WO2020238534A1 - Method and device for data certificate authorization, computer device, and storage medium - Google Patents

Method and device for data certificate authorization, computer device, and storage medium Download PDF

Info

Publication number
WO2020238534A1
WO2020238534A1 PCT/CN2020/087474 CN2020087474W WO2020238534A1 WO 2020238534 A1 WO2020238534 A1 WO 2020238534A1 CN 2020087474 W CN2020087474 W CN 2020087474W WO 2020238534 A1 WO2020238534 A1 WO 2020238534A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
face
face image
data
learning model
Prior art date
Application number
PCT/CN2020/087474
Other languages
French (fr)
Chinese (zh)
Inventor
古明涌
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2020238534A1 publication Critical patent/WO2020238534A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates

Definitions

  • This application relates to the field of artificial intelligence technology, in particular to data credential authorization methods, devices, computer equipment and storage media.
  • this application provides a data voucher authorization method, device, computer equipment and storage medium.
  • a data certificate authorization method including:
  • Receiving a request from a user to obtain a data voucher obtaining a face image of the user, wherein the request includes voucher information of the data voucher to be obtained by the user;
  • the acquired credential information associated with the user’s face image query the acquired credential information associated with the user’s face image, where the acquired credential information includes the number of data vouchers acquired in the user’s history and the acquired The expiration time of the data certificate;
  • the data voucher is authorized to the user, and the acquired credential information of the user is updated and stored in association with the face image of the user.
  • a data certificate authorization device including:
  • the face image acquisition unit is configured to receive a user's request for acquiring data credentials, and acquire a face image of the user;
  • the credential information query unit is configured to query the acquired credential information associated with the face information of the user according to the face image of the user, wherein the acquired credential information includes the number of data vouchers that the user has acquired And the expiration time of the obtained data certificate;
  • the authorization information confirmation unit is configured to send the obtained credential information associated with the user's face information to the authorization confirmation server, so that the authorization confirmation server can perform authorization confirmation;
  • the data voucher authorization unit is configured to receive an authorization confirmation instruction from the authorization confirmation server, authorize the data voucher to the user, and associate the user's acquired credential information with the user's face image after updating storage.
  • a computer device including a memory and a processor.
  • the memory stores computer-readable instructions.
  • the processor executes the above Describe the steps of the data certificate authorization method.
  • a storage medium storing computer-readable instructions.
  • the one or more processors execute the data voucher authorization method. step.
  • Fig. 1 is a diagram of an implementation environment of a data credential authorization method provided in an embodiment.
  • Fig. 2 is a flow chart showing a method for authorizing a data voucher according to an exemplary embodiment.
  • FIG. 3 is a specific implementation flow chart of step S120 in the data voucher authorization method according to the embodiment corresponding to FIG. 2.
  • Fig. 4 is another specific implementation flowchart of step S120 in the data voucher authorization method according to the embodiment corresponding to Fig. 2.
  • Fig. 5 is a specific implementation flow chart of step S130 in the data voucher authorization method according to the embodiment corresponding to Fig. 2.
  • FIG. 6 is another specific implementation flowchart of step S130 in the data voucher authorization method according to the embodiment corresponding to FIG. 2.
  • Fig. 7 is a block diagram showing a data voucher authorization device according to an exemplary embodiment.
  • Fig. 8 schematically shows an exemplary block diagram of an electronic device for implementing the above-mentioned data credential authorization method.
  • Fig. 9 schematically shows a computer-readable storage medium for implementing the above-mentioned data credential authorization method.
  • FIG. 1 is an implementation environment diagram of a data credential authorization method provided in an embodiment. As shown in FIG. 1, the implementation environment includes a computer device 100, a user terminal 200, and an authorization confirmation server 300.
  • the computer device 100 is a data voucher management device, for example, a computer, a server, and other computer devices used by data voucher operation and maintenance personnel.
  • the user terminal 200 is installed with a client that performs a data credential authorization request. After the user submits the data credential authorization through the user terminal 200 running the client, the computer device 100 obtains the user's face image according to the authorization request, and then extracts the user's obtained credential information based on the face image, and then the user's obtained credential information The credential information is sent to the authorization confirmation server 300, and the authorization confirmation server 300 sends the authorization confirmation information to the computer device 100 after performing authorization confirmation according to the obtained credential information and the user's request for obtaining data credential. After receiving the authorization confirmation instruction from the authorization confirmation server, the computer device 100 authorizes the data voucher to the user, and updates the obtained credential information of the user and stores it in association with the face image of the user .
  • the authorization confirmation server 300, the user terminal 200, and the computer device 100 may be smart phones, tablet computers, notebook computers, desktop computers, etc., but are not limited thereto.
  • the computer device 100, the user terminal 200, and the authorization confirmation server 300 can be connected via Bluetooth, USB (Universal Serial Bus, Universal Serial Bus) or other communication connection methods, which is not limited in this application.
  • a data voucher authorization method is proposed.
  • the data voucher authorization method can be applied to the above-mentioned computer device 100, and specifically may include the following steps:
  • Step S110 receiving a request from a user to obtain a data voucher, and obtaining a face image of the user, where the request includes voucher information of the data voucher to be obtained by the user;
  • the user's face image After receiving the user's request for obtaining data credentials, first obtain the user's face image, which may be obtained by the camera device of the user terminal 200 or by the camera device of the computer device 100.
  • the user terminal 200 is the user's mobile phone. After the user sends a request for obtaining data credentials, the user follows the shooting guide displayed on the screen of his mobile phone to take a face image, and then captures the captured face The image is sent to the computer device 100.
  • the shooting guide is to ensure that the image captured by the user is the user's own, rather than randomly shooting other people's faces, and also to reduce the pressure of image processing in the subsequent face recognition process.
  • the user requests to obtain data voucher in the voucher granting hall
  • the user terminal 200 is a terminal device in the hall for users to operate.
  • the computer device 100 in the hall will automatically Get the user's face information.
  • the request includes the credential information of the data voucher to be obtained by the user, and the credential information of the data voucher to be obtained by the user may include the expiration time of the voucher to be obtained, the characteristic identifier, and the quantity to be obtained by the user. And so on in order to compare in subsequent steps.
  • Step S120 According to the face image of the user, query the acquired credential information associated with the face image of the user, where the acquired credential information includes the number of data vouchers acquired in the user history and all State the expiration time of the obtained data certificate;
  • the obtained voucher information may also include the expiration time of the obtained voucher, the characteristic identifier, and the number obtained by the user.
  • Step S130 Send the obtained credential information associated with the user’s face information and the user’s request for obtaining data credential to the authorization confirmation server, so that the authorization confirmation server is based on the obtained credential information and the user’s acquisition.
  • Data certificate request for authorization confirmation
  • the user's request for data credential acquisition and the acquired credential information associated with the user's face information can be sent to the authorization confirmation server 300 .
  • the authorization confirmation server 300 performs authorization confirmation.
  • the authorization confirmation server 300 is a server used by the authorized administrator, and the authorization confirmation server 300 receives the user's request for obtaining data credentials and the information associated with the user's face information. After obtaining the credential information, the authorized administrator confirms the authorization of the request according to the information received by the authorization confirmation server 300. If the data credential that the user has obtained, the expiration time and the data credential to be obtained this time When the number of data vouchers with the same or similar expiration time is greater than the predetermined number, the user can be denied authorization, and if it does not reach the predetermined number, the user can be authorized.
  • the predetermined number may be 1, 2, 5, 9, etc., and is determined according to the purpose and the issued amount of the data voucher, which is not limited in this application.
  • the authorization confirm Request authorization confirmation is that if the number of data vouchers with the same or similar expiration time as the expiration time of the data vouchers to be obtained this time is greater than a predetermined number among the data vouchers that the user has obtained, the user can be denied authorization , If it does not reach the predetermined number, it will be authorized.
  • the predetermined number may be a fixed value, or may be determined according to a formula, which is not limited in this application.
  • the data voucher is a data voucher used to obtain a certain limited resource, and the formula for determining the predetermined number may be:
  • n is the predetermined number
  • W is the pre-issued number of the data vouchers
  • i is the minimum number of people scheduled to issue the data vouchers
  • j is the popularity index of the limited resource, for example, the limited resource is pre-issued The previous pageviews, or the percentage of users who are interested in the limited resources during the survey.
  • the values of W, i, and j are all deployed in the authorization confirmation server 300 before authorization is started.
  • n calculated by the above formula If the value of n calculated by the above formula is not less than 1, then set the predetermined number to the calculated value of n; if the value of n is less than 1, set the predetermined number to 1.
  • Step S140 If the authorization confirmation instruction from the authorization confirmation server is received, the data voucher is authorized to the user, and the acquired credential information of the user is updated and stored in association with the face image of the user.
  • the data voucher can be authorized to the user after authorization confirmation by the authorization confirmation server 300.
  • the obtained credential information of the user can be updated, and the updated information can be compared with the user’s personal information.
  • the face image is stored in association for the next use.
  • the data voucher is an electronic ticket.
  • the technical solution of this application can effectively prevent ticket sellers from robbing tickets. Authentication, because in the prior art, most of the methods to prevent ticket sellers from grabbing tickets are through real-name authentication. For this method, ticket sellers can purchase through multiple certificates, and can also obtain a large number of tickets. One method is to limit the number of tickets purchased at a time. For this method, ticket sellers can achieve their goals by purchasing a small number of times.
  • this application uses face recognition, a method of authenticating biological information with a unique identification function, to sell tickets, so as to prevent ticket sellers from selling tickets.
  • the specific principle is that the user’s face The information is bound to its ticket purchase information, and the ticket purchase information includes the number of tickets purchased, and the start time.
  • the ticket purchase information includes the number of tickets purchased, and the start time.
  • the ticket sellers cannot achieve the purpose of obtaining a large number of tickets by using multiple certificates of different people. This can effectively prevent the ticket sellers from disrupting the market, allowing consumers to obtain tickets fairly, and making consumers The ticketing platform is more trusted.
  • FIG. 3 is a detailed description of step S120 in the data voucher authorization method according to the embodiment corresponding to FIG. 2.
  • step S120 may include the following steps:
  • Step S121 processing the user's face image into a preset size
  • the device used may be different when acquiring the face image of the user, when recognizing the face image of the user, in order to facilitate the recognition, it is necessary to preprocess the image of the user, namely After the user’s face image is cropped except for the background of the face portion, the cropped image is converted into a predetermined size and predetermined pixels.
  • the predetermined size is 4.8 cm by 3.3. cm
  • the predetermined pixel is 600 ppi.
  • Step S123 Scan the user's face image of a preset size, extract the user's facial features, and form a facial feature vector, where the facial features include the length, width, and length or width of the face , At least one of the length or width of the lips, and the skin color of the face.
  • the facial features include the length and width of the human face, the distance from the nose to the lips, the distance from the eyes to the nose, the interpupillary distance of the human face, and the skin color of the human face, and the feature vector is composed of
  • c, w, l nl , l ne , d and r, g, b respectively represent the length and width of the face, the distance from the nose to the lips, the distance from the eyes to the nose, the interpupillary distance of the face, and the skin color of the face.
  • Step S125 Input the face feature vector of the user into a first machine learning model, and the first machine learning model outputs the identity of the user.
  • the feature vector Input the machine learning model, and the machine learning model compares the feature vectors one by one For each value in the identities of the user, those that are consistent with these characteristic values are found as the identity of the user.
  • Step S127 according to the user's identity, query the acquired credential information associated with the user's identity.
  • the obtained credential information associated with the user's identity can be queried.
  • the first machine learning model is trained as follows:
  • each face image sample in the face image sample set has a user identity label attached in advance
  • the face feature vectors of the face image samples are input into the first machine learning model one by one.
  • the first machine learning model outputs the determined user identity and compares it with the posted user identity. If it is inconsistent, adjust the first machine
  • the learning model makes the user identity output by the first machine learning model consistent with the label.
  • the identity tag Since the identity tag has been affixed to the sample, the identity of the face image is known. Use the known result as the desired output to train the machine learning model.
  • the learning method is: constantly changing the connection weight of the network under the stimulation of the external input sample. The essence of learning is to dynamically adjust the weight of each connection. Since the expected output is known, if the output of the machine learning model does not match the expected output, the weight of each connection is automatically adjusted until the output obtained is consistent with the expected output. In this way, the first machine learning model is trained. When the first machine learning model is well trained, as long as the feature vectors extracted from the user's face image are input into the first machine learning model in a group, the first machine learning model will be the face image identity of.
  • FIG. 4 is a detailed description of step S120 in the data voucher authorization method according to the embodiment corresponding to FIG. 2.
  • step S120 may include the following steps:
  • Step S122 Scan the face image of the user and the stored face image of the user respectively, and obtain the face features of the face image of the user and the face features of the stored face image of the user.
  • the face image of the user specifically refers to the face image of the user who requests to obtain data credentials. That is, the face image of the user who is currently requesting to obtain data credentials and the face image of the user who have been stored are scanned separately.
  • the face feature includes the length and width of the face and the length and width of the facial features in the face image.
  • Step S124 The facial features of the user's facial image and the stored facial features of the user's facial image are input into a second machine learning model together, and the second machine learning model outputs the user's facial image The result is the same as the stored user's face image.
  • the machine learning model After acquiring the facial features, the machine learning model compares the two sets of facial features one by one, and obtains the difference between each of the two sets of facial features, and then calculates the average of the differences And the variance, and then put it into the formula f(x), the expression of the formula f(x) is
  • Step S126 If the face image of the user is the same as the stored face image of the user, retrieve the acquired credential information associated with the face image.
  • the acquired credential information associated with the face image can be retrieved for subsequent processing. If the person of the user is determined If the face image is not the same as the stored all face images, set the acquired credential information associated with the face image to be 0, and proceed to the next step.
  • the second machine learning model is trained as follows:
  • the positive sample pair and the negative sample pair constitute a sample pair set
  • the face feature vectors of two of each sample pair in the sample pair set are input into the second machine learning model one by one for learning. If a positive sample outputs a different judgment result to the second machine learning model, Or, for negative samples, the same judgment result is output to the second machine learning model, and the second machine learning model is adjusted so that the second machine learning model outputs the opposite judgment result.
  • the learning method is: constantly changing the connection weight of the network under the stimulation of the external input sample.
  • the essence of learning is to dynamically adjust the weight of each connection. Since the expected output is known, if the output of the machine learning model does not match the expected output, the weight of each connection is automatically adjusted until the output obtained is consistent with the expected output. In this way, the first machine learning model is trained.
  • the second machine learning model is well trained, as long as the two sets of facial features extracted from the face photos are input into the second machine learning model, the second machine learning model will output the user’s person The result of whether the face image is the same as the stored user face image.
  • FIG. 5 is a detailed description of step S130 in the data voucher authorization method according to the embodiment corresponding to FIG. 2.
  • the obtained voucher information includes information about the data voucher obtained by the user.
  • the quantity and the expiration time of the acquired data voucher, step S130 may include the following steps:
  • Step S131 judging whether the number of data vouchers with the same valid time as the data vouchers requested by the user that the user has obtained exceeds an alarm threshold according to the acquired credential information associated with the user's face information;
  • Step S132 If the alarm threshold is exceeded, send the acquired credential information associated with the user's face information, the user's request for data credential acquisition, and the alarm information to the authorization confirmation server, so that the authorization confirmation server refuses to contact the user.
  • the user authorization If the alarm threshold is exceeded, send the acquired credential information associated with the user's face information, the user's request for data credential acquisition, and the alarm information to the authorization confirmation server, so that the authorization confirmation server refuses to contact the user. The user authorization.
  • the alarm threshold may be 1, 2, 6, etc., set according to the characteristics of the data voucher, or calculated according to a formula.
  • the formula for determining the warning threshold may be:
  • n is the warning threshold reference value
  • the warning threshold is set to n
  • n is the minimum number of people scheduled to issue the data voucher
  • j is the popularity index of the data voucher.
  • the values of W, i, and j are all deployed in the authorization confirmation server 300 before authorization is started.
  • the authorization confirmation server 300 is a server used by the authorized administrator. First, the computer device determines whether the number of data vouchers that have the same validity time as the data vouchers requested by the user exceeds the alarm threshold, and if it exceeds the alarm threshold, sends the acquired information associated with the user's face information The credential information, the user's request for obtaining data credential, and the alarm information are sent to the authorization confirmation server. If the alarm threshold is not exceeded, the alarm information is not sent to the authorization confirmation server 300.
  • the authorization confirmation server 300 After the authorization confirmation server 300 receives the user's request for obtaining data credentials, the obtained credentials information associated with the user's face information, and the alarm information, the authorized administrator confirms the information received by the server 300 according to the authorization , Carry out a risk assessment, and use the warning information as a basis for denying authorization to the user.
  • FIG. 6 is a detailed description of step S130 in the data voucher authorization method according to the embodiment corresponding to FIG. 2.
  • the obtained voucher information includes information about the data voucher obtained by the user.
  • the quantity and the expiration time of the acquired data voucher, step S130 may include the following steps:
  • Step S131 According to the acquired credential information associated with the face information of the user, determine whether the number of data credential that the user has acquired with the same valid time as the data credential requested by the user exceeds an alarm threshold;
  • Step S133 If the alarm threshold is exceeded, send the acquired credential information associated with the user's face information, the user's request for data credential acquisition, and the authorization prohibition instruction to the authorization confirmation server to prohibit the authorization confirmation server from pairing The user authorization.
  • the computer device 100 first determines whether the number of data vouchers that have been obtained by the user and the valid time of the data vouchers requested by the user exceeds the alarm If the threshold exceeds the alarm threshold, an authorization prohibition instruction is sent to the authorization confirmation server 300 to prohibit the authorization confirmation server 300 from authorizing the user. This ensures that even if the authorization confirmation server is manipulated, the user cannot be authorized.
  • the data voucher is an electronic ticket.
  • the method of setting a warning threshold is mainly used to increase the matching of ticket sellers.
  • the alarm threshold can be set according to the popularity of the ticket. For hot tickets, a lower alarm threshold can be set, for example, 5, 3, or 2 tickets. For particularly popular tickets, It can even be set to one, and for relatively unpopular tickets, it can be set to a relatively high threshold such as 6, 8, or 9 to achieve the purpose of regulation.
  • a data voucher authorization device is provided.
  • the data voucher authorization device may be integrated in the above-mentioned computer equipment 100, and may specifically include a face image acquisition unit 110 and a voucher information query unit. 120.
  • the face image obtaining unit 110 is configured to receive a user's request for obtaining data credentials, and obtain a face image of the user;
  • the credential information query unit 120 is configured to query the acquired credential information associated with the face information of the user according to the face image of the user, wherein the acquired credential information includes the data vouchers that the user has acquired The quantity and the expiration time of the obtained data certificate;
  • the authorization information confirmation unit 130 is configured to send the obtained credential information associated with the user's face information to the authorization confirmation server, so that the authorization confirmation server can perform authorization confirmation;
  • the data voucher authorization unit 140 is configured to receive an authorization confirmation instruction from the authorization confirmation server, authorize the data voucher to the user, and update the user's acquired credential information with the user's face image Associated storage.
  • modules or units of the device for action execution are mentioned in the above detailed description, this division is not mandatory.
  • the features and functions of two or more modules or units described above may be embodied in one module or unit.
  • the features and functions of a module or unit described above can be further divided into multiple modules or units to be embodied.
  • the example embodiments described here can be implemented by software, or can be implemented by combining software with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (can be a CD-ROM, U disk, mobile hard disk, etc.) or on the network , Including several instructions to make a computing device (which can be a personal computer, a server, a mobile terminal, or a network device, etc.) execute the method according to the embodiments of the present disclosure.
  • a computing device which can be a personal computer, a server, a mobile terminal, or a network device, etc.
  • an electronic device capable of implementing the above method is also provided.
  • the electronic device 500 according to this embodiment of the present application will be described below with reference to FIG. 8.
  • the electronic device 500 shown in FIG. 8 is only an example, and should not bring any limitation to the functions and scope of use of the embodiments of the present application.
  • the electronic device 500 is represented in the form of a general-purpose computing device.
  • the components of the electronic device 500 may include, but are not limited to: the aforementioned at least one processing unit 510, the aforementioned at least one storage unit 520, and a bus 530 connecting different system components (including the storage unit 520 and the processing unit 510).
  • the storage unit stores program code, and the program code can be executed by the processing unit 510, so that the processing unit 510 executes the various exemplary methods described in the “exemplary method” section of this specification.
  • the processing unit 510 may perform step S110 as shown in FIG. 2 to receive a request from a user to obtain a data voucher, and obtain a face image of the user, wherein the request includes the data to be obtained by the user.
  • step S120 query the acquired credential information associated with the user’s face information according to the user’s face image
  • step S130 send the credential information associated with the user’s face information
  • step S140 receiving the authorization confirmation server
  • the authorization confirmation instruction is to authorize the data voucher to the user, and update the obtained credential information of the user and store it in association with the face image of the user.
  • the storage unit 520 may include a readable medium in the form of a volatile storage unit, such as a random access storage unit (RAM) 5201 and/or a cache storage unit 5202, and may further include a read-only storage unit (ROM) 5203.
  • RAM random access storage unit
  • ROM read-only storage unit
  • the storage unit 520 may also include a program/utility tool 5204 having a set (at least one) program module 5205.
  • program module 5205 includes but is not limited to: an operating system, one or more application programs, other program modules, and program data, Each of these examples or some combination may include the implementation of a network environment.
  • the bus 530 may represent one or more of several types of bus structures, including a storage unit bus or a storage unit controller, a peripheral bus, a graphics acceleration port, a processing unit, or a local area using any bus structure among multiple bus structures. bus.
  • the electronic device 500 may also communicate with one or more external devices 700 (such as keyboards, pointing devices, Bluetooth devices, etc.), and may also communicate with one or more devices that enable users to interact with the electronic device 500, and/or communicate with Any device (such as a router, modem, etc.) that enables the electronic device 500 to communicate with one or more other computing devices. This communication can be performed through an input/output (I/O) interface 550.
  • the electronic device 500 may also communicate with one or more networks (such as a local area network (LAN), a wide area network (WAN), and/or a public network, such as the Internet) through the network adapter 560. As shown in the figure, the network adapter 560 communicates with other modules of the electronic device 500 through the bus 530.
  • the example embodiments described here can be implemented by software, or can be implemented by combining software with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (can be a CD-ROM, U disk, mobile hard disk, etc.) or on the network , Including several instructions to make a computing device (which may be a personal computer, server, terminal device, or network device, etc.) execute the method according to the embodiments of the present disclosure.
  • a non-volatile storage medium can be a CD-ROM, U disk, mobile hard disk, etc.
  • Including several instructions to make a computing device which may be a personal computer, server, terminal device, or network device, etc.
  • a computer-readable storage medium is also provided, on which a program product capable of implementing the above method of this specification is stored.
  • the storage medium may be non-volatile or volatile.
  • various aspects of the present application can also be implemented in the form of a program product, which includes program code.
  • the program product runs on a terminal device, the program code is used to enable the The terminal device executes the steps according to various exemplary implementations of the present application described in the above "Exemplary Method" section of this specification.
  • a program product 600 for implementing the above method according to an embodiment of the present application is described. It can adopt a portable compact disk read-only memory (CD-ROM) and include program code, and can be installed in a terminal device, For example, running on a personal computer.
  • CD-ROM compact disk read-only memory
  • the program product of this application is not limited to this.
  • the readable storage medium can be any tangible medium that contains or stores a program, and the program can be used by or combined with an instruction execution system, device, or device.
  • the program product can use any combination of one or more readable media.
  • the readable medium may be a readable signal medium or a readable storage medium.
  • the readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or any combination of the above. More specific examples (non-exhaustive list) of readable storage media include: electrical connections with one or more wires, portable disks, hard drives, random access memory (RAM), read-only memory (ROM), erasable Type programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
  • the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, and readable program code is carried therein. This propagated data signal can take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing.
  • the readable signal medium may also be any readable medium other than a readable storage medium, and the readable medium may send, propagate, or transmit a program for use by or in combination with the instruction execution system, apparatus, or device.
  • the program code contained on the readable medium can be transmitted by any suitable medium, including but not limited to wireless, wired, optical cable, RF, etc., or any suitable combination of the foregoing.
  • the program code used to perform the operations of this application can be written in any combination of one or more programming languages.
  • the programming languages include object-oriented programming languages—such as Java, C++, etc., as well as conventional procedural programming languages. Programming language-such as "C" language or similar programming language.
  • the program code can be executed entirely on the user's computing device, partly on the user's device, executed as an independent software package, partly on the user's computing device and partly executed on the remote computing device, or entirely on the remote computing device or server Executed on.
  • the remote computing device can be connected to a user computing device through any kind of network, including a local area network (LAN) or a wide area network (WAN), or can be connected to an external computing device (for example, using Internet service providers) Business to connect via the Internet).
  • LAN local area network
  • WAN wide area network
  • Internet service providers Internet service providers

Abstract

Disclosed are a method and device for data certificate authorization, a computer device, and a storage medium, related to the technical field of artificial intelligence. The method for data certificate authorization comprises: receiving a request of a user for acquiring a data certificate, acquiring a facial image of the user, where the request comprising certificate information of the data certificate that the user intends to acquire; searching, on the basis of the facial image of the user, for acquired certification information associated with facial information of the user; transmitting the acquired certificate information associated with the facial information of the user and the request of the user for acquiring the data certificate to an authorization confirmation server, thus allowing the authorization confirmation server to perform authorization confirmation; receiving an authorization confirmation instruction of the authorization confirmation server, authorizing the data certificate to the user, and updating the acquired certificate information of the user then storing in association with the facial image of the user. As such, the user is prevented from acquiring an excessive number of authorized data certificates.

Description

数据凭证授权方法、装置、计算机设备和存储介质Data certificate authorization method, device, computer equipment and storage medium
本申请要求于2019年5月24日提交中国专利局、申请号为201910441359.5,发明名称为“数据凭证授权方法、装置、计算机设备和存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on May 24, 2019, the application number is 201910441359.5, and the invention title is "Data certificate authorization method, device, computer equipment and storage medium", the entire content of which is by reference Incorporated in this application.
技术领域Technical field
本申请涉及人工智能技术领域,特别是涉及数据凭证授权方法、装置、计算机设备和存储介质。This application relates to the field of artificial intelligence technology, in particular to data credential authorization methods, devices, computer equipment and storage media.
背景技术Background technique
由于现有技术中,对于部分特殊的数据凭证,在没有严格的身份管理的情况下,常常会出现有部分用户会获取过多的授权凭证,导致所述数据凭证不能真正到达有需求的用户手中,严重损害用户的使用体验,同时也极大地浪费了计算机资源。发明人意识到,现有技术中虽然已经有通过身份认证防止这些用户获取过多授权的方法,但对于有多个身份的用户,并没有很好的效果。In the prior art, for some special data vouchers, without strict identity management, it often happens that some users will obtain too many authorization vouchers, resulting in that the data vouchers cannot really reach the users in need. , Which seriously damages the user’s experience and also greatly wastes computer resources. The inventor realizes that although there are methods for preventing these users from obtaining excessive authorization through identity authentication in the prior art, it does not have a good effect for users with multiple identities.
发明内容Summary of the invention
基于此,为解决相关技术中用户获取过多授权的数据凭证而降低其他用户体验的技术问题,本申请提供了一种数据凭证授权方法、装置、计算机设备和存储介质。Based on this, in order to solve the technical problem that users obtain too many authorized data vouchers in related technologies and reduce the experience of other users, this application provides a data voucher authorization method, device, computer equipment and storage medium.
第一方面,提供了一种数据凭证授权方法,包括:In the first aspect, a data certificate authorization method is provided, including:
接收到用户获取数据凭证的请求,获取所述用户的人脸图像,其中所述请求包含有所述用户要获取的数据凭证的凭证信息;Receiving a request from a user to obtain a data voucher, obtaining a face image of the user, wherein the request includes voucher information of the data voucher to be obtained by the user;
根据所述用户的人脸图像,查询与所述用户的人脸图像关联的已获取凭证信息,其中所述已获取凭证信息包括所述用户历史上已获取的数据凭证的数量和所述已获取数据凭证的过期时间;According to the user’s face image, query the acquired credential information associated with the user’s face image, where the acquired credential information includes the number of data vouchers acquired in the user’s history and the acquired The expiration time of the data certificate;
发送所述与所述用户的人脸信息关联的已获取凭证信息以及所述用户的获取数据凭证的请求至授权确认服务器,以便授权确认服务器根据已获取凭证信息以及所述用户的获取数据凭证的请求进行授权确认;Send the obtained credential information associated with the user's face information and the user's request for obtaining data credential to the authorization confirmation server, so that the authorization confirmation server is based on the obtained credential information and the user's obtaining data credential Request authorization confirmation;
若接收所述授权确认服务器的授权确认指令,将所述数据凭证授权给所述用户,并将所述用户的已获取凭证信息更新后与所述用户的人脸图像关联存储。If the authorization confirmation instruction from the authorization confirmation server is received, the data voucher is authorized to the user, and the acquired credential information of the user is updated and stored in association with the face image of the user.
第二方面,提供了一种数据凭证授权装置,包括:In a second aspect, a data certificate authorization device is provided, including:
人脸图像获取单元,用于接收到用户获取数据凭证的请求,获取所述用户的人脸图像;The face image acquisition unit is configured to receive a user's request for acquiring data credentials, and acquire a face image of the user;
凭证信息查询单元,用于根据所述用户的人脸图像,查询与所述用户的人脸信息关联的已获取凭证信息,其中所述已获取凭证信息包括所述用户已获取的数据凭证的数量和所述已获取数据凭证的过期时间;The credential information query unit is configured to query the acquired credential information associated with the face information of the user according to the face image of the user, wherein the acquired credential information includes the number of data vouchers that the user has acquired And the expiration time of the obtained data certificate;
授权信息确认单元,用于发送所述与所述用户的人脸信息关联的已获取凭证信息至授权确认服务器,以便授权确认服务器进行授权确认;The authorization information confirmation unit is configured to send the obtained credential information associated with the user's face information to the authorization confirmation server, so that the authorization confirmation server can perform authorization confirmation;
数据凭证授权单元,用于接收所述授权确认服务器的授权确认指令,将所述数据凭证授权给所述用户,并将所述用户的已获取凭证信息更新后与所述用户的人脸图像关联存储。The data voucher authorization unit is configured to receive an authorization confirmation instruction from the authorization confirmation server, authorize the data voucher to the user, and associate the user's acquired credential information with the user's face image after updating storage.
第三方面,提供了一种计算机设备,包括存储器和处理器,所述存储器中存储有计算机可读指令,所述计算机可读指令被所述处理器执行时,使得所述处理器执行上述所述数据凭证授权方法的步骤。In a third aspect, a computer device is provided, including a memory and a processor. The memory stores computer-readable instructions. When the computer-readable instructions are executed by the processor, the processor executes the above Describe the steps of the data certificate authorization method.
第四方面,提供了一种存储有计算机可读指令的存储介质,所述计算机可读指令被一个 或多个处理器执行时,使得一个或多个处理器执行上述所述数据凭证授权方法的步骤。In a fourth aspect, there is provided a storage medium storing computer-readable instructions. When the computer-readable instructions are executed by one or more processors, the one or more processors execute the data voucher authorization method. step.
上述数据凭证授权方法、装置、计算机设备和存储介质,由于人脸的唯一性,有多个身份的用户无法通过使用多个身份达到获取大量授权的目的,可以有效规范所述数据凭证的授权行为。Due to the uniqueness of the face, users with multiple identities cannot achieve the purpose of obtaining a large number of authorizations by using multiple identities, and can effectively regulate the authorization behavior of the data vouchers. .
附图说明Description of the drawings
图1是一个实施例中提供的数据凭证授权方法的实施环境图。Fig. 1 is a diagram of an implementation environment of a data credential authorization method provided in an embodiment.
图2是根据一示例性实施例示出的一种数据凭证授权方法的流程图。Fig. 2 is a flow chart showing a method for authorizing a data voucher according to an exemplary embodiment.
图3是根据图2对应实施例示出的数据凭证授权方法中步骤S120的一种具体实现流程图。FIG. 3 is a specific implementation flow chart of step S120 in the data voucher authorization method according to the embodiment corresponding to FIG. 2.
图4是根据图2对应实施例示出的数据凭证授权方法中步骤S120的另一种具体实现流程图。Fig. 4 is another specific implementation flowchart of step S120 in the data voucher authorization method according to the embodiment corresponding to Fig. 2.
图5是根据图2对应实施例示出的数据凭证授权方法中步骤S130的一种具体实现流程图。Fig. 5 is a specific implementation flow chart of step S130 in the data voucher authorization method according to the embodiment corresponding to Fig. 2.
图6是根据图2对应实施例示出的数据凭证授权方法中步骤S130的另一种具体实现流程图。FIG. 6 is another specific implementation flowchart of step S130 in the data voucher authorization method according to the embodiment corresponding to FIG. 2.
图7是根据一示例性实施例示出的一种数据凭证授权装置的框图。Fig. 7 is a block diagram showing a data voucher authorization device according to an exemplary embodiment.
图8示意性示出一种用于实现上述数据凭证授权方法的电子设备示例框图。Fig. 8 schematically shows an exemplary block diagram of an electronic device for implementing the above-mentioned data credential authorization method.
图9示意性示出一种用于实现上述数据凭证授权方法的计算机可读存储介质。Fig. 9 schematically shows a computer-readable storage medium for implementing the above-mentioned data credential authorization method.
具体实施方式Detailed ways
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the purpose, technical solutions, and advantages of this application clearer, the following further describes this application in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the application, and are not used to limit the application.
图1为一个实施例中提供的数据凭证授权方法的实施环境图,如图1所示,在该实施环境中,包括计算机设备100、用户终端200以及授权确认服务器300。FIG. 1 is an implementation environment diagram of a data credential authorization method provided in an embodiment. As shown in FIG. 1, the implementation environment includes a computer device 100, a user terminal 200, and an authorization confirmation server 300.
计算机设备100为数据凭证管理设备,例如为数据凭证运维人员使用的电脑、服务器等计算机设备。用户终端200上安装有进行数据凭证授权请求的客户端。用户在通过运行客户端的用户终端200提交数据凭证授权后,计算机设备100根据授权请求,获取用户的人脸图像,进而根据所述人脸图像提取用户的已获取凭证信息,再将用户的已获取凭证信息发送至授权确认服务器300,授权确认服务器300根据已获取凭证信息以及所述用户的获取数据凭证的请求进行授权确认后,将授权确认信息发送至计算机设备100。计算机设备100在收到所述授权确认服务器的授权确认指令后,将所述数据凭证授权给所述用户,并将所述用户的已获取凭证信息更新后与所述用户的人脸图像关联存储。The computer device 100 is a data voucher management device, for example, a computer, a server, and other computer devices used by data voucher operation and maintenance personnel. The user terminal 200 is installed with a client that performs a data credential authorization request. After the user submits the data credential authorization through the user terminal 200 running the client, the computer device 100 obtains the user's face image according to the authorization request, and then extracts the user's obtained credential information based on the face image, and then the user's obtained credential information The credential information is sent to the authorization confirmation server 300, and the authorization confirmation server 300 sends the authorization confirmation information to the computer device 100 after performing authorization confirmation according to the obtained credential information and the user's request for obtaining data credential. After receiving the authorization confirmation instruction from the authorization confirmation server, the computer device 100 authorizes the data voucher to the user, and updates the obtained credential information of the user and stores it in association with the face image of the user .
需要说明的是,授权确认服务器300、用户终端200以及计算机设备100可为智能手机、平板电脑、笔记本电脑、台式计算机等,但并不局限于此。计算机设备100以及用户终端200、授权确认服务器300可以通过蓝牙、USB(Universal Serial Bus,通用串行总线)或者其他通讯连接方式进行连接,本申请在此不做限制。It should be noted that the authorization confirmation server 300, the user terminal 200, and the computer device 100 may be smart phones, tablet computers, notebook computers, desktop computers, etc., but are not limited thereto. The computer device 100, the user terminal 200, and the authorization confirmation server 300 can be connected via Bluetooth, USB (Universal Serial Bus, Universal Serial Bus) or other communication connection methods, which is not limited in this application.
如图2所示,在一个实施例中,提出了一种数据凭证授权方法,所述数据凭证授权方法可以应用于上述的计算机设备100中,具体可以包括以下步骤:As shown in FIG. 2, in an embodiment, a data voucher authorization method is proposed. The data voucher authorization method can be applied to the above-mentioned computer device 100, and specifically may include the following steps:
步骤S110,接收到用户获取数据凭证的请求,获取所述用户的人脸图像,其中所述请求包含有所述用户要获取的数据凭证的凭证信息;Step S110, receiving a request from a user to obtain a data voucher, and obtaining a face image of the user, where the request includes voucher information of the data voucher to be obtained by the user;
在接收到用户获取数据凭证的请求后,首先获取所述用户的人脸图像,其获取方式可以是通过用户终端200的摄像设备进行获取,也可以是通过计算机设备100的摄像设备进行获取。After receiving the user's request for obtaining data credentials, first obtain the user's face image, which may be obtained by the camera device of the user terminal 200 or by the camera device of the computer device 100.
例如,在其中一个实施例中,用户终端200为用户的手机,用户在发送获取数据凭证的请求后,按照其手机屏幕显示的拍摄指引,进行人脸图像的拍摄,然后将拍摄好的人脸图像发送给计算机设备100。其中所述拍摄指引是为了保证所述用户拍摄的图像是用户自己的,而不是随意的拍摄的其他人的人脸,同时也减轻了后续人脸识别过程中图像处理的压力。For example, in one of the embodiments, the user terminal 200 is the user's mobile phone. After the user sends a request for obtaining data credentials, the user follows the shooting guide displayed on the screen of his mobile phone to take a face image, and then captures the captured face The image is sent to the computer device 100. The shooting guide is to ensure that the image captured by the user is the user's own, rather than randomly shooting other people's faces, and also to reduce the pressure of image processing in the subsequent face recognition process.
在另一个实施例中,用户在凭证授予大厅请求获取数据凭证,用户终端200为大厅内供用户进行操作的终端设备,当用户送获取数据凭证的请求后,大厅内的计算机设备100就会自动获取用户的人脸信息。In another embodiment, the user requests to obtain data voucher in the voucher granting hall, and the user terminal 200 is a terminal device in the hall for users to operate. When the user sends a request for data voucher, the computer device 100 in the hall will automatically Get the user's face information.
在获取所述用户的人脸图像后,由于人脸的唯一性,用户即使拥有多个身份证件或者身份信息,但其人脸只有一张,且在短期内无法以低成本的方式改变,就可以以此为依据确认能否给所述用户授权。After acquiring the face image of the user, due to the uniqueness of the face, even if the user has multiple identification documents or identity information, but his face only has one, and it cannot be changed in a low-cost manner in a short period of time. It can be used as a basis to confirm whether the user can be authorized.
而所述请求包含有所述用户要获取的数据凭证的凭证信息,所述用户要获取的数据凭证的凭证信息可以包括所述要获取凭证的过期时间、特征标识以及所述用户要获取的数量等,以便在后续步骤中进行对比。The request includes the credential information of the data voucher to be obtained by the user, and the credential information of the data voucher to be obtained by the user may include the expiration time of the voucher to be obtained, the characteristic identifier, and the quantity to be obtained by the user. And so on in order to compare in subsequent steps.
步骤S120,根据所述用户的人脸图像,查询与所述用户的人脸图像关联的已获取凭证信息,其中所述已获取凭证信息包括所述用户历史上已获取的数据凭证的数量和所述已获取数据凭证的过期时间;Step S120: According to the face image of the user, query the acquired credential information associated with the face image of the user, where the acquired credential information includes the number of data vouchers acquired in the user history and all State the expiration time of the obtained data certificate;
在获取所述用户的人脸图像后,就可以进行人脸识别,查询与所述用户的人脸信息关联的已获取凭证信息,所述已获取凭证信息为所述用户之前已经获取过的数据凭证的凭证信息,所述已获取凭证信息也可以包括所述已获取凭证的过期时间、特征标识以及所述用户已获取的数量等。After acquiring the face image of the user, face recognition can be performed, and the acquired credential information associated with the face information of the user can be queried, and the acquired credential information is data that the user has acquired before The voucher information of the voucher, the obtained voucher information may also include the expiration time of the obtained voucher, the characteristic identifier, and the number obtained by the user.
步骤S130,发送所述与所述用户的人脸信息关联的已获取凭证信息以及所述用户的获取数据凭证的请求至授权确认服务器,以便授权确认服务器根据已获取凭证信息以及所述用户的获取数据凭证的请求进行授权确认;Step S130: Send the obtained credential information associated with the user’s face information and the user’s request for obtaining data credential to the authorization confirmation server, so that the authorization confirmation server is based on the obtained credential information and the user’s acquisition. Data certificate request for authorization confirmation;
查询与所述用户的人脸信息关联的已获取凭证信息后,就可以将所述用户的获取数据凭证的请求以及与所述用户的人脸信息关联的已获取凭证信息发送至授权确认服务器300,由授权确认服务器300进行授权确认。After querying the acquired credential information associated with the user's face information, the user's request for data credential acquisition and the acquired credential information associated with the user's face information can be sent to the authorization confirmation server 300 , The authorization confirmation server 300 performs authorization confirmation.
例如在一个实施例中,所述授权确认服务器300为所述授权管理员使用的服务器,在授权确认服务器300接收到所述用户的获取数据凭证的请求以及与所述用户的人脸信息关联的已获取凭证信息后,所述授权管理员根据授权确认服务器300所接收的信息,对所述请求进行授权确认,若所述用户已获取的数据凭证中,过期时间与本次要获取的数据凭证的过期时间相同或者相近的数据凭证的数量大于预定数量时,就可以拒绝对所述用户授权,若其未达到所述预定的数量,则对其进行授权。所述预定数量可以是1、2、5、9等,根据所述数据凭证的用途和发放数量确定,本申请在此不做限定。For example, in one embodiment, the authorization confirmation server 300 is a server used by the authorized administrator, and the authorization confirmation server 300 receives the user's request for obtaining data credentials and the information associated with the user's face information. After obtaining the credential information, the authorized administrator confirms the authorization of the request according to the information received by the authorization confirmation server 300. If the data credential that the user has obtained, the expiration time and the data credential to be obtained this time When the number of data vouchers with the same or similar expiration time is greater than the predetermined number, the user can be denied authorization, and if it does not reach the predetermined number, the user can be authorized. The predetermined number may be 1, 2, 5, 9, etc., and is determined according to the purpose and the issued amount of the data voucher, which is not limited in this application.
在另一个实施例中,在授权确认服务器300接收到所述用户的获取数据凭证的请求以及与所述用户的人脸信息关联的已获取凭证信息后,根据其所接收的信息,对所述请求进行授权确认。其确认方式为,若所述用户已获取的数据凭证中,过期时间与本次要获取的数据凭证的过期时间相同或者相近的数据凭证的数量大于预定数量时,就可以拒绝对所述用户授权,若其未达到所述预定的数量,则对其进行授权。所述预定数量可以是一个固定的值,也可以根据公式确定,本申请在此不做限定。例如在本实施例中,所述数据凭证为用于获取某种限量资源的一种数据凭证,则所述预定数量的确定公式可以是:In another embodiment, after the authorization confirmation server 300 receives the user’s request for data credential acquisition and the acquired credential information associated with the user’s face information, the authorization confirm Request authorization confirmation. The confirmation method is that if the number of data vouchers with the same or similar expiration time as the expiration time of the data vouchers to be obtained this time is greater than a predetermined number among the data vouchers that the user has obtained, the user can be denied authorization , If it does not reach the predetermined number, it will be authorized. The predetermined number may be a fixed value, or may be determined according to a formula, which is not limited in this application. For example, in this embodiment, the data voucher is a data voucher used to obtain a certain limited resource, and the formula for determining the predetermined number may be:
Figure PCTCN2020087474-appb-000001
Figure PCTCN2020087474-appb-000001
其中,n为所述预定数量,W为所述数据凭证预发放的数量,i为所述数据凭证预定发放 的最小人数,j为所述限量资源的热度指数,例如为所述限量资源预发放前的浏览量,或调研时对所述限量资源感兴趣的用户的百分比。所述W、i、j的值均在开始授权之前就部署在授权确认服务器300中。Wherein, n is the predetermined number, W is the pre-issued number of the data vouchers, i is the minimum number of people scheduled to issue the data vouchers, and j is the popularity index of the limited resource, for example, the limited resource is pre-issued The previous pageviews, or the percentage of users who are interested in the limited resources during the survey. The values of W, i, and j are all deployed in the authorization confirmation server 300 before authorization is started.
若上述公式计算出的n值不小于1,则设定所述预定数量为计算出的n的值,若n值小于1,则设定所述预定数量为1。If the value of n calculated by the above formula is not less than 1, then set the predetermined number to the calculated value of n; if the value of n is less than 1, set the predetermined number to 1.
步骤S140,若接收所述授权确认服务器的授权确认指令,将所述数据凭证授权给所述用户,并将所述用户的已获取凭证信息更新后与所述用户的人脸图像关联存储。Step S140: If the authorization confirmation instruction from the authorization confirmation server is received, the data voucher is authorized to the user, and the acquired credential information of the user is updated and stored in association with the face image of the user.
在经过授权确认服务器300授权确认后就可以将所述数据凭证授权给所述用户,在授权之后,就可以更新所述用户的已获取凭证信息,然后将更新后的信息与所述用户的人脸图像关联存储,以便下次使用。The data voucher can be authorized to the user after authorization confirmation by the authorization confirmation server 300. After authorization, the obtained credential information of the user can be updated, and the updated information can be compared with the user’s personal information. The face image is stored in association for the next use.
对于本方法,在本申请的其中一个实施例中,所述数据凭证为一种电子门票,在本实施例中,本申请的技术方案可以有效防止票贩抢票圈票的方法多是通过实名认证,因为在现有技术中,防止票贩抢票圈票的方法多是通过实名认证,对于这种方法,票贩可以通过多个证件进行购买的手段,同样可以获取大量票券,还有一种方法为限制单次购买的票数,对于这种方法,票贩可以通过少量多次购买的手段达到目的。For this method, in one of the embodiments of this application, the data voucher is an electronic ticket. In this embodiment, the technical solution of this application can effectively prevent ticket sellers from robbing tickets. Authentication, because in the prior art, most of the methods to prevent ticket sellers from grabbing tickets are through real-name authentication. For this method, ticket sellers can purchase through multiple certificates, and can also obtain a large number of tickets. One method is to limit the number of tickets purchased at a time. For this method, ticket sellers can achieve their goals by purchasing a small number of times.
故本申请通过人脸识别这一认证具有唯一身份标识作用的生物信息的方法,来进行票券的销售,达到预防票贩倒卖票券的现象,其具体原理为,将所述用户的人脸信息与其购票信息进行绑定,所述购票信息包括购票的场次、数量和开始时间。在用户购票的时候,显示所述用户已购买的与所述票券场次相同的票券的数量,若所述用户已购买相同场次票券的数量或者同一开始时间的票券的数量加上本次购买的数量过多,就可以拒绝其购买过多的票券,从而达到防止倒买倒卖的作用。本申请由于人脸的唯一性,票贩无法通过使用不同人的多个证件达到获取大量票券的目的,可以有效防范票贩对市场的扰乱,让消费者公平获取票券,使得消费者对售票平台更为信任。Therefore, this application uses face recognition, a method of authenticating biological information with a unique identification function, to sell tickets, so as to prevent ticket sellers from selling tickets. The specific principle is that the user’s face The information is bound to its ticket purchase information, and the ticket purchase information includes the number of tickets purchased, and the start time. When a user purchases a ticket, the number of tickets that the user has purchased for the same session as the ticket is displayed. If the user has purchased the number of tickets for the same session or the number of tickets at the same start time plus If the quantity purchased this time is too large, it can be refused to buy too many tickets, thus achieving the effect of preventing reverse buying and selling. Due to the uniqueness of the face of this application, the ticket sellers cannot achieve the purpose of obtaining a large number of tickets by using multiple certificates of different people. This can effectively prevent the ticket sellers from disrupting the market, allowing consumers to obtain tickets fairly, and making consumers The ticketing platform is more trusted.
可选的,图3是根据图2对应实施例示出的数据凭证授权方法中步骤S120的细节描述,所述数据凭证授权方法中,步骤S120可以包括以下步骤:Optionally, FIG. 3 is a detailed description of step S120 in the data voucher authorization method according to the embodiment corresponding to FIG. 2. In the data voucher authorization method, step S120 may include the following steps:
步骤S121,将所述用户的人脸图像处理为预设尺寸;Step S121, processing the user's face image into a preset size;
由于在获取所述用户的人脸图像时,使用的设备可能不一样,这时在对所述用户的人脸图像进行识别时,为方便识别,需要对所述用户的图像进行预处理,即将所述用户的人脸图像除人脸部分的背景裁剪掉后,在将裁剪后的图片转化为预定的尺寸和预定的像素,例如在一个实施例中,所述预定是尺寸为4.8cm乘3.3cm,所述预定的像素为600ppi。Since the device used may be different when acquiring the face image of the user, when recognizing the face image of the user, in order to facilitate the recognition, it is necessary to preprocess the image of the user, namely After the user’s face image is cropped except for the background of the face portion, the cropped image is converted into a predetermined size and predetermined pixels. For example, in one embodiment, the predetermined size is 4.8 cm by 3.3. cm, the predetermined pixel is 600 ppi.
步骤S123,扫描预设尺寸的所述用户的人脸图像,提取所述用户的人脸特征,组成人脸特征向量,其中所述人脸特征包括人脸的长度、宽度、鼻子的长度或者宽度、嘴唇的长度或者宽度、人脸的肤色中的至少一种。Step S123: Scan the user's face image of a preset size, extract the user's facial features, and form a facial feature vector, where the facial features include the length, width, and length or width of the face , At least one of the length or width of the lips, and the skin color of the face.
在其中一个实施例中,所述人脸特征包括人脸的长度以及宽度、鼻子到嘴唇的距离、眼睛到鼻子的距离、人脸的瞳距以及人脸的肤色,其组成的特征向量为In one of the embodiments, the facial features include the length and width of the human face, the distance from the nose to the lips, the distance from the eyes to the nose, the interpupillary distance of the human face, and the skin color of the human face, and the feature vector is composed of
Figure PCTCN2020087474-appb-000002
Figure PCTCN2020087474-appb-000002
其中c、w、l nl、l ne、d以及r、g、b分别代表人脸的长度以及宽度、鼻子到嘴唇的距离、眼睛到鼻子的距离、人脸的瞳距以及人脸的肤色。 Wherein c, w, l nl , l ne , d and r, g, b respectively represent the length and width of the face, the distance from the nose to the lips, the distance from the eyes to the nose, the interpupillary distance of the face, and the skin color of the face.
步骤S125,将所述用户的人脸特征向量输入第一机器学习模型,所述第一机器学习模型输出所述用户的身份。Step S125: Input the face feature vector of the user into a first machine learning model, and the first machine learning model outputs the identity of the user.
在获取特征向量
Figure PCTCN2020087474-appb-000003
后,就可以将特征向量
Figure PCTCN2020087474-appb-000004
输入机器学习模型,机器学习模型通过逐一对比特征向量
Figure PCTCN2020087474-appb-000005
中的每一个值,找出用户身份中与这些特征值均符合的,作为所述用户的身份。 Feature vector
Figure PCTCN2020087474-appb-000003
After that, the feature vector
Figure PCTCN2020087474-appb-000004
Input the machine learning model, and the machine learning model compares the feature vectors one by one
Figure PCTCN2020087474-appb-000005
For each value in the identities of the user, those that are consistent with these characteristic values are found as the identity of the user.
步骤S127,根据所述用户的身份,查询与所述用户的身份关联的已获取凭证信息。Step S127, according to the user's identity, query the acquired credential information associated with the user's identity.
在取得所述用户的身份后,就可以查询与所述用户身份关联的已获取凭证信息。After the user's identity is obtained, the obtained credential information associated with the user's identity can be queried.
其中,所述第一机器学习模型如下训练出:Wherein, the first machine learning model is trained as follows:
获取人脸图像样本集合,人脸图像样本集合中的每个人脸图像样本事先贴有用户身份标签,Obtain a face image sample set, and each face image sample in the face image sample set has a user identity label attached in advance,
从人脸图像样本集合中的每个人脸图像样本识别人脸的人脸特征,组成人脸特征向量;Recognize the facial features of the face from each face image sample in the face image sample set to form a face feature vector;
将所述人脸图像样本的人脸特征向量逐一输入第一机器学习模型,第一机器学习模型输出判定的用户身份,与贴有的用户身份比对,如不一致,则调整所述第一机器学习模型,使所述第一机器学习模型输出的用户身份与标签一致。The face feature vectors of the face image samples are input into the first machine learning model one by one. The first machine learning model outputs the determined user identity and compares it with the posted user identity. If it is inconsistent, adjust the first machine The learning model makes the user identity output by the first machine learning model consistent with the label.
由于所述样本上已经贴有身份标签,所以所述人脸图像的身份是已知的。将该已知的结果作为期望的输出,训练该机器学习模型。学习的方式为:在外界输入样本的刺激下不断改变网络的连接权值。学习的本质是对各连接权重进行动态调整。由于期望的输出是已知的,如果机器学习模型输出的结果与该期望的输出不符,就自动调整各连接权重,直到得到的输出结果和期望的输出一致。这样,就训练好了第一机器学习模型。当第一机器学习模型训练得足够好后,只要将从所述用户的人脸图像中提取的特征向量一组一组输入第一机器学习模型,第一机器学习模型就会所述人脸图像的身份。Since the identity tag has been affixed to the sample, the identity of the face image is known. Use the known result as the desired output to train the machine learning model. The learning method is: constantly changing the connection weight of the network under the stimulation of the external input sample. The essence of learning is to dynamically adjust the weight of each connection. Since the expected output is known, if the output of the machine learning model does not match the expected output, the weight of each connection is automatically adjusted until the output obtained is consistent with the expected output. In this way, the first machine learning model is trained. When the first machine learning model is well trained, as long as the feature vectors extracted from the user's face image are input into the first machine learning model in a group, the first machine learning model will be the face image identity of.
可选的,图4是根据图2对应实施例示出的数据凭证授权方法中步骤S120的细节描述,所述数据凭证授权方法中,步骤S120可以包括以下步骤:Optionally, FIG. 4 is a detailed description of step S120 in the data voucher authorization method according to the embodiment corresponding to FIG. 2. In the data voucher authorization method, step S120 may include the following steps:
步骤S122,分别扫描所述用户的人脸图像和所存储的用户人脸图像,获取所述用户的人脸图像的人脸特征与所存储的用户人脸图像的人脸特征。Step S122: Scan the face image of the user and the stored face image of the user respectively, and obtain the face features of the face image of the user and the face features of the stored face image of the user.
其中,所述用户的人脸图像具体是指请求获取数据凭证的用户的人脸图像。也就是分别扫描当前请求获取数据凭证的用户的人脸图像和已经存储的用户人脸图像。Wherein, the face image of the user specifically refers to the face image of the user who requests to obtain data credentials. That is, the face image of the user who is currently requesting to obtain data credentials and the face image of the user who have been stored are scanned separately.
在其中一个实施例中,所述人脸特征包括所述人脸图像中人脸的长度和宽度以及五官的长度和宽度。In one of the embodiments, the face feature includes the length and width of the face and the length and width of the facial features in the face image.
步骤S124,将所述用户的人脸图像的人脸特征与所存储的用户人脸图像的人脸特征一起输入第二机器学习模型,所述第二机器学习模型输出所述用户的人脸图像与所存储的用户人脸图像是否相同的结果。Step S124: The facial features of the user's facial image and the stored facial features of the user's facial image are input into a second machine learning model together, and the second machine learning model outputs the user's facial image The result is the same as the stored user's face image.
在获取人脸特征后,所述机器学习模型逐一对比所述两组人脸特征,得出两组人脸特征中每一项人脸特征的差值,然后求出所述差值的平均值以及方差,然后带入公式f(x)中,所述公式f(x)的表达式为After acquiring the facial features, the machine learning model compares the two sets of facial features one by one, and obtains the difference between each of the two sets of facial features, and then calculates the average of the differences And the variance, and then put it into the formula f(x), the expression of the formula f(x) is
Figure PCTCN2020087474-appb-000006
Figure PCTCN2020087474-appb-000006
其中,
Figure PCTCN2020087474-appb-000007
和S分别代表所述差值的平均值以及方差。 among them,
Figure PCTCN2020087474-appb-000007
And S represent the average and variance of the difference, respectively.
然后,对f(x)求积分,公式为:Then, integrate f(x), the formula is:
Figure PCTCN2020087474-appb-000008
Figure PCTCN2020087474-appb-000008
最后判断求得的F的值是否超过0.618,若超过0.618,则机器学习模型可以判断所述两个人脸图像相似。Finally, it is judged whether the obtained value of F exceeds 0.618. If it exceeds 0.618, the machine learning model can judge that the two face images are similar.
步骤S126,若所述用户的人脸图像与所存储的用户人脸图像相同,调取与所述人脸图像相关联的已获取凭证信息。Step S126: If the face image of the user is the same as the stored face image of the user, retrieve the acquired credential information associated with the face image.
如果判断出所述用户的人脸图像与所存储的用户人脸图像相同,就可以调取与所述人脸 图像相关联的已获取凭证信息,进行后续处理,如果判断出所述用户的人脸图像与所存储的所有人脸图像不相同,则设定与所述人脸图像相关联的已获取凭证信息均为0,并进行下一步操作。If it is determined that the face image of the user is the same as the stored face image of the user, the acquired credential information associated with the face image can be retrieved for subsequent processing. If the person of the user is determined If the face image is not the same as the stored all face images, set the acquired credential information associated with the face image to be 0, and proceed to the next step.
其中,所述第二机器学习模型如下训练出:Wherein, the second machine learning model is trained as follows:
用两张同一人的不同时间拍摄的人脸照片作为正样本对,两张不同人的人脸照片作为负样本对,所述正样本对和所述负样本对构成样本对集;Using two face photos of the same person taken at different times as a positive sample pair, and two face photos of different people as a negative sample pair, the positive sample pair and the negative sample pair constitute a sample pair set;
分别识别样本对集中的每个样本对的两张人脸照片中人脸的人脸特征,分别组成人脸特征向量;Recognize the facial features of the two faces in the two face photos of each sample pair in the sample pair set, respectively, to form a face feature vector;
将所述样本对集中的每一个样本对中的两个的人脸特征向量逐一输入第二机器学习模型中进行学习,如果对于正样本对所述第二机器学习模型输出不相同的判断结果,或对于负样本对所述第二机器学习模型输出相同的判断结果,调整所述第二机器学习模型,使所述第二机器学习模型输出相反判断结果。The face feature vectors of two of each sample pair in the sample pair set are input into the second machine learning model one by one for learning. If a positive sample outputs a different judgment result to the second machine learning model, Or, for negative samples, the same judgment result is output to the second machine learning model, and the second machine learning model is adjusted so that the second machine learning model outputs the opposite judgment result.
由于已知该样本是正样本还是负样本,所以是否带有符合该格式规则的数据是已知的。将该已知的结果作为期望的输出,训练该机器学习模型。学习的方式为:在外界输入样本的刺激下不断改变网络的连接权值。学习的本质是对各连接权重进行动态调整。由于期望的输出是已知的,如果机器学习模型输出的结果与该期望的输出不符,就自动调整各连接权重,直到得到的输出结果和期望的输出一致。这样,就训练好了第一机器学习模型。当第二机器学习模型训练得足够好后,只要将从人脸照片中提取的两组人脸特征一组一组输入第二机器学习模型,第二机器学习模型就会输出所述用户的人脸图像与所存储的用户人脸图像是否相同的结果。Since it is known whether the sample is a positive sample or a negative sample, it is known whether it contains data that conforms to the format rule. Use the known result as the desired output to train the machine learning model. The learning method is: constantly changing the connection weight of the network under the stimulation of the external input sample. The essence of learning is to dynamically adjust the weight of each connection. Since the expected output is known, if the output of the machine learning model does not match the expected output, the weight of each connection is automatically adjusted until the output obtained is consistent with the expected output. In this way, the first machine learning model is trained. When the second machine learning model is well trained, as long as the two sets of facial features extracted from the face photos are input into the second machine learning model, the second machine learning model will output the user’s person The result of whether the face image is the same as the stored user face image.
可选的,图5是根据图2对应实施例示出的数据凭证授权方法中步骤S130的细节描述,所述数据凭证授权方法中,所述已获取凭证信息包括所述用户已获取的数据凭证的数量和所述已获取数据凭证的过期时间,步骤S130可以包括以下步骤:Optionally, FIG. 5 is a detailed description of step S130 in the data voucher authorization method according to the embodiment corresponding to FIG. 2. In the data voucher authorization method, the obtained voucher information includes information about the data voucher obtained by the user. The quantity and the expiration time of the acquired data voucher, step S130 may include the following steps:
步骤S131,根据与所述用户的人脸信息关联的已获取凭证信息,判断所述用户已获取的与所述用户请求的数据凭证有效时间相同的数据凭证数量是否超过告警阈值;Step S131, judging whether the number of data vouchers with the same valid time as the data vouchers requested by the user that the user has obtained exceeds an alarm threshold according to the acquired credential information associated with the user's face information;
步骤S132,若超过告警阈值,发送所述与所述用户的人脸信息关联的已获取凭证信息、所述用户的获取数据凭证的请求以及告警信息至授权确认服务器,以便授权确认服务器拒绝对所述用户授权。Step S132: If the alarm threshold is exceeded, send the acquired credential information associated with the user's face information, the user's request for data credential acquisition, and the alarm information to the authorization confirmation server, so that the authorization confirmation server refuses to contact the user. The user authorization.
其中所述告警阈值可以是1,2,6等,根据所述数据凭证的特点设置,也可以根据公式计算出来。The alarm threshold may be 1, 2, 6, etc., set according to the characteristics of the data voucher, or calculated according to a formula.
在本申请的一个实施例中,所述警告阈值的确定公式可以是:In an embodiment of the present application, the formula for determining the warning threshold may be:
Figure PCTCN2020087474-appb-000009
Figure PCTCN2020087474-appb-000009
其中,n为所述警告阈值参考值,若n大于1则设定所述警告阈值为n,若n小于1则设定所述警告阈值为1,W为所述数据凭证预发放的数量,i为所述数据凭证预定发放的最小人数,j为所述数据凭证的热度指数。所述W、i、j的值均在开始授权之前就部署在授权确认服务器300中。Where n is the warning threshold reference value, if n is greater than 1, the warning threshold is set to n, if n is less than 1, the warning threshold is set to 1, and W is the number of pre-issued data vouchers, i is the minimum number of people scheduled to issue the data voucher, and j is the popularity index of the data voucher. The values of W, i, and j are all deployed in the authorization confirmation server 300 before authorization is started.
在本申请的一个实施例中,所述授权确认服务器300为所述授权管理员使用的服务器。首先计算机设备判断所述用户已获取的与所述用户请求的数据凭证有效时间相同的数据凭证数量是否超过告警阈值,若超过告警阈值,发送所述与所述用户的人脸信息关联的已获取凭证信息、所述用户的获取数据凭证的请求以及告警信息至授权确认服务器,若未超过告警阈值,则不发送告警信息至授权确认服务器300。In an embodiment of the present application, the authorization confirmation server 300 is a server used by the authorized administrator. First, the computer device determines whether the number of data vouchers that have the same validity time as the data vouchers requested by the user exceeds the alarm threshold, and if it exceeds the alarm threshold, sends the acquired information associated with the user's face information The credential information, the user's request for obtaining data credential, and the alarm information are sent to the authorization confirmation server. If the alarm threshold is not exceeded, the alarm information is not sent to the authorization confirmation server 300.
在授权确认服务器300接收到所述用户的获取数据凭证的请求、与所述用户的人脸信息关联的已获取凭证信息以及告警信息后,所述授权管理员根据授权确认服务器300所接收的信息,进行风险评估,将告警信息作为拒绝对所述用户授权的依据。After the authorization confirmation server 300 receives the user's request for obtaining data credentials, the obtained credentials information associated with the user's face information, and the alarm information, the authorized administrator confirms the information received by the server 300 according to the authorization , Carry out a risk assessment, and use the warning information as a basis for denying authorization to the user.
可选的,图6是根据图2对应实施例示出的数据凭证授权方法中步骤S130的细节描述,所述数据凭证授权方法中,所述已获取凭证信息包括所述用户已获取的数据凭证的数量和所述已获取数据凭证的过期时间,步骤S130可以包括以下步骤:Optionally, FIG. 6 is a detailed description of step S130 in the data voucher authorization method according to the embodiment corresponding to FIG. 2. In the data voucher authorization method, the obtained voucher information includes information about the data voucher obtained by the user. The quantity and the expiration time of the acquired data voucher, step S130 may include the following steps:
步骤S131,根据所述与所述用户的人脸信息关联的已获取凭证信息,判断所述用户已获取的与所述用户请求的数据凭证有效时间相同的数据凭证数量是否超过告警阈值;Step S131: According to the acquired credential information associated with the face information of the user, determine whether the number of data credential that the user has acquired with the same valid time as the data credential requested by the user exceeds an alarm threshold;
步骤S133,若超过告警阈值,发送所述与所述用户的人脸信息关联的已获取凭证信息、所述用户的获取数据凭证的请求以及禁止授权指令至授权确认服务器,以禁止授权确认服务器对所述用户授权。Step S133: If the alarm threshold is exceeded, send the acquired credential information associated with the user's face information, the user's request for data credential acquisition, and the authorization prohibition instruction to the authorization confirmation server to prohibit the authorization confirmation server from pairing The user authorization.
为了防止授权确认服务器300被破解操控,在本申请的一个实施例中,通过在计算机设备100先判断所述用户已获取的与所述用户请求的数据凭证有效时间相同的数据凭证数量是否超过告警阈值,若超过告警阈值,就发送禁止授权指令至授权确认服务器300,禁止授权确认服务器300对所述用户授权,这样就保证了,即使授权确认服务器被操控,所述用户也无法得到授权。In order to prevent the authorization confirmation server 300 from being cracked and manipulated, in one embodiment of the present application, the computer device 100 first determines whether the number of data vouchers that have been obtained by the user and the valid time of the data vouchers requested by the user exceeds the alarm If the threshold exceeds the alarm threshold, an authorization prohibition instruction is sent to the authorization confirmation server 300 to prohibit the authorization confirmation server 300 from authorizing the user. This ensures that even if the authorization confirmation server is manipulated, the user cannot be authorized.
与如图2示出的其中一个实施例一样,本申请的一个实施例中,所述数据凭证为一种电子门票,在本实施例中主要是通过设立警告阈值的方法来加大对票贩的防范力度,所述告警阈值可以根据票券的热门程度来设置,对于热门票券,可以设立一个较低的告警阈值,例如是5张、3张或者2张,对于特别热门的票券,甚至可以设置为1张,而对于相对冷门的票券,可以设置为例如是6张、8张或者9张等相对较高的阈值,以达到调控的目的。As with one of the embodiments shown in FIG. 2, in an embodiment of the application, the data voucher is an electronic ticket. In this embodiment, the method of setting a warning threshold is mainly used to increase the matching of ticket sellers. The alarm threshold can be set according to the popularity of the ticket. For hot tickets, a lower alarm threshold can be set, for example, 5, 3, or 2 tickets. For particularly popular tickets, It can even be set to one, and for relatively unpopular tickets, it can be set to a relatively high threshold such as 6, 8, or 9 to achieve the purpose of regulation.
如图7所示,在一个实施例中,提供了一种数据凭证授权装置,该数据凭证授权装置可以集成于上述的计算机设备100中,具体可以包括人脸图像获取单元110、凭证信息查询单元120、授权信息确认单元130、数据凭证授权单元140。As shown in FIG. 7, in one embodiment, a data voucher authorization device is provided. The data voucher authorization device may be integrated in the above-mentioned computer equipment 100, and may specifically include a face image acquisition unit 110 and a voucher information query unit. 120. Authorization information confirmation unit 130 and data credential authorization unit 140.
人脸图像获取单元110,用于接收到用户获取数据凭证的请求,获取所述用户的人脸图像;The face image obtaining unit 110 is configured to receive a user's request for obtaining data credentials, and obtain a face image of the user;
凭证信息查询单元120,用于根据所述用户的人脸图像,查询与所述用户的人脸信息关联的已获取凭证信息,其中所述已获取凭证信息包括所述用户已获取的数据凭证的数量和所述已获取数据凭证的过期时间;The credential information query unit 120 is configured to query the acquired credential information associated with the face information of the user according to the face image of the user, wherein the acquired credential information includes the data vouchers that the user has acquired The quantity and the expiration time of the obtained data certificate;
授权信息确认单元130,用于发送所述与所述用户的人脸信息关联的已获取凭证信息至授权确认服务器,以便授权确认服务器进行授权确认;The authorization information confirmation unit 130 is configured to send the obtained credential information associated with the user's face information to the authorization confirmation server, so that the authorization confirmation server can perform authorization confirmation;
数据凭证授权单元140,用于接收所述授权确认服务器的授权确认指令,将所述数据凭证授权给所述用户,并将所述用户的已获取凭证信息更新后与所述用户的人脸图像关联存储。The data voucher authorization unit 140 is configured to receive an authorization confirmation instruction from the authorization confirmation server, authorize the data voucher to the user, and update the user's acquired credential information with the user's face image Associated storage.
上述装置中各个模块的功能和作用的实现过程具体详见上述数据凭证授权方法中对应步骤的实现过程,在此不再赘述。For the implementation process of the functions and roles of each module in the above-mentioned device, refer to the implementation process of the corresponding steps in the above-mentioned data credential authorization method for details, which will not be repeated here.
应当注意,尽管在上文详细描述中提及了用于动作执行的设备的若干模块或者单元,但是这种划分并非强制性的。实际上,根据本公开的实施方式,上文描述的两个或更多模块或者单元的特征和功能可以在一个模块或者单元中具体化。反之,上文描述的一个模块或者单元的特征和功能可以进一步划分为由多个模块或者单元来具体化。It should be noted that although several modules or units of the device for action execution are mentioned in the above detailed description, this division is not mandatory. In fact, according to the embodiments of the present disclosure, the features and functions of two or more modules or units described above may be embodied in one module or unit. Conversely, the features and functions of a module or unit described above can be further divided into multiple modules or units to be embodied.
此外,尽管在附图中以特定顺序描述了本公开中方法的各个步骤,但是,这并非要求或者暗示必须按照该特定顺序来执行这些步骤,或是必须执行全部所示的步骤才能实现期望的结果。附加的或备选的,可以省略某些步骤,将多个步骤合并为一个步骤执行,以及/或者将一个步骤分解为多个步骤执行等。In addition, although the various steps of the method of the present disclosure are described in a specific order in the drawings, this does not require or imply that these steps must be performed in the specific order, or that all the steps shown must be performed to achieve the desired result. Additionally or alternatively, some steps may be omitted, multiple steps may be combined into one step for execution, and/or one step may be decomposed into multiple steps for execution, etc.
通过以上的实施方式的描述,本领域的技术人员易于理解,这里描述的示例实施方式可以通过软件实现,也可以通过软件结合必要的硬件的方式来实现。因此,根据本公开实施方式的技术方案可以以软件产品的形式体现出来,该软件产品可以存储在一个非易失性存储介质(可以是CD-ROM,U盘,移动硬盘等)中或网络上,包括若干指令以使得一台计算设备(可以是个人计算机、服务器、移动终端、或者网络设备等)执行根据本公开实施方式的方法。Through the description of the above embodiments, those skilled in the art can easily understand that the example embodiments described here can be implemented by software, or can be implemented by combining software with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (can be a CD-ROM, U disk, mobile hard disk, etc.) or on the network , Including several instructions to make a computing device (which can be a personal computer, a server, a mobile terminal, or a network device, etc.) execute the method according to the embodiments of the present disclosure.
在本公开的示例性实施例中,还提供了一种能够实现上述方法的电子设备。In an exemplary embodiment of the present disclosure, an electronic device capable of implementing the above method is also provided.
所属技术领域的技术人员能够理解,本申请的各个方面可以实现为系统、方法或程序产品。因此,本申请的各个方面可以具体实现为以下形式,即:完全的硬件实施方式、完全的软件实施方式(包括固件、微代码等),或硬件和软件方面结合的实施方式,这里可以统称为“电路”、“模块”或“系统”。Those skilled in the art can understand that various aspects of the present application can be implemented as a system, method, or program product. Therefore, each aspect of the present application can be specifically implemented in the following forms, namely: complete hardware implementation, complete software implementation (including firmware, microcode, etc.), or a combination of hardware and software implementations, which can be collectively referred to herein as "Circuit", "Module" or "System".
下面参照图8来描述根据本申请的这种实施方式的电子设备500。图8显示的电子设备500仅仅是一个示例,不应对本申请实施例的功能和使用范围带来任何限制。The electronic device 500 according to this embodiment of the present application will be described below with reference to FIG. 8. The electronic device 500 shown in FIG. 8 is only an example, and should not bring any limitation to the functions and scope of use of the embodiments of the present application.
如图8所示,电子设备500以通用计算设备的形式表现。电子设备500的组件可以包括但不限于:上述至少一个处理单元510、上述至少一个存储单元520、连接不同系统组件(包括存储单元520和处理单元510)的总线530。As shown in FIG. 8, the electronic device 500 is represented in the form of a general-purpose computing device. The components of the electronic device 500 may include, but are not limited to: the aforementioned at least one processing unit 510, the aforementioned at least one storage unit 520, and a bus 530 connecting different system components (including the storage unit 520 and the processing unit 510).
其中,所述存储单元存储有程序代码,所述程序代码可以被所述处理单元510执行,使得所述处理单元510执行本说明书上述“示例性方法”部分中描述的根据本申请各种示例性实施方式的步骤。例如,所述处理单元510可以执行如图2中所示的步骤S110,接收到用户获取数据凭证的请求,获取所述用户的人脸图像,其中所述请求包含有所述用户要获取的数据凭证的凭证信息;步骤S120,根据所述用户的人脸图像,查询与所述用户的人脸信息关联的已获取凭证信息;步骤S130,发送所述与所述用户的人脸信息关联的已获取凭证信息以及所述用户的获取数据凭证的请求至授权确认服务器,以便授权确认服务器根据已获取凭证信息以及所述用户的获取数据凭证的请求进行授权确认;步骤S140,接收所述授权确认服务器的授权确认指令,将所述数据凭证授权给所述用户,并将所述用户的已获取凭证信息更新后与所述用户的人脸图像关联存储。Wherein, the storage unit stores program code, and the program code can be executed by the processing unit 510, so that the processing unit 510 executes the various exemplary methods described in the “exemplary method” section of this specification. Implementation steps. For example, the processing unit 510 may perform step S110 as shown in FIG. 2 to receive a request from a user to obtain a data voucher, and obtain a face image of the user, wherein the request includes the data to be obtained by the user. The credential information of the credential; step S120, query the acquired credential information associated with the user’s face information according to the user’s face image; step S130, send the credential information associated with the user’s face information Obtain credential information and the user's request for obtaining data credentials to the authorization confirmation server, so that the authorization confirmation server performs authorization confirmation according to the obtained credential information and the user's request for obtaining data credentials; step S140, receiving the authorization confirmation server The authorization confirmation instruction is to authorize the data voucher to the user, and update the obtained credential information of the user and store it in association with the face image of the user.
存储单元520可以包括易失性存储单元形式的可读介质,例如随机存取存储单元(RAM)5201和/或高速缓存存储单元5202,还可以进一步包括只读存储单元(ROM)5203。The storage unit 520 may include a readable medium in the form of a volatile storage unit, such as a random access storage unit (RAM) 5201 and/or a cache storage unit 5202, and may further include a read-only storage unit (ROM) 5203.
存储单元520还可以包括具有一组(至少一个)程序模块5205的程序/实用工具5204,这样的程序模块5205包括但不限于:操作系统、一个或者多个应用程序、其它程序模块以及程序数据,这些示例中的每一个或某种组合中可能包括网络环境的实现。The storage unit 520 may also include a program/utility tool 5204 having a set (at least one) program module 5205. Such program module 5205 includes but is not limited to: an operating system, one or more application programs, other program modules, and program data, Each of these examples or some combination may include the implementation of a network environment.
总线530可以为表示几类总线结构中的一种或多种,包括存储单元总线或者存储单元控制器、外围总线、图形加速端口、处理单元或者使用多种总线结构中的任意总线结构的局域总线。The bus 530 may represent one or more of several types of bus structures, including a storage unit bus or a storage unit controller, a peripheral bus, a graphics acceleration port, a processing unit, or a local area using any bus structure among multiple bus structures. bus.
电子设备500也可以与一个或多个外部设备700(例如键盘、指向设备、蓝牙设备等)通信,还可与一个或者多个使得用户能与该电子设备500交互的设备通信,和/或与使得该电子设备500能与一个或多个其它计算设备进行通信的任何设备(例如路由器、调制解调器等等)通信。这种通信可以通过输入/输出(I/O)接口550进行。并且,电子设备500还可以通过网络适配器560与一个或者多个网络(例如局域网(LAN),广域网(WAN)和/或公共网络,例如因特网)通信。如图所示,网络适配器560通过总线530与电子设备500的其它模块通信。应当明白,尽管图中未示出,可以结合电子设备500使用其它硬件和/或软件模块,包括但不限于:微代码、设备驱动器、冗余处理单元、外部磁盘驱动阵列、RAID系统、磁带驱动器以及数据备份存储系统等。The electronic device 500 may also communicate with one or more external devices 700 (such as keyboards, pointing devices, Bluetooth devices, etc.), and may also communicate with one or more devices that enable users to interact with the electronic device 500, and/or communicate with Any device (such as a router, modem, etc.) that enables the electronic device 500 to communicate with one or more other computing devices. This communication can be performed through an input/output (I/O) interface 550. In addition, the electronic device 500 may also communicate with one or more networks (such as a local area network (LAN), a wide area network (WAN), and/or a public network, such as the Internet) through the network adapter 560. As shown in the figure, the network adapter 560 communicates with other modules of the electronic device 500 through the bus 530. It should be understood that although not shown in the figure, other hardware and/or software modules can be used in conjunction with the electronic device 500, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives And data backup storage system, etc.
通过以上的实施方式的描述,本领域的技术人员易于理解,这里描述的示例实施方式可以通过软件实现,也可以通过软件结合必要的硬件的方式来实现。因此,根据本公开实施方式的技术方案可以以软件产品的形式体现出来,该软件产品可以存储在一个非易失性存储介质(可以是CD-ROM,U盘,移动硬盘等)中或网络上,包括若干指令以使得一台计算设备(可以是个人计算机、服务器、终端装置、或者网络设备等)执行根据本公开实施方式的方法。Through the description of the above embodiments, those skilled in the art can easily understand that the example embodiments described here can be implemented by software, or can be implemented by combining software with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (can be a CD-ROM, U disk, mobile hard disk, etc.) or on the network , Including several instructions to make a computing device (which may be a personal computer, server, terminal device, or network device, etc.) execute the method according to the embodiments of the present disclosure.
在本公开的示例性实施例中,还提供了一种计算机可读存储介质,其上存储有能够实现本说明书上述方法的程序产品。该存储介质可以是非易失性的,也可以是易失性的。在一些可能的实施方式中,本申请的各个方面还可以实现为一种程序产品的形式,其包括程序代码,当所述程序产品在终端设备上运行时,所述程序代码用于使所述终端设备执行本说明书上述“示例性方法”部分中描述的根据本申请各种示例性实施方式的步骤。In an exemplary embodiment of the present disclosure, a computer-readable storage medium is also provided, on which a program product capable of implementing the above method of this specification is stored. The storage medium may be non-volatile or volatile. In some possible implementation manners, various aspects of the present application can also be implemented in the form of a program product, which includes program code. When the program product runs on a terminal device, the program code is used to enable the The terminal device executes the steps according to various exemplary implementations of the present application described in the above "Exemplary Method" section of this specification.
参考图9所示,描述了根据本申请的实施方式的用于实现上述方法的程序产品600,其可以采用便携式紧凑盘只读存储器(CD-ROM)并包括程序代码,并可以在终端设备,例如个人电脑上运行。然而,本申请的程序产品不限于此,在本文件中,可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。Referring to FIG. 9, a program product 600 for implementing the above method according to an embodiment of the present application is described. It can adopt a portable compact disk read-only memory (CD-ROM) and include program code, and can be installed in a terminal device, For example, running on a personal computer. However, the program product of this application is not limited to this. In this document, the readable storage medium can be any tangible medium that contains or stores a program, and the program can be used by or combined with an instruction execution system, device, or device.
所述程序产品可以采用一个或多个可读介质的任意组合。可读介质可以是可读信号介质或者可读存储介质。可读存储介质例如可以为但不限于电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。可读存储介质的更具体的例子(非穷举的列表)包括:具有一个或多个导线的电连接、便携式盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。The program product can use any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or any combination of the above. More specific examples (non-exhaustive list) of readable storage media include: electrical connections with one or more wires, portable disks, hard drives, random access memory (RAM), read-only memory (ROM), erasable Type programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
计算机可读信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了可读程序代码。这种传播的数据信号可以采用多种形式,包括但不限于电磁信号、光信号或上述的任意合适的组合。可读信号介质还可以是可读存储介质以外的任何可读介质,该可读介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。The computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, and readable program code is carried therein. This propagated data signal can take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing. The readable signal medium may also be any readable medium other than a readable storage medium, and the readable medium may send, propagate, or transmit a program for use by or in combination with the instruction execution system, apparatus, or device.
可读介质上包含的程序代码可以用任何适当的介质传输,包括但不限于无线、有线、光缆、RF等等,或者上述的任意合适的组合。The program code contained on the readable medium can be transmitted by any suitable medium, including but not limited to wireless, wired, optical cable, RF, etc., or any suitable combination of the foregoing.
可以以一种或多种程序设计语言的任意组合来编写用于执行本申请操作的程序代码,所述程序设计语言包括面向对象的程序设计语言—诸如Java、C++等,还包括常规的过程式程序设计语言—诸如“C”语言或类似的程序设计语言。程序代码可以完全地在用户计算设备上执行、部分地在用户设备上执行、作为一个独立的软件包执行、部分在用户计算设备上部分在远程计算设备上执行、或者完全在远程计算设备或服务器上执行。在涉及远程计算设备的情形中,远程计算设备可以通过任意种类的网络,包括局域网(LAN)或广域网(WAN),连接到用户计算设备,或者,可以连接到外部计算设备(例如利用因特网服务提供商来通过因特网连接)。The program code used to perform the operations of this application can be written in any combination of one or more programming languages. The programming languages include object-oriented programming languages—such as Java, C++, etc., as well as conventional procedural programming languages. Programming language-such as "C" language or similar programming language. The program code can be executed entirely on the user's computing device, partly on the user's device, executed as an independent software package, partly on the user's computing device and partly executed on the remote computing device, or entirely on the remote computing device or server Executed on. In the case of a remote computing device, the remote computing device can be connected to a user computing device through any kind of network, including a local area network (LAN) or a wide area network (WAN), or can be connected to an external computing device (for example, using Internet service providers) Business to connect via the Internet).
此外,上述附图仅是根据本申请示例性实施例的方法所包括的处理的示意性说明,而不是限制目的。易于理解,上述附图所示的处理并不表明或限制这些处理的时间顺序。另外,也易于理解,这些处理可以是例如在多个模块中同步或异步执行的。In addition, the above-mentioned drawings are only schematic illustrations of the processing included in the method according to the exemplary embodiments of the present application, and are not intended for limitation. It is easy to understand that the processing shown in the above drawings does not indicate or limit the time sequence of these processings. In addition, it is easy to understand that these processes can be executed synchronously or asynchronously in multiple modules, for example.
本领域技术人员在考虑说明书及实践这里公开的发明后,将容易想到本公开的其他实施例。本申请旨在涵盖本公开的任何变型、用途或者适应性变化,这些变型、用途或者适应性变化遵循本公开的一般性原理并包括本公开未公开的本技术领域中的公知常识或惯用技术手 段。说明书和实施例仅被视为示例性的,本公开的真正范围和精神由权利要求指出。Those skilled in the art will easily think of other embodiments of the present disclosure after considering the specification and practicing the invention disclosed herein. This application is intended to cover any variations, uses, or adaptive changes of the present disclosure. These variations, uses, or adaptive changes follow the general principles of the present disclosure and include common knowledge or conventional technical means in the technical field not disclosed in the present disclosure. . The description and the embodiments are only regarded as exemplary, and the true scope and spirit of the present disclosure are pointed out by the claims.

Claims (19)

  1. 一种数据凭证授权方法,其中,所述方法包括:A data voucher authorization method, wherein the method includes:
    接收到用户获取数据凭证的请求,获取所述用户的人脸图像,其中所述请求包含有所述用户要获取的数据凭证的凭证信息;Receiving a request from a user to obtain a data voucher, and obtaining a face image of the user, wherein the request includes credential information of the data voucher to be obtained by the user;
    根据所述用户的人脸图像,查询与所述用户的人脸信息关联的已获取凭证信息,其中所述已获取凭证信息包括所述用户历史上已获取的数据凭证的数量和所述已获取数据凭证的过期时间;According to the user’s face image, query the acquired credential information associated with the user’s face information, where the acquired credential information includes the number of data credential acquired in the user’s history and the acquired credential information. The expiration time of the data certificate;
    发送所述与所述用户的人脸信息关联的已获取凭证信息以及所述用户的获取数据凭证的请求至授权确认服务器,以便授权确认服务器根据已获取凭证信息以及所述用户的获取数据凭证的请求进行授权确认;Send the obtained credential information associated with the user's face information and the user's request for obtaining data credential to the authorization confirmation server, so that the authorization confirmation server is based on the obtained credential information and the user's obtaining data credential Request authorization confirmation;
    若接收所述授权确认服务器的授权确认指令,将所述数据凭证授权给所述用户,并将所述用户的已获取凭证信息更新后与所述用户的人脸图像关联存储。If the authorization confirmation instruction from the authorization confirmation server is received, the data voucher is authorized to the user, and the acquired credential information of the user is updated and stored in association with the face image of the user.
  2. 如权利要求1所述的方法,其中,所述根据所述用户的人脸信息,查询与所述用户的人脸信息关联的已获取凭证信息包括:The method according to claim 1, wherein said querying the acquired credential information associated with the face information of the user according to the face information of the user comprises:
    将所述用户的人脸图像处理为预设尺寸;Processing the face image of the user into a preset size;
    扫描预设尺寸的所述用户的人脸图像,提取所述用户的人脸特征,组成人脸特征向量,其中所述人脸特征包括人脸的长度、宽度、鼻子的长度或者宽度、嘴唇的长度或者宽度、人脸的肤色中的至少一种;Scan the user’s face image of a preset size, extract the user’s facial features to form a face feature vector, where the facial features include the length and width of the face, the length or width of the nose, and the length of the lips. At least one of length or width, and skin color of the face;
    将所述用户的人脸特征向量输入第一机器学习模型,所述第一机器学习模型输出所述用户的身份;Inputting the face feature vector of the user into a first machine learning model, and the first machine learning model outputs the identity of the user;
    根据所述用户的身份,查询与所述用户的身份关联的已获取凭证信息。According to the user's identity, query the acquired credential information associated with the user's identity.
  3. 如权利要求2所述的方法,其中,所述第一机器学习模型如下训练出:3. The method of claim 2, wherein the first machine learning model is trained as follows:
    获取人脸图像样本集合,人脸图像样本集合中的每个人脸图像样本事先贴有用户身份标签,Obtain a face image sample set, each face image sample in the face image sample set is labeled with a user identity label in advance,
    从人脸图像样本集合中的每个人脸图像样本识别人脸的人脸特征,组成人脸特征向量;Recognize the facial features of the face from each face image sample in the face image sample set to form a face feature vector;
    将所述人脸图像样本的人脸特征向量逐一输入第一机器学习模型,第一机器学习模型输出判定的用户身份,与贴有的用户身份比对,如不一致,则调整所述第一机器学习模型,使所述第一机器学习模型输出的用户身份与标签一致。The face feature vectors of the face image samples are input into the first machine learning model one by one. The first machine learning model outputs the determined user identity and compares it with the posted user identity. If it is inconsistent, adjust the first machine The learning model makes the user identity output by the first machine learning model consistent with the label.
  4. 如权利要求1所述的方法,其中,所述根据所述用户的人脸信息,查询与所述用户的人脸信息关联的已获取凭证信息包括:The method according to claim 1, wherein said querying the acquired credential information associated with the face information of the user according to the face information of the user comprises:
    分别扫描所述用户的人脸图像和所存储的用户人脸图像,获取所述用户的人脸图像的人脸特征与所存储的用户人脸图像的人脸特征;Respectively scanning the face image of the user and the stored face image of the user, and acquiring the face features of the face image of the user and the face features of the stored face image of the user;
    将所述用户的人脸图像的人脸特征与所存储的用户人脸图像的人脸特征一起输入第二机器学习模型,所述第二机器学习模型输出所述用户的人脸图像与所存储的用户人脸图像是否相同的结果;The facial features of the user’s facial image and the stored facial features of the user’s facial image are input into the second machine learning model together, and the second machine learning model outputs the user’s facial image and the stored facial features. Whether the user’s face images are the same;
    若所述用户的人脸图像与所存储的用户人脸图像相同,调取与所述人脸图像相关联的已获取凭证信息。If the face image of the user is the same as the stored face image of the user, retrieve the acquired credential information associated with the face image.
  5. 如权利要求4所述的方法,其中,所述第二机器学习模型如下训练出:The method of claim 4, wherein the second machine learning model is trained as follows:
    用两张同一人的不同时间拍摄的人脸照片作为正样本对,两张不同人的人脸照片作为负样本对,所述正样本对和所述负样本对构成样本对集;Using two face photos of the same person taken at different times as a positive sample pair, and two face photos of different people as a negative sample pair, the positive sample pair and the negative sample pair constitute a sample pair set;
    分别识别样本对集中的每个样本对的两张人脸照片中人脸的人脸特征,分别组成人脸特 征向量;Recognize the facial features of the faces in the two face photos of each sample pair in the sample pair set respectively, and form the face feature vectors respectively;
    将所述样本对集中的每一个样本对中的两个的人脸特征向量逐一输入第二机器学习模型中进行学习,如果对于正样本对所述第二机器学习模型输出不相同的判断结果,或对于负样本对所述第二机器学习模型输出相同的判断结果,调整所述第二机器学习模型,使所述第二机器学习模型输出相反判断结果。The face feature vectors of two of each sample pair in the sample pair set are input into the second machine learning model one by one for learning. If a positive sample outputs a different judgment result to the second machine learning model, Or, for negative samples, the same judgment result is output to the second machine learning model, and the second machine learning model is adjusted so that the second machine learning model outputs the opposite judgment result.
  6. 如权利要求1所述的方法,其中,发送所述与所述用户的人脸信息关联的已获取凭证信息以及所述用户的获取数据凭证的请求至授权确认服务器,以便授权确认服务器根据已获取凭证信息以及所述用户的获取数据凭证的请求进行授权确认,其具体包括:The method of claim 1, wherein the acquired credential information associated with the user’s face information and the user’s request for data credential acquisition are sent to an authorization confirmation server, so that the authorization confirmation server will The credential information and the user’s request for obtaining data credential are authorized to confirm, which specifically includes:
    根据与所述用户的人脸信息关联的已获取凭证信息,判断所述用户已获取的与所述用户请求的数据凭证有效时间相同的数据凭证数量是否超过告警阈值;According to the acquired credential information associated with the face information of the user, determine whether the number of data credential that the user has acquired and the valid time of the data credential requested by the user exceeds the alarm threshold;
    若超过告警阈值,发送所述与所述用户的人脸信息关联的已获取凭证信息、所述用户的获取数据凭证的请求以及告警信息至授权确认服务器,以便授权确认服务器拒绝对所述用户授权或者发送所述与所述用户的人脸信息关联的已获取凭证信息、所述用户的获取数据凭证的请求以及禁止授权指令至授权确认服务器,以禁止授权确认服务器对所述用户授权。If the alarm threshold is exceeded, send the acquired credential information associated with the user's face information, the user's data credential acquisition request, and alarm information to the authorization confirmation server, so that the authorization confirmation server refuses to authorize the user Or send the acquired credential information associated with the user's face information, the user's request for data credential acquisition, and the authorization prohibition instruction to the authorization confirmation server to prohibit the authorization confirmation server from authorizing the user.
  7. 如权利要求6所述的方法,其中,所述警告阈值通过如下公式确认:8. The method of claim 6, wherein the warning threshold is confirmed by the following formula:
    Figure PCTCN2020087474-appb-100001
    Figure PCTCN2020087474-appb-100001
    其中,n为所述警告阈值参考值,若n大于1则设定所述警告阈值为n,若n小于1则设定所述警告阈值为1,W为所述数据凭证预发放的数量,i为所述数据凭证预定发放的最小人数,j为所述数据凭证的热度指数。所述W、i、j的值均在开始授权之前就部署在所述授权确认服务器中。Where n is the warning threshold reference value, if n is greater than 1, the warning threshold is set to n, if n is less than 1, the warning threshold is set to 1, and W is the number of pre-issued data vouchers, i is the minimum number of people scheduled to issue the data voucher, and j is the popularity index of the data voucher. The values of W, i, and j are all deployed in the authorization confirmation server before authorization is started.
  8. 一种数据凭证授权装置,其中,所述装置包括:A data certificate authorization device, wherein the device includes:
    人脸图像获取单元,用于接收到用户获取数据凭证的请求,获取所述用户的人脸图像,其中所述请求包含有所述用户要获取的数据凭证的凭证信息;A face image acquisition unit, configured to receive a request from a user to acquire a data voucher, and obtain a face image of the user, wherein the request includes credential information of the data voucher to be obtained by the user;
    凭证信息查询单元,用于根据所述用户的人脸图像,查询与所述用户的人脸信息关联的已获取凭证信息,其中所述已获取凭证信息包括所述用户已获取的数据凭证的数量和所述已获取数据凭证的过期时间;The credential information query unit is configured to query the acquired credential information associated with the face information of the user according to the face image of the user, wherein the acquired credential information includes the number of data vouchers that the user has acquired And the expiration time of the obtained data certificate;
    授权信息确认单元,用于发送所述与所述用户的人脸信息关联的已获取凭证信息至授权确认服务器,以便授权确认服务器进行授权确认;The authorization information confirmation unit is configured to send the obtained credential information associated with the user's face information to the authorization confirmation server, so that the authorization confirmation server can perform authorization confirmation;
    数据凭证授权单元,用于接收所述授权确认服务器的授权确认指令,将所述数据凭证授权给所述用户,并将所述用户的已获取凭证信息更新后与所述用户的人脸图像关联存储。The data voucher authorization unit is configured to receive an authorization confirmation instruction from the authorization confirmation server, authorize the data voucher to the user, and associate the user's acquired credential information with the user's face image after updating storage.
  9. 一种计算机设备,包括存储器和处理器,所述存储器中存储有计算机可读指令,所述计算机可读指令被所述处理器执行时,使得所述处理器执行如下的步骤:A computer device includes a memory and a processor, and computer-readable instructions are stored in the memory. When the computer-readable instructions are executed by the processor, the processor executes the following steps:
    接收到用户获取数据凭证的请求,获取所述用户的人脸图像,其中所述请求包含有所述用户要获取的数据凭证的凭证信息;Receiving a request from a user to obtain a data voucher, and obtaining a face image of the user, wherein the request includes credential information of the data voucher to be obtained by the user;
    根据所述用户的人脸图像,查询与所述用户的人脸信息关联的已获取凭证信息,其中所述已获取凭证信息包括所述用户历史上已获取的数据凭证的数量和所述已获取数据凭证的过期时间;According to the face image of the user, query the acquired credential information associated with the face information of the user, where the acquired credential information includes the number of data vouchers that have been acquired in the user history and the acquired credential information The expiration time of the data certificate;
    发送所述与所述用户的人脸信息关联的已获取凭证信息以及所述用户的获取数据凭证的请求至授权确认服务器,以便授权确认服务器根据已获取凭证信息以及所述用户的获取数据凭证的请求进行授权确认;Send the obtained credential information associated with the user's face information and the user's request for obtaining data credential to the authorization confirmation server, so that the authorization confirmation server is based on the obtained credential information and the user's obtaining data credential Request authorization confirmation;
    若接收所述授权确认服务器的授权确认指令,将所述数据凭证授权给所述用户,并将所述用户的已获取凭证信息更新后与所述用户的人脸图像关联存储。10.如权利要求9所述的计算机设备,其中,所述计算机可读指令被所述处理器执行时,使得所述处理器执行所述根据所述用户的人脸信息,查询与所述用户的人脸信息关联的已获取凭证信息的步骤,包括:If the authorization confirmation instruction from the authorization confirmation server is received, the data voucher is authorized to the user, and the acquired credential information of the user is updated and stored in association with the face image of the user. 10. The computer device of claim 9, wherein, when the computer-readable instructions are executed by the processor, the processor executes the query based on the user's face information and the user The steps of obtaining the credential information associated with the facial information include:
    将所述用户的人脸图像处理为预设尺寸;Processing the face image of the user into a preset size;
    扫描预设尺寸的所述用户的人脸图像,提取所述用户的人脸特征,组成人脸特征向量,其中所述人脸特征包括人脸的长度、宽度、鼻子的长度或者宽度、嘴唇的长度或者宽度、人脸的肤色中的至少一种;Scan the user’s face image of a preset size, extract the user’s facial features to form a face feature vector, where the facial features include the length and width of the face, the length or width of the nose, and the length of the lips. At least one of length or width, and skin color of the face;
    将所述用户的人脸特征向量输入第一机器学习模型,所述第一机器学习模型输出所述用户的身份;Inputting the face feature vector of the user into a first machine learning model, and the first machine learning model outputs the identity of the user;
    根据所述用户的身份,查询与所述用户的身份关联的已获取凭证信息。According to the user's identity, query the acquired credential information associated with the user's identity.
  10. 如权利要求10所述的计算机设备,其中,所述计算机可读指令被所述处理器执行时,使得所述处理器执行所述将所述用户的人脸特征向量输入第一机器学习模型的步骤之前,还用于执行如下步骤:The computer device according to claim 10, wherein, when the computer-readable instructions are executed by the processor, the processor executes the input of the user's face feature vector into the first machine learning model Before the step, it is also used to perform the following steps:
    获取人脸图像样本集合,人脸图像样本集合中的每个人脸图像样本事先贴有用户身份标签,Obtain a face image sample set, each face image sample in the face image sample set is labeled with a user identity label in advance,
    从人脸图像样本集合中的每个人脸图像样本识别人脸的人脸特征,组成人脸特征向量;Recognize the facial features of the face from each face image sample in the face image sample set to form a face feature vector;
    将所述人脸图像样本的人脸特征向量逐一输入第一机器学习模型,第一机器学习模型输出判定的用户身份,与贴有的用户身份比对,如不一致,则调整所述第一机器学习模型,使所述第一机器学习模型输出的用户身份与标签一致。The face feature vectors of the face image samples are input into the first machine learning model one by one. The first machine learning model outputs the determined user identity and compares it with the posted user identity. If it is inconsistent, adjust the first machine The learning model makes the user identity output by the first machine learning model consistent with the label.
  11. 如权利要求9所述的计算机设备,其中,所述计算机可读指令被所述处理器执行时,使得所述处理器执行所述根据所述用户的人脸信息,查询与所述用户的人脸信息关联的已获取凭证信息的步骤,包括:The computer device according to claim 9, wherein, when the computer-readable instructions are executed by the processor, the processor executes the query based on the face information of the user, The steps of obtaining credential information associated with face information include:
    分别扫描所述用户的人脸图像和所存储的用户人脸图像,获取所述用户的人脸图像的人脸特征与所存储的用户人脸图像的人脸特征;Respectively scanning the face image of the user and the stored face image of the user, and acquiring the face features of the face image of the user and the face features of the stored face image of the user;
    将所述用户的人脸图像的人脸特征与所存储的用户人脸图像的人脸特征一起输入第二机器学习模型,所述第二机器学习模型输出所述用户的人脸图像与所存储的用户人脸图像是否相同的结果;The facial features of the user’s facial image and the stored facial features of the user’s facial image are input into the second machine learning model together, and the second machine learning model outputs the user’s facial image and the stored facial features. Whether the user’s face images are the same;
    若所述用户的人脸图像与所存储的用户人脸图像相同,调取与所述人脸图像相关联的已获取凭证信息。If the face image of the user is the same as the stored face image of the user, retrieve the acquired credential information associated with the face image.
  12. 如权利要求9所述的计算机设备,其中,所述计算机可读指令被所述处理器执行时,使得所述处理器执行所述将所述用户的人脸图像的人脸特征与所存储的用户人脸图像的人脸特征一起输入第二机器学习模型的步骤之前,还用于执行如下步骤:The computer device according to claim 9, wherein, when the computer-readable instructions are executed by the processor, the processor executes the combination of the facial features of the user’s facial image with the stored Before the step of inputting the face features of the user's face image into the second machine learning model, it is also used to perform the following steps:
    用两张同一人的不同时间拍摄的人脸照片作为正样本对,两张不同人的人脸照片作为负样本对,所述正样本对和所述负样本对构成样本对集;Using two face photos of the same person taken at different times as a positive sample pair, and two face photos of different people as a negative sample pair, the positive sample pair and the negative sample pair constitute a sample pair set;
    分别识别样本对集中的每个样本对的两张人脸照片中人脸的人脸特征,分别组成人脸特征向量;Recognize the facial features of the two faces in the two face photos of each sample pair in the sample pair set, respectively, to form a face feature vector;
    将所述样本对集中的每一个样本对中的两个的人脸特征向量逐一输入第二机器学习模型中进行学习,如果对于正样本对所述第二机器学习模型输出不相同的判断结果,或对于负样本对所述第二机器学习模型输出相同的判断结果,调整所述第二机器学习模型,使所述第二机器学习模型输出相反判断结果。The face feature vectors of two of each sample pair in the sample pair set are input into the second machine learning model one by one for learning. If the second machine learning model outputs different judgment results for the positive samples, Or, for negative samples, the same judgment result is output to the second machine learning model, and the second machine learning model is adjusted so that the second machine learning model outputs the opposite judgment result.
  13. 如权利要求9所述的计算机设备,其中,所述计算机可读指令被所述处理器执行时, 使得所述处理器执行所述发送所述与所述用户的人脸信息关联的已获取凭证信息以及所述用户的获取数据凭证的请求至授权确认服务器,以便授权确认服务器根据已获取凭证信息以及所述用户的获取数据凭证的请求进行授权确认的步骤,包括:The computer device according to claim 9, wherein, when the computer-readable instructions are executed by the processor, the processor executes the sending of the acquired credential associated with the face information of the user The information and the user's request for obtaining data credentials are sent to the authorization confirmation server, so that the authorization confirmation server performs authorization confirmation according to the obtained credential information and the user's request for obtaining data credentials, including:
    根据与所述用户的人脸信息关联的已获取凭证信息,判断所述用户已获取的与所述用户请求的数据凭证有效时间相同的数据凭证数量是否超过告警阈值;According to the acquired credential information associated with the face information of the user, judging whether the number of data credential that the user has acquired with the same valid time as the data credential requested by the user exceeds an alarm threshold;
    若超过告警阈值,发送所述与所述用户的人脸信息关联的已获取凭证信息、所述用户的获取数据凭证的请求以及告警信息至授权确认服务器,以便授权确认服务器拒绝对所述用户授权或者发送所述与所述用户的人脸信息关联的已获取凭证信息、所述用户的获取数据凭证的请求以及禁止授权指令至授权确认服务器,以禁止授权确认服务器对所述用户授权。If the alarm threshold is exceeded, send the acquired credential information associated with the user's face information, the user's data credential acquisition request, and alarm information to the authorization confirmation server, so that the authorization confirmation server refuses to authorize the user Or send the acquired credential information associated with the user's face information, the user's request for data credential acquisition, and the authorization prohibition instruction to the authorization confirmation server to prohibit the authorization confirmation server from authorizing the user.
  14. 一种存储有计算机可读指令的存储介质,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行如下的步骤:A storage medium storing computer-readable instructions. When the computer-readable instructions are executed by one or more processors, the one or more processors execute the following steps:
    接收到用户获取数据凭证的请求,获取所述用户的人脸图像,其中所述请求包含有所述用户要获取的数据凭证的凭证信息;Receiving a request from a user to obtain a data voucher, and obtaining a face image of the user, wherein the request includes credential information of the data voucher to be obtained by the user;
    根据所述用户的人脸图像,查询与所述用户的人脸信息关联的已获取凭证信息,其中所述已获取凭证信息包括所述用户历史上已获取的数据凭证的数量和所述已获取数据凭证的过期时间;According to the user’s face image, query the acquired credential information associated with the user’s face information, where the acquired credential information includes the number of data credential acquired in the user’s history and the acquired credential information. The expiration time of the data certificate;
    发送所述与所述用户的人脸信息关联的已获取凭证信息以及所述用户的获取数据凭证的请求至授权确认服务器,以便授权确认服务器根据已获取凭证信息以及所述用户的获取数据凭证的请求进行授权确认;Send the obtained credential information associated with the user's face information and the user's request for obtaining data credential to the authorization confirmation server, so that the authorization confirmation server is based on the obtained credential information and the user's obtaining data credential Request authorization confirmation;
    若接收所述授权确认服务器的授权确认指令,将所述数据凭证授权给所述用户,并将所述用户的已获取凭证信息更新后与所述用户的人脸图像关联存储。If the authorization confirmation instruction from the authorization confirmation server is received, the data voucher is authorized to the user, and the acquired credential information of the user is updated and stored in association with the face image of the user.
  15. 如权利要求15所述的存储介质,其中,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行所述根据所述用户的人脸信息,查询与所述用户的人脸信息关联的已获取凭证信息的步骤,包括:将所述用户的人脸图像处理为预设尺寸;The storage medium according to claim 15, wherein, when the computer-readable instructions are executed by one or more processors, the one or more processors execute the query and query based on the facial information of the user. The step of obtaining the credential information associated with the user's face information includes: processing the user's face image into a preset size;
    扫描预设尺寸的所述用户的人脸图像,提取所述用户的人脸特征,组成人脸特征向量,其中所述人脸特征包括人脸的长度、宽度、鼻子的长度或者宽度、嘴唇的长度或者宽度、人脸的肤色中的至少一种;Scan the user’s face image of a preset size, extract the user’s facial features to form a face feature vector, where the facial features include the length and width of the face, the length or width of the nose, and the length of the lips. At least one of length or width, and skin color of the face;
    将所述用户的人脸特征向量输入第一机器学习模型,所述第一机器学习模型输出所述用户的身份;Inputting the face feature vector of the user into a first machine learning model, and the first machine learning model outputs the identity of the user;
    根据所述用户的身份,查询与所述用户的身份关联的已获取凭证信息。According to the user's identity, query the acquired credential information associated with the user's identity.
  16. 如权利要求16所述的存储介质,其中,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行所述将所述用户的人脸特征向量输入第一机器学习模型的步骤之前,还用于执行如下步骤:The storage medium of claim 16, wherein, when the computer-readable instructions are executed by one or more processors, one or more processors execute the input of the user’s facial feature vector into the first Before the steps of the machine learning model, it is also used to perform the following steps:
    获取人脸图像样本集合,人脸图像样本集合中的每个人脸图像样本事先贴有用户身份标签,Obtain a face image sample set, and each face image sample in the face image sample set has a user identity label attached in advance,
    从人脸图像样本集合中的每个人脸图像样本识别人脸的人脸特征,组成人脸特征向量;Identify the facial features of the face from each face image sample in the face image sample set to form a face feature vector;
    将所述人脸图像样本的人脸特征向量逐一输入第一机器学习模型,第一机器学习模型输出判定的用户身份,与贴有的用户身份比对,如不一致,则调整所述第一机器学习模型,使所述第一机器学习模型输出的用户身份与标签一致。The face feature vectors of the face image samples are input into the first machine learning model one by one. The first machine learning model outputs the determined user identity and compares it with the posted user identity. If it is inconsistent, adjust the first machine The learning model makes the user identity output by the first machine learning model consistent with the label.
  17. 如权利要求15所述的存储介质,其中,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行所述根据所述用户的人脸信息,查询与所述用户的人脸信息关联的已获取凭证信息的步骤,包括:The storage medium according to claim 15, wherein, when the computer-readable instructions are executed by one or more processors, the one or more processors execute the query and query based on the facial information of the user. The steps of obtaining credential information associated with the user's face information include:
    分别扫描所述用户的人脸图像和所存储的用户人脸图像,获取所述用户的人脸图像的人脸特征与所存储的用户人脸图像的人脸特征;Respectively scanning the face image of the user and the stored face image of the user, and acquiring the face features of the face image of the user and the face features of the stored face image of the user;
    将所述用户的人脸图像的人脸特征与所存储的用户人脸图像的人脸特征一起输入第二机器学习模型,所述第二机器学习模型输出所述用户的人脸图像与所存储的用户人脸图像是否相同的结果;The facial features of the user’s facial image and the stored facial features of the user’s facial image are input into the second machine learning model together, and the second machine learning model outputs the user’s facial image and the stored facial features. Whether the user’s face images are the same;
    若所述用户的人脸图像与所存储的用户人脸图像相同,调取与所述人脸图像相关联的已获取凭证信息。If the face image of the user is the same as the stored face image of the user, retrieve the acquired credential information associated with the face image.
  18. 如权利要求18所述的存储介质,其中,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行所述将所述用户的人脸图像的人脸特征与所存储的用户人脸图像的人脸特征一起输入第二机器学习模型的步骤之前,还用于执行如下步骤:The storage medium of claim 18, wherein, when the computer-readable instructions are executed by one or more processors, the one or more processors execute the conversion of the facial features of the user's facial image Before the step of inputting the second machine learning model together with the stored facial features of the user's face image, it is also used to perform the following steps:
    用两张同一人的不同时间拍摄的人脸照片作为正样本对,两张不同人的人脸照片作为负样本对,所述正样本对和所述负样本对构成样本对集;Using two face photos of the same person taken at different times as a positive sample pair, and two face photos of different people as a negative sample pair, and the positive sample pair and the negative sample pair constitute a sample pair set;
    分别识别样本对集中的每个样本对的两张人脸照片中人脸的人脸特征,分别组成人脸特征向量;Recognize the facial features of the faces in the two face photos of each sample pair in the sample pair set respectively, and form the face feature vectors respectively;
    将所述样本对集中的每一个样本对中的两个的人脸特征向量逐一输入第二机器学习模型中进行学习,如果对于正样本对所述第二机器学习模型输出不相同的判断结果,或对于负样本对所述第二机器学习模型输出相同的判断结果,调整所述第二机器学习模型,使所述第二机器学习模型输出相反判断结果。The face feature vectors of two of each sample pair in the sample pair set are input into the second machine learning model one by one for learning. If a positive sample outputs a different judgment result to the second machine learning model, Or, for negative samples, the same judgment result is output to the second machine learning model, and the second machine learning model is adjusted so that the second machine learning model outputs the opposite judgment result.
  19. 如权利要求15所述的存储介质,其中,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行所述发送所述与所述用户的人脸信息关联的已获取凭证信息以及所述用户的获取数据凭证的请求至授权确认服务器,以便授权确认服务器根据已获取凭证信息以及所述用户的获取数据凭证的请求进行授权确认的步骤,包括:The storage medium according to claim 15, wherein, when the computer-readable instructions are executed by one or more processors, one or more processors execute the sending of the information associated with the user's face The obtained credential information and the user's request for obtaining data credential are sent to the authorization confirmation server, so that the authorization confirmation server performs authorization confirmation according to the obtained credential information and the user's request for obtaining data credential, including:
    根据与所述用户的人脸信息关联的已获取凭证信息,判断所述用户已获取的与所述用户请求的数据凭证有效时间相同的数据凭证数量是否超过告警阈值;According to the acquired credential information associated with the face information of the user, determine whether the number of data credential that the user has acquired and the valid time of the data credential requested by the user exceeds the alarm threshold;
    若超过告警阈值,发送所述与所述用户的人脸信息关联的已获取凭证信息、所述用户的获取数据凭证的请求以及告警信息至授权确认服务器,以便授权确认服务器拒绝对所述用户授权或者发送所述与所述用户的人脸信息关联的已获取凭证信息、所述用户的获取数据凭证的请求以及禁止授权指令至授权确认服务器,以禁止授权确认服务器对所述用户授权。If the alarm threshold is exceeded, send the acquired credential information associated with the user's face information, the user's request for data credential acquisition, and alarm information to the authorization confirmation server, so that the authorization confirmation server refuses to authorize the user Or send the acquired credential information associated with the face information of the user, the user's request for data credential acquisition, and the authorization prohibition instruction to the authorization confirmation server to prohibit the authorization confirmation server from authorizing the user.
PCT/CN2020/087474 2019-05-24 2020-04-28 Method and device for data certificate authorization, computer device, and storage medium WO2020238534A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910441359.5A CN110348195A (en) 2019-05-24 2019-05-24 Data certificate authority method, apparatus, computer equipment and storage medium
CN201910441359.5 2019-05-24

Publications (1)

Publication Number Publication Date
WO2020238534A1 true WO2020238534A1 (en) 2020-12-03

Family

ID=68174363

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/087474 WO2020238534A1 (en) 2019-05-24 2020-04-28 Method and device for data certificate authorization, computer device, and storage medium

Country Status (2)

Country Link
CN (1) CN110348195A (en)
WO (1) WO2020238534A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110348195A (en) * 2019-05-24 2019-10-18 深圳壹账通智能科技有限公司 Data certificate authority method, apparatus, computer equipment and storage medium
CN112905981A (en) * 2019-12-04 2021-06-04 上海博泰悦臻电子设备制造有限公司 Method, electronic device and computer-readable storage medium for information sharing
CN111368101B (en) * 2020-03-05 2021-06-18 腾讯科技(深圳)有限公司 Multimedia resource information display method, device, equipment and storage medium
CN111523862B (en) * 2020-04-27 2024-02-23 广东电网有限责任公司培训与评价中心 Method and related equipment for acquiring talent data
CN112699355A (en) * 2020-12-22 2021-04-23 湖南麒麟信安科技股份有限公司 Dynamic face authentication method and system with user and host decoupled
CN116842494B (en) * 2023-09-04 2023-11-10 杭州嘉识科技有限公司 Equipment control method and system based on big data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020116238A1 (en) * 2001-02-06 2002-08-22 Himes Jennifer Ann Method, system and storage medium for obtaining certificates of analysis
CN102096950A (en) * 2010-12-10 2011-06-15 汉王科技股份有限公司 Face recognition device and recognition method for ticketing system
CN106022317A (en) * 2016-06-27 2016-10-12 北京小米移动软件有限公司 Face identification method and apparatus
CN108805048A (en) * 2018-05-25 2018-11-13 腾讯科技(深圳)有限公司 A kind of method of adjustment of human face recognition model, device and storage medium
CN109614780A (en) * 2018-10-23 2019-04-12 平安科技(深圳)有限公司 Biological information certifying method and device, storage medium, electronic equipment
CN110348195A (en) * 2019-05-24 2019-10-18 深圳壹账通智能科技有限公司 Data certificate authority method, apparatus, computer equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020116238A1 (en) * 2001-02-06 2002-08-22 Himes Jennifer Ann Method, system and storage medium for obtaining certificates of analysis
CN102096950A (en) * 2010-12-10 2011-06-15 汉王科技股份有限公司 Face recognition device and recognition method for ticketing system
CN106022317A (en) * 2016-06-27 2016-10-12 北京小米移动软件有限公司 Face identification method and apparatus
CN108805048A (en) * 2018-05-25 2018-11-13 腾讯科技(深圳)有限公司 A kind of method of adjustment of human face recognition model, device and storage medium
CN109614780A (en) * 2018-10-23 2019-04-12 平安科技(深圳)有限公司 Biological information certifying method and device, storage medium, electronic equipment
CN110348195A (en) * 2019-05-24 2019-10-18 深圳壹账通智能科技有限公司 Data certificate authority method, apparatus, computer equipment and storage medium

Also Published As

Publication number Publication date
CN110348195A (en) 2019-10-18

Similar Documents

Publication Publication Date Title
WO2020238534A1 (en) Method and device for data certificate authorization, computer device, and storage medium
US10009327B2 (en) Technologies for secure storage and use of biometric authentication information
CN111611908B (en) System and method for real-time user authentication in online education
AU2012261635B2 (en) Methods and Systems for Increasing the Security of Network- Based Transactions
US20170093851A1 (en) Biometric authentication system
US8630956B2 (en) Obscuring image of person in picture when consent to share image is denied
US10348709B2 (en) Cumulative authentication for step-up increased authentication factors
US9641526B1 (en) Location based authentication methods and systems
US20140230019A1 (en) Authentication to a first device using a second device
TWI616821B (en) Bar code generation method, bar code based authentication method and related terminal
WO2018196841A1 (en) Authentication method for realising access network, authentication device and user equipment
US11636261B2 (en) Capturing and sending one-time passwords using augmented reality glasses
KR20160147515A (en) Method for authenticating user and electronic device supporting the same
US20110157347A1 (en) Unintrusive biometric capture device, system and method for logical access control
US11063935B2 (en) Systems and methods for providing remote desktop access
US20150215672A1 (en) Display apparatus and control method thereof
WO2021248385A1 (en) Biological feature registration method and apparatus, and communication device and storage medium
US10936705B2 (en) Authentication method, electronic device, and computer-readable program medium
US10832485B1 (en) CAPTCHA authentication via augmented reality
WO2018233584A1 (en) Method, device, computer apparatus, and storage medium for transferring account value
US20220414193A1 (en) Systems and methods for secure adaptive illustrations
US20160087977A1 (en) Methods and systems for displaying biometric data during capture
US20230022561A1 (en) Method and system for authenticating a user
CN113449275B (en) User identity authentication method and device and terminal equipment
US20240022561A1 (en) Accessing a virtual sub-environment in a virtual environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20814824

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20814824

Country of ref document: EP

Kind code of ref document: A1