CN112287326A - Security authentication method and device, electronic equipment and storage medium - Google Patents

Security authentication method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN112287326A
CN112287326A CN202011039647.7A CN202011039647A CN112287326A CN 112287326 A CN112287326 A CN 112287326A CN 202011039647 A CN202011039647 A CN 202011039647A CN 112287326 A CN112287326 A CN 112287326A
Authority
CN
China
Prior art keywords
target
application platform
level
security level
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011039647.7A
Other languages
Chinese (zh)
Other versions
CN112287326B (en
Inventor
邓练兵
李大铭
方文佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Dahengqin Technology Development Co Ltd
Original Assignee
Zhuhai Dahengqin Technology Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Dahengqin Technology Development Co Ltd filed Critical Zhuhai Dahengqin Technology Development Co Ltd
Priority to CN202011039647.7A priority Critical patent/CN112287326B/en
Priority claimed from CN202011039647.7A external-priority patent/CN112287326B/en
Publication of CN112287326A publication Critical patent/CN112287326A/en
Application granted granted Critical
Publication of CN112287326B publication Critical patent/CN112287326B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method and a device for security authentication, electronic equipment and a storage medium, wherein the method comprises the following steps: receiving an access request aiming at a target application platform, which is triggered by a user logging in a first application platform through the link entry; acquiring an initial security level corresponding to the first application platform and a target security level corresponding to the target application platform, and determining a level relation between the initial security level and the target security level; determining a target authentication mode of the user for accessing the target application platform according to the level relation between the initial security level and the target security level; the embodiment of the invention can determine the corresponding authentication mode according to the security levels of different application platforms and the security level relation, thereby improving the information security of the application platforms.

Description

Security authentication method and device, electronic equipment and storage medium
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a method and an apparatus for security authentication, an electronic device, and a storage medium.
Background
With the development of information-based construction, the application services used by units and enterprises are gradually increased. The historical periods of development of all application services are different, the provided business services are different, and development and operation departments are different, so that the problems that the standards of all application services in the same portal system are not uniform, the application services are not communicated with one another, data are not integrated exist, the application service quality is poor due to lack of uniform operation and monitoring, the effect is difficult to guarantee, and the like exist in the same portal system. Therefore, a single sign-on technology appears, and the single sign-on technology can be used for realizing that a user can access all application services in a portal system only by logging on once.
Different application services have different requirements on information security, and the existing single sign-on technology cannot adapt to the differentiated security requirements of different application services, and particularly cannot protect the information security of the application services with high requirements on the information security.
Disclosure of Invention
In view of the above, the present invention is proposed in order to provide a method and apparatus, an electronic device, a storage medium for security authentication that overcome or at least partially solve the above problems, including:
a method for security authentication, applied to a front-end system of a city portal system, the front-end system including link entries of a plurality of application platforms, the method comprising:
receiving an access request aiming at a target application platform, which is triggered by a user logging in a first application platform through the link entry;
acquiring an initial security level corresponding to the first application platform and a target security level corresponding to the target application platform, and determining a level relation between the initial security level and the target security level;
and determining a target authentication mode of the user for accessing the target application platform according to the level relation between the initial security level and the target security level.
Optionally, the step of determining a target authentication manner for the user to access the target application platform according to the level relationship between the initial security level and the target security level includes:
when the initial security level is higher than or equal to the target security level, acquiring login duration of the user for logging in the first application platform;
when the login duration is longer than the preset duration, displaying a first login page of the target application platform to the user; the first login page comprises a first authentication mode.
Optionally, the step of determining a target authentication manner for the user to access the target application platform according to the level relationship between the initial security level and the target security level includes:
when the initial security level is lower than the target security level, acquiring an initial authentication mode when the user logs in the first application platform;
displaying a second login page of the target application platform to the user according to the initial authentication mode; the second login page comprises a second authentication mode, and the second authentication mode is different from the initial authentication mode.
Optionally, the step of determining a target authentication manner for the user to access the target application platform according to the level relationship between the initial security level and the target security level includes:
when the initial security level is lower than the target security level, acquiring initial login feature information corresponding to the user logging in the first application platform and a target login feature information set corresponding to the user historically logging in the target application platform;
determining a security performance level corresponding to the user accessing the target application platform according to the initial login feature information and the target login feature information set;
and determining the authentication mode corresponding to the safety performance level as a target authentication mode.
Optionally, the step of determining, according to the initial login feature information and the target login feature information set, a security performance level corresponding to the user accessing the target application platform includes:
when target login characteristic information matched with the initial login characteristic information exists in the target login characteristic information set, determining that the first-level security performance corresponding to the target application platform accessed by the user is achieved;
and when the target login characteristic information matched with the initial login characteristic information does not exist in the target login characteristic information set, determining that the second-level security performance corresponding to the target application platform accessed by the user is the second-level security performance.
Optionally, the step of determining the authentication manner corresponding to the security performance level as the target authentication manner includes:
when the first application platform logged by the user corresponds to first-level security performance, acquiring a first preset authentication mode corresponding to the first-level security performance from a preset relation data table, and determining the first preset authentication mode as a target authentication mode;
and when the user logs in the first application platform and corresponds to the second-level security performance, acquiring a second preset authentication mode corresponding to the second-level security performance from a preset relation data table, and determining the second preset authentication mode as a target authentication mode.
Optionally, the first authentication means includes any one of password authentication, biometric authentication, and dynamic password authentication.
The embodiment of the invention also discloses a device for safety authentication, which is applied to a front-end system of a city portal system, wherein the front-end system comprises a plurality of link inlets of application platforms, and the device comprises:
the access request receiving module is used for receiving an access request which is triggered by a user logging in the first application platform through the link entry and aims at the target application platform;
the level relation determining module is used for acquiring an initial security level corresponding to the first application platform and a target security level corresponding to the target application platform, and determining the level relation between the initial security level and the target security level;
and the authentication mode determining module is used for determining a target authentication mode for the user to access the target application platform according to the level relation between the initial security level and the target security level.
Optionally, the authentication manner determining module includes:
a login duration obtaining submodule, configured to obtain a login duration for the user to login the first application platform when the initial security level is higher than or equal to the target security level;
the first login page display sub-module is used for displaying a first login page of the target application platform to the user when the login duration is longer than a preset duration; the first login page comprises a first authentication mode.
Optionally, the first authentication means includes any one of password authentication, biometric authentication, and dynamic password authentication.
Optionally, the authentication manner determining module includes:
an initial authentication mode obtaining sub-module, configured to obtain an initial authentication mode when the user logs in the first application platform when the initial security level is lower than the target security level;
the second login page display sub-module is used for displaying a second login page of the target application platform to the user according to the initial authentication mode; the second login page comprises a second authentication mode, and the second authentication mode is different from the initial authentication mode.
Optionally, the authentication manner determining module includes:
a login feature information obtaining sub-module, configured to obtain, when the initial security level is lower than the target security level, initial login feature information corresponding to the user logging in the first application platform and a target login feature information set corresponding to the user historically logging in the target application platform;
the safety performance level determining submodule is used for determining the safety performance level corresponding to the target application platform accessed by the user according to the initial login characteristic information and the target login characteristic information set;
and the target authentication mode determining submodule is used for determining the authentication mode corresponding to the safety performance level as the target authentication mode.
Optionally, the security performance level determination sub-module includes:
a first-level security performance determining submodule, configured to determine that, when target login feature information matching the initial login feature information exists in the target login feature information set, the user accesses the target application platform and corresponds to a first-level security performance;
and the second-level security performance determining submodule is used for determining that the user accessing the target application platform corresponds to second-level security performance when target login feature information matched with the initial login feature information does not exist in the target login feature information set.
Optionally, the target authentication manner determining sub-module includes:
the first preset authentication mode acquisition sub-module is used for acquiring a first preset authentication mode corresponding to the first-level security performance from a preset relation data table when the first application platform is logged by the user and corresponds to the first-level security performance, and determining the first preset authentication mode as a target authentication mode;
and the second preset authentication mode obtaining sub-module is used for obtaining a second preset authentication mode corresponding to the second-level security performance from a preset relation data table when the user logs in the first application platform and the second application platform corresponds to the second-level security performance, and determining the second preset authentication mode as a target authentication mode.
An electronic device comprising a processor, a memory and a computer program stored on the memory and being executable on the processor, the computer program, when executed by the processor, implementing the steps of the method of secure authentication as described above.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of secure authentication as set forth above.
The invention has the following advantages:
in the embodiment of the invention, an access request aiming at a target application platform, which is triggered by a user logging in a first application platform through the link entry, is received; acquiring an initial security level corresponding to the first application platform and a target security level corresponding to the target application platform, and determining a level relation between the initial security level and the target security level; determining a target authentication mode of the user for accessing the target application platform according to the level relation between the initial security level and the target security level; the corresponding authentication mode can be determined according to the security levels and the security level relation of different application platforms, so that the information security of the application platforms is improved.
Drawings
FIG. 1 is a block diagram of a city portal system of an embodiment of the present invention;
FIG. 2 is a flowchart illustrating steps of a method for secure authentication according to an embodiment of the present invention;
fig. 3 is a block diagram of a security authentication apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below. It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The city portal system is a public platform portal which integrates comprehensive internet information aiming at city planning and provides comprehensive application services. The service objects of the city portal system include: government, individual, enterprise, developer, can provide a plurality of comprehensive services such as government affairs service, individual service, enterprise service, etc.
Referring to fig. 1, a block diagram of a city portal system according to an embodiment of the present invention is shown, which may specifically include: a front-end system 10, a back-end system 11, an API open platform 12, a developer portal system 13, an operation center 14, and the like.
A front-end system 10 that implements a plurality of functions and provides a plurality of pages; the plurality of pages include a plurality of UI elements corresponding to the plurality of functions; the plurality of functions includes a function supported by a backend system to provide a service.
The front-end system is a client facing the user, and is used as a tool for the user to use various contents in the urban portal system, and the user can use information, applications, API services, system functions and the like in the urban portal system through the front-end system. The front-end system displays a universal front-end development framework such as Vue, React and the like to realize unified presentation of a single page of the multi-service system.
The front-end system supports multi-dimensional user use, including tourists, natural people, corporate legal people, enterprise employees and government personnel. The front-end system supports multi-dimensional business city services, including government affair services, public services, characteristic services and the like. The user may use a variety of city services through the head-end system.
The front-end system can comprise an APP client, a Web client and a Web management end, wherein the Web client faces tourists, natural people, enterprises and government users and is used for city portal system official networks, API open platforms and developer portals. The APP client faces tourists, natural people, enterprises and government users and is used for moving the APP; the Web management end faces to operators and system managers and is used for operation centers and other back-end management systems.
And the back-end system 11 is configured to provide service support for the front-end system, respond to a service request of the front-end system, and execute a corresponding service operation.
And the back-end system takes the universal service component or the technical service as a bridge to get through the bottom data. The front-end system is decoupled from the back-end system, and the back-end system provides service support for the front-end system. The front-end system and the back-end system are separately deployed, and the back-end system serves dynamic capacity expansion to achieve the maximum performance of the system.
And the API open platform 12 is used for providing management services aiming at the API, including API publishing services, purchasing services and using services.
The API open platform provides a unified standard data and system development environment, can be applied to various industries and systems, is an open comprehensive service platform with unified solution capability service, and aims to realize the management and control of the whole flow life cycle of unified capability opening including service capability access, open management, capability application and the like. By publishing the API services to the API open platform, developers can apply for or purchase use on the platform by other persons.
A developer portal system 13 for providing an environment for API, application, data development and deployment, and common procedural components.
The developer portal system can provide the developer with an environment for application, algorithm, and data development and deployment, as well as generic AI building blocks, technical building blocks, and business building blocks. The method comprises the functions of application development, algorithm development, application release, service release and the like. Developers can quickly develop and publish applications and APIs based on the environment, components, templates, etc. provided by the developer portal system. The developer portal system may include three platforms, an algorithm development platform, an application development platform, and a data development platform.
And the operation center 14 is used for managing the content, the users, the applications and the API of the city portal system.
The operation center is a business center station which provides unified daily operation management for managers and operators to the urban portal system. The management personnel can carry out unified management on the content, the users, the applications, the API and the like of the city portal system through the operation center.
The embodiment of the invention provides an urban portal system which can integrate a front-end system, a back-end system, an API open platform, a developer portal system, an operation center and other platforms. The front-end system serves as a client and faces various users, and the users can obtain contents provided by various platforms integrated in the urban portal system by performing operations on the front-end system. The back-end system provides service support for the front-end system, responds to the service request of the front-end system and executes corresponding service operation. The API open platform provides management services aiming at the API, including API publishing services, purchasing services and using services; the method can be used for developers to call API uniformly and establish a standard and uniform information platform. The developer portal system can provide an environment for API, application, data development and deployment, and general purpose procedural components; and the development of various services can be realized by developers. The operation center can manage the content, users, applications and API of the city portal system. The embodiment of the invention provides a comprehensive city portal system for a city, which is oriented to various users in the city, and the users can quickly and conveniently realize various digital services through the city portal system; and standardized service development is realized through the city portal system.
Referring to fig. 2, a flowchart illustrating steps of a method for secure authentication according to an embodiment of the present invention is shown; the method is applied to a front-end system of a city portal system, and the front-end system comprises a plurality of link entries of application platforms.
The city portal system can integrate or integrate a plurality of mutually independent application platforms, and realize the unified management and use of the plurality of application platforms. The link entries of the multiple application platforms are configured in the front-end system, the front-end system includes multiple front ends, and the presentation forms of the link entries of the application platforms at different front ends or at the same front end may be different, and may generally be presented in the form of application icons or web page links, which is not limited in this embodiment of the present invention. The user can log in the relevant city portal system through the electronic equipment, and the corresponding front end is presented through the display of the electronic equipment. The electronic device may include a smart phone, a tablet computer, a notebook computer, a netbook, a wearable electronic device, a virtual reality device, an automobile console, and the like, which is not limited in this embodiment of the present invention.
The method specifically comprises the following steps:
step 101, receiving an access request aiming at a target application platform, which is triggered by a user logging in a first application platform through the link entry;
102, acquiring an initial security level corresponding to the first application platform and a target security level corresponding to the target application platform, and determining a level relation between the initial security level and the target security level;
and 103, determining a target authentication mode for the user to access the target application platform according to the level relation between the initial security level and the target security level.
In the embodiment of the invention, an access request aiming at a target application platform is received, wherein the access request is triggered by a user logging in a first application platform through a link entry; acquiring an initial security level corresponding to a first application platform and a target security level corresponding to a target application platform, and determining a level relation between the initial security level and the target security level; determining a target authentication mode of a user for accessing a target application platform according to the level relation between the initial security level and the target security level; the corresponding authentication mode can be determined according to the security levels and the security level relation of different application platforms, so that the information security of the application platforms is improved.
Next, a method of security authentication in the present exemplary embodiment will be further described.
In step 101, an access request for a target application platform triggered by a user logging in a first application platform through the link entry is received.
In an embodiment of the present invention, the city portal system includes a plurality of application platforms, and the front-end system may be configured to configure link portals of the plurality of application platforms. A user can log in a related city portal system through electronic equipment, corresponding front ends are presented through a display screen of the electronic equipment, link entries of a plurality of application platforms can be displayed in the form of interactive controls, the link entry of each application platform corresponds to one interactive control, and the name of the corresponding application platform is displayed in the interactive controls.
In consideration of information security, when a user performs data interaction with each application platform through a front-end system, authentication needs to be performed on identity information of the user to determine whether the user can access a corresponding protected data resource. In this embodiment, the user may log in to the first application platform according to the relevant authentication requirement of the first application platform. After the first application platform is successfully logged in, when a user wants to access the target application platform, an access request aiming at the target application platform can be sent to a front-end system by triggering a link entry corresponding to the target application platform. The target application platform is selected by a plurality of application platforms outside the first application platform of the user and is to be accessed. Specifically, in an exemplary embodiment, when a display of the electronic device is a touch screen, a user may click a target link entry corresponding to a target application platform through an operation medium, and send an access request for the target application platform to a front-end system; the operating medium may be a stylus, a finger, or the like. In another exemplary embodiment, the user may also move the cursor to a target link entry corresponding to the target application platform through a mouse, a keyboard, and other peripherals, and then click the determination key to send an access request for the target application platform to the front-end system; and so on.
In step 102, an initial security level corresponding to the first application platform and a target security level corresponding to the target application platform are obtained, and a level relationship between the initial security level and the target security level is determined.
In the prior art, a single sign-on technology is usually adopted, that is, a user only needs to complete the identity authentication of any one application platform, and the user can obtain the authority to access all the application platforms in the system. When the security requirements of the application platforms are inconsistent, the existing single sign-on technology is adopted, users who have application platforms with low requirements for login security can directly access the application platforms with high requirements for security, and in an actual application scene, if the users do not log out of the application platforms with low requirements for security in time after logging in, the users are easy to access the application platforms with high requirements for security by using the logged-in account numbers, so that important information is leaked, and therefore, the information security of the application platforms with high requirements for security cannot be protected.
In an embodiment of the present invention, the front-end system may determine the security level of each application platform according to the security requirements of the application platforms. Specifically, according to the security requirements of the application platforms, the application platforms are divided into at least two security levels, the application platform with a relatively high security level has a relatively high security requirement, and the application platform with a relatively low security level has a relatively low security requirement. In an exemplary embodiment, the relationship between the application platform and the corresponding security level may be recorded through a security level mapping relationship table. The front-end system can acquire an initial security level corresponding to the first application platform from the security level mapping relation table according to the relevant identification of the first application platform by acquiring the security level mapping relation table; and acquiring a target security level corresponding to the target application platform from the security level mapping relation table according to the relevant identification of the target application platform. The related identifier of the first application platform may be a related identifier of the first application platform, such as a name and a link address, which may uniquely represent the first application platform; the related identifier of the target application platform can be a name, a link address and the like of the target application platform, and can uniquely represent the related identifier of the target application platform. According to the obtained initial security level of the first application platform and the obtained target security level of the target application platform, the level relation between the initial security level and the target security level can be determined. The hierarchical relationship may include the initial security level being below the target security level, or the initial security level being equal to the target security level, or the initial security level being above the target security level.
In step 103, a target authentication mode for the user to access the target application platform is determined according to the level relationship between the initial security level and the target security level.
In an embodiment of the present invention, a corresponding authentication manner may be determined according to a security level, and for convenience of understanding, the embodiment is exemplarily described by dividing into three types of security levels, where a security requirement of an application platform corresponding to a first type of security level is the highest, and a security requirement of an application platform corresponding to a third type of security level is the lowest, that is, the first type of security level is higher than the second type of security level, and the second type of security level is higher than the third type of security level. The authentication mode corresponding to the first class of security level may be a first class of security authentication mode, where the first class of security authentication mode may be a combination of password authentication, biometric authentication, and dynamic password authentication, that is, when a user logs in an application platform corresponding to the first class of security level, the user may successfully log in the corresponding application platform only by the three authentication modes of password authentication, biometric authentication, and dynamic password authentication, so as to access the application platform. The authentication mode corresponding to the second type of security level may be a second type of security authentication mode, where the second type of security authentication mode may be a combination of any two of password authentication, biometric authentication, or dynamic password authentication, that is, when a user logs in an application platform corresponding to the second type of security level, the user needs to pass the password authentication and the biometric authentication, or pass the password authentication and the dynamic password authentication, or can successfully log in the corresponding application platform through the biometric authentication and the dynamic password authentication to access the application platform, and the like. The authentication mode corresponding to the third type of security level may be a third type of security authentication mode, where the third type of security authentication mode may be any one of password authentication, biometric authentication, or dynamic password authentication, that is, when a user logs in an application platform corresponding to the third type of security level, the user may log in the corresponding application platform only by any one of password authentication, biometric authentication, or dynamic password authentication, so as to access the application platform.
And determining a target authentication mode of the user for accessing the target application platform by determining the level relation between the initial security level and the target security level.
Specifically, in an embodiment of the present invention, the step of determining, according to the level relationship between the initial security level and the target security level, a target authentication manner for the user to access the target application platform may include:
when the initial security level is higher than or equal to the target security level, acquiring login duration of the user for logging in the first application platform;
when the login duration is longer than the preset duration, displaying a first login page of the target application platform to the user; the first login page comprises a first authentication mode.
In this embodiment, when the initial security level is higher than or equal to the target security level, the login duration of the user logging in the first application platform is obtained, and the login duration is timed by taking the latest successful login of the user on the first application platform as the initial time. When the login duration is longer than the preset duration, a first login page of the target application platform is displayed to a user, wherein the first login page comprises a first authentication mode; the preset duration can be set by the front-end system according to the security level of the application platform, and in general, the higher the security level is, the shorter the corresponding preset duration is; for example, the preset duration of the first type of security level may be set to half an hour, the preset duration of the second type of security level may be set to one hour, and the preset duration of the third type of security level may be set to two hours. In an example, the first authentication means may comprise any one of password authentication, biometric authentication, and dynamic password authentication. The biometric authentication may include face brushing authentication, fingerprint authentication, iris authentication, and other manners of performing authentication using biometric features. The terminal for generating the dynamic password in the dynamic password authentication can comprise a hardware token, a short message password, a mobile phone token, a software token and the like.
And when the login duration is less than or equal to the preset duration, allowing the user to directly login the target application platform to access the target application platform.
In an embodiment of the present invention, the step of determining, according to the level relationship between the initial security level and the target security level, a target authentication manner for the user to access the target application platform may include:
when the initial security level is lower than the target security level, acquiring an initial authentication mode when the user logs in the first application platform;
displaying a second login page of the target application platform to the user according to the initial authentication mode; the second login page comprises a second authentication mode, and the second authentication mode is different from the initial authentication mode.
In this embodiment, the initial security level is lower than the target security level, that is, the target application platform has a higher security requirement than the first application platform; at this time, an initial authentication mode when the user logs in the first application platform is obtained. The first application platform is taken as an example of the third type of security level application platform. The authentication mode corresponding to the third type of security level may be a third type of security authentication mode, and the third type of security authentication mode may be any one of password authentication, biometric authentication, and dynamic password authentication; and when the initial login mode is password authentication, displaying a second login page of the target application platform to the user, wherein the second login page comprises a second authentication mode, and the second authentication mode is different from the initial authentication mode, namely the user who logs in the first application platform can access the target application after passing any one of biometric authentication or dynamic password authentication. Further, in an example, the second authentication manner may also be associated with a level relationship between the initial security level and the target security level, for example, when the initial security level and the target security level are adjacent security levels, that is, when the initial security level is a third type security level and the target security level is a second type security level, the second authentication manner is any one authentication manner different from the initial authentication manner. When the initial security level and the target security level are separated security levels, that is, when the initial security level is a third security level and the target security level is a first security level, the second authentication direction is a combination of at least two authentication modes different from the initial authentication mode.
Further, in the above embodiment, when the initial security level is lower than the target security level, the step of obtaining the initial authentication manner when the user logs in the first application platform may further include:
when the initial security level is lower than the target security level, acquiring login duration of a user for logging in a first application platform;
and when the login duration is less than or equal to the preset duration, acquiring an initial authentication mode when the user logs in the first application platform.
In this embodiment, when the login duration is longer than the preset duration, a standard login page of the target application platform is displayed to the user, where the standard login page corresponds to a login page when the user who does not log in any application platform requests to access the target application platform. Taking the target application platform as the application platform with the second type of security level as an example, the standard login page of the target application platform includes a second type of security authentication mode, and the second type of security authentication mode may be a combination of any two of password authentication, biometric authentication, or dynamic password authentication.
In an embodiment of the present invention, the step of determining, according to the level relationship between the initial security level and the target security level, a target authentication manner for the user to access the target application platform may include:
when the initial security level is lower than the target security level, acquiring initial login feature information corresponding to the user logging in the first application platform and a target login feature information set corresponding to the user historically logging in the target application platform;
determining a security performance level corresponding to the user accessing the target application platform according to the initial login feature information and the target login feature information set;
and determining the authentication mode corresponding to the safety performance level as a target authentication mode.
In this embodiment, the login feature information may include an identifier of the terminal device and/or a login home address. Taking the login characteristic information as the identifier of the terminal device as an example, the front-end system stores the identifier of the terminal device which logs in the application platform each time the user logs in any application platform. When the initial security level is lower than the target security level, acquiring an identifier of initial terminal equipment corresponding to the first application platform which is logged by a user last time and acquiring a set of identifiers of target terminal equipment corresponding to the target application platform which is logged by the user historically; and determining the security performance level corresponding to the target application platform accessed by the user according to the identifier of the initial terminal number device and the identifier set of the target terminal device. The identification set of the target terminal device corresponding to the target application platform logged in by the user history can be a set of identifications of the target terminal device corresponding to the target application platform logged in by the user within a latest preset time period or a latest preset number of times; for example, the identifiers of all target terminal devices corresponding to the user logging in the target application platform in the last three months may be obtained, or the identifiers of all target terminal devices corresponding to the user logging in the target application platform for the last thirty times may be obtained.
Specifically, when target login feature information matched with the initial login feature information exists in the target login feature information set, it is determined that the first-level security performance corresponding to the target application platform accessed by the user is the first-level security performance; when target login characteristic information matched with the initial login characteristic information does not exist in the target login characteristic information set, determining that the target application platform accessed by the user corresponds to second-level security performance; the safety of the login scene corresponding to the first-level safety performance is higher than that of the login scene corresponding to the second-level safety performance. In the example, through traversing the identifier set of the target terminal device, the identifier of the target terminal device matched with the identifier of the initial terminal device is searched, and if the identifier of the target terminal device is searched, it is determined that the first-level security performance corresponding to the target application platform accessed by the user is obtained; and if the user cannot find the target application platform, determining that the user is correspondingly given the second-level security performance to access the target application platform.
And after determining the security performance level corresponding to the target application platform accessed by the user, acquiring a corresponding authentication mode according to the security performance level, and determining the authentication mode as a target authentication mode.
Specifically, when the first application platform logged in by the user corresponds to a first-level security performance, a first preset authentication mode corresponding to the first-level security performance is obtained from a preset relation data table, and the first preset authentication mode is determined as a target authentication mode; and when the user logs in the first application platform and corresponds to the second-level security performance, acquiring a second preset authentication mode corresponding to the second-level security performance from a preset relation data table, and determining the second preset authentication mode as a target authentication mode.
In this embodiment, the front-end system may obtain a locally stored preset relationship data table, where the preset relationship data table may record the security level and a corresponding preset authentication manner, for example, when the security level is a first level security, the corresponding first preset authentication manner may be any one of password authentication, biometric authentication, and dynamic password authentication; when the security level is the second level security, the corresponding second preset authentication mode may be an authentication mode of the security level corresponding to the target application platform. Taking the target application platform as the application platform with the second class of security level as an example, when the security level is the second class of security level, the corresponding second preset authentication mode may be a second class of security authentication mode, and the second class of security authentication mode may be a combination of any two of password authentication, biometric authentication, or dynamic password authentication.
In the embodiment of the invention, an access request aiming at a target application platform is received, wherein the access request is triggered by a user logging in a first application platform through a link entry; acquiring an initial security level corresponding to a first application platform and a target security level corresponding to a target application platform, and determining a level relation between the initial security level and the target security level; determining a target authentication mode of a user for accessing a target application platform according to the level relation between the initial security level and the target security level and the login duration and/or the login mode of the user for logging in the first application platform; the corresponding authentication mode can be determined according to the security levels of different application platforms and different login scenes, so that the information security of the application platforms is improved.
Referring to fig. 3, a block diagram of a security authentication apparatus provided in an embodiment of the present invention is shown, which is applied to a front-end system of a city portal system, where the front-end system includes a plurality of link portals of application platforms. The method specifically comprises the following modules:
an access request receiving module 201, configured to receive an access request, which is triggered by a user logging in a first application platform through the link entry and is addressed to a target application platform;
a level relation determining module 202, configured to obtain an initial security level corresponding to the first application platform and a target security level corresponding to the target application platform, and determine a level relation between the initial security level and the target security level;
and the authentication mode determining module 203 is configured to determine a target authentication mode for the user to access the target application platform according to the level relationship between the initial security level and the target security level.
In a preferred embodiment of the present invention, the authentication method determining module 203 may include:
a login duration obtaining submodule, configured to obtain a login duration for the user to login the first application platform when the initial security level is higher than or equal to the target security level;
the first login page display sub-module is used for displaying a first login page of the target application platform to the user when the login duration is longer than a preset duration; the first login page comprises a first authentication mode.
In a preferred embodiment of the present invention, the first authentication means may include any one of password authentication, biometric authentication, and dynamic password authentication.
In a preferred embodiment of the present invention, the authentication method determining module 203 may include:
an initial authentication mode obtaining sub-module, configured to obtain an initial authentication mode when the user logs in the first application platform when the initial security level is lower than the target security level;
the second login page display sub-module is used for displaying a second login page of the target application platform to the user according to the initial authentication mode; the second login page comprises a second authentication mode, and the second authentication mode is different from the initial authentication mode.
In a preferred embodiment of the present invention, the authentication method determining module 203 may include:
a login feature information obtaining sub-module, configured to obtain, when the initial security level is lower than the target security level, initial login feature information corresponding to the user logging in the first application platform and a target login feature information set corresponding to the user historically logging in the target application platform;
the safety performance level determining submodule is used for determining the safety performance level corresponding to the target application platform accessed by the user according to the initial login characteristic information and the target login characteristic information set;
and the target authentication mode determining submodule is used for determining the authentication mode corresponding to the safety performance level as the target authentication mode.
In a preferred embodiment of the present invention, the security performance level determination sub-module may include:
a first-level security performance determining submodule, configured to determine that, when target login feature information matching the initial login feature information exists in the target login feature information set, the user accesses the target application platform and corresponds to a first-level security performance;
and the second-level security performance determining submodule is used for determining that the user accessing the target application platform corresponds to second-level security performance when target login feature information matched with the initial login feature information does not exist in the target login feature information set.
In a preferred embodiment of the present invention, the target authentication method determining sub-module may include:
the first preset authentication mode acquisition sub-module is used for acquiring a first preset authentication mode corresponding to the first-level security performance from a preset relation data table when the first application platform is logged by the user and corresponds to the first-level security performance, and determining the first preset authentication mode as a target authentication mode;
and the second preset authentication mode obtaining sub-module is used for obtaining a second preset authentication mode corresponding to the second-level security performance from a preset relation data table when the user logs in the first application platform and the second application platform corresponds to the second-level security performance, and determining the second preset authentication mode as a target authentication mode.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiment of the invention also discloses electronic equipment, which comprises a processor, a memory and a computer program which is stored on the memory and can run on the processor, wherein when the computer program is executed by the processor, the steps of the method for security authentication of the embodiment are realized.
The embodiment of the invention also discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the steps of the method for safety authentication of the embodiment are realized.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The security authentication method, the security authentication device, the electronic device and the storage medium provided by the present invention are described in detail above, and specific examples are applied in the text to explain the principle and the implementation of the present invention, and the description of the above embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A method for security authentication, applied to a front-end system of a city portal system, the front-end system including link portals of a plurality of application platforms, the method comprising:
receiving an access request aiming at a target application platform, which is triggered by a user logging in a first application platform through the link entry;
acquiring an initial security level corresponding to the first application platform and a target security level corresponding to the target application platform, and determining a level relation between the initial security level and the target security level;
and determining a target authentication mode of the user for accessing the target application platform according to the level relation between the initial security level and the target security level.
2. The method according to claim 1, wherein the step of determining a target authentication manner for the user to access the target application platform according to the level relationship between the initial security level and the target security level comprises:
when the initial security level is higher than or equal to the target security level, acquiring login duration of the user for logging in the first application platform;
when the login duration is longer than the preset duration, displaying a first login page of the target application platform to the user; the first login page comprises a first authentication mode.
3. The method according to claim 1, wherein the step of determining a target authentication manner for the user to access the target application platform according to the level relationship between the initial security level and the target security level comprises:
when the initial security level is lower than the target security level, acquiring an initial authentication mode when the user logs in the first application platform;
displaying a second login page of the target application platform to the user according to the initial authentication mode; the second login page comprises a second authentication mode, and the second authentication mode is different from the initial authentication mode.
4. The method according to claim 1, wherein the step of determining a target authentication manner for the user to access the target application platform according to the level relationship between the initial security level and the target security level comprises:
when the initial security level is lower than the target security level, acquiring initial login feature information corresponding to the user logging in the first application platform and a target login feature information set corresponding to the user historically logging in the target application platform;
determining a security performance level corresponding to the user accessing the target application platform according to the initial login feature information and the target login feature information set;
and determining the authentication mode corresponding to the safety performance level as a target authentication mode.
5. The method according to claim 4, wherein the step of determining the security level corresponding to the user accessing the target application platform according to the initial login feature information and the target login feature information comprises:
when target login characteristic information matched with the initial login characteristic information exists in the target login characteristic information set, determining that the first-level security performance corresponding to the target application platform accessed by the user is achieved;
and when the target login characteristic information matched with the initial login characteristic information does not exist in the target login characteristic information set, determining that the second-level security performance corresponding to the target application platform accessed by the user is the second-level security performance.
6. The method according to claim 5, wherein the step of determining the authentication method corresponding to the security performance level as the target authentication method comprises:
when the first application platform logged by the user corresponds to first-level security performance, acquiring a first preset authentication mode corresponding to the first-level security performance from a preset relation data table, and determining the first preset authentication mode as a target authentication mode;
and when the user logs in the first application platform and corresponds to the second-level security performance, acquiring a second preset authentication mode corresponding to the second-level security performance from a preset relation data table, and determining the second preset authentication mode as a target authentication mode.
7. The method according to claim 2, wherein the first authentication means includes any one of password authentication, biometric authentication, and dynamic password authentication.
8. An apparatus for secure authentication, applied to a front-end system of a city portal system, the front-end system including link portals of a plurality of application platforms, the apparatus comprising:
the access request receiving module is used for receiving an access request which is triggered by a user logging in the first application platform through the link entry and aims at the target application platform;
the level relation determining module is used for acquiring an initial security level corresponding to the first application platform and a target security level corresponding to the target application platform, and determining the level relation between the initial security level and the target security level;
and the authentication mode determining module is used for determining a target authentication mode for the user to access the target application platform according to the level relation between the initial security level and the target security level.
9. An electronic device comprising a processor, a memory and a computer program stored on the memory and capable of running on the processor, the computer program, when executed by the processor, implementing the steps of the method of secure authentication according to any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of secure authentication according to any one of claims 1 to 7.
CN202011039647.7A 2020-09-28 Security authentication method and device, electronic equipment and storage medium Active CN112287326B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011039647.7A CN112287326B (en) 2020-09-28 Security authentication method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011039647.7A CN112287326B (en) 2020-09-28 Security authentication method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112287326A true CN112287326A (en) 2021-01-29
CN112287326B CN112287326B (en) 2024-05-24

Family

ID=

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113645257A (en) * 2021-10-14 2021-11-12 广州锦行网络科技有限公司 Identity authentication method and device, electronic equipment and storage medium
CN113744440A (en) * 2021-09-03 2021-12-03 建信金融科技有限责任公司 Access control access method, device, medium and equipment based on scene
WO2022267656A1 (en) * 2021-06-23 2022-12-29 华为技术有限公司 Component access method and device, and computer-readable storage medium and chip

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719238A (en) * 2009-11-30 2010-06-02 中国建设银行股份有限公司 Method and system for managing, authenticating and authorizing unified identities
CN101783795A (en) * 2009-12-25 2010-07-21 北京惠信博思技术有限公司 Security level authentication method and system
CN102314564A (en) * 2010-06-30 2012-01-11 百度在线网络技术(北京)有限公司 Unified grading safety method and system for multi-service system
CN103501344A (en) * 2013-10-10 2014-01-08 从兴技术有限公司 Method and system for realizing single sign-on of plurality of applications
CN105354482A (en) * 2015-12-09 2016-02-24 浪潮(北京)电子信息产业有限公司 Single sign-on method and device
CN105391721A (en) * 2015-11-23 2016-03-09 兰玉杰 Unified authentication management open system based on cloud computing
CN107612880A (en) * 2017-07-28 2018-01-19 深圳竹云科技有限公司 One kind applies access method and device
CN108076077A (en) * 2016-11-08 2018-05-25 华为技术有限公司 A kind of conversation controlling method and device
CN110889094A (en) * 2019-11-18 2020-03-17 中国银行股份有限公司 Login authentication method and device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719238A (en) * 2009-11-30 2010-06-02 中国建设银行股份有限公司 Method and system for managing, authenticating and authorizing unified identities
CN101783795A (en) * 2009-12-25 2010-07-21 北京惠信博思技术有限公司 Security level authentication method and system
CN102314564A (en) * 2010-06-30 2012-01-11 百度在线网络技术(北京)有限公司 Unified grading safety method and system for multi-service system
CN103501344A (en) * 2013-10-10 2014-01-08 从兴技术有限公司 Method and system for realizing single sign-on of plurality of applications
CN105391721A (en) * 2015-11-23 2016-03-09 兰玉杰 Unified authentication management open system based on cloud computing
CN105354482A (en) * 2015-12-09 2016-02-24 浪潮(北京)电子信息产业有限公司 Single sign-on method and device
CN108076077A (en) * 2016-11-08 2018-05-25 华为技术有限公司 A kind of conversation controlling method and device
CN107612880A (en) * 2017-07-28 2018-01-19 深圳竹云科技有限公司 One kind applies access method and device
CN110889094A (en) * 2019-11-18 2020-03-17 中国银行股份有限公司 Login authentication method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022267656A1 (en) * 2021-06-23 2022-12-29 华为技术有限公司 Component access method and device, and computer-readable storage medium and chip
CN113744440A (en) * 2021-09-03 2021-12-03 建信金融科技有限责任公司 Access control access method, device, medium and equipment based on scene
CN113645257A (en) * 2021-10-14 2021-11-12 广州锦行网络科技有限公司 Identity authentication method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US11190527B2 (en) Identity verification and login methods, apparatuses, and computer devices
US10740411B2 (en) Determining repeat website users via browser uniqueness tracking
US11916920B2 (en) Account access security using a distributed ledger and/or a distributed file system
US11165776B2 (en) Methods and systems for managing access to computing system resources
US9756028B2 (en) Methods, systems and computer program products for secure access to information
JP2007164661A (en) Program, device and method for user authentication
CN108718337B (en) Website account login, verification and verification information processing method, device and system
US20120254964A1 (en) Method and system for generating a touch captcha
US9059987B1 (en) Methods and systems of using single sign-on for identification for a web server not integrated with an enterprise network
CN111680310B (en) Authority control method and device, electronic equipment and storage medium
CN105162775A (en) Logging method and device of virtual machine
EP3937040B1 (en) Systems and methods for securing login access
CN106796534A (en) The service quality provided by application is provided based on mandatory system support
CN113904821A (en) Identity authentication method and device and readable storage medium
CN114268461B (en) User identity authentication method, device, server, terminal and storage medium
CN103067398A (en) Method and equipment for achieving third-party application accessing user data
CN112287326B (en) Security authentication method and device, electronic equipment and storage medium
CN107294766B (en) Centralized control method and system
CN112287326A (en) Security authentication method and device, electronic equipment and storage medium
CN110753034B (en) Authority management method and related device
KR101304452B1 (en) A cloud system for document management using location
CN106657024B (en) Method and device for preventing cookie from being tampered
CN110930234B (en) Financial management method with remote access function
JP2006092039A (en) Service utilization system
CN112651041A (en) Authority control method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant