WO2022233313A1 - User identity information authentication method, system, apparatus and device, and storage medium - Google Patents

User identity information authentication method, system, apparatus and device, and storage medium Download PDF

Info

Publication number
WO2022233313A1
WO2022233313A1 PCT/CN2022/091134 CN2022091134W WO2022233313A1 WO 2022233313 A1 WO2022233313 A1 WO 2022233313A1 CN 2022091134 W CN2022091134 W CN 2022091134W WO 2022233313 A1 WO2022233313 A1 WO 2022233313A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
authenticated
information
stored
user information
Prior art date
Application number
PCT/CN2022/091134
Other languages
French (fr)
Chinese (zh)
Inventor
简伟明
皮爱平
黄飞鹰
梁华贵
陈吉宏
黄伟涛
郑则润
陈秋榕
Original Assignee
简伟明
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 简伟明 filed Critical 简伟明
Publication of WO2022233313A1 publication Critical patent/WO2022233313A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • G06V40/168Feature extraction; Face representation

Definitions

  • the embodiments of the present application relate to the technical field of identity authentication, and in particular, to a user identity information authentication method, system, device, user identity information authentication device, and storage medium.
  • Identity authentication refers to the confirmation of the user's identity through special means. In industry and commerce, taxation, finance, public security, transportation and other industry scenarios, the process of identity authentication is required. For example, when a user goes to a bank to conduct business, the user's identity needs to be authenticated To determine the authority to handle the business.
  • One of the important links in identity authentication is the verification of personal identity information, that is, to ensure the credibility of the user's face, name and ID number.
  • the common method is to put the ID card on the identity verification device with an ID card reader, read the ID card information, and then collect the live face image on the scene and conduct a person with the face of the ID card. After the face recognition comparison, the QR code is generated after confirming that it is the person.
  • the user uses the corresponding APP or applet to identify the QR code on the screen to complete the verification of personal identity information and user account information to ensure that the personal identity information on the server and mobile It is credible, but this operation method has many steps, takes a long time, and has high learning cost for users. It is difficult to master, and it is not convenient for the elderly to use.
  • Embodiments of the present application provide a user identity information authentication method, system, device, device, and storage medium, so as to minimize user operation steps in the identity information authentication process and improve the convenience of identity authentication.
  • an embodiment of the present application provides a method for authenticating user identity information, including:
  • a first verification code is generated based on the first user information, and a device to be authenticated that matches the first user information is determined, wherein the second user information is pre-stored in the device to be authenticated, and the trusted device The credibility level of the collected first user information is higher than the credibility level of the second user information stored in the device to be authenticated;
  • the method further includes:
  • the device modifies the authentication level and notifies the user, wherein the second verification code is generated according to the second user information stored in the device to be authenticated.
  • the trusted device includes an ID card reading device, a trusted ID reader, and a passport reader
  • the first user information includes an ID card reading device, a trusted ID reader, and a passport reader
  • the first user information includes an ID card reading device, a trusted ID reader, and a passport reader.
  • User information includes ID card information, citizen certification, citizen card, qualification certificate, driver's license, and passport.
  • the generating a first check code based on the first user information includes:
  • the first check code is generated by calculating the hash value of the name and the ID card number in the ID card information through a hash algorithm.
  • the determining the device to be authenticated that matches the first user information includes:
  • the machine-readable face feature is compared with the user face feature stored correspondingly in each terminal device, and the terminal device that satisfies the comparison result is determined as the device to be authenticated.
  • the method before querying the stored facial features of the user corresponding to the terminal device, the method further includes:
  • the query and storage of the user face features corresponding to the terminal device include:
  • an embodiment of the present application provides a user identity information authentication system, including a server, a device to be authenticated, and a trusted device;
  • the trusted device is used to send the first user information to the server, and the first user information is collected by the trusted device; the server, the server, is used to receive the first user information, based on the first user information A first check code is generated from user information, and a device to be authenticated that matches the first user information is determined, wherein the credibility level of the first user information collected by the trusted device is higher than that of the to-be-authenticated device the trust level of the second user information stored by the device; and
  • the device to be authenticated is configured to generate a second check code based on the stored second user information, and receive the first check code sent by the server, if the first check code and the second check code If the codes are consistent, the stored authentication level is updated to the modified authentication level.
  • the first user information includes ID card information
  • the server is used for:
  • the machine-readable face feature is compared with the user face feature stored correspondingly in each terminal device, and the terminal device that satisfies the comparison result is determined as the device to be authenticated.
  • server is also used for:
  • an embodiment of the present application provides a user identity information authentication device, including:
  • User information receiving module used to receive first user information sent by a trusted device, where the first user information is collected by the trusted device;
  • Verification code generation module used to generate a first verification code based on the first user information, and determine a device to be authenticated that matches the first user information, wherein the device to be authenticated is pre-stored with a second user information, the credibility level of the first user information collected by the trusted device is higher than the credibility level of the second user information stored by the device to be authenticated;
  • Authentication device verification module used to determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored Authenticate the trust level of the device and complete the authentication of user identity information.
  • a verification code sending module configured to send the first verification code to the device to be authenticated, for the device to be authenticated to match the first verification code and the second verification code, if If the match is successful, the device to be authenticated modifies the authentication level and notifies the user, wherein the second check code is generated according to the second user information stored by the device to be authenticated.
  • an embodiment of the present application provides a user identity information authentication device, characterized by comprising: a memory and one or more processors;
  • the memory for storing one or more programs
  • the one or more processors When the one or more programs are executed by the one or more processors, the one or more processors implement the user identity information authentication method according to any one of the first aspect of the present application.
  • an embodiment of the present application provides a storage medium containing computer-executable instructions, where the computer-executable instructions, when executed by a computer processor, are used to execute the user identity information authentication method described in the first aspect .
  • the embodiments of the present application also provide a method for authenticating user identity information, including:
  • an embodiment of the present application further provides a user identity information authentication system, including a server, a device to be authenticated, and a trusted device, wherein,
  • the trusted device is used to send the first check code to the server, where the first check code is calculated by the trusted device based on the collected first user information; the server is used to receive the first check code code to determine the device to be authenticated that matches the first check code, wherein the trust level of the first user information collected by the trusted device is higher than the trust level of the second user information stored by the device to be authenticated confidence level; and
  • the device to be authenticated is configured to generate a second check code based on the stored second user information, and receive the first check code sent by the server, if the first check code and the second check code If the codes are consistent, the stored authentication level is updated to the modified authentication level.
  • the embodiment of the present application is applied to a server, receives first user information sent by a trusted device, generates a first check code according to the first user information, and determines a device to be authenticated that matches the first user information based on the first user information, the server Matching the first check code with the third check code stored by itself, if the first check code and the third check code are the same, modify the stored trust level of the device to be authenticated, Complete the authentication of user identity information; the entire identity information authentication process greatly reduces the steps that require the direct participation of users, avoids cumbersome operations for users, and reduces the time for users to queue operations, greatly improves user convenience, and increases user experience. It reduces equipment investment costs, is convenient for the elderly to use, and has strong universality.
  • FIG. 1 is a flowchart of a method for authenticating user identity information provided by an embodiment of the present application
  • FIG. 2 is a flowchart of another user identity information authentication method provided by an embodiment of the present application.
  • FIG. 3 is a flowchart of another user identity information authentication method provided by an embodiment of the present application.
  • FIG. 4 is a flowchart of another user identity information authentication method provided by an embodiment of the present application.
  • FIG. 5 is a schematic structural diagram of a user identity information authentication system provided by an embodiment of the present application.
  • FIG. 6 is a schematic structural diagram of a user identity information authentication device provided by an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of another user identity information authentication device provided by an embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of a user identity information authentication device provided by an embodiment of the present application.
  • the embodiments of the present application provide a user identity information authentication method, system, device, user identity information authentication device, and storage medium.
  • the embodiment of the present application is applied to a server, receives first user information sent by a trusted device, generates a first check code according to the first user information, and determines a device to be authenticated that matches the first user information based on the first user information, the server Matching the first check code with the third check code stored by itself, if the first check code and the third check code are the same, modify the stored trust level of the device to be authenticated, Complete the authentication of user identity information; the entire identity information authentication process greatly reduces the steps that require the direct participation of users, avoids cumbersome operations for users, and reduces the time for users to queue operations, greatly improves user convenience, and increases user experience. It reduces equipment investment costs, is convenient for the elderly to use, and has strong universality.
  • the trusted device first determine the authentication level of the trusted device, and obtain the ID photo and personal information from the trusted device, where the personal information includes the country, name, ID number, etc. on the ID card Personal identity information; then the trusted device sends the personal identity information and identity information device ID, or sends the personal identity information and device location information to the server, the identity information device ID refers to the device ID of the trusted device, through which the device ID can Get the location information of trusted devices.
  • the server uses a hash algorithm or a national secret algorithm to generate a first check code for the personal identity information, and determines a mobile device within a preset range according to the location information of the trusted device.
  • the device to be authenticated that is, the identity authentication level and the second verification code of the mobile device
  • the server notifies the application of the corresponding mobile device, and sends the first check code and authentication level.
  • the mobile device verifies whether the user's second check code matches the first check code. When the match is successful, the mobile device can be modified. User authentication level, and notify the user.
  • a third verification code is also stored.
  • FIG. 1 shows a flowchart of a method for authenticating user identity information provided by an embodiment of the present application.
  • the method for authenticating user identity information provided by an embodiment of the present application can be performed by a user identity information authentication device, which can be implemented by hardware and/or software and integrated in computer equipment.
  • the user identity information authentication method includes:
  • the subject executing the user identity information authentication method may be a server, including a cloud server.
  • the trusted device is usually installed in the device where the identity authentication needs to be performed to collect and identify user information.
  • a trusted device can be a dedicated device that only provides user identity information collection, or can be a terminal device that combines other functions, such as an identity authentication terminal device set up in a bank office, an integrated terminal device set in a tax office, and a high-speed rail automatic terminal. Ticket collection terminal equipment, etc.
  • the first user information may include user name, biometric information, ID number, mobile phone number and other information.
  • Biometric information includes one or more of face information, iris information, sclera information, fingerprint information, palmprint information, voiceprint information, and DNA information
  • the face information includes living face information and face-based photos
  • the parsed face information, the living face information obtains the user's face information through the face recognition technology, and improves the accuracy of the identity recognition.
  • the first user information may further include a country of origin. For example, if a user is from country A, but has an ID card in country B, the user's nationality is the nationality of country A, but the country to which he belongs is country B.
  • the first user information is collected by a trusted device.
  • the trusted device includes an ID card reading device, a trusted ID reader, a passport reader, a driver's license reader, etc.
  • the first user information includes ID information.
  • the ID information is, for example, a complete ID number or a partial ID number, and may also include the user's name, user photo information of the certificate (printed user photo information of the certificate and/or chip user photo information of the certificate), based on the certificate
  • the user's photo information can obtain the user's face feature information. Only when the trusted device reads the ID card, it obtains the ID card information and uploads it to the server. That is, reading the ID card through a trusted device is equivalent to starting the identity information authentication process.
  • 102 Generate a first verification code based on the first user information, and determine a device to be authenticated that matches the first user information, where the device to be authenticated stores a second verification code, wherein the device to be authenticated
  • the second user information is pre-stored in the device, and the credibility level of the first user information collected by the trusted device is higher than the credibility level of the second user information stored by the device to be authenticated.
  • the server generates a first check code for the first user information from the trusted device, and the first check code is used to perform a handshake and identity confirmation with the device to be authenticated.
  • the server matches the devices to be authenticated that meet the conditions based on the first user information.
  • the device to be authenticated is usually a terminal device held by a user, including mobile terminal devices such as smart phones, smart bracelets, smart keychains, smart necklaces, smart watches, notebook computers, and tablet computers.
  • the second user information is pre-stored in the device to be authenticated. It can be understood that the device to be authenticated has the function of entering the second user information. Similarly, the second user information includes the user name, face feature information, ID number, mobile phone number Wait.
  • the facial feature information can be acquired through face acquisition devices such as face scanners, cameras, cameras, etc., and the user can also upload a personal face photo on the device to be authenticated.
  • the device to be authenticated pre-stores the second user information, it calculates and generates a second verification code based on the second user information.
  • the first verification code generated by the server for the first user information can be a complete name plus an ID card number. It can also be special information, such as CTID, which is an encrypted ID card information composed of 256 characters. In addition, it can also be the surname of the name plus the total number of characters of the name plus the first three digits of the ID card plus the last three digits of the ID card.
  • CTID is an encrypted ID card information composed of 256 characters.
  • CTID is an encrypted ID card information composed of 256 characters.
  • the trust level of the first user information collected by the trusted device is higher than the trust level of the second user information stored by the device to be authenticated.
  • the data authentication level is divided into five levels.
  • Level 0 means no identity information.
  • level 1 Indicates virtual information, usually user-defined avatars, nicknames, and Open IDs automatically generated by the system;
  • Level 2 means no credibility, usually refers to the identity information filled in by the user, which is from the user's self-filling, no After any verification, it is not credible information;
  • Level 3 is preliminary credible, and OCR (Optical Character Recognition, Optical Character Recognition) ID card identification and authentication is usually required on the basis of Level 3 information;
  • Level 4 means commercial credibility , indicating that the information has been certified by a third-party agency and can be certified for commercial transaction operations, including third-party agency certification such as Ali certification, WeChat certification, Baidu certification, UnionPay certification, telecom certification, Google certification, Amazon
  • the data authentication in the trusted device disclosed in the embodiment of the present application conforms to the 5-level ID card authentication method, that is, the first user information collected by the trusted device is legally trusted and belongs to the highest level of data authentication;
  • the data authentication in the trusted device disclosed in the embodiment of the present application conforms to the 4-level ID card authentication method, that is, the first user information collected by the trusted device is commercial trustworthy and belongs to a higher level of data authentication reliability.
  • the second user information pre-stored in the device to be authenticated is usually entered by the user independently, and in this case, the second user information belongs to the second level of data authentication without other verification. If the second user information pre-stored in the device to be authenticated comes from other devices, or is independently entered by the user but has been verified by other platforms, such as WeChat authentication, the actual level of the second user information is defined according to the actual situation.
  • the purpose of verifying user information with a low trust level is to determine the trust level of the user information. If the data trust level corresponding to the device to be authenticated is already the highest level, it indicates that it is legally trustworthy, and no need Verify again. Therefore, in this embodiment, determining the matching device to be authenticated includes checking the data level of the terminal device, and only selecting the device to be authenticated whose trust level is lower than that of the trusted device to perform the next action. In fact, each terminal device will periodically or uninterruptedly report location information to the server, and will also periodically or uninterruptedly report its own data authentication level to the server.
  • the server receives the first user of the trusted device
  • the device to be authenticated that matches the first user information is determined
  • the device to be authenticated with the data authentication level equal to or even higher than the trusted device can be excluded according to the data authentication level reported by each terminal device.
  • the trusted device of this application selects an ID card reader device, the trusted device reads the ID card information, and obtains the mobile phone number of the corresponding user according to the ID card information, and selects the The last n digits of the mobile phone number, where n is an integer greater than 1. And the user's photo, the user's name and the last n digits of the mobile phone number in the ID card information are packaged as the first user information.
  • the present application calculates and generates the first check code based on the first user information, it may be generated by calculating the hash value of the last n digits of the user's name and mobile phone number through a hash algorithm.
  • the content category included in the second user information may be the same as the first user information, including user ID card information, and the user's mobile phone number or the last n digits of the mobile phone number.
  • the second check code can also be generated by calculating the hash value of the last n digits of the user's name and mobile phone number by a hash algorithm.
  • the first user information may only include the user's ID card information, that is, not include the mobile phone number, but include the ID card number, name, and face information. Then, the first check code can be generated by calculating the hash value of the name and the ID card number in the ID card information through a hash algorithm.
  • the second user information may include ID number, name, and face information.
  • the second check code may also use a hash algorithm to calculate the hash value of the name and ID number in the ID card information. generate.
  • the server cannot store identity information, so the server pre-stores a third check code, where the third check code is generated from user information corresponding to different users. Since the server generates the first check code based on the first user information and matches it to the device to be authenticated, the third check code corresponding to the device to be authenticated is associated. Specifically, the server checks the consistency of the first check code and the second check code. If the two are consistent, it proves that the first check code matches the second check code, and the availability of the device to be authenticated can be modified. information level, so as to complete the authentication of user identity information.
  • a user identity information authentication method provided by the present application is as shown in FIG. 2 , including:
  • 201 Receive first user information sent by a trusted device, where the first user information is collected by the trusted device.
  • 202 Generate a first verification code based on the first user information, and determine a device to be authenticated that matches the first user information.
  • second user information is pre-stored in the device to be authenticated, and the trust level of the first user information collected through the trusted device is higher than the second user information stored by the device to be authenticated The trust level of user information.
  • this embodiment further includes:
  • the to-be-authenticated device modifies the authentication level and notifies the user, wherein the second check code is generated according to the second user information stored by the to-be-authenticated device.
  • the device to be authenticated checks the consistency of the first check code and the second check code. , if the two are consistent, it indicates that the first check code and the second check code match, and the match is successful, and the device to be authenticated modifies the authentication level and notifies the user.
  • the device to be authenticated sends the matching result to the user.
  • the matching result is that the matching is successful
  • the second user information of the device to be authenticated is credible.
  • the server of the present application after receiving the trust level reported by each terminal device, the trust level of each terminal device is stored. Therefore, when the server receives the matching result of the device to be authenticated and the matching result is successful, it indicates that the identity authentication is successful, and Update the trust level.
  • the embodiment of the present application also provides another user identity information authentication method, including:
  • This embodiment is applied to the server, and the server authenticates the identity information of other terminal devices based on the trusted device that has obtained the trust level certification.
  • the user inputs the first user information through the trusted device, and the first user information is usually generated immediately rather than pre-stored in the trusted device.
  • Trusted devices as devices that have obtained the trust level certification, are usually used in the scenarios of banks, high-speed railways, and government affairs, such as bank identity authentication terminals, high-speed railway ID card check terminals, and government affairs self-service terminals.
  • the first user information is usually ID card information.
  • the server calculates the first check code on the basis of obtaining the first user information.
  • the first user information includes ID number, name, face biometric information, and the first check code.
  • the hash value of the name and the ID card number in the ID card information can be calculated and generated by a hash algorithm.
  • the server When the user inputs the first user information through the trusted device, it is equivalent to starting the identity information authentication process, and the server immediately receives the first user information, and searches for terminal devices within a preset range accordingly. It should be noted that the terminal device periodically or uninterruptedly reports its own location information to the server, so the server actually stores the location information of each terminal device.
  • the location information of the trusted device is also stored in the server. Based on the location information of the trusted device, and according to a preset range set in advance, terminal devices within the preset range are selected.
  • the first user information may also include a device ID of a trusted device in addition to the user's personal identity information, and the device ID can correspond to query the registered address of the trusted device.
  • the location information of the trusted device can be collected by a satellite positioning device, a Bluetooth positioning device, or other positioning devices.
  • the location information of the terminal device can also be collected by a satellite positioning device, a Bluetooth positioning device, or other positioning devices.
  • the preset range is, for example, a circular area formed based on the trusted device as the center and based on the center and the preset radius. Therefore, searching for a terminal device within a preset range is to select a circular area formed with the trusted device as the center according to the location information of the trusted device in combination with the preset radius, and determine the terminal device located in the center area according to the location information of the terminal device.
  • the terminal device is used as an alternative device to be authenticated to perform the next matching process.
  • the matching of the geographic location is the first step in determining the device to be authenticated in the embodiment of the present application, so as to exclude other terminal devices within the preset range and reduce the subsequent workload. Afterwards, further matching is performed on the authentication device based on the user's facial features. Specifically, each terminal device is paired with the user's facial features.
  • the user face feature is, for example, a face image collected as one type of content of the second user information when the user enters the second user information, including two different types of face photos and live face features.
  • the trusted device scans the ID card and reads the ID card information, including the face image in the ID card. After uploading the ID card information to the server, the server further identifies and analyzes the face image to obtain machine-readable face features.
  • the face image of the second user information is assumed to be a face photo, since the shooting time of the face photo of the second user information is different from the shooting time of the face image in the ID card information, Even the face photos taken by the same user under different light, time, scene, and character status are not exactly the same. Therefore, in this application, the terminal device is further verified and matched based on the face image.
  • the device to be authenticated stores a second check code
  • the second check code is calculated and generated by the device to be authenticated according to the pre-stored second user information, wherein the data collected by the trusted device
  • the trust level of the first user information is higher than the trust level of the second user information stored by the device to be authenticated.
  • the embodiment of the present application further provides another method for authenticating user identity information, including:
  • the main body that executes the user identity information authentication method may be a server, and the first user information includes the user's face feature, name, and ID number, or includes the user's face feature, name, and the last n digits of the mobile phone number. .
  • the server in this embodiment generates a first check code based on the first user information, and the first check code is a unique value, so it has sufficient reliability.
  • the hash value of the last n digits of the user's name and mobile phone number can be calculated by a hash algorithm to generate the first check code, or the hash value of the user's name and ID number can be calculated by a hash algorithm to generate the first check code. code.
  • the server When the user inputs the first user information through the trusted device, it is equivalent to starting the identity information authentication process, and the server immediately receives the first user information, and searches for terminal devices within a preset range accordingly.
  • the terminal device periodically or uninterruptedly reports its own location information to the server, so the server actually stores the location information of each terminal device.
  • the location information of the trusted device is also stored in the server. Based on the location information of the trusted device, and according to a preset range set in advance, terminal devices within the preset range are selected.
  • the location information of the trusted device can be collected by a satellite positioning device, a Bluetooth positioning device or other positioning devices.
  • the location information of the terminal device can also be collected by a satellite positioning device, a Bluetooth positioning device or other positioning devices.
  • the preset range takes the trusted device as a reference point, and selects a grid area formed by a preset number of grids based on the reference point. For example, the preset number of grids is 8, so to search for terminal devices within the preset range is, according to the location information of trusted devices, all areas with 8 grid numbers of the upper, lower, left, and right of the location information are included as grid areas.
  • the location information of the terminal device determines that the terminal device located in the grid area is the device to be authenticated.
  • the purpose of this application is to authenticate a terminal device whose data authentication trust level is lower than the trust level of the trusted device, so as to upgrade and update the trust level of the terminal device in the future.
  • a terminal device that is within a preset range and whose authentication level also meets the conditions is selected for subsequent matching.
  • the fact that the authentication level satisfies the preset level actually means that a terminal device with an authentication level lower than a trusted device is selected. Since the authentication level of the terminal device is low, the corresponding trusted level is lower than level 4, which is usually untrustworthy. Further authentication is required to make the end device's data trusted. Therefore, the terminal device whose authentication level is lower than the level of the trusted device is screened to perform the next face comparison and matching.
  • the device to be authenticated stores a second check code, and the second check code is calculated and generated by the device to be authenticated according to the pre-stored second user information, wherein the first user obtained by the trusted device is collected.
  • the trust level of the information is higher than the trust level of the second user information stored by the device to be authenticated.
  • FIG. 5 shows a schematic structural diagram of a user identity information authentication system provided by an embodiment of the present application.
  • a user identity information authentication system provided by an embodiment of the present application includes a server 501 , a device to be authenticated 502 and Trusted device 503, specifically:
  • the trusted device 503 is used to send the first user information to the server, where the first user information is collected by the trusted device; in this embodiment, the first user information may be ID card information, the ID card information Obtained by the trusted device reading the user's ID card.
  • the second user information may be pre-stored in the device to be authenticated and entered by the user through the device to be authenticated, including the user's facial features, name and ID number.
  • the server 501 is configured to receive the first user information, generate a first verification code based on the first user information, and determine a device to be authenticated that matches the first user information, wherein The trust level of the first user information collected by the trust device is higher than the trust level of the second user information stored by the device to be authenticated;
  • the device to be authenticated 502 is configured to generate a second check code based on the stored second user information, and receive the first check code sent by the server, if the first check code and the second check code If the verification codes are consistent, the stored authentication level is updated to the modified authentication level.
  • this embodiment shows another user identity information authentication system, including a server 501, a device to be authenticated 502, and a trusted device 503, wherein:
  • the trusted device 503 is used to send the first user information to the server, where the first user information is collected by the trusted device; the first user information includes ID card information.
  • the server 502 is configured to acquire the location information of the trusted device, and determine the terminal device within the preset range of the location information; query the stored facial features of the user corresponding to the terminal device; The face features are compared with the user face features stored corresponding to each terminal device, and the terminal device that satisfies the comparison result is determined as the device to be authenticated.
  • the to-be-authenticated device 501 is configured to generate a second check code based on the stored second user information, and receive the first check code sent by the server, if the first check code and the second check code If the verification codes are consistent, the stored authentication level is updated to the modified authentication level.
  • the above-mentioned trusted device is an ID card reading device, and the ID card reading device can scan the ID card to identify ID card information. Therefore, in the basic application embodiment, the first user information includes ID card information.
  • the device to be authenticated is determined by combining the screening of the terminal device based on the location information and comparing the name and the ID number.
  • the trusted device is internally provided with a geographic information collection device such as a satellite positioning device, a Bluetooth positioning device, or other positioning devices, to collect the location information of the trusted device and upload it to the server for storage.
  • the terminal device also has a positioning device to collect the location information of the terminal device, and upload the collected location information to the server. Therefore, when the preset range considered to be set is set, the terminal devices that meet the preset range can be screened out according to the location information of the trusted device and the location information of each terminal device.
  • the displacement of the terminal device can also be collected through an acceleration sensor, a direction sensor, etc., and then the current location information of the terminal device can be obtained, which is suitable for places with no signal or poor signal, such as a basement, and geographic locations such as satellites.
  • the location information of the terminal device can still be acquired even when the information acquisition device fails.
  • the name and ID number corresponding to the terminal device are queried.
  • the name and ID number may be included in the second user information, or may be for each terminal device previously entered by the user and corresponding to the terminal device.
  • a relationship table may be formed, and the relationship table records each terminal device and the name and ID number corresponding to each terminal device respectively. Therefore, when the name and ID number of the terminal device need to be queried, the required name and ID number can be obtained by traversing the relationship table.
  • the server parses and identifies the ID card information from the trusted device, and can obtain the name and ID number in the ID card information.
  • the trusted device reads the ID card, it obtains the ID card information, and the embodiment of the ID card information can be in the form of a picture, which is equivalent to a scanned copy of the ID card, or it can be in the form of a list, that is, by reading the ID card
  • the name included in the ID card information of the first user information is compared with the name stored in the terminal device, and the ID card number of the ID card information is compared with the ID card number stored in the terminal device.
  • the step of specifically determining the device to be authenticated that matches the first user information may be to first select a terminal device within a preset range based on a trusted device, and then identify the identity card information of the first user information to obtain The stored name and ID number are compared with the stored name and ID number.
  • the second user information includes the user's face feature corresponding to the device to be authenticated
  • the server stores the trust level of each terminal device, and also stores the availability of the trusted device.
  • trust level wherein the trust level of the trusted device in this embodiment is legal trust, that is, the trust level with the highest level.
  • the comparison between the machine-readable facial feature and the user's facial feature corresponding to the device to be authenticated is actually the similarity between the computer-readable facial feature and the user's facial feature of the device to be authenticated.
  • the comparison result satisfies the preset condition, that is, the similarity between the machine-readable face feature and the user face feature of the device to be authenticated reaches a preset threshold, indicating that the identity authentication is successful at this time, and the credibility of the device to be authenticated is updated. grade.
  • the usual practice is to upgrade the trust level of the terminal device to be consistent with the trusted device, that is, legal trust.
  • an embodiment of the present application provides an apparatus for authenticating user identity information, including: a user information receiving module 601 , a verification code generating module 602 and an authentication device verification module 603 .
  • the user information receiving module 601 is configured to receive first user information sent by a trusted device, and the first user information is collected by the trusted device;
  • the check code generation module 602 is configured to generate a check code based on the first user information to generate a first check code, and determine the device to be authenticated that matches the first user information, wherein the device to be authenticated pre-stores second user information, and the first user obtained through the trusted device
  • the credibility level of the information is higher than the credibility level of the second user information stored by the device to be authenticated;
  • the authentication device verification module 603 is used to determine the stored third verification code corresponding to the device to be authenticated. If the first check code is the same as the third check code, the stored trust level of the device to be authenticated is modified to complete the authentication of the user identity information.
  • the trusted device includes an ID card reading device, a trusted ID reader, and a passport reader
  • the first user information includes ID card information, citizen authentication, citizen card, qualification certificate, driver's license
  • the passport calculates the hash value of the name and the ID card number in the ID card information through a hash algorithm to generate the first check code.
  • the hash value of the name and the ID card number in the ID card information can also be calculated by a hash algorithm to generate the first check code.
  • Determining the device to be authenticated that matches the first user information in the verification code generation module 602 includes: acquiring the location information of the trusted device, determining the terminal device within the preset range of the location information; querying the stored the user's face feature corresponding to the terminal device; the feature extraction is performed on the face image in the ID card information to obtain the machine-readable face feature; the machine-readable face feature is corresponding to the user's face stored in each terminal device The features are compared, and the terminal device that satisfies the comparison result is determined as the device to be authenticated.
  • the method further includes: determining the recorded authentication level of the terminal device within the preset range.
  • the querying the stored user face features corresponding to the terminal device includes: querying the user face features corresponding to the terminal devices whose authentication level meets a preset level.
  • the server stores the trust level of each terminal device, the receiving a matching result sent by the device to be authenticated, and completing identity authentication based on the matching result, including: The matching result sent by the device to be authenticated is received, and if the matching is successful, the identity authentication is successful, and the trust level is updated.
  • the embodiment of the present application further provides another user identity information authentication device.
  • the user identity information authentication device provided by this embodiment adds a verification code transmission based on the user identity information authentication device shown in FIG. 6 .
  • Module 704 that is, the user identity information authentication device in the embodiment of the present application includes: a user information receiving module 701 , a verification code generating module 702 , an authentication device verification module 703 and a verification code sending module 704 .
  • the verification code sending module 704 is configured to send the first verification code to the device to be authenticated, for the device to be authenticated to perform the first verification code and the second verification code If the match is successful, the device to be authenticated modifies the authentication level and notifies the user, wherein the second check code is generated according to the second user information stored by the device to be authenticated
  • the user information receiving module 701 is used to receive the first user information sent by the trusted device, and the first user information is collected by the trusted device; the authentication device determination module 702 is used to determine and the first user information The matching device to be authenticated obtains the stored second user information corresponding to the device to be authenticated, wherein the credibility level of the first user information collected through the trusted device is higher than the stored second user information
  • the identity authentication completion module 703 is configured to generate a matching result according to the first user information and the second user information, and complete the identity authentication based on the matching result.
  • the first user information includes ID card information, citizen authentication, citizen card, qualification certificate, driver's license, and passport.
  • the authentication device includes: acquiring the location information of the trusted device, and determining the terminal device within the preset range of the location information; querying the stored name and ID number corresponding to the terminal device; The identified name and ID number are compared with the stored name and ID number; the terminal device with the same comparison result is determined as the device to be authenticated.
  • the second user information includes a user face feature corresponding to the device to be authenticated
  • the server stores the trust level of each terminal device.
  • the generating a matching result according to the first user information and the second user information, and completing the identity authentication based on the matching result includes: performing an operation on the face image in the ID card information.
  • the feature extraction obtains the machine-readable face feature; compares the machine-readable face feature with the user face feature corresponding to the device to be authenticated; if the comparison result satisfies the preset conditions, the identity authentication is successful, and the the reliability level.
  • an embodiment of the present application further provides a user identity information authentication device, including: a memory 801 and one or more processors 802; the memory 801 is used to store one or more programs; One or more programs are executed by the one or more processors 802 so that the one or more processors implement the user identity information authentication method as described in this application.
  • Embodiments of the present application further provide a storage medium containing computer-executable instructions, where the computer-executable instructions are used to execute the user identity information authentication method provided by the above embodiments when executed by a computer processor, the user identity information authentication method
  • the method includes: receiving first user information sent by a trusted device, where the first user information is collected by the trusted device; generating a first check code based on the first user information, and determining the same value as the first user information.
  • a device to be authenticated that matches user information, wherein the device to be authenticated has second user information pre-stored, and the credibility level of the first user information collected by the trusted device is higher than the first user information stored by the device to be authenticated. 2.
  • the credibility level of the user information determine the stored third check code corresponding to the device to be authenticated, and if the first check code and the third check code are the same, modify the stored Authenticate the trust level of the device and complete the authentication of user identity information.
  • storage medium any of various types of memory devices or storage devices.
  • storage medium is intended to include: installation media, such as CD-ROMs, floppy disks, or tape devices; computer system memory or random access memory, such as DRAM, DDR RAM, SRAM, EDO RAM, Rambus RAM, etc. ; non-volatile memory, such as flash memory, magnetic media (eg hard disk or optical storage); registers or other similar types of memory elements, etc.
  • the storage medium may also include other types of memory or combinations thereof.
  • the storage medium may be located in the first computer system in which the program is executed, or may be located in a second, different computer system connected to the first computer system through a network such as the Internet.
  • the second computer system may provide program instructions to the first computer for execution.
  • storage medium may include two or more storage media that may reside in different locations (eg, in different computer systems connected by a network).
  • the storage medium may store program instructions (eg, embodied as a computer program) executable by one or more processors.
  • a storage medium containing computer-executable instructions provided by the embodiments of the present application is not limited to the user identity information authentication method described above, and the computer-executable instructions can also execute the user identity information provided by any embodiment of the present application. Related operations in the information authentication method.
  • the user identity information authentication device, device and storage medium provided in the above embodiments can perform the user identity information authentication method provided by any embodiment of this application.
  • the user identity information authentication method provided by the example can perform the user identity information authentication method provided by any embodiment of this application.
  • the user identity information authentication method provided by the example.

Abstract

A user identity information authentication method. The method comprises: receiving first user information that is sent by a trusted device; generating a first check code on the basis of the first user information, and determining a device to be authenticated that matches the first user information; and a server matching the first check code with a third check code that is stored therein, and if the first check code is the same as the third check code, modifying a stored trust level of the device to be authenticated, so as to complete the authentication of user identity information. Further disclosed are a user identity information authentication system, apparatus and device, and a storage medium.

Description

用户身份信息认证方法、系统、装置、设备及存储介质User identity information authentication method, system, device, device and storage medium 技术领域technical field
本申请实施例涉及身份认证技术领域,尤其涉及一种用户身份信息认证方法、系统、装置、用户身份信息认证设备及存储介质。The embodiments of the present application relate to the technical field of identity authentication, and in particular, to a user identity information authentication method, system, device, user identity information authentication device, and storage medium.
背景技术Background technique
身份认证指通过特殊手段完成对用户身份的确认,在工商、税务、金融、公检法、交通等行业场景中均需要实现身份认证的过程,如用户去银行办理业务时,需要对用户的身份进行认证以确定业务办理权限。Identity authentication refers to the confirmation of the user's identity through special means. In industry and commerce, taxation, finance, public security, transportation and other industry scenarios, the process of identity authentication is required. For example, when a user goes to a bank to conduct business, the user's identity needs to be authenticated To determine the authority to handle the business.
身份认证的其中一个重要环节是个人身份信息核验,即确保用户的人脸、姓名以及身份证号码的可信度。One of the important links in identity authentication is the verification of personal identity information, that is, to ensure the credibility of the user's face, name and ID number.
目前常用的是结合APP或小程序使用,即用户使用APP或小程序注册的时候录入个人信息和人脸信息等个人身份信息,然后发送到服务器,或保留一份个人身份信息在APP或小程序终端。上述过程的个人身份信息都是用户自己完成,没有经过身份信息核验,无法确保其可信性。为了确保个人身份信息的可信性,通常有几种方法:一种是通过权威个人信息认证机构对身份进行在线核验,这样的速度快、方便、快捷,但认证费用相对比较高;另外一种是通过线下设备进行认证,常用的方法是把身份证放在有身份证阅读器的身份核验设备上,读取身份证信息,然后采集现场活体人脸图像并跟身份证的人脸进行人脸识别比对,确定是本人后生成二维码,用户通过对应的APP或小程序识别屏幕上的二维码完成个人身份信息和用户账户的信息核验,确保服务器端和手机端的个人身份信息是否可信,但种操作方式步骤比较多、耗时比较长,用户学习成本高,掌握难度比较大,更加不便于老年人使用。At present, it is commonly used in combination with APP or applet, that is, when users register with the APP or applet, they enter personal information such as personal information and face information, and then send it to the server, or keep a piece of personal identification information in the APP or applet. terminal. The personally identifiable information in the above process is completed by the user himself, and its credibility cannot be ensured without verification of the identity information. In order to ensure the credibility of personal identity information, there are usually several methods: one is to verify the identity online through an authoritative personal information certification agency, which is fast, convenient and fast, but the certification cost is relatively high; the other is to verify the identity online. It is authenticated through offline devices. The common method is to put the ID card on the identity verification device with an ID card reader, read the ID card information, and then collect the live face image on the scene and conduct a person with the face of the ID card. After the face recognition comparison, the QR code is generated after confirming that it is the person. The user uses the corresponding APP or applet to identify the QR code on the screen to complete the verification of personal identity information and user account information to ensure that the personal identity information on the server and mobile It is credible, but this operation method has many steps, takes a long time, and has high learning cost for users. It is difficult to master, and it is not convenient for the elderly to use.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供一种用户身份信息认证方法、系统、装置、设备及存储介质,以实现身份信息认证过程中用户操作步骤最小化,提高身份认证的便捷性。Embodiments of the present application provide a user identity information authentication method, system, device, device, and storage medium, so as to minimize user operation steps in the identity information authentication process and improve the convenience of identity authentication.
在第一方面,本申请实施例提供了一种用户身份信息认证方法,包括:In a first aspect, an embodiment of the present application provides a method for authenticating user identity information, including:
接收可信设备发送的第一用户信息,所述第一用户信息通过所述可信设备采集得到;receiving first user information sent by a trusted device, where the first user information is collected by the trusted device;
基于所述第一用户信息生成第一校验码,并确定和所述第一用户信息匹配的待认证设备,其中,所述待认证设备中预存有第二用户信息,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级;A first verification code is generated based on the first user information, and a device to be authenticated that matches the first user information is determined, wherein the second user information is pre-stored in the device to be authenticated, and the trusted device The credibility level of the collected first user information is higher than the credibility level of the second user information stored in the device to be authenticated;
确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证。Determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored trust level of the device to be authenticated, and complete Authentication of user identity information.
进一步的,修改存储的所述待认证设备的可信等级之后,还包括:Further, after modifying the stored trust level of the device to be authenticated, the method further includes:
将所述第一校验码发送至所述待认证设备,用于供所述待认证设备进行所述第一校验码和第二校验码的匹配,如果匹配成功,则所述待认证设备进行认证等级修改,并通知用户,其中所述第二校验码根据所述待认证设备存储的所述第二用户信息生成。Send the first verification code to the device to be authenticated, for the device to be authenticated to match the first verification code and the second verification code, if the matching is successful, the device to be authenticated The device modifies the authentication level and notifies the user, wherein the second verification code is generated according to the second user information stored in the device to be authenticated.
进一步的,所述可信设备包括身份证阅读设备、可信身份阅读器、护照阅读器,所述第一用户信息包括身份证阅读设备、可信身份阅读器、护照阅读器,所述第一用户信息包括身份证信息、公民认证、公民卡、资质证明、驾驶执照、护照。Further, the trusted device includes an ID card reading device, a trusted ID reader, and a passport reader, and the first user information includes an ID card reading device, a trusted ID reader, and a passport reader, and the first user information includes an ID card reading device, a trusted ID reader, and a passport reader. User information includes ID card information, citizen certification, citizen card, qualification certificate, driver's license, and passport.
进一步的,所述基于所述第一用户信息生成第一校验码,包括:Further, the generating a first check code based on the first user information includes:
通过哈希算法计算所述身份证信息中姓名和身份证号的散列值生成第一校验码。The first check code is generated by calculating the hash value of the name and the ID card number in the ID card information through a hash algorithm.
进一步的,所述确定和所述第一用户信息匹配的待认证设备,包括:Further, the determining the device to be authenticated that matches the first user information includes:
获取所述可信设备的位置信息,确定所述位置信息预设范围内的终端设备;Obtain the location information of the trusted device, and determine the terminal device within the preset range of the location information;
查询存储的所述终端设备对应的用户人脸特征;query the stored face features of the user corresponding to the terminal device;
对所述身份证信息中的人脸图像进行特征提取得到机读人脸特征;Perform feature extraction on the face image in the ID card information to obtain machine-readable face features;
将所述机读人脸特征与每个终端设备对应存储的用户人脸特征进行比对,将满足比对结果的终端设备确定为待认证设备。The machine-readable face feature is compared with the user face feature stored correspondingly in each terminal device, and the terminal device that satisfies the comparison result is determined as the device to be authenticated.
进一步的,在查询存储的所述终端设备对应的用户人脸特征之前,还包括:Further, before querying the stored facial features of the user corresponding to the terminal device, the method further includes:
确定记录的所述预设范围内的终端设备的认证等级;determining the authentication level of the recorded terminal equipment within the preset range;
相应的,所述查询存储的所述终端设备对应的用户人脸特征,包括:Correspondingly, the query and storage of the user face features corresponding to the terminal device include:
查询认证等级满足预设等级的终端设备对应的用户人脸特征。Query the face features of the user corresponding to the terminal device whose authentication level meets the preset level.
第二方面,本申请实施例提供一种用户身份信息认证系统,包括服务器、待认证设备以及可信设备;In a second aspect, an embodiment of the present application provides a user identity information authentication system, including a server, a device to be authenticated, and a trusted device;
可信设备,用于发送的第一用户信息至服务器,所述第一用户信息通过所述可信设备采集得到;所述服务器,服务器,用于接收所述第一用户信息,基于所述第一用户信息生成第一校验码,并确定和所述第一用户信息匹配的待认证设备,其中,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级;以及The trusted device is used to send the first user information to the server, and the first user information is collected by the trusted device; the server, the server, is used to receive the first user information, based on the first user information A first check code is generated from user information, and a device to be authenticated that matches the first user information is determined, wherein the credibility level of the first user information collected by the trusted device is higher than that of the to-be-authenticated device the trust level of the second user information stored by the device; and
确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,并发送所述第一校验码和修改后的认证等级至所述待认证设备;Determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored trust level of the device to be authenticated, and sending the first verification code and the modified authentication level to the device to be authenticated;
所述待认证设备,用于基于存储的第二用户信息生成第二校验码,并接收所述服务器发送的第一校验码,如果所述第一校验码和所述第二校验码一致,则将存储的认证等级更新为所述修改后的认证等级。The device to be authenticated is configured to generate a second check code based on the stored second user information, and receive the first check code sent by the server, if the first check code and the second check code If the codes are consistent, the stored authentication level is updated to the modified authentication level.
进一步的,所述第一用户信息包括身份证信息,所述服务器用于:Further, the first user information includes ID card information, and the server is used for:
获取所述可信设备的位置信息,确定所述位置信息预设范围内的终端设备;Obtain the location information of the trusted device, and determine the terminal device within the preset range of the location information;
查询存储的所述终端设备对应的用户人脸特征;query the stored face features of the user corresponding to the terminal device;
将所述机读人脸特征与每个终端设备对应存储的用户人脸特征进行比对,将满足比对结果的终端设备确定为待认证设备。The machine-readable face feature is compared with the user face feature stored correspondingly in each terminal device, and the terminal device that satisfies the comparison result is determined as the device to be authenticated.
进一步的,所述服务器还用于:Further, the server is also used for:
确定记录的所述预设范围内的终端设备的认证等级;查询认证等级满足预设等级的终端设备对应的用户人脸特征。Determine the recorded authentication level of the terminal device within the preset range; query the user face feature corresponding to the terminal device whose authentication level meets the preset level.
在第三方面,本申请实施例提供了一种用户身份信息认证装置,包括:In a third aspect, an embodiment of the present application provides a user identity information authentication device, including:
用户信息接收模块:用于接收可信设备发送的第一用户信息,所述第一用户信息通过所述可信设备采集得到;User information receiving module: used to receive first user information sent by a trusted device, where the first user information is collected by the trusted device;
校验码生成模块:用于基于所述第一用户信息生成第一校验码,并确定和所述第一用户信息匹配的待认证设备,其中,所述待认证设备中预存有第二用户信息,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级;Verification code generation module: used to generate a first verification code based on the first user information, and determine a device to be authenticated that matches the first user information, wherein the device to be authenticated is pre-stored with a second user information, the credibility level of the first user information collected by the trusted device is higher than the credibility level of the second user information stored by the device to be authenticated;
认证设备校验模块:用于确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证。Authentication device verification module: used to determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored Authenticate the trust level of the device and complete the authentication of user identity information.
进一步的,还包括:Further, it also includes:
校验码发送模块,用于将所述第一校验码发送至所述待认证设备,用于供所述待认证设备进行所述第一校验码和第二校验码的匹配,如果匹配成功,则所述待认证设备进行认证等级修改,并通知用户,其中所述第二校验码根据所述待认证设备存储的所述第二用户信息生成。A verification code sending module, configured to send the first verification code to the device to be authenticated, for the device to be authenticated to match the first verification code and the second verification code, if If the match is successful, the device to be authenticated modifies the authentication level and notifies the user, wherein the second check code is generated according to the second user information stored by the device to be authenticated.
在第四方面,本申请实施例提供了一种用户身份信息认证设备,其特征在于,包括:存储器以及一个或多个处理器;In a fourth aspect, an embodiment of the present application provides a user identity information authentication device, characterized by comprising: a memory and one or more processors;
所述存储器,用于存储一个或多个程序;the memory for storing one or more programs;
当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现 如本申请第一方面任一所述的用户身份信息认证方法。When the one or more programs are executed by the one or more processors, the one or more processors implement the user identity information authentication method according to any one of the first aspect of the present application.
在第五方面,本申请实施例提供了一种包含计算机可执行指令的存储介质,所述计算机可执行指令在由计算机处理器执行时用于执行如第一方面所述的用户身份信息认证方法。In a fifth aspect, an embodiment of the present application provides a storage medium containing computer-executable instructions, where the computer-executable instructions, when executed by a computer processor, are used to execute the user identity information authentication method described in the first aspect .
第五方面,本申请实施例还提供了一种用户身份信息认证方法,包括:In a fifth aspect, the embodiments of the present application also provide a method for authenticating user identity information, including:
接收可信设备发送的第一校验码,所述第一校验码为所述可信设备基于采集的第一用户信息生成;receiving a first check code sent by a trusted device, where the first check code is generated by the trusted device based on the collected first user information;
确定和所述第一校验码匹配的待认证设备,其中,所述待认证设备中预存有第二用户信息,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级;Determine the device to be authenticated that matches the first check code, wherein the device to be authenticated is pre-stored with second user information, and the credibility level of the first user information collected by the trusted device is higher than all Describe the trust level of the second user information stored by the device to be authenticated;
确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证。Determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored trust level of the device to be authenticated, and complete Authentication of user identity information.
第六方面,本申请实施例还提供了一种用户身份信息认证系统,包括服务器、待认证设备以及可信设备,其中,In a sixth aspect, an embodiment of the present application further provides a user identity information authentication system, including a server, a device to be authenticated, and a trusted device, wherein,
可信设备,用于发送的第一校验码至服务器,所述第一校验码由所述可信设备基于采集的第一用户信息计算得到;服务器,用于接收所述第一校验码,确定和所述第一校验码匹配的待认证设备,其中,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级;以及The trusted device is used to send the first check code to the server, where the first check code is calculated by the trusted device based on the collected first user information; the server is used to receive the first check code code to determine the device to be authenticated that matches the first check code, wherein the trust level of the first user information collected by the trusted device is higher than the trust level of the second user information stored by the device to be authenticated confidence level; and
确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,并发送所述第一校验码和修改后的认证等级至所述待认证设备;Determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored trust level of the device to be authenticated, and sending the first verification code and the modified authentication level to the device to be authenticated;
所述待认证设备,用于基于存储的第二用户信息生成第二校验码,并接收所述服务器发送的第一校验码,如果所述第一校验码和所述第二校验码一致,则将存储的认证等级更新为所述修改后的认证等级。The device to be authenticated is configured to generate a second check code based on the stored second user information, and receive the first check code sent by the server, if the first check code and the second check code If the codes are consistent, the stored authentication level is updated to the modified authentication level.
本申请实施例应用于服务器,接收可信设备发送的第一用户信息,根据第一用户信息生成第一校验码,以及基于第一用户信息确定和第一用户信息匹配的待认证设备,服务器对第一校验码和自身存储的第三校验码进行匹配,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证;整个身份信息认证流程大大减少了需要用户直接参与的步骤,避免了用户的繁琐操作,同时可以减少用户排队操作的时间,大大提高用户使用便捷性,增加用户体验,并且降低了设备投入成本,方便老年人使用,普适性强。The embodiment of the present application is applied to a server, receives first user information sent by a trusted device, generates a first check code according to the first user information, and determines a device to be authenticated that matches the first user information based on the first user information, the server Matching the first check code with the third check code stored by itself, if the first check code and the third check code are the same, modify the stored trust level of the device to be authenticated, Complete the authentication of user identity information; the entire identity information authentication process greatly reduces the steps that require the direct participation of users, avoids cumbersome operations for users, and reduces the time for users to queue operations, greatly improves user convenience, and increases user experience. It reduces equipment investment costs, is convenient for the elderly to use, and has strong universality.
附图说明Description of drawings
图1是本申请实施例提供的一种用户身份信息认证方法的流程图;1 is a flowchart of a method for authenticating user identity information provided by an embodiment of the present application;
图2是本申请实施例提供的另一种用户身份信息认证方法的流程图;2 is a flowchart of another user identity information authentication method provided by an embodiment of the present application;
图3是本申请实施例提供的另一种用户身份信息认证方法的流程图;3 is a flowchart of another user identity information authentication method provided by an embodiment of the present application;
图4是本申请实施例提供的另一种用户身份信息认证方法的流程图;4 is a flowchart of another user identity information authentication method provided by an embodiment of the present application;
图5是本申请实施例提供的一种用户身份信息认证系统的结构示意图;5 is a schematic structural diagram of a user identity information authentication system provided by an embodiment of the present application;
图6是本申请实施例提供的一种用户身份信息认证装置的结构示意图;6 is a schematic structural diagram of a user identity information authentication device provided by an embodiment of the present application;
图7是本申请实施例提供的另一种用户身份信息认证装置的结构示意图;7 is a schematic structural diagram of another user identity information authentication device provided by an embodiment of the present application;
图8是本申请实施例提供的一种用户身份信息认证设备的结构示意图。FIG. 8 is a schematic structural diagram of a user identity information authentication device provided by an embodiment of the present application.
具体实施方式Detailed ways
为了使本申请的目的、技术方案和优点更加清楚,下面结合附图对本申请具体实施例作进一步的详细描述。可以理解的是,此处所描述的具体实施例仅仅用于解释本申请,而非对本申请的限定。另外还需要说明的是,为了便于描述,附图中仅示出了与本申请相关的部分而非全部内容。在更加详细地讨论示例性实施例之前应当提到的是,一些示例性实施例被描 述成作为流程图描绘的处理或方法。虽然流程图将各项操作(或步骤)描述成顺序的处理,但是其中的许多操作可以被并行地、并发地或者同时实施。此外,各项操作的顺序可以被重新安排。当其操作完成时所述处理可以被终止,但是还可以具有未包括在附图中的附加步骤。所述处理可以对应于方法、函数、规程、子例程、子程序等等。In order to make the objectives, technical solutions and advantages of the present application clearer, the specific embodiments of the present application will be further described in detail below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are only used to explain the present application, but not to limit the present application. In addition, it should be noted that, for the convenience of description, the drawings only show some but not all of the contents related to the present application. Before discussing the exemplary embodiments in greater detail, it should be mentioned that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart depicts various operations (or steps) as a sequential process, many of the operations may be performed in parallel, concurrently, or concurrently. Additionally, the order of operations can be rearranged. The process may be terminated when its operation is complete, but may also have additional steps not included in the figures. The processes may correspond to methods, functions, procedures, subroutines, subroutines, and the like.
本申请实施例提供了一种用户身份信息认证方法、系统、装置、用户身份信息认证设备及存储介质。本申请实施例应用于服务器,接收可信设备发送的第一用户信息,根据第一用户信息生成第一校验码,以及基于第一用户信息确定和第一用户信息匹配的待认证设备,服务器对第一校验码和自身存储的第三校验码进行匹配,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证;整个身份信息认证流程大大减少了需要用户直接参与的步骤,避免了用户的繁琐操作,同时可以减少用户排队操作的时间,大大提高用户使用便捷性,增加用户体验,并且降低了设备投入成本,方便老年人使用,普适性强。The embodiments of the present application provide a user identity information authentication method, system, device, user identity information authentication device, and storage medium. The embodiment of the present application is applied to a server, receives first user information sent by a trusted device, generates a first check code according to the first user information, and determines a device to be authenticated that matches the first user information based on the first user information, the server Matching the first check code with the third check code stored by itself, if the first check code and the third check code are the same, modify the stored trust level of the device to be authenticated, Complete the authentication of user identity information; the entire identity information authentication process greatly reduces the steps that require the direct participation of users, avoids cumbersome operations for users, and reduces the time for users to queue operations, greatly improves user convenience, and increases user experience. It reduces equipment investment costs, is convenient for the elderly to use, and has strong universality.
作为本申请完整的业务流程的一个示例,首先确定可信设备的认证等级,并由可信设备获取身份证照片和个人信息,该个人信息包括身份证件上的所属国、姓名、身份证号码等个人身份信息;之后可信设备将个人身份信息和身份信息设备ID、或者是将个人身份信息和设备位置信息发送到服务器,身份信息设备ID是指可信设备的设备ID,通过该设备ID可以获知可信设备的位置信息。服务器把个人身份信息用哈希算法或者国密算法生成第一校验码,根据可信设备的位置信息确定预设范围内的移动设备。在服务器所连接的数据库中记录有待认证设备,即移动设备的身份认证等级和第二校验码,判断移动设备所管理的个人身份认证等级是否低于可信设备的认证等级,进一步判断符合条件的移动设备的第二校验码是否与第一校验码匹配,进一步将符合条件的移动设备所关联的用户的人脸特征与可信设备所获取的身份证照片进行人脸识别比对,将符合条件的移动设备的认证等级进行修改。服务器通知对应的移动设备的应用程序,发送第一校验码和认证等级,移动设备把用户的第二校验码与第一校验码验证是否匹配,当匹配成功,则可以修改移动设备的用户认证等级,并通知用户。其中,在服务器中,还存储有第三验证码。As an example of the complete business process of this application, first determine the authentication level of the trusted device, and obtain the ID photo and personal information from the trusted device, where the personal information includes the country, name, ID number, etc. on the ID card Personal identity information; then the trusted device sends the personal identity information and identity information device ID, or sends the personal identity information and device location information to the server, the identity information device ID refers to the device ID of the trusted device, through which the device ID can Get the location information of trusted devices. The server uses a hash algorithm or a national secret algorithm to generate a first check code for the personal identity information, and determines a mobile device within a preset range according to the location information of the trusted device. Record the device to be authenticated, that is, the identity authentication level and the second verification code of the mobile device, in the database connected to the server, determine whether the personal identity authentication level managed by the mobile device is lower than the authentication level of the trusted device, and further determine that the conditions are met Whether the second check code of the mobile device matches the first check code, and further compare the facial features of the user associated with the qualified mobile device and the ID card photo obtained by the trusted device for face recognition, Modify the certification level of eligible mobile devices. The server notifies the application of the corresponding mobile device, and sends the first check code and authentication level. The mobile device verifies whether the user's second check code matches the first check code. When the match is successful, the mobile device can be modified. User authentication level, and notify the user. Wherein, in the server, a third verification code is also stored.
下面分别进行详细说明。Detailed descriptions are given below.
图1给出了本申请实施例提供的用户身份信息认证方法的流程图,本申请实施例提供的用户身份信息认证方法可以由用户身份信息认证装置来执行,该用户身份信息认证装置可以通过硬件和/或软件的方式实现,并集成在计算机设备中。1 shows a flowchart of a method for authenticating user identity information provided by an embodiment of the present application. The method for authenticating user identity information provided by an embodiment of the present application can be performed by a user identity information authentication device, which can be implemented by hardware and/or software and integrated in computer equipment.
下述以用户身份信息认证装置执行用户身份信息认证方法为例进行描述。参考图1,该用户身份信息认证方法包括:The following description takes the user identity information authentication device executing the user identity information authentication method as an example for description. Referring to Figure 1, the user identity information authentication method includes:
101:接收可信设备发送的第一用户信息,所述第一用户信息通过所述可信设备采集得到。101: Receive first user information sent by a trusted device, where the first user information is collected by the trusted device.
本申请实施例中,执行用户身份信息认证方法的主体可以是服务器,包括云服务器。其中,可信设备通常设置在需要进行身份认证场所所设置的设备,进行用户信息采集和识别。可信设备可以是仅提供用户身份信息采集的专用设备,也可以是结合其他功能的终端设备,例如是是设置在银行办事大厅的身份认证终端设备、税务办事大厅设置的一体终端设备、高铁自动取票终端设备,等等。其中,第一用户信息可以包括用户姓名、生物特征信息、身份证号、手机号等信息。生物特征信息包括人脸信息、虹膜信息、巩膜信息、指纹信息、掌纹信息、声纹信息、DNA信息中的一种或多种,而其中人脸信息包含活体人脸信息和基于人脸照片所解析的人脸信息,该活体人脸信息通过人脸识别技术获取用户的人脸信息,提高身份识别的准确度。在其他示例性实施例中,第一用户信息还可以包括所属国。例如用户是A国人,但是在B国拥有其身份证,则该用户的国籍是A国国籍,但所属国是B国。In this embodiment of the present application, the subject executing the user identity information authentication method may be a server, including a cloud server. Among them, the trusted device is usually installed in the device where the identity authentication needs to be performed to collect and identify user information. A trusted device can be a dedicated device that only provides user identity information collection, or can be a terminal device that combines other functions, such as an identity authentication terminal device set up in a bank office, an integrated terminal device set in a tax office, and a high-speed rail automatic terminal. Ticket collection terminal equipment, etc. The first user information may include user name, biometric information, ID number, mobile phone number and other information. Biometric information includes one or more of face information, iris information, sclera information, fingerprint information, palmprint information, voiceprint information, and DNA information, and the face information includes living face information and face-based photos The parsed face information, the living face information obtains the user's face information through the face recognition technology, and improves the accuracy of the identity recognition. In other exemplary embodiments, the first user information may further include a country of origin. For example, if a user is from country A, but has an ID card in country B, the user's nationality is the nationality of country A, but the country to which he belongs is country B.
在本实施例中,第一用户信息通过可信设备采集,优选的,可信设备包括身份证阅读设备、可信身份阅读器、护照阅读器、驾驶照阅读器等,那么第一用户信息包括身份证信息。 身份证信息例如是完整的身份证号,或者是部分身份证号,还可以包括用户姓名、证件的用户照片信息(证件的印刷用户照片信息和/或证件的芯片用户照片信息),基于该证件的用户照片信息,可以获取用户的人脸特征信息。只有当可信设备读取到身份证,才获取身份证信息向服务器上传。也即是,通过可信设备对身份证的读取,相当于启动了身份信息认证流程。In this embodiment, the first user information is collected by a trusted device. Preferably, the trusted device includes an ID card reading device, a trusted ID reader, a passport reader, a driver's license reader, etc., then the first user information includes ID information. The ID information is, for example, a complete ID number or a partial ID number, and may also include the user's name, user photo information of the certificate (printed user photo information of the certificate and/or chip user photo information of the certificate), based on the certificate The user's photo information can obtain the user's face feature information. Only when the trusted device reads the ID card, it obtains the ID card information and uploads it to the server. That is, reading the ID card through a trusted device is equivalent to starting the identity information authentication process.
102:基于所述第一用户信息生成第一校验码,并确定和所述第一用户信息匹配的待认证设备,所述待认证设备存储有第二校验码,其中,所述待认证设备中预存有第二用户信息,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级。102: Generate a first verification code based on the first user information, and determine a device to be authenticated that matches the first user information, where the device to be authenticated stores a second verification code, wherein the device to be authenticated The second user information is pre-stored in the device, and the credibility level of the first user information collected by the trusted device is higher than the credibility level of the second user information stored by the device to be authenticated.
服务器针对来自可信设备的第一用户信息生成第一校验码,该第一校验码用于与待认证设备起到握手、身份确认的作用。同时,服务器基于第一用户信息,匹配符合条件的待认证设备。其中,待认证设备通常是用户持有的终端设备,包括智能手机、智能手环、智能钥匙扣、智能项链、智能手表、笔记本电脑、平板电脑等移动终端设备。第二用户信息预存在待认证设备中,可以理解的是,待认证设备具有录入第二用户信息的功能,同样的,第二用户信息包括用户姓名、人脸特征信息、身份证号、手机号等。其中,所述人脸特征信息可通过人脸扫描仪、摄像机、摄像头等人脸采集设备获取活脸特征信息,也可以由用户在待认证设备上上传个人人脸照片。并且,待认证设备当预存了第二用户信息时,基于该第二用户信息计算生成第二校验码。The server generates a first check code for the first user information from the trusted device, and the first check code is used to perform a handshake and identity confirmation with the device to be authenticated. At the same time, the server matches the devices to be authenticated that meet the conditions based on the first user information. The device to be authenticated is usually a terminal device held by a user, including mobile terminal devices such as smart phones, smart bracelets, smart keychains, smart necklaces, smart watches, notebook computers, and tablet computers. The second user information is pre-stored in the device to be authenticated. It can be understood that the device to be authenticated has the function of entering the second user information. Similarly, the second user information includes the user name, face feature information, ID number, mobile phone number Wait. Wherein, the facial feature information can be acquired through face acquisition devices such as face scanners, cameras, cameras, etc., and the user can also upload a personal face photo on the device to be authenticated. Moreover, when the device to be authenticated pre-stores the second user information, it calculates and generates a second verification code based on the second user information.
实施例中,服务器针对第一用户信息所生成的第一校验码,可以是完整的姓名加身份证号码,此时,在完整的姓名后面在加上完整的身份证号码,形成第一校验码;还可以是专用信息,例如CTID,该CTID是一个由256个字符所组成的加密身份证信息。此外,还可以是姓名的姓加上姓名的总字数再加上身份证前三位数字再加上身份证后三位数字,姓例如是姓的拼音、英语、字母或他国语言。上述三种第一校验码的表达形式仅仅作为示例性实施例,并不是只局限于上述三种表达形式。In the embodiment, the first verification code generated by the server for the first user information can be a complete name plus an ID card number. It can also be special information, such as CTID, which is an encrypted ID card information composed of 256 characters. In addition, it can also be the surname of the name plus the total number of characters of the name plus the first three digits of the ID card plus the last three digits of the ID card. The above-mentioned three expression forms of the first check code are only used as exemplary embodiments, and are not limited to the above-mentioned three expression forms.
本实施例中,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级。具体的,本实施例在数据认证等级中将数据认证等级分为五级,0级表示无身份信息,同时是在应用程序刚刚安装,且用户没有对其进行任何身份信息操作的时候;1级表示虚拟信息,通常是用户自定义的头像、昵称、结合系统自动生成的Open ID;2级表示无可信度,通常指用户自填的身份信息,由该身份信息来自于用户自填,没有经过任何校验,因此属于不可信的信息;3级是初步可信,通常需要在3级信息的基础上进行OCR(Optical Character Recognition,光学字符识别)身份证识别认证;4级表示商用可信,表示信息经过第三方机构认证,可以进行商业交易操作的认证,包括阿里认证、微信认证、百度认证、银联认证、电信认证、谷歌认证、亚马孙认证、商用NFC身份证认证等第三方机构认证;5级表示法定可信,包括身份证阅读器认证、eID身份认证、CTID(网证)身份认证、护照阅读器、驾驶照阅读器、警用NFC身份证认证和公安局认证等当地国家的法定认证。作为优选的,本申请实施例公开的可信设备中的数据认证符合5级身份证认证方式,也即是可信设备所采集的第一用户信息为法定可信,属于数据认证的最高级别;或本申请实施例公开的可信设备中的数据认证符合4级身份证认证方式,即是可信设备所采集的第一用户信息为商用可信,属于数据认证的可信度较高的级别。而待认证设备中预存的第二用户信息通常是由用户自主录入,此时在未经其他验证的情况下,该第二用户信息属于数据认证的第二级。待认证设备中预存的第二用户信息来自于其他设备,或者虽然是由用户自主录入但是经过了其他平台的验证,例如微信认证,则该第二用户信息的实际等级根据实际情况定义。In this embodiment, the trust level of the first user information collected by the trusted device is higher than the trust level of the second user information stored by the device to be authenticated. Specifically, in this embodiment, the data authentication level is divided into five levels. Level 0 means no identity information. At the same time, when the application is just installed and the user has not performed any identity information operation on it; level 1 Indicates virtual information, usually user-defined avatars, nicknames, and Open IDs automatically generated by the system; Level 2 means no credibility, usually refers to the identity information filled in by the user, which is from the user's self-filling, no After any verification, it is not credible information; Level 3 is preliminary credible, and OCR (Optical Character Recognition, Optical Character Recognition) ID card identification and authentication is usually required on the basis of Level 3 information; Level 4 means commercial credibility , indicating that the information has been certified by a third-party agency and can be certified for commercial transaction operations, including third-party agency certification such as Ali certification, WeChat certification, Baidu certification, UnionPay certification, telecom certification, Google certification, Amazon certification, and commercial NFC ID card certification; Level 5 means legal trustworthiness, including ID card reader authentication, eID authentication, CTID (Internet ID) authentication, passport reader, driver's license reader, police NFC ID authentication and public security bureau authentication and other local laws and regulations Certification. Preferably, the data authentication in the trusted device disclosed in the embodiment of the present application conforms to the 5-level ID card authentication method, that is, the first user information collected by the trusted device is legally trusted and belongs to the highest level of data authentication; Or the data authentication in the trusted device disclosed in the embodiment of the present application conforms to the 4-level ID card authentication method, that is, the first user information collected by the trusted device is commercial trustworthy and belongs to a higher level of data authentication reliability. . The second user information pre-stored in the device to be authenticated is usually entered by the user independently, and in this case, the second user information belongs to the second level of data authentication without other verification. If the second user information pre-stored in the device to be authenticated comes from other devices, or is independently entered by the user but has been verified by other platforms, such as WeChat authentication, the actual level of the second user information is defined according to the actual situation.
本实施例中旨在实现对可信等级低的用户信息进行验证,以确定该用户信息的可信度,若待认证设备对应的数据可信等级已经是最高等级,表明是法定可信,无需再进行验证。因此在本实施例中,确定匹配的待认证设备包括对终端设备的数据等级进行检验,只选取可信等级低于可信设备的待认证设备进行下一步的动作。实际上,每一个终端设备会周期性或者 不间断的向服务器上报位置信息,同时也会周期性或者不间断的向服务器上报自身的数据认证等级,因此当服务器接到可信设备的第一用户信息,并确定了与第一用户信息匹配的待认证设备时,根据各终端设备上报的数据认证等级可以排除数据认证等级与可信设备相等甚至数据认证等级高于可信设备的待认证设备。In this embodiment, the purpose of verifying user information with a low trust level is to determine the trust level of the user information. If the data trust level corresponding to the device to be authenticated is already the highest level, it indicates that it is legally trustworthy, and no need Verify again. Therefore, in this embodiment, determining the matching device to be authenticated includes checking the data level of the terminal device, and only selecting the device to be authenticated whose trust level is lower than that of the trusted device to perform the next action. In fact, each terminal device will periodically or uninterruptedly report location information to the server, and will also periodically or uninterruptedly report its own data authentication level to the server. Therefore, when the server receives the first user of the trusted device When the device to be authenticated that matches the first user information is determined, the device to be authenticated with the data authentication level equal to or even higher than the trusted device can be excluded according to the data authentication level reported by each terminal device.
由于个人身份信息涉及个人隐私,为确保个人身份信息安全,通常普通的设备、企业不能对个人身份信息进行存储。为了保障个人身份信息安全,例如本申请的可信设备选用身份证读卡设备的场景下,可信设备读取身份证信息,并根据该身份证信息获取都对应用户的手机号,并选取所述手机号的后n位数字,其中,n为大于1的整数。并且将身份证信息中的用户照片、用户姓名以及手机号后n位数字打包作为第一用户信息。因此,当本申请基于第一用户信息计算生成第一校验码时,可以是通过哈希算法计算用户姓名和手机号后n位数字的散列值生成。从便利性的角度,第二用户信息包括的内容类别可以与第一用户信息相同,包括用户身份证信息,以及用户手机号或者手机号后n位数字。第二校验码也同样可以是哈希算法计算用户姓名和手机号后n位数字的散列值生成。Since personally identifiable information involves personal privacy, in order to ensure the security of personal identity information, ordinary devices and enterprises cannot store personally identifiable information. In order to ensure the security of personal identity information, for example, in the scenario where the trusted device of this application selects an ID card reader device, the trusted device reads the ID card information, and obtains the mobile phone number of the corresponding user according to the ID card information, and selects the The last n digits of the mobile phone number, where n is an integer greater than 1. And the user's photo, the user's name and the last n digits of the mobile phone number in the ID card information are packaged as the first user information. Therefore, when the present application calculates and generates the first check code based on the first user information, it may be generated by calculating the hash value of the last n digits of the user's name and mobile phone number through a hash algorithm. From the perspective of convenience, the content category included in the second user information may be the same as the first user information, including user ID card information, and the user's mobile phone number or the last n digits of the mobile phone number. The second check code can also be generated by calculating the hash value of the last n digits of the user's name and mobile phone number by a hash algorithm.
在另外的示例性实施例中,第一用户信息可以仅仅是包含用户的身份证信息,即不包含手机号,而是包括身份证号、姓名、人脸信息。那么第一校验码可通过哈希算法计算所述身份证信息中姓名和身份证号的散列值生成。同样第二用户信息而言可以是包含身份证号、姓名、人脸信息,相应的,第二校验码也可以通过哈希算法计算所述身份证信息中姓名和身份证号的散列值生成。In another exemplary embodiment, the first user information may only include the user's ID card information, that is, not include the mobile phone number, but include the ID card number, name, and face information. Then, the first check code can be generated by calculating the hash value of the name and the ID card number in the ID card information through a hash algorithm. Similarly, the second user information may include ID number, name, and face information. Correspondingly, the second check code may also use a hash algorithm to calculate the hash value of the name and ID number in the ID card information. generate.
103:确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证。103: Determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored trust level of the device to be authenticated , complete the authentication of user identity information.
服务器不能存储身份信息,因此服务器预先存储第三校验码,该第三校验码由与不同用户分别对应的用户信息生成。由于服务器基于第一用户信息生成第一校验码并匹配到待认证设备,则关联了与待认证设备对应的第三校验码。具体的,服务器对第一校验码和第二校验码的一致性进行检测,两者一致的情况下,证明第一校验码与第二校验码匹配,可以修改待认证设备的可信等级,从而完成用户身份信息的认证。The server cannot store identity information, so the server pre-stores a third check code, where the third check code is generated from user information corresponding to different users. Since the server generates the first check code based on the first user information and matches it to the device to be authenticated, the third check code corresponding to the device to be authenticated is associated. Specifically, the server checks the consistency of the first check code and the second check code. If the two are consistent, it proves that the first check code matches the second check code, and the availability of the device to be authenticated can be modified. information level, so as to complete the authentication of user identity information.
在另外一个实施例中,本申请提供的一种用户身份信息认证方法如图2所述,包括:In another embodiment, a user identity information authentication method provided by the present application is as shown in FIG. 2 , including:
201:接收可信设备发送的第一用户信息,所述第一用户信息通过所述可信设备采集得到。201: Receive first user information sent by a trusted device, where the first user information is collected by the trusted device.
202:基于所述第一用户信息生成第一校验码,并确定和所述第一用户信息匹配的待认证设备。同样的,本示例性实施例中,在待认证设备预存有第二用户信息,并且通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级。202: Generate a first verification code based on the first user information, and determine a device to be authenticated that matches the first user information. Similarly, in this exemplary embodiment, second user information is pre-stored in the device to be authenticated, and the trust level of the first user information collected through the trusted device is higher than the second user information stored by the device to be authenticated The trust level of user information.
203:确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证。203: Determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored trust level of the device to be authenticated , complete the authentication of user identity information.
在前述步骤201-步骤203中,与前述的上一个实施例执行流程和原理相同,在本实施例中不再赘述。本实施例与上一个实施例的主要区别在于,本实施例在修改存储的所述待认证设备的可信等级之后,还包括:In the foregoing steps 201 to 203, the execution process and principle are the same as those in the foregoing previous embodiment, and are not repeated in this embodiment. The main difference between this embodiment and the previous embodiment is that, after modifying the stored trust level of the device to be authenticated, this embodiment further includes:
204:将所述第一校验码发送至所述待认证设备,用于供所述待认证设备进行所述第一校验码和第二校验码的匹配,如果匹配成功,则所述待认证设备进行认证等级修改,并通知用户,其中所述第二校验码根据所述待认证设备存储的所述第二用户信息生成。204: Send the first verification code to the device to be authenticated, for the device to be authenticated to match the first verification code and the second verification code, if the matching is successful, the The to-be-authenticated device modifies the authentication level and notifies the user, wherein the second check code is generated according to the second user information stored by the to-be-authenticated device.
本实施例中,在服务器基于第一校验码和第三校验码的一致性检验的基础上,在待认证设备这一端对第一校验码和第二校验码的一致性进行检测,两者一致的情况下,表明第一校验码和第二校验码匹配,则匹配成功,待认证设备对认证等级进行修改,并通知用户。In this embodiment, based on the consistency check of the first check code and the third check code by the server, the device to be authenticated checks the consistency of the first check code and the second check code. , if the two are consistent, it indicates that the first check code and the second check code match, and the match is successful, and the device to be authenticated modifies the authentication level and notifies the user.
待认证设备将匹配结果发送给用户。本实施例中,当匹配结果为匹配成功,则认证待认证设备的第二用户信息可信。本申请的服务器中,接收各个终端设备上报的可信等级后,对各个终端设备的可信等级进行存储,因此服务器当收到待认证设备的匹配结果为匹配成功 时,表明身份认证成功,并更新可信等级。The device to be authenticated sends the matching result to the user. In this embodiment, when the matching result is that the matching is successful, the second user information of the device to be authenticated is credible. In the server of the present application, after receiving the trust level reported by each terminal device, the trust level of each terminal device is stored. Therefore, when the server receives the matching result of the device to be authenticated and the matching result is successful, it indicates that the identity authentication is successful, and Update the trust level.
如图3所示,本申请实施例还提供另外一种用户身份信息认证方法,包括:As shown in FIG. 3 , the embodiment of the present application also provides another user identity information authentication method, including:
301:接收可信设备发送的第一用户信息,所述第一用户信息通过所述可信设备采集得到。301: Receive first user information sent by a trusted device, where the first user information is collected by the trusted device.
本实施例应用在服务器,服务器基于已经获得可信等级认证的可信设备对其他终端设备进行身份信息的认证。其中,用户通过可信设备输入第一用户信息,该第一用户信息通常即时生成,而并非预存在可信设备中。可信设备作为获得可信等级认证的设备,通常被应用在银行、高铁、政务办证场合的场景中,例如作为银行身份认证终端、高铁身份证检票终端、政务办理自助终端。第一用户信息通常为身份证信息。This embodiment is applied to the server, and the server authenticates the identity information of other terminal devices based on the trusted device that has obtained the trust level certification. Wherein, the user inputs the first user information through the trusted device, and the first user information is usually generated immediately rather than pre-stored in the trusted device. Trusted devices, as devices that have obtained the trust level certification, are usually used in the scenarios of banks, high-speed railways, and government affairs, such as bank identity authentication terminals, high-speed railway ID card check terminals, and government affairs self-service terminals. The first user information is usually ID card information.
302:基于所述第一用户信息生成第一校验码。302: Generate a first check code based on the first user information.
本实施例中,服务器在获得第一用户信息的基础上进行第一校验码的计算,可选的,第一用户信息包括身份证号、姓名、人脸生物特征信息,第一校验码可通过哈希算法计算所述身份证信息中姓名和身份证号的散列值生成。In this embodiment, the server calculates the first check code on the basis of obtaining the first user information. Optionally, the first user information includes ID number, name, face biometric information, and the first check code. The hash value of the name and the ID card number in the ID card information can be calculated and generated by a hash algorithm.
303:获取所述可信设备的位置信息,确定所述位置信息预设范围内的终端设备。303: Acquire location information of the trusted device, and determine a terminal device within a preset range of the location information.
用户通过可信设备输入第一用户信息时,相当于启动身份信息认证流程,服务器即时收到该第一用户信息,据此搜寻预设范围内的终端设备。需要说明的是,终端设备周期性或者无间断的向服务器汇报自身的位置信息,因此在服务器中实际上存储了各个终端设备的位置信息。一个示例性实施例中,服务器中也存储了可信设备的位置信息。基于可信设备的位置信息,根据提前设定的预设范围,选取在该预设范围内的终端设备。在其他示例性实施例中,还可以是第一用户信息除了包含用户的个人身份信息,还包括可信设备的设备ID,该设备ID可以对应查询该可信设备的注册地址。此外,可信设备的位置信息可通过卫星定位装置、蓝牙定位装置或其他定位装置采集得到,同样,终端设备的位置信息也可由卫星定位装置、蓝牙定位装置或其他定位装置采集得到。预设范围例如是以可信设备为圆心、基于该圆心和预设半径所形成的圆形区域。因此搜寻预设范围内的终端设备即是,根据可信设备的位置信息,结合预设半径选取以可信设备为圆心形成的圆形区域,根据终端设备的位置信息确定位于该圆心区域内的终端设备作为备选的待认证设备进行下一步的匹配流程。When the user inputs the first user information through the trusted device, it is equivalent to starting the identity information authentication process, and the server immediately receives the first user information, and searches for terminal devices within a preset range accordingly. It should be noted that the terminal device periodically or uninterruptedly reports its own location information to the server, so the server actually stores the location information of each terminal device. In an exemplary embodiment, the location information of the trusted device is also stored in the server. Based on the location information of the trusted device, and according to a preset range set in advance, terminal devices within the preset range are selected. In other exemplary embodiments, the first user information may also include a device ID of a trusted device in addition to the user's personal identity information, and the device ID can correspond to query the registered address of the trusted device. In addition, the location information of the trusted device can be collected by a satellite positioning device, a Bluetooth positioning device, or other positioning devices. Similarly, the location information of the terminal device can also be collected by a satellite positioning device, a Bluetooth positioning device, or other positioning devices. The preset range is, for example, a circular area formed based on the trusted device as the center and based on the center and the preset radius. Therefore, searching for a terminal device within a preset range is to select a circular area formed with the trusted device as the center according to the location information of the trusted device in combination with the preset radius, and determine the terminal device located in the center area according to the location information of the terminal device. The terminal device is used as an alternative device to be authenticated to perform the next matching process.
304:查询存储的所述终端设备对应的用户人脸特征。304: Query the stored face features of the user corresponding to the terminal device.
地理位置的匹配是本申请实施例中对待认证设备确定的第一步,以排除预设范围内的其他终端设备,降低后续的工作量。之后基于用户人脸特征对待认证设备进行进一步的匹配。具体的,每一台终端设备对用有用户人脸特征。该用户人脸特征例如是用户录入第二用户信息时,作为第二用户信息的其中一类内容而采集的人脸图像,包括人脸照片和活脸特征两种不同类型。The matching of the geographic location is the first step in determining the device to be authenticated in the embodiment of the present application, so as to exclude other terminal devices within the preset range and reduce the subsequent workload. Afterwards, further matching is performed on the authentication device based on the user's facial features. Specifically, each terminal device is paired with the user's facial features. The user face feature is, for example, a face image collected as one type of content of the second user information when the user enters the second user information, including two different types of face photos and live face features.
305:对所述身份证信息中的人脸图像进行特征提取得到机读人脸特征。305: Perform feature extraction on the face image in the ID card information to obtain machine-readable face features.
可信设备扫描身份证读取到身份证信息,包括身份证中的人脸图像,将身份证信息上传到服务器后,服务器对人脸图像进行进一步的识别和分析,得到机读人脸特征。在上一个步骤中,第二用户信息的人脸图像假设是人脸照片的情况,由于第二用户信息的人脸照片的拍摄时间和身份证信息中的人脸图像的拍摄时间有所不同,即使是同一个用户在不同的光线、时间、场景、人物状态下所拍摄的人脸照片均不会完全相同,因此本申请中基于人脸图像对终端设备进行进一步的验证和匹配。The trusted device scans the ID card and reads the ID card information, including the face image in the ID card. After uploading the ID card information to the server, the server further identifies and analyzes the face image to obtain machine-readable face features. In the previous step, the face image of the second user information is assumed to be a face photo, since the shooting time of the face photo of the second user information is different from the shooting time of the face image in the ID card information, Even the face photos taken by the same user under different light, time, scene, and character status are not exactly the same. Therefore, in this application, the terminal device is further verified and matched based on the face image.
306:将所述机读人脸特征与每个终端设备对应存储的用户人脸特征进行比对,将满足比对结果的终端设备确定为待认证设备。306: Compare the machine-readable face feature with the user face feature stored correspondingly in each terminal device, and determine the terminal device that satisfies the comparison result as the device to be authenticated.
本实施例中,待认证设备存储有第二校验码,所述第二校验码由所述待认证设备根据预存的第二用户信息计算生成,其中,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级。In this embodiment, the device to be authenticated stores a second check code, and the second check code is calculated and generated by the device to be authenticated according to the pre-stored second user information, wherein the data collected by the trusted device The trust level of the first user information is higher than the trust level of the second user information stored by the device to be authenticated.
307:确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证。307: Determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored trust level of the device to be authenticated , complete the authentication of user identity information.
参见图4,本申请实施例还提供另外一种用户身份信息认证方法,包括:Referring to FIG. 4 , the embodiment of the present application further provides another method for authenticating user identity information, including:
401:接收可信设备发送的第一用户信息,所述第一用户信息通过所述可信设备采集得到。401: Receive first user information sent by a trusted device, where the first user information is collected by the trusted device.
同样的,本实施例中,执行用户身份信息认证方法的主体可以是服务器,第一用户信息包括用户人脸特征、姓名、身份证号码,或者包括用户人脸特征、姓名、手机号后n位。Similarly, in this embodiment, the main body that executes the user identity information authentication method may be a server, and the first user information includes the user's face feature, name, and ID number, or includes the user's face feature, name, and the last n digits of the mobile phone number. .
402:基于所述第一用户信息生成第一校验码。402: Generate a first check code based on the first user information.
本实施例服务器基于第一用户信息,生成第一校验码,该第一校验码是唯一值,因此具体足够的可靠性。具体的,可以通过哈希算法计算用户姓名和手机号后n位数字的散列值生成第一校验码,或者通过哈希算法计算用户姓名和身份证号的散列值生成第一校验码。The server in this embodiment generates a first check code based on the first user information, and the first check code is a unique value, so it has sufficient reliability. Specifically, the hash value of the last n digits of the user's name and mobile phone number can be calculated by a hash algorithm to generate the first check code, or the hash value of the user's name and ID number can be calculated by a hash algorithm to generate the first check code. code.
403:获取所述可信设备的位置信息,确定所述位置信息预设范围内的终端设备。403: Acquire location information of the trusted device, and determine terminal devices within a preset range of the location information.
用户通过可信设备输入第一用户信息时,相当于启动身份信息认证流程,服务器即时收到该第一用户信息,据此搜寻预设范围内的终端设备。需要说明的是,终端设备周期性或者无间断的向服务器汇报自身的位置信息,因此在服务器中实际上存储了各个终端设备的位置信息。同时,服务器中也存储了可信设备的位置信息。基于可信设备的位置信息,根据提前设定的预设范围,选取在该预设范围内的终端设备。具体的,可信设备的位置信息可通过卫星定位装置、蓝牙定位装置或其他定位装置采集得到,同样,终端设备的位置信息也可由卫星定位装置、蓝牙定位装置或其他定位装置采集得到。预设范围例如是以可信设备为参考点,基于该参考点选取预设栅格数的所形成的栅格区域。例如预设栅格数为8,因此搜寻预设范围内的终端设备即是,根据可信设备的位置信息,将该位置信息上下左右8个栅格数的区域全部囊括为栅格区域,根据终端设备的位置信息确定位于该栅格区域内的终端设备为待认证设备。When the user inputs the first user information through the trusted device, it is equivalent to starting the identity information authentication process, and the server immediately receives the first user information, and searches for terminal devices within a preset range accordingly. It should be noted that the terminal device periodically or uninterruptedly reports its own location information to the server, so the server actually stores the location information of each terminal device. At the same time, the location information of the trusted device is also stored in the server. Based on the location information of the trusted device, and according to a preset range set in advance, terminal devices within the preset range are selected. Specifically, the location information of the trusted device can be collected by a satellite positioning device, a Bluetooth positioning device or other positioning devices. Similarly, the location information of the terminal device can also be collected by a satellite positioning device, a Bluetooth positioning device or other positioning devices. The preset range, for example, takes the trusted device as a reference point, and selects a grid area formed by a preset number of grids based on the reference point. For example, the preset number of grids is 8, so to search for terminal devices within the preset range is, according to the location information of trusted devices, all areas with 8 grid numbers of the upper, lower, left, and right of the location information are included as grid areas. The location information of the terminal device determines that the terminal device located in the grid area is the device to be authenticated.
404:确定记录的所述预设范围内的终端设备的认证等级。404: Determine the recorded authentication level of the terminal device within the preset range.
本申请旨在对数据认证的可信等级低于可信设备的可信等级所对应的终端设备进行认证,以在后续对该终端设备的可信等级进行升级更新。本实施例中,为了确定待认证设备,选取在预设范围内的且认证等级也符合条件的终端设备进行后续的匹配。The purpose of this application is to authenticate a terminal device whose data authentication trust level is lower than the trust level of the trusted device, so as to upgrade and update the trust level of the terminal device in the future. In this embodiment, in order to determine the device to be authenticated, a terminal device that is within a preset range and whose authentication level also meets the conditions is selected for subsequent matching.
405:查询认证等级满足预设等级的终端设备对应的用户人脸特征。405: Query the user face feature corresponding to the terminal device whose authentication level meets the preset level.
本申请中,认证等级满足预设等级实际上意味着选取认证等级低于可信设备的终端设备,由于该终端设备的认证等级低,对应的可信等级低于4级,通常为不可信,需要进一步认证以使终端设备的数据可信。因此筛选认证等级低于可信设备的等级的终端设备进行下一步的人脸比对匹配。In this application, the fact that the authentication level satisfies the preset level actually means that a terminal device with an authentication level lower than a trusted device is selected. Since the authentication level of the terminal device is low, the corresponding trusted level is lower than level 4, which is usually untrustworthy. Further authentication is required to make the end device's data trusted. Therefore, the terminal device whose authentication level is lower than the level of the trusted device is screened to perform the next face comparison and matching.
406:对所述身份证信息中的人脸图像进行特征提取得到机读人脸特征。406: Perform feature extraction on the face image in the ID card information to obtain machine-readable face features.
407:将所述机读人脸特征与每个终端设备对应存储的用户人脸特征进行比对,将满足比对结果的终端设备确定为待认证设备。407: Compare the machine-readable face feature with the user face feature stored correspondingly in each terminal device, and determine the terminal device that satisfies the comparison result as the device to be authenticated.
所述待认证设备存储有第二校验码,所述第二校验码由所述待认证设备根据预存的第二用户信息计算生成,其中,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级。The device to be authenticated stores a second check code, and the second check code is calculated and generated by the device to be authenticated according to the pre-stored second user information, wherein the first user obtained by the trusted device is collected. The trust level of the information is higher than the trust level of the second user information stored by the device to be authenticated.
408:确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证。408: Determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored trust level of the device to be authenticated , complete the authentication of user identity information.
图5示出了本申请实施例提供的一种用户身份信息认证系统的结构示意图,如图5所示,本申请实施例提供的一种用户身份信息认证系统包括服务器501、待认证设备502以及可信设备503,具体的:FIG. 5 shows a schematic structural diagram of a user identity information authentication system provided by an embodiment of the present application. As shown in FIG. 5 , a user identity information authentication system provided by an embodiment of the present application includes a server 501 , a device to be authenticated 502 and Trusted device 503, specifically:
可信设备503,用于发送的第一用户信息至服务器,所述第一用户信息通过所述可信设备采集得到;本实施例中,第一用户信息可以是身份证信息,该身份证信息由可信设备读取用户的身份证获得。第二用户信息可以是预存在待认证设备中,由用户通过待认证设备进行录入,包括用户人脸特征、姓名和身份证号。The trusted device 503 is used to send the first user information to the server, where the first user information is collected by the trusted device; in this embodiment, the first user information may be ID card information, the ID card information Obtained by the trusted device reading the user's ID card. The second user information may be pre-stored in the device to be authenticated and entered by the user through the device to be authenticated, including the user's facial features, name and ID number.
所述服务器501,用于接收所述第一用户信息,基于所述第一用户信息生成第一校验码, 并确定和所述第一用户信息匹配的待认证设备,其中,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级;以及The server 501 is configured to receive the first user information, generate a first verification code based on the first user information, and determine a device to be authenticated that matches the first user information, wherein The trust level of the first user information collected by the trust device is higher than the trust level of the second user information stored by the device to be authenticated; and
确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,并发送所述第一校验码和修改后的认证等级至所述待认证设备;Determine the stored third verification code corresponding to the device to be authenticated, if the first verification code and the third verification code are the same, modify the stored trust level of the device to be authenticated, and sending the first verification code and the modified authentication level to the device to be authenticated;
所述待认证设备502,用于基于存储的第二用户信息生成第二校验码,并接收所述服务器发送的第一校验码,如果所述第一校验码和所述第二校验码一致,则将存储的认证等级更新为所述修改后的认证等级。The device to be authenticated 502 is configured to generate a second check code based on the stored second user information, and receive the first check code sent by the server, if the first check code and the second check code If the verification codes are consistent, the stored authentication level is updated to the modified authentication level.
请继续参见图5,本实施例示出了另外一种用户身份信息认证系统,包括服务器501、待认证设备502、可信设备503,其中:Please continue to refer to FIG. 5, this embodiment shows another user identity information authentication system, including a server 501, a device to be authenticated 502, and a trusted device 503, wherein:
可信设备503,用于发送的第一用户信息至服务器,所述第一用户信息通过所述可信设备采集得到;第一用户信息包括身份证信息。The trusted device 503 is used to send the first user information to the server, where the first user information is collected by the trusted device; the first user information includes ID card information.
所述服务器502,用于获取所述可信设备的位置信息,确定所述位置信息预设范围内的终端设备;查询存储的所述终端设备对应的用户人脸特征;将所述机读人脸特征与每个终端设备对应存储的用户人脸特征进行比对,将满足比对结果的终端设备确定为待认证设备。The server 502 is configured to acquire the location information of the trusted device, and determine the terminal device within the preset range of the location information; query the stored facial features of the user corresponding to the terminal device; The face features are compared with the user face features stored corresponding to each terminal device, and the terminal device that satisfies the comparison result is determined as the device to be authenticated.
所述待认证设备501,用于基于存储的第二用户信息生成第二校验码,并接收所述服务器发送的第一校验码,如果所述第一校验码和所述第二校验码一致,则将存储的认证等级更新为所述修改后的认证等级。The to-be-authenticated device 501 is configured to generate a second check code based on the stored second user information, and receive the first check code sent by the server, if the first check code and the second check code If the verification codes are consistent, the stored authentication level is updated to the modified authentication level.
作为优选的,上述可信设备为身份证读卡设备,身份证读卡设备可以对身份证进行扫描以识别身份证信息,因此基本申请实施例中,第一用户信息包括身份证信息。Preferably, the above-mentioned trusted device is an ID card reading device, and the ID card reading device can scan the ID card to identify ID card information. Therefore, in the basic application embodiment, the first user information includes ID card information.
在本实施例中,通过结合基于位置信息对终端设备的筛选、针对姓名和身份证号进行比对,之后确定待认证设备。其中,可信设备内部设置例如卫星定位设备、蓝牙定位装置或其他定位装置的地理信息采集装置,对可信设备的位置信息进行采集并上传至服务器进行存储。相应的,终端设备中也具有定位设备对终端设备的位置信息进行采集,并将采集的位置信息上传给服务器。因此当设定认为设定的预设范围时,根据可信设备的位置信息和各个终端设备的位置信息可以筛选出符合预设范围的终端设备。In this embodiment, the device to be authenticated is determined by combining the screening of the terminal device based on the location information and comparing the name and the ID number. The trusted device is internally provided with a geographic information collection device such as a satellite positioning device, a Bluetooth positioning device, or other positioning devices, to collect the location information of the trusted device and upload it to the server for storage. Correspondingly, the terminal device also has a positioning device to collect the location information of the terminal device, and upload the collected location information to the server. Therefore, when the preset range considered to be set is set, the terminal devices that meet the preset range can be screened out according to the location information of the trusted device and the location information of each terminal device.
作为本实施例位置信息获取的补充,还可以通过加速度传感器、方向传感器等采集终端设备的位移,进而获知终端设备当前的位置信息,适应于地下室等无信号、信号差的场所中,卫星等地理信息采集装置失灵的情况下依然可以获取终端设备的位置信息。As a supplement to the acquisition of the location information in this embodiment, the displacement of the terminal device can also be collected through an acceleration sensor, a direction sensor, etc., and then the current location information of the terminal device can be obtained, which is suitable for places with no signal or poor signal, such as a basement, and geographic locations such as satellites. The location information of the terminal device can still be acquired even when the information acquisition device fails.
当选取了符合预设范围的终端设备时,意味着筛选了预设范围外的其他终端设备,降低了之后流程的工作量,缩小了范围。本步骤中,查询终端设备对应的姓名和身份证号,该姓名和身份证号可以是第二用户信息所包含的,也可能是针对各个终端设备,由用户之前录入与终端设备对应的。进一步的,可以形成关系表,该关系表中记载了各个终端设备以及与各个终端设备分别对应的姓名和身份证号。因此当需要查询终端设备的姓名和身份证号时,通过遍历关系表可以获知所需的姓名和身份证号。When a terminal device that meets the preset range is selected, it means that other terminal devices outside the preset range are screened, which reduces the workload of subsequent processes and narrows the range. In this step, the name and ID number corresponding to the terminal device are queried. The name and ID number may be included in the second user information, or may be for each terminal device previously entered by the user and corresponding to the terminal device. Further, a relationship table may be formed, and the relationship table records each terminal device and the name and ID number corresponding to each terminal device respectively. Therefore, when the name and ID number of the terminal device need to be queried, the required name and ID number can be obtained by traversing the relationship table.
本步骤中,服务器对来自可信设备的身份证信息进行解析和识别,可以获取到身份证信息中的姓名和身份证号。具体的,可信设备读取身份证时,获得身份证信息,该身份证信息的体现方式可以是图片形式,该图片相当于身份证的扫描复印,也可以是列表形式,即通过读取身份证,直接获取到姓名、身份证号、用户人脸特征,通过列表的形式展示,还可以是文字加图片的展示形式,等等。通过第一用户信息的身份证信息中所包含的姓名与终端设备所对应存储的姓名进行比对,同时比对身份证信息的身份证号与终端设备所对应存储的身份证号。In this step, the server parses and identifies the ID card information from the trusted device, and can obtain the name and ID number in the ID card information. Specifically, when the trusted device reads the ID card, it obtains the ID card information, and the embodiment of the ID card information can be in the form of a picture, which is equivalent to a scanned copy of the ID card, or it can be in the form of a list, that is, by reading the ID card You can directly obtain the name, ID number, and face features of the user, and display it in the form of a list, or in the form of text and pictures, and so on. The name included in the ID card information of the first user information is compared with the name stored in the terminal device, and the ID card number of the ID card information is compared with the ID card number stored in the terminal device.
在本步骤中,具体确定与第一用户信息匹配的待认证设备的步骤可以是先以可信设备为基准,选取预设范围内的终端设备,而后将第一用户信息的身份证信息识别得到的姓名和身份证号与存储的所述姓名和身份证号进行比对。In this step, the step of specifically determining the device to be authenticated that matches the first user information may be to first select a terminal device within a preset range based on a trusted device, and then identify the identity card information of the first user information to obtain The stored name and ID number are compared with the stored name and ID number.
在本实施例中,所述第二用户信息包括所述待认证设备对应的用户人脸特征,在所述服 务器中存储有每个终端设备的可信等级,并且也存储有可信设备的可信等级,其中本实施例中可信设备的可信等级为法定可信,也即是等级最高的可信等级。In this embodiment, the second user information includes the user's face feature corresponding to the device to be authenticated, the server stores the trust level of each terminal device, and also stores the availability of the trusted device. trust level, wherein the trust level of the trusted device in this embodiment is legal trust, that is, the trust level with the highest level.
本申请实施例中,机读人脸特征与所述待认证设备对应的用户人脸特征的比对实际上是计算机读人脸特征与待认证设备的用户人脸特征的相似度。In the embodiment of the present application, the comparison between the machine-readable facial feature and the user's facial feature corresponding to the device to be authenticated is actually the similarity between the computer-readable facial feature and the user's facial feature of the device to be authenticated.
所述比对结果满足预设条件,也即是机读人脸特征与待认证设备的用户人脸特征的相似度达到预设阈值,此时表明身份认证成功,更新该待认证设备的可信等级。通常的做法是将该终端设备的可信等级升级为与可信设备一致,即法定可信。The comparison result satisfies the preset condition, that is, the similarity between the machine-readable face feature and the user face feature of the device to be authenticated reaches a preset threshold, indicating that the identity authentication is successful at this time, and the credibility of the device to be authenticated is updated. grade. The usual practice is to upgrade the trust level of the terminal device to be consistent with the trusted device, that is, legal trust.
如图6所示,本申请实施例提供一种用户身份信息认证装置,包括:用户信息接收模块601、校验码生成模块602和认证设备校验模块603。具体的,用户信息接收模块601用于接收可信设备发送的第一用户信息,所述第一用户信息通过所述可信设备采集得到;校验码生成模块602用于基于所述第一用户信息生成第一校验码,并确定和所述第一用户信息匹配的待认证设备,其中,所述待认证设备中预存有第二用户信息,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级;认证设备校验模块603用于确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证。As shown in FIG. 6 , an embodiment of the present application provides an apparatus for authenticating user identity information, including: a user information receiving module 601 , a verification code generating module 602 and an authentication device verification module 603 . Specifically, the user information receiving module 601 is configured to receive first user information sent by a trusted device, and the first user information is collected by the trusted device; the check code generation module 602 is configured to generate a check code based on the first user information to generate a first check code, and determine the device to be authenticated that matches the first user information, wherein the device to be authenticated pre-stores second user information, and the first user obtained through the trusted device The credibility level of the information is higher than the credibility level of the second user information stored by the device to be authenticated; the authentication device verification module 603 is used to determine the stored third verification code corresponding to the device to be authenticated. If the first check code is the same as the third check code, the stored trust level of the device to be authenticated is modified to complete the authentication of the user identity information.
在本实施例中,所述可信设备包括身份证阅读设备、可信身份阅读器、护照阅读器,所述第一用户信息包括身份证信息、公民认证、公民卡、资质证明、驾驶执照、护照通过哈希算法计算所述身份证信息中姓名和身份证号的散列值生成第一校验码。相应的,也可以通过哈希算法计算所述身份证信息中姓名和身份证号的散列值生成第一校验码。In this embodiment, the trusted device includes an ID card reading device, a trusted ID reader, and a passport reader, and the first user information includes ID card information, citizen authentication, citizen card, qualification certificate, driver's license, The passport calculates the hash value of the name and the ID card number in the ID card information through a hash algorithm to generate the first check code. Correspondingly, the hash value of the name and the ID card number in the ID card information can also be calculated by a hash algorithm to generate the first check code.
校验码生成模块602中确定和所述第一用户信息匹配的待认证设备,包括:获取所述可信设备的位置信息,确定所述位置信息预设范围内的终端设备;查询存储的所述终端设备对应的用户人脸特征;对所述身份证信息中的人脸图像进行特征提取得到机读人脸特征;将所述机读人脸特征与每个终端设备对应存储的用户人脸特征进行比对,将满足比对结果的终端设备确定为待认证设备。Determining the device to be authenticated that matches the first user information in the verification code generation module 602 includes: acquiring the location information of the trusted device, determining the terminal device within the preset range of the location information; querying the stored the user's face feature corresponding to the terminal device; the feature extraction is performed on the face image in the ID card information to obtain the machine-readable face feature; the machine-readable face feature is corresponding to the user's face stored in each terminal device The features are compared, and the terminal device that satisfies the comparison result is determined as the device to be authenticated.
进一步的,上述在查询存储的所述终端设备对应的用户人脸特征之前,还包括:确定记录的所述预设范围内的终端设备的认证等级。相应的,所述查询存储的所述终端设备对应的用户人脸特征,包括:查询认证等级满足预设等级的终端设备对应的用户人脸特征。Further, before querying the stored facial features of the user corresponding to the terminal device, the method further includes: determining the recorded authentication level of the terminal device within the preset range. Correspondingly, the querying the stored user face features corresponding to the terminal device includes: querying the user face features corresponding to the terminal devices whose authentication level meets a preset level.
作为本实施例优选的可实施方案,在所述服务器中存储有每个终端设备的可信等级,所述接收所述待认证设备发送的匹配结果,基于所述匹配结果完成身份认证,包括:接收所述待认证设备发送的匹配结果,如果为匹配成功,则身份认证成功,并更新所述可信等级。As a preferred implementation of this embodiment, the server stores the trust level of each terminal device, the receiving a matching result sent by the device to be authenticated, and completing identity authentication based on the matching result, including: The matching result sent by the device to be authenticated is received, and if the matching is successful, the identity authentication is successful, and the trust level is updated.
如图7所示,本申请实施例还提供另外一种用户身份信息认证装置,本实施例提供的用户身份信息认证装置在图6示出的用户身份信息认证装置的基础上增加校验码发送模块704,也即是本申请实施例的用户身份信息认证装置包括:用户信息接收模块701、校验码生成模块702、认证设备校验模块703和校验码发送模块704。As shown in FIG. 7 , the embodiment of the present application further provides another user identity information authentication device. The user identity information authentication device provided by this embodiment adds a verification code transmission based on the user identity information authentication device shown in FIG. 6 . Module 704 , that is, the user identity information authentication device in the embodiment of the present application includes: a user information receiving module 701 , a verification code generating module 702 , an authentication device verification module 703 and a verification code sending module 704 .
具体的,校验码发送模块704,用于将所述第一校验码发送至所述待认证设备,用于供所述待认证设备进行所述第一校验码和第二校验码的匹配,如果匹配成功,则所述待认证设备进行认证等级修改,并通知用户,其中所述第二校验码根据所述待认证设备存储的所述第二用户信息生成Specifically, the verification code sending module 704 is configured to send the first verification code to the device to be authenticated, for the device to be authenticated to perform the first verification code and the second verification code If the match is successful, the device to be authenticated modifies the authentication level and notifies the user, wherein the second check code is generated according to the second user information stored by the device to be authenticated
其中,用户信息接收模块701用于接收可信设备发送的第一用户信息,所述第一用户信息通过所述可信设备采集得到;认证设备确定模块702用于确定和所述第一用户信息匹配的待认证设备,获取存储的所述待认证设备对应的第二用户信息,其中,通过所述可信设备采集得到的第一用户信息的可信等级高于所述存储的第二用户信息的可信等级;身份认证完成模块703用于根据所述第一用户信息和所述第二用户信息生成匹配结果,基于所述匹配结果完成身份认证。The user information receiving module 701 is used to receive the first user information sent by the trusted device, and the first user information is collected by the trusted device; the authentication device determination module 702 is used to determine and the first user information The matching device to be authenticated obtains the stored second user information corresponding to the device to be authenticated, wherein the credibility level of the first user information collected through the trusted device is higher than the stored second user information The identity authentication completion module 703 is configured to generate a matching result according to the first user information and the second user information, and complete the identity authentication based on the matching result.
本实施例中,所述第一用户信息包括身份证信息、公民认证、公民卡、资质证明、驾驶执照、护照在认证设备确定模块702中,所述确定和所述第一用户信息匹配的待认证设备, 包括:获取所述可信设备的位置信息,确定所述位置信息预设范围内的终端设备;查询存储的所述终端设备对应的姓名和身份证号;将对所述身份证信息识别得到的姓名和身份证号与存储的所述姓名和身份证号进行比对;将比对结果一致的终端设备确定为待认证设备。In this embodiment, the first user information includes ID card information, citizen authentication, citizen card, qualification certificate, driver's license, and passport. The authentication device includes: acquiring the location information of the trusted device, and determining the terminal device within the preset range of the location information; querying the stored name and ID number corresponding to the terminal device; The identified name and ID number are compared with the stored name and ID number; the terminal device with the same comparison result is determined as the device to be authenticated.
进一步可选的,所述第二用户信息包括所述待认证设备对应的用户人脸特征,在所述服务器中存储有每个终端设备的可信等级。身份认证完成模块803中,所述根据所述第一用户信息和所述第二用户信息生成匹配结果,基于所述匹配结果完成身份认证,包括:对所述身份证信息中的人脸图像进行特征提取得到机读人脸特征;将所述机读人脸特征与所述待认证设备对应的用户人脸特征进行比对;如果比对结果满足预设条件,则身份认证成功,并更新所述可信等级。Further optionally, the second user information includes a user face feature corresponding to the device to be authenticated, and the server stores the trust level of each terminal device. In the identity authentication completion module 803, the generating a matching result according to the first user information and the second user information, and completing the identity authentication based on the matching result, includes: performing an operation on the face image in the ID card information. The feature extraction obtains the machine-readable face feature; compares the machine-readable face feature with the user face feature corresponding to the device to be authenticated; if the comparison result satisfies the preset conditions, the identity authentication is successful, and the the reliability level.
如图8所示,本申请实施例还提供一种用户身份信息认证设备,包括:存储器801以及一个或多个处理器802;所述存储器801,用于存储一个或多个程序;当所述一个或多个程序被所述一个或多个处理器802执行,使得所述一个或多个处理器实现如本申请所述的用户身份信息认证方法。As shown in FIG. 8, an embodiment of the present application further provides a user identity information authentication device, including: a memory 801 and one or more processors 802; the memory 801 is used to store one or more programs; One or more programs are executed by the one or more processors 802 so that the one or more processors implement the user identity information authentication method as described in this application.
本申请实施例还提供一种包含计算机可执行指令的存储介质,所述计算机可执行指令在由计算机处理器执行时用于执行如上述实施例提供的用户身份信息认证方法,该用户身份信息认证方法包括:接收可信设备发送的第一用户信息,所述第一用户信息通过所述可信设备采集得到;基于所述第一用户信息生成第一校验码,并确定和所述第一用户信息匹配的待认证设备,其中,所述待认证设备中预存有第二用户信息,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级;确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证。Embodiments of the present application further provide a storage medium containing computer-executable instructions, where the computer-executable instructions are used to execute the user identity information authentication method provided by the above embodiments when executed by a computer processor, the user identity information authentication method The method includes: receiving first user information sent by a trusted device, where the first user information is collected by the trusted device; generating a first check code based on the first user information, and determining the same value as the first user information. A device to be authenticated that matches user information, wherein the device to be authenticated has second user information pre-stored, and the credibility level of the first user information collected by the trusted device is higher than the first user information stored by the device to be authenticated. 2. The credibility level of the user information; determine the stored third check code corresponding to the device to be authenticated, and if the first check code and the third check code are the same, modify the stored Authenticate the trust level of the device and complete the authentication of user identity information.
存储介质——任何的各种类型的存储器设备或存储设备。术语“存储介质”旨在包括:安装介质,例如CD-ROM、软盘或磁带装置;计算机系统存储器或随机存取存储器,诸如DRAM、DDR RAM、SRAM、EDO RAM,兰巴斯(Rambus)RAM等;非易失性存储器,诸如闪存、磁介质(例如硬盘或光存储);寄存器或其它相似类型的存储器元件等。存储介质可以还包括其它类型的存储器或其组合。另外,存储介质可以位于程序在其中被执行的第一计算机系统中,或者可以位于不同的第二计算机系统中,第二计算机系统通过网络(诸如因特网)连接到第一计算机系统。第二计算机系统可以提供程序指令给第一计算机用于执行。术语“存储介质”可以包括可以驻留在不同位置中(例如在通过网络连接的不同计算机系统中)的两个或更多存储介质。存储介质可以存储可由一个或多个处理器执行的程序指令(例如具体实现为计算机程序)。storage medium - any of various types of memory devices or storage devices. The term "storage medium" is intended to include: installation media, such as CD-ROMs, floppy disks, or tape devices; computer system memory or random access memory, such as DRAM, DDR RAM, SRAM, EDO RAM, Rambus RAM, etc. ; non-volatile memory, such as flash memory, magnetic media (eg hard disk or optical storage); registers or other similar types of memory elements, etc. The storage medium may also include other types of memory or combinations thereof. In addition, the storage medium may be located in the first computer system in which the program is executed, or may be located in a second, different computer system connected to the first computer system through a network such as the Internet. The second computer system may provide program instructions to the first computer for execution. The term "storage medium" may include two or more storage media that may reside in different locations (eg, in different computer systems connected by a network). The storage medium may store program instructions (eg, embodied as a computer program) executable by one or more processors.
当然,本申请实施例所提供的一种包含计算机可执行指令的存储介质,其计算机可执行指令不限于如上所述的用户身份信息认证方法,还可以执行本申请任意实施例所提供的用户身份信息认证方法中的相关操作。Of course, a storage medium containing computer-executable instructions provided by the embodiments of the present application is not limited to the user identity information authentication method described above, and the computer-executable instructions can also execute the user identity information provided by any embodiment of the present application. Related operations in the information authentication method.
上述实施例中提供的用户身份信息认证装置、设备及存储介质可执行本申请任意实施例所提供的用户身份信息认证方法,未在上述实施例中详尽描述的技术细节,可参见本申请任意实施例所提供的用户身份信息认证方法。The user identity information authentication device, device and storage medium provided in the above embodiments can perform the user identity information authentication method provided by any embodiment of this application. For technical details not described in detail in the above embodiments, please refer to any implementation of this application. The user identity information authentication method provided by the example.
上述仅为本申请的较佳实施例及所运用的技术原理。本申请不限于这里所述的特定实施例,对本领域技术人员来说能够进行的各种明显变化、重新调整及替代均不会脱离本申请的保护范围。因此,虽然通过以上实施例对本申请进行了较为详细的说明,但是本申请不仅仅限于以上实施例,在不脱离本申请构思的情况下,还可以包括更多其他等效实施例,而本申请的范围由权利要求的范围决定。The above are only the preferred embodiments of the present application and the applied technical principles. The present application is not limited to the specific embodiments described herein, and various obvious changes, readjustments and substitutions that can be made by those skilled in the art will not depart from the protection scope of the present application. Therefore, although the present application has been described in detail through the above embodiments, the present application is not limited to the above embodiments, and can also include more other equivalent embodiments without departing from the concept of the present application. The scope is determined by the scope of the claims.

Claims (15)

  1. 一种用户身份信息认证方法,其特征在于,包括:A method for authenticating user identity information, comprising:
    接收可信设备发送的第一用户信息,所述第一用户信息通过所述可信设备采集得到;receiving first user information sent by a trusted device, where the first user information is collected by the trusted device;
    基于所述第一用户信息生成第一校验码,并确定和所述第一用户信息匹配的待认证设备,其中,所述待认证设备中预存有第二用户信息,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级;A first verification code is generated based on the first user information, and a device to be authenticated that matches the first user information is determined, wherein the second user information is pre-stored in the device to be authenticated, and the trusted device The credibility level of the collected first user information is higher than the credibility level of the second user information stored in the device to be authenticated;
    确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证。Determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored trust level of the device to be authenticated, and complete Authentication of user identity information.
  2. 根据权利要求1所述的用户身份信息认证方法,其特征在于,在修改存储的所述待认证设备的可信等级之后,还包括:The user identity information authentication method according to claim 1, wherein after modifying the stored trust level of the device to be authenticated, the method further comprises:
    将所述第一校验码发送至所述待认证设备,用于供所述待认证设备进行所述第一校验码和第二校验码的匹配,如果匹配成功,则所述待认证设备进行认证等级修改,并通知用户,其中所述第二校验码根据所述待认证设备存储的所述第二用户信息生成。Send the first verification code to the device to be authenticated, for the device to be authenticated to match the first verification code and the second verification code, if the matching is successful, the device to be authenticated The device modifies the authentication level and notifies the user, wherein the second verification code is generated according to the second user information stored in the device to be authenticated.
  3. 根据权利要求2所述的用户身份信息认证方法,其特征在于,所述可信设备包括身份证阅读设备、可信身份阅读器、护照阅读器,所述第一用户信息包括身份证信息、公民认证、公民卡、资质证明、驾驶执照、护照。The user identity information authentication method according to claim 2, wherein the trusted device includes an ID card reading device, a trusted ID reader, and a passport reader, and the first user information includes ID card information, citizen Certification, Citizenship Card, Qualification Certificate, Driver's License, Passport.
  4. 根据权利要求3所述的用户身份信息认证方法,其特征在于,所述基于所述第一用户信息生成第一校验码,包括:The user identity information authentication method according to claim 3, wherein the generating a first check code based on the first user information comprises:
    通过哈希算法计算所述身份证信息中姓名和身份证号的散列值生成第一校验码。The first check code is generated by calculating the hash value of the name and the ID card number in the ID card information through a hash algorithm.
  5. 根据权利要求3所述的用户身份信息认证方法,其特征在于,所述确定和所述第一用户信息匹配的待认证设备,包括:The user identity information authentication method according to claim 3, wherein the determining the device to be authenticated that matches the first user information comprises:
    获取所述可信设备的位置信息,确定所述位置信息预设范围内的终端设备;Obtain the location information of the trusted device, and determine the terminal device within the preset range of the location information;
    查询存储的所述终端设备对应的用户人脸特征;query the stored face features of the user corresponding to the terminal device;
    对所述身份证信息中的人脸图像进行特征提取得到机读人脸特征;Perform feature extraction on the face image in the ID card information to obtain machine-readable face features;
    将所述机读人脸特征与每个终端设备对应存储的用户人脸特征进行比对,将满足比对结果的终端设备确定为待认证设备。The machine-readable face feature is compared with the user face feature stored correspondingly in each terminal device, and the terminal device that satisfies the comparison result is determined as the device to be authenticated.
  6. 根据权利要求5所述的用户身份信息认证方法,其特征在于,在查询存储的所述终端设备对应的用户人脸特征之前,还包括:The method for authenticating user identity information according to claim 5, wherein before querying the stored facial features of the user corresponding to the terminal device, the method further comprises:
    确定记录的所述预设范围内的终端设备的认证等级;determining the authentication level of the recorded terminal equipment within the preset range;
    相应的,所述查询存储的所述终端设备对应的用户人脸特征,包括:Correspondingly, the query and storage of the user face features corresponding to the terminal device include:
    查询认证等级满足预设等级的终端设备对应的用户人脸特征。Query the face features of the user corresponding to the terminal device whose authentication level meets the preset level.
  7. 一种用户身份信息认证方法,其特征在于,包括:A method for authenticating user identity information, comprising:
    接收可信设备发送的第一校验码,所述第一校验码为所述可信设备基于采集的第一用户信息生成;receiving a first check code sent by a trusted device, where the first check code is generated by the trusted device based on the collected first user information;
    确定和所述第一校验码匹配的待认证设备,其中,所述待认证设备中预存有第二用户信息,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级;Determine the device to be authenticated that matches the first check code, wherein the device to be authenticated is pre-stored with second user information, and the credibility level of the first user information collected by the trusted device is higher than all Describe the trust level of the second user information stored by the device to be authenticated;
    确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证。Determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored trust level of the device to be authenticated, and complete Authentication of user identity information.
  8. 一种用户身份信息认证系统,包括服务器、待认证设备以及可信设备,其特征在于,可信设备,用于发送的第一用户信息至服务器,所述第一用户信息通过所述可信设备采集得到;服务器,用于接收所述第一用户信息,基于所述第一用户信息生成第一校验码,并确定和所述第一用户信息匹配的待认证设备,其中,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级;以及A user identity information authentication system, comprising a server, a device to be authenticated and a trusted device, characterized in that the trusted device is used to send first user information to the server, and the first user information passes through the trusted device acquisition; a server, configured to receive the first user information, generate a first check code based on the first user information, and determine the device to be authenticated that matches the first user information, wherein through the The trust level of the first user information collected by the trust device is higher than the trust level of the second user information stored by the device to be authenticated; and
    确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,并发送所述第一校验码和修改后的认证 等级至所述待认证设备;Determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored trust level of the device to be authenticated, and sending the first verification code and the modified authentication level to the device to be authenticated;
    所述待认证设备,用于基于存储的第二用户信息生成第二校验码,并接收所述服务器发送的第一校验码,如果所述第一校验码和所述第二校验码一致,则将存储的认证等级更新为所述修改后的认证等级。The device to be authenticated is configured to generate a second check code based on the stored second user information, and receive the first check code sent by the server, if the first check code and the second check code If the codes are consistent, the stored authentication level is updated to the modified authentication level.
  9. 根据权利要求8所述的用户身份信息认证系统,其特征在于,所述第一用户信息包括身份证信息,所述服务器用于:The user identity information authentication system according to claim 8, wherein the first user information includes ID card information, and the server is used for:
    获取所述可信设备的位置信息,确定所述位置信息预设范围内的终端设备;Obtain the location information of the trusted device, and determine the terminal device within the preset range of the location information;
    查询存储的所述终端设备对应的用户人脸特征;query the stored face features of the user corresponding to the terminal device;
    将所述机读人脸特征与每个终端设备对应存储的用户人脸特征进行比对,将满足比对结果的终端设备确定为待认证设备。The machine-readable face feature is compared with the user face feature stored correspondingly in each terminal device, and the terminal device that satisfies the comparison result is determined as the device to be authenticated.
  10. 根据权利要求9所述的用户身份信息认证系统,其特征在于,所述服务器还用于:The user identity information authentication system according to claim 9, wherein the server is further used for:
    确定记录的所述预设范围内的终端设备的认证等级;查询认证等级满足预设等级的终端设备对应的用户人脸特征。Determine the recorded authentication level of the terminal device within the preset range; query the user face feature corresponding to the terminal device whose authentication level meets the preset level.
  11. 一种用户身份信息认证系统,包括服务器、待认证设备以及可信设备,其特征在于:A user identity information authentication system, comprising a server, a device to be authenticated and a trusted device, characterized in that:
    可信设备,用于发送的第一校验码至服务器,所述第一校验码由所述可信设备基于采集的第一用户信息计算得到;服务器,用于接收所述第一校验码,确定和所述第一校验码匹配的待认证设备,其中,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级;以及The trusted device is used to send the first check code to the server, where the first check code is calculated by the trusted device based on the collected first user information; the server is used to receive the first check code code to determine the device to be authenticated that matches the first check code, wherein the trust level of the first user information collected by the trusted device is higher than the trust level of the second user information stored by the device to be authenticated confidence level; and
    确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,并发送所述第一校验码和修改后的认证等级至所述待认证设备;Determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored trust level of the device to be authenticated, and sending the first verification code and the modified authentication level to the device to be authenticated;
    所述待认证设备,用于基于存储的第二用户信息生成第二校验码,并接收所述服务器发送的第一校验码,如果所述第一校验码和所述第二校验码一致,则将存储的认证等级更新为所述修改后的认证等级。The device to be authenticated is configured to generate a second check code based on the stored second user information, and receive the first check code sent by the server, if the first check code and the second check code If the codes are consistent, the stored authentication level is updated to the modified authentication level.
  12. 一种用户身份信息认证装置,其特征在于,包括:A device for authenticating user identity information, comprising:
    用户信息接收模块:用于接收可信设备发送的第一用户信息,所述第一用户信息通过所述可信设备采集得到;User information receiving module: used to receive first user information sent by a trusted device, where the first user information is collected by the trusted device;
    校验码生成模块:用于基于所述第一用户信息生成第一校验码,并确定和所述第一用户信息匹配的待认证设备,其中,所述待认证设备中预存有第二用户信息,通过所述可信设备采集得到的第一用户信息的可信等级高于所述待认证设备存储的第二用户信息的可信等级;Verification code generation module: used to generate a first verification code based on the first user information, and determine a device to be authenticated that matches the first user information, wherein the device to be authenticated is pre-stored with a second user information, the credibility level of the first user information collected by the trusted device is higher than the credibility level of the second user information stored by the device to be authenticated;
    认证设备校验模块:用于确定存储的和所述待认证设备对应的第三校验码,如果所述第一校验码和所述第三校验码相同,则修改存储的所述待认证设备的可信等级,完成用户身份信息的认证。Authentication device verification module: used to determine the stored third verification code corresponding to the device to be authenticated, and if the first verification code and the third verification code are the same, modify the stored Authenticate the trust level of the device and complete the authentication of user identity information.
  13. 根据权利要求12所述的用户身份信息认证装置,其特征在于,还包括:The device for authenticating user identity information according to claim 12, further comprising:
    校验码发送模块,用于将所述第一校验码发送至所述待认证设备,用于供所述待认证设备进行所述第一校验码和第二校验码的匹配,如果匹配成功,则所述待认证设备进行认证等级修改,并通知用户,其中所述第二校验码根据所述待认证设备存储的所述第二用户信息生成。A verification code sending module, configured to send the first verification code to the device to be authenticated, for the device to be authenticated to match the first verification code and the second verification code, if If the match is successful, the device to be authenticated modifies the authentication level and notifies the user, wherein the second check code is generated according to the second user information stored by the device to be authenticated.
  14. 一种用户身份信息认证设备,其特征在于,包括:存储器以及一个或多个处理器;A user identity information authentication device, comprising: a memory and one or more processors;
    所述存储器,用于存储一个或多个程序;the memory for storing one or more programs;
    当所述一个或多个程序被所述一个或多个处理器执行,使得所述一个或多个处理器实现如权利要求1-7任一所述的用户身份信息认证方法。When the one or more programs are executed by the one or more processors, the one or more processors implement the user identity information authentication method according to any one of claims 1-7.
  15. 一种包含计算机可执行指令的存储介质,其特征在于,所述计算机可执行指令在由计算机处理器执行时用于执行如权利要求1-7任一所述的用户身份信息认证方法。A storage medium containing computer-executable instructions, wherein the computer-executable instructions are used to execute the user identity information authentication method according to any one of claims 1-7 when executed by a computer processor.
PCT/CN2022/091134 2021-05-06 2022-05-06 User identity information authentication method, system, apparatus and device, and storage medium WO2022233313A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110492466.8A CN113177797A (en) 2021-05-06 2021-05-06 User identity information authentication method, system, device, equipment and storage medium
CN202110492466.8 2021-05-06

Publications (1)

Publication Number Publication Date
WO2022233313A1 true WO2022233313A1 (en) 2022-11-10

Family

ID=76928611

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/091134 WO2022233313A1 (en) 2021-05-06 2022-05-06 User identity information authentication method, system, apparatus and device, and storage medium

Country Status (2)

Country Link
CN (1) CN113177797A (en)
WO (1) WO2022233313A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113177797A (en) * 2021-05-06 2021-07-27 巽腾(广东)科技有限公司 User identity information authentication method, system, device, equipment and storage medium
CN113987442A (en) * 2021-11-01 2022-01-28 郑州云智信安安全技术有限公司 Citizen real identity authentication method and system based on personal privacy protection

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109711133A (en) * 2018-12-26 2019-05-03 广州市巽腾信息科技有限公司 Authentication method, device and the server of identity information
US20190149539A1 (en) * 2017-11-15 2019-05-16 Citrix Systems, Inc. Secure Authentication Of A Device Through Attestation By Another Device
US20190213312A1 (en) * 2014-08-28 2019-07-11 Facetec, Inc. Method to add remotely collected biometric images / templates to a database record of personal information
US10360367B1 (en) * 2018-06-07 2019-07-23 Capital One Services, Llc Multi-factor authentication devices
US20190386981A1 (en) * 2018-06-15 2019-12-19 Oracle International Corporation Auto inline enrollment of time-based one-time password (totp) for multi-factor authentication
CN113177797A (en) * 2021-05-06 2021-07-27 巽腾(广东)科技有限公司 User identity information authentication method, system, device, equipment and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107548059A (en) * 2016-06-28 2018-01-05 中兴通讯股份有限公司 A kind of authentication method and system
CN108171512A (en) * 2017-11-20 2018-06-15 胡研 A kind of method of commerce and electronic equipment
CN110826043B (en) * 2018-08-08 2022-11-25 腾讯科技(深圳)有限公司 Digital identity application system and method, identity authentication system and method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190213312A1 (en) * 2014-08-28 2019-07-11 Facetec, Inc. Method to add remotely collected biometric images / templates to a database record of personal information
US20190149539A1 (en) * 2017-11-15 2019-05-16 Citrix Systems, Inc. Secure Authentication Of A Device Through Attestation By Another Device
US10360367B1 (en) * 2018-06-07 2019-07-23 Capital One Services, Llc Multi-factor authentication devices
US20190386981A1 (en) * 2018-06-15 2019-12-19 Oracle International Corporation Auto inline enrollment of time-based one-time password (totp) for multi-factor authentication
CN109711133A (en) * 2018-12-26 2019-05-03 广州市巽腾信息科技有限公司 Authentication method, device and the server of identity information
CN113177797A (en) * 2021-05-06 2021-07-27 巽腾(广东)科技有限公司 User identity information authentication method, system, device, equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WANG GUAN, LI TIANLIANG: "The Mutual Authentication Scheme between the Host and the Portable Storage Device based on Secure Chip", COMPUTERS AND APPLIED CHEMISTRY, BEIJING HUAGONG XUEYUAN, BEIJING, CN, vol. 30, no. 5, 28 May 2013 (2013-05-28), Beijing, CN , pages 459 - 462, XP055983044, ISSN: 1001-4160, DOI: 10.11719/com.app.chem20130503 *

Also Published As

Publication number Publication date
CN113177797A (en) 2021-07-27

Similar Documents

Publication Publication Date Title
KR102370529B1 (en) Method and device for obtaining tracking information and recording it on the blockchain
US20220052852A1 (en) Secure biometric authentication using electronic identity
US9544308B2 (en) Compliant authentication based on dynamically-updated credentials
US10789346B2 (en) Online identity scoring
CN107800672B (en) Information verification method, electronic equipment, server and information verification system
JP2022512123A (en) Identity authentication method, device and server
KR102098441B1 (en) Identity authentication by using human biological characteristics
US20190190723A1 (en) Authentication system and method, and user equipment, authentication server, and service server for performing same method
WO2022233313A1 (en) User identity information authentication method, system, apparatus and device, and storage medium
US20090234764A1 (en) Systems and methods for biometric authentication of monetary fund transfer
US20150317638A1 (en) Methods, Devices and Systems for Transaction Initiation
US8332648B2 (en) Verification apparatus and program
US11244146B2 (en) Systems and methods for secure user logins with facial recognition and blockchain
US11665153B2 (en) Voice biometric authentication in a virtual assistant
US20160226867A1 (en) Cloud-based biometric enrollment, identification and verification through identity providers
US11288530B1 (en) Systems and methods for liveness-verified identity authentication
US11907404B2 (en) Systems, methods, and non-transitory computer-readable media for secure individual identification
US20230360031A1 (en) Controlling publishing of assets on a blockchain
AU2020244581A1 (en) Cloud-Based Biometric Enrollment, Identification and Verification Through Identity Providers
US20160342996A1 (en) Two-factor authentication method
US11941053B1 (en) Secure data interactions performed by an internet of things (IoT) device
US20230336523A1 (en) Domain name registration based on verification of entities of reserved names
US11531739B1 (en) Authenticating user identity based on data stored in different locations
US20240013198A1 (en) Validate digital ownerships in immutable databases via physical devices
EP3937037A1 (en) A system and method for digital identity authentication based on biometric data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22798653

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE