CN114386017A - Authentication mode configuration method, device, equipment and medium - Google Patents

Authentication mode configuration method, device, equipment and medium Download PDF

Info

Publication number
CN114386017A
CN114386017A CN202210045962.3A CN202210045962A CN114386017A CN 114386017 A CN114386017 A CN 114386017A CN 202210045962 A CN202210045962 A CN 202210045962A CN 114386017 A CN114386017 A CN 114386017A
Authority
CN
China
Prior art keywords
target
authentication
authentication mode
configuration information
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210045962.3A
Other languages
Chinese (zh)
Inventor
李炯
胡凯乐
邢培康
何子南
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210045962.3A priority Critical patent/CN114386017A/en
Publication of CN114386017A publication Critical patent/CN114386017A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The disclosure provides an authentication mode configuration method, which can be applied to the fields of information security and internet. The authentication mode configuration method comprises the following steps: acquiring a target authentication request aiming at a target transaction; determining user characteristic information of a target user and a risk weight parameter of a target transaction according to a target authentication request; determining a target authentication mode from a plurality of authentication modes according to a risk weight parameter and a preset safety rule to obtain initial authentication mode configuration information aiming at a target authentication request, wherein the initial authentication mode configuration information comprises at least one target authentication mode; and updating the initial authentication mode configuration information according to the user characteristic information to obtain target authentication mode configuration information. The present disclosure also provides an authentication manner configuration apparatus, a device, a storage medium, and a program product.

Description

Authentication mode configuration method, device, equipment and medium
Technical Field
The present disclosure relates to the field of information security and the internet, and more particularly, to a method, an apparatus, a device, a medium, and a program product for configuring an authentication method.
Background
With the rapid development of internet technology, users can perform various types of transactions such as transfer, inquiry and the like through terminal equipment (such as a mobile phone, a tablet computer, a notebook computer and the like). In the transaction process, the user can realize the authentication of the user identity through short message authentication, password authentication and other authentication modes so as to ensure the security of the transaction.
In the process of realizing the inventive concept of the present disclosure, the inventor finds that the authentication service mode for the user is single, and cannot meet the differentiation requirement of the user.
Disclosure of Invention
In view of the above, the present disclosure provides an authentication manner configuration method, apparatus, device, medium, and program product.
According to a first aspect of the present disclosure, there is provided an authentication method configuration method, including:
acquiring a target authentication request aiming at a target transaction;
according to the target authentication request, determining user characteristic information of a target user and a risk weight parameter of the target transaction;
determining a target authentication mode from a plurality of authentication modes according to the risk weight parameter and a preset safety rule to obtain initial authentication mode configuration information aiming at the target authentication request, wherein the initial authentication mode configuration information comprises at least one target authentication mode;
and updating the initial authentication mode configuration information according to the user characteristic information to obtain target authentication mode configuration information.
According to the embodiment of the disclosure, the authentication mode has a security weight parameter;
determining a target authentication mode from a plurality of authentication modes according to the risk weight parameter and a preset security rule, and obtaining initial authentication mode configuration information for the target authentication request comprises:
determining a configured security weight threshold of the initial authentication method configuration information according to the risk weight parameter, wherein the configured security weight threshold is greater than or equal to the risk weight parameter;
and determining the target authentication method from the plurality of authentication methods based on the security weight parameter of the authentication method and the configured security weight threshold, and obtaining initial authentication method configuration information for the target authentication request, wherein in the initial authentication method configuration information, a sum of the security weight parameters of the target authentication method is greater than or equal to the configured security weight threshold.
According to an embodiment of the present disclosure, updating the initial authentication method configuration information according to the user feature information, and obtaining the target authentication method configuration information includes:
determining a recommended authentication mode from the plurality of authentication modes according to the user characteristic information;
and replacing at least one of the target authentication methods in the initial authentication method configuration information with the recommended authentication method to obtain the target authentication method configuration information when the recommended authentication method is different from the target authentication method.
According to the embodiment of the disclosure, the authentication mode has a security weight parameter, the target transaction has a target risk level, and the target authentication mode in the initial authentication mode configuration information includes a mandatory authentication mode and an auxiliary authentication mode;
determining a target authentication mode from a plurality of authentication modes according to the risk weight parameter and a preset security rule, and obtaining initial authentication mode configuration information for the target authentication request comprises:
determining a forced authentication mode aiming at the target transaction from a plurality of authentication modes according to a preset configuration rule under the condition that the target risk level of the target transaction is a first risk level;
determining a configured security weight threshold of the initial authentication method configuration information according to the risk weight parameter, wherein the configured security weight threshold is greater than or equal to the risk weight parameter;
when the security weight parameter of the mandatory authentication method is smaller than the configured security weight threshold, the subordinate authentication method is determined from the plurality of authentication methods according to a difference between the configured security weight threshold and the security weight parameter of the mandatory authentication method, and initial authentication method configuration information for the target transaction is obtained, wherein in the initial authentication method configuration information, a sum of the security weight parameter of the mandatory authentication method and the security weight parameter of the subordinate authentication method is greater than or equal to the configured security weight threshold.
According to an embodiment of the present disclosure, updating the initial authentication method configuration information according to the user feature information, and obtaining the target authentication method configuration information includes:
determining a recommended authentication mode from the plurality of authentication modes according to the user characteristic information;
and replacing at least one of the subordinate authentication methods in the initial authentication method configuration information with the recommended authentication method to obtain the target authentication method configuration information, when the recommended authentication method is different from the target authentication method.
According to an embodiment of the present disclosure, the authentication method further includes:
and displaying the target authentication mode configuration information in a page so that the target user can perform authentication operation aiming at the target authentication mode configuration information.
According to an embodiment of the present disclosure, the authentication method further includes:
and modifying the target authentication mode in the target authentication mode configuration information in response to detecting the modification operation aiming at the target authentication mode configuration information in the page.
According to an embodiment of the present disclosure, determining the user characteristic information of the target user and the risk weight parameter of the target transaction according to the target authentication request includes:
analyzing the target authentication request to obtain the user identification information of the target user and the transaction attribute information of the target transaction;
determining user characteristic information aiming at the target user according to the user identification information;
and determining a risk weight parameter of the target transaction according to the transaction attribute information of the target transaction.
A second aspect of the present disclosure provides an authentication method configuration apparatus, including:
the acquisition module is used for acquiring a target authentication request aiming at a target transaction;
a first determining module, configured to determine, according to the target authentication request, user characteristic information of a target user and a risk weight parameter of the target transaction;
a second determining module, configured to determine a target authentication manner from multiple authentication manners according to the risk weight parameter and a preset security rule, and obtain initial authentication manner configuration information for the target authentication request, where the initial authentication manner configuration information includes at least one target authentication manner;
and the updating module is used for updating the initial authentication mode configuration information according to the user characteristic information to obtain target authentication mode configuration information.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the authentication method configuration method described above.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above authentication manner configuration method.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program that, when executed by a processor, implements the authentication style configuration method described above.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario diagram of an authentication method configuration method and apparatus according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of an authentication method configuration method according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart for determining user characteristic information of a target user and a risk weight parameter for a target transaction according to a target authentication request according to an embodiment of the present disclosure;
fig. 4 schematically illustrates a flowchart of determining a target authentication manner from a plurality of authentication manners according to a preset security rule according to a risk weight parameter according to an embodiment of the present disclosure;
fig. 5 schematically illustrates an application scenario diagram of an authentication approach configuration method according to an embodiment of the present disclosure;
fig. 6 schematically shows a block diagram of the configuration of an authentication means configuration device according to an embodiment of the present disclosure; and
fig. 7 schematically shows a block diagram of an electronic device adapted to implement an authentication means configuration method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
In the process of implementing the inventive concept of the present disclosure, the inventor finds that the authentication service mode for the user is single, and does not configure a differentiated authentication mode according to the personalized requirements of the user, so that the actual requirements of the user cannot be met.
The embodiment of the disclosure provides an authentication mode configuration method, which includes:
acquiring a target authentication request aiming at a target transaction; according to the target authentication request, determining user characteristic information of a target user and a risk weight parameter of a target transaction: determining a target authentication mode from a plurality of authentication modes according to a risk weight parameter and a preset safety rule to obtain initial authentication mode configuration information aiming at a target authentication request, wherein the initial authentication mode configuration information comprises at least one target authentication mode; and updating the initial authentication mode configuration information according to the user characteristic information to obtain target authentication mode configuration information.
According to the embodiment of the disclosure, the target authentication mode is determined from a plurality of authentication modes according to the risk parameter of the target transaction and the preset security rule, and the initial authentication mode configuration information aiming at the target authentication request is obtained, so that the initial authentication mode configuration information can ensure the security and reliability of the target transaction; according to the user characteristic information, updating the initial authentication mode configuration information, and adaptively updating the initial authentication mode configuration information according to the user characteristic information, so that the obtained target authentication mode configuration information realizes differential configuration aiming at the user characteristic information of the user, and further meets the personalized requirements of the user.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure, application and other processing of the personal information of the related user are all in accordance with the regulations of related laws and regulations, necessary confidentiality measures are taken, and the customs of the public order is not violated.
In the technical scheme of the disclosure, before the personal information of the user is acquired or collected, the authorization or the consent of the user is acquired.
Fig. 1 schematically shows an application scenario diagram of an authentication method configuration method and apparatus according to an embodiment of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the authentication method configuration method provided by the embodiment of the present disclosure may be generally executed by the server 105. Accordingly, the authentication method configuration apparatus provided by the embodiment of the present disclosure may be generally disposed in the server 105. The authentication method configuration method provided by the embodiment of the present disclosure may also be executed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the authentication method configuration apparatus provided in the embodiment of the present disclosure may also be disposed in a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, and 103 and/or the server 105.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The authentication method configuration method of the disclosed embodiment will be described in detail below with fig. 2 to 5 based on the scenario described in fig. 1.
Fig. 2 schematically shows a flowchart of an authentication method configuration method according to an embodiment of the present disclosure.
As shown in fig. 2, the authentication method configuration method of this embodiment includes operations S210 to S240.
In operation S210, a target authentication request for a target transaction is acquired.
In operation S220, according to the target authentication request, user characteristic information of the target user and a risk weight parameter of the target transaction are determined.
According to embodiments of the present disclosure, the targeted transaction may include multiple types of transactions provided to the customer, which may include, for example, system logins, transfer transactions, modifying payment passwords, binding new accounts, and the like. The target authentication request may include an authentication request, such as a login authentication request, a transfer authentication request, etc., sent to effect the target transaction. It should be understood that the target authentication request may be transmitted by the target user through the operation terminal.
According to an embodiment of the present disclosure, the user characteristic information may include personalized features for characterizing the target user, for example, may include an authentication preference feature, an age feature, and the like of the target user.
According to embodiments of the present disclosure, the risk weight parameter may be used to characterize the risk level of the target transaction, and different types of target transactions may have different risk levels. For example, a transfer transaction can directly affect the property security of a target user, and thus the risk level of the transfer transaction may be a first risk level. The system login has less impact on the property security of the target user, and thus the risk level of the system login may be a second risk level. Different risk weight parameters can be set for target transactions with different risk levels, for example, different values represent different risk weight parameters, so that the risk level of the target transaction can be represented by the risk weight parameters.
The user characteristic information of the target user is determined in the scheme only to provide a personalized authentication mode for the target user, and the user permission is obtained, so that the customs and related laws and regulations are not violated.
In operation S230, a target authentication method is determined from a plurality of authentication methods according to a preset security rule according to the risk weight parameter, and initial authentication method configuration information for the target authentication request is obtained, where the initial authentication method configuration information includes at least one target authentication method.
According to the embodiment of the disclosure, the authentication mode may include face recognition authentication, password authentication, fingerprint authentication, mobile phone verification code authentication, and the like. And determining a target authentication mode from the plurality of authentication modes according to a preset safety rule, so that the obtained target authentication mode can be matched with the risk weight parameter of the target transaction, and further the obtained initial authentication mode configuration information is matched with the risk level of the target transaction so as to meet the requirement of the target transaction on safety.
According to the embodiment of the disclosure, for example, different authentication security weight parameters can be set for different authentication modes to meet the requirement that the target authentication mode is matched with the risk weight parameter of the target transaction.
In operation S240, the initial authentication method configuration information is updated according to the user characteristic information, so as to obtain the target authentication method configuration information.
According to the embodiment of the disclosure, the target authentication mode in the initial authentication mode configuration information can be modified according to the authentication preference characteristics, the identity attribute characteristics and the like of the target user represented by the user specific information. Namely, the target authentication mode in the initial authentication mode configuration information is replaced by the target authentication mode adapted to the user characteristic information of the target user, so as to obtain the target authentication mode configuration information. Therefore, the user can operate according to the configuration information of the target authentication mode to realize the authentication of the target transaction so as to meet the personalized requirements of the user.
According to the embodiment of the disclosure, the target authentication mode is determined from a plurality of authentication modes according to the risk parameter of the target transaction and the preset security rule, and the initial authentication mode configuration information aiming at the target authentication request is obtained, so that the initial authentication mode configuration information can ensure the security and reliability of the target transaction; according to the user characteristic information, updating the initial authentication mode configuration information, and adaptively updating the initial authentication mode configuration information according to the user characteristic information, so that the obtained target authentication mode configuration information realizes differential configuration aiming at the user characteristic information of the user, and further meets the personalized requirements of the user.
Fig. 3 schematically shows a flowchart for determining user characteristic information of a target user and a risk weight parameter of a target transaction according to a target authentication request according to an embodiment of the present disclosure.
As shown in fig. 3, the determining the user characteristic information of the target user and the risk weight parameter of the target transaction according to the target authentication request in operation S220 includes operations S310 to S330.
In operation S310, the target authentication request is parsed to obtain the user identification information of the target user and the transaction attribute information of the target transaction.
In operation S320, user characteristic information for the target user is determined according to the user identification information.
In operation S330, a risk weight parameter of the target transaction is determined according to the transaction attribute information of the target transaction.
According to an embodiment of the present disclosure, the user identification information may include login name information, account name information, and the like of the target user. According to the user identification information of the target user, the user data of the target user can be queried, the user data can comprise historical operation preference data and the like, and the user characteristic information aiming at the target user can be obtained by processing the user data of the target user.
It should be noted that the method for processing the user data may include a clustering algorithm, or may also process the user data through a network model constructed based on a neural network to obtain user characteristic information of the target user.
According to an embodiment of the present disclosure, the transaction attribute information of the target transaction may be information characterizing a risk level of the target transaction, e.g., may characterize a first risk level, etc. According to different transaction attribute information, corresponding risk weight parameters can be determined, so that the risk weight parameters are matched with the risk level, and the risk level of the target transaction can be visually reflected through the risk weight parameters.
In this embodiment, the risk weight parameters of target transactions having different transaction attribute information may be represented by table 1, for example.
TABLE 1
Figure BDA0003469831240000101
According to an embodiment of the present disclosure, the authentication approach has a security weight parameter.
According to an embodiment of the present disclosure, the operation S230 of determining the target authentication manner from the plurality of authentication manners according to the preset security rule according to the risk weight parameter, and obtaining the initial authentication manner configuration information for the target authentication request may include the following operations.
Determining a configuration safety weight threshold of the initial authentication mode configuration information according to the risk weight parameter, wherein the configuration safety weight threshold is greater than or equal to the risk weight parameter; and determining a target authentication mode from the plurality of authentication modes according to the security weight parameters of the authentication modes and the configured security weight threshold value to obtain initial authentication mode configuration information aiming at the target authentication request, wherein in the initial authentication mode configuration information, the sum of the security weight parameters of the target authentication mode is greater than or equal to the configured security weight threshold value.
According to the embodiment of the disclosure, corresponding security weight parameters can be determined for different authentication modes. The setting of the safety weight parameters can be obtained by setting related personnel according to actual requirements. The corresponding security weight parameters may be determined for different authentication modes, for example, by table 2.
According to the embodiment of the disclosure, the configured security weight threshold of the initial authentication mode configuration information is determined according to the risk weight parameter corresponding to the target transaction, and the security of authentication performed on the target transaction can be effectively guaranteed by configuring the security weight threshold according to the risk level of the target transaction.
TABLE 2
Authentication method Safety weight parameter (minutes)
Face recognition authentication 50
Fingerprint authentication 50
Voiceprint authentication 40
U shield authentication 30
Password authentication 30
Mobile phone verification code authentication 30
In this embodiment, for example, table 3 may be used to indicate the configured security weight threshold of the initial authentication method configuration information corresponding to different target transactions.
TABLE 3
Figure BDA0003469831240000111
According to the embodiment of the disclosure, the target authentication mode is determined from the plurality of authentication modes according to the security weight parameters of the authentication modes, and the sum of the security weight parameters of the target authentication mode is greater than or equal to the configured security weight threshold, so that the target authentication mode in the initial authentication mode configuration information can be flexibly configured under the condition of ensuring the security of authentication for the target transaction, and the influence of immobilization and simplification of the authentication modes on the use experience of a user for target transaction authentication is avoided.
In this embodiment, for example, table 4 may be used to represent initial authentication method configuration information corresponding to different target authentication requests.
TABLE 4
Figure BDA0003469831240000121
Fig. 4 schematically shows a flowchart for determining a target authentication method from a plurality of authentication methods according to a preset security rule according to a risk weight parameter according to an embodiment of the present disclosure.
As shown in fig. 4, the updating the initial authentication method configuration information according to the user characteristic information to obtain the target authentication method configuration information in operation S240 may include operations S410 to S420.
In operation S410, a recommended authentication method is determined from a plurality of authentication methods according to the user characteristic information.
In operation S420, in the case that the recommended authentication method is different from the target authentication method, at least one target authentication method in the initial authentication method configuration information is replaced with the recommended authentication method, and target authentication method configuration information is obtained.
According to an embodiment of the present disclosure, the user characteristic information may characterize authentication preferences, identity attributes, and the like of the user. For example, when the age of the target user represented by the user characteristic information is larger than a preset age threshold, the age of the target user can be predicted to be older, the operation of authenticating the mobile phone verification code is not used, the verification code is difficult to identify, and voiceprint authentication can be used as a recommended authentication mode, so that convenient authentication service experience is provided for the target user.
And under the condition that the recommended authentication mode is different from the target authentication mode in the initial authentication mode configuration information, replacing at least one target authentication mode in the initial authentication mode configuration information with the recommended authentication mode to obtain target authentication mode configuration information, and flexibly configuring the authentication modes for the user according to the user characteristic information of the target user to meet the actual requirements of the user.
It should be understood that, in the target authentication manner configuration information, the sum of the security weight parameters of the target authentication manner is greater than or equal to the configured security weight threshold of the initial authentication manner, so that the updated target authentication manner meets the security requirement for the target transaction.
According to the embodiment of the disclosure, the authentication mode has a security weight parameter, the target transaction has a target risk level, and the target authentication mode in the initial authentication mode configuration information includes a mandatory authentication mode and an auxiliary authentication mode.
According to an embodiment of the present disclosure, the operation S230 of determining the target authentication manner from the plurality of authentication manners according to the preset security rule according to the risk weight parameter, and obtaining the initial authentication manner configuration information for the target authentication request may include the following operations.
Determining a forced authentication mode aiming at the target transaction from a plurality of authentication modes according to a preset configuration rule under the condition that the target risk level of the target transaction is a first risk level; determining a configuration safety weight threshold of the initial authentication mode configuration information according to the risk weight parameter, wherein the configuration safety weight threshold is greater than or equal to the risk weight parameter; and when the security weight parameter of the mandatory authentication mode is smaller than the configured security weight threshold, determining an auxiliary authentication mode from a plurality of authentication modes according to the difference between the configured security weight threshold and the security weight parameter of the mandatory authentication mode, and obtaining initial authentication mode configuration information aiming at the target transaction, wherein in the initial authentication mode configuration information, the sum of the security weight parameter of the mandatory authentication mode and the security weight parameter of the auxiliary authentication mode is larger than or equal to the configured security weight threshold.
According to embodiments of the present disclosure, the mandatory authentication means may include an authentication means that the target user has to perform for a target transaction having a first risk level. And determining a forced authentication mode according to a preset configuration rule, so that the security of target transaction authentication with higher risk level can be further ensured, and the loss of a user caused by the security of authentication is avoided.
In this embodiment, the initial authentication method configuration information for the target transaction request may be represented by, for example, table 5.
TABLE 5
Figure BDA0003469831240000141
It should be understood that, in the embodiment of the present disclosure, the number of the mandatory authentication manners or the number of the dependent authentication manners in the initial authentication manner configuration information is not limited, and may be set according to actual requirements as long as the sum of the security weight parameter of the mandatory authentication manner and the security weight parameter of the dependent authentication manner is greater than or equal to the configured security weight threshold.
According to an embodiment of the present disclosure, the operation S240 of updating the initial authentication method configuration information according to the user characteristic information to obtain the target authentication method configuration information may include the following operations.
Determining a recommended authentication mode from a plurality of authentication modes according to the user characteristic information; and under the condition that the recommended authentication mode is different from the target authentication mode, replacing at least one auxiliary authentication mode in the initial authentication mode configuration information with the recommended authentication mode to obtain target authentication mode configuration information.
According to the embodiment of the disclosure, for example, the mobile phone verification code authentication in the initial authentication mode configuration information corresponding to the modified payment password can be replaced by voiceprint authentication so as to meet the actual requirements of the user.
According to an embodiment of the present disclosure, the authentication method configuration method may further include the following operations.
And displaying the target authentication mode configuration information in the page so that the target user can perform authentication operation aiming at the target authentication mode configuration information.
According to the embodiment of the present disclosure, the target user may pass authentication for the target transaction by performing an authentication operation for the target authentication manner in the target authentication manner configuration information.
According to an embodiment of the present disclosure, the authentication method configuration method may further include the following operations.
And modifying the target authentication mode in the target authentication mode configuration information in response to detecting the modification operation aiming at the target authentication mode configuration information in the page.
According to the embodiment of the disclosure, the target user can replace the target authentication mode in the target authentication mode configuration information with the target authentication mode suitable for the self requirement of the target user according to personal preference or actual requirement. For example, aiming at a target user with visual impairment, the target user can modify the target authentication mode configuration information and modify the mobile phone verification code authentication into voiceprint authentication, so that the target user can conveniently and flexibly configure the authentication mode according to the actual requirements of the target user, and the modified target authentication mode configuration information can meet the personalized requirements of the user.
Fig. 5 schematically shows an application scenario diagram of an authentication method configuration method according to an embodiment of the present disclosure.
As shown in fig. 5, target authentication manner configuration information 510 is shown in the page 500, and the target authentication manner in the target authentication manner configuration information 510 may include fingerprint authentication 511, password authentication 512, and mobile phone verification code authentication 513. The target user may perform an authentication operation with respect to the target authentication means configuration information 510 to pass authentication for the target transaction.
Alternatively, the target user may also perform modification operations with respect to the target authentication mode configuration information 510. After detecting the modification operation for the target authentication mode configuration information 510 in the page 500, the mobile phone verification code authentication 513 in the target authentication mode configuration information 510 may be modified, and the mobile phone verification code authentication 513 is replaced with the U-shield authentication 514, so as to form new target authentication mode configuration information 520. Thereby allowing the target user to perform an authentication operation with respect to the new target authentication manner configuration information 520 to pass authentication with respect to the target transaction.
Based on the authentication mode configuration method, the disclosure also provides an authentication mode configuration device. The apparatus will be described in detail below with reference to fig. 6.
Fig. 6 schematically shows a block diagram of the authentication method configuration apparatus according to an embodiment of the present disclosure.
As shown in fig. 6, the authentication method configuration apparatus 600 includes an obtaining module 610, a first determining module 620, a second determining module 630, and an updating module 640.
The obtaining module 610 is configured to obtain a target authentication request for a target transaction.
The first determining module 620 is configured to determine user characteristic information of the target user and a risk weight parameter of the target transaction according to the target authentication request.
The second determining module 630 is configured to determine a target authentication manner from the multiple authentication manners according to the risk weight parameter and the preset security rule, and obtain initial authentication manner configuration information for the target authentication request, where the initial authentication manner configuration information includes at least one target authentication manner.
The updating module 640 is configured to update the initial authentication method configuration information according to the user characteristic information to obtain target authentication method configuration information.
According to an embodiment of the present disclosure, the authentication approach has a security weight parameter.
The second determination module may include a first determination unit and a second determination unit.
The first determining unit is used for determining a configured security weight threshold of the initial authentication mode configuration information according to the risk weight parameter, wherein the configured security weight threshold is greater than or equal to the risk weight parameter.
The second determining unit is used for determining a target authentication mode from a plurality of authentication modes according to the security weight parameters of the authentication modes and the configured security weight threshold value to obtain initial authentication mode configuration information aiming at the target authentication request, wherein in the initial authentication mode configuration information, the sum of the security weight parameters of the target authentication mode is greater than or equal to the configured security weight threshold value.
According to an embodiment of the present disclosure, the update module may include: the device comprises a first recommended authentication mode determining unit and a first updating unit.
The first recommended authentication mode determining unit is used for determining a recommended authentication mode from a plurality of authentication modes according to the user characteristic information.
The first updating unit is used for replacing at least one target authentication mode in the initial authentication mode configuration information with the recommended authentication mode to obtain target authentication mode configuration information under the condition that the recommended authentication mode is different from the target authentication mode.
According to the embodiment of the disclosure, the authentication mode has a security weight parameter, the target transaction has a target risk level, and the target authentication mode in the initial authentication mode configuration information includes a mandatory authentication mode and an auxiliary authentication mode.
The second determination module may include a third determination unit, a fourth determination unit, and a fifth determination unit.
The third determining unit is used for determining a forced authentication mode aiming at the target transaction from a plurality of authentication modes according to a preset configuration rule under the condition that the target risk level of the target transaction is the first risk level.
The fourth determining unit is used for determining a configured security weight threshold of the initial authentication mode configuration information according to the risk weight parameter, wherein the configured security weight threshold is greater than or equal to the risk weight parameter.
And the fifth determining unit is used for determining an auxiliary authentication mode from a plurality of authentication modes according to the difference between the configured security weight threshold and the security weight parameter of the mandatory authentication mode when the security weight parameter of the mandatory authentication mode is smaller than the configured security weight threshold, and obtaining initial authentication mode configuration information aiming at the target transaction, wherein in the initial authentication mode configuration information, the sum of the security weight parameter of the mandatory authentication mode and the security weight parameter of the auxiliary authentication mode is larger than or equal to the configured security weight threshold.
According to an embodiment of the present disclosure, an update module includes: a second recommended authentication mode determining unit and a second updating unit.
The second recommended authentication mode determining unit is used for determining a recommended authentication mode from a plurality of authentication modes according to the user characteristic information.
And the second updating unit is used for replacing at least one auxiliary authentication mode in the initial authentication mode configuration information with the recommended authentication mode to obtain target authentication mode configuration information under the condition that the recommended authentication mode is different from the target authentication mode.
According to an embodiment of the present disclosure, the authentication method configuration apparatus may further include a display module.
The display module is used for displaying the target authentication mode configuration information in the page so that the target user can carry out authentication operation aiming at the target authentication mode configuration information.
According to the embodiment of the disclosure, the authentication mode configuration device may further include a modification module.
The modification module is used for responding to the modification operation detected aiming at the target authentication mode configuration information in the page, and modifying the target authentication mode in the target authentication mode configuration information.
According to an embodiment of the present disclosure, the first determination module may include a parsing unit, a user characteristic information determination unit, and a risk weight parameter determination unit.
The analysis unit is used for analyzing the target authentication request to obtain the user identification information of the target user and the transaction attribute information of the target transaction.
The user characteristic information determining unit is used for determining user characteristic information aiming at the target user according to the user identification information.
The risk weight parameter determining unit is used for determining a risk weight parameter of the target transaction according to the transaction attribute information of the target transaction.
According to the embodiment of the present disclosure, any plurality of the obtaining module 610, the first determining module 620, the second determining module 630, and the updating module 640 may be combined and implemented in one module, or any one of the modules may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the obtaining module 610, the first determining module 620, the second determining module 630, and the updating module 640 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or may be implemented in any one of three implementations of software, hardware, and firmware, or in a suitable combination of any of them. Alternatively, at least one of the obtaining module 610, the first determining module 620, the second determining module 630 and the updating module 640 may be at least partially implemented as a computer program module, which when executed may perform a corresponding function.
Fig. 7 schematically shows a block diagram of an electronic device adapted to implement an authentication means configuration method according to an embodiment of the present disclosure.
As shown in fig. 7, an electronic device 700 according to an embodiment of the present disclosure includes a processor 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. The processor 701 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 701 may also include on-board memory for caching purposes. The processor 701 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 703, various programs and data necessary for the operation of the electronic apparatus 700 are stored. The processor 701, the ROM 702, and the RAM 703 are connected to each other by a bus 704. The processor 701 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 702 and/or the RAM 703. It is noted that the programs may also be stored in one or more memories other than the ROM 702 and RAM 703. The processor 701 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 700 may also include input/output (I/O) interface 705, which input/output (I/O) interface 705 is also connected to bus 704, according to an embodiment of the present disclosure. The electronic device 700 may also include one or more of the following components connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 702 and/or the RAM 703 and/or one or more memories other than the ROM 702 and the RAM 703 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated in the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the authentication mode configuration method provided by the embodiment of the disclosure.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 701. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via the communication section 709, and/or installed from the removable medium 711. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program, when executed by the processor 701, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (12)

1. An authentication mode configuration method comprises the following steps:
acquiring a target authentication request aiming at a target transaction;
according to the target authentication request, determining user characteristic information of a target user and a risk weight parameter of the target transaction;
determining a target authentication mode from a plurality of authentication modes according to the risk weight parameter and a preset safety rule to obtain initial authentication mode configuration information aiming at the target authentication request, wherein the initial authentication mode configuration information comprises at least one target authentication mode;
and updating the initial authentication mode configuration information according to the user characteristic information to obtain target authentication mode configuration information.
2. The method of claim 1, wherein the authentication means has a security weight parameter;
determining a target authentication mode from a plurality of authentication modes according to the risk weight parameter and a preset security rule, and obtaining initial authentication mode configuration information aiming at the target authentication request comprises the following steps:
determining a configuration security weight threshold of the initial authentication mode configuration information according to the risk weight parameter, wherein the configuration security weight threshold is greater than or equal to the risk weight parameter;
and determining the target authentication mode from the plurality of authentication modes according to the security weight parameters of the authentication modes and the configured security weight threshold value to obtain initial authentication mode configuration information aiming at the target authentication request, wherein in the initial authentication mode configuration information, the sum of the security weight parameters of the target authentication modes is greater than or equal to the configured security weight threshold value.
3. The method of claim 1, wherein updating the initial authentication method configuration information according to the user characteristic information to obtain target authentication method configuration information comprises:
determining a recommended authentication mode from the plurality of authentication modes according to the user characteristic information;
and under the condition that the recommended authentication mode is different from the target authentication mode, replacing at least one target authentication mode in the initial authentication mode configuration information with the recommended authentication mode to obtain the target authentication mode configuration information.
4. The method of claim 1, wherein the authentication means has security weight parameters, the target transaction has a target risk level, and the target authentication means in the initial authentication means configuration information includes a mandatory authentication means and an affiliated authentication means;
determining a target authentication mode from a plurality of authentication modes according to the risk weight parameter and a preset security rule, and obtaining initial authentication mode configuration information aiming at the target authentication request comprises the following steps:
determining a forced authentication mode aiming at the target transaction from a plurality of authentication modes according to a preset configuration rule under the condition that the target risk level of the target transaction is a first risk level;
determining a configuration security weight threshold of the initial authentication mode configuration information according to the risk weight parameter, wherein the configuration security weight threshold is greater than or equal to the risk weight parameter;
and when the security weight parameter of the mandatory authentication mode is smaller than the configured security weight threshold, determining the affiliated authentication mode from the plurality of authentication modes according to the difference between the configured security weight threshold and the security weight parameter of the mandatory authentication mode, and obtaining initial authentication mode configuration information aiming at the target transaction, wherein in the initial authentication mode configuration information, the sum of the security weight parameter of the mandatory authentication mode and the security weight parameter of the affiliated authentication mode is larger than or equal to the configured security weight threshold.
5. The method of claim 4, wherein updating the initial authentication method configuration information according to the user characteristic information to obtain target authentication method configuration information comprises:
determining a recommended authentication mode from the plurality of authentication modes according to the user characteristic information;
and under the condition that the recommended authentication mode is different from the target authentication mode, replacing at least one auxiliary authentication mode in the initial authentication mode configuration information with the recommended authentication mode to obtain the target authentication mode configuration information.
6. The method of claim 1, further comprising:
and displaying the target authentication mode configuration information in a page so that the target user can perform authentication operation aiming at the target authentication mode configuration information.
7. The method of claim 6, further comprising:
and in response to detecting the modification operation aiming at the target authentication mode configuration information in the page, modifying the target authentication mode in the target authentication mode configuration information.
8. The method of claim 1, wherein determining user characteristic information of the target user and a risk weight parameter of the target transaction according to the target authentication request comprises:
analyzing the target authentication request to obtain user identification information of the target user and transaction attribute information of the target transaction;
determining user characteristic information aiming at the target user according to the user identification information;
and determining a risk weight parameter of the target transaction according to the transaction attribute information of the target transaction.
9. An authentication scheme configuration apparatus comprising:
the acquisition module is used for acquiring a target authentication request aiming at a target transaction;
the first determining module is used for determining user characteristic information of a target user and a risk weight parameter of the target transaction according to the target authentication request;
a second determining module, configured to determine, according to the risk weight parameter and according to a preset security rule, a target authentication manner from multiple authentication manners, and obtain initial authentication manner configuration information for the target authentication request, where the initial authentication manner configuration information includes at least one target authentication manner;
and the updating module is used for updating the initial authentication mode configuration information according to the user characteristic information to obtain target authentication mode configuration information.
10. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-8.
11. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 8.
12. A computer program product comprising a computer program which, when executed by a processor, implements a method according to any one of claims 1 to 8.
CN202210045962.3A 2022-01-14 2022-01-14 Authentication mode configuration method, device, equipment and medium Pending CN114386017A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210045962.3A CN114386017A (en) 2022-01-14 2022-01-14 Authentication mode configuration method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210045962.3A CN114386017A (en) 2022-01-14 2022-01-14 Authentication mode configuration method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN114386017A true CN114386017A (en) 2022-04-22

Family

ID=81201406

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210045962.3A Pending CN114386017A (en) 2022-01-14 2022-01-14 Authentication mode configuration method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN114386017A (en)

Similar Documents

Publication Publication Date Title
US10740411B2 (en) Determining repeat website users via browser uniqueness tracking
CN109257321B (en) Secure login method and device
CN115587575A (en) Data table creation method, target data query method, device and equipment
CN113507419B (en) Training method of traffic distribution model, traffic distribution method and device
CN113132400B (en) Business processing method, device, computer system and storage medium
CN109981553B (en) Access control method, system thereof, computer system, and readable storage medium
CN113609493A (en) Phishing website identification method, device, equipment and medium
CN111210109A (en) Method and device for predicting user risk based on associated user and electronic equipment
CN115965474A (en) Service processing method, device, equipment and storage medium
US20190042653A1 (en) Automatic identification of user information
CN114218283A (en) Abnormality detection method, apparatus, device, and medium
CN114386017A (en) Authentication mode configuration method, device, equipment and medium
CN114201740A (en) Login method, login device, electronic equipment and storage medium
CN114219601A (en) Information processing method, device, equipment and storage medium
CN113379554A (en) Method, apparatus, device, medium, and program product for recommending financial product
CN114301713A (en) Risk access detection model training method, risk access detection method and risk access detection device
CN114693358A (en) Data processing method and device, electronic equipment and storage medium
CN113918989A (en) Method, apparatus, electronic device and medium for protecting personal privacy information of user
CN110659897A (en) Method, system, computing device and medium for transaction verification
CN114844810B (en) Heartbeat data processing method, device, equipment and medium
US11777959B2 (en) Digital security violation system
CN116760638B (en) Information processing method, system, electronic device and storage medium
CN114218254A (en) Report generation method, device, equipment and storage medium
CN113947385A (en) Authority auditing method, device, equipment and storage medium
CN114663094A (en) Security protection method, apparatus, electronic device, medium, and computer program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination