[go: up one dir, main page]

CN111611571A - Real-name authentication method and device - Google Patents

Real-name authentication method and device Download PDF

Info

Publication number
CN111611571A
CN111611571A CN202010484302.6A CN202010484302A CN111611571A CN 111611571 A CN111611571 A CN 111611571A CN 202010484302 A CN202010484302 A CN 202010484302A CN 111611571 A CN111611571 A CN 111611571A
Authority
CN
China
Prior art keywords
information
authenticated
user
certificate
biological characteristic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010484302.6A
Other languages
Chinese (zh)
Inventor
谢盛丞
刘野枫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202010484302.6A priority Critical patent/CN111611571A/en
Publication of CN111611571A publication Critical patent/CN111611571A/en
Priority to PCT/CN2021/097237 priority patent/WO2021244471A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/33Querying
    • G06F16/332Query formulation
    • G06F16/3329Natural language query formulation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Artificial Intelligence (AREA)
  • Mathematical Physics (AREA)
  • Human Computer Interaction (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Computational Linguistics (AREA)
  • Databases & Information Systems (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The specification discloses a real-name authentication method and a real-name authentication device, and according to an identity document provided by a user to be authenticated, the biological characteristic information of the document carried in the identity document is acquired; calling a biological characteristic information acquisition module corresponding to the type according to the type of the acquired certificate biological characteristic information, and acquiring the biological characteristic information to be authenticated provided by the user to be authenticated in real time; and judging whether the certificate biological characteristic information and the biological characteristic information to be authenticated are matched, and determining whether the user passes real-name authentication according to a matching result.

Description

Real-name authentication method and device
Technical Field
The present disclosure relates to the field of identity authentication technologies, and in particular, to a real-name authentication method and apparatus.
Background
Real-name authentication is a verification means for the authenticity of user information by each large service platform. After the real-name authentication is passed, the authenticity and the security of the user can be ensured to a certain extent, so that more rights can be opened to the user.
The typical real-name authentication process at present is as follows: the service platform acquires information to be authenticated (such as identity card information, real-time acquired fingerprints, face information and the like) input by a user, and sends the acquired information to be authenticated to a third party authority (such as a public security organization); the third party authority uses the real information prestored in the database to match the information to be authenticated and returns the matching result to the service platform; and the service platform determines whether the user passes the real-name authentication according to the returned result.
Therefore, at present, the service platform needs to send the acquired information to be authenticated to the third party authority for matching, and needs to return a matching result after the third party authority is matched to determine whether the user passes the real-name authentication. In practical applications, it is found that the authentication process may have a certain delay, which results in low user experience and also consumes more network resources. In addition, for the authentication of some users with special identities (for example, overseas users), there may be a case that the third party authority information is missing, which may result in that the authentication cannot be completed.
Disclosure of Invention
In view of the above technical problems, the present specification provides a method and an apparatus for real-name authentication, and the technical solution is as follows:
according to a first aspect of the present specification, there is provided a method of real-name authentication,
acquiring the biological characteristic information of the certificate carried in the identity certificate according to the identity certificate provided by the user to be authenticated;
calling a biological characteristic information acquisition module corresponding to the type according to the type of the acquired certificate biological characteristic information, and acquiring the biological characteristic information to be authenticated provided by the user to be authenticated in real time;
and judging whether the certificate biological characteristic information and the biological characteristic information to be authenticated are matched, and determining whether the user passes real-name authentication according to a matching result.
According to a second aspect of the present specification, there is provided an apparatus for real-name authentication,
the certificate information acquisition module is used for acquiring the biological characteristic information of the certificate carried in the identity certificate according to the identity certificate provided by the user to be authenticated;
the to-be-authenticated information acquisition module is used for calling a biological characteristic information acquisition module corresponding to the type of the certificate biological characteristic information according to the type of the certificate biological characteristic information and acquiring the to-be-authenticated biological characteristic information provided by the to-be-authenticated user in real time;
and the judging module is used for judging whether the certificate biological characteristic information and the biological characteristic information to be authenticated are matched and determining whether the user passes real-name authentication according to a matching result.
According to the technical scheme provided by the embodiment of the specification, when the identity authentication is performed on the user to be authenticated, the user to be authenticated is allowed to provide the identity document for proving the identity of the user to be authenticated, the biological characteristic information of the document in the identity document is acquired, the biological characteristic information to be authenticated of the corresponding user to be authenticated is acquired at the same time, whether the acquired biological characteristic information to be authenticated is matched with the biological characteristic information of the document in the identity document is judged, and whether the user passes the real-name authentication or not can be determined according to the result. By adopting the scheme of real-name authentication, the acquired information to be authenticated does not need to be sent to a third party authority to be matched, so that the efficiency of identity authentication is greatly improved, the user experience is improved, and the network resources are saved. Meanwhile, by adopting the real-name authentication scheme, the real-name authentication can be completed for users with third-party authority information missing, such as overseas users, and the real-name authentication requirements of the users are met.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the specification.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present specification, and other drawings can be obtained by those skilled in the art according to the drawings.
Fig. 1 is a flowchart illustrating a real-name authentication method according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of a method for acquiring identity information of a document according to an embodiment of the present disclosure;
fig. 3 is a flowchart illustrating an embodiment of a real-name authentication method according to an embodiment of the present disclosure;
fig. 4a is a schematic structural diagram of a real-name authentication device according to an embodiment of the present disclosure;
fig. 4b is a schematic structural diagram of another real-name authentication device according to an embodiment of the present disclosure;
fig. 4c is a schematic structural diagram of another real-name authentication device according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an apparatus for configuring a device according to an embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the embodiments of the present specification, the technical solutions in the embodiments of the present specification will be described in detail below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of protection.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
Real-name authentication is a verification means for the authenticity of user information by each large service platform. After the real-name authentication is passed, it is stated that the authenticity and security of the user can be ensured to some extent, so that more rights can be opened to the user.
The typical real-name authentication process at present is as follows: the service platform acquires information to be authenticated (such as identity card information, real-time acquired fingerprints, face information and the like) input by a user, and sends the acquired information to be authenticated to a third party authority (such as a public security organization); the third party authority uses the real information prestored in the database to match the information to be authenticated and returns the matching result to the service platform; and the service platform determines whether the user passes the real-name authentication according to the returned result. The first stage is to determine whether the identity information (such as certificate number, name and other information) input by the user is matched with the pre-stored identity information, and if so, the identity information input by the user can be determined to be legal; in the second stage, the pre-stored biological characteristic information (face information or fingerprint information and the like) is searched according to the identity information input by the user, and after the biological characteristic information is obtained, the pre-stored biological characteristic information and the biological characteristic information obtained in real time are used for matching so as to determine that the operation is the personal operation. The real-name authentication process is completed through two stages of matching.
Therefore, at present, the service platform needs to send the acquired information to be authenticated to the third party authority for matching, and needs to return a matching result after the third party authority is matched to determine whether the user passes the real-name authentication. In practical applications, it is found that a certain delay may exist in the authentication process, which results in low user experience, for example, after the user uploads the information to be authenticated, the user needs to wait for several hours or even one day before determining whether the authentication is successful. Meanwhile, the service platform needs to send the information to the third party authority and also needs to receive the information returned by the third party authority, so that more network resources are consumed when too many users perform identity authentication.
In addition, the scheme of real-name authentication is realized on the basis that the third-party authority has a real information database, and if the third-party authority does not have real information of some users, identity authentication cannot be realized. For example, since the real information of the overseas user is not stored in the domestic public security agency, the overseas user cannot be authenticated with the real name.
In view of the above problems, the present specification proposes:
when the identity authentication is carried out on the user to be authenticated, the user to be authenticated is allowed to provide the identity document for proving the identity of the user to be authenticated, the document biological characteristic information in the identity document is acquired, meanwhile, the corresponding biological characteristic information to be authenticated of the user to be authenticated is acquired, whether the acquired biological characteristic information to be authenticated is matched with the document biological characteristic information in the identity document is judged, and whether the user passes the real-name authentication or not can be determined according to the result.
As shown in fig. 1, the technical solutions provided in the embodiments of the present description are as follows:
s101, acquiring the biological characteristic information of the identity document carried in the identity document according to the identity document provided by the user to be authenticated;
according to the operation of the user to be authenticated, when it is determined that the user to be authenticated needs real-name authentication, corresponding prompt text may be displayed in the interactive interface to prompt the user to provide an identity document, for example, "please provide your identity document for real-name authentication", although prompt text and prompt voice may also be in a voice form, and the prompt text and the prompt voice may also be other specific contents, which is not limited in this specification.
After the user to be authenticated is prompted to provide the identity document, the preset acquisition module can be utilized to acquire the document biological characteristic information carried in the identity document. It should be noted that the identity document should not be understood as a narrow sense as a fixed format of some kind of identity document, but rather as a broad sense of all entity documents that can be recognized by a certificate authority as being able to prove the identity of a user. For example, the identity document in this specification may be a passport, an identity card, a driver's license, a regional pass, a bank card, a military officer's license, or other valid document.
In this step, the biometric information of the document carried in the identity document can be acquired by adopting various information acquisition modes:
for example, various identity documents have NFC chips built therein, such as passports, booths pass, second-generation identity cards, etc., of various countries, and the chips generally store biometric information and identity information of users, and may store at least one of biometric information, such as face information, fingerprint information, iris information, voiceprint information, etc., of the users. A typical example is a passport eMRTA (electronic-Machine Readable Travel Documents) with a built-in electronic micro-processing chip supporting radio frequency identification, which is commonly used internationally, and the chip stores basic identity information and biometric information of a holder, wherein the face information is the biometric information compulsorily required in the chip.
As shown in fig. 2, in the case that the terminal device has the NFC function, the user may be prompted to bring the terminal device close to the identity document;
and calling the NFC module, and reading at least one type of biological characteristic information carried in the identity document provided by the user to be authenticated.
For example, the identity document provided by the user to be authenticated carries three kinds of biometric information, namely face information, fingerprint information and voiceprint information, and the three kinds of biometric information can be read by calling the NFC module, or at least one kind of biometric information can be read for matching of real-name authentication, for example, only the face information is read.
In addition, the mode of acquiring the document biological characteristic information carried in the identity document provided by the user to be authenticated can also be a mode of calling a camera module to acquire the image information of the identity document, and then extracting the user portrait information in the identity document image by using a preset identity document image recognition algorithm. The image information of the identity document can be obtained by calling the camera to shoot, and the user can be allowed to provide the picture of the identity document stored in advance to directly obtain the image information of the identity document stored in advance by the user.
Of course, the two modes can be combined, namely, the NFC module is called to read the built-in NFC chip in the identity document to obtain the biological characteristic information, the camera module is called to obtain the image information of the identity document, and the user portrait information in the image is extracted. All the biometric information obtained in the two ways is used as the biometric information for real-name authentication matching.
In addition, the identity information carried in the identity document can be acquired while the biological characteristic information is acquired. For example, the identity information can be simultaneously read while the biometric information is read by calling the NFC module, or the image information of the identity document is obtained by calling the camera module, and then the identity information in the identity document image is extracted while the user portrait information in the identity document image is extracted by using a preset identity document image recognition algorithm.
S102, calling a biological characteristic information acquisition module corresponding to the type of the acquired certificate biological characteristic information according to the type of the acquired certificate biological characteristic information, and acquiring the to-be-authenticated biological characteristic information provided by the to-be-authenticated user in real time;
in S101, the identity document provided by the user to be authenticated is not limited to a specific type of identity document, and biometric information of documents carried in different identity documents may be different, for example, biometric information of a document carried in an identity document of type a is fingerprint information, and biometric information carried in an identity document of type B is face information and voiceprint information.
Therefore, the biometric information to be authenticated acquired in this step is not a fixed type of biometric information, but it is required to first know what type of biometric information is acquired from the identity document provided by the user to be authenticated in S101, and then, according to the acquired document biometric information, a corresponding information acquisition module is pertinently and intelligently invoked to acquire the same type of biometric information to be authenticated of the user to be authenticated.
For example, if the biometric information of the certificate acquired in S101 is fingerprint information, the fingerprint acquisition module may be invoked to acquire the fingerprint information of the user in real time, and the acquisition may be performed by displaying a fingerprint input interface in the interactive interface, prompting the user to input the fingerprint information, and acquiring the fingerprint information of the user after the user inputs the fingerprint information according to the instruction.
If the certificate biometric information acquired in S101 is face information, the face information acquiring module may be called to acquire the face information of the user in real time, and in this way, in order to further improve the security of the whole real-name authentication, when the face information acquiring module is called to acquire the face information of the user in a living body authentication manner, the face information provided by the user to be authenticated is determined to be the living body face information, for example, corresponding prompt text may be displayed in an interactive interface when the face information is acquired, or a voice output prompt tone indicates the user to be authenticated to perform actions such as turning around, blinking, opening the mouth, and the like, so as to perform the living body authentication on the user to be authenticated.
If the biometric information of the certificate acquired in S101 is voiceprint information, the voiceprint information acquisition module may be invoked to acquire the voiceprint information of the user, and prompt text may be displayed in the interactive interface, for example, a section of text is displayed and the user to be authenticated is prompted to read the section of text aloud, for example, the displayed text may be "please read the following text XXX aloud". After the user to be authenticated reads aloud, the voiceprint information acquisition module can be called to acquire the voice read aloud by the user in real time, and the voiceprint information in the voice is extracted.
In addition, if in S101, a variety of certificate biometric information is acquired, such as face information, fingerprint information, and voiceprint information from an identity certificate.
In this step, the face acquisition module, the fingerprint acquisition module and the voiceprint acquisition module can be sequentially called to respectively acquire the face information, the fingerprint information and the voiceprint information of the user to be authenticated.
In addition, one or more types of biometric information in the acquired multiple types of certificate biometric information can be determined to be used for matching of real-name authentication. For example, only the face information may be selected as the biometric information for matching of the real-name authentication, at this time, only the face information acquisition module needs to be called to acquire the face information of the user, and one of the face information is selected as the matching information of the real-name authentication, so that the efficiency of the whole real-name authentication can be further improved. The face information and the fingerprint information can also be selected as biological characteristic information for real-name authentication matching, at least two kinds of biological characteristic information are selected as matching information for real-name authentication, and when the at least two kinds of biological characteristic information are successfully matched, it is determined that the user to be authenticated passes through the real-name authentication, so that the safety of the whole real-name authentication can be further improved.
When a plurality of kinds of certificate biometric information are acquired, the selection of one kind of the certificate biometric information or the matching of the plurality of kinds of the certificate biometric information for real-name authentication may be selectively set according to actual requirements, which is not limited in the present specification.
In addition, if it is determined that matching is performed using only one type of biometric information in this step, only one type of certificate biometric information may be acquired in S101 to further reduce processing resources.
Therefore, after the biometric information of the certificate is acquired according to the identity certificate provided by the user to be authenticated in the step, the corresponding information acquisition module can be further called to acquire the biometric information of the user to be authenticated according to the acquired type of the biometric information of the certificate, so that the method can be suitable for various types of identity certificates, and the real-name authentication requirements of various users are met.
S103, judging whether the certificate biological characteristic information and the biological characteristic information to be authenticated are matched, and determining whether the user passes real-name authentication according to a matching result.
After the certificate biological characteristic information in the identity certificate and the to-be-authenticated biological characteristic information of the to-be-authenticated user are acquired, whether the acquired certificate biological characteristic information and the to-be-authenticated biological characteristic information are matched or not can be further judged, whether each item of information is successfully matched or not can refer to a biological characteristic information matching mode in the existing mode, for example, when the matching degree exceeds a preset threshold value, the matching is determined to be successful, and when the matching degree is lower than the threshold value, the matching is determined to be failed, and the like. The description does not limit how the matching is performed. If the real-name authentication is determined to be successful, the identity information acquired from the identity document provided by the user to be authenticated can be further associated with the account of the user, and the corresponding authority is opened for the user.
In connection with the example in S102 described above, if a plurality of kinds of certificate authentication information and a corresponding plurality of kinds of information to be authenticated are acquired, for example, the acquired authentication information is face information, fingerprint information, and voiceprint information. In this step, each item of authentication information needs to be matched respectively, if each item is matched successfully, it is determined that the user to be authenticated passes the real-name authentication, and if one item is matched unsuccessfully, it is determined that the user to be authenticated does not pass the real-name authentication.
After the matching is successful, the user to be authenticated can be determined to pass the real-name authentication, and then the corresponding authority can be opened for the user to use.
In addition, if the matching fails, it is determined that the user to be authenticated does not pass the real-name authentication, at this time, a prompt text may be output in the interactive interface to notify the user to be authenticated, so as to prompt the user to perform the real-name authentication again, and the process of re-authentication may be the step of re-executing the above S102 to S103, which is not described herein again. Meanwhile, the number of times of re-authentication, that is, an upper threshold of the number of times of allowing the user to be authenticated to perform real-name authentication, may be set here. For example, if the upper threshold of the number of times of allowing the user to be authenticated to perform real-name authentication is set to 3 times, the user may be allowed to perform real-name authentication 2 times after the first failure, and the function of real-name authentication of the user to be authenticated is directly turned off after the 3 rd real-name authentication failure. By adopting the method, the influence of malicious users on system resources can be reduced as much as possible, and the safety of the service platform is improved.
In addition, the matching process may be executed locally by the client, or may be executed by the server of the service side by uploading the acquired certificate biometric information and the biometric information to be authenticated to the server of the service side by the client and executing the matching by the server of the service side.
Of course, different schemes may be adopted in a specific scenario, for example, in the case of a poor current network environment, a local matching manner is adopted, and in the case of a better current network environment, the matching is performed by uploading the result to a server.
Or, when the processing performance of the terminal device of the user is detected to be poor, the terminal device of the user is uploaded to the server for matching, and when the processing performance of the terminal device of the user is detected to be good, the terminal device of the user is locally matched.
Different matching modes are adopted in different scenes, so that the efficiency of real-name authentication can be further improved, and the user experience is further improved.
By adopting the technical scheme provided by the embodiment of the specification, when the identity authentication is carried out on the user to be authenticated, the user to be authenticated is allowed to provide the identity document for proving the identity of the user to be authenticated, the biological characteristic information of the document in the identity document is acquired, the corresponding biological characteristic information to be authenticated of the user to be authenticated is acquired at the same time, whether the acquired biological characteristic information to be authenticated is matched with the biological characteristic information of the document in the identity document is judged, and whether the user passes the real-name authentication can be determined according to the matching result. By adopting the real-name authentication scheme, the acquired information to be authenticated does not need to be sent to a third party authority to be matched, so that the real-name authentication efficiency is greatly improved, the user experience is improved, and the network resources are saved. Meanwhile, by adopting the authentication scheme, the real-name authentication can be completed for users with missing third-party authority information, such as overseas users, so that the real-name authentication requirements of the users are met.
In S101, if the biometric information in the NFC chip is embedded in the identity document provided by the user to be authenticated and read by calling the NFC module, the biometric information in the NFC chip is read, and the text information stored in the NFC chip can also be read, where the text information may include basic identity information of the user, such as name, gender, birth date, academic calendar, certificate number, nationality, and other information; it is also possible to include text information for identity authentication preset by the user, for example, the text information for authentication preset by the user may be text information in a question-answer form known only to the user himself, for example, the question is: "what the name of my kitten calls" and the answer is "whitish".
The NFC module is called to read the biological characteristic information in the chip, and meanwhile, the basic information in the text information and the information which is preset by the user and used for identity authentication can also be read.
Correspondingly, in S102, in addition to invoking the corresponding biometric information obtaining module to obtain the biometric information of the user, prompt information may be displayed in the interactive interface to prompt the user to input the corresponding text information to be authenticated. In addition, in order to improve the security and avoid a malicious user from using the identity document of another person to perform real-name authentication, the text information to be authenticated, which is prompted to be input by the user, should avoid the text information which is displayed on the surface of the identity document in a text form as much as possible, for example, the text information to be authenticated, which is prompted to be input by the user, should avoid the following basic identity information, such as name, sex, date of birth, and the like, as much as possible, and also should avoid information which can be directly obtained from the information, such as age and the like.
In connection with the above example, the user may be prompted to enter a calendar not shown on the surface of the identity document; and preset information read from the chip for identity authentication can be displayed, and a user is prompted to input a corresponding answer. In connection with the above example, there may be shown in the interactive interface "what is the name of my kitten? "
Accordingly, in S103, it is determined whether the biometric information of the certificate and the biometric information to be authenticated match, and it is also determined whether the text information input by the user matches the text information read from the certificate. In connection with the above example, the question presented in S102, for example, is "what is the name of my kitten? ", the content of the acquired user input is" small white ". In this step, it is determined whether the user's input "small white" matches the read information, and if the biometric information matches and the text information matches, it is determined that the user passes the real-name authentication.
In the embodiment, the biometric information and the text information are matched, so that the safety of real-name authentication of the user is further improved.
In addition, it should be noted that in the step S101, when information in an identity document provided by a user to be authenticated is acquired, even if matching is performed without using text information, text information can still be acquired, and after authentication is passed, the acquired text information and biometric information are correspondingly stored in a database to retain information of the user.
The triggering condition of the real-name authentication, that is, the triggering condition of S101, may be executed when it is detected that the user has a real-name authentication requirement, or may be provided to a selection interface of a real-name authentication manner for the user, and the user may select a real-name authentication manner based on the interface, that is, may select real-name authentication based on an identity document, or may select real-name authentication based on a database of a third-party authority. And when the user selects to carry out authentication based on the identity document, executing the steps of the real-name authentication method. Two real-name authentication modes are provided for users, the users can select the authentication mode according to the actual conditions of the users, for example, overseas users can select authentication based on identity documents, and domestic users can select authentication based on a database of a third party authority or identity documents.
Fig. 3 is a flowchart illustrating a specific embodiment of a real-name authentication method described in this specification, and the real-name authentication method described in this specification is described as a specific embodiment with reference to fig. 3.
S301, when it is determined that a user to be authenticated has a real-name authentication requirement, calling an NFC module to acquire biological characteristic information and text information in an identity document built-in chip provided by the user to be authenticated, wherein the acquired biological characteristic information specifically includes fingerprint information and face information, the text information is basic identity information of the user, and text information in a question-and-answer form preset by the user, and the text information in the question-and-answer form specifically includes: the problems are as follows: "what is the name of my kitten" and the answer is "pinkish".
S302, a fingerprint obtaining module is called to obtain fingerprint information of a user to be authenticated, a face obtaining module is called to obtain face information of the user, and question text information 'what the name of the kitten is' is displayed in an interactive interface to obtain answers input by the user.
And S303, respectively matching the face information, the fingerprint information and the text information. If the matching is successful, S304 is executed, and if one of the matching items fails to match, S306 is executed.
S304, determining that the real-name authentication of the user to be authenticated is successful, opening corresponding authority for the user, and storing the acquired certificate information in a database so as to retain the user information of the user.
S306, judging whether the number of times of user real-name authentication failure exceeds a preset threshold, if so, executing S307, if not, executing S302, re-acquiring the information to be authenticated of the user to be authenticated, and continuing executing S303 until the number of times of matching success or matching failure exceeds the preset threshold.
S307, when the number of times of matching failure of the user to be authenticated exceeds a preset threshold value, directly forbidding the user to be authenticated to carry out real-name authentication.
By adopting the real-name authentication method shown in the embodiment of the specification, the real-name authentication efficiency of the user to be authenticated can be improved, various authentication information can be matched, and the matching failure is determined under the condition that any one authentication information is not matched successfully, so that the safety of real-name authentication can be further improved.
The following describes a real-name authentication method proposed in the present specification, by way of another specific example:
with the globalization development, the service platform has some overseas users, and since the public security database does not have the real information of the overseas users, real-name authentication cannot be performed on the users.
Therefore, the scheme of the specification can be adopted to acquire the basic information and the face information in the eRTD chip provided by the overseas user, and the face acquisition module is called to acquire the face information of the overseas user and acquire the input basic information.
And matching the acquired face information and the basic information, and determining that the overseas user passes real-name authentication if the face information and the basic information are successfully matched.
Therefore, the real-name authentication requirement of overseas users can be met by the method.
Corresponding to the real-name authentication method, the specification also provides a real-name authentication device.
Referring to fig. 4a, a schematic diagram of a real-name authentication device is provided for the present specification,
the certificate information acquisition module 410 is used for acquiring the certificate biological characteristic information carried in the identity certificate according to the identity certificate provided by the user to be authenticated;
the to-be-authenticated information acquisition module 420 is configured to call a biometric information acquisition module corresponding to the type of the certificate biometric information acquired by the certificate information acquisition module 410, and acquire the to-be-authenticated biometric information provided by the to-be-authenticated user in real time;
and the judging module 430 is configured to judge whether the certificate biometric information and the biometric information to be authenticated are matched, and determine whether the user passes real-name authentication according to a matching result.
As shown in fig. 4b, in one embodiment, the identity document has a built-in NFC chip in which at least one biometric information is stored;
the certificate information obtaining module 410 is specifically configured to invoke the NFC module 440 to read at least one piece of biometric information carried in the identity certificate.
In an embodiment, the to-be-authenticated information obtaining module 420 is further configured to, when the certificate information obtaining module 410 reads at least two types of biometric information from the identity certificate, determine one or more types of biometric information from the read at least two types of biometric information, and invoke a biometric information obtaining module corresponding to the determined type to obtain, in real time, the to-be-authenticated biometric information provided by the to-be-authenticated user.
In one embodiment, the built-in NFC chip further stores text information for identifying a user identity;
the certificate information acquisition module 410 is further configured to read text information in the identity certificate;
the information to be authenticated acquisition module 420 is further configured to prompt the user to input corresponding text information to be authenticated according to the text information content acquired by the certificate information acquisition module 410;
the judging module 430 is further configured to judge whether the content input by the user matches the read content, and determine whether the user passes real-name authentication according to a matching result.
As shown in fig. 4c, in an embodiment, the document information acquiring module 410 is further configured to invoke the camera module 450 to acquire an image of the identity document; and extracting user portrait information in the identity document image by using a preset identity document image recognition algorithm.
The implementation processes of the functions and actions of the components in the above device are specifically described in the implementation processes of the corresponding steps in the above method, and are not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described apparatus embodiments are merely illustrative. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
Embodiments of the present specification also provide a computer device, which at least includes a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the aforementioned method when executing the program. The method at least comprises the following steps:
acquiring the biological characteristic information of the certificate carried in the identity certificate according to the identity certificate provided by the user to be authenticated;
calling a biological characteristic information acquisition module corresponding to the type according to the type of the acquired certificate biological characteristic information, and acquiring the biological characteristic information to be authenticated provided by the user to be authenticated in real time;
and judging whether the certificate biological characteristic information and the biological characteristic information to be authenticated are matched, and determining whether the user passes real-name authentication according to a matching result.
Fig. 5 is a schematic diagram illustrating a more specific hardware structure of a computing device according to an embodiment of the present disclosure, where the computing device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
Bus 1050 includes a path that transfers information between various components of the device, such as processor 1010, memory 1020, input/output interface 1030, and communication interface 1040.
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
Embodiments of the present specification also provide a computer-readable storage medium on which a computer program is stored, which when executed by a processor implements the foregoing method. The method at least comprises the following steps:
acquiring the biological characteristic information of the certificate carried in the identity certificate according to the identity certificate provided by the user to be authenticated;
calling a biological characteristic information acquisition module corresponding to the type according to the type of the acquired certificate biological characteristic information, and acquiring the biological characteristic information to be authenticated provided by the user to be authenticated in real time;
and judging whether the certificate biological characteristic information and the biological characteristic information to be authenticated are matched, and determining whether the user passes real-name authentication according to a matching result.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
From the above description of the embodiments, it is clear to those skilled in the art that the embodiments of the present disclosure can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the embodiments of the present specification may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments of the present specification.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to some descriptions of the method embodiment for relevant points. The above-described apparatus embodiments are merely illustrative, and the modules described as separate components may or may not be physically separate, and the functions of the modules may be implemented in one or more software and/or hardware when implementing the embodiments of the present disclosure. And part or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The foregoing is only a specific embodiment of the embodiments of the present disclosure, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the embodiments of the present disclosure, and these modifications and decorations should also be regarded as the protection scope of the embodiments of the present disclosure.

Claims (11)

1. A method of real name authentication, comprising:
acquiring the biological characteristic information of the certificate carried in the identity certificate according to the identity certificate provided by the user to be authenticated;
calling a biological characteristic information acquisition module corresponding to the type according to the type of the acquired certificate biological characteristic information, and acquiring the biological characteristic information to be authenticated provided by the user to be authenticated in real time;
and judging whether the certificate biological characteristic information and the biological characteristic information to be authenticated are matched, and determining whether the user passes real-name authentication according to a matching result.
2. The method of claim 1, wherein the first and second light sources are selected from the group consisting of,
the identity document is provided with a built-in NFC chip, and at least one type of biological characteristic information is stored in the chip;
the acquiring of the certificate biological characteristic information carried in the identity certificate comprises the following steps: and calling an NFC module, and reading the at least one piece of biological characteristic information carried in the identity document.
3. The method according to claim 2, wherein, when at least two types of biometric information are read from the identity document, the invoking of the biometric information acquisition module corresponding to the type of the biometric information acquisition module acquires the biometric information to be authenticated provided by the user to be authenticated in real time, and the method includes:
and determining one or more biological characteristic information types for real-name authentication from the read at least two biological characteristic information types, calling a biological characteristic information acquisition module corresponding to the determined type, and acquiring the biological characteristic information to be authenticated provided by the user to be authenticated in real time.
4. The method of claim 2, wherein the built-in NFC chip further stores text information for identifying the identity of a user; the method further comprises the following steps:
reading the text information in the identity document;
prompting a user to input corresponding text information to be authenticated according to the acquired text information content;
and judging whether the input content of the user is matched with the read content or not, and determining whether the user passes real-name authentication or not according to a matching result.
5. The method of claim 1, said obtaining document biometric information carried in the identity document, comprising:
calling a camera module to acquire an image of the identity document;
and extracting user portrait information in the identity document image by using a preset identity document image recognition algorithm.
6. A real-name authentication apparatus comprising:
the certificate information acquisition module is used for acquiring the biological characteristic information of the certificate carried in the identity certificate according to the identity certificate provided by the user to be authenticated;
the system comprises a to-be-authenticated information acquisition module, a to-be-authenticated information acquisition module and a to-be-authenticated information acquisition module, wherein the to-be-authenticated information acquisition module is used for calling a biological characteristic information acquisition module corresponding to the type of the certificate biological characteristic information acquired by the certificate information acquisition module and acquiring the to-be-authenticated biological characteristic information provided by the to-be-authenticated user in real time;
and the judging module is used for judging whether the certificate biological characteristic information and the biological characteristic information to be authenticated are matched and determining whether the user passes real-name authentication according to a matching result.
7. The apparatus of claim 6, wherein the first and second electrodes are disposed on opposite sides of the substrate,
the identity document is provided with a built-in NFC chip, and at least one type of biological characteristic information is stored in the chip;
the certificate information acquisition module is specifically used for calling the NFC module and reading at least one type of biological characteristic information carried in the identity certificate.
8. The apparatus of claim 7, wherein the first and second electrodes are disposed on opposite sides of the substrate,
the information acquisition module to be authenticated is further configured to, when the certificate information acquisition module reads at least two types of biometric information from the identity certificate, determine one or more biometric information types for real-name authentication from the at least two types of biometric information read, and call the biometric information acquisition module corresponding to the determined type to acquire, in real time, biometric information to be authenticated provided by the user to be authenticated.
9. The device of claim 7, wherein the built-in NFC chip further stores text information for identifying the identity of a user;
the certificate information acquisition module is also used for reading the text information in the identity certificate;
the information acquisition module to be authenticated is also used for prompting a user to input corresponding text information to be authenticated according to the text information content acquired by the certificate information acquisition module;
the judging module is also used for judging whether the input content of the user is matched with the read content or not and determining whether the user passes real-name authentication or not according to the matching result.
10. The apparatus of claim 6, wherein the first and second electrodes are disposed on opposite sides of the substrate,
the certificate information acquisition module is also used for calling the camera module to acquire the image of the identity certificate;
and extracting user portrait information in the identity document image by using a preset identity document image recognition algorithm.
11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 5 when executing the program.
CN202010484302.6A 2020-06-01 2020-06-01 Real-name authentication method and device Pending CN111611571A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010484302.6A CN111611571A (en) 2020-06-01 2020-06-01 Real-name authentication method and device
PCT/CN2021/097237 WO2021244471A1 (en) 2020-06-01 2021-05-31 Real-name authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010484302.6A CN111611571A (en) 2020-06-01 2020-06-01 Real-name authentication method and device

Publications (1)

Publication Number Publication Date
CN111611571A true CN111611571A (en) 2020-09-01

Family

ID=72204776

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010484302.6A Pending CN111611571A (en) 2020-06-01 2020-06-01 Real-name authentication method and device

Country Status (2)

Country Link
CN (1) CN111611571A (en)
WO (1) WO2021244471A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021244471A1 (en) * 2020-06-01 2021-12-09 支付宝(杭州)信息技术有限公司 Real-name authentication method and device
CN114666665A (en) * 2020-12-23 2022-06-24 深圳Tcl新技术有限公司 Certificate authentication method, storage medium and television

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114925340B (en) * 2022-02-16 2025-11-28 上海方付通科技服务股份有限公司 System for realizing unified identity authentication
CN115021901A (en) * 2022-05-17 2022-09-06 深圳市艾创电子有限公司 Electronic atomizer user identity authentication method, device and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104915645A (en) * 2015-05-30 2015-09-16 深圳市鑫通辉实业有限公司 Data processing method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101986597A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Identity authentication system with biological characteristic recognition function and authentication method thereof
CN105279641A (en) * 2014-06-12 2016-01-27 中兴通讯股份有限公司 Internet payment registration authentication and implementation methods and devices
CN108462725B (en) * 2018-05-29 2023-08-01 北京华大智宝电子系统有限公司 Electronic signature device, identity verification method and system
CN111611571A (en) * 2020-06-01 2020-09-01 支付宝(杭州)信息技术有限公司 Real-name authentication method and device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104915645A (en) * 2015-05-30 2015-09-16 深圳市鑫通辉实业有限公司 Data processing method and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021244471A1 (en) * 2020-06-01 2021-12-09 支付宝(杭州)信息技术有限公司 Real-name authentication method and device
CN114666665A (en) * 2020-12-23 2022-06-24 深圳Tcl新技术有限公司 Certificate authentication method, storage medium and television

Also Published As

Publication number Publication date
WO2021244471A1 (en) 2021-12-09

Similar Documents

Publication Publication Date Title
US10839061B2 (en) Method and apparatus for identity authentication
US12182240B2 (en) Authentication system, management device, and authentication method
US11595380B2 (en) User authentication based on RFID-enabled identity document and gesture challenge-response protocol
CN111611571A (en) Real-name authentication method and device
US9262615B2 (en) Methods and systems for improving the security of secret authentication data during authentication transactions
US9479501B2 (en) Methods and systems for enhancing the accuracy performance of authentication systems
EP1669836A1 (en) User authentication by combining speaker verification and reverse turing test
CN109510806A (en) Method for authenticating and device
CN105635113A (en) SDK-based remote service processing method and system
CN107240023A (en) client identity confirmation method, device and system
CN112948785B (en) Account authentication method, device and equipment
WO2021190070A1 (en) Biological verification method and apparatus
HK40036403A (en) Real-name authentication method and device
CN113454711A (en) Voice authentication device, voice authentication method, and recording medium
CN104967592A (en) Identity verification method, device and system thereof
WO2013182252A1 (en) Voting method
CN119207424A (en) Voiceprint processing method, device, equipment, medium and program product
CN118941293A (en) Data processing method and related device for preventing campus card from being stolen
HK40033226A (en) Biological verification method and device
HK1229571A1 (en) Method and device for identifying risk of user

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40036403

Country of ref document: HK

RJ01 Rejection of invention patent application after publication

Application publication date: 20200901

RJ01 Rejection of invention patent application after publication