Specific embodiment
In order to make those skilled in the art more fully understand the technical solution in this specification one or more, below willIn conjunction with the attached drawing in this specification one or more embodiment, to the technical solution in this specification one or more embodiment intoRow clearly and completely describes, it is clear that and described embodiment is only this specification one or more a part of the embodiment, andThe embodiment being not all of.Based on the embodiment in this specification one or more, those of ordinary skill in the art are not makingThe model of this specification one or more protection all should belong in every other embodiment obtained under the premise of creative work outIt encloses.
This specification one or more embodiment provides a kind of auth method and device, in authentication imageIn collection process, the intermediate data of generation is encrypted in the encrypted instruction issued according to server end, and insertion is encryptedThe authentication image of information is sent to server, so that server extracts encryption information from the authentication image receivedAnd authentication is carried out based on the encryption information, malicious attack of the illegal person to certificate data is prevented, so that it is guaranteed that bodyReal-time, authenticity and the validity of part verify data acquisition, improve the safety that user account uses.
Fig. 1 is the application scenarios schematic diagram for the authentication system that this specification one or more embodiment provides, such as Fig. 1Shown, which includes: multiple client and authentication server, wherein the client can be smart phone, tablet computer etc.Mobile terminal can also be the fixed terminals such as desktop computer, wherein the detailed process of subscriber authentication are as follows:
Firstly, authentication server issues encrypted instruction to client, wherein the encrypted instruction includes: to be encryptedTarget processing stage and corresponding encryption parameter of each target processing stage;
Then, after client receives the encrypted instruction that authentication server issues, in the process of captured identity verifying imageIn, at least one target processing stage obtained intermediate data is encrypted according to the encrypted instruction, is encryptedAuthentication image afterwards;
Again, encrypted authentication image is sent to authentication server by client;
Finally, it is verified that server is after receiving encrypted authentication image, based on the authentication image to makingWith the user of the client authentication is carried out, if authentication passes through, sends to client and be verified for characterizingPrompt information sends the prompt information for characterizing authentication failed to client if authentication fails.
Fig. 2 is the first flow diagram for the auth method that this specification one or more embodiment provides, Fig. 2In method can be by the client executing in Fig. 1, as shown in Fig. 2, this method at least includes the following steps:
S201 obtains the encrypted instruction that authentication server issues, wherein the encrypted instruction includes: to be encryptedTarget processing stage and corresponding encryption parameter of each target processing stage;
Specifically, as authentication server multiple data processing stages involved in authentication image collection process in advanceMiddle at least one target processing stage of selection, and corresponding encryption parameter of each target processing stage is set, according to the target of selectionProcessing stage and corresponding encryption parameter of each target processing stage, the encryption that generation is used to indicate client executing cryptographic operation refer toIt enables;The encrypted instruction is handed down to client by authentication server, and client is after receiving the encrypted instruction, by the encryptionInstruction is parsed, and determines that at least one target processing stage for being encrypted and the target processing stage corresponding addClose parameter.
S202, according to the encrypted instruction got, at least one target processing stage institute of captured identity verifying imageObtained intermediate data is encrypted;
Specifically, sequence is executed according to data processing stage, in authentication image in authentication image collectionIn multiple data processing stages involved in collection process, the data processing stage currently needed to be implemented is determined;
Based at least one the target processing stage parsed, judge that the data processing stage currently needed to be implemented isNo is target processing stage;
If so, according to the target processing stage corresponding encryption parameter, when executing the data processing stage to its instituteObtained intermediate data is encrypted, and using the encrypted data as the input data of next data processing stage,Next data processing stage currently needed to be implemented is determined, until authentication image collection finishes.
Collected encrypted authentication image is sent to authentication server, so that the authentication server by S203Authentication is carried out based on encrypted authentication image.
Wherein, above-mentioned authentication image is that client tests captured identity according to the encrypted instruction that authentication server issuesWhat at least one target processing stage obtained intermediate data of card image was encrypted.Since client is being adoptedDuring collecting authentication image, encryption has been carried out to intermediate data according to the security requirements of authentication server, therefore,Authentication server parses the authentication image, obtains after the authentication image for receiving client transmissionThe target encryption information being embedded at client, then the target encryption information is carried out with the encrypted instruction for being handed down to client in advanceMatching, if successful match, it is determined that subscriber authentication passes through, if matching is unsuccessful, it is determined that subscriber authentication failure.
In the specific implementation, client needs to be implemented multiple data processing stages during authentication image collectionAfterwards, final output authentication image, wherein the authentication image can be a frame authentication image, can also be that multiframe is testedThe verifying video flowing for demonstrate,proving image composition, specifically, authentication image is attacked and distorted by illegal person in order to prevent, in clientDuring end generates authentication image, data caused by least one data processing stage to execution are carried out at encryptionIt manages, is embedded in intrinsic encryption information in authentication image finally obtained in this way, meanwhile, add in which data processing stageIt is close, and be that the encrypted instruction issued according to server end determines how the data processing stage encrypts, such server endReceiving the encrypted authentication image of client can accurately identify whether the authentication image is tampered.
In this specification one or more embodiment, client is in the collection process of authentication image, according to serviceThe intermediate data of generation is encrypted in the encrypted instruction that device issues, and the authentication image for being embedded in encryption information is sentTo server, so that server extracts encryption information from the authentication image received and carries out body based on the encryption informationPart verifying, that is to say, that during generating authentication image, carried out at corresponding encryption in different data processing stageReason, on the one hand, client requires to be encrypted according to server for encrypting, realizes between client and server and interacts encryption, separatelyOn the one hand, intermediate data is encrypted during authentication video generation, avoids the occurrence of the risk of data replacement, thusPrevent malicious attack of the illegal person to certificate data, it is ensured that the real-time of certificate data acquisition and has authenticityEffect property improves the safety that user account uses.
Wherein, for carrying out authentication by acquisition facial image, specifically, above-mentioned authentication image packetInclude: user's face image, the data processing stage related generally in user's face image collection process may include: optics atAs stage, imaging sensor acquisition phase, video flowing generation phase and Video coding stage;
Corresponding, at least one above-mentioned target processing stage may include: optical imagery stage, imaging sensor acquisition rankAt least one of section, video flowing generation phase, Video coding stage.
Specifically, carrying out the quantity of the target processing stage encrypted indicated by the encrypted instruction that server end issuesCan be one, be also possible to it is multiple, for example, at least one target processing stage includes: the optical imagery stage, then clientWhen captured identity verifies image, only optical imagery stage obtained intermediate data is encrypted, therefore, generationAuthentication image is embedded with and encryption information corresponding to the encryption parameter in the optical imagery stage indicated in encrypted instruction;AgainSuch as, at least one target processing stage includes: imaging sensor acquisition phase and video flowing generation phase, then client is being adoptedWhen collecting authentication image, successively imaging sensor acquisition phase and the obtained intermediate data of video flowing generation phase are carried outEncryption, therefore, the authentication image of generation are embedded with and the imaging sensor acquisition phase that indicates in encrypted instructionFirst encryption information corresponding to encryption parameter and be also embedded with it is with the video flowing generation phase that is indicated in encrypted instruction plusSecond encryption information corresponding to close parameter;
Specifically, being target processing stage for multiple data processing stages during authentication image collectionSituation needs that intermediate data caused by each target processing stage is encrypted one by one, and a upper target is handled rankThe encrypted data of section are transmitted to next data processing stage, and next data processing stage is using the encrypted data as inputData continue corresponding data processing, until having executed the last one data processing stage, generate final required identityVerify image.
Wherein, for target processing stage be the optical imagery stage the case where, at this time, it may be necessary to authentication image collectionIntermediate data caused by the optical imagery stage in the process is encrypted, and then enters back into authentication image collection mistakeImaging sensor acquisition phase in journey is based on this, as shown in figure 3, above-mentioned S202 is according to the encrypted instruction got, to acquisitionAt least one target processing stage obtained intermediate data of authentication image is encrypted, and specifically includes:
S2021 determines pumped FIR laser information of the optical imagery stage for data encryption according to the encrypted instruction got,Specifically, the encrypted instruction that server end issues is applied not only to the target processing stage that instruction is encrypted, it is also used to refer toShow corresponding encryption parameter of each target processing stage, wherein in the optical imagery stage to intermediate data by the way of pumped FIR laserIt is encrypted, therefore, optical imagery stage corresponding encryption parameter is pumped FIR laser information;
S2022, according to the pumped FIR laser information determined, to the optics in the optical imagery stage of captured identity verifying imageImage is encrypted.
Specifically, above-mentioned S2022 verifies the optical imagery rank of image to captured identity according to the pumped FIR laser information determinedOptical imagery in section is encrypted, and is specifically included:
Step 1, acquisition laser light source, which is irradiated on diffraction optical element corresponding with the pumped FIR laser information determined, to be obtainedSpeckle pattern, specifically, laser light source be irradiated to diffraction optical element (Diffractive Optical Elements,DOE on the diffraction grating in), diffraction spot (i.e. speckle pattern) will be formed, wherein diffraction grating is different, obtained diffraction spotPoint is also different, in the specific implementation, if multiple diffraction optical elements are arranged in imaging optical path, can preset and establish pumped FIR laser informationLaser light source is irradiated in diffraction light corresponding with the pumped FIR laser information determined by the corresponding relationship between diffraction optical elementElement is learned, and then obtains corresponding diffraction spot;
Step 2 is superimposed above-mentioned dissipate in the optical imagery stage of captured identity verifying image on obtained optical imagerySpot pattern.
Wherein, for the optical imagery stage, using pumped FIR laser technology to intermediate data caused by the optical imagery stageIt is encrypted, which belongs to one kind of structured light technique, which is mainly: being irradiated using light source to quiltThe space of measurement is numbered with code, and one-dimensional or two-dimensional specific image is projected to testee, and can also be according to being irradiated toThe deformation situation of the sample image of testee judges the surface shape and depth information of testee.
It is corresponding, include the case where the optical imagery stage for target processing stage, authentication server receives clientAfter the authentication image of transmission, which is parsed, judges dissipating with the presence or absence of insertion on optical imagerySpot pattern, if so, determining that the target processing stage obtained intermediate data meets predetermined encryption requirement;Alternatively, judging lightIt learns with the presence or absence of the speckle pattern of insertion on image, and whether judge the speckle pattern consistent with default speckle pattern, if depositingAnd it is consistent, it is determined that the target processing stage obtained intermediate data meets predetermined encryption requirement.
Wherein, for target processing stage be imaging sensor acquisition phase the case where, at this time, it may be necessary to authentication shadowThe intermediate data as caused by the imaging sensor acquisition phase in collection process is encrypted, and then enters back into identity and testsThe video flowing generation phase during image collection is demonstrate,proved, this is based on, as shown in figure 4, above-mentioned S202 refers to according to the encryption gotIt enables, at least one target processing stage obtained intermediate data of captured identity verifying image is encrypted, specificallyInclude:
S2023 determines digital water of the imaging sensor acquisition phase for data encryption according to the encrypted instruction gotThe stowed position of print, specifically, the encrypted instruction that server end issues is applied not only to the target processing that instruction is encryptedStage is also used to indicate corresponding encryption parameter of each target processing stage, wherein in imaging sensor acquisition phase using numberThe mode of watermark encrypts intermediate data, and therefore, the corresponding encryption parameter of imaging sensor acquisition phase is digital watermarkingStowed position;
S2024, according to the stowed position determined, in the imaging sensor acquisition phase of captured identity verifying imagePicture signal is embedded in digital watermarking, specifically, by position indicated by stowed position in data watermark embedded images signal.
Specifically, the stowed position of digital watermarking and cipher mode correspond, above-mentioned S2023 is according to the encryption gotInstruction determines the stowed position of digital watermarking of the imaging sensor acquisition phase for data encryption, specifically includes:
If encrypted instruction indicates time domain encryption, data encryption is used for using spatial domain as imaging sensor acquisition phaseThe stowed position of digital watermarking;
If encrypted instruction indicates frequency domain encryption, dct transform domain is used for data as imaging sensor acquisition phase and is addedThe stowed position of close digital watermarking;
If encrypted instruction indicates time-frequency domain encryption, data are used for using time-frequency conversion domain as imaging sensor acquisition phaseThe stowed position of the digital watermarking of encryption;
If encrypted instruction m- scale domain encryption when indicating, is used wavelet transformed domain as imaging sensor acquisition phaseIn the stowed position of the digital watermarking of data encryption.
It is corresponding, include the case where imaging sensor acquisition phase for target processing stage, authentication server receivesClient send authentication image after, which is parsed, judge be under aiming field in picture signalThe no digital watermarking that there is insertion, if so, determining that the target processing stage obtained intermediate data meets predetermined encryption and wantsIt asks;Alternatively, judge in picture signal with the presence or absence of the digital watermarking of insertion under object transformation domain, and judge the digital watermarking withWhether preset number watermark is consistent, if it exists and unanimously, it is determined that the target processing stage obtained intermediate data meets pre-If security requirements;
Specifically, aiming field is spatial domain at this time if encrypted instruction indicates time domain encryption;If encrypted instruction instruction frequency domain addsClose, aiming field is dct transform domain at this time;If encrypted instruction indicates time-frequency domain encryption, aiming field is time-frequency conversion domain at this time;If plusClose instruction m- scale domain encryption when indicating, aiming field is wavelet transformed domain at this time.
Wherein, for target processing stage be video flowing generation phase the case where, at this time, it may be necessary to be adopted to authentication imageIntermediate data caused by video flowing generation phase during collection is encrypted, and then enters back into authentication image and adoptsThe Video coding stage during collection is based on this, as shown in figure 5, above-mentioned S202 is according to the encrypted instruction got, to acquiring bodyAt least one target processing stage obtained intermediate data of part verifying image is encrypted, and specifically includes:
S2025 determines target video frame of the video flowing generation phase for data encryption according to the encrypted instruction gotAnd the insertion position of the target video frame, it needs to carry out specifically, the encrypted instruction that server end issues is applied not only to instructionThe target processing stage of encryption is also used to indicate corresponding encryption parameter of each target processing stage, wherein generates rank in video flowingThe mode of Duan Caiyong special frames insertion encrypts intermediate data, and therefore, the corresponding encryption parameter of video flowing generation phase isTarget video frame and its insertion position;
S2026, according to the insertion position determined, in the view that the video flowing generation phase of captured identity verifying image generatesIt is inserted into target video frame in frequency stream, specifically, the target video frame of designated position insertion specified quantity in video streaming, for example,Every 10 frame is inserted into a target video frame in video streaming.
Wherein, above-mentioned target video frame includes: blank frame, the video frame for being embedded in digital watermarking and superposition predetermined encryptionAt least one of video frame of pattern.
It is corresponding, include the case where that video flowing generation phase, authentication server receive client for target processing stageAfter holding the authentication image sent, which is parsed, is judged in target insertion position with the presence or absence of meshVideo frame is marked, if so, determining that the target processing stage obtained intermediate data meets predetermined encryption requirement.
Wherein, for target processing stage be the Video coding stage the case where, at this time, it may be necessary to authentication image collectionIntermediate data caused by the Video coding stage in the process is encrypted, and then enters back into authentication image collection mistakeVerify data transmission phase in journey is based on this, as shown in fig. 6, above-mentioned S202 is according to the encrypted instruction got, to acquiring bodyAt least one target processing stage obtained intermediate data of part verifying image is encrypted, and specifically includes:
S2027 determines that the Video coding stage is used for adding for the target information of data encryption according to the encrypted instruction gotAdd position, specifically, the encrypted instruction that server end issues is applied not only to the target processing stage that instruction is encrypted, alsoIt is used to indicate corresponding encryption parameter of each target processing stage, wherein the side of specific information addition is used in the Video coding stageFormula encrypts intermediate data, and therefore, Video coding stage corresponding encryption parameter is the point of addition of target information;
S2028, the face figure according to the point of addition determined, in the Video coding stage of captured identity verifying imageIt is embedded in target information in the File header information or picture structure figure of picture, specifically, the Video coding stage is to use video compressTechnology carries out compression processing to video flowing and carries out coded treatment to the facial image in video flowing, wherein image coding is equalThere are File header information or picture structure figure, for example jpeg file generally has an attached exif information, wraps in the exif informationTherefore the information such as size containing image, shooting time, photo direction, image thumbnails can pass through the file of modification facial imageThe special pattern of image is added wherein, and then achievees the purpose that data encryption for head information or picture structure figure.
It is corresponding, include the case where the Video coding stage for target processing stage, authentication server receives clientAfter the authentication image of transmission, which is parsed, judges the File header information or picture of facial imageIt whether there is target information in structure chart, if so, determining that the target processing stage obtained intermediate data meets default addClose requirement.
In the specific implementation, client is during authentication image collection, to mesh in conjunction with involved in Fig. 3 to Fig. 6The specific implementation that the mark obtained intermediate data of data processing stage is encrypted is right according to the encrypted instruction gotAt least one target processing stage obtained intermediate data of captured identity verifying image is encrypted, and generates final instituteThe authentication image needed.
Further, for server, after the authentication image for receiving client transmission, it is based on the identityDuring verifying image verifies user identity, which is parsed, according to parsing result and in advanceThe encrypted instruction first issued for client, judges whether each target processing stage obtained intermediate data meets default add one by oneClose requirement, if each target processing stage obtained intermediate data is all satisfied predetermined encryption requirement, it is determined that subscriber authenticationPass through, if either objective processing stage obtained intermediate data is unsatisfactory for predetermined encryption requirement, it is determined that subscriber authenticationFailure.
Wherein, authentication is carried out in order to combine safety that client user's account uses and authentication serverVerification efficiency targetedly controls client and encrypts to authentication image, is based on this, generates and add in authentication serverDuring close instruction, the security level of client is considered, be not that all clients issue identical encrypted instruction, forThe quantity of the relatively high client of security level, target processing stage indicated by the encrypted instruction issued for it is more, specifically, above-mentioned encrypted instruction is that authentication server is determined as follows:
Determine the targeted security grade of the client to authentication;
In multiple data processing stages of captured identity verifying image, according to the targeted security grade determined, determineAt least one target processing stage, and determine corresponding encryption parameter of each target processing stage, specifically, can presetCorresponding relationship between security level and at least one the target processing stage encrypted;
According at least one target processing stage and corresponding encryption parameter of each target processing stage, visitor to be handed down to is generatedThe encrypted instruction at family end.
Specifically, the security level of client is higher, the quantity of target processing stage indicated by corresponding encrypted instructionIt is more, further, consider that the authentication to user can be reinforced for a certain special circumstances, for example, being directed to preliminary judgementThere are the clients of doubtful rogue attacks risk, corresponding to the client to reinforce by the way that the security level of the client is turned upUser authentication, be based on this, above-mentioned targeted security grade can be based in advance for client setting raw securityGrade carries out what dynamic adjustment obtained, in a specific embodiment, the determination process of targeted security grade, specifically:
Judge whether the login environment of client changes, if so, the client is turned up according to default adjustment ruleSecurity level, the security level after height-regulating is determined as to the targeted security grade of client;
For example, when the login geographical location information for monitoring client is not common geographical location information, i.e., if inspectionMeasuring client is different-place login, it is determined that the login environment of client changes, and needs to reinforce at this time to test user identityThe dynamics of card further increases the safety that user account uses.
Further, by taking the collection process of user's face image as an example, if at least one target processing stage includes: lightLearn imaging session, imaging sensor acquisition phase, video flowing generation phase and Video coding stage, wherein as shown in fig. 7, withThe process of family face image acquisition, specifically:
(1) firstly, into the optical imagery stage, according to optical imagery stage corresponding pumped FIR laser information, to optical imageryOptical imagery in stage is encrypted, and the optical imagery of insertion speckle pattern is obtained, by the optical picture of the insertion speckle patternAs the input data as imaging sensor acquisition phase;
(2) after the optical imagery that imaging optical path exports insertion speckle pattern, into imaging sensor acquisition phase, according toThe stowed position of the corresponding digital watermarking of imaging sensor acquisition phase, in the obtained image letter of imaging sensor acquisition phaseBe embedded in digital watermarking in number, obtain insertion speckle pattern and be embedded in the picture signal of digital watermarking, by the insertion speckle pattern andIt is embedded in input data of the picture signal of digital watermarking as video flowing generation phase;
(3) after imaging sensor exports insertion speckle pattern and is embedded in the picture signal of digital watermarking, into video flowingGeneration phase believes the image that imaging sensor exports by image-signal processor (Image Signal Processor, ISP)Number signal processing is carried out, successively obtains multiple facial images, generate facial image video flowing, it is corresponding according to video flowing generation phaseTarget video frame insertion position, target video frame is inserted into facial image video flowing, obtains insertion speckle pattern and embeddingEnter digital watermarking and be inserted into the facial image video flowing (i.e. encrypted first facial image video flowing) of encrypted video frame, by thisInput data of the encrypted first facial image video flowing as the Video coding stage;
(4) after image-signal processor exports encrypted first facial image video flowing, into the Video coding stage,According to the point of addition of Video coding stage corresponding target information, face figure in the first facial image video flowing after encryptionTarget information is added in the File header information or picture structure figure of picture, obtain insertion speckle pattern and is embedded in digital watermarking and insertionEncrypted video frame and add target information facial image video flowing (i.e. encrypted second facial image video flowing), by this plusThe second facial image video flowing after close is as user's face image to be verified.
Auth method in this specification one or more embodiment obtains the encrypted instruction that server issues;RootAccording to the encrypted instruction, at least one target processing stage obtained intermediate data of captured identity verifying image is encryptedProcessing;Collected encrypted authentication image is sent to server, so that server is based on the authentication imageCarry out authentication.In the collection process of authentication image, the encrypted instruction issued according to server end is in generationBetween data be encrypted, the authentication image for being embedded in encryption information is sent to server, so that server is from receptionTo authentication image in extract encryption information and based on the encryption information carry out authentication, prevent illegal person to identityThe malicious attack of verify data, so that it is guaranteed that real-time, authenticity and the validity of certificate data acquisition, improve user's accountNumber safety used.
The auth method that corresponding above-mentioned Fig. 2 to Fig. 7 is described, based on the same technical idea, this specification one orMultiple embodiments additionally provide a kind of auth method, and Fig. 8 is that the identity that this specification one or more embodiment provides is testedThe flow diagram of card method, the method in Fig. 8 can be executed by authentication server, as shown in figure 8, this method include at least withLower step:
S801, after sending encrypted instruction to client, obtain that the client reports based on encrypted instruction acquisitionAuthentication image, wherein the encrypted instruction includes: the target processing stage encrypted and each target processing rankThe corresponding encryption parameter of section, specifically, the specific implementation process of client captured identity verifying image is referring to above-mentioned Fig. 3 to Fig. 6Shown in process, details are not described herein;
Specifically, authentication server is in advance in multiple data processing stages involved in authentication image collection processAt least one target processing stage is chosen, and sets corresponding encryption parameter of each target processing stage, at the target of selectionReason stage and corresponding encryption parameter of each target processing stage, the encryption that generation is used to indicate client executing cryptographic operation refer toIt enables;The encrypted instruction is handed down to client by authentication server.
The authentication image got is decrypted in S802, and it is corresponding to obtain at least one target processing stageTarget encryption information, specifically, by the authentication image carry out resolving inversely, extract client be embedded in authenticationTarget encryption information in image;
S803 determines client according to the target encryption information that the encrypted instruction and decryption that send in advance to client obtainWhether the authentication at end passes through.
Wherein, since client is during captured identity verifies image, according to the security requirements pair of authentication serverIntermediate data has carried out encryption, and therefore, authentication server is after the authentication image for receiving client transmission, to thisAuthentication image is parsed, and obtains the target encryption information being embedded at client, then by the target encryption information and in advanceThe encrypted instruction for being first handed down to client is matched, if successful match, it is determined that subscriber authentication passes through, if matching not atFunction, it is determined that subscriber authentication failure.
In this specification one or more embodiment, authentication server sends encrypted instruction to client, so that clientIn the collection process of authentication image, it is encrypted according to intermediate data of the encrypted instruction to generation, then, is connectThe authentication image for the insertion encryption information that client reports is received, and extracts encryption letter from the authentication image receivedIt ceases and is based on the encryption information and carry out authentication, that is to say, that during client generates authentication image, in differenceData processing stage carries out corresponding encryption, on the one hand, client requires to be encrypted according to server for encrypting, in clientEnd interacts encryption with realization between server, on the other hand, encrypts during authentication video generation to intermediate data,The risk for avoiding the occurrence of data replacement, to prevent malicious attack of the illegal person to certificate data, it is ensured that authenticationReal-time, authenticity and the validity of data acquisition improve the safety that user account uses.
Wherein, the target encryption information that above-mentioned S803 is obtained according to the encrypted instruction and decryption that send in advance to client,It determines whether the authentication of client passes through, specifically includes:
Judge the target processing stage indicated by corresponding target encryption information of each target processing stage and encrypted instructionWhether corresponding encryption parameter matches;
If so, determining that the authentication of client passes through;If not, it is determined that the authentication of client does not pass through.
Specifically, above-mentioned authentication image includes: user for carrying out authentication by acquisition facial imageFace image, the data processing stage related generally in user's face image collection process may include: the optical imagery stage,Imaging sensor acquisition phase, video flowing generation phase and Video coding stage;
Corresponding, at least one above-mentioned target processing stage may include: optical imagery stage, imaging sensor acquisition rankAt least one of section, video flowing generation phase, Video coding stage.
Include the case where the optical imagery stage for target processing stage, authentication server receives the body of client transmissionAfter part verifying image, which is parsed, is judged with the presence or absence of the speckle pattern of insertion on optical imagery, ifIt is, it is determined that the target processing stage obtained intermediate data meets predetermined encryption requirement;Alternatively, judge be on optical imageryThe no speckle pattern that there is insertion, and judge whether the speckle pattern is consistent with default speckle pattern, if it exists and unanimously, thenDetermine that target processing stage obtained intermediate data meets predetermined encryption requirement.
Include the case where imaging sensor acquisition phase for target processing stage, authentication server receives client hairAfter the authentication image sent, which is parsed, judges to whether there is under aiming field in picture signal embeddingThe digital watermarking entered, if so, determining that the target processing stage obtained intermediate data meets predetermined encryption requirement;Alternatively,Judge the digital watermarking that whether there is insertion in picture signal under object transformation domain, and judges the digital watermarking and preset numberWhether watermark is consistent, if it exists and unanimously, it is determined that the target processing stage obtained intermediate data, which meets predetermined encryption, to be wantedIt asks;
Specifically, aiming field is spatial domain at this time if encrypted instruction indicates time domain encryption;If encrypted instruction instruction frequency domain addsClose, aiming field is dct transform domain at this time;If encrypted instruction indicates time-frequency domain encryption, aiming field is time-frequency conversion domain at this time;If plusClose instruction m- scale domain encryption when indicating, aiming field is wavelet transformed domain at this time.
Include the case where that video flowing generation phase, authentication server receive client transmission for target processing stageAfter authentication image, which is parsed, judges to whether there is target video frame in target insertion position,If so, determining that the target processing stage obtained intermediate data meets predetermined encryption requirement.
Include the case where the Video coding stage for target processing stage, authentication server receives the body of client transmissionAfter part verifying image, which is parsed, is judged in the File header information or picture structure figure of facial imageWith the presence or absence of target information, if so, determining that the target processing stage obtained intermediate data meets predetermined encryption requirement.
That is, authentication server after the authentication image for receiving client transmission, is based on the authenticationDuring image verifies user identity, which is parsed, according to parsing result and is in advanceThe encrypted instruction that client issues, judges whether each target processing stage obtained intermediate data meets predetermined encryption and want one by oneIt asks, if each target processing stage obtained intermediate data is all satisfied predetermined encryption requirement, it is determined that subscriber authentication passes through,If either objective processing stage, obtained intermediate data was unsatisfactory for predetermined encryption requirement, it is determined that subscriber authentication failure.
Further, it carries out identity in order to combine safety that client user's account uses and authentication server and testsThe verification efficiency of card targetedly controls client and encrypts to authentication image, is based on this, raw in authentication serverDuring at encrypted instruction, the security level of client is considered, be not that all clients issue identical encrypted instruction,The quantity of the client relatively high for security level, target processing stage indicated by the encrypted instruction issued for it is more,Specifically, before sending encrypted instruction to client, further includes:
Determine the targeted security grade of the client to authentication;
In multiple data processing stages of captured identity verifying image, according to the targeted security grade determined, determineAt least one target processing stage, and determine corresponding encryption parameter of each target processing stage, specifically, can be preparatoryCorresponding relationship between security level is set and at least one target processing stage for being encrypted;
According at least one target processing stage and corresponding encryption parameter of each target processing stage, institute to be handed down to is generatedState the encrypted instruction of client.
Specifically, the security level of client is higher, the quantity of target processing stage indicated by corresponding encrypted instructionIt is more, further, consider that the authentication to user can be reinforced for a certain special circumstances, for example, being directed to preliminary judgementThere are the clients of doubtful rogue attacks risk, corresponding to the client to reinforce by the way that the security level of the client is turned upUser authentication, be based on this, above-mentioned targeted security grade can be based in advance for client setting raw securityGrade carries out what dynamic adjustment obtained, in a specific embodiment, the determination process of targeted security grade, specifically:
Judge whether the login environment of client changes, if so, the client is turned up according to default adjustment ruleSecurity level, the security level after height-regulating is determined as to the targeted security grade of client;
For example, when the login geographical location information for monitoring client is not common geographical location information, i.e., if inspectionMeasuring client is different-place login, it is determined that the login environment of client changes, and needs to reinforce at this time to test user identityThe dynamics of card further increases the safety that user account uses.
Auth method in this specification one or more embodiment, authentication server send encryption to client and refer toIt enables, so that client in the collection process of authentication image, adds according to intermediate data of the encrypted instruction to generationThen close processing receives the authentication image of insertion encryption information that client reports, and from the authentication shadow receivedEncryption information is extracted as in and authentication is carried out based on the encryption information, that is to say, that client generates authentication imageDuring, corresponding encryption is carried out in different data processing stage, on the one hand, client is required according to server for encryptingIt is encrypted, is realized between client and server and interact encryption, on the other hand, during authentication video generation inBetween data encrypted, avoid the occurrence of data replacement risk, to prevent illegal person from attacking to the malice of certificate dataIt hits, it is ensured that real-time, authenticity and the validity of certificate data acquisition improve the safety that user account uses.
It should be noted that the embodiment is with a upper embodiment in this specification based on same invention structure in this specificationThink, therefore the specific implementation of the embodiment may refer to the implementation of aforementioned auth method, overlaps will not be repeated.
The auth method that corresponding above-mentioned Fig. 2 to Fig. 7 is described, based on the same technical idea, this specification one orMultiple embodiments additionally provide a kind of authentication means, and Fig. 9 is set to for what this specification one or more embodiment providedThe module composition schematic diagram of the authentication means of client, the device is for executing the authentication side that Fig. 2 to Fig. 7 is describedMethod, as shown in figure 9, the device includes:
Encrypted instruction obtains module 901, the encrypted instruction issued for obtaining authentication server;
Data encryption module 902, for verifying at least one target of image to captured identity according to the encrypted instructionProcessing stage, obtained intermediate data was encrypted;
Image sending module 903 is verified, for the collected authentication image to be sent to the service for checking credentialsDevice, so that the authentication server is based on the authentication image and carries out authentication.
Optionally, the authentication image includes: user's face image;
At least one described target processing stage includes: optical imagery stage, imaging sensor acquisition phase, video flowing lifeAt at least one of stage, Video coding stage.
Optionally, above-mentioned data encryption module 902, is specifically used for:
According to the encrypted instruction, pumped FIR laser information of the optical imagery stage for data encryption is determined;
According to the pumped FIR laser information, to the optical imagery in the optical imagery stage of captured identity verifying image intoRow encryption.
Optionally, above-mentioned data encryption module 902, is further specifically used for:
It obtains laser light source and is irradiated in the speckle pattern obtained on diffraction optical element corresponding with the pumped FIR laser information;
The speckle pattern is superimposed on the optical imagery in the optical imagery stage of captured identity verifying image.
Optionally, above-mentioned data encryption module 902, is specifically used for:
According to the encrypted instruction, the hidden of digital watermarking of the described image sensor acquisition phase for data encryption is determinedHide position;
According to the stowed position, the image in the described image sensor acquisition phase of captured identity verifying image is believedNumber insertion digital watermarking.
Optionally, above-mentioned data encryption module 902, is further specifically used for:
If the encrypted instruction indicates time domain encryption, it is used to count using spatial domain as described image sensor acquisition phaseAccording to the stowed position of the digital watermarking of encryption;
If the encrypted instruction indicates frequency domain encryption, used dct transform domain as described image sensor acquisition phaseIn the stowed position of the digital watermarking of data encryption;
If the encrypted instruction instruction time-frequency domain encryption, using time-frequency conversion domain as described image sensor acquisition phaseThe stowed position of digital watermarking for data encryption;
If the encrypted instruction m- scale domain encryption when indicating, is adopted wavelet transformed domain as described image sensorStowed position of the collection stage for the digital watermarking of data encryption.
Optionally, above-mentioned data encryption module 902, is specifically used for:
According to the encrypted instruction, the video flowing generation phase is determined for the target video frame of data encryption and is somebody's turn to doThe insertion position of target video frame;
According to the insertion position, in the video flowing of the video flowing generation phase generation of captured identity verifying imageIt is inserted into the target video frame.
Optionally, the target video frame includes: that blank frame, the video frame for being embedded in digital watermarking and superposition are preset and addedAt least one of the video frame of close pattern.
Optionally, above-mentioned data encryption module 902, is specifically used for:
According to the encrypted instruction, addition position of the Video coding stage for the target information of data encryption is determinedIt sets;
According to the point of addition, the text of the facial image in the Video coding stage of captured identity verifying imageThe target information is embedded in part head information or picture structure figure.
Optionally, the encrypted instruction is that authentication server is determined as follows:
Determine the targeted security grade of the client to authentication;
In the multiple data processing stages for acquiring the authentication image, according to the targeted security grade, determineAt least one target processing stage, and determine corresponding encryption parameter of each target processing stage;
According at least one described target processing stage and the encryption parameter, generate wait be handed down to adding for the clientClose instruction.
Authentication means in this specification one or more embodiment obtain the encrypted instruction that server issues;RootAccording to the encrypted instruction, at least one target processing stage obtained intermediate data of captured identity verifying image is encryptedProcessing;Collected encrypted authentication image is sent to server, so that server is based on the authentication imageCarry out authentication.In the collection process of authentication image, the encrypted instruction issued according to server end is in generationBetween data be encrypted, the authentication image for being embedded in encryption information is sent to server, so that server is from receptionTo authentication image in extract encryption information and based on the encryption information carry out authentication, prevent illegal person to identityThe malicious attack of verify data, so that it is guaranteed that real-time, authenticity and the validity of certificate data acquisition, improve user's accountNumber safety used.
It should be noted that the embodiment is with one embodiment in this specification based on same invention structure in this specificationThink, therefore the specific implementation of the embodiment may refer to the implementation of aforementioned auth method, overlaps will not be repeated.
The auth method of corresponding above-mentioned Fig. 8 description, based on the same technical idea, this specification is one or more realIt applies example and additionally provides a kind of authentication means, Figure 10 is that the business that is set to that this specification one or more embodiment provides takesThe module composition schematic diagram of the authentication means of business device, the device are used to execute the auth method of Fig. 8 description, such as Figure 10Shown, which includes:
Image receiving module 1001 is verified, for the client being obtained and being reported after sending encrypted instruction to clientBased on the encrypted instruction acquisition authentication image;
Data decryption module 1002 obtains at least one target for the authentication image to be decryptedProcessing stage corresponding target encryption information;
Authentication module 1003, for determining the client according to the encrypted instruction and the target encryption informationWhether the authentication at end passes through.
Optionally, above-mentioned authentication module 1003, is specifically used for:
Judging should indicated by the corresponding target encryption information of each target processing stage and the encrypted instructionTarget processing stage, whether corresponding encryption parameter matched;
If so, determining that the authentication of the client passes through;
If not, it is determined that the authentication of the client does not pass through.
Optionally, to be the client verify image to captured identity according to the encrypted instruction with the authentication imageAt least one target processing stage obtained intermediate data be encrypted.
Optionally, above-mentioned apparatus further includes encrypted instruction generation module, wherein the encrypted instruction generation module is used for:
Determine the targeted security grade of the client to authentication;
In the multiple data processing stages for acquiring the authentication image, according to the targeted security grade, determineAt least one target processing stage, and determine corresponding encryption parameter of each target processing stage;
According at least one described target processing stage and the encryption parameter, generate wait be handed down to adding for the clientClose instruction.
Authentication means in this specification one or more embodiment, authentication server send encryption to client and refer toIt enables, so that client in the collection process of authentication image, adds according to intermediate data of the encrypted instruction to generationThen close processing receives the authentication image of insertion encryption information that client reports, and from the authentication shadow receivedEncryption information is extracted as in and authentication is carried out based on the encryption information, that is to say, that client generates authentication imageDuring, corresponding encryption is carried out in different data processing stage, on the one hand, client is required according to server for encryptingIt is encrypted, is realized between client and server and interact encryption, on the other hand, during authentication video generation inBetween data encrypted, avoid the occurrence of data replacement risk, to prevent illegal person from attacking to the malice of certificate dataIt hits, it is ensured that real-time, authenticity and the validity of certificate data acquisition improve the safety that user account uses.
It should be noted that the embodiment is with one embodiment in this specification based on same invention structure in this specificationThink, therefore the specific implementation of the embodiment may refer to the implementation of aforementioned auth method, overlaps will not be repeated.
The auth method that corresponding above-mentioned Fig. 2 to Fig. 8 is described, based on the same technical idea, this specification one orMultiple embodiments additionally provide a kind of authentication system, and Figure 11 is that the identity that this specification one or more embodiment provides is testedThe structural schematic diagram of card system, the device is for executing the auth method that Fig. 2 to Fig. 8 is described, as shown in figure 11, the systemInclude:
Authentication server 10 and multiple client 20, wherein authentication server 10 is communicated to connect with each client 20;
Specifically, authentication server issues encrypted instruction to client, wherein the encrypted instruction includes: to be addedClose target processing stage and corresponding encryption parameter of each target processing stage;
After client receives the encrypted instruction that authentication server issues, during captured identity verifies image, rootAt least one target processing stage obtained intermediate data is encrypted according to the encrypted instruction, obtains encrypted bodyPart verifying image;
Encrypted authentication image is sent to authentication server by client;
Authentication server is after receiving encrypted authentication image, based on the authentication image to using the visitorThe user at family end carries out authentication, if authentication passes through, sends to client for characterizing the prompt being verified letterBreath sends the prompt information for characterizing authentication failed to client if authentication fails.
Authentication system in this specification one or more embodiment, authentication server send encryption to client and refer toIt enables, client carries out at encryption in the collection process of authentication image according to intermediate data of the encrypted instruction to generationReason obtains the authentication image of insertion encryption information, and then, authentication server receives the insertion encryption information that client reportsAuthentication image, and from the authentication image received extract encryption information and based on the encryption information carry out identityVerifying, that is to say, that during client generates authentication image, encrypted accordingly in different data processing stageProcessing, on the one hand, client requires to be encrypted according to server for encrypting, realizes between client and server and interacts encryption,On the other hand, intermediate data is encrypted during authentication video generation, avoids the occurrence of the risk of data replacement, fromAnd prevent malicious attack of the illegal person to certificate data, it is ensured that certificate data acquisition real-time, authenticity andValidity improves the safety that user account uses.
It should be noted that the embodiment is with one embodiment in this specification based on same invention structure in this specificationThink, therefore the specific implementation of the embodiment may refer to the implementation of aforementioned auth method, overlaps will not be repeated.
Further, corresponding above-mentioned Fig. 2 is to method shown in Fig. 8, based on the same technical idea, this specification one orMultiple embodiments additionally provide a kind of identity-validation device, and the equipment is for executing above-mentioned auth method, such as Figure 12 instituteShow.
Identity-validation device can generate bigger difference because configuration or performance are different, may include one or one withOn processor 1201 and memory 1202, can store in memory 1202 one or more storage application programs orData.Wherein, memory 1202 can be of short duration storage or persistent storage.The application program for being stored in memory 1202 can wrapOne or more modules (diagram is not shown) are included, each module may include to the series of computation in identity-validation deviceMachine executable instruction.Further, processor 1201 can be set to communicate with memory 1202, on identity-validation deviceExecute the series of computation machine executable instruction in memory 1202.Identity-validation device can also include one or morePower supply 1203, one or more wired or wireless network interfaces 1204, one or more input/output interfaces 1205,One or more keyboards 1206 etc..
In a specific embodiment, identity-validation device includes memory and one or more journeySequence, perhaps more than one program is stored in memory and one or more than one program may include one for one of themOr more than one module, and each module may include to the series of computation machine executable instruction in identity-validation device, andBe configured to be executed this by one or more than one processor or more than one program include by carry out it is following based onCalculation machine executable instruction:
Obtain the encrypted instruction that authentication server issues;
According to the encrypted instruction, at least one target processing stage obtained centre of captured identity verifying imageData are encrypted;
The collected authentication image is sent to the authentication server, so that the authentication server is based onThe authentication image carries out authentication.
Optionally, when executed, the authentication image includes: user's face image to computer executable instructions;
At least one described target processing stage includes: optical imagery stage, imaging sensor acquisition phase, video flowing lifeAt at least one of stage, Video coding stage.
Optionally, computer executable instructions are when executed, described according to the encrypted instruction, verify to captured identityAt least one target processing stage obtained intermediate data of image is encrypted, comprising:
According to the encrypted instruction, pumped FIR laser information of the optical imagery stage for data encryption is determined;
According to the pumped FIR laser information, to the optical imagery in the optical imagery stage of captured identity verifying image intoRow encryption.
Optionally, computer executable instructions are when executed, described according to the pumped FIR laser information, test captured identityThe optical imagery demonstrate,proved in the optical imagery stage of image is encrypted, comprising:
It obtains laser light source and is irradiated in the speckle pattern obtained on diffraction optical element corresponding with the pumped FIR laser information;
The speckle pattern is superimposed on the optical imagery in the optical imagery stage of captured identity verifying image.
Optionally, computer executable instructions are when executed, described according to the encrypted instruction, verify to captured identityAt least one target processing stage obtained intermediate data of image is encrypted, comprising:
According to the encrypted instruction, the hidden of digital watermarking of the described image sensor acquisition phase for data encryption is determinedHide position;
According to the stowed position, the image in the described image sensor acquisition phase of captured identity verifying image is believedNumber insertion digital watermarking.
Optionally, computer executable instructions when executed, according to the encrypted instruction, determine described image sensorStowed position of the acquisition phase for the digital watermarking of data encryption, comprising:
If the encrypted instruction indicates time domain encryption, it is used to count using spatial domain as described image sensor acquisition phaseAccording to the stowed position of the digital watermarking of encryption;
If the encrypted instruction indicates frequency domain encryption, used dct transform domain as described image sensor acquisition phaseIn the stowed position of the digital watermarking of data encryption;
If the encrypted instruction instruction time-frequency domain encryption, using time-frequency conversion domain as described image sensor acquisition phaseThe stowed position of digital watermarking for data encryption;
If the encrypted instruction m- scale domain encryption when indicating, is adopted wavelet transformed domain as described image sensorStowed position of the collection stage for the digital watermarking of data encryption.
Optionally, computer executable instructions are when executed, described according to the encrypted instruction, verify to captured identityAt least one target processing stage obtained intermediate data of image is encrypted, comprising:
According to the encrypted instruction, the video flowing generation phase is determined for the target video frame of data encryption and is somebody's turn to doThe insertion position of target video frame;
According to the insertion position, in the video flowing of the video flowing generation phase generation of captured identity verifying imageIt is inserted into the target video frame.
Optionally, when executed, the target video frame includes: blank frame, insertion number to computer executable instructionsThe video frame of watermark and at least one of the video frame for being superimposed predetermined encryption pattern.
Optionally, computer executable instructions are when executed, described according to the encrypted instruction, verify to captured identityAt least one target processing stage obtained intermediate data of image is encrypted, comprising:
According to the encrypted instruction, addition position of the Video coding stage for the target information of data encryption is determinedIt sets;
According to the point of addition, the text of the facial image in the Video coding stage of captured identity verifying imageThe target information is embedded in part head information or picture structure figure.
Optionally, when executed, the encrypted instruction is that authentication server passes through such as lower section to computer executable instructionsWhat formula determined:
Determine the targeted security grade of the client to authentication;
In the multiple data processing stages for acquiring the authentication image, according to the targeted security grade, determineAt least one target processing stage, and determine corresponding encryption parameter of each target processing stage;
According at least one described target processing stage and the encryption parameter, generate wait be handed down to adding for the clientClose instruction.
Identity-validation device in this specification one or more embodiment obtains the encrypted instruction that server issues;RootAccording to the encrypted instruction, at least one target processing stage obtained intermediate data of captured identity verifying image is encryptedProcessing;Collected encrypted authentication image is sent to server, so that server is based on the authentication imageCarry out authentication.In the collection process of authentication image, the encrypted instruction issued according to server end is in generationBetween data be encrypted, the authentication image for being embedded in encryption information is sent to server, so that server is from receptionTo authentication image in extract encryption information and based on the encryption information carry out authentication, prevent illegal person to identityThe malicious attack of verify data, so that it is guaranteed that real-time, authenticity and the validity of certificate data acquisition, improve user's accountNumber safety used.
In another specific embodiment, identity-validation device includes memory and one or moreProgram, perhaps more than one program is stored in memory and one or more than one program may include one for one of themA or more than one module, and each module may include to the series of computation machine executable instruction in identity-validation device,And it is configured to execute this or more than one program by one or more than one processor to include following for carrying outComputer executable instructions:
After sending encrypted instruction to client, the body based on encrypted instruction acquisition that the client reports is obtainedPart verifying image;
The authentication image is decrypted, the corresponding target encryption of at least one target processing stage is obtainedInformation;
According to the encrypted instruction and the target encryption information, determine whether the authentication of the client passes through.
Optionally, computer executable instructions are when executed, described to be encrypted according to the encrypted instruction and the targetInformation, determines whether the authentication of the client passes through, comprising:
Judging should indicated by the corresponding target encryption information of each target processing stage and the encrypted instructionTarget processing stage, whether corresponding encryption parameter matched;
If so, determining that the authentication of the client passes through;
If not, it is determined that the authentication of the client does not pass through.
Optionally, when executed, the authentication image is the client according to institute to computer executable instructionsEncrypted instruction is stated to carry out at encryption at least one target processing stage obtained intermediate data of captured identity verifying imageWhat reason obtained.
Optionally, computer executable instructions also include for carrying out following computer executable instructions when executed:
Determine the targeted security grade of the client to authentication;
In the multiple data processing stages for acquiring the authentication image, according to the targeted security grade, determineAt least one target processing stage, and determine corresponding encryption parameter of each target processing stage;
According at least one described target processing stage and the encryption parameter, generate wait be handed down to adding for the clientClose instruction.
Identity-validation device in this specification one or more embodiment, authentication server send encryption to client and refer toIt enables, so that client in the collection process of authentication image, adds according to intermediate data of the encrypted instruction to generationThen close processing receives the authentication image of insertion encryption information that client reports, and from the authentication shadow receivedEncryption information is extracted as in and authentication is carried out based on the encryption information, that is to say, that client generates authentication imageDuring, corresponding encryption is carried out in different data processing stage, on the one hand, client is required according to server for encryptingIt is encrypted, is realized between client and server and interact encryption, on the other hand, during authentication video generation inBetween data encrypted, avoid the occurrence of data replacement risk, to prevent illegal person from attacking to the malice of certificate dataIt hits, it is ensured that real-time, authenticity and the validity of certificate data acquisition improve the safety that user account uses.
Further, corresponding above-mentioned Fig. 2 is to method shown in Fig. 8, based on the same technical idea, this specification one orMultiple embodiments additionally provide a kind of storage medium,, should in a kind of specific embodiment for storing computer executable instructionsStorage medium can be USB flash disk, CD, hard disk etc., and the computer executable instructions of storage medium storage are being executed by processorWhen, it is able to achieve following below scheme:
Obtain the encrypted instruction that authentication server issues;
According to the encrypted instruction, at least one target processing stage obtained centre of captured identity verifying imageData are encrypted;
The collected authentication image is sent to the authentication server, so that the authentication server is based onThe authentication image carries out authentication.
Optionally, the computer executable instructions of storage medium storage are when being executed by processor, the authenticationImage includes: user's face image;
At least one described target processing stage includes: optical imagery stage, imaging sensor acquisition phase, video flowing lifeAt at least one of stage, Video coding stage.
Optionally, the computer executable instructions of storage medium storage are described according to when being executed by processorEncrypted instruction carries out at encryption at least one target processing stage obtained intermediate data of captured identity verifying imageReason, comprising:
According to the encrypted instruction, pumped FIR laser information of the optical imagery stage for data encryption is determined;
According to the pumped FIR laser information, to the optical imagery in the optical imagery stage of captured identity verifying image intoRow encryption.
Optionally, the computer executable instructions of storage medium storage are described according to when being executed by processorPumped FIR laser information encrypts the optical imagery in the optical imagery stage of captured identity verifying image, comprising:
It obtains laser light source and is irradiated in the speckle pattern obtained on diffraction optical element corresponding with the pumped FIR laser information;
The speckle pattern is superimposed on the optical imagery in the optical imagery stage of captured identity verifying image.
Optionally, the computer executable instructions of storage medium storage are described according to when being executed by processorEncrypted instruction carries out at encryption at least one target processing stage obtained intermediate data of captured identity verifying imageReason, comprising:
According to the encrypted instruction, the hidden of digital watermarking of the described image sensor acquisition phase for data encryption is determinedHide position;
According to the stowed position, the image in the described image sensor acquisition phase of captured identity verifying image is believedNumber insertion digital watermarking.
Optionally, the computer executable instructions of storage medium storage are when being executed by processor, according to the encryptionInstruction determines the stowed position of digital watermarking of the described image sensor acquisition phase for data encryption, comprising:
If the encrypted instruction indicates time domain encryption, it is used to count using spatial domain as described image sensor acquisition phaseAccording to the stowed position of the digital watermarking of encryption;
If the encrypted instruction indicates frequency domain encryption, used dct transform domain as described image sensor acquisition phaseIn the stowed position of the digital watermarking of data encryption;
If the encrypted instruction instruction time-frequency domain encryption, using time-frequency conversion domain as described image sensor acquisition phaseThe stowed position of digital watermarking for data encryption;
If the encrypted instruction m- scale domain encryption when indicating, is adopted wavelet transformed domain as described image sensorStowed position of the collection stage for the digital watermarking of data encryption.
Optionally, the computer executable instructions of storage medium storage are described according to when being executed by processorEncrypted instruction carries out at encryption at least one target processing stage obtained intermediate data of captured identity verifying imageReason, comprising:
According to the encrypted instruction, the video flowing generation phase is determined for the target video frame of data encryption and is somebody's turn to doThe insertion position of target video frame;
According to the insertion position, in the video flowing of the video flowing generation phase generation of captured identity verifying imageIt is inserted into the target video frame.
Optionally, the computer executable instructions of storage medium storage are when being executed by processor, the target videoFrame includes: at least one of blank frame, the video frame for being embedded in digital watermarking and the video frame for being superimposed predetermined encryption pattern.
Optionally, the computer executable instructions of storage medium storage are described according to when being executed by processorEncrypted instruction carries out at encryption at least one target processing stage obtained intermediate data of captured identity verifying imageReason, comprising:
According to the encrypted instruction, addition position of the Video coding stage for the target information of data encryption is determinedIt sets;
According to the point of addition, the text of the facial image in the Video coding stage of captured identity verifying imageThe target information is embedded in part head information or picture structure figure.
Optionally, the computer executable instructions of storage medium storage are when being executed by processor, the encrypted instructionIt is that authentication server is determined as follows:
Determine the targeted security grade of the client to authentication;
In the multiple data processing stages for acquiring the authentication image, according to the targeted security grade, determineAt least one target processing stage, and determine corresponding encryption parameter of each target processing stage;
According at least one described target processing stage and the encryption parameter, generate wait be handed down to adding for the clientClose instruction.
The computer executable instructions of storage medium storage in this specification one or more embodiment are by processorWhen execution, the encrypted instruction that server issues is obtained;According to the encrypted instruction, at least one mesh of captured identity verifying imageMark processing stage obtained intermediate data is encrypted;Collected encrypted authentication image is sent to clothesBusiness device, so that server is based on the authentication image and carries out authentication.In the collection process of authentication image, according toThe intermediate data of generation is encrypted in the encrypted instruction that server end issues, and will be embedded in the authentication shadow of encryption informationAs being sent to server, so that server extracts encryption information from the authentication image received and based on the encryption informationAuthentication is carried out, malicious attack of the illegal person to certificate data is prevented, so that it is guaranteed that certificate data acquisitionReal-time, authenticity and validity improve the safety that user account uses.
In another specific embodiment, which can be USB flash disk, CD, hard disk etc., storage medium storageComputer executable instructions when being executed by processor, be able to achieve following below scheme:
After sending encrypted instruction to client, the body based on encrypted instruction acquisition that the client reports is obtainedPart verifying image;
The authentication image is decrypted, the corresponding target encryption of at least one target processing stage is obtainedInformation;
According to the encrypted instruction and the target encryption information, determine whether the authentication of the client passes through.
Optionally, the computer executable instructions of storage medium storage are described according to when being executed by processorEncrypted instruction and the target encryption information, determine whether the authentication of the client passes through, comprising:
Judging should indicated by the corresponding target encryption information of each target processing stage and the encrypted instructionTarget processing stage, whether corresponding encryption parameter matched;
If so, determining that the authentication of the client passes through;
If not, it is determined that the authentication of the client does not pass through.
Optionally, the computer executable instructions of storage medium storage are when being executed by processor, the authenticationImage is at least one target processing stage gained of the client according to the encrypted instruction to captured identity verifying imageTo intermediate data be encrypted.
Optionally, the computer executable instructions of storage medium storage are also realized when being executed by processor to flow downJourney:
Determine the targeted security grade of the client to authentication;
In the multiple data processing stages for acquiring the authentication image, according to the targeted security grade, determineAt least one target processing stage, and determine corresponding encryption parameter of each target processing stage;
According at least one described target processing stage and the encryption parameter, generate wait be handed down to adding for the clientClose instruction.
The computer executable instructions of storage medium storage in this specification one or more embodiment are by processorWhen execution, authentication server sends encrypted instruction to client, so that client is in the collection process of authentication image, rootIt is encrypted according to intermediate data of the encrypted instruction to generation, then, receives the insertion encryption information that client reportsAuthentication image, and extract encryption information from the authentication image received and tested based on encryption information progress identityCard, that is to say, that during client generates authentication image, carried out at corresponding encryption in different data processing stageReason, on the one hand, client requires to be encrypted according to server for encrypting, realizes between client and server and interacts encryption, separatelyOn the one hand, intermediate data is encrypted during authentication video generation, avoids the occurrence of the risk of data replacement, thusPrevent malicious attack of the illegal person to certificate data, it is ensured that the real-time of certificate data acquisition and has authenticityEffect property improves the safety that user account uses.
In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example,Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).SoAnd with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit.Designer nearly all obtains corresponding hardware circuit by the way that improved method flow to be programmed into hardware circuit.CauseThis, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device(Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable GateArray, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designerVoluntarily programming comes a digital display circuit " integrated " on a piece of PLD, designs and makes without asking chip makerDedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " is patrolledVolume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development,And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language(Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware DescriptionLanguage)、Confluence、CUPL(Cornell University Programming Language)、HD Cal、JHDL(Java Hardware Description Language)、Lava、Lola、My HDL、PALASM、RHDL(RubyHardware Description Language) etc., VHDL (Very-High-Speed is most generally used at presentIntegrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also answerThis understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages,The hardware circuit for realizing the logical method process can be readily available.
Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processingThe computer for the computer readable program code (such as software or firmware) that device and storage can be executed by (micro-) processor canRead medium, logic gate, switch, specific integrated circuit (Application Specific Integrated Circuit,ASIC), the form of programmable logic controller (PLC) and insertion microcontroller, the example of controller includes but is not limited to following microcontrollerDevice: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320 are depositedMemory controller is also implemented as a part of the control logic of memory.It is also known in the art that in addition toPure computer readable program code mode is realized other than controller, can be made completely by the way that method and step is carried out programming in logicController is obtained to come in fact in the form of logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion microcontroller etc.Existing identical function.Therefore this controller is considered a kind of hardware component, and to including for realizing various in itThe device of function can also be considered as the structure in hardware component.Or even, it can will be regarded for realizing the device of various functionsFor either the software module of implementation method can be the structure in hardware component again.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be usedThink personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media playIt is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipmentThe combination of equipment.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing thisThe function of each unit can be realized in the same or multiple software and or hardware when specification one or more.
It should be understood by those skilled in the art that, the embodiment of this specification one or more can provide for method, system,Or computer program product.Therefore, this specification one or more can be used complete hardware embodiment, complete software embodiment,Or the form of embodiment combining software and hardware aspects.Moreover, this specification one or more can be used in one or moreIt wherein include computer-usable storage medium (the including but not limited to magnetic disk storage, CD- of computer usable program codeROM, optical memory etc.) on the form of computer program product implemented.
This specification one or more is referring to (being according to method, the equipment of this specification one or more embodimentSystem) and the flowchart and/or the block diagram of computer program product describe.It should be understood that can be realized by computer program instructionsThe process and/or box in each flow and/or block and flowchart and/or the block diagram in flowchart and/or the block diagramCombination.Can provide these computer program instructions to general purpose computer, special purpose computer, Embedded Processor or other can compileThe processor of journey data processing equipment is to generate a machine, so that passing through computer or other programmable data processing devicesThe instruction that processor executes generates for realizing in one box of one or more flows of the flowchart and/or block diagram or moreThe device for the function of being specified in a box.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spyDetermine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram orThe function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that countingSeries of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer orThe instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram oneThe step of function of being specified in a box or multiple boxes.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, netNetwork interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/orThe forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable mediumExample.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any methodOr technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), movesState random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasableProgrammable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devicesOr any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculatesMachine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludabilityIt include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrapInclude other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic wantElement.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described wantThere is also other identical elements in the process, method of element, commodity or equipment.
It will be understood by those skilled in the art that the embodiment of this specification one or more can provide as method, system or meterCalculation machine program product.Therefore, complete hardware embodiment, complete software embodiment or combination can be used in this specification one or moreThe form of embodiment in terms of software and hardware.It is wherein wrapped moreover, this specification one or more can be used in one or moreComputer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optics containing computer usable program codeMemory etc.) on the form of computer program product implemented.
This specification one or more can be in the general context of computer-executable instructions executed by a computerDescription, such as program module.Generally, program module includes the example for executing particular task or realizing particular abstract data typeJourney, programs, objects, component, data structure etc..This specification one or more can also be practiced in a distributed computing environmentIt is a, in these distributed computing environments, by executing task by the connected remote processing devices of communication network.DividingCloth calculates in environment, and program module can be located in the local and remote computer storage media including storage equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodimentDividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system realityFor applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the methodPart explanation.
The foregoing is merely the embodiment of this specification one or more, be not limited to this specification one orIt is multiple.To those skilled in the art, this specification one or more can have various modifications and variations.It is all in this explanationAny modification, equivalent replacement, improvement and so within book one or more spirit and principle, should be included in this specificationWithin one or more scopes of the claims.