CN119848819B

CN119848819B - Identity verification method and device, storage medium and electronic equipment

Info

Publication number: CN119848819B
Application number: CN202411954726.9A
Authority: CN
Inventors: 张英杰; 霍昱光; 罗恕人; 王冀康; 李文涛; 钟悦菱; 刘涛
Original assignee: Jianxin Consumer Finance Co ltd
Current assignee: Jianxin Consumer Finance Co ltd
Priority date: 2024-12-27
Filing date: 2024-12-27
Publication date: 2026-02-03
Anticipated expiration: 2044-12-27
Also published as: CN119848819A

Abstract

This application discloses an authentication method, apparatus, storage medium, and electronic device. The method includes: determining terminal device information, biometric information, environmental information, and identification document information based on a service access request sent by a target object; determining whether the terminal device meets the device access conditions based on the terminal device information; if the terminal device meets the device access conditions, sending a detection instruction to the target object to instruct it to be detected; and generating a system response message, wherein the system response message indicates whether access by the target object is permitted. The detection instruction includes at least two of the following: detection based on biometric information, detection based on environmental information, and detection based on identification document information. This application solves the technical problem of low accuracy due to a single user authentication method.

Description

Identity verification method and device, storage medium and electronic equipment

Technical Field

The present application relates to the field of computers, and in particular, to an authentication method and apparatus, a storage medium, and an electronic device.

Background

Traditional user identity verification methods are generally limited to a single dimension, such as identity verification through face recognition or certificate scanning, and the accuracy and the safety of the traditional user identity verification methods are obviously reduced and are easy to imitate by high-tech means. In other words, the limitation of the single authentication means can not effectively distinguish the true user from the counterfeiter, so that the technical problem of low accuracy caused by the single authentication means of the user exists in the related art.

In view of the above problems, no effective solution has been proposed at present.

Disclosure of Invention

The embodiment of the application provides an identity verification method and device, a storage medium and electronic equipment, which are used for at least solving the technical problem of lower accuracy caused by single user identity verification mode.

According to one aspect of the embodiment of the application, an identity verification method is provided, which comprises the steps of determining terminal equipment information, biological information, environment information and certificate information based on a service access request sent by a target object, wherein the terminal equipment information is used for indicating information corresponding to terminal equipment used by the target object, the biological information is used for indicating object characteristics of the target object, the environment information is used for indicating acquisition environment of the biological information, the certificate information is used for indicating identity characteristics of the target object, determining whether the terminal equipment meets equipment access conditions based on the terminal equipment information, and sending a detection instruction to the target object to indicate that the target object is detected when the terminal equipment meets the equipment access conditions, and generating a system response message, wherein the system response message is used for indicating whether the target object is allowed to be accessed or not, and the detection instruction comprises at least two of detection based on the biological information, detection based on the environment information and detection based on the certificate information.

According to another aspect of the embodiment of the application, an identity verification device is provided, which comprises a determining module, a generating module and a generating module, wherein the determining module is used for determining terminal equipment information, biological information, environment information and certificate information based on a service access request sent by a target object, the terminal equipment information is used for indicating information corresponding to terminal equipment used by the target object, the biological information is used for indicating object characteristics of the target object, the environment information is used for indicating acquisition environment of the biological information, the certificate information is used for indicating identity characteristics of the target object, the generating module is used for determining whether the terminal equipment meets equipment access conditions based on the terminal equipment information, and sending a detection instruction to the target object to indicate detection of the target object and generate a system response message, and the detection instruction comprises at least two of detection based on the biological information, detection based on the environment information and detection based on the certificate information.

Optionally, the apparatus is configured to determine whether the terminal device satisfies a device access condition based on the terminal device information, send a detection instruction to the target object to instruct detection of the target object if the terminal device satisfies the device access condition, generate a system response message, send a detection instruction to the target object if the terminal device satisfies the device access condition, determine a type of the target object, perform an image detection operation on an authentication image using a sample image library to determine an image detection result if the object type of the target object is a target type, wherein the authentication image is used to extract the biological information and the environmental information, the image detection result includes similarities between each sample image in the sample image library and the authentication image, and a visual tag of the target object, wherein the visual tag is used to instruct an object feature of the target object in the authentication image, perform a detection operation on the credential information to obtain the credential detection result, wherein the credential detection result is used to instruct whether the credential information corresponds to the target credential information, and generate the system response message based on the system response message.

Optionally, the device is used for generating a system response message based on the image detection result and the certificate detection result by determining an image detection characteristic value according to a target service type corresponding to the service data and the image detection result and determining a certificate detection characteristic value according to the target service type and the certificate detection result; the method comprises the steps of inquiring a target image weight value and a target certificate weight value corresponding to a target service type in a service weight mapping list, carrying out weighted summation on the image detection characteristic value and the certificate detection characteristic value by utilizing the image weight value and the certificate weight value to obtain a target detection parameter, and generating a first system response message when the value of the target detection parameter is larger than or equal to a preset scoring threshold value, wherein the first system response message indicates that the target object is allowed to be accessed, the system response message comprises the first system response message, and generating a second system response message when the value of the target detection parameter is smaller than the scoring threshold value, wherein the second system response message indicates that the target object is forbidden to be accessed, and the system response message comprises the second system response message.

Optionally, the device is used for executing image detection operation on the authentication image by using a sample image library when the object type of the target object is the target type, determining an image detection result, namely executing similarity comparison operation on the authentication image by using the sample image library to obtain a first detection result, wherein the first detection result is used for indicating the similarity between each sample image in the sample image library and the authentication image, determining the identity of the target object when the first detection result indicates that the sample image library comprises the target sample image with the similarity meeting the image authentication condition, and generating the image detection result based on the identity of the target object.

Optionally, the device is used for executing image detection operation on the authentication image by using a sample image library when the object type of the target object is the target type, determining an image detection result, namely executing source verification operation on the authentication image, determining the source of the authentication image, executing feature extraction operation on the authentication image when the source of the authentication image indicates that the authentication image is acquired by an image acquisition component associated with the terminal device, determining the biological information and the environment information, determining the visual tag according to the biological information and the environment information, and generating the image detection result based on the visual tag.

Optionally, the device is used for determining the visual tag according to the biological information and the environment information, wherein the visual tag is used for inquiring a sample biological information base according to the biological information, determining whether target sample biological information corresponding to the biological information exists in the sample biological information base or not, inquiring a sample environment information base according to the environment information, determining whether target sample environment information corresponding to the environment information exists in the sample environment information base or not, generating a first visual tag when the target sample biological information and/or the target sample environment information exists, wherein the first visual tag indicates that the target object is forbidden to be accessed, the visual tag comprises the first visual tag, and generating a second visual tag when the target sample biological information and/or the target sample environment information does not exist, wherein the second visual tag indicates that the target object is allowed to be accessed, and the visual tag comprises the second visual tag.

Optionally, the device is used for executing a certificate detection operation on the certificate information to obtain a certificate detection result, wherein a sample certificate library is queried according to the image detection result, whether target sample certificate information corresponding to the identity of the target object exists in the sample certificate library is determined, a first certificate detection result is generated when the target sample certificate information exists and the certificate information meets a preset certificate state, the first certificate detection result indicates that the target object is allowed to be accessed, the certificate detection result comprises the first certificate detection result, and a second certificate detection result is generated when the target sample certificate information does not exist and/or the certificate information does not meet the preset certificate state, wherein the second certificate detection result indicates that the target object is forbidden to be accessed, and the certificate detection result comprises the second certificate detection result.

According to a further aspect of embodiments of the present application, there is also provided a computer readable storage medium having a computer program stored therein, wherein the computer program is arranged to perform the above-described authentication method when run.

According to yet another aspect of embodiments of the present application, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions, causing the computer device to perform the authentication method as above.

According to yet another aspect of the embodiments of the present application, there is also provided an electronic device including a memory in which a computer program is stored, and a processor configured to execute the above-described authentication method by the computer program.

In the embodiment of the application, the mode of comprehensively determining the terminal equipment information, the biological information, the environment information and the certificate information by adopting the service access request sent based on the target object is adopted, and the purposes of improving the accuracy and the safety of the identity verification and effectively resisting malicious behaviors are achieved through multi-dimensional information cross verification, so that the remarkable improvement of the identity verification technology is realized, the efficient access to a service system is ensured, and the technical problems of low accuracy and easiness in counterfeiting of the user identity verification in the traditional single verification mode are effectively solved by comprehensively considering the safety state of the target object equipment, the uniqueness of personal biological characteristics, the actual condition of the acquisition environment and the validity of the certificate information.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:

FIG. 1 is a schematic illustration of an application environment of an alternative authentication method according to an embodiment of the present application;

FIG. 2 is a flow chart of an alternative authentication method according to an embodiment of the present application;

FIG. 3 is a schematic diagram of an alternative authentication method according to an embodiment of the present application;

FIG. 4 is a schematic diagram of an alternative authentication device according to an embodiment of the present application;

FIG. 5 is a schematic diagram of the structure of an alternative authentication product according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of an alternative electronic device according to an embodiment of the present application.

Detailed Description

In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.

It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

The application is illustrated below with reference to examples:

According to an aspect of the embodiment of the present application, there is provided an authentication method, optionally, in this embodiment, the authentication method described above may be applied to a hardware environment constituted by the server 101 and the terminal device 103 as shown in fig. 1. As shown in fig. 1, the server 101 is connected to the terminal device 103 through a network, and may be used to provide services for the terminal device or an application installed on the terminal device, and the application 107 may be a video application, an instant messaging application, a browser application, an educational application, a game application, or the like. The database 105 may be provided on a server or independent of the server, and may be used to provide a data storage service for the server 101, for example, a game data storage server, where the above network may include, but is not limited to, a wired network, a wireless network, where the wired network includes a local area network, a metropolitan area network, and a wide area network, where the wireless network includes a bluetooth, WIFI, and other networks implementing wireless communication, and the terminal device 103 may be a terminal configured with an application program, and may include, but is not limited to, at least one of a Mobile phone (such as an Android Mobile phone, an iOS Mobile phone, etc.), a notebook computer, a tablet computer, a palm computer, a MID (Mobile INTERNET DEVICES, a Mobile internet device), a PAD, a desktop computer, a smart television, a smart voice interaction device, a smart home appliance, a vehicle-mounted terminal, an aircraft, a Virtual Reality (VR) terminal, an augmented Reality (Augmented Reality, an AR) terminal, a Mixed Reality (MR) terminal, etc., where the above server may be a single server, or may be a cloud server.

As shown in connection with fig. 1, the above-mentioned authentication method may be performed by an electronic device, which may be a terminal device or a server, and the above-mentioned authentication method may be implemented by the terminal device or the server, respectively, or by both the terminal device and the server.

The above is merely an example, and the present embodiment is not particularly limited.

Optionally, as an optional embodiment, as shown in fig. 2, the above-mentioned identity verification method includes:

S202, determining terminal equipment information, biological information, environment information and certificate information based on a service access request sent by a target object, wherein the terminal equipment information is used for indicating information corresponding to terminal equipment used by the target object, the biological information is used for indicating object characteristics of the target object, the environment information is used for indicating acquisition environment of the biological information, and the certificate information is used for indicating identity characteristics of the target object;

optionally, in the embodiment of the present application, the terminal device information refers to device-related data used when the target object performs service access, including but not limited to a device model, an operating system version, an IP address, an MAC address, and the like, for evaluating security and legitimacy of the device, the biological information refers to individual biological feature data of the target object, including but not limited to a face image, an iris scan, a fingerprint template, a voiceprint feature, and the like, the environment information refers to an ambient environment state when the biological information is acquired, including but not limited to a light condition, a noise level, geographic location information, and the like, and the credential information refers to identification material provided by the target object, including but not limited to an identification card, a passport, an image of a driving license, or data, and legal identity information for checking the target object.

It should be noted that, in the implementation, the terminal device information may be acquired in various manners, for example, the terminal device information may be automatically reported through detection software built in the device, or extracted from a device management service after the authorization of the target object, the biological information may be acquired through a front-end camera, a microphone or dedicated biological recognition hardware, the environmental information may be collected through a device sensor or a third party service interface, and the verification of the certificate information may involve data verification with a third party system. The application is not limited thereto and various embodiments are within the scope of the application.

The system receives a service access request of a target object, then automatically or under the coordination of the target object, respectively collects and analyzes terminal equipment information, biological information, environment information and certificate information, and then comprehensively judges the identity of the target object based on the multidimensional information to ensure the safety and compliance of service access.

S204, determining whether the terminal equipment meets the equipment access condition based on the terminal equipment information, and sending a detection instruction to the target object to instruct to detect the target object under the condition that the terminal equipment meets the equipment access condition, so as to generate a system response message, wherein the system response message is used for indicating whether the target object is allowed to be accessed or not, and the detection instruction comprises at least two of detection based on biological information, detection based on environment information and detection based on certificate information.

Optionally, in the embodiment of the present application, the device access condition refers to a terminal device security standard preset by a system, including but not limited to whether the device is infected by a virus, whether the device is located in a fraudulent high-rise area, whether the device hardware is normal, whether a trusted network is connected, etc., the system response message refers to a decision notification generated by the system according to terminal device information and a subsequent detection result, including but not limited to access authority grant, access authority rejection, and further manual verification need, etc., where the detection instruction refers to an instruction that the system requires the target object to execute to acquire biological information, environmental information, or certificate information, including but not limited to face recognition, environmental sound acquisition, identity card photo uploading, etc.

It should be noted that, in specific implementation, the setting of the access condition of the device may be flexibly adjusted to adapt to the security requirements of different service scenarios, for example, in high-risk service, a stricter security inspection standard may be set. Meanwhile, the form and the content of the system response message are customized according to the actual application scene, so that the accuracy and timeliness of information transmission are ensured. The application is not limited in this regard.

The system analyzes the terminal device information of the target object based on the received service access request, judges whether the device meets the preset access condition, sends a detection instruction to the target object after confirming the safety of the device, and requires to provide at least two types of information (such as biological information and certificate information), and comprehensively analyzes all the information after the target object completes the information provision according to the instruction to generate a system response message to decide whether to allow the access.

In an exemplary embodiment, taking an application scenario of consuming a financial loan application as an example, when a system receives a loan application request of a user, firstly, detecting through terminal equipment information to confirm that user equipment does not start proxy service and is not root and is located in a secure network environment, after the equipment meets an access condition, sending a detection instruction to the user to require the user to conduct face recognition and upload an identity card photo, enabling the user to conduct face capture on a camera and simultaneously submitting the front and back face pictures of the identity card, comprehensively judging the identity of the user through the identification face made by biological information and identity card authenticity verification made by certificate information by the system, combining with security assessment of environment information, generating a system response message allowing access by the system if all detection results are displayed as true and abnormal, otherwise, generating a response message refusing access by the system to prompt the user to check the accuracy of the equipment and the information or starting a manual auditing flow to ensure the security and compliance of service operation.

In an exemplary embodiment, fig. 3 is a schematic diagram of an alternative authentication method according to an embodiment of the present application, and a flowchart of an embodiment of the present application may be shown in fig. 3.

According to the embodiment of the application, the mode of comprehensively determining the terminal equipment information, the biological information, the environment information and the certificate information by adopting the service access request sent based on the target object is adopted, and the purposes of improving the identity verification accuracy and the safety and effectively resisting malicious behaviors are achieved through multi-dimensional information cross verification, so that the remarkable improvement of the identity verification technology is realized, the efficient access to the service system is ensured, and the technical problems of low user identity verification accuracy and easiness in counterfeiting under the traditional single verification mode are effectively solved by comprehensively considering the safety state of the target object equipment, the uniqueness of personal biological characteristics, the actual condition of the acquisition environment and the validity of the certificate information.

As an alternative scheme, the method comprises the steps of determining whether the terminal equipment meets equipment access conditions based on the terminal equipment information, sending a detection instruction to the target object to instruct detection of the target object when the terminal equipment meets the equipment access conditions, and generating a system response message, wherein the method comprises the steps of sending the detection instruction to the target object to determine the type of the target object when the terminal equipment meets the equipment access conditions, executing an image detection operation on an authentication image by using a sample image library to determine an image detection result when the object type of the target object is the target type, wherein the authentication image is used for extracting the similarity between each sample image and the authentication image in the sample image library, and the visual tag of the target object, wherein the visual tag is used for indicating the object characteristics of the target object in the authentication image, and obtaining a certificate detection result, wherein the detection result is used for indicating whether the certificate information corresponds to the target certificate, and the system response message is generated based on the certificate detection result.

Optionally, in the embodiment of the present application, the type of the target object refers to classification of the target object after the system passes the preliminary verification, including but not limited to a new user, an existing user, a high risk user, etc., and the sample image library refers to an image set storing biological information and environmental information of a legal user, and is used for comparing authentication images provided by the target object, including but not limited to images of users with successful historical identity verification, official issued environmental reference images, etc.

It should be noted that, in the implementation process, the determination of the target object type may be implemented in various manners based on device information, historical behavior data or preset rules, and the construction of the sample image library should include a wide and representative image sample to cover biological features and environmental features in different scenes. The document detection operation may involve multiple steps of image sharpness verification, document authenticity identification, information to target object consistency ratio, etc. The application is not limited in this regard.

In an exemplary embodiment, taking an application scenario of online account opening as an example, when a system receives an account opening request sent by a new user through a mobile phone of the new user, firstly, confirming that equipment is not shot and VPN is not used according to terminal equipment information, and network environment is safe, sending a detection instruction to the new user by the system, indicating the new user to shoot a face and upload an identity card photo, finishing face authentication by the new user in front of a camera, submitting front and back images of the identity card, comparing the face with environment information by a sample image library, determining the authenticity of the face and the environment information, generating an image detection result comprising a similarity score and a visual tag, simultaneously, performing certificate detection operation on the identity card photo by the system, verifying the accuracy and consistency of the information, obtaining a certificate detection result, and finally, comprehensively evaluating the system based on the image detection result and the certificate detection result, generating a system response message, and if all detection results are confirmed correctly, the system response message indicates that the new user is allowed to finish online account opening process.

According to the embodiment of the application, the accuracy and the safety of identity confirmation are improved by adopting a multi-dimensional information cross-validation mode, and the technical effect of effectively preventing fraud of a black ash production organization is achieved.

The method comprises the steps of determining an image detection characteristic value according to a target service type corresponding to service data and the image detection result, determining a certificate detection characteristic value according to the target service type and the certificate detection result, inquiring a target image weight value and a target certificate weight value corresponding to the target service type in a service weight mapping list, carrying out weighted summation on the image detection characteristic value and the certificate detection characteristic value by utilizing the image weight value and the certificate weight value to obtain a target detection parameter, and generating a first system response message when the value of the target detection parameter is larger than or equal to a preset scoring threshold value, wherein the first system response message comprises the first system response message, and generating a second system response message when the value of the target detection parameter is smaller than the scoring threshold value, wherein the second system response message comprises the second system response message.

Optionally, in the embodiment of the present application, the target service type corresponding to the service data refers to a service type identified by the system according to a user request, including but not limited to loan application, account registration, high risk transaction confirmation, etc., the image detection result and the certificate detection result refer to conclusions obtained after the system analyzes the authentication image and the certificate information uploaded by the target object, including but not limited to similarity of biological information comparison, security assessment of environmental information, verification result of certificate authenticity, information consistency, etc., and the service weight mapping list refers to a list of importance degrees of the image detection and the certificate detection result set by the system according to different service types, including but not limited to weighting coefficient setting for different service scenarios.

It should be noted that, in the implementation process, the judgment of the target service type may be based on meta information of the service data, a user behavior pattern or a preset service classification rule. The specific acquisition mode of the image detection result and the certificate detection result depends on the implementation of image processing and certificate recognition technology, and may include deep learning, pattern recognition or expert system, etc. the construction of the service weight mapping list should consider the service risk level and the possibility of fraud, for example, higher image and certificate weight values may be set for high risk service to strengthen the severity of identity verification. The application is not limited in this regard.

In an exemplary embodiment, taking an application scenario of a loan application as an example, after a system receives the loan application initiated by a user, firstly analyzing service data to determine a target service type as a loan approval, then calculating an image detection characteristic value based on an image detection result, wherein the image detection characteristic value reflects the comparison similarity of a user face and a stored sample and an environmental security score, simultaneously calculating a certificate detection characteristic value according to a certificate detection result, wherein the characteristic value is based on the identity of identity card information and the identity of the user, searching a target image weight value and a target certificate weight value corresponding to the loan approval service in a service weight mapping list by the system, carrying out weighted summation on the image detection characteristic value and the certificate detection characteristic value to obtain a target detection parameter under the loan application scenario, generating a first system response message by the system if the target detection parameter reaches or exceeds a preset scoring threshold value, and otherwise, generating a second system response message by the system to indicate that the user is allowed to be accessed and potential fraud risk is prevented.

According to the embodiment of the application, the identity verification strategy dynamically adjusted according to the service type is adopted, so that the user identity is finely managed and risk is controlled, and the purposes of flexibly adjusting the verification standard according to different service scenes and improving the identity verification accuracy are achieved.

In an alternative scheme, when the object type of the target object is the target type, performing an image detection operation on the authentication image by using a sample image library to determine an image detection result, wherein the image detection result comprises performing a similarity comparison operation on the authentication image by using the sample image library to obtain a first detection result, and the first detection result is used for indicating the similarity between each sample image in the sample image library and the authentication image, and determining the identity of the target object when the first detection result indicates that the sample image library comprises a target sample image with the similarity meeting an image authentication condition with the authentication image, and generating the image detection result based on the identity of the target object.

Optionally, in the embodiment of the present application, the image authentication condition refers to a similarity threshold or a scoring standard considered as effective identity authentication in a similarity comparison operation, including but not limited to a comparison result that achieves a certain percentage of similarity and satisfies a specific scoring rule, and the target sample image refers to a sample image that satisfies the image authentication condition with respect to the similarity of the authentication image, so as to further confirm the identity of the target object.

It should be noted that, in the implementation, the determination of the target type may be based on the historical behavior of the user, the device information or the preset rules of the system, and the setting of the image authentication condition may take into consideration the natural variation range of the biological feature, for example, consider the influence of factors such as light, angle and expression on the similarity score, which is not limited in the present application.

In an exemplary embodiment, taking a new user registration scenario as an example, after the system receives a registration request of a new user, based on terminal equipment information, judging that the user belongs to a target type, namely strict identity verification is needed, the system invokes historical user image data from a sample image library, performs similarity comparison with an authentication image uploaded by the new user to obtain a first detection result, if a target sample image with similarity meeting an image authentication condition exists in the first detection result, the system determines the identity of the new user and generates an image detection result based on the identity information, otherwise, if the similarity comparison does not meet a preset image authentication condition, the system generates a further verification instruction, and possibly requires the user to provide other forms of identity proof.

According to the embodiment of the application, a mode of similarity comparison and target type matching is adopted by the comprehensive sample image library, so that the high-precision confirmation of the identity of the target object is realized, and the purposes of effectively preventing identity fraud and improving service safety while ensuring user experience are achieved.

As an alternative, the method includes performing an image detection operation on the authentication image using a sample image library when the object type of the target object is a target type, determining an image detection result, including performing a source verification operation on the authentication image, determining a source of the authentication image, performing a feature extraction operation on the authentication image when the source of the authentication image indicates that the authentication image is acquired by an image acquisition means associated with the terminal device, determining the biological information and the environmental information, determining the visual tag based on the biological information and the environmental information, and generating the image detection result based on the visual tag.

Optionally, in the embodiment of the present application, the above-mentioned source verification operation refers to verifying the authenticity and acquisition path of the authentication image, including but not limited to checking image metadata, identifying whether the image is edited or synthesized, confirming whether the image is directly captured by a camera of the terminal device, etc., and the above-mentioned feature extraction operation refers to a process of extracting biological information and environmental information from the authentication image, including but not limited to face feature point positioning, iris texture analysis, background ambient light detection, noise level assessment, etc.

Optionally, in the embodiment of the present application, the biological information refers to biological feature data of the target object, the environmental information refers to an ambient condition during image acquisition, and the visual tag is a descriptive mark for marking the authentication image based on comprehensive analysis of the biological information and the environmental information.

It should be noted that the above-mentioned source verification operation may use various technical means, such as image watermark identification, metadata analysis, image quality evaluation, etc., which is not limited in the present application.

In an exemplary embodiment, taking an application scenario of online bank account opening as an example, when the system identifies that a user belongs to a target type, namely a new user attempting to open an account for the first time, the system firstly performs source verification on a self-timer authentication image uploaded by the user to check whether the image is directly shot by a camera of user equipment, if the authentication image passes the source verification, the system will perform feature extraction operation to extract face features and environment features such as light conditions, background noise and the like from the image, then the system generates visual tags such as 'shooting under natural light', 'no synthetic trace', 'high matching with an official face database' and the like according to the extracted biological information and the environment information, finally, the system generates image detection results based on the visual tags, and if the results indicate that the image is real and the biological features and the environment features are all in line with expectations, the identity verification of the user is considered to be successful, and the system generates a system response message allowing access.

According to the embodiment of the application, the method of generating the visual tag by verifying the source of the authentication image and extracting the biological environment characteristics is adopted, so that the comprehensive evaluation of the identity and the environment state of the target object is realized, the technical effects of ensuring the identity verification safety, enhancing the user experience and effectively preventing the identity counterfeiting attack and the environmental fraud are achieved.

It should be further noted that, the source verification and feature extraction operations of the image, and the generation of the visual tag may be continuously optimized along with the progress of the image processing technology, for example, by adopting a more advanced deep learning model, the accuracy of image feature extraction may be improved, and the reliability of identity verification may be further enhanced. At the same time, the system should update the sample image library periodically to accommodate changing environmental factors and technical challenges. The application is not limited in this regard.

The method for determining the visual tag according to the biological information and the environmental information comprises the steps of inquiring a sample biological information base according to the biological information, determining whether target sample biological information corresponding to the biological information exists in the sample biological information base, inquiring a sample environmental information base according to the environmental information, determining whether target sample environmental information corresponding to the environmental information exists in the sample environmental information base, and generating a first visual tag when the target sample biological information and/or the target sample environmental information exists, wherein the first visual tag indicates that the target object is prohibited from being accessed, the visual tag comprises the first visual tag, and generating a second visual tag when the target sample biological information and/or the target sample environmental information does not exist, wherein the second visual tag indicates that the target object is allowed to be accessed, and the visual tag comprises the second visual tag.

Alternatively, in the embodiment of the present application, the sample biometric database refers to a database storing verified biometric data of a real user, including but not limited to a face template, an iris image, a fingerprint pattern, and the like.

Optionally, in the embodiment of the present application, the sample environment information base refers to a database containing typical background information of the user in the secure environment, including but not limited to common network signal features, ambient light patterns, voiceprint samples, and the like.

Optionally, in an embodiment of the present application, the first visual tag and the second visual tag refer to tags generated based on a comparison result of biological information and environmental information, and are used to indicate whether the target object is allowed to perform the access operation.

In one exemplary embodiment, taking an authentication scenario of an online financial service as an example, a system firstly extracts biological information and environment information from an authentication image of a target object, then the system queries in a sample biological information base and a sample environment information base respectively to judge whether the target sample biological information and the target sample environment information corresponding to the extracted biological information and environment information can be matched, if the matched target sample biological information or the target sample environment information exists, the system generates a first visual tag indicating that the target object is possibly involved in fraudulent behavior or is in an unsafe environment and indicates that the target object is forbidden to be accessed, otherwise, if the query result indicates that the target sample biological information and the target sample environment information are not existing, the system generates a second visual tag indicating that the identity and the environment state of the target object are not abnormal and allowing the target object to perform subsequent business operations.

By adopting the method for generating the visual tag by comparing the biological information and the environmental information with the sample library, the embodiment of the application realizes double verification of the identity and the environmental state of the target object, achieves the technical effect of accurately identifying legal users and potential risk behaviors, enhances the safety and the credibility of online financial services, and effectively prevents black product attack and fraud.

The method comprises the steps of obtaining a certificate detection result by carrying out a certificate detection operation on the certificate information, wherein the certificate detection operation comprises the steps of inquiring a sample certificate library according to the image detection result, determining whether target sample certificate information corresponding to the identity of the target object exists in the sample certificate library, generating a first certificate detection result when the target sample certificate information exists and the certificate information meets the preset certificate state, wherein the first certificate detection result indicates that the target object is allowed to be accessed, the certificate detection result comprises the first certificate detection result, and generating a second certificate detection result when the target sample certificate information does not exist and/or the certificate information does not meet the preset certificate state, wherein the second certificate detection result indicates that the target object is forbidden to be accessed, and the certificate detection result comprises the second certificate detection result.

Optionally, in the embodiment of the present application, the sample certificate library refers to a validated certificate information set maintained by a system, including, but not limited to, front and back images of an identity card, a passport, a driver license, and the like, and corresponding user identity information thereof.

Optionally, in the embodiment of the present application, the preset document status refers to a series of checking conditions set to ensure validity of the document, including, but not limited to, validity period of the document, definition of the document, consistency of document information and user data, and the like.

Optionally, in the embodiment of the present application, the first certificate detection result and the second certificate detection result refer to determination results generated by a system to allow or prohibit access of the target object according to comparison between the certificate information and the sample certificate library and satisfaction of a preset certificate state.

In an exemplary embodiment, taking a user identity verification scenario of an online financial service as an example, after the system receives certificate information of a target object, the system firstly queries a sample certificate library according to biological information and environment information in an image detection result to confirm whether a record matched with the identity information of the target object exists, meanwhile, the system checks whether the certificate information meets a preset certificate state, such as whether a certificate is in a valid period, whether an image is clear, whether information such as a certificate number and a name is consistent with user registration information, if the matched record exists in the sample certificate library and the certificate information meets the preset certificate state, the system generates a first certificate detection result which allows access, otherwise, if no matched record is found in the sample certificate library or the certificate information does not meet the preset certificate state, the system generates a second certificate detection result which prohibits access.

By adopting the embodiment of the application, comprehensive certificate information comparison and preset certificate state inspection modes are adopted, so that comprehensive verification of the certificate information is realized, and the technical effects of effectively preventing certificate counterfeiting and identity falsification are achieved.

As an alternative, in a case where the terminal device satisfies a device access condition, the method sends a detection instruction to the target object to instruct the target object to perform an object detection operation, and determines an object type of the target object, where the detection instruction includes at least one of a head detection instruction, an eye detection instruction, a mouth detection instruction, and a face detection instruction, and the object detection operation includes at least one of a head rotation operation, a blinking operation, a mouth opening operation, and a rest operation, where the head detection instruction corresponds to the head rotation operation, the eye detection instruction corresponds to the blinking operation, the mouth detection instruction corresponds to the mouth opening operation, and the face detection instruction corresponds to the rest operation.

In an exemplary embodiment, taking a scene of online bank account opening as an example, the system sends a detection instruction to a target object under the condition that the terminal device is primarily judged to meet the device access condition, namely, the device is safe, not tampered, normal network connection and the like.

Assuming that the system needs to verify whether the target object is a living body, the detection instructions may include eye detection instructions that require the target object to perform a blink operation. In this link, the system captures a real-time video stream or a photo of the target object through the camera, and observes whether the target object can complete blinking according to the instruction, so as to judge whether the target object is a real human being instead of the photo or the video.

If the target object successfully passes the detection, the system will generate a corresponding object detection result indicating that the object type is living, otherwise, if the target object fails to complete the blinking operation or the action has abnormality, the system will generate another type of object detection result indicating that the object type is probably non-living, thereby taking further verification measures or rejecting service.

According to the embodiment of the application, the mode of sending the specific detection instruction to the target object and requiring the specific detection instruction to execute the corresponding operation is adopted, so that the dynamic detection of the identity state of the target object is realized, the technical effect of quickly confirming that the user is living, real and has the operation capability in the user interaction process is achieved, and the safety and the user experience of the online service are effectively improved.

It should be noted that the above detection instructions and the detection operation of the target object may be diversified, such as combining with head rotation, mouth opening action, or continuous stationary observation, etc., to enhance accuracy of living body detection and prevent fraud attempts, which is not limited by the present application.

As an alternative scheme, the method further comprises the steps of generating a refusal access message when the object type of the target object is not the target type, wherein the refusal access message indicates that the target object cannot operate the service data, and sending the refusal access message to the target object.

In an exemplary embodiment, taking an online loan application scenario as an example, after the system performs a series of object detection operations such as living body detection, certificate information comparison, environmental security assessment and the like on the target object, if comprehensive judgment results in that the object type of the target object does not conform to the preset target type, that is, the system considers that the user may not be a legal applicant needing high security verification, or a potential risk behavior exists, and the system generates a refused access message.

Further, the denial of access message specifies why the target object cannot manipulate the business data, e.g., the credential information does not match a record in the sample credential library, or the context information indicates that the user may be in an unsafe environment.

The system may then send a denial of access message to the target object via a secure communication channel, possibly in the form of an email, a short message, or an intra-application message, informing the user that his access request was denied, and providing a relevant complaint channel or guiding the user how to resolve the problem encountered in authentication.

By adopting the embodiment of the application, the mode of generating and sending the access refusing message is adopted, so that timely feedback and risk control when the identity types of the target objects are inconsistent are realized, and the technical effects of effectively preventing users of non-target types from operating sensitive business data, protecting system safety and user privacy and improving service transparency and user satisfaction are achieved.

In an exemplary embodiment, the embodiment of the application solves the problem of identity confirmation in the process of client verification. The identity of the client is identified by comprehensively judging the conditions of the security information, the biological information such as the face, the certificate information, the surrounding environment information and the like of the client device, including but not limited to the conditions shown in fig. 3:

S1, channel ends;

s2, equipment safety, namely judging whether risks exist or not by detecting equipment related information used by a channel end, if so, judging whether VPN is used, whether root authority is used, whether frame opening is carried out, and whether mac addresses are in a malicious list or not

S3, living body detection, namely judging whether the person is a true person, requiring the person to perform corresponding head rotation, blinking, mouth opening, screen color change and the like, and not judging the identity of the person.

S4, face identification, namely comparing the face photos in the key frames with a local photo library to score similarity, or inquiring a third-party system through a related interface to determine the identity of the face.

S5, the facial photo is authenticated, namely whether the photo is synthesized or forged by PS is judged.

And S6, judging the visual tag, namely screening by analyzing background information and a human face malicious list library in the photo, marking by actually wearing the task and the like.

S7, identifying the identity card photo, namely, after the face recognition is finished, the identity card recognition is required to be carried out, whether PS traces exist or not is judged, and the relevant database is queried by comparing the preamble face information.

According to the embodiment of the application, a mode of comprehensively judging and confirming the authenticity of the client identity by combining biological information, certificate information and environmental information is adopted, so that a more accurate client identity information verification scheme is realized, and malicious counterfeiting behavior can be effectively judged.

It will be appreciated that in the specific embodiments of the present application, related data such as user information is involved, and when the above embodiments of the present application are applied to specific products or technologies, user permissions or consents need to be obtained, and the collection, use and processing of related data need to comply with related laws and regulations and standards of related countries and regions.

It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present application is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required for the present application.

According to another aspect of the embodiment of the present application, there is also provided an authentication apparatus for implementing the above authentication method. As shown in fig. 4, the apparatus includes:

A determining module 402, configured to determine, based on a service access request sent by a target object, terminal device information, biological information, environment information and certificate information, where the terminal device information is used to indicate information corresponding to a terminal device used by the target object, the biological information is used to indicate an object feature of the target object, the environment information is used to indicate an acquisition environment of the biological information, and the certificate information is used to indicate an identity feature of the target object;

a generating module 404, configured to determine, based on the terminal device information, whether the terminal device meets a device access condition, and send a detection instruction to the target object to instruct detection of the target object to generate a system response message, where the system response message is used to instruct whether to allow access to the target object, and the detection instruction includes at least two of detection based on biological information, detection based on environmental information, and detection based on credential information.

As an alternative scheme, the device is used for determining whether the terminal equipment meets equipment access conditions or not based on the terminal equipment information, sending a detection instruction to a target object to instruct detection of the target object to generate a system response message when the terminal equipment meets the equipment access conditions, sending the detection instruction to the target object to determine the type of the target object when the terminal equipment meets the equipment access conditions, performing image detection operation on an authentication image by using a sample image library to determine an image detection result when the object type of the target object is the target type, wherein the authentication image is used for extracting biological information and environment information, the image detection result comprises similarity between each sample image in the sample image library and the authentication image, and a visual tag of the target object, wherein the visual tag is used for indicating object characteristics of the target object in the authentication image, performing certificate detection operation on the certificate information to obtain a certificate detection result, wherein the certificate detection result is used for indicating whether the certificate information corresponds to the target object or not, and generating the system response message based on the image detection result and the certificate detection result.

The device is used for generating a system response message based on an image detection result and a certificate detection result in the following mode, wherein the image detection characteristic value is determined according to a target service type corresponding to service data and the image detection result, the certificate detection characteristic value is determined according to the target service type and the certificate detection result, a target image weight value and a target certificate weight value corresponding to the target service type are inquired in a service weight mapping list, the image detection characteristic value and the certificate detection characteristic value are weighted and summed by utilizing the image weight value and the certificate weight value to obtain a target detection parameter, a first system response message is generated when the value of the target detection parameter is greater than or equal to a preset scoring threshold value, the first system response message is generated, the system response message comprises the first system response message, and a second system response message is generated when the value of the target detection parameter is smaller than the scoring threshold value, the second system response message comprises the second system response message.

As an alternative scheme, the device is used for executing image detection operation on an authentication image by using a sample image library when the object type of a target object is the target type, determining an image detection result, namely executing similarity comparison operation on the authentication image by using the sample image library to obtain a first detection result, wherein the first detection result is used for indicating the similarity between each sample image in the sample image library and the authentication image, determining the identity of the target object when the first detection result indicates that the sample image library comprises the target sample image with the similarity meeting the image authentication condition, and generating the image detection result based on the identity of the target object.

As an alternative, the apparatus is configured to perform an image detection operation on an authentication image using a sample image library in a case where an object type of a target object is the target type, determine an image detection result by performing a source verification operation on the authentication image, determining a source of the authentication image, performing a feature extraction operation on the authentication image in a case where the source of the authentication image indicates that the authentication image is acquired by an image acquisition means associated with a terminal device, determining biological information and environmental information, determining a visual tag according to the biological information and the environmental information, and generating an image detection result based on the visual tag.

The device is used for determining a visual tag according to biological information and environment information, wherein the visual tag is used for inquiring a sample biological information base according to the biological information, determining whether target sample biological information corresponding to the biological information exists in the sample biological information base or not, inquiring a sample environment information base according to the environment information, determining whether target sample environment information corresponding to the environment information exists in the sample environment information base or not, generating a first visual tag when the target sample biological information and/or the target sample environment information exist, wherein the first visual tag indicates that the target object is forbidden to be accessed, generating a second visual tag when the target sample biological information and/or the target sample environment information does not exist, and the second visual tag indicates that the target object is allowed to be accessed, and the visual tag comprises the second visual tag.

The device is used for carrying out certificate detection operation on the certificate information to obtain a certificate detection result, wherein the certificate detection result is obtained by inquiring a sample certificate library according to the image detection result, determining whether target sample certificate information corresponding to the identity of a target object exists in the sample certificate library, generating a first certificate detection result when the target sample certificate information exists and the certificate information meets the preset certificate state, wherein the first certificate detection result indicates that the target object is allowed to be accessed, the first certificate detection result comprises the first certificate detection result, and generating a second certificate detection result when the target sample certificate information does not exist and/or the certificate information does not meet the preset certificate state, wherein the second certificate detection result indicates that the target object is forbidden to be accessed, and the certificate detection result comprises the second certificate detection result.

In the present embodiment, the term "module" or "unit" refers to a computer program or a part of a computer program having a predetermined function and working together with other relevant parts to achieve a predetermined object, and may be implemented in whole or in part by using software, hardware (such as a processing circuit or a memory), or a combination thereof. Also, a processor (or multiple processors or memories) may be used to implement one or more modules or units. Furthermore, each module or unit may be part of an overall module or unit that incorporates the functionality of the module or unit.

The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.

According to one aspect of the present application, a computer program product is provided, the computer program product comprising a computer program.

The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.

Fig. 5 schematically shows a block diagram of a computer system of an electronic device for implementing an embodiment of the application.

It should be noted that, the computer system 500 of the electronic device shown in fig. 5 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present application.

As shown in fig. 5, the computer system 500 includes a central processing unit 501 (Central Processing Unit, CPU) which can perform various appropriate actions and processes according to a program stored in a Read-Only Memory 502 (ROM) or a program loaded from a storage portion 508 into a random access Memory 503 (Random Access Memory, RAM). In the random access memory 503, various programs and data required for the system operation are also stored. The central processing unit 501, the read only memory 502, and the random access memory 503 are connected to each other via a bus 504. An Input/Output interface 505 (i.e., an I/O interface) is also connected to bus 504.

Connected to the input/output interface 505 are an input section 506 including a keyboard, a mouse, and the like, an output section 507 including a Cathode Ray Tube (CRT), a Liquid crystal display (Liquid CRYSTAL DISPLAY, LCD), and the like, and a speaker, and the like, a storage section 508 including a hard disk, and the like, and a communication section 509 including a network interface card such as a local area network card, a modem, and the like. The communication section 509 performs communication processing via a network such as the internet. The drive 510 is also connected to the input/output interface 505 as needed. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as needed so that a computer program read therefrom is mounted into the storage section 508 as needed.

In particular, the processes described in the various method flowcharts may be implemented as computer software programs according to embodiments of the application. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 509, and/or installed from the removable media 511. The computer program, when executed by the central processor 501, performs the various functions defined in the system of the present application.

In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 509, and/or installed from the removable media 511. When executed by the central processor 501, performs the various functions provided by embodiments of the present application.

According to still another aspect of the embodiment of the present application, there is also provided an electronic device for implementing the above-mentioned authentication method, where the electronic device may be a terminal device or a server as shown in fig. 1. The present embodiment is described taking the electronic device as a terminal device as an example. As shown in fig. 6, the electronic device comprises a memory 602 and a processor 604, the memory 602 having stored therein a computer program, the processor 604 being arranged to perform the steps of any of the method embodiments described above by means of the computer program.

Alternatively, in this embodiment, the electronic device may be located in at least one network device of a plurality of network devices of the computer network.

Alternatively, in the present embodiment, the above-described processor may be configured to execute the method in the embodiments of the present application by a computer program.

Alternatively, it will be appreciated by those of ordinary skill in the art that the configuration shown in fig. 6 is merely illustrative, and that fig. 6 is not intended to limit the configuration of the electronic device described above. For example, the electronic device may also include more or fewer components (e.g., network interfaces, etc.) than shown in FIG. 6, or have a different configuration than shown in FIG. 6.

The memory 602 may be used to store software programs and modules, such as program instructions/modules corresponding to the authentication methods and apparatuses in the embodiments of the present application, and the processor 604 executes the software programs and modules stored in the memory 602 to perform various functional applications and data processing, i.e., implement the authentication methods described above. The memory 602 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 602 may further include memory located remotely from processor 604, which may be connected to the terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The memory 602 may be used for storing terminal device information, biometric information, environment information, certificate information, and the like, among others. As an example, as shown in fig. 6, the memory 602 may include, but is not limited to, the determining module 402 and the generating module 404 in the authentication device. In addition, other module units in the above-mentioned authentication device may be included, but are not limited to, and are not described in detail in this example.

Optionally, the transmission device 606 is used to receive or transmit data via a network. Specific examples of the network described above may include wired networks and wireless networks. In one example, the transmission device 606 includes a network adapter (Network Interface Controller, NIC) that can connect to other network devices and routers via a network cable to communicate with the internet or a local area network. In one example, the transmission device 606 is a Radio Frequency (RF) module for communicating wirelessly with the internet.

The electronic device further includes a display 608 for displaying the terminal device information, the biometric information, the environment information, and the certificate information, and a connection bus 610 for connecting the respective module parts in the electronic device.

In other embodiments, the terminal device or the server may be a node in a distributed system, where the distributed system may be a blockchain system, and the blockchain system may be a distributed system formed by connecting the plurality of nodes through a network communication. The nodes may form a peer-to-peer network, and any type of computing device, such as a server, a terminal, etc., may become a node in the blockchain system by joining the peer-to-peer network.

According to one aspect of the present application, there is provided a computer readable storage medium, from which a processor of an electronic device reads the computer instructions, the processor executing the computer instructions, causing the electronic device to perform the authentication method provided in various alternative implementations of the authentication aspect described above.

Alternatively, in the present embodiment, the above-described computer-readable storage medium may be configured to store a program for executing the method in the embodiments of the present application.

Alternatively, in this embodiment, all or part of the steps in the various methods of the above embodiments may be implemented by a program for instructing the terminal device related hardware, and the program may be stored in a computer readable storage medium, where the storage medium may include a flash disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk.

The integrated units in the above embodiments may be stored in the above-described computer-readable storage medium if implemented in the form of software functional units and sold or used as separate products. Based on such understanding, the technical solution of the present application may be embodied essentially or partly in the form of a software product or all or part of the technical solution, which is stored in a storage medium, comprising several instructions for causing one or more electronic devices to perform all or part of the steps of the method described in the various embodiments of the present application.

In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.

In the several embodiments provided in the present application, it should be understood that the disclosed application program may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, such as the division of the units, is merely a logical function division, and may be implemented in another manner, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application, which are intended to be comprehended within the scope of the present application.

Claims

1. An authentication method, comprising:

Determining terminal equipment information, biological information, environment information and certificate information based on a service access request sent by a target object, wherein the terminal equipment information is used for indicating information corresponding to terminal equipment used by the target object, the biological information is used for indicating object characteristics of the target object, the environment information is used for indicating a collection environment of the biological information, and the certificate information is used for indicating identity characteristics of the target object;

Determining whether the terminal equipment meets equipment access conditions based on the terminal equipment information, and sending a detection instruction to the target object to instruct to detect the target object and generate a system response message, wherein the system response message is used for indicating whether the target object is allowed to be accessed or not, and the detection instruction comprises at least two of detection based on the biological information, detection based on the environment information and detection based on the certificate information;

The method further includes sending the detection instruction to the target object to determine the type of the target object if the terminal device meets the device access condition, performing an image detection operation on an authentication image using a sample image library if the object type of the target object is a target type to determine an image detection result, including performing a source verification operation on the authentication image to determine a source of the authentication image, performing a feature extraction operation on the authentication image if the source of the authentication image indicates that the authentication image is acquired by an image acquisition component associated with the terminal device on the target object to determine the biological information and the environmental information, determining a visual tag based on the biological information and the environmental information, generating the image detection result based on the visual tag, wherein the authentication image is used to extract the biological information and the environmental information, the image detection result includes a similarity between each sample image in the sample image library and the authentication image and a visual tag of the target object, the authentication image indicating that the authentication image is acquired by an image acquisition component associated with the terminal device, wherein the image detection result is used to detect the target object, and generating a certificate message based on the detection result, and the certificate information.

2. The method of claim 1, wherein the generating a system response message based on the image detection result, the credential detection result comprises:

Determining an image detection characteristic value according to a target service type corresponding to service data and the image detection result, and determining a certificate detection characteristic value according to the target service type and the certificate detection result;

Inquiring a target image weight value and a target certificate weight value corresponding to the target service type in a service weight mapping list, and carrying out weighted summation on the image detection characteristic value and the certificate detection characteristic value by utilizing the image weight value and the certificate weight value to obtain a target detection parameter;

Generating a first system response message under the condition that the value of the target detection parameter is larger than or equal to a preset scoring threshold value, wherein the first system response message indicates that the target object is allowed to be accessed, and the system response message comprises the first system response message;

and generating a second system response message under the condition that the value of the target detection parameter is smaller than the scoring threshold value, wherein the second system response message indicates that the target object is forbidden to be accessed, and the system response message comprises the second system response message.

3. The method according to claim 1, wherein, in the case where the object type of the target object is a target type, performing an image detection operation on the authentication image using a sample image library, determining an image detection result includes:

Performing similarity comparison operation on the authentication images by using a sample image library to obtain a first detection result, wherein the first detection result is used for indicating the similarity between each sample image in the sample image library and the authentication image;

determining the identity of the target object under the condition that the first detection result indicates that the sample image library comprises a target sample image with the similarity between the target sample image and the authentication image meeting an image authentication condition;

and generating the image detection result based on the identity of the target object.

4. The method of claim 1, wherein said determining a visual tag from said biometric information and said environmental information comprises:

inquiring a sample biological information base according to the biological information, determining whether target sample biological information corresponding to the biological information exists in the sample biological information base, inquiring a sample environment information base according to the environment information, and determining whether target sample environment information corresponding to the environment information exists in the sample environment information base;

generating a first visual tag in the presence of the target sample biological information and/or the target sample environmental information, wherein the first visual tag represents that the target object is prohibited from being accessed, and the visual tag comprises the first visual tag;

And generating a second visual tag in the absence of the target sample biological information and/or the target sample environmental information, wherein the second visual tag represents that the target object is allowed to be accessed, and the visual tag comprises the second visual tag.

5. The method of claim 1, wherein performing a credential detection operation on the credential information to obtain a credential detection result comprises:

inquiring a sample certificate library according to the image detection result, and determining whether target sample certificate information corresponding to the identity of the target object exists in the sample certificate library;

Generating a first certificate detection result under the condition that the target sample certificate information exists and the certificate information meets a preset certificate state, wherein the first certificate detection result indicates that the target object is allowed to be accessed, and the certificate detection result comprises the first certificate detection result;

And generating a second certificate detection result under the condition that the target sample certificate information does not exist and/or the certificate information does not meet the preset certificate state, wherein the second certificate detection result indicates that the target object is forbidden to be accessed, and the certificate detection result comprises the second certificate detection result.

6. An authentication apparatus, comprising:

The system comprises a determining module, a processing module and a processing module, wherein the determining module is used for determining terminal equipment information, biological information, environment information and certificate information based on a service access request sent by a target object, wherein the terminal equipment information is used for indicating information corresponding to terminal equipment used by the target object, the biological information is used for indicating object characteristics of the target object, the environment information is used for indicating an acquisition environment of the biological information, and the certificate information is used for indicating identity characteristics of the target object;

A generation module, configured to determine, based on the terminal device information, whether the terminal device meets a device access condition, and if the terminal device meets the device access condition, send a detection instruction to the target object to instruct detection of the target object, and generate a system response message, where the system response message is used to instruct whether to allow the target object to access, and the detection instruction includes at least two of detection based on the biological information, detection based on the environment information, and detection based on the credential information;

The apparatus is further configured to send the detection instruction to the target object to determine a type of the target object if the terminal device satisfies the device access condition, to perform an image detection operation on an authentication image using a sample image library if the type of object of the target object is a target type to determine an image detection result, including performing a source verification operation on the authentication image to determine a source of the authentication image, performing a feature extraction operation on the authentication image if the source of the authentication image indicates that the authentication image is acquired by an image acquisition component associated with the terminal device on the target object, to determine the biological information and the environmental information, to determine a visual tag based on the biological information and the environmental information, to generate the image detection result based on the visual tag, wherein the authentication image is used to extract the biological information and the environmental information, the image detection result includes a similarity between each sample image in the sample image library and the authentication image and a visual tag of the target object, the authentication image indicating that the authentication image is used to perform a feature extraction operation on the authentication image, and the certificate information is used to detect the target object, wherein the certificate information is generated based on the detection result, and the certificate information is used to detect the corresponding certificate object.

7. A computer-readable storage medium, characterized in that the computer-readable storage medium comprises a stored computer program, wherein the computer program is executable by an electronic device to perform the method of any one of claims 1 to 5.

8. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, realizes the steps of the method according to any one of claims 1 to 5.

9. An electronic device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to execute the method according to any of the claims 1 to 5 by means of the computer program.