CN110335386B - Identity authentication method, device, terminal and storage medium - Google Patents
Identity authentication method, device, terminal and storage mediumDownload PDFInfo
- Publication number
- CN110335386B CN110335386BCN201910557166.6ACN201910557166ACN110335386BCN 110335386 BCN110335386 BCN 110335386BCN 201910557166 ACN201910557166 ACN 201910557166ACN 110335386 BCN110335386 BCN 110335386B
- Authority
- CN
- China
- Prior art keywords
- reference data
- access control
- data set
- control machine
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/16—Human faces, e.g. facial parts, sketches or expressions
- G06V40/172—Classification, e.g. identification
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/40—Spoof detection, e.g. liveness detection
- G06V40/45—Detection of the body part being alive
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/32—Individual registration on entry or exit not involving the use of a pass in combination with an identity check
- G07C9/37—Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/30—Individual registration on entry or exit not involving the use of a pass
- G07C9/38—Individual registration on entry or exit not involving the use of a pass with central registration
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Human Computer Interaction (AREA)
- Multimedia (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Oral & Maxillofacial Surgery (AREA)
- Collating Specific Patterns (AREA)
Abstract
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an identity authentication method, apparatus, terminal, and storage medium.
Background
The face verification technology is a technology for acquiring required information by acquiring a face image and comparing and analyzing the acquired image by using an image processing technology.
The existing face authentication access control system is generally used by combining a client and a server, and only registered personnel can be permitted to enter through the setting of the face authentication access control system. However, when the network is abnormal, the connection between the server and the client is abnormal, which results in a long time for face verification, and even a failure problem of face verification, thereby reducing the efficiency and effectiveness of face verification.
Disclosure of Invention
The embodiment of the invention provides an identity authentication method and device, which can improve the efficiency and effectiveness of face authentication.
The embodiment of the invention provides an identity authentication method, which comprises the following steps:
when an identity authentication request of a user is detected, acquiring network environment information of an access control machine and a face image of the user;
acquiring an identity verification mode and a reference data acquisition mode corresponding to the network environment information;
reading data from a database of the access control machine as a reference data set according to the reference data acquisition mode;
matching the face image with data in a reference data set according to the identity verification mode;
and if the matching result meets the preset condition, determining that the user passes the authentication, and controlling the access control machine to allow the user to pass.
Correspondingly, the embodiment of the invention also provides an identity authentication device, which comprises:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring network environment information of the access control machine and a face image of a user when an identity authentication request of the user is detected;
the acquisition module is used for acquiring an identity verification mode and a reference data acquisition mode corresponding to the network environment information;
the reading module is used for reading data from a database of the access control machine as a reference data set according to the reference data acquisition mode;
the matching module is used for matching the face image with the data in the reference data set according to the identity verification mode;
and the determining module is used for determining that the user passes the authentication and controlling the access control machine to allow the user to pass when the matching result obtained by the matching module meets the preset condition.
Optionally, in some embodiments of the present invention, the obtaining module includes:
the determining unit is used for determining the current network state and the current security level according to the network environment information;
the first selection unit is used for selecting an identity verification mode corresponding to the current security level from a preset verification mode set and determining that the reference data acquisition mode is a network mode;
and the second selection unit is used for selecting the identity verification mode corresponding to the current security level from the preset verification mode set and determining the reference data acquisition mode as a local mode.
Optionally, in some embodiments of the present invention, the reading module is specifically configured to:
if the reference data acquisition mode is a network mode, acquiring updated data through a current network when the updated data exist in a network database, updating the database of the access control machine according to the acquired updated data, and reading the data from the updated database as a reference data set;
and if the reference data acquisition mode is a local mode, reading data from a database of the access control machine as a reference data set.
Optionally, in some embodiments of the present invention, the matching module is specifically configured to:
calculating the similarity between the face image and a registered image in a reference data set;
and if the similarity is greater than a first preset threshold, determining that the matching result of the face image and the data in the reference data set meets a preset condition.
Optionally, in some embodiments of the present invention, the matching module is specifically configured to:
calculating the similarity between the face image and a registered image in a reference data set;
acquiring identity information of the registered image with the similarity larger than a second preset threshold;
and if the related information corresponding to the identity information is stored in the reference data set, determining that the matching result of the face image and the data in the reference data set meets a preset condition.
Optionally, in some embodiments of the present invention, the apparatus further includes an association module, where the association module is specifically configured to:
setting identity information of each registered image in a database of the access control machine;
acquiring a registration image of an object associated with the identity information to obtain an associated object image;
establishing an incidence relation between the identity information and the incidence object image to obtain incidence information;
and storing the associated information in a database of the access control machine.
Optionally, in some embodiments of the present invention, the matching module is specifically configured to:
detecting a feature point set of the face image;
when the feature point set determines that the face deflection angle of the face image is smaller than a preset angle threshold, acquiring a registered image matched with the feature point set in a reference data set to obtain a target image set;
calculating the similarity between the face image and the target image set registration image;
and if the similarity is greater than a third preset threshold, determining that the matching result of the face image and the data in the reference data set meets a preset condition.
Optionally, in some embodiments of the present invention, the apparatus further includes a living body detection module, where the living body detection module is specifically configured to:
acquiring heat information of the face image;
performing living body detection on the user according to the heat information;
and the acquisition module is used for acquiring an identity verification mode and a reference data acquisition mode corresponding to the network environment information when the living body detection result indicates that the user is a living body.
Optionally, in some embodiments of the present invention, the system further includes an update module, where the update module is specifically configured to:
receiving a data updating packet periodically issued by a network database, and updating the database of the access control machine according to the data updating packet; or,
monitoring data in the network database according to a preset period, and updating the database of the access control machine according to changed data when the monitored data are changed.
When an identity authentication request of a user is detected, acquiring network environment information of an access control machine and a face image of the user, then acquiring an identity authentication mode and a reference data acquisition mode corresponding to the network environment information, reading data from a database of the access control machine as a reference data set according to the reference data acquisition mode, then matching the face image with the data in the reference data set according to the identity authentication mode, and if a matching result meets a preset condition, determining that the identity authentication of the user passes and controlling the access control machine to allow the user to pass. Compared with the existing face verification scheme, the face verification can be carried out according to the current network environment, when the connection between the server side and the client side is abnormal, data can be read from the database of the access control machine, the user is subjected to identity verification according to the data read from the database of the access control machine, the problems that the face verification time is long and the face verification fails cannot occur, and therefore the face verification efficiency and effectiveness can be improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1a is a schematic diagram of a first scenario of an identity authentication method according to an embodiment of the present invention;
fig. 1b is a schematic flow chart of an authentication method according to an embodiment of the present invention;
fig. 2a is another schematic flow chart of an authentication method according to an embodiment of the present invention;
fig. 2b is a schematic diagram of a second scenario of the method for authenticating identity according to the embodiment of the present invention;
fig. 2c is a schematic diagram of a third scenario of the method for authenticating identity according to the embodiment of the present invention;
fig. 3a is a schematic structural diagram of a first implementation manner of an identity authentication device according to an embodiment of the present invention;
fig. 3b is a schematic structural diagram of a second implementation manner of the identity authentication device provided in the embodiment of the present invention;
fig. 3c is a schematic structural diagram of a third implementation manner of the identity authentication device provided in the embodiment of the present invention;
fig. 3d is a schematic structural diagram of a fourth implementation manner of the identity authentication device provided in the embodiment of the present invention;
fig. 3e is a schematic diagram of another scenario of an authentication method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides an identity authentication method and device.
The identity authentication device may be integrated in a terminal, as shown in fig. 1a, and may be installed in a door access machine in the form of a client, for example.
Specifically, when a user needs to perform identity authentication, when an access control machine where an identity authentication device is located detects an identity authentication request of the user, network environment information of the access control machine and a face image of the user are collected, then, the identity authentication device acquires an identity authentication mode and a reference data acquisition mode corresponding to the network environment information, reads data from a database of the access control machine as a reference data set according to the reference data acquisition mode, then, matches the data in the face image and the reference data set according to the corresponding authentication mode, and when a matching result meets a preset condition, determines that the identity authentication of the user passes, and controls the access control machine to allow the user to pass.
For example, when the user clicks a trigger key for authentication, such as clicking an "authentication" control key on the access control machine, the access control machine performs face recognition on the user based on an authentication request, so as to obtain a face image of the user, and the access control machine also obtains current network environment information. The access control machine determines a corresponding verification mode and a reference number acquisition mode through current network environment information, reads data from a database of the access control machine as a reference data set according to the reference data acquisition mode, then matches the face image with the data in the reference data set according to the corresponding verification mode, and determines that the identity verification of the user passes and controls the access control machine to allow the user to pass when a matching result meets a preset condition.
It should be noted that the database of the access control device is set in the access control device, so that when the user needs to perform authentication, and before the user initiates authentication, the database of the access control device stores an image of the user (i.e., a registration image), and the access control device can perform authentication on the user according to the registration image, thereby improving the face authentication efficiency. It should be noted that, because the environmental factors when the user enters the registration image are different from the environmental factors when the user performs the authentication, when the terminal is connected to the server via the network, the database of the access control device may be updated according to the network database (i.e., the database set in the server), so as to improve the validity of the authentication.
The following detailed description is given for each example, and it should be noted that the description order of the following examples is not intended to limit the priority order of the examples.
An identity verification method comprising: when an authentication request of a user is detected, acquiring network environment information of the access control machine and a face image of the user, acquiring an authentication mode and a reference data acquisition mode corresponding to the network environment information, reading data from a database of the access control machine as a reference data set according to the reference data acquisition mode, finally matching the data in the face image and the reference data set according to the authentication mode, if a matching result meets a preset condition, determining that the authentication of the user passes, and controlling the access control machine to allow the user to pass.
Referring to fig. 1b, fig. 1b is a schematic flow chart of an authentication method according to an embodiment of the present invention. The specific process of the identity authentication method may be as follows:
101. when an authentication request of a user is detected, network environment information of the access control machine and a face image of the user are collected.
For example, an authentication request sent by a user through triggering an authentication trigger key may be received, for example, the user may click or slide a trigger key such as "unlock" or "verify" to trigger the authentication request, and so on. Then, the current network environment information and the face image of the user are collected according to the identity authentication request. The network environment information may include a network connection mode and a network access type. The network connection mode may include an online mode and an offline mode, and the network access type may include data access and wireless access. The data access may include a local area network or a mobile network, and the wireless access may include wireless broadband. In addition, it should be noted that, due to noise, illumination or the device itself, the quality of the original image obtained is usually not very high, so that the image is preprocessed, so that the image is clearer, the image features are more obvious, and the image is convenient to further identify and analyze. The method for preprocessing the image comprises color space change and denoising. In this embodiment, the obtained original image is mainly subjected to color space change to obtain a face image.
It should be noted that, in order to improve the accuracy of the identity authentication, the living body detection may be performed on the human face, that is, in some embodiments, the step "acquire the network environment information and the human face image of the user when the identity authentication request of the user is detected" is further specifically included:
(11) and acquiring heat information of the face image.
(12) And performing living body detection on the user according to the heat information.
When the living body detection result indicates that the user is a living body,step 102 is executed.
102. And acquiring an identity verification mode and a reference data acquisition mode corresponding to the network environment information.
The corresponding authentication method may be obtained according to the network environment information, for example, the corresponding authentication method may be obtained according to the network connection mode. For another example, the corresponding authentication method may be obtained according to the security level of the actual scene and the current network state, that is, in some embodiments, the step "obtaining the authentication method and the reference data obtaining mode corresponding to the network environment information" may specifically include:
(21) and determining the current network state and the current security level according to the network environment information.
The current network state may be determined to be an online state or an offline state according to the network connection mode, and the current security level may be determined according to the network access type, for example, when the network access type is wireless access, the current security level may be determined to be a low level, and when the network access type is data access, the current security level may be determined to be a high level.
(22) And if the current network state is the online state, selecting an identity verification mode corresponding to the current security level from a preset verification mode set, and determining that the reference data acquisition mode is the network mode.
(23) And if the current network state is an off-line state, selecting an identity verification mode corresponding to the current security level from a preset verification mode set, and determining that the reference data acquisition mode is a local mode.
It should be noted that the current security level refers to the security level of the current scene, and the preset mode set may include a plurality of preset modes, for example, specifically, in a company, the access control level of a corporate financial office is higher than the access control level of a corporate gate, when a user needs to enter the corporate gate, it is assumed that the access control level of the corporate gate is low, if the current network state is an online state, an identity verification mode corresponding to the low level is selected from the preset verification modes, and it is determined that the reference data acquisition mode is a network mode; and if the current network state is an offline state, selecting an identity verification mode corresponding to a low level from preset verification modes, and determining that the reference data acquisition mode is a local mode.
103. And reading data from a database of the access control machine as a reference data set according to the reference data acquisition mode.
Taking a company as an example, if the database of the access control machine includes data of a plurality of access control machines, such as data of an access control machine in a financial office and data of an access control machine in a general office, then, the corresponding registration image can be screened according to the corresponding access control machine as a reference data set, and if the financial office obtains the registration image corresponding to the financial office, the registration image can be compared with the registration images of other offices.
Or, it can also be understood that the data in the database of the access control device is primarily screened, for example, if the current face image can be determined as a female, only a female registration image needs to be acquired for comparison, so that the calculation amount can be reduced.
The reference data acquisition mode can comprise a network mode and a local mode, and if the reference data acquisition mode is the network mode and the network database has data update, the database of the access control machine can be updated through the updated data, then the data is read from the updated database to be used as a reference data set, and the user is authenticated through the reference data set, so that the reliability of authentication can be improved; if the reference data obtaining mode is the local mode, reading data from the database of the access control machine as a reference data set, and performing authentication on the user through the reference data set obtained from the database of the access control machine, which may improve the efficiency of the authentication, that is, in some embodiments, the step "reading data from the database of the access control machine as the reference data set according to the reference data obtaining mode" may specifically include:
(31) if the reference data acquisition mode is a network mode, acquiring updated data through a current network when the updated data exist in a network database, updating the database of the access control machine according to the acquired updated data, and reading the data from the updated database as a reference data set;
(32) and if the reference data acquisition mode is the local mode, reading data from a database of the access control machine as a reference data set.
104. And matching the face image with the data in the reference data set according to an identity verification mode.
Matching the face image with the data in the reference data set according to an identity verification mode, and executing thestep 105 when the matching result of the face image and the data in the reference data set meets a preset condition; when the matching result of the face image and the data in the reference data set does not meet the preset condition, the terminal can generate the authentication failure information of the user and display corresponding prompt information of the authentication failure so that related personnel can know the information in time. The authentication means may be determined according to the current security level, and the data in the reference data set may include the registered image and the associated information.
For example, if the current security level is a low level, the similarity between the registered image in the reference data set and the face image of the user may be determined, and when the similarity between the registered image in the reference data set and the face image of the user is greater than a first preset threshold, it may be determined that a matching result between the face image and the data in the reference data set meets a preset condition, that is, in some embodiments, the step "matching the face image and the data in the reference data set according to an authentication manner" may specifically include:
(41) and calculating the similarity between the face image and the registered image in the reference data set.
(42) And if the similarity is greater than a first preset threshold, determining that the matching result of the face image and the data in the reference data set meets a preset condition.
Specifically, when an employee A of a company T needs to enter the company, the entrance guard machine scans the employee A and then calculates the similarity between the face image of the employee A and the registered image in the reference data set, and when the similarity is greater than a first preset threshold value, it is determined that the matching result of the data in the employee A and the registered image in the reference data set meets a preset condition.
For another example, if the current security level is a low level, the identity authentication may be performed on the user through the registered image and the associated information, when the similarity between the registered image in the reference data set and the face image of the user is greater than a second preset threshold, the identity information of the registered image whose similarity is greater than the second preset threshold is obtained, and when the associated information corresponding to the identity information is stored in the reference data set, it is determined that the matching result between the face image and the data in the reference data set satisfies the preset condition, that is, in some embodiments, the step "matching the face image and the data in the reference data set according to the identity authentication manner" may specifically include:
(51) and calculating the similarity between the face image and the registered image in the reference data set.
(52) And acquiring the identity information of the registered image with the similarity larger than a second preset threshold value.
(53) And if the reference data set stores the associated information corresponding to the identity information, determining that the matching result of the face image and the data in the reference data set meets the preset condition.
Specifically, when a visitor A needs to visit a company T, the entrance guard machine scans the visitor A, calculates the similarity between a face image of the visitor A and a registered image in a reference data set, and acquires identity information of the registered image with the similarity larger than a second preset threshold value, for example, the second preset threshold value is 85%, the identity information can be the visitor, if the reference data set stores associated information corresponding to the identity information, the matching result of the face image and the data in the reference data set meets a preset condition, for example, if the reference data set stores a mobile phone number of an inviter corresponding to the visitor, the matching result of the face image and the data in the reference data set meets the preset condition; for another example, if the reference data set stores a face image of an inviter corresponding to the visitor, it is determined that a matching result between the face image and data in the reference data set satisfies a preset condition.
In addition, the association information may be pre-established by the operation and maintenance personnel, or may be pre-established by the terminal, which is determined according to the actual situation. That is, the step of "obtaining the identity information of the registered image whose similarity is greater than the second preset threshold", may specifically include:
(61) and setting the identity information of each registered image in the database of the access control machine.
(62) Obtaining a registration image of an object associated with the identity information to obtain an associated object image
(63) And establishing an association relation between the identity information and the associated object image to obtain the associated information.
(64) And storing the associated information in a database of the access control machine.
It should be further noted that the associated object refers to an inviter having an association relationship with the user, the associated object image refers to a registered image of the inviter, for example, when there are a plurality of visitors needing to visit the T company, the door access control machine stores the identity information of the visitors into the corresponding registered images, then, the door access control machine obtains the registered image of the associated object with the identity information, for example, the door access control machine obtains the registered image of the inviter associated with the identity information of the visitor a, then, establishes an association relationship between the identity information of the visitor a and the registered image of the inviter, obtains the association information corresponding to the identity information of the visitor a, and finally, stores the association information in a database of the door access control machine.
For another example, if the current security level is a high level, it may be determined whether a face deflection angle of the face image is smaller than a preset angle through a feature point set of the face image, when the face deflection angle is smaller than the preset angle, a registered image matched with the feature point set is obtained in a reference data set according to the feature point set, and when a similarity between the face image and the registered image is greater than a third preset threshold, it is determined that a matching result of the data in the face image and the reference data set meets a preset condition.
Specifically, when an employee a of a company T needs to enter a place with a higher security level through an access control machine, such as a financial office, the access control machine scans the employee a, when it is determined that eyes of the employee a are directly looking at the access control machine, that is, when a face deflection angle of the employee a is smaller than a preset angle, a registration image matched with the feature point set can be obtained in the reference data set based on the feature point set of the face image, and when a similarity between the face image of the employee a and the registration image is larger than a third preset threshold value, it is determined that a matching result of the face image and data in the reference data set meets a preset condition.
It should be noted that the preset condition may be preset by the operation and maintenance staff, and when the matching result meets the preset condition,step 105 is executed; when the matching result does not meet the preset condition, the authentication failure information of the user can be generated, and the corresponding prompt information that the authentication fails is displayed, so that the relevant personnel can know in time.
In order to ensure the accuracy of the data of the database of the access control machine, the identity authentication method may further include:
receiving a data updating packet periodically issued by a network database, and updating the database of the access control machine according to the data updating packet; or monitoring the data in the network database according to a preset period, and updating the database of the access control machine according to the changed data when the monitored data is changed.
The preset period may be preset by an operation and maintenance person, for example, the preset period may be set to 30 minutes, 40 minutes, or 180 minutes, and the like, which is not described herein again specifically according to an actual situation.
105. And determining that the user passes the authentication, and controlling the access control machine to allow the user to pass.
When an identity authentication request of a user is detected, acquiring network environment information of the access control machine and a face image of the user, then acquiring an identity authentication mode and a reference data acquisition mode corresponding to the network environment information, reading data from a database of the access control machine as a reference data set according to the reference data acquisition mode, then matching the data in the face image and the reference data set according to the identity authentication mode, and if a matching result meets a preset condition, determining that the identity authentication of the user passes and controlling the access control machine to allow the user to pass. Compared with the existing face verification scheme, the face verification can be carried out according to the current network environment, when the connection between the server side and the client side is abnormal, data can be read from the database of the access control machine, the user is subjected to identity verification according to the data read from the database of the access control machine, the problems that the face verification time is long and the face verification fails cannot occur, and therefore the face verification efficiency and effectiveness can be improved.
The method described in the examples is further detailed below by way of example.
In this embodiment, the authentication apparatus is specifically integrated in a terminal as an example.
Referring to fig. 2a, an identity authentication method may specifically include the following processes:
201. when the access control machine detects an authentication request of a user, network environment information of the access control machine and a face image of the user are collected.
For example, the gate inhibition machine may receive an authentication request sent by a user by triggering an authentication trigger key, for example, the user may click or slide a trigger key such as "unlock" or "verify" to trigger the authentication request, and so on. Then, the access control machine can acquire the current network environment information and the face image of the user according to the authentication request. The network environment information may include a network connection mode and a network access type. The network connection mode may include an online mode and an offline mode, and the network access type may include data access and wireless access. The data access may include a local area network or a mobile network, and the wireless access may include wireless broadband. In addition, it should be noted that, due to noise, illumination or the device itself, the quality of the original image obtained is usually not very high, so that the image is preprocessed, so that the image is clearer, the image features are more obvious, and the image is convenient to further identify and analyze. The method for preprocessing the image by the access control machine comprises color space change and denoising. In this embodiment, the obtained original image is mainly subjected to color space change to obtain a face image.
202. The entrance guard machine obtains the heat information of the face image.
For example, the door access control device may acquire heat information of a face image of a user through a three-dimensional structured light technology. Specifically, the access control machine can carry out face image acquisition of a plurality of angles to user's face through infrared camera and infrared structured light projector, and then obtains the heat information of face image.
Here, after the structured light projects specific light information on the surface of the object, information such as the position and depth of the object can be calculated from the change of the light signal caused by the object, and a three-dimensional image of the object in the space projected by the structured light can be restored.
203. The door access machine judges whether the face in the face image is a living body or not according to the heat information, and if the face in the face image is the living body, the door access machine can executestep 204; if the face in the face image is not a living body, the access control machine may not invoke a verification mode corresponding to the network environment information, and optionally, the access control machine may generate corresponding non-living body prompt information and display the non-living body prompt information, so that the relevant person may learn in time.
For example, the door access control device may determine whether the live body value in the thermal information is equal to a preset live body value, determine that the face in the face image is a live body if the live body value is equal to the preset live body value, and determine that the face in the face image is a non-live body if the live body value is not equal to the preset live body value.
The preset live body value can be set according to the requirements of practical application, for example, the preset live body value can be set to 1, and at this time, if the live body value in the heat information detected by the access control machine is 1, the human face in the human face image can be determined to be the live body. For another example, the preset live body value may be 0.8, and then, when the live body value in the heat information detected by the door access controller is 0.6, it may be determined that the face in the face image is not a live body, and so on.
204. And the access control machine acquires an identity verification mode and a reference data acquisition mode corresponding to the network environment information.
It should be noted that the current security level refers to the security level of the current scene, and the preset mode set may include a plurality of preset modes, where the access control unit may obtain a corresponding verification mode according to the network environment information, for example, the access control unit may obtain a corresponding verification mode according to the network connection mode. For another example, the access control machine may further obtain a corresponding verification mode according to the security level of the actual scene and the current network state, for example, when the user needs to enter the company gate, if the access control level of the company gate is a low level and the current network state of the access control machine of the company gate is an online state, select an identity verification mode corresponding to the low level from a preset verification mode set, and determine that the reference data obtaining mode is the network mode; if the access control level of a company gate is high and the current network state of an access control machine of the company gate is an online state, selecting an identity verification mode corresponding to the high level from a preset verification mode set, and determining that a reference data acquisition mode is a network mode; for another example, if the access control level of the company gate is a low level and the current network state of the access control machine of the company gate is an offline state, selecting an identity verification mode corresponding to the low level from a preset verification mode set, and determining that the reference data acquisition mode is a local mode; if the access control level of the company gate is a high level and the current network state of the access control machine of the company gate is an offline state, selecting an identity verification mode corresponding to the high level from a preset verification mode set, and determining that the reference data acquisition mode is a local mode. After the access controller obtains the authentication mode and the reference data obtaining mode corresponding to the network environment information,step 205 is executed.
205. And the door access machine matches the face image with the data in the reference data set according to an identity verification mode.
The entrance guard machine matches the face image with the data in the reference data set according to the identity verification mode, and executesstep 206 when the matching result of the face image and the data in the reference data set meets the preset condition; when the matching result of the face image and the data in the reference data set does not meet the preset condition, the access control machine can generate the authentication non-passing information of the user and display the corresponding prompt information that the authentication is not passed so that related personnel can know the information in time.
The authentication mode may be determined according to the current security level, and the data in the reference data set may include a registration image and associated information.
For example, referring to fig. 2b, when an employee a of a company T needs to enter the company through an entrance guard of a gate, the security level of the entrance guard of the gate is low, the reference data acquisition mode of the entrance guard of the gate is a network mode, the entrance guard of the gate acquires updated data through a current network when it is determined that updated data exists in a network database, the database of the entrance guard of the gate is updated according to the acquired updated data, the data is read from the updated database as a reference data set, after the employee a issues an identity verification request to the entrance guard of the gate, the entrance guard of the gate acquires a face image of the employee a, the similarity between the face image of the employee a and a registration image in the reference data set is calculated, and when the similarity between the registration image in the reference data set and the face image of the user is greater than a preset threshold, the first preset threshold may be 80%, when the similarity between the registered image in the reference data set and the face image of the user is greater than 80%, it can be determined that the matching result of the employee a and the data in the reference data set meets the preset condition.
For another example, please continue to refer to fig. 2b, a visitor a needs to visit a company T, when the visitor a needs to enter the company through an entrance guard of a gate, the security level of the entrance guard of the gate is low, the reference data acquisition mode of the entrance guard is a network mode, the entrance guard acquires updated data through a current network when it is determined that updated data exists in a network database, the database of the entrance guard of the gate is updated according to the acquired updated data, the data is read from the updated database as a reference data set, after the visitor a initiates an identity verification request to the entrance guard of the gate, when the similarity between a registered image in the reference data set and a face image of a user is greater than a second preset threshold, the second preset threshold may be 85%, identity information of more than 85% of all registered images may be acquired, the identity information may be a visitor, if the reference data set stores the associated information corresponding to the identity information, determining that the matching result of the face image and the data in the reference data set meets a preset condition, for example, if the reference data set stores the mobile phone number of an inviter corresponding to a visitor, determining that the matching result of the face image and the data in the reference data set meets the preset condition; for another example, if the reference data set stores a face image of an inviter corresponding to the visitor, it is determined that a matching result between the face image and data in the reference data set satisfies a preset condition.
For another example, referring to fig. 2b, when employee a of company T needs to enter the financial room through the entrance guard, the security level of the entrance guard of the financial room is high, the reference data acquisition mode of the access control machine in the financial room is a network mode, when the access control machine in the financial room determines that updated data exists in a network database, the updated data is acquired through the current network, updating a database of the door access machine of the financial room according to the obtained updated data, reading the data from the updated database as a reference data set, enabling the door access machine to be based on the feature point set of the face image, and acquiring a registered image matched with the feature point set in the reference data set, and determining that the matching result of the face image and the data in the reference data set meets a preset condition when the similarity between the face image of the employee A and the registered image is greater than a third preset threshold value.
Optionally, in some embodiments, the reference data obtaining mode of the door access device is a local mode, please refer to fig. 2c, the door access device may read data from a database of the door access device as a reference data set, and in addition, when the reference data obtaining mode of the door access device is the local mode, the method for matching the face image with the data in the reference data set according to the authentication manner is similar to that in the previous embodiment, please refer to the previous embodiment, which is not described herein again.
In order to ensure the accuracy of the data of the database of the access control machine, the identity authentication method may further include:
the entrance guard machine can receive a data update package periodically issued by a network database, and the entrance guard machine updates the database of the entrance guard machine according to the data update package; or, the access control machine monitors the data in the network database according to a preset period, and when the access control machine monitors that the data changes, the access control machine updates the database of the access control machine according to the changed data.
The preset period may be preset by an operation and maintenance person, for example, the preset period may be set to 30 minutes, 40 minutes, or 180 minutes, and the like, which is not described herein again specifically according to an actual situation.
206. And the entrance guard machine determines that the user passes the authentication and allows the user to pass.
When the access control machine detects an authentication request of a user, network environment information and a face image of the user are collected, then the access control machine obtains an authentication mode and a reference data obtaining mode corresponding to the network environment information, the access control machine reads data from a database of the access control machine as a reference data set according to the reference data obtaining mode, then the access control machine matches the face image with the data in the reference data set according to the authentication mode, and if the matching result meets a preset condition, the access control machine determines that the authentication of the user passes and allows the user to pass. Compared with the existing face verification scheme, the face verification can be carried out according to the current network environment, when the connection between the server side and the client side is abnormal, data can be read from the database of the access control machine, the user is subjected to identity verification according to the data read from the database of the access control machine, the problems that the face verification time is long and the face verification fails cannot occur, and therefore the face verification efficiency and effectiveness can be improved.
In order to better implement the authentication method provided by the embodiment of the present invention, an embodiment of the present invention further provides an authentication device (referred to as an authentication device for short) based on the above. The meaning of the noun is the same as that in the authentication method, and specific implementation details can refer to the description in the method embodiment.
Referring to fig. 3a, fig. 3a is a schematic structural diagram of an identity verification apparatus according to an embodiment of the present invention, where the identity verification apparatus may include anacquisition module 301, anacquisition module 302, areading module 303, amatching module 304, and adetermination module 305, which may specifically be as follows:
theacquisition module 301 is configured to acquire network environment information of the access control device and a face image of a user.
For example, theacquisition module 301 may receive an authentication request sent by a user by triggering an authentication trigger key, for example, the user may click or slide a trigger key such as "unlock" or "verify" to trigger the authentication request, and so on. Then, the current network environment information and the face image of the user are collected according to the identity authentication request. The network environment information may include a network connection mode and a network access type. The network connection mode may include an online mode and an offline mode, and the network access type may include data access and wireless access. The data access may include a local area network or a mobile network, and the wireless access may include wireless broadband. In addition, it should be noted that, due to noise, illumination or the device itself, the quality of the original image obtained is usually not very high, so that the image is preprocessed, so that the image is clearer, the image features are more obvious, and the image is convenient to further identify and analyze. The method for preprocessing the image comprises color space change and denoising. In this embodiment, the obtained original image is mainly subjected to color space change to obtain a face image
An obtainingmodule 302, configured to obtain an authentication method and a reference data obtaining mode corresponding to the network environment information.
The corresponding authentication method may be obtained according to the network environment information, for example, the corresponding authentication method may be obtained according to the network connection mode. For another example, a corresponding verification mode may be obtained according to the security level of the actual scene and the current network state. In some embodiments, the obtainingmodule 302 may specifically include: the device comprises a determining unit, a first selecting unit and a second selecting unit. The determining unit is used for determining a current network state and a current security level according to network environment information, the first selecting unit is used for selecting an identity verification mode corresponding to the current security level from a preset verification mode set and determining that a reference data acquisition mode is a network mode, and the second selecting unit is used for selecting an identity verification mode corresponding to the current security level from the preset verification mode set and determining that the reference data acquisition mode is a local mode.
And thereading module 303 is configured to read data from a database of the door access controller as a reference data set according to the reference data obtaining mode.
The reference data acquisition mode can comprise a network mode and a local mode, and if the reference data acquisition mode is the network mode and the network database has data update, the database of the access control machine can be updated through the updated data, then the data is read from the updated database to be used as a reference data set, and the user is authenticated through the reference data set, so that the reliability of authentication can be improved; if the reference data acquisition mode is the local mode, reading data from a database of the access control machine as a reference data set, and performing identity verification on the user through the reference data set acquired from the database of the access control machine, so that the efficiency of the identity verification can be improved, that is, in some embodiments, the reading module 303 is specifically configured to, if the reference data acquisition mode is the network mode, acquire updated data through a current network when it is determined that updated data exists in the network database, update the database of the access control machine according to the acquired updated data, and read data from the updated database as the reference data set; and if the reference data acquisition mode is the local mode, reading data from a database of the access control machine as a reference data set.
And thematching module 304 is configured to match the face image with the data in the reference data set according to an identity authentication manner.
The authentication means may be determined according to the current security level, and the data in the reference data set may include the registered image and the associated information.
Optionally, in some embodiments of the present invention, the matching module may specifically be configured to: and calculating the similarity between the face image and the registered image in the reference data set, and if the similarity is greater than a first preset threshold, determining that the matching result of the face image and the data in the reference data set meets a preset condition.
Optionally, in some embodiments of the present invention, the matching module may be further specifically configured to: and calculating the similarity between the face image and the registered image in the reference data set, acquiring the identity information of the registered image with the similarity larger than a second preset threshold, and determining that the matching result of the face image and the data in the reference data set meets a preset condition if the reference data set stores the associated information corresponding to the identity information.
In addition, it should be noted that the associated information may be pre-established by the operation and maintenance personnel, or pre-established by the access control device, which is determined according to the actual situation. That is, optionally, in some embodiments of the present invention, please refer to fig. 3b, which further includes anassociation module 306, where the association module is specifically configured to: the method comprises the steps of setting identity information of each registration image in a database of the access control machine, obtaining the registration image of an object associated with the identity information, obtaining an associated object image, establishing an association relation between the identity information and the associated object image, obtaining association information, and storing the association information in the database of the access control machine.
Optionally, in some embodiments of the present invention, the matching module may be further specifically configured to: detecting a feature point set of a face image, acquiring a registered image matched with the feature point set in a reference data set when the feature point set determines that the face deflection angle of the face image is smaller than a preset angle threshold value, obtaining a target image set, calculating the similarity between the face image and the registered image in the target image set, and determining that the matching result of the face image and the data in the reference data set meets a preset condition if the similarity is larger than a third preset threshold value.
A determiningmodule 305, configured to determine that the user passes the authentication when the matching result obtained by thematching module 304 meets a preset condition, and control the access control device to allow the user to pass.
It should be noted that, in order to improve the accuracy of the identity verification, the living body detection may be performed on the human face, please refer to fig. 3c, and optionally, in some embodiments of the present invention, the present invention further includes a living body detection module 307, where the living body detection module may specifically be configured to: acquiring heat information of the face image, and carrying out living body detection on the user according to the heat information. The obtainingmodule 302 may further be configured to obtain an authentication manner and a reference data obtaining mode corresponding to the network environment information when the living body detection result indicates that the user is a living body.
In addition, it should be further noted that when the access controller is in network connection with the server, the database of the access controller on the access controller may be updated through the network database on the server, please refer to fig. 3d, and optionally, in some embodiments of the present invention, the access controller further includes anupdating module 308, and the updating module may be specifically configured to: receiving a data update package periodically issued by a network database, updating the database of the access control machine according to the data update package, or monitoring data in the network database according to a preset period, and updating the database of the access control machine according to changed data when the monitored data is changed.
According to the embodiment of the invention, when an identity authentication request of a user is detected, anacquisition module 301 acquires network environment information of an access control machine and a face image of the user, anacquisition module 302 acquires an identity authentication mode and a reference data acquisition mode corresponding to the network environment information, areading module 303 reads data from a database of the access control machine as a reference data set according to the reference data acquisition mode, amatching module 304 matches the data in the face image and the reference data set according to the identity authentication mode, and if a matching result meets a preset condition, a determiningmodule 305 determines that the identity authentication of the user passes and controls the access control machine to allow the user to pass. Compared with the existing face verification scheme, the face verification can be carried out according to the current network environment, when the connection between the server side and the client side is abnormal, data can be read from the database of the access control machine, the user is subjected to identity verification according to the data read from the database of the access control machine, the problems that the face verification time is long and the face verification fails cannot occur, and therefore the face verification efficiency and effectiveness can be improved.
Further, in order to facilitate understanding of the identity authentication method provided in the embodiment of the present invention, please refer to fig. 3e, taking the example that the identity authentication device is integrated in the access control machine, the user may record the image of the user in advance in a corresponding applet or mobile phone software to obtain a registration image, and upload the registration image to the network database on the server side. Subsequently, the database of the access control of the authentication device pulls the registration image stored in the network database. When a user enters an area with the access control machine, the access control machine can capture a face image of the user at first, meanwhile, the access control machine can detect the working state of the access control machine, such as whether the network is abnormal or not, whether data transmission is abnormal or not and the like, and the access control machine can detect whether data in a network database is changed or not according to a preset period under the condition of network connection, and if so, the database of the access control machine is updated through the changed data. And then, the access control machine also can carry out living body detection on the face image of the user, when the user is a living body, face matching is carried out, namely, whether the face image of the user stores a registered image in a database of the access control machine is judged, if yes, the identity recognition of the user is successful, and an area which the user can enter is determined based on the authority of the user.
Accordingly, an embodiment of the present invention further provides a terminal, as shown in fig. 4, the terminal may include Radio Frequency (RF)circuits 401, amemory 402 including one or more computer-readable storage media, aninput unit 403, adisplay unit 404, asensor 405, anaudio circuit 406, a Wireless Fidelity (WiFi)module 407, aprocessor 408 including one or more processing cores, and apower supply 409. Those skilled in the art will appreciate that the terminal configuration shown in fig. 4 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components. Wherein:
theRF circuit 401 may be used for receiving and transmitting signals during a message transmission or communication process, and in particular, for receiving downlink information of a base station and then sending the received downlink information to the one ormore processors 408 for processing; in addition, data relating to uplink is transmitted to the base station. In general, theRF circuitry 401 includes, but is not limited to, an antenna, at least one Amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, theRF circuitry 401 may also communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to Global System for Mobile communications (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), email, Short Message Service (SMS), and the like.
Thememory 402 may be used to store software programs and modules, and theprocessor 408 executes various functional applications and data processing by operating the software programs and modules stored in thememory 402. Thememory 402 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the terminal, etc. Further, thememory 402 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, thememory 402 may also include a memory controller to provide theprocessor 408 and theinput unit 403 access to thememory 402.
Theinput unit 403 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control. In particular, in a particular embodiment, theinput unit 403 may include a touch-sensitive surface as well as other input devices. The touch-sensitive surface, also referred to as a touch display screen or a touch pad, may collect touch operations by a user (e.g., operations by a user on or near the touch-sensitive surface using a finger, a stylus, or any other suitable object or attachment) thereon or nearby, and drive the corresponding connection device according to a predetermined program. Alternatively, the touch sensitive surface may comprise two parts, a touch detection means and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts it to touch point coordinates, and sends the touch point coordinates to theprocessor 408, and can receive and execute commands from theprocessor 408. In addition, touch sensitive surfaces may be implemented using various types of resistive, capacitive, infrared, and surface acoustic waves. Theinput unit 403 may include other input devices in addition to the touch-sensitive surface. In particular, other input devices may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
Thedisplay unit 404 may be used to display information input by or provided to the user and various graphical user interfaces of the terminal, which may be made up of graphics, text, icons, video, and any combination thereof. TheDisplay unit 404 may include a Display panel, and optionally, the Display panel may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch-sensitive surface may overlay the display panel, and when a touch operation is detected on or near the touch-sensitive surface, the touch operation is transmitted to theprocessor 408 to determine the type of touch event, and then theprocessor 408 provides a corresponding visual output on the display panel according to the type of touch event. Although in FIG. 4 the touch-sensitive surface and the display panel are shown as two separate components to implement input and output functions, in some embodiments the touch-sensitive surface may be integrated with the display panel to implement input and output functions.
The terminal may also include at least onesensor 405, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel according to the brightness of ambient light, and a proximity sensor that may turn off the display panel and/or the backlight when the terminal is moved to the ear. As one of the motion sensors, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when the mobile phone is stationary, and can be used for applications of recognizing the posture of the mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured in the terminal, detailed description is omitted here.
WiFi belongs to short distance wireless transmission technology, and the terminal can help the user to send and receive e-mail, browse web page and access streaming media etc. throughWiFi module 407, it provides wireless broadband internet access for the user. Although fig. 4 shows theWiFi module 407, it is understood that it does not belong to the essential constitution of the terminal, and may be omitted entirely as needed within the scope not changing the essence of the invention.
Theprocessor 408 is a control center of the terminal, connects various parts of the entire handset using various interfaces and lines, and performs various functions of the terminal and processes data by operating or executing software programs and/or modules stored in thememory 402 and calling data stored in thememory 402, thereby integrally monitoring the handset. Optionally,processor 408 may include one or more processing cores; preferably, theprocessor 408 may integrate an application processor, which handles primarily the operating system, user interface, applications, etc., and a modem processor, which handles primarily the wireless communications. It will be appreciated that the modem processor described above may not be integrated into theprocessor 408.
The terminal also includes a power source 409 (e.g., a battery) for powering the various components, which may preferably be logically coupled to theprocessor 408 via a power management system to manage charging, discharging, and power consumption via the power management system. Thepower supply 409 may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like.
Although not shown, the terminal may further include a camera, a bluetooth module, and the like, which will not be described herein. Specifically, in this embodiment, theprocessor 408 in the terminal loads the executable file corresponding to the process of one or more application programs into thememory 402 according to the following instructions, and theprocessor 408 runs the application programs stored in thememory 402, thereby implementing various functions:
when an identity authentication request of a user is detected, acquiring network environment information and a face image of the user, acquiring an identity authentication mode and a reference data acquisition mode corresponding to the network environment information, reading data from a database of the access control machine as a reference data set according to the reference data acquisition mode, matching the data in the face image and the reference data set according to the identity authentication mode, and determining that the identity authentication of the user passes if a matching result meets a preset condition.
When an identity authentication request of a user is detected, acquiring network environment information and a face image of the user, then acquiring an identity authentication mode and a reference data acquisition mode corresponding to the network environment information, reading data from a database of the access control machine as a reference data set according to the reference data acquisition mode, then matching the data in the face image and the reference data set according to the identity authentication mode, and if a matching result meets a preset condition, determining that the identity authentication of the user passes and controlling the access control machine to allow the user to pass. Compared with the existing face verification scheme, the face verification can be carried out according to the current network environment, when the connection between the server side and the client side is abnormal, data can be read from the database of the access control machine, the user is subjected to identity verification according to the data read from the database of the access control machine, the problems that the face verification time is long and the face verification fails cannot occur, and therefore the face verification efficiency and effectiveness can be improved.
Example V,
It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by instructions or by associated hardware controlled by the instructions, which may be stored in a computer readable storage medium and loaded and executed by a processor.
To this end, the present invention provides a storage medium, in which a plurality of instructions are stored, where the instructions can be loaded by a processor to execute the steps in any one of the authentication methods provided by the embodiments of the present invention. For example, the instructions may perform the steps of:
when an identity authentication request of a user is detected, acquiring network environment information and a face image of the user, acquiring an identity authentication mode and a reference data acquisition mode corresponding to the network environment information, reading data from a database of the access control machine as a reference data set according to the reference data acquisition mode, matching the data in the face image and the reference data set according to the identity authentication mode, and if a matching result meets a preset condition, determining that the identity authentication of the user passes and controlling the access control machine to allow the user to pass.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
Wherein the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
Since the instructions stored in the storage medium can execute the steps in any of the authentication methods provided in the embodiments of the present invention, the beneficial effects that can be achieved by any of the authentication methods provided in the embodiments of the present invention can be achieved, which are detailed in the foregoing embodiments and will not be described again here.
The identity authentication method, the identity authentication device, the identity authentication terminal and the storage medium provided by the embodiments of the present invention are described in detail above, and a specific embodiment is applied in the description to explain the principle and the implementation of the present invention, and the description of the above embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for those skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (9)
1. An identity verification method, comprising:
when an identity authentication request of a user is detected, acquiring network environment information of an access control machine and a face image of the user;
determining the current network state and the current security level according to the network environment information;
determining a reference data acquisition mode according to the current network state;
reading data from a database of the access control machine as a reference data set according to the reference data acquisition mode;
if the current security level is a first preset level and the data in the reference data set comprise registered images, calculating the similarity between the face image and the registered images in the reference data set, and if the similarity is greater than a first preset threshold, determining that the matching result of the face image and the data in the reference data set meets a preset condition;
if the current security level is a first preset level and the data in the reference data set comprises a registered image and associated information, calculating the similarity between the face image and the registered image in the reference data set, if the similarity is greater than a second preset threshold, acquiring the identity information of the registered image with the similarity greater than the second preset threshold, and if the associated information corresponding to the identity information is stored in the reference data set, determining that the matching result of the face image and the data in the reference data set meets a preset condition;
if the current security level is a second preset level, the data in the reference data set comprises a registered image, and the face deflection angle is smaller than a preset angle, the similarity between the face image and the registered image in the reference data set is calculated, and if the similarity is larger than a third preset threshold, the matching result between the face image and the data in the reference data set is determined to meet a preset condition, wherein the second preset threshold is larger than the first preset threshold, and the second preset level is higher than the first preset level;
and if the matching result meets the preset condition, determining that the user passes the authentication, and controlling the access control machine to allow the user to pass.
2. The method of claim 1, wherein determining a reference data acquisition mode based on the current network state comprises:
if the current network state is an online state, selecting an identity verification mode corresponding to the current security level from a preset verification mode set, and determining that a reference data acquisition mode is a network mode;
and if the current network state is an off-line state, selecting an identity verification mode corresponding to the current security level from a preset verification mode set, and determining that the reference data acquisition mode is a local mode.
3. The method of claim 2, wherein reading data from a database of the access control machine as a reference data set according to the reference data acquisition mode comprises:
if the reference data acquisition mode is a network mode, acquiring updated data through a current network when the updated data exist in a network database, updating the database of the access control machine according to the acquired updated data, and reading the data from the updated database as a reference data set;
and if the reference data acquisition mode is a local mode, reading data from a database of the access control machine as a reference data set.
4. The method according to claim 1, wherein before acquiring the identity information of the registered image with the similarity greater than the second preset threshold, the method further comprises:
setting identity information of each registered image in a database of the access control machine;
acquiring a registration image of an object associated with the identity information to obtain an associated object image;
establishing an incidence relation between the identity information and the incidence object image to obtain incidence information;
and storing the associated information in a database of the access control machine.
5. The method according to any one of claims 1 to 4, wherein before acquiring the authentication mode and the reference data acquisition mode corresponding to the network environment information, the method further comprises:
acquiring heat information of the face image;
performing living body detection on the user according to the heat information;
the acquiring of the identity verification mode and the reference data acquisition mode corresponding to the network environment information includes: and when the living body detection result indicates that the user is a living body, acquiring an identity verification mode and a reference data acquisition mode corresponding to the network environment information.
6. The method of any of claims 1 to 4, further comprising:
receiving a data updating packet periodically issued by a network database, and updating the database of the access control machine according to the data updating packet; or,
monitoring data in a network database according to a preset period, and updating the database of the access control machine according to changed data when the monitored data are changed.
7. An authentication apparatus, comprising:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring network environment information of the access control machine and a face image of a user when an identity authentication request of the user is detected;
the acquisition module is used for acquiring the current network state and the current security level corresponding to the network environment information;
the reading module is used for determining a reference data acquisition mode according to the current network state and reading data from a database of the access control machine as a reference data set according to the reference data acquisition mode;
the matching module is used for calculating the similarity between the face image and the registered image in the reference data set if the current security level is a first preset level and the data in the reference data set comprises the registered image, and determining that the matching result between the face image and the data in the reference data set meets a preset condition if the similarity is greater than a first preset threshold;
the face image matching method is also used for calculating the similarity between the face image and the registered image in the reference data set if the current security level is a first preset level and the data in the reference data set comprises the registered image and the associated information, acquiring the identity information of the registered image with the similarity larger than a second preset threshold if the similarity is larger than the second preset threshold, and determining that the matching result of the face image and the data in the reference data set meets a preset condition if the associated information corresponding to the identity information is stored in the reference data set;
the image matching device is further used for calculating the similarity between the face image and the registered image in the reference data set if the current security level is a second preset level, the data in the reference data set comprises the registered image, and the face deflection angle is smaller than a preset angle, and determining that the matching result between the face image and the data in the reference data set meets a preset condition if the similarity is larger than a third preset threshold;
the second preset threshold is greater than the first preset threshold, and the second preset level is higher than the first preset level;
and the determining module is used for determining that the user passes the authentication and controlling the access control machine to allow the user to pass when the matching result obtained by the matching module meets the preset condition.
8. A terminal comprising a processor and a memory, the memory having stored therein at least one instruction, at least one program, set of codes, or set of instructions, the at least one instruction, at least one program, set of codes, or set of instructions being loaded and executed by the processor to implement the authentication method according to any one of claims 1 to 6.
9. A storage medium storing instructions adapted to be loaded by a processor to perform the steps of the authentication method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910557166.6ACN110335386B (en) | 2019-06-25 | 2019-06-25 | Identity authentication method, device, terminal and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910557166.6ACN110335386B (en) | 2019-06-25 | 2019-06-25 | Identity authentication method, device, terminal and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110335386A CN110335386A (en) | 2019-10-15 |
| CN110335386Btrue CN110335386B (en) | 2021-08-03 |
Family
ID=68142738
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910557166.6AActiveCN110335386B (en) | 2019-06-25 | 2019-06-25 | Identity authentication method, device, terminal and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110335386B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110992554A (en)* | 2019-12-10 | 2020-04-10 | 温州市美拉五金有限公司 | Enterprise access control management method, device, equipment and medium |
| CN111540105B (en)* | 2020-04-09 | 2023-06-02 | 北京捷通华声科技股份有限公司 | Method, system, equipment and storage medium for controlling access control |
| CN111737674B (en)* | 2020-08-03 | 2021-02-09 | 德能森智能科技(成都)有限公司 | Wisdom garden system based on cloud platform |
| CN114386010B (en)* | 2020-10-16 | 2025-06-24 | 腾讯科技(深圳)有限公司 | Application login method, device, electronic device and storage medium |
| CN114139138A (en)* | 2021-12-09 | 2022-03-04 | 云知声智能科技股份有限公司 | Authority verification method, device, storage medium and electronic device |
| CN115147964B (en)* | 2022-06-29 | 2023-09-26 | 中铁第四勘察设计院集团有限公司 | Multi-element information security inspection method, system, computer equipment and readable medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102857637A (en)* | 2012-09-03 | 2013-01-02 | 北京小米科技有限责任公司 | Acquisition method, acquisition system and acquisition device for information of contact person |
| CN103856568A (en)* | 2014-03-25 | 2014-06-11 | 深圳市中兴移动通信有限公司 | Terminal and system for prompting safety state of user terminal and implementation method |
| CN104639651A (en)* | 2015-03-04 | 2015-05-20 | 成都维远艾珏信息技术有限公司 | Mobile equipment information transmission method |
| EP2889812A1 (en)* | 2013-12-24 | 2015-07-01 | Pathway IP SARL | Room access control system |
| CN105338093A (en)* | 2015-11-16 | 2016-02-17 | 中国建设银行股份有限公司 | Data synchronizing method and system |
| CN107735817A (en)* | 2015-06-15 | 2018-02-23 | 亚萨合莱有限公司 | Voucher buffer |
| CN107944380A (en)* | 2017-11-20 | 2018-04-20 | 腾讯科技(深圳)有限公司 | Personal identification method, device and storage device |
| CN108038163A (en)* | 2017-12-06 | 2018-05-15 | 交控科技股份有限公司 | Standby control center database synchronous system |
| CN108629280A (en)* | 2018-03-27 | 2018-10-09 | 维沃移动通信有限公司 | Face recognition method and mobile terminal |
| CN108961520A (en)* | 2018-09-21 | 2018-12-07 | 深圳市九洲电器有限公司 | A kind of face identification method and device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105005779A (en)* | 2015-08-25 | 2015-10-28 | 湖北文理学院 | Face verification anti-counterfeit recognition method and system thereof based on interactive action |
| CN106650671B (en)* | 2016-12-27 | 2020-04-21 | 深圳英飞拓科技股份有限公司 | Face recognition method, device and system |
| CN107292283A (en)* | 2017-07-12 | 2017-10-24 | 深圳奥比中光科技有限公司 | Mix face identification method |
- 2019
- 2019-06-25CNCN201910557166.6Apatent/CN110335386B/enactiveActive
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102857637A (en)* | 2012-09-03 | 2013-01-02 | 北京小米科技有限责任公司 | Acquisition method, acquisition system and acquisition device for information of contact person |
| EP2889812A1 (en)* | 2013-12-24 | 2015-07-01 | Pathway IP SARL | Room access control system |
| CN103856568A (en)* | 2014-03-25 | 2014-06-11 | 深圳市中兴移动通信有限公司 | Terminal and system for prompting safety state of user terminal and implementation method |
| CN104639651A (en)* | 2015-03-04 | 2015-05-20 | 成都维远艾珏信息技术有限公司 | Mobile equipment information transmission method |
| CN107735817A (en)* | 2015-06-15 | 2018-02-23 | 亚萨合莱有限公司 | Voucher buffer |
| CN105338093A (en)* | 2015-11-16 | 2016-02-17 | 中国建设银行股份有限公司 | Data synchronizing method and system |
| CN107944380A (en)* | 2017-11-20 | 2018-04-20 | 腾讯科技(深圳)有限公司 | Personal identification method, device and storage device |
| CN108038163A (en)* | 2017-12-06 | 2018-05-15 | 交控科技股份有限公司 | Standby control center database synchronous system |
| CN108629280A (en)* | 2018-03-27 | 2018-10-09 | 维沃移动通信有限公司 | Face recognition method and mobile terminal |
| CN108961520A (en)* | 2018-09-21 | 2018-12-07 | 深圳市九洲电器有限公司 | A kind of face identification method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110335386A (en) | 2019-10-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110335386B (en) | Identity authentication method, device, terminal and storage medium | |
| CN107992728B (en) | Face verification method and device | |
| US10547609B2 (en) | Method, apparatus, and system for controlling intelligent device, and storage medium | |
| US9940448B2 (en) | Unlock processing method and device | |
| CN111478849B (en) | Service access method, device and storage medium | |
| WO2018161743A1 (en) | Fingerprint recognition method and related product | |
| CN110457888B (en) | A verification code input method, device, electronic device and storage medium | |
| WO2018161540A1 (en) | Fingerprint registration method and related product | |
| CN106611152A (en) | User identity determination method and apparatus | |
| CN109600340B (en) | Operation authorization method, device, terminal and server | |
| CN110798444B (en) | Data synchronization method and device based on Internet of things | |
| CN106997425B (en) | Method, device and system for displaying physiological state information | |
| CN110929238B (en) | Information processing method and device | |
| CN108594952A (en) | A kind of method and terminal device of anti-charging interference | |
| CN109040457B (en) | Screen brightness adjusting method and mobile terminal | |
| CN108122151B (en) | Graphic code display method, graphic code processing method, device and system | |
| CN116362533A (en) | Service request verification method and device, electronic equipment and storage medium | |
| CN113542206B (en) | Image processing method, device and computer readable storage medium | |
| CN115118636A (en) | Method and device for determining network jitter state, electronic equipment and storage medium | |
| CN113452720A (en) | Personnel information authentication method and device, storage medium and electronic equipment | |
| CN109409068B (en) | Operation execution method and terminal | |
| CN104134044B (en) | A kind of detection method, device and system of Information Security | |
| CN113780291A (en) | Image processing method and device, electronic equipment and storage medium | |
| CN106021429A (en) | Receipt data processing method, device and system | |
| CN107995150A (en) | Auth method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |