the identity identifier corresponding to the found face data matches the user identifier.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务器)可以响应于查找到与上述用户人脸数据匹配的人脸数据,确定查找到的人脸数据对应的身份标识与上述用户标识是否匹配。In this embodiment, the execution body of the authentication method (for example, the first server shown in FIG. 1) may determine the identity identifier corresponding to the found face data in response to finding the face data matching the user face data. Whether it matches the above user ID.
步骤704,响应于确定查找到的人脸数据对应的身份标识与用户标识匹配,生成用于指示认证通过的认证结果。Step 704: In response to determining that the identity identifier corresponding to the found face data matches the user identifier, generate an authentication result for indicating that the authentication is passed.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务器)可以响应于确定查找到的人脸数据对应的身份标识与上述用户标识匹配,生成用于指示认证通过的认证结果。In this embodiment, the execution body of the authentication method (for example, the first server shown in FIG. 1) may generate an authentication for indicating the passing of the authentication by determining that the identity identifier corresponding to the found face data matches the user identifier. result.
步骤705,响应于确定查找到的人脸数据对应的身份标识与用户标识不匹配,生成用于指示认证不通过的认证结果。Step 705: In response to determining that the identity identifier corresponding to the found face data does not match the user identifier, generate an authentication result indicating that the authentication fails.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务器)可以响应于确定查找到的人脸数据对应的身份标识与上述用户标识不匹配,生成用于指示认证不通过的认证结果。In this embodiment, the execution body of the authentication method (for example, the first server shown in FIG. 1) may generate, in response to determining that the identity identifier corresponding to the found face data does not match the foregoing user identifier, to generate an indication that the authentication fails. Certification results.
步骤706,响应于未查找到与用户人脸数据匹配的人脸数据,确定第一人脸数据库不包括与用户人脸数据匹配的人脸数据。 Step 706, in response to not finding the face data matching the user face data, determining that the first face database does not include face data matching the user face data.
在本实施例中,基于上述执行主体(例如图1所示的第一服务器)可以响应于未查找到与上述用户人脸数据匹配的人脸数据,确定第一人脸数据库不包括与用户人脸数据匹配的人脸数据。In this embodiment, based on the foregoing execution body (for example, the first server shown in FIG. 1), it may be determined that the first face database does not include the user person in response to not finding the face data matching the user face data. Face data matching face data.
步骤707,响应于确定第一人脸数据库不包括与用户人脸数据匹配的人脸数据,生成以及向预先确定的电子设备发送数据请求。 Step 707, in response to determining that the first face database does not include face data matching the user face data, generating and transmitting a data request to the predetermined electronic device.
在本实施例中,基于上述执行主体(例如图1所示的第一服务器)可以响应于确定上述第一人脸数据库不包括与上述用户人脸数据匹配的人脸数据,生成以及向预先确定的电子设备(例如图1所示的第二服务器)发送数据请求。In this embodiment, based on the execution body (for example, the first server shown in FIG. 1), in response to determining that the first face database does not include face data matching the user face data, generating and predetermining The electronic device (such as the second server shown in Figure 1) sends a data request.
步骤708,根据请求结果,生成认证结果。Step 708: Generate an authentication result according to the result of the request.
在本实施例中,基于上述执行主体(例如图1所示的第一服务器) 可以根据上述电子设备返回的请求结果,生成认证结果。In this embodiment, the execution body (for example, the first server shown in FIG. 1) may generate an authentication result according to the result of the request returned by the electronic device.
在本实施例中步骤701、步骤707和步骤708的具体操作与图2所示的实施例中步骤201、步骤203和步骤204的操作基本相同,在此不再赘述。The specific operations of step 701, step 707, and step 708 in the embodiment are substantially the same as those in step 201, step 203, and step 204 in the embodiment shown in FIG. 2, and details are not described herein again.
从图7中可以看出,与图2对应的实施例相比,本实施例中的认证方法的流程700突出了在用户标识不能指明用户身份的情况下,通过第一人脸数据库对用户人脸数据进行识别认证的步骤。由此,本实施例描述的方案可以实现更为全面的人脸识别认证。As can be seen from FIG. 7, compared with the embodiment corresponding to FIG. 2, the process 700 of the authentication method in this embodiment highlights that the user is accessed through the first face database if the user identity cannot indicate the identity of the user. The step of identifying and authenticating the face data. Thus, the solution described in this embodiment can implement more comprehensive face recognition authentication.
进一步参考图8,其示出了认证方法的又一个实施例的流程800。该认证方法的流程800,包括以下步骤:With further reference to FIG. 8, a flow 800 of yet another embodiment of an authentication method is illustrated. The process 800 of the authentication method includes the following steps:
步骤801,获取认证请求。Step 801: Acquire an authentication request.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务器)可以获取认证请求。In the present embodiment, an execution body of the authentication method (for example, the first server shown in FIG. 1) can acquire an authentication request.
步骤802,确定预先存储的第一人脸数据库是否包括与用户人脸数据匹配的人脸数据。Step 802: Determine whether the pre-stored first face database includes face data matching the user face data.
步骤803,响应于确定第一人脸数据库不包括与用户人脸数据匹配的人脸数据,生成以及向预先确定的电子设备发送用户标识。 Step 803, in response to determining that the first face database does not include face data matching the user face data, generating and transmitting the user identifier to the predetermined electronic device.
上述电子设备在第二人脸数据库中,查找与上述用户标识匹配的身份标识,将查找到的身份标识对应的人脸数据作为请求结果返回,上述第二人脸数据库包括人脸数据和与人脸数据对应的用户标识。The electronic device searches for the identity identifier matching the user identifier in the second face database, and returns the face data corresponding to the found identity identifier as a result of the request, where the second face database includes the face data and the person User ID corresponding to the face data.
步骤804,确定接收到的人脸数据与用户人脸数据是否匹配。Step 804: Determine whether the received face data matches the user face data.
步骤805,响应于接收到的人脸数据与用户人脸数据匹配,生成用于指示认证通过的认证结果。 Step 805, in response to the received face data matching the user face data, generating an authentication result indicating that the authentication is passed.
步骤806,响应于接收到的人脸数据与用户人脸数据不匹配,生成用于指示认证不通过的认证结果。 Step 806, in response to the received face data not matching the user face data, generating an authentication result indicating that the authentication fails.
从图8中可以看出,与图2对应的实施例相比,本实施例中的认证方法的流程800突出了上述执行主体向上述电子设备发送用户标识,从上述电子设备接收人脸数据,再由上述执行主体确认是否接收到的人脸数据与用户人脸数据是否匹配的步骤。由此,本实施例描述的方案可以提供更为全面的交互方式。It can be seen from FIG. 8 that the process 800 of the authentication method in this embodiment highlights that the execution entity sends a user identifier to the electronic device and receives face data from the electronic device, as compared with the embodiment corresponding to FIG. 2 . Then, the execution body confirms whether the received face data matches the user face data. Thus, the solution described in this embodiment can provide a more comprehensive interaction.
进一步参考图9,其示出了认证方法的又一个实施例的流程900。该认证方法的流程900,包括以下步骤:With further reference to FIG. 9, a flow 900 of yet another embodiment of an authentication method is illustrated. The process 900 of the authentication method includes the following steps:
步骤901,获取认证请求。In step 901, an authentication request is obtained.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务器)可以获取认证请求。In the present embodiment, an execution body of the authentication method (for example, the first server shown in FIG. 1) can acquire an authentication request.
步骤902,确定预先存储的第一人脸数据库是否包括与用户人脸数据匹配的人脸数据。Step 902: Determine whether the pre-stored first face database includes face data matching the user face data.
步骤903,响应于确定第一人脸数据库不包括与用户人脸数据匹配的人脸数据,生成以及向预先确定的电子设备发送用户人脸数据。 Step 903, in response to determining that the first face database does not include face data matching the user face data, generating and transmitting the user face data to the predetermined electronic device.
然后,上述电子设备在第二人脸数据库中,查找与上述用户人脸数据匹配的人脸数据,将查找到的人脸数据对应的身份标识作为请求结果返回。Then, the electronic device searches for the face data matching the user face data in the second face database, and returns the identity identifier corresponding to the found face data as a result of the request.
步骤904,确定接收到的身份标识与用户标识是否匹配。Step 904: Determine whether the received identity identifier matches the user identifier.
步骤905,响应于接收到的身份标识与用户标识匹配,生成用于指示认证通过的认证结果。Step 905: In response to the received identity identifier matching the user identifier, generate an authentication result indicating that the authentication is passed.
步骤906,响应于接收到的身份标识与用户标识不匹配,生成用于指示认证不通过的认证结果。Step 906: In response to the received identity identifier not matching the user identifier, generate an authentication result indicating that the authentication fails.
从图9中可以看出,与图2对应的实施例相比,本实施例中的认证方法的流程900突出了上述执行主体向上述电子设备发送用户人脸数据,从上述电子设备接收身份标识,再由上述执行主体确认是否接收到的身份标识与用户标识是否匹配的步骤。由此,本实施例描述的方案可以提供更为全面的交互方式。It can be seen from FIG. 9 that the flow 900 of the authentication method in this embodiment highlights that the execution entity sends user face data to the electronic device and receives an identity from the electronic device, as compared with the embodiment corresponding to FIG. 2 . And the step of confirming, by the above-mentioned execution entity, whether the received identity matches the user identifier. Thus, the solution described in this embodiment can provide a more comprehensive interaction.
进一步参考图10,其示出了认证方法的又一个实施例的流程1000。该认证方法的流程1000,包括以下步骤:With further reference to FIG. 10, a flow 1000 of yet another embodiment of an authentication method is illustrated. The process 1000 of the authentication method includes the following steps:
步骤1001,获取认证请求。Step 1001: Acquire an authentication request.
在本实施例中,认证方法的执行主体(例如图1所示的第一服务器)可以获取认证请求。In the present embodiment, an execution body of the authentication method (for example, the first server shown in FIG. 1) can acquire an authentication request.
步骤1002,确定预先存储的第一人脸数据库是否包括与用户人脸数据匹配的人脸数据。Step 1002: Determine whether the pre-stored first face database includes face data matching the user face data.
步骤1003,响应于确定第一人脸数据库不包括与用户人脸数据匹配的人脸数据,生成以及向预先确定的电子设备发送用户人脸数据和用户标识。 Step 1003, in response to determining that the first face database does not include face data matching the user face data, generating and transmitting the user face data and the user identifier to the predetermined electronic device.
在本实施例的一些可选的实现方式中,上述电子设备在第二人脸数据库中,查找与上述用户标识匹配的身份标识,确定查找到的身份标识对应的人脸数据与上述用户人脸数据是否匹配;响应于确定查找到的身份标识对应的人脸数据与上述用户人脸数据匹配,将认证一致信息作为请求结果返回;响应于确定查找到的身份标识对应的人脸数据与上述用户人脸数据不匹配,将认证不一致信息作为请求结果返回。In some optional implementation manners of the embodiment, the electronic device searches for the identity identifier that matches the user identifier in the second face database, and determines the face data corresponding to the found identity identifier and the user face. Whether the data matches; determining that the face data corresponding to the found identity matches the user face data, and returning the authentication consistency information as a result of the request; and responding to determining the face data corresponding to the found identity and the user The face data does not match, and the authentication inconsistency information is returned as the result of the request.
在本实施例的一些可选的实现方式中,上述电子设备在第二人脸数据库中,查找与上述用户人脸数据对应的人脸数据,确定查找到的人脸数据对应的身份标识与上述用户标识是否匹配;响应于确定查找的人脸数据对应的身份标识与上述用户标识匹配,将认证一致信息作为请求信息返回;响应于确定查找的人脸数据对应的身份标识与上述用户标识不匹配,将认证不一致信息作为请求信息返回。In some optional implementation manners of the embodiment, the electronic device searches for the face data corresponding to the user face data in the second face database, and determines the identity identifier corresponding to the found face data and the foregoing Whether the user identifier matches or not; in response to determining that the identity identifier corresponding to the searched face data matches the user identifier, the authentication consistency information is returned as the request information; and the identity identifier corresponding to the determined face data does not match the user identifier. , the authentication inconsistency information is returned as the request information.
步骤1004,响应于接收到认证一致信息,生成用于指示认证通过的认证结果。Step 1004: In response to receiving the authentication consistency information, generate an authentication result indicating that the authentication is passed.
步骤1005,响应于接收到认证不一致信息,生成用于指示认证不通过的认证结果。Step 1005: In response to receiving the authentication inconsistency information, generate an authentication result indicating that the authentication fails.
从图10中可以看出,与图2对应的实施例相比,本实施例中的认证方法的流程1000突出了上述执行主体向上述电子设备发送用户人脸数据和用户标识,从上述执行主体接收认证一致信息或认证不一致信息的步骤。由此,本实施例描述的方案可以主要由上述电子设备完成认证过程,解放上述执行主体。从而,上述执行主体可以处理更多的认证请求,提高认证效率。As can be seen from FIG. 10, compared with the embodiment corresponding to FIG. 2, the process 1000 of the authentication method in this embodiment highlights that the execution entity sends the user face data and the user identifier to the electronic device from the execution body. The step of receiving authentication conformance information or authentication inconsistency information. Therefore, the solution described in this embodiment can complete the authentication process mainly by the above electronic device, and liberate the above-mentioned execution subject. Therefore, the above-mentioned execution body can process more authentication requests and improve the authentication efficiency.
下面参考图11,其示出了适于用来实现本申请实施例的终端设备或服务器的计算机系统1100的结构示意图。图11示出的终端设备或服务器仅仅是一个示例,不应对本申请实施例的功能和使用范围带来任何限制。Referring now to Figure 11, a block diagram of a computer system 1100 suitable for use in implementing a terminal device or server of an embodiment of the present application is shown. The terminal device or server shown in FIG. 11 is merely an example, and should not impose any limitation on the function and scope of use of the embodiments of the present application.
如图11所示,计算机系统1100包括中央处理单元(CPU,Central  Processing Unit)1101,其可以根据存储在只读存储器(ROM,Read Only Memory)1102中的程序或者从存储部分1108加载到随机访问存储器(RAM,Random Access Memory)1103中的程序而执行各种适当的动作和处理。在RAM 1103中,还存储有系统1100操作所需的各种程序和数据。CPU 1101、ROM 1102以及RAM 1103通过总线1104彼此相连。输入/输出(I/O,Input/Output)接口1105也连接至总线1104。As shown in FIG. 11, the computer system 1100 includes a central processing unit (CPU) 1101, which can be loaded into random access according to a program stored in a read only memory (ROM) 1102 or from a storage portion 1108. Various appropriate operations and processes are executed by the program in the RAM (Random Access Memory) 1103. In the RAM 1103, various programs and data required for the operation of the system 1100 are also stored. The CPU 1101, the ROM 1102, and the RAM 1103 are connected to each other through a bus 1104. An input/output (I/O, Input/Output) interface 1105 is also coupled to bus 1104.
以下部件连接至I/O接口1105:包括键盘、鼠标等的输入部分1106;包括诸如阴极射线管(CRT,Cathode Ray Tube)、液晶显示器(LCD,Liquid Crystal Display)等以及扬声器等的输出部分1107;包括硬盘等的存储部分1108;以及包括诸如LAN(局域网,Local Area Network)卡、调制解调器等的网络接口卡的通信部分1109。通信部分1109经由诸如因特网的网络执行通信处理。驱动器1110也根据需要连接至I/O接口1105。可拆卸介质1111,诸如磁盘、光盘、磁光盘、半导体存储器等等,根据需要安装在驱动器1110上,以便于从其上读出的计算机程序根据需要被安装入存储部分1108。The following components are connected to the I/O interface 1105: an input portion 1106 including a keyboard, a mouse, etc.; an output portion 1107 including a cathode ray tube (CRT, a cathode crystal ray), a liquid crystal display (LCD), and the like, and a speaker or the like. A storage portion 1108 including a hard disk or the like; and a communication portion 1109 including a network interface card such as a LAN (Local Area Network) card, a modem, and the like. The communication section 1109 performs communication processing via a network such as the Internet. Driver 1110 is also connected to I/O interface 1105 as needed. A removable medium 1111 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory or the like is mounted on the drive 1110 as needed so that a computer program read therefrom is installed into the storage portion 1108 as needed.
特别地,根据本公开的实施例,上文参考流程图描述的过程可以被实现为计算机软件程序。例如,本公开的实施例包括一种计算机程序产品,其包括承载在计算机可读介质上的计算机程序,该计算机程序包含用于执行流程图所示的方法的程序代码。在这样的实施例中,该计算机程序可以通过通信部分1109从网络上被下载和安装,和/或从可拆卸介质1111被安装。在该计算机程序被中央处理单元(CPU)1101执行时,执行本申请的方法中限定的上述功能。需要说明的是,本申请上述的计算机可读介质可以是计算机可读信号介质或者计算机可读存储介质或者是上述两者的任意组合。计算机可读存储介质例如可以是——但不限于——电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。计算机可读存储介质的更具体的例子可以包括但不限于:具有一个或多个导线的电连接、便携式计算机磁盘、硬盘、随机访问存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑磁盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意 合适的组合。在本申请中,计算机可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。而在本申请中,计算机可读的信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了计算机可读的程序代码。这种传播的数据信号可以采用多种形式,包括但不限于电磁信号、光信号或上述的任意合适的组合。计算机可读的信号介质还可以是计算机可读存储介质以外的任何计算机可读介质,该计算机可读介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。计算机可读介质上包含的程序代码可以用任何适当的介质传输,包括但不限于:无线、电线、光缆、RF等等,或者上述的任意合适的组合。In particular, the processes described above with reference to the flowcharts may be implemented as a computer software program in accordance with an embodiment of the present disclosure. For example, an embodiment of the present disclosure includes a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for executing the method illustrated in the flowchart. In such an embodiment, the computer program can be downloaded and installed from the network via the communication portion 1109, and/or installed from the removable medium 1111. When the computer program is executed by the central processing unit (CPU) 1101, the above-described functions defined in the method of the present application are performed. It should be noted that the computer readable medium described above may be a computer readable signal medium or a computer readable storage medium or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the above. More specific examples of computer readable storage media may include, but are not limited to, electrical connections having one or more wires, portable computer disks, hard disks, random access memory (RAM), read only memory (ROM), erasable Programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain or store a program, which can be used by or in connection with an instruction execution system, apparatus or device. In the present application, a computer readable signal medium may include a data signal that is propagated in the baseband or as part of a carrier, carrying computer readable program code. Such propagated data signals can take a variety of forms including, but not limited to, electromagnetic signals, optical signals, or any suitable combination of the foregoing. The computer readable signal medium can also be any computer readable medium other than a computer readable storage medium, which can transmit, propagate, or transport a program for use by or in connection with the instruction execution system, apparatus, or device. . Program code embodied on a computer readable medium can be transmitted by any suitable medium, including but not limited to wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
可以以一种或多种程序设计语言或其组合来编写用于执行本申请的操作的计算机程序代码,上述程序设计语言包括面向对象的程序设计语言—诸如Java、Smalltalk、C++,还包括常规的过程式程序设计语言—诸如“C”语言或类似的程序设计语言。程序代码可以完全地在用户计算机上执行、部分地在用户计算机上执行、作为一个独立的软件包执行、部分在用户计算机上部分在远程计算机上执行、或者完全在远程计算机或服务器上执行。在涉及远程计算机的情形中,远程计算机可以通过任意种类的网络——包括局域网(LAN)或广域网(WAN)—连接到用户计算机,或者,可以连接到外部计算机(例如利用因特网服务提供商来通过因特网连接)。Computer program code for performing the operations of the present application may be written in one or more programming languages, or combinations thereof, including an object oriented programming language such as Java, Smalltalk, C++, and conventional Procedural programming language—such as the "C" language or a similar programming language. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer, partly on the remote computer, or entirely on the remote computer or server. In the case of a remote computer, the remote computer can be connected to the user's computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or can be connected to an external computer (eg, using an Internet service provider) Internet connection).
附图中的流程图和框图,图示了按照本申请各种实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段、或代码的一部分,该模块、程序段、或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个接连地表示的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组 合,可以用执行规定的功能或操作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flowchart and block diagrams in the Figures illustrate the architecture, functionality and operation of possible implementations of systems, methods and computer program products in accordance with various embodiments of the present application. In this regard, each block of the flowchart or block diagram can represent a module, a program segment, or a portion of code that includes one or more of the logic functions for implementing the specified. Executable instructions. It should also be noted that in some alternative implementations, the functions noted in the blocks may also occur in a different order than that illustrated in the drawings. For example, two successively represented blocks may in fact be executed substantially in parallel, and they may sometimes be executed in the reverse order, depending upon the functionality involved. It is also noted that each block of the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts, can be implemented in a dedicated hardware-based system that performs the specified function or operation. Or it can be implemented by a combination of dedicated hardware and computer instructions.
描述于本申请实施例中所涉及到的单元可以通过软件的方式实现,也可以通过硬件的方式来实现。所描述的单元也可以设置在处理器中,例如,可以描述为:一种处理器包括获取单元、确定单元、第一生成单元和第二生成单元。其中,这些单元的名称在某种情况下并不构成对该单元本身的限定,例如,获取单元还可以被描述为“获取认证请求”。The units involved in the embodiments of the present application may be implemented by software or by hardware. The described unit may also be provided in the processor, for example, as a processor including an acquisition unit, a determination unit, a first generation unit, and a second generation unit. The names of these units do not constitute a limitation on the unit itself under certain circumstances. For example, the obtaining unit may also be described as “acquiring an authentication request”.
作为另一方面,本申请还提供了一种计算机可读介质,该计算机可读介质可以是上述实施例中描述的装置中所包含的;也可以是单独存在,而未装配入该装置中。上述计算机可读介质承载有一个或者多个程序,当上述一个或者多个程序被该装置执行时,使得该装置:获取认证请求,其中,上述认证请求包括用户人脸数据和用户标识;确定预先存储的第一人脸数据库是否包括与上述用户人脸数据匹配的人脸数据,其中,人脸数据库包括人脸数据和与人脸数据对应的身份标识;响应于确定上述第一人脸数据库不包括与上述用户人脸数据匹配的人脸数据,生成以及向预先确定的电子设备发送数据请求,其中,上述数据请求包括上述用户人脸数据和/或上述用户标识,上述电子设备基于上述数据请求和预先存储的第二人脸数据库,生成以及返回请求结果,其中,上述第二人脸数据库与上述第一人脸数据库之间相互隔离;根据上述请求结果,生成认证结果,其中,上述认证结果用于指示认证通过或者认证不通过。In another aspect, the present application also provides a computer readable medium, which may be included in the apparatus described in the above embodiments, or may be separately present and not incorporated into the apparatus. The computer readable medium carries one or more programs, when the one or more programs are executed by the device, causing the device to: obtain an authentication request, wherein the authentication request includes user face data and a user identifier; Whether the stored first face database includes face data matching the user face data, wherein the face database includes face data and an identity corresponding to the face data; and in response to determining that the first face database is not Included with the face data matching the user face data, generating and transmitting a data request to a predetermined electronic device, wherein the data request includes the user face data and/or the user identifier, and the electronic device is based on the data request And generating, by the second face database, and returning the result of the request, wherein the second face database and the first face database are isolated from each other; and the authentication result is generated according to the result of the request, wherein the authentication result is Used to indicate that the authentication passed or the authentication failed.
以上描述仅为本申请的较佳实施例以及对所运用技术原理的说明。本领域技术人员应当理解,本申请中所涉及的发明范围,并不限于上述技术特征的特定组合而成的技术方案,同时也应涵盖在不脱离上述发明构思的情况下,由上述技术特征或其等同特征进行任意组合而形成的其它技术方案。例如上述特征与本申请中公开的(但不限于)具有类似功能的技术特征进行互相替换而形成的技术方案。The above description is only a preferred embodiment of the present application and a description of the principles of the applied technology. It should be understood by those skilled in the art that the scope of the invention referred to in the present application is not limited to the specific combination of the above technical features, and should also be covered by the above technical features or without departing from the above inventive concept. Other technical solutions formed by arbitrarily combining the equivalent features. For example, the above features are combined with the technical features disclosed in the present application, but are not limited to the technical features having similar functions.

Claims (11)

  1. 一种认证方法,包括:An authentication method that includes:
    获取认证请求,其中,所述认证请求包括用户人脸数据和用户标识;Obtaining an authentication request, where the authentication request includes user face data and a user identifier;
    确定预先存储的第一人脸数据库是否包括与所述用户人脸数据匹配的人脸数据,其中,人脸数据库包括人脸数据和与人脸数据对应的身份标识;Determining whether the pre-stored first face database includes face data matching the user face data, wherein the face database includes face data and an identity identifier corresponding to the face data;
    响应于确定所述第一人脸数据库不包括与所述用户人脸数据匹配的人脸数据,生成以及向预先确定的电子设备发送数据请求,其中,所述数据请求包括所述用户人脸数据和/或所述用户标识,所述电子设备基于所述数据请求和预先存储的第二人脸数据库,生成以及返回请求结果,其中,所述第二人脸数据库与所述第一人脸数据库之间相互隔离;Generating and transmitting a data request to a predetermined electronic device in response to determining that the first face database does not include face data that matches the user face data, wherein the data request includes the user face data And/or the user identifier, the electronic device generates and returns a request result based on the data request and a pre-stored second face database, wherein the second face database and the first face database Isolated from each other;
    根据所述请求结果,生成认证结果,其中,所述认证结果用于指示认证通过或者认证不通过。And generating an authentication result according to the result of the request, where the authentication result is used to indicate that the authentication passes or the authentication fails.
  2. 根据权利要求1所述的方法,其中,所述数据请求包括所述用户标识;所述电子设备在第二人脸数据库中,查找与所述用户标识匹配的身份标识,将查找到的身份标识对应的人脸数据作为请求结果返回;以及The method according to claim 1, wherein the data request includes the user identifier; the electronic device searches for a identity identifier matching the user identifier in a second face database, and the found identity identifier The corresponding face data is returned as a result of the request;
    所述根据所述请求结果,生成认证结果,包括:And generating, according to the result of the request, an authentication result, including:
    确定接收到的人脸数据与所述用户人脸数据是否匹配;Determining whether the received face data matches the user face data;
    响应于确定接收到的人脸数据与所述用户人脸数据匹配,生成用于指示认证通过的认证结果。In response to determining that the received face data matches the user face data, an authentication result indicating that the authentication is passed is generated.
  3. 根据权利要求1所述的方法,其中,所述数据请求包括所述用户人脸数据;所述电子设备在第二人脸数据库中,查找与所述用户人脸数据匹配的人脸数据,将查找到的人脸数据对应的身份标识作为请求结果返回;以及The method according to claim 1, wherein said data request includes said user face data; said electronic device in said second face database searches for face data matching said user face data, The identity corresponding to the found face data is returned as a result of the request;
    所述根据所述请求结果,生成认证结果,包括:And generating, according to the result of the request, an authentication result, including:
    确定接收到的身份标识与所述用户标识是否匹配;Determining whether the received identity identifies a match with the user identity;
    响应于确定接收到的身份标识与所述用户标识匹配,生成用于指示认证通过的认证结果。In response to determining that the received identity identifies a match with the user identity, an authentication result is generated to indicate that the authentication passed.
  4. 根据权利要求1所述的方法,其中,所述数据请求包括所述用户人脸数据和所述用户标识;所述电子设备在第二人脸数据库中,查找与所述用户标识匹配的身份标识,确定查找到的身份标识对应的人脸数据与所述用户人脸数据是否匹配,响应于确定查找到的身份标识对应的人脸数据与所述用户人脸数据匹配,将认证一致信息作为请求结果返回;以及The method of claim 1, wherein the data request includes the user face data and the user identification; the electronic device in the second face database looks for an identity that matches the user identification Determining whether the face data corresponding to the found identity matches the user face data, and in response to determining that the face data corresponding to the found identity identifier matches the user face data, the authentication consistency information is used as a request. The result is returned;
    所述根据所述请求结果,生成认证结果,包括:And generating, according to the result of the request, an authentication result, including:
    响应于接收到所述认证一致信息,生成用于指示认证通过的认证结果。In response to receiving the authentication agreement information, an authentication result indicating that the authentication is passed is generated.
  5. 根据权利要求1所述的方法,其中,所述确定预先存储的第一人脸数据库是否包括与所述用户人脸数据匹配的人脸数据,包括:The method according to claim 1, wherein the determining whether the pre-stored first face database includes face data matching the user face data comprises:
    在所述第一人脸数据库中,查找与所述用户人脸数据匹配的人脸数据;以及Finding face data matching the user face data in the first face database;
    所述方法还包括:The method further includes:
    响应于查找到与所述用户人脸数据匹配的人脸数据,确定查找到的人脸数据对应的身份标识与所述用户标识是否匹配;Determining whether the identity identifier corresponding to the found face data matches the user identifier, in response to finding the face data that matches the user face data;
    响应于确定查找到的人脸数据对应的身份标识与所述用户标识匹配,生成用于指示认证通过的认证结果。And in response to determining that the identity identifier corresponding to the found face data matches the user identifier, generating an authentication result indicating that the authentication is passed.
  6. 根据权利要求1所述的方法,其中,所述确定预先存储的第一人脸数据库是否包括与所述用户人脸数据匹配的人脸数据,包括:The method according to claim 1, wherein the determining whether the pre-stored first face database includes face data matching the user face data comprises:
    在所述第一人脸数据库中,查找与所述用户标识匹配的身份标识;In the first face database, searching for an identity that matches the user identifier;
    响应于查找到与所述用户标识匹配的身份标识,确定查找到的身份标识对应的人脸数据与所述用户人脸数据是否匹配;以及Determining whether the face data corresponding to the found identity identifier matches the user face data in response to finding the identity identifier that matches the user identifier;
    所述方法还包括:The method further includes:
    响应于确定查找到的身份标识对应的人脸数据与所述用户人脸数据匹配,生成用于指示认证通过的认证结果。And in response to determining that the face data corresponding to the found identity identifier matches the user face data, generating an authentication result indicating that the authentication is passed.
  7. 根据权利要求1-6中任一项所述的方法,其中,所述确定预先存储的第一人脸数据库是否包括与所述用户人脸数据匹配的人脸数据,还包括:The method according to any one of claims 1 to 6, wherein the determining whether the pre-stored first face database includes face data matching the user face data further comprises:
    根据所述用户人脸数据,确定所述用户人脸数据所指示的人脸是否是活体人脸;Determining, according to the user face data, whether the face indicated by the user face data is a living face;
    响应于确定所述用户人脸数据所指示的人脸不是活体人脸,生成用于指示认证不通过的认证结果。In response to determining that the face indicated by the user face data is not a living face, an authentication result indicating that the authentication fails is generated.
  8. 根据权利要求1-6中任一项所述的方法,其中,终端响应于接收到用于触发预定义操作的操作信息,获取所述用户人脸数据和所述用户标识,以及根据所述用户人脸数据和所述用户标识生成认证请求。The method according to any one of claims 1 to 6, wherein the terminal acquires the user face data and the user identifier in response to receiving operation information for triggering a predefined operation, and according to the user The face data and the user identification generate an authentication request.
  9. 根据权利要求8所述的方法,其中,所述终端响应于获取到用于指示认证通过的认证结果,执行所述预定义操作。The method of claim 8, wherein the terminal performs the predefined operation in response to obtaining an authentication result indicating that the authentication is passed.
  10. 一种电子设备,包括:An electronic device comprising:
    一个或多个处理器;One or more processors;
    存储装置,其上存储有一个或多个程序,a storage device on which one or more programs are stored,
    当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现如权利要求1-9中任一所述的方法。The one or more programs are executed by the one or more processors such that the one or more processors implement the method of any of claims 1-9.
  11. 一种计算机可读介质,其上存储有计算机程序,其中,所述程序被处理器执行时实现如权利要求1-9中任一所述的方法。A computer readable medium having stored thereon a computer program, wherein the program is executed by a processor to implement the method of any of claims 1-9.
PCT/CN2018/124942 2018-05-04 2018-12-28 Authentication method WO2019210698A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810421509.1A CN108600250A (en) 2018-05-04 2018-05-04 Authentication method
CN201810421509.1 2018-05-04

Publications (1)

Publication Number Publication Date
WO2019210698A1 true WO2019210698A1 (en) 2019-11-07

Family

ID=63620846

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/124942 WO2019210698A1 (en) 2018-05-04 2018-12-28 Authentication method

Country Status (2)

Country Link
CN (1) CN108600250A (en)
WO (1) WO2019210698A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108600250A (en) * 2018-05-04 2018-09-28 上海掌门科技有限公司 Authentication method
CN110991231B (en) * 2019-10-28 2022-06-14 支付宝(杭州)信息技术有限公司 Living body detection method and device, server and face recognition equipment
CN110991390B (en) * 2019-12-16 2023-04-07 腾讯云计算(北京)有限责任公司 Identity information retrieval method and device, service system and electronic equipment
CN111414596A (en) * 2020-04-07 2020-07-14 中国建设银行股份有限公司 Method and device for processing request
CN114884739A (en) * 2022-05-18 2022-08-09 中国建设银行股份有限公司 Data processing method, device, equipment, medium and product

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140254892A1 (en) * 2013-03-06 2014-09-11 Suprema Inc. Face recognition apparatus, system and method for managing users based on user grouping
CN106411856A (en) * 2016-09-06 2017-02-15 北京交通大学 Authentication method and apparatus based on face recognition of mobile terminal
CN106778607A (en) * 2016-12-15 2017-05-31 国政通科技股份有限公司 A kind of people based on recognition of face and identity card homogeneity authentication device and method
CN106952371A (en) * 2017-03-21 2017-07-14 北京深度未来科技有限公司 A kind of face roaming authentication method and system
CN108600250A (en) * 2018-05-04 2018-09-28 上海掌门科技有限公司 Authentication method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140254892A1 (en) * 2013-03-06 2014-09-11 Suprema Inc. Face recognition apparatus, system and method for managing users based on user grouping
CN106411856A (en) * 2016-09-06 2017-02-15 北京交通大学 Authentication method and apparatus based on face recognition of mobile terminal
CN106778607A (en) * 2016-12-15 2017-05-31 国政通科技股份有限公司 A kind of people based on recognition of face and identity card homogeneity authentication device and method
CN106952371A (en) * 2017-03-21 2017-07-14 北京深度未来科技有限公司 A kind of face roaming authentication method and system
CN108600250A (en) * 2018-05-04 2018-09-28 上海掌门科技有限公司 Authentication method

Also Published As

Publication number Publication date
CN108600250A (en) 2018-09-28

Similar Documents

Publication Publication Date Title
WO2019210698A1 (en) Authentication method
JP2022532677A (en) Identity verification and management system
EP4007984A1 (en) Self-sovereign identity systems and methods for identification documents
WO2020182005A1 (en) Method for information processing in digital asset certificate inheritance transfer, and related device
US10270757B2 (en) Managing exchanges of sensitive data
CN109948320B (en) Block chain-based identity recognition management method, device, medium and electronic equipment
JP6549361B2 (en) Identification system
WO2020155839A1 (en) Blockchain-based method and device for performing scene-based deposition on face information
CN110602114B (en) Block chain-based identity authentication method and device, storage medium and electronic equipment
WO2020108152A1 (en) Method, device and electronic equipment for preventing misuse of identity data
US11681883B2 (en) Systems and methods of identification verification using near-field communication and optical authentication
CN104486306B (en) Identity authentication method is carried out based on finger hand vein recognition and cloud service
US20220172514A1 (en) Monitoring Devices at Enterprise Locations Using Machine-Learning Models to Protect Enterprise-Managed Information and Resources
WO2019134548A1 (en) Identity recognition method, apparatus and system
US20200334430A1 (en) Self-sovereign identity systems and methods for identification documents
CN113191902A (en) Transaction processing method and device based on block chain, electronic equipment and medium
CN113158156A (en) Service processing method, system, device, electronic equipment and storage medium
US8904508B2 (en) System and method for real time secure image based key generation using partial polygons assembled into a master composite image
WO2017129068A1 (en) Event execution method and device and system therefor
CN114780932A (en) Cross-block chain data interaction verification method, system and equipment for management three-mode platform
CN110020239B (en) Malicious resource transfer webpage identification method and device
CN112367314A (en) Identity authentication method, device, computing equipment and medium
US20240037250A1 (en) Using machine-learning models to determine graduated levels of access to secured data for remote devices
CN116305074A (en) Enterprise information management method based on authority configuration and related equipment thereof
CN116933303A (en) Data management method, device, storage medium and electronic equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18917051

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18917051

Country of ref document: EP

Kind code of ref document: A1