CN111552932A

CN111552932A - Identity authentication method and device, electronic equipment and readable storage medium

Info

Publication number: CN111552932A
Application number: CN202010232221.7A
Authority: CN
Inventors: 赵鑫
Original assignee: Beijing QIYI Century Science and Technology Co Ltd
Current assignee: Beijing QIYI Century Science and Technology Co Ltd
Priority date: 2020-03-27
Filing date: 2020-03-27
Publication date: 2020-08-18

Abstract

The embodiment of the invention provides an identity authentication method, an identity authentication device, electronic equipment and a readable storage medium, aiming at improving the flexibility of identity authentication. The identity authentication method is applied to a server side, and comprises the following steps: receiving an identity authentication request sent by terminal equipment, wherein the identity authentication request carries account information; judging whether the terminal equipment is history login equipment corresponding to the account information or not; acquiring the intimacy between the historical login equipment corresponding to the account information and the terminal equipment under the condition that the terminal is not one historical login equipment corresponding to the account information; and performing identity verification based on a verification mode corresponding to the intimacy degree.

Description

Identity authentication method and device, electronic equipment and readable storage medium

Technical Field

The present invention relates to the field of internet technologies, and in particular, to an authentication method and apparatus, an electronic device, and a readable storage medium.

Background

With the development of internet technology, more and more offline service providers provide online services, such as video playing services, live television services, e-commerce services, take-out services, news services, reading services, instant messaging services, financing services, taxi-taking services, and the like, to a large number of users through the internet. Generally, a service provider develops a client and/or a web page related to the service type of the service provider and populates the client and/or the web page to a user, so that the user can interact with the service provider through the client and/or the web page to enjoy corresponding online services.

In the related art, in order to make the server distinguish between users, each user registers an account, and the server may regard each account as a user. When a user logs in an account, authentication is required, and conventional authentication methods at present include, but are not limited to: password authentication, short message authentication, biometric authentication, and the like. For example, when a user logs in his account with a mobile phone of another person (e.g., a family, a friend, a colleague, etc. of the user), or when someone logs in an account of another user on his mobile phone, the user is usually required to perform short message authentication in order to prevent the account from being stolen as much as possible.

As can be seen, in the above example, in order to prevent account theft and ensure account security, the server usually performs identity authentication by using a dual authentication method of password authentication and short message authentication. However, the flexibility of this authentication method is low, which may result in a cumbersome authentication process in some cases.

Disclosure of Invention

Embodiments of the present invention provide an identity authentication method, an identity authentication device, an electronic device, and a readable storage medium, and aim to improve flexibility of identity authentication. The specific technical scheme is as follows:

in a first aspect of the embodiments of the present invention, an identity authentication method is first provided, where the identity authentication method is applied to a server, and the method includes:

receiving an identity authentication request sent by terminal equipment, wherein the identity authentication request carries account information;

judging whether the terminal equipment is history login equipment corresponding to the account information or not;

acquiring the intimacy between the historical login equipment corresponding to the account information and the terminal equipment under the condition that the terminal is not one historical login equipment corresponding to the account information;

and performing identity verification based on a verification mode corresponding to the intimacy degree.

In a second aspect of the embodiments of the present invention, there is provided another identity authentication method, applied to a server, where the method includes:

determining close terminal equipment corresponding to the terminal equipment, wherein the closeness between the close terminal equipment and the terminal equipment meets a preset condition;

and under the condition that the close terminal equipment is the historical login equipment corresponding to the account information, performing identity authentication based on a preset authentication mode

In a third aspect of the embodiments of the present invention, there is further provided an identity authentication apparatus, disposed at a server, where the apparatus includes:

the terminal equipment comprises a request receiving module, a request sending module and a request receiving module, wherein the request receiving module is used for receiving an identity authentication request sent by the terminal equipment, and the identity authentication request carries account information;

the historical login device judging module is used for judging whether the terminal device is a historical login device corresponding to the account information;

the intimacy acquiring module is used for acquiring intimacy between the historical login equipment corresponding to the account information and the terminal equipment under the condition that the terminal is not the historical login equipment corresponding to the account information;

and the identity authentication module is used for performing identity authentication based on the authentication mode corresponding to the intimacy degree.

In a fourth aspect of the embodiments of the present invention, there is provided another identity authentication apparatus, disposed at a server, where the apparatus includes:

the system comprises an intimate terminal equipment determining module, a contact terminal equipment determining module and a contact terminal equipment determining module, wherein the intimate terminal equipment determining module is used for determining the intimate terminal equipment corresponding to the terminal equipment, and the intimacy between the intimate terminal equipment and the terminal equipment meets a preset condition;

and the identity authentication module is used for performing identity authentication based on a preset authentication mode under the condition that the close terminal device is the historical login device corresponding to the account information.

In a fifth aspect of the embodiments of the present invention, there is further provided an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;

a memory for storing a computer program;

a processor, configured to implement the method steps of the first aspect or the second aspect of the embodiments of the present invention when executing the program stored in the memory.

In yet another aspect of the present invention, there is also provided a computer-readable storage medium having stored therein instructions, which when run on a computer, cause the computer to perform any of the above-described authentication methods.

In yet another aspect of the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform any of the above described authentication methods.

By implementing the identity authentication method provided by the embodiment of the invention, when a user logs in an account of another person by using the terminal device of the user or logs in the account of the user by using a mobile phone of another person, after receiving an identity authentication request sent by the terminal device, if the terminal device is not a historical login device corresponding to the account to be logged in, the server acquires the intimacy between the historical login device corresponding to the account and the terminal device, and selects a corresponding authentication mode according to the intimacy to perform identity authentication, so that the authentication modes corresponding to different intimacy are different, and the flexibility of identity authentication is improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.

Fig. 1 is a flowchart of an authentication method according to an embodiment of the present invention;

fig. 2 is a flowchart of establishing an association map according to an embodiment of the present invention;

fig. 3 is a schematic diagram of an association map according to an embodiment of the present invention;

FIG. 4 is a flow chart of determining the affinity according to one embodiment of the present invention;

fig. 5 is a flowchart of an authentication method according to another embodiment of the present invention;

fig. 6(a) is a schematic diagram of an authentication device according to an embodiment of the present invention;

FIG. 6(b) is a schematic diagram of an authentication device according to another embodiment of the present invention

Fig. 7 is a schematic diagram of an authentication device according to another embodiment of the present invention;

fig. 8 is a schematic diagram of an electronic device according to an embodiment of the invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention.

In the field of internet technology, an online service provider typically develops a client and/or a web page related to its service type and populates the client and/or the web page to a user, so that the user can interact with the service terminal through the client and/or the web page to enjoy a corresponding online service.

Since the service end faces many users, in order to make the service end distinguish the users, each user registers an account, and the service end may regard each account as a user. When a user logs in an account, authentication is required, and conventional authentication methods at present include, but are not limited to: password authentication, short message authentication, biometric authentication, and the like. Example 1, for example, when a user logs in to his account using his terminal device, a login password is usually required to be input. Example 2, for example, when a user logs in his account with a mobile phone of another person (e.g., a family, a friend, a colleague, etc. of the user), or when someone logs in an account of another user on his mobile phone, not only a login password generally needs to be input, but also the service end requires the user to perform short message authentication in order to prevent the account from being stolen as much as possible.

However, in most cases, the operation of logging in another person's account with the own terminal device is generally performed with the account owner's online permission obtained, or the login operation is performed by the account owner himself/herself. For example, family B of the user A logs in an account of the user A by using a mobile phone of the family B; or the user A logs in the account of the user A by using the mobile phone of the family B; or the user A borrows the account number to a colleague C of the family B, and the colleague C logs in the account number of the user A by using a mobile phone of the colleague C. Therefore, the login operation of the account of the user A is performed under the permission of the user A in the scenes, and is a safe login operation, but in the related technology, the server side still fixedly adopts a double authentication mode of password authentication and short message authentication to perform identity authentication.

Therefore, the flexibility of the current authentication mode is low, the authentication process is too complicated under certain conditions, the authentication efficiency is low, and the user experience is influenced.

Therefore, the present invention provides various authentication methods, apparatuses, electronic devices and readable storage media through the following embodiments based on the same inventive concept, and aims to improve the flexibility of authentication so as to improve the user experience.

Referring to fig. 1, fig. 1 is a flowchart of an authentication method according to an embodiment of the present invention, where the authentication method is applied to a server. As shown in fig. 1, the identity authentication method includes the following steps:

step S11: receiving an identity authentication request sent by a terminal device, wherein the identity authentication request carries account information.

The type of the terminal device may be: the invention relates to a mobile phone, a tablet computer, a notebook computer or a desktop computer, and the invention is not limited to the type of the terminal device.

The account information is information used by the server to distinguish different accounts, and the types of the account information may be: account name, character string, number, mobile phone number or mailbox, etc., it should be noted that the specific form of the account information is not limited in the present invention. In some embodiments of the present invention, the account information is simply referred to as an account, considering that the account information and the account entity generally correspond to each other one to one.

The method and the system can be applied to the link of the server side for identity authentication in the field of the Internet, and the method and the system are not limited to specific application scenes. For example, the authentication request received by the server in step S51 may be: when a first user logs in an account of a second user by using terminal equipment of the first user, the terminal equipment sends a request to a server. It can also be: and when the first user logs in the own account of the first user by using the terminal equipment of the second user, the terminal equipment of the second user sends a request to the server. The method can also be as follows: when a first user logs in an account by using terminal equipment of the first user, the terminal equipment sends a request to a server. The server executes an authentication process (i.e., the following steps S12 to S14) for the authentication requests received in the different application scenarios, so as to select a corresponding authentication method for the terminal device sending the authentication request, so as to authenticate the terminal device.

In some embodiments of the present invention, the authentication request may include, in addition to the account information, a device identifier of the terminal device that sent the authentication request, and a login password input by the user. The purpose of sending the identity authentication request to the server by the terminal equipment is as follows: and the server side carries out identity authentication and grants credit to the terminal equipment under the condition that the identity authentication is passed.

Step S12: and judging whether the terminal equipment is history login equipment corresponding to the account information.

In a specific implementation of the present application, if the terminal device is a history login device corresponding to the account information, a mode with a simpler process may be selected for authentication, for example, the following second authentication mode. For example, the authentication may be performed by password authentication. As described above, in some embodiments, the authentication request sent by the terminal device may include a login password input by the user, and if the terminal device is a historical login device corresponding to the account to be logged in, the server may perform authentication according to the login password in the authentication request, and grant a credit to the terminal device if the authentication is passed, that is, the server determines that the terminal device has the right to log in the account to be logged in.

If the terminal device is not a history login device corresponding to the account information, the following steps S13 and S14 are executed, so as to select a proper authentication method (for example, an authentication method with a simpler process or an authentication method with a more complicated process) for the terminal device.

In a specific implementation of the present application, the server stores history login device information corresponding to each account, for example, device identifiers of the history login devices of each account are stored. When receiving an identity authentication request sent by a terminal device, a server can determine whether the terminal device is a historical login device corresponding to an account number to be logged in by inquiring whether historical login device information corresponding to the account number to be logged in of the terminal includes the information of the terminal device.

The history login device corresponding to one account is as follows: the terminal device which has logged in the account. For example, the account of the video playing software of the user a is logged in by the tablet computer b of the user a, the mobile phone c of the user a, and the mobile phone d of the user a colleague, in addition to the mobile phone a of the user a. The history login device corresponding to the account of the user a includes: cell-phone a, panel computer b, cell-phone c and cell-phone d.

Or, after the registration of one account is completed, it is considered that a plurality of terminal devices may log in the account in sequence. Where terminal devices that have a long login time typically have lost an affinity with the holder of the account. For example, user a borrows his account a year ago to his colleague B, who has logged in the account using his mobile phone e for a short time. However, in this year, the colleague B has left the job from the original company, and the user a has lost the relationship with the colleague B and the mobile phone e of the colleague B, that is, the relationship of being in one office area. Therefore, the terminal equipment with the last login time exceeding the preset time limit can be not regarded as the historical login equipment corresponding to the account. In other words, in the present invention, the history login device corresponding to one account may also refer to: and logging in the terminal equipment of the account within a preset time range (for example, within 3 months).

Still alternatively, the history login device corresponding to one account may also refer to: and logging in the terminal equipment with the maximum number of times of the account number or logging in the terminal equipment with the longest accumulated time of the account number. For convenience of understanding, for example, the account of the video playing software of the user a is logged in by the tablet computer b of the user a, the mobile phone c of the family of the user a, and the mobile phone d of the colleague of the user a in addition to the mobile phone a of the user a. The times that the mobile phone a, the tablet computer b, the mobile phone c and the mobile phone d log in the account of the user A are respectively as follows: 72 times, 29 times, 6 times, 1 time. Therefore, the number of times that the account of the user A is logged in by the mobile phone a is the largest, and therefore the historical login device corresponding to the account of the user A is the mobile phone a. Or the accumulated time lengths of the mobile phone a, the tablet computer b, the mobile phone c and the mobile phone d for logging in the account of the user A are respectively as follows: 2761 hr, 904 hr, 17 hr, 2 hr. It can be seen that the accumulated time for the account of the user a to be logged in by the mobile phone a is longest, and therefore the historical login device corresponding to the account of the user a is the mobile phone a.

Step S13: and under the condition that the terminal is not a historical login device corresponding to the account information, acquiring the intimacy between the historical login device corresponding to the account information and the terminal device.

As mentioned above, the history login device corresponding to the account may refer to: the terminal device which has logged in the account. It may also mean: and logging in the terminal equipment of the account within a preset time range. It may also mean: the terminal device having the largest number of times of logging in the account, or the terminal device having the longest accumulated time of logging in the account (hereinafter, referred to as the most frequent login device).

Wherein, the intimacy degree between the equipment is characterized by: the degree of direct and/or indirect proximity of the geographic locations between devices. Wherein, two devices are directly adjacent to each other: the two devices are located in the same geographical location (e.g., the same cell, the same office area, etc.), or share the same network device (share the same wifi signal by being connected to the same wifi router in common), or share the same public network IP Address (Internet Protocol Address). Wherein, two devices are indirectly adjacent to each other: two devices are not directly adjacent, but both devices are directly adjacent to a third device. In other words, the first device and the second device are not directly adjacent, but a third device is not only directly adjacent to the first device, but also directly adjacent to the second device, so that the first device and the second device are indirectly adjacent.

For ease of understanding, for example, handset a of user a and handset c of user a's home are often in the same spatial region (e.g., the same cell), sharing the same wifi signal, and thus are in direct geographic proximity between handsets a and c. And because the mobile phone a and the mobile phone c appear in the same space region at the same time for a plurality of times and/or the accumulated time is very long, the direct adjacency degree of the mobile phone a and the mobile phone c is very high, and the intimacy between the mobile phone a and the mobile phone c is very high. For another example, the mobile phone c of the family of the user a and the mobile phone f of the co-worker of the family are often in the same area (e.g., in the office), and may also share the same wifi signal, so the geographic locations of the mobile phone c and the mobile phone f are directly adjacent. Moreover, because the mobile phone c and the mobile phone f appear in the same space region at the same time for a plurality of times and/or the accumulated time is very long, the direct adjacency degree of the mobile phone c and the mobile phone f is very high, and the intimacy between the mobile phone c and the mobile phone f is very high. For another example, as described in the foregoing example, since the degree of direct geographic proximity between the mobile phone a and the mobile phone c is high, and the degree of direct geographic proximity between the mobile phone c and the mobile phone f is high, the geographic locations between the mobile phone a and the mobile phone f are indirectly adjacent to each other, and the degree of indirect geographic proximity is high, so that the intimacy between the mobile phone a and the mobile phone e is high.

During implementation, if a plurality of historical login devices corresponding to the account number exist, the intimacy between the terminal device and each historical login device can be determined in sequence, and a plurality of intimacy can be determined. The following step S14 is then performed based on the maximum intimacy degree among the plurality of intimacy degrees. Or if the most frequently logged-in device is taken as the history logged-in device, it is only necessary to determine the intimacy degree between the terminal device and the most frequently logged-in device, and the following step S14 is executed based on the intimacy degree.

During implementation of the present invention, in order to determine the intimacy between the history login device and the terminal device, any determination method of multiple determination methods may be adopted, and several optional determination methods are described in detail in the following through some specific embodiments, which are not described herein again for the time being.

Step S14: and performing identity verification based on a verification mode corresponding to the intimacy degree.

In some embodiments of the invention, the data type of affinity may be a numerical value, the size of which characterizes the degree of affinity between devices. For example, in some embodiments, the greater the value of the affinity, the greater the affinity between devices. Or in some embodiments, the smaller the value of the intimacy, the more intimacy between devices. In still other or some embodiments, the closer the value is to the target value (e.g., 0), the more intimate the device-to-device relationship is.

In embodiments where the data type of affinity is a numerical value, the numerical value of affinity may be divided into different levels. For example, the greater the numerical value, the more closely the equipment is, the numerical value of the intimacy degree may be divided into two grades, the grade greater than or equal to the preset threshold is the first grade, and the grade smaller than the preset threshold is the second grade. The intimacy degree of different grades is respectively corresponding to different verification modes.

In a specific implementation, it is considered that two devices having the first level of intimacy are compared with each other, and therefore the holders of the two devices also usually have intimacy with each other, and a behavior in which one of the two holders registers the account of the other device on its own device, usually a safe registration behavior. Therefore, in order to simplify the login process and improve the login efficiency, the complexity of the authentication method corresponding to the first file is low, for example, the authentication method may be: and (5) password verification. Further, since two devices having the second level of intimacy are not so close to each other, the holders of the two devices often do not have intimacy with each other, and the act of registering one of the two holders with the account of the other device on the own device is not necessarily a secure registration act. Therefore, in order to improve the security of the account and prevent the account from being stolen, the verification method corresponding to the second file has higher complexity, for example, the verification method may be: and double verification of password verification and short message verification.

In still other embodiments of the present invention, the data type of intimacy degree may also be a code number, with different code numbers indicating different degrees of intimacy degree. For example, the symbol 1 indicates that the intimacy degree between the devices is high, and the symbol 0 indicates that the intimacy degree between the devices is low.

In these embodiments, the intimacy degree of different codes corresponds to different verification methods respectively. For example, the verification method corresponding to code number 0 has higher complexity, and for example, the verification method may be: and a double verification mode of password verification and short message verification. The verification method corresponding to code number 1 has low complexity, and for example, the verification method may be: and (5) password verification.

It should be noted that the present invention does not limit the data type of the intimacy degree.

During the implementation of the present invention, if the server determines to perform authentication in a password authentication manner after executing the steps S11 to S14, the server may directly verify the password carried in the authentication request, and in the case of passing the verification, the server grants a credit to the terminal device, that is, the terminal device is assured to have the authority to log in the account (that is, the account corresponding to the account information carried in the authentication request), so as to implement quick credit granting to the terminal device, improve authentication efficiency, and further improve user experience. If the server determines to perform the authentication in the password authentication plus short message authentication manner after performing the steps S11 to S14, the server may first verify the password carried in the authentication request, perform the short message authentication again when the verification is passed, and grant a communication to the terminal device when the short message authentication is passed.

By executing the authentication method including the steps S11 to S13, when another person logs in an account of a user by using the terminal device of the other person or the user logs in the account of the user by using the mobile phone of the other person, after the server receives an authentication request sent by the terminal device, if the terminal device is not a historical login device corresponding to the account to be logged in, the intimacy between the historical login device corresponding to the account and the terminal device is obtained, and a corresponding authentication method is selected according to the intimacy for authentication, so that authentication methods corresponding to different intimacy degrees are differentiated, thereby improving the flexibility of authentication.

In some embodiments of the present invention, when the step S14 is executed, that is, when the identity authentication is performed based on the authentication method corresponding to the intimacy degree, specifically, the identity authentication may be performed in a first authentication method when the intimacy degree meets a preset condition; under the condition that the intimacy does not meet the preset condition, carrying out identity verification in a second verification mode; wherein the complexity of the first authentication manner is lower than the complexity of the second authentication manner.

In the above embodiments, if the data type of the intimacy degree is a numerical value, the preset condition may be: the intimacy degree is greater than or equal to a preset threshold value. And under the condition that the intimacy between the terminal equipment and the historical login equipment does not reach the preset threshold value, performing identity authentication in a first authentication mode with lower complexity, and under the condition that the intimacy between the terminal equipment and the historical login equipment does not reach the preset threshold value, performing identity authentication in a second authentication mode with higher complexity.

In the embodiments described above, the complexity of the verification approach may be reflected in the number of verification steps. For example, the more authentication steps that need to be performed, the higher the complexity of the authentication approach. As mentioned above, some authentication methods include two authentication steps, such as password authentication and short message authentication, and the complexity of the authentication method is high. Also, for example, some authentication schemes include only a password authentication step, which is less complex. In a specific implementation of the present invention, the complexity of the first authentication method is low, and the first authentication method includes at least one of the following authentication steps: password verification, biological characteristic verification, grid graph sliding verification, gesture verification and body posture verification. The complexity of the second authentication method is high, and the second authentication method comprises the following authentication steps: the first verification mode comprises a verification step and a short message verification step.

It should be noted that the present invention does not limit the specific content of the preset condition.

It should be noted that, in the above embodiments, the intimacy degree is divided into two levels, where one level is that the intimacy degree satisfies the preset condition, and the other level is that the intimacy degree does not satisfy the preset condition. However, the invention can also divide the level of the intimacy degree into three, four or more different levels, and the intimacy degree of different levels corresponds to different verification modes. Wherein, the higher the intimacy degree, the lower the complexity of the verification mode corresponding to the grade.

Because there is typically a high degree of direct/indirect adjacency between two devices when the intimacy between the two devices is high, there is typically a direct or indirect personal relationship between the respective holders of the two devices. For example, two holders are family members who often live together, or two holders are co-workers who often work together. For another example, if both holders are often in a family relationship with another terminal holder, for example, the holder a and the terminal holder B are often in a family relationship, the terminal holder B and the holder C are in a co-worker relationship, and the holder a and the holder C are often in a company, an indirect personal relationship exists between the holder a and the holder C.

In this case, therefore, the act of one of the two holders logging in the account of the other on its own device is usually a secure login act, and does not pertain to the act of misappropriating the account, in other words, the logged-in account is secure. The server determines the authentication mode through the embodiments of the invention, and can just determine a simpler authentication mode, and then performs identity authentication based on the authentication mode. Therefore, the server selects a simple verification mode to perform identity verification under the condition of ensuring the safety of the account number, so that the verification efficiency is improved, and the user experience is further improved.

In other cases, if the network attacker wants to log in the account of another normal user by using the terminal device of the network attacker, because there is usually no direct or indirect personal relationship between the network attacker and the normal user, the intimacy between the device of the network attacker and the terminal device of the normal user (i.e., the historical log-in device corresponding to the account of the normal user) is low. When the server determines the authentication mode through the modes of some embodiments of the present invention, because the intimacy between the device of the network attacker and the terminal device of the normal user is low, the server can determine a more complicated authentication mode exactly, and then performs identity authentication based on the authentication mode, which is beneficial to ensuring the security of the account and avoiding the user account from being attacked by the network.

As described above, during the implementation of the present invention, in order to determine the intimacy degree between the history login device and the terminal device in the above step S13, any determination method among a plurality of determination methods may be adopted. The present invention will be described below in terms of several alternative embodiments.

The first embodiment of executing step S13 is as follows: and determining the intimacy between the terminal equipment and the historical login equipment based on the pre-established incidence relation map.

Referring to fig. 2, fig. 2 is a flowchart of establishing an association map according to an embodiment of the present invention. The establishment process is executed before the above steps S11 to S14, and may be regarded as a preparation stage before the server performs authentication on each terminal device. As shown in fig. 4, the establishing process includes the following steps:

step S01: the method comprises the steps of receiving and storing equipment information reported by a plurality of pieces of equipment in advance, wherein each set of equipment information reported by each piece of equipment is used for representing: the device reports the spatial geographical position and/or the virtual geographical position of the group of device information.

In some embodiments of the present invention, all terminal devices interacting with the server may report multiple sets of device information to the server. Or after the owner of the terminal device grants the authority of the terminal device, the terminal device can/needs to report multiple sets of device information to the server. Or the server can define that the client of part of users can/need to report multiple groups of equipment information to the server.

In some embodiments of the present invention, the server may collect multiple sets of device information reported by each device exclusively for a period of time. For example, each device continuously reports multiple sets of device information to the server within one month, for example, a device reports one set of device information to the server every 5 minutes within one month. Thus, the server collects multiple sets of device information reported by the devices in the month.

The set of device information reported by the device includes at least one of the following: latitude and longitude information, geographic position name, wifi identification and ip address. The longitude and latitude information and the geographic position information belong to the spatial geographic position category, and the wifi identification and the ip address belong to the virtual geographic position category.

For example, in multiple sets of device information that are successively reported by respective terminal devices of multiple family members, when two or more family members are at home at the same time and the respective terminal devices report the device information to the server during the period, among the multiple sets of device information that are reported by the respective terminal devices during the period: the mobile phone has the same or similar longitude and latitude information, the same wifi identification and the same external network ip address.

Step S02: and determining the equipment adjacent to the geographical position from the plurality of equipment according to the equipment information reported by the plurality of equipment respectively.

Step S03: and aiming at every two adjacent devices in the geographic positions of the multiple devices, acquiring the association degree between the two devices according to the respective device information of the two devices.

In some or all embodiments of the present invention, in order to determine the association degree between two devices, after acquiring multiple sets of device information reported by each of multiple devices, a server may determine, for each device in the multiple devices, the top n sets of device information with the highest frequency of occurrence in the multiple sets of device information that are successively reported by the device. And the server determines the association degree between the two devices according to the first n groups of device information with the highest occurrence frequency of the two devices for every two devices.

Illustratively, a user's office location (i.e., a company) is located in an office building in the Haishen district of Beijing, and the user's home location is located in a cell in the Western district of Beijing. The mobile phone of the user reports a plurality of groups of equipment information to the server successively in one month, which comprises the following steps: multiple sets of device information reported during home, multiple sets of device information reported during a company, multiple sets of device information reported during shopping at a mall, multiple sets of device information reported during commuting, and so forth. And the server clusters a plurality of groups of equipment information reported by the mobile phone of the user, and determines the first two groups of equipment information with the highest frequency of occurrence from the equipment information. For example, the first two sets of device information with the highest frequency of occurrence are: device information reported during home, device information reported during a company. Therefore, the server side can determine the association degree between the mobile phone and other devices according to the device information reported by the mobile phone at home and the device information reported by the mobile phone at company.

In some embodiments of the present invention, in order to determine the association degree between two devices, the server may first determine, according to the first n groups of device information of each device, a plurality of devices located at the same geographic location, then combine, for each two devices of the plurality of devices located at the same geographic location, the first n groups of device information of each of the two devices in pairs to obtain a plurality of device information combinations, then calculate the similarity of each device information combination, and use the similarity with the largest value as the association degree between the two devices.

Illustratively, the server determines the devices frequently appearing at the geographic location X according to the top 2 groups of device information of the respective devices, including: device 2, device 4, device 5. Then, for each two of the three devices, a degree of association between the two devices is determined. Taking the device 2 and the device 4 as an example, the first 2 groups of device information of the device 2 and the first 2 groups of device information of the device 4 are combined in pairs to obtain 4 device information combinations. And calculating the similarity of each equipment information combination to obtain 4 similarities in total. Finally, the maximum similarity is determined as the degree of association between the device 2 and the device 4.

When the similarity of the device information combination is calculated, the similarity can be calculated according to the following formula:

in the formula, S represents the similarity between the device information group i and the device information group j, L is vectorization representation of the geographical location, W is vectorization representation identified by wifi, and P is vectorization representation of the ip address.

Or, when calculating the similarity of the device information combination, in addition to calculating according to the above formula, the respective vectors of the two sets of device information may be calculated first, then the two vectors are input into the similarity prediction model, and finally the value output by the similarity prediction model is taken as the similarity of the device information combination.

In the present invention, the calculation method is not limited when calculating the similarity of the device information combinations.

In addition to determining the maximum similarity among the multiple similarities corresponding to the combination of the multiple pieces of device information between two devices as the previous correlation between the two devices, in still other embodiments of the present invention, in order to determine the correlation between the two devices, the server may also calculate, for each two devices of the multiple devices that often appear in the same geographic location area, the similarity between each two sets of device information according to the respective multiple sets of device information (or the first n sets of device information) of the two devices; comparing the plurality of similarities with a preset threshold respectively, determining the number of the similarities which are greater than the preset threshold in the plurality of similarities, and determining the duration of each similarity which is greater than the preset threshold; and calculating the association degree between the two devices according to each similarity degree larger than the preset threshold, each duration time of the similarity degree larger than the preset threshold and the number of the similarity degrees larger than the preset threshold. To facilitate understanding of this scheme, the following example is given:

illustratively, the server determines the devices frequently appearing at the geographic location X (e.g., the residential cell X) according to the top 2 groups of device information of the respective devices, including: device 2, device 4, device 5. Then, for each two of the three devices, a degree of association between the two devices is determined. Taking the device 2 and the device 4 as an example, the first 2 groups of device information of the device 2 and the first 2 groups of device information of the device 4 are combined in pairs to obtain 4 device information combinations. Referring to table 1, table 1 is a device information combination schematic table.

TABLE 1 Combined information schematic table for devices

Device information combination 1	First set of device information for device 2	First set of device information for device 4
			Device information combination 2	First set of device information for device 2	Second set of device information for device 4
Device information combination 3	Second set of device information for device 2	First set of device information for device 4
			Device information combination 4	Second set of device information for device 2	Second set of device information for device 4

The first set of device information of the device 2 is device information that is frequently reported by the device 2 in the residential cell X, and the second set of device information of the device 2 is device information that is frequently reported by the device 2 in the company a. The first set of device information for device 4 is device information that device 4 reports frequently within residential cell X, and the second set of device information for device 4 is device information that device 2 reports frequently within company B.

Then, the server side calculates the similarity of each equipment information combination, and 4 similarities are obtained in total. It is assumed that the similarity degrees of the device information combinations 1 to 4 are 0.81, 0.13, 0.06, and 0.11, respectively.

Then, since the similarity of the device information combination 1 is greater than the preset threshold (assuming that the preset threshold is 0.5), the server queries the number of times that the server receives the first set of device information reported by the device 2 and the first set of device information reported by the device 4 at the same time. For example, in one month, the number of times that the device 2 and the device 4 are simultaneously located in the residential cell X and continuously report the device information to the server is 30, in other words, the number of times that the device 2 and the device 4 simultaneously appear in the residential cell X in one month is 30, and the number of times that the server simultaneously receives the first set of device information reported by the device 2 and the first set of device information reported by the device 4 is 30.

In addition, the server determines the duration for which it receives the first set of device information reported by the device 2 and the first set of device information reported by the device 4 at the same time. For example, in one month, the total time that the device 2 and the device 4 are simultaneously located in the residential cell X and continue to report the device information to the server is 393.6 hours, in other words, the time duration that the device 2 and the device 4 simultaneously appear in the residential cell X within one month is 393.6 hours, and the time duration that the server receives the first set of device information reported by the device 2 and the first set of device information reported by the device 4 simultaneously is 393.6 hours.

Finally, the server may calculate the association between the device 2 and the device 4 according to the following formula:

in the formula, D represents a degree of association between two devices, n represents the number of similarities greater than a preset threshold among a plurality of similarities between the two devices, S represents the similarity greater than the preset threshold, T represents duration, and M represents frequency. In addition, after the association degree D between the two devices is determined according to the above formula, normalization operation may be performed on the association degree D to obtain the association degree D' after normalization.

With any of the various embodiments of step S02 described above, the degree of association between two devices of the plurality of devices is finally determined.

Step S04: and establishing the incidence relation map according to the determined multiple incidence degrees.

In some embodiments of the present invention, the association degree between two devices may be used as a weight value, an undirected weighted graph between multiple devices may be established, and the undirected weighted graph may be used as an association relationship map of multiple devices.

By performing any one of the embodiments involving the above-described step S01 to step S04, the association relationship maps of the plurality of devices are finally established. The server may persistently store the association map, and thus, the server may call the association map when performing the step S13 to determine the affinity between the terminal device and the history login device.

Referring to fig. 3, fig. 3 is a schematic diagram of an association map according to an embodiment of the present invention. In fig. 3, one elliptical circle represents one device, and the association map shown in fig. 3 includes devices 1 to 10. In fig. 3, a connecting line between two devices represents a connection path between the devices, and a value on the connection path represents intimacy between the two devices connected by the connection path.

When the step S13 is executed, that is, when determining the affinity between the terminal device and the history login device, reference may be specifically made to fig. 4, where fig. 4 is a flowchart of determining the affinity according to an embodiment of the present invention. As shown in fig. 4, the flow includes the following sub-steps:

substep S13-1: and determining the shortest relation path between the terminal equipment and the historical login equipment according to a pre-established association relation map.

The association relationship map comprises a plurality of devices and connection paths between two adjacent devices at geographic positions. As shown in fig. 3, each connection path corresponds to a relevance value, the relevance value is used for representing the intimacy between two devices connected by the connection path, and the shortest relationship path is a path formed by connecting one or more connection paths in series.

Substep S13-2: and determining the intimacy between the terminal equipment and the historical login equipment according to the association degree corresponding to each connection path in the shortest relation path.

Wherein, the shortest relationship path between two devices (e.g. the first device and the second device) refers to: in the association relationship map, a path with the least number of connection paths is included in a plurality of paths leading from the first device to the second device. In other words, the path requiring the least number of intermediate devices to be routed among the plurality of paths leading from the first device to the second device.

As shown in fig. 3, assuming that the affinity between the

devices

2 and 6 needs to be determined currently, the path between the

devices

2 and 6 includes, but is not limited to:

route 1: device 2-device 3-device 7-device 6;

route 2: device 2-device 4-device 5-device 6;

route 3: device 2-device 5-device 6.

Wherein, path 3 only includes two connection paths, which are respectively: and determining that the path 3 is the shortest relation path between the device 2 and the device 6 if the number of the connection paths included in the path 3 is the minimum, wherein the connection paths between the device 2 and the device 5 and the connection paths between the device 5 and the device 6 are the minimum. Or from another perspective, the path 3 only passes through one intermediate device, i.e., the device 5, and the path passes through the smallest number of intermediate devices, the path 3 is determined to be the shortest relational path between the device 2 and the device 6.

During the implementation of the present invention, if the owner of the device 2 logs in the account of the owner of the device 6 by using the device 2, the server determines the shortest relationship path between the device 2 and the device 6 according to the graph shown in fig. 3 as follows: device 2-device 5-device 6. Wherein the relationship between the

devices

2 and 5 is close, e.g. the respective holders of the

devices

2 and 5 may be a family relationship, and the relationship between the

devices

5 and 6 is close, e.g. the device 5 and the device 6 may be a colleague relationship. It can be seen that the significance of determining the shortest relationship path between device 2 and device 6 is: the device 2 is associated with the device 6 with as few intermediate devices as possible, i.e. the holder of the device 2 is associated with the holder of the device 6 with as few intermediate users as possible. Then, according to the degree of association between the

devices

2 and 5 and the degree of association between the

devices

5 and 6, the intimacy between the

devices

2 and 6 can be finally determined.

In some embodiments of the present invention, the magnitude of the degree of association between adjacent devices in fig. 3 is proportional to the intimacy between the two devices. In other words, the larger the value, the higher the degree of intimacy between the devices.

When determining the intimacy between the terminal device and the history login device according to the association degree included in the shortest relationship path, it is considered that the greater the numerical value of each association degree in the shortest relationship path, the more intimacy between the terminal device and the history login device is likely to be. In addition, it is considered that the longer the length of the shortest relationship path (i.e., the more association degree values included, or the more intermediate devices of the path), the less intimacy between the terminal device and the history login device may be. In this way, the intimacy between the terminal device and the history login device can be determined according to the numerical value and the number of the association degrees included in the shortest relationship path.

Illustratively, the affinity between the terminal device and the history login device may be calculated according to the following formula:

in the formula, c represents the intimacy between the terminal device and the history login device, n represents the number of connection paths included in the shortest relationship path between the terminal device and the history login device, that is, the number of association degrees, and r represents the numerical value of the association degree corresponding to the ith connection path in the shortest relationship path. In the above formula, the affinity c is positively correlated with the value r of the degree of association, the affinity c is negatively correlated with the number n of the degree of association, and the greater the value of the affinity c, the more closely the terminal device is to the history login device. The intimacy c between the apparatus 2 and the apparatus 6 in fig. 3 is calculated based on the above formula:

or, for example, the affinity between the terminal device and the history login device may be calculated according to the following formula:

in still other embodiments of the present invention, the magnitude of the association between adjacent devices in fig. 3 and the affinity between the two devices may also be inversely proportional. In other words, the larger the value, the lower the intimacy between the devices. For example, when the affinity between the terminal device and the history login device is determined from the degree of association included in the shortest relationship path, the sum of a plurality of numerical values of the degree of association may be calculated first, and then the reciprocal of the sum may be determined as the affinity between the terminal device and the history login device. The greater the value of the intimacy degree is, the more intimacy between the terminal device and the historical login device is.

It should be noted that, when determining the intimacy degree between the terminal device and the history login device according to the association degree included in the shortest relationship path, the calculation formula that can be used in the present invention is not limited to the calculation formulas described in the above examples, and the calculation formulas in the above examples are not limited to the present invention.

If the server determines the intimacy between the terminal device and the historical login device by using the first embodiment during the implementation of the present invention, the server may establish an association map for a plurality of terminal devices in advance, and persistently store the association map.

The second embodiment of executing step S13 is as follows: in order to determine intimacy between the terminal device and the historical login device, the server may read multiple sets of device information pre-reported by the terminal device and multiple sets of device information pre-reported by the historical login device, where the device information is used to represent a spatial geographic location and/or a virtual geographic location of the device; and then determining the intimacy between the terminal equipment and the historical login equipment according to a plurality of groups of equipment information respectively corresponding to the terminal equipment and the historical login equipment.

For example, the server may read multiple sets of device information reported by the terminal device in advance from the device information database, and then determine the top n sets of device information with the highest frequency of occurrence in the multiple sets of device information. Similarly, the server may read multiple sets of device information reported in advance by the history login device from the device information database, and then determine the top n sets of device information with the highest frequency of occurrence in the multiple sets of device information. And then the server side combines the first n groups of equipment information of the terminal equipment and the first n groups of equipment information of the history login equipment in pairs to obtain a plurality of information combinations. And finally, the server calculates the similarity of each equipment information combination, and takes the similarity with the maximum value as the intimacy between the two equipment.

For understanding, for example, the account of the video playing software of the user a is logged in by the mobile phone a of the user a, and is also logged in by the tablet b of the user a, the mobile phone c of the family of the user a, and the mobile phone d of the colleague of the user a. The mobile phone a, the tablet computer b, the mobile phone c and the mobile phone d are history login devices corresponding to the account of the video playing software of the user a. If a mobile phone x prepares to log in an account of a user a and sends an authentication request carrying account information to a server, since the mobile phone x is not a historical login device of the account, the intimacy between the mobile phone x and the historical login device needs to be determined.

Or if the mobile phone c prepares to log in the account of the user a and sends an authentication request carrying account information to the server, because the mobile phone c is a historical login device of the account, the mobile phone c can directly select to perform authentication in a simple authentication mode without executing the steps S13 and S14, so that the authentication efficiency can be further improved, and the calculation amount of the server is reduced.

Referring to fig. 5, fig. 5 is a flowchart of an authentication method according to another embodiment of the present invention. As shown in fig. 5, the method comprises the steps of:

step S51: receiving an identity authentication request sent by a terminal device, wherein the identity authentication request carries account information.

Step S52: and determining close terminal equipment corresponding to the terminal equipment, wherein the closeness between the close terminal equipment and the terminal equipment meets a preset condition.

Step S53: and under the condition that the close terminal equipment is the historical login equipment corresponding to the account information, performing identity authentication based on a preset authentication mode.

In some embodiments of the present invention, after receiving an authentication request sent by a terminal device, a server may determine, according to an association relationship map established in advance for a plurality of devices, an intimate terminal device corresponding to the terminal device. Specifically, the server may first determine the nearby devices of the terminal device from the association relationship map. And then sequentially calculating the intimacy between the terminal equipment and each adjacent equipment, and determining the adjacent equipment with intimacy greater than a preset threshold value as the intimacy terminal equipment of the terminal equipment.

The specific manner of calculating the affinity can refer to the above embodiments, and the present invention is not repeated herein.

The specific manner for determining the neighboring device for the terminal device may be: and determining a device as a neighboring device of the terminal device under the condition that the number of the intermediate devices spaced between the device and the terminal device does not exceed the preset number.

Taking the preset number equal to 0 as an example, in fig. 3, the neighboring devices of the device 4 include: device 2, device 5, and device 7. Taking the preset number equal to 1 as an example, in fig. 3, the neighboring devices of the device 4 include: device 1, device 2, device 3, device 5, device 6, device 7, device 8, and device 9, but does not include device 10 because the intermediate devices between device 10 and device 4 are

devices

5 and 6, or

devices

7 and 6, and the number of intermediate devices is all equal to 2, i.e., exceeds the preset number of 1.

In other embodiments of the present invention, after receiving the authentication request sent by the terminal device, the server may query the pre-stored close device correspondence, and determine the close terminal device corresponding to the terminal device from the close device correspondence.

In some embodiments of the present invention, the association relationship map may be established and stored in advance. The establishing method comprises the following steps: the method comprises the steps of receiving and storing equipment information reported by a plurality of pieces of equipment in advance, wherein each set of equipment information reported by each piece of equipment is used for representing: the space geographic position and/or the virtual geographic position of the equipment when the information of the group of equipment is reported; determining devices adjacent to the geographic position from the multiple devices according to the device information reported by the multiple devices respectively; for each two adjacent devices in the plurality of devices, acquiring association between the two devices according to respective device information of the two devices; and establishing the incidence relation map according to the obtained multiple incidence degrees.

Wherein, according to the respective device information of the two devices, the specific way of obtaining the association degree between the two devices includes: according to the respective multiple groups of equipment information of the two pieces of equipment, acquiring the similarity between every two groups of equipment information; comparing the plurality of similarities with a preset threshold respectively, determining the number of the similarities which are greater than the preset threshold in the plurality of similarities, and determining the duration of each similarity which is greater than the preset threshold; and acquiring the association degree between the two devices according to each similarity degree larger than the preset threshold, each duration time of the similarity degree larger than the preset threshold and the number of the similarity degrees larger than the preset threshold.

Based on the same inventive concept, an embodiment of the present invention provides an identity authentication apparatus. Referring to fig. 6(a), fig. 6(a) is a schematic diagram of an authentication device according to an embodiment of the present invention, the authentication device being disposed at a server. As shown in fig. 6(a), the apparatus includes:

a request receiving module 61, configured to receive an authentication request sent by a terminal device, where the authentication request carries account information;

a historical login device determining module 62, configured to determine whether the terminal device is a historical login device corresponding to the account information;

an affinity obtaining module 63, configured to obtain, when the terminal is not a historical login device corresponding to the account information, affinity between the historical login device corresponding to the account information and the terminal device;

and the identity authentication module 64 is configured to perform identity authentication based on an authentication manner corresponding to the intimacy degree.

Optionally, when the identity authentication module 64 performs identity authentication based on the authentication manner corresponding to the intimacy degree, the identity authentication module is specifically configured to perform identity authentication in a first authentication manner when the intimacy degree meets a preset condition; under the condition that the intimacy does not meet the preset condition, carrying out identity verification in a second verification mode; wherein the complexity of the first authentication manner is lower than the complexity of the second authentication manner.

Optionally, or the preset condition is: the intimacy degree is greater than or equal to a preset threshold value.

Optionally, the first authentication manner includes at least one of the following authentication steps: password verification, biological characteristic verification, grid graph sliding verification, gesture verification and body posture verification;

the second authentication mode comprises the following authentication steps: the first verification mode comprises a verification step and a short message verification step.

Optionally, when obtaining the affinity between the historical login device and the terminal device corresponding to the account information, the affinity obtaining module 63 is specifically configured to determine a shortest relationship path between the terminal device and the historical login device according to a pre-established association relationship map, where the association relationship map includes a plurality of devices and a connection path between two devices adjacent to each other in a geographic location, each connection path corresponds to an association value, the association value is used to represent the affinity between the two devices connected by the connection path, and the shortest relationship path is a path formed by connecting one or more connection paths in series; and determining the intimacy between the terminal equipment and the historical login equipment according to the association degree corresponding to each connection path in the shortest relation path.

Referring to fig. 6(b), fig. 6(b) is a schematic diagram of an authentication device according to another embodiment of the present invention, the authentication device is disposed at a server. As shown in fig. 6(b), the apparatus includes not only the request receiving module 61, the historical login device determining module 62, the intimacy degree obtaining module 63, and the identity verifying module 64, but also:

an apparatus information receiving module 601, configured to receive and store apparatus information reported by a plurality of apparatuses in advance, where each set of apparatus information reported by each apparatus is used to characterize: the space geographic position and/or the virtual geographic position of the equipment when the information of the group of equipment is reported;

an adjacent device determining module 602, configured to determine, according to device information reported by each of the multiple devices, a device whose geographic location is adjacent to the device from the multiple devices;

a relevancy obtaining module 603, configured to obtain, for each two devices in the multiple devices that are adjacent to each other in geographic position, a relevancy between the two devices according to respective device information of the two devices;

the association map establishing module 604 is configured to establish the association map according to the obtained multiple association degrees.

Optionally, when obtaining the association between the two devices according to the respective device information of the two devices, the association obtaining module 603 is specifically configured to obtain the similarity between each two sets of device information according to the respective multiple sets of device information of the two devices; comparing the plurality of similarities with a preset threshold respectively, determining the number of the similarities which are greater than the preset threshold in the plurality of similarities, and determining the duration of each similarity which is greater than the preset threshold; and acquiring the association degree between the two devices according to each similarity degree larger than the preset threshold, each duration time of the similarity degree larger than the preset threshold and the number of the similarity degrees larger than the preset threshold.

Optionally, when acquiring the intimacy between the historical login device corresponding to the account information and the terminal device, the intimacy acquiring module 63 is specifically configured to read multiple sets of device information reported in advance by the terminal device and multiple sets of device information reported in advance by the historical login device, where the device information is used to represent a spatial geographic location and/or a virtual geographic location of the device; and determining the intimacy between the terminal equipment and the historical login equipment according to a plurality of groups of equipment information corresponding to the terminal equipment and the historical login equipment respectively.

Optionally, the identity authentication module 64 is further configured to perform identity authentication in the second authentication manner when the terminal is a historical login device corresponding to the account information.

Based on the same inventive concept, another embodiment of the present invention provides another authentication apparatus. Referring to fig. 7, fig. 7 is a schematic diagram of an authentication device according to another embodiment of the present invention, the authentication device being disposed at a server. As shown in fig. 7, the apparatus includes:

a request receiving module 71, configured to receive an authentication request sent by a terminal device, where the authentication request carries account information;

an intimate terminal device determining module 72, configured to determine an intimate terminal device corresponding to the terminal device, where an intimacy between the intimate terminal device and the terminal device meets a preset condition;

and the identity authentication module 73 is configured to perform identity authentication based on a preset authentication manner when the close terminal device is a history login device corresponding to the account information.

An embodiment of the present invention further provides an electronic device, as shown in fig. 8, which includes a processor 801, a communication interface 802, a memory 803, and a communication bus 804, where the processor 801, the communication interface 802, and the memory 803 complete mutual communication through the communication bus 804,

a memory 803 for storing a computer program;

the processor 801 is configured to implement the following steps when executing the program stored in the memory 803:

Or the following steps are realized:

and under the condition that the close terminal equipment is the historical login equipment corresponding to the account information, performing identity authentication based on a preset authentication mode.

Or to implement steps in other method embodiments of the invention described above.

The communication bus mentioned in the above terminal may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.

The communication interface is used for communication between the terminal and other equipment.

The Memory may include a Random Access Memory (RAM) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.

The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.

In yet another embodiment of the present invention, a computer-readable storage medium is further provided, which has instructions stored therein, and when the instructions are executed on a computer, the instructions cause the computer to execute the identity verification method described in any one of the above embodiments.

In a further embodiment of the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the method of authentication as described in any of the above embodiments.

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.

It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims

1. An identity authentication method is applied to a server side, and the method comprises the following steps:

2. The method according to claim 1, wherein the performing identity verification based on the verification manner corresponding to the affinity comprises:

under the condition that the intimacy meets the preset condition, carrying out identity verification in a first verification mode;

under the condition that the intimacy does not meet the preset condition, carrying out identity verification in a second verification mode;

wherein the complexity of the first authentication manner is lower than the complexity of the second authentication manner.

3. The method according to claim 2, wherein the preset condition is: the intimacy degree is greater than or equal to a preset threshold value.

4. The method of claim 2, wherein the first authentication means comprises at least one of the following authentication steps: password verification, biological characteristic verification, grid graph sliding verification, gesture verification and body posture verification;

5. The method according to any one of claims 1 to 4, wherein the obtaining of the intimacy between the historical login device corresponding to the account information and the terminal device includes:

determining a shortest relationship path between the terminal device and the historical login device according to a pre-established association relationship map, wherein the association relationship map comprises a plurality of devices and connection paths between two devices adjacent to each other in geographic position, each connection path corresponds to an association value, the association value is used for representing the intimacy between the two devices connected by the connection path, and the shortest relationship path is a path formed by connecting one or more connection paths in series;

and determining the intimacy between the terminal equipment and the historical login equipment according to the association degree corresponding to each connection path in the shortest relation path.

6. The method according to claim 5, wherein before determining the shortest relationship path between the terminal device and the historical login device according to a pre-established association relationship map, the method further comprises:

the method comprises the steps of receiving and storing equipment information reported by a plurality of pieces of equipment in advance, wherein each set of equipment information reported by each piece of equipment is used for representing: the space geographic position and/or the virtual geographic position of the equipment when the information of the group of equipment is reported;

determining devices adjacent to the geographic position from the multiple devices according to the device information reported by the multiple devices respectively;

for each two adjacent devices in the plurality of devices, acquiring association between the two devices according to respective device information of the two devices;

and establishing the incidence relation map according to the obtained multiple incidence degrees.

7. The method according to claim 6, wherein the obtaining the association degree between the two devices according to the respective device information of the two devices comprises:

according to the respective multiple groups of equipment information of the two pieces of equipment, acquiring the similarity between every two groups of equipment information;

comparing the plurality of similarities with a preset threshold respectively, determining the number of the similarities which are greater than the preset threshold in the plurality of similarities, and determining the duration of each similarity which is greater than the preset threshold;

and acquiring the association degree between the two devices according to each similarity degree larger than the preset threshold, each duration time of the similarity degree larger than the preset threshold and the number of the similarity degrees larger than the preset threshold.

8. The method according to claim 1 or 2, wherein the obtaining of the intimacy between the historical login device corresponding to the account information and the terminal device comprises:

reading multiple sets of equipment information reported by the terminal equipment in advance and multiple sets of equipment information reported by the historical login equipment in advance, wherein the equipment information is used for representing the space geographic position and/or the virtual geographic position of the equipment;

and determining the intimacy between the terminal equipment and the historical login equipment according to a plurality of groups of equipment information corresponding to the terminal equipment and the historical login equipment respectively.

9. The method of claim 2, further comprising:

and under the condition that the terminal is a historical login device corresponding to the account information, performing identity authentication in the second authentication mode.

10. An identity authentication method is applied to a server side, and the method comprises the following steps:

11. An identity authentication device, which is arranged at a server side, the device comprises:

12. An identity authentication device, which is arranged at a server side, the device comprises:

13. An electronic device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing mutual communication by the memory through the communication bus;

a memory for storing a computer program;

a processor for carrying out the method steps of any one of claims 1 to 9 or the method steps of claim 10 when executing a program stored in the memory.

14. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 9, or carries out the method of claim 10.