有鑑於此,本說明書施例提供了一種身份認證方法、實現免登錄授權組件的方法。本說明書一個或者多個實施例同時涉及一種身份認證裝置、實現免登錄授權組件的裝置,一種計算設備,以及一種電腦可讀取儲存媒體,以解決現有技術中存在的技術缺陷。
根據本說明書實施例的第一方面,提供了一種身份認證方法,應用於第三方平台提供的第三方應用程式,包括:在需要確認用戶身份時,根據該用戶的銀行卡免登錄授權狀態資訊,判斷該用戶是否已經授權銀行卡免登錄;在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在該第三方平台綁定的銀行卡資訊;將該銀行卡資訊發送給銀行服務端,以便該銀行服務端根據該銀行卡資訊進行用戶身份認證。
可選地,還包括:在該用戶未授權銀行卡免登錄的情況下,取得該用戶對銀行卡免登錄的授權。
可選地,該在需要確認用戶身份時,根據該用戶的銀行卡免登錄授權狀態資訊,判斷該用戶是否已經授權銀行卡免登錄包括:在需要確認用戶身份時,呼叫銀行卡免登錄授權組件,以便該銀行卡免登錄授權組件回應於該呼叫,根據保存的該用戶的銀行卡免登錄授權狀態資訊判斷該用戶是否已經授權銀行卡免登錄;該在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在該第三方平台綁定的銀行卡資訊包括:在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的銀行卡資訊;其中,該銀行卡資訊由該銀行卡免登錄授權組件在判定該用戶未授權銀行卡免登錄的情況下,取得該用戶授權之後從該第三方平台的內部查詢出來並返回給該第三方應用程式,或者,由該銀行卡免登錄授權組件在判定該用戶已經授權銀行卡免登錄的情況下從該第三方平台的內部查詢出來並返回給該第三方應用程式。
可選地,該在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的銀行卡資訊包括:在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的加簽加密後的銀行卡資訊。該將該銀行卡資訊發送給銀行服務端包括:將該加簽加密後的銀行卡資訊發送給該銀行服務端,以便該銀行服務端對加簽加密後的銀行卡資訊進行驗簽解密,根據解密後的該銀行卡資訊進行用戶身份認證。
可選地,還包括:將業務請求發送給該銀行服務端,以便該服務端在完成用戶身份認證之後,執行該業務請求對應的業務邏輯,向該第三方應用程式返回業務資料;接收該銀行服務端返回的業務資料。
可選地,該將業務請求發送給該銀行服務端包括:將支付請求發送給該銀行服務端。
根據本說明書實施例的第二方面,提供了一種身份認證裝置,配置於第三方平台提供的第三方應用程式,包括:授權判斷第一模組,被配置為在需要確認用戶身份時,根據該用戶的銀行卡免登錄授權狀態資訊,判斷該用戶是否已經授權銀行卡免登錄。卡查詢第一模組,被配置為在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在該第三方平台綁定的銀行卡資訊。卡發送第一模組,被配置為將該銀行卡資訊發送給銀行服務端,以便該銀行服務端根據該銀行卡資訊進行用戶身份認證。
可選地,還包括:授權取得模組,被配置為在該用戶未授權銀行卡免登錄的情況下,取得該用戶對銀行卡免登錄的授權。
可選地,該授權判斷第一模組,被配置為在需要確認用戶身份時,呼叫銀行卡免登錄授權組件,以便該銀行卡免登錄授權組件回應於該呼叫,根據保存的該用戶的銀行卡免登錄授權狀態資訊判斷該用戶是否已經授權銀行卡免登錄。卡查詢第一模組,被配置為在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的銀行卡資訊;其中,該銀行卡資訊由該銀行卡免登錄授權組件在判定該用戶未授權銀行卡免登錄的情況下,取得該用戶授權之後從該第三方平台的內部查詢出來並返回給該第三方應用程式,或者,由該銀行卡免登錄授權組件在判定該用戶已經授權銀行卡免登錄的情況下從該第三方平台的內部查詢出來並返回給該第三方應用程式。
可選地,該卡查詢第一模組,被配置為在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的加簽加密後的銀行卡資訊。該卡發送第一模組,被配置為將該加簽加密後的銀行卡資訊發送給該銀行服務端,以便該銀行服務端對加簽加密後的銀行卡資訊進行驗簽解密,根據解密後的該銀行卡資訊進行用戶身份認證。
可選地,還包括:請求發送模組,被配置為將業務請求發送給該銀行服務端,以便該服務端在完成用戶身份認證之後,執行該業務請求對應的業務邏輯,向該第三方應用程式返回業務資料。資料接收模組,被配置為接收該銀行服務端返回的業務資料。
可選地,該請求發送模組,被配置為將支付請求發送給該銀行服務端。
根據本說明書實施例的第三方面,提供了一種實現免登錄授權組件的方法,包括:回應於第三方平台中第三方應用程式的呼叫,針對該呼叫涉及的用戶,根據保存的該用戶的銀行卡免登錄授權狀態資訊判斷該用戶是否已經授權銀行卡免登錄;在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在第三方平台綁定的銀行卡資訊;將該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該銀行卡資訊發送給銀行服務端,使該銀行服務端根據該銀行卡資訊進行用戶身份認證。
可選地,該將該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該銀行卡資訊發送給銀行服務端,使該銀行服務端根據該銀行卡資訊進行用戶身份認證包括:將加簽加密後的該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該加簽加密後的銀行卡資訊發送給銀行服務端,使該銀行服務端對加簽加密後的銀行卡資訊進行驗簽解密,根據解密後的該銀行卡資訊進行用戶身份認證。
可選地,該從該第三方平台的內部查詢出該銀行卡資訊包括:通過開放閘道器從該第三方平台的內部查詢出該銀行卡資訊,其中,該開放閘道器用於對該銀行卡資訊進行加簽加密。
根據本說明書實施例的第四方面,提供了一種實現免登錄授權組件的裝置,包括:授權判斷第二模組,被配置為回應於第三方平台中第三方應用程式的呼叫,針對該呼叫涉及的用戶,根據保存的該用戶的銀行卡免登錄授權狀態資訊判斷該用戶是否已經授權銀行卡免登錄。卡查詢第二模組,被配置為在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在第三方平台綁定的銀行卡資訊。卡發送第二模組,被配置為將該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該銀行卡資訊發送給銀行服務端,使該銀行服務端根據該銀行卡資訊進行用戶身份認證。
可選地,該卡發送第二模組,被配置為將加簽加密後的該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該加簽加密後的銀行卡資訊發送給銀行服務端,使該銀行服務端對加簽加密後的銀行卡資訊進行驗簽解密,根據解密後的該銀行卡資訊進行用戶身份認證。
可選地,該卡查詢第二模組,被配置為通過開放閘道器從該第三方平台的內部查詢出該銀行卡資訊,其中,該開放閘道器用於對該銀行卡資訊進行加簽加密。
根據本說明書實施例的第五方面,提供了一種計算設備,包括:記憶體和處理器;該記憶體用於儲存電腦可執行指令,該處理器用於執行該電腦可執行指令:在需要確認用戶身份時,根據該用戶的銀行卡免登錄授權狀態資訊,判斷該用戶是否已經授權銀行卡免登錄;在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在該第三方平台綁定的銀行卡資訊;將該銀行卡資訊發送給銀行服務端,以便該銀行服務端根據該銀行卡資訊進行用戶身份認證。
根據本說明書實施例的第六方面,提供了一種電腦可讀取儲存媒體,其儲存有電腦指令,該指令被處理器執行時實現本說明書任一實施例該身份認證方法的步驟。
根據本說明書實施例的第七方面,提供了一種計算設備,包括:記憶體和處理器;該記憶體用於儲存電腦可執行指令,該處理器用於執行該電腦可執行指令:回應於第三方平台中第三方應用程式的呼叫,針對該呼叫涉及的用戶,根據保存的該用戶的銀行卡免登錄授權狀態資訊判斷該用戶是否已經授權銀行卡免登錄;在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在第三方平台綁定的銀行卡資訊;將該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該銀行卡資訊發送給銀行服務端,使該銀行服務端根據該銀行卡資訊進行用戶身份認證。
根據本說明書實施例的第八方面,提供了一種電腦可讀取儲存媒體,其儲存有電腦指令,該指令被處理器執行時實現本說明書任一實施例該實現免登錄授權組件的方法的步驟。
本說明書一方面一個實施例中的身份認證方法應用於第三方平台提供的第三方應用程式,在需要確認用戶身份時,根據該用戶已經授權銀行卡免登錄,從該第三方平台的內部查詢出該用戶在該第三方平台綁定的銀行卡資訊,將該銀行卡資訊發送給銀行服務端進行身份認證,由於第三方應用程式可以根據授權從第三方平台內部獲得綁定的銀行卡資訊,發送給銀行服務端進行用戶身份認證,因此,只要用戶已經在第三方應用程式中銀行卡免登錄授權就可以完成在銀行服務端的身份認證以及後續的業務邏輯處理,無需輸入銀行卡資訊來進行二次登錄,簡單高效,簡化用戶操作,提高用戶體驗。
本說明書另一方面一個實施例中的實現免登錄授權組件的方法,回應於第三方平台中第三方應用程式的呼叫,在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在第三方平台綁定的銀行卡資訊,將該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該銀行卡資訊發送給銀行服務端進行用戶身份認證,由於實現了可供第三方應用程式呼叫的銀行卡免登錄授權組件,使第三方應用程式可以在用戶授權的情況下通過銀行卡免登錄授權組件獲得第三方平台內部綁定的銀行卡資訊,發送給銀行服務端進行用戶身份認證,從而為第三方應用程式簡化了如餘額查詢、帳單查詢等集中於卡維度的業務場景下的身份認證流程,提供了通用的銀行卡免登錄授權組件,只要用戶已經銀行卡免登錄授權就可以完成在銀行服務端的身份認證以及後續的業務邏輯處理,無需輸入銀行卡資訊來進行二次登錄,簡單高效,簡化用戶操作,提高用戶體驗。
In view of this, the embodiment of this specification provides an identity authentication method and a method for implementing a login-free authorization component. One or more embodiments of this specification also relate to an identity authentication device, a device implementing a login-free authorization component, a computing device, and a computer-readable storage medium, so as to solve technical defects in the prior art.
According to the first aspect of the embodiment of this specification, there is provided an identity authentication method, which is applied to a third-party application program provided by a third-party platform, including: when it is necessary to confirm the user's identity, according to the user's bank card login-free authorization status information, Determine whether the user has authorized the bank card to be free of login; if the user has authorized the bank card to be free of login, query the bank card information bound to the user on the third-party platform from within the third-party platform; The card information is sent to the bank server so that the bank server can perform user identity authentication based on the bank card information.
Optionally, it also includes: obtaining the user's authorization for bank card free login when the user does not authorize bank card free login.
Optionally, when the user identity needs to be confirmed, according to the user's bank card free login authorization status information, judging whether the user has authorized the bank card free login includes: calling the bank card free login authorization component when the user identity needs to be confirmed , so that the bank card free login authorization component responds to the call, and judges whether the user has authorized the bank card free login according to the saved bank card free login authorization status information of the user; if the user has authorized the bank card free login In this case, the bank card information bound by the user on the third-party platform is queried from within the third-party platform, including: if the user has authorized the bank card to be free from login, the information returned by the bank card free-login authorization component is obtained Bank card information; wherein, the bank card information is queried from the third-party platform and returned to the bank card after obtaining the authorization of the user in the case that the bank card free login authorization component determines that the user has not authorized the bank card free login The third-party application program, or the bank card free login authorization component inquires from the inside of the third-party platform and returns to the third-party application program when it determines that the user has authorized the bank card free login.
Optionally, in the case that the user has authorized the bank card without login, obtaining the bank card information returned by the bank card login-free authorization component includes: obtaining the bank card information in the case that the user has authorized the bank card without login. Signature-encrypted bank card information returned by the card-free login authorization component. Sending the bank card information to the bank server includes: sending the signed and encrypted bank card information to the bank server, so that the bank server can verify and decrypt the signed and encrypted bank card information, according to The decrypted bank card information is used for user identity authentication.
Optionally, it also includes: sending the business request to the bank server, so that the server executes the business logic corresponding to the business request after completing the user identity authentication, and returns the business data to the third-party application; The business data returned by the server.
Optionally, the sending the service request to the bank server includes: sending the payment request to the bank server.
According to the second aspect of the embodiment of this specification, there is provided an identity authentication device configured on a third-party application program provided by a third-party platform, including: a first authorization judgment module configured to, when it is necessary to confirm the user's identity, according to the User's bank card free login authorization status information, to determine whether the user has authorized bank card free login. The card query first module is configured to query the bank card information bound by the user on the third-party platform from within the third-party platform when the user has authorized the bank card to be exempt from login. The card sending first module is configured to send the bank card information to the bank server, so that the bank server can perform user identity authentication based on the bank card information.
Optionally, it also includes: an authorization acquisition module configured to obtain the user's authorization for bank card free login if the user has not authorized bank card free login.
Optionally, the authorization judging first module is configured to call the bank card login-free authorization component when it is necessary to confirm the user's identity, so that the bank card login-free authorization component responds to the call, according to the saved bank card of the user. Card free login authorization status information to determine whether the user has authorized bank card free login. The first card query module is configured to obtain the bank card information returned by the bank card free login authorization component when the user has authorized the bank card free login; where the bank card information is provided by the bank card free login In the case that the authorization component determines that the user has not authorized the login-free bank card, after obtaining the authorization of the user, it will query it from the inside of the third-party platform and return it to the third-party application, or the bank card login-free authorization component will When it is determined that the user has authorized the bank card to be exempt from login, it is queried from the inside of the third-party platform and returned to the third-party application.
Optionally, the card query first module is configured to obtain the signed and encrypted bank card information returned by the bank card free-login authorization component if the user has authorized the bank card to be free of log-in. The card sending first module is configured to send the signed and encrypted bank card information to the bank server, so that the bank server can verify and decrypt the signed and encrypted bank card information. According to the decrypted The bank card information for user identity authentication.
Optionally, it also includes: a request sending module configured to send the service request to the bank server, so that the server executes the business logic corresponding to the service request after completing the user identity authentication, and sends the service request to the third-party application The program returns business data. The data receiving module is configured to receive the business data returned by the bank server.
Optionally, the request sending module is configured to send the payment request to the bank server.
According to the third aspect of the embodiment of this specification, there is provided a method for realizing the login-free authorization component, including: responding to the call of the third-party application program in the third-party platform, for the user involved in the call, according to the stored user's bank Card free login authorization status information to determine whether the user has authorized bank card free login; if the user has authorized bank card free login, query the bank card bound by the user on the third-party platform from within the third-party platform Information; send the bank card information to the third-party application, so that the third-party application sends the bank card information to the bank server, so that the bank server performs user identity authentication based on the bank card information.
Optionally, send the bank card information to the third-party application, so that the third-party application sends the bank card information to the bank server, so that the bank server performs user identity authentication based on the bank card information, including : Send the signed-encrypted bank card information to the third-party application, so that the third-party application sends the signed-encrypted bank card information to the bank server, so that the bank server encrypts the signed Signature verification and decryption are performed on the bank card information after decryption, and user identity authentication is performed according to the bank card information after decryption.
Optionally, querying the bank card information from the third-party platform includes: querying the bank card information from the third-party platform through an open gateway, wherein the open gateway is used for the bank The card information is signed and encrypted.
According to the fourth aspect of the embodiment of this specification, there is provided a device for implementing a login-free authorization component, including: a second module for authorization judgment, configured to respond to a call from a third-party application program in a third-party platform, for the call involving According to the saved user's bank card free login authorization status information, it is judged whether the user has authorized the bank card free login. The second card query module is configured to query the bank card information bound by the user on the third-party platform from inside the third-party platform when the user has authorized the bank card to be exempt from login. The card sending second module is configured to send the bank card information to the third-party application program, so that the third-party application program sends the bank card information to the bank server, so that the bank server can use the bank card information Perform user authentication.
Optionally, the card sending second module is configured to send the signed and encrypted bank card information to the third-party application, so that the third-party application can send the signed and encrypted bank card information To the bank server, so that the bank server performs signature verification and decryption on the signed and encrypted bank card information, and performs user identity authentication according to the decrypted bank card information.
Optionally, the card query second module is configured to query the bank card information from inside the third-party platform through an open gateway, wherein the open gateway is used to sign the bank card information encryption.
According to a fifth aspect of the embodiments of this specification, there is provided a computing device, including: a memory and a processor; the memory is used to store computer-executable instructions, and the processor is used to execute the computer-executable instructions: when it is necessary to confirm the user In case of identity, according to the user's bank card free login authorization status information, it is judged whether the user has authorized the bank card free login; if the user has authorized the bank card free login, the user is queried from the inside of the third-party platform Bank card information bound to the third-party platform; sending the bank card information to the bank server so that the bank server can perform user identity authentication based on the bank card information.
According to a sixth aspect of the embodiments of the present specification, there is provided a computer-readable storage medium, which stores computer instructions, and when the instructions are executed by a processor, the steps of the identity authentication method in any embodiment of the present specification are implemented.
According to a seventh aspect of the embodiments of this specification, there is provided a computing device, including: a memory and a processor; the memory is used to store computer-executable instructions, and the processor is used to execute the computer-executable instructions: in response to a third party For the call of a third-party application on the platform, for the user involved in the call, judge whether the user has authorized the bank card free login according to the saved authorization status information of the user's bank card; if the user has authorized the bank card free login In this case, query the bank card information bound by the user on the third-party platform from within the third-party platform; send the bank card information to the third-party application so that the third-party application can send the bank card information To the bank server, so that the bank server performs user identity authentication based on the bank card information.
According to the eighth aspect of the embodiments of this specification, there is provided a computer-readable storage medium, which stores computer instructions, and when the instructions are executed by a processor, the steps of the method for implementing a login-free authorization component in any embodiment of this specification are implemented. .
On the one hand, the identity authentication method in one embodiment of this specification is applied to a third-party application program provided by a third-party platform. When it is necessary to confirm the user's identity, according to the user's authorization of the bank card to avoid login, the user can query from the inside of the third-party platform. The user binds the bank card information on the third-party platform, and sends the bank card information to the bank server for identity authentication. Since the third-party application can obtain the bound bank card information from the third-party platform according to the authorization, send Perform user identity authentication on the bank server. Therefore, as long as the user has authorized the bank card without login in the third-party application, the identity authentication on the bank server and the subsequent business logic processing can be completed without entering bank card information for the second time. Login, simple and efficient, simplify user operations and improve user experience.
In another embodiment of the present specification, the method for realizing the login-free authorization component responds to the call of the third-party application program in the third-party platform. Internally query the bank card information bound by the user on the third-party platform, and send the bank card information to the third-party application, so that the third-party application can send the bank card information to the bank server for user identity authentication, Since the bank card login-free authorization component that can be called by a third-party application is implemented, the third-party application can obtain the bank card information bound inside the third-party platform through the bank card login-free authorization component under the authorization of the user, and send Perform user identity authentication for the bank server, thereby simplifying the identity authentication process for third-party applications such as balance inquiry, bill inquiry, etc. The user can complete the identity authentication and subsequent business logic processing on the bank server after the bank card is free of login authorization. There is no need to enter bank card information for secondary login, which is simple and efficient, simplifies user operations, and improves user experience.
在下面的描述中闡述了很多具體細節以便於充分理解本說明書。但是本說明書能夠以很多不同於在此描述的其它方式來實施,本領域技術人員可以在不違背本說明書內涵的情況下做類似推廣,因此本說明書不受下面公開的具體實施的限制。
在本說明書一個或多個實施例中使用的術語是僅僅出於描述特定實施例的目的,而非旨在限制本說明書一個或多個實施例。在本說明書一個或多個實施例和所附申請專利範圍中所使用的單數形式的“一種”、“所述”和“該”也旨在包括多數形式,除非上下文清楚地表示其他含義。還應當理解,本說明書一個或多個實施例中使用的術語“和/或”是指並包含一個或多個相關聯的列出項目的任何或所有可能組合。
應當理解,儘管在本說明書一個或多個實施例中可能採用術語第一、第二等來描述各種資訊,但這些資訊不應限於這些術語。這些術語僅用來將同一類型的資訊彼此區分開。例如,在不脫離本說明書一個或多個實施例範圍的情況下,第一也可以被稱為第二,類似地,第二也可以被稱為第一。取決於語境,如在此所使用的詞語“如果”可以被解釋成為“在……時”或“當……時”或“回應於確定”。
首先,對本說明書一個或多個實施例涉及的名詞術語進行解釋。
在本說明書中,提供了一種身份認證方法、實現免登錄授權組件的方法,本說明書同時涉及一種身份認證裝置、實現免登錄授權組件的裝置,一種計算設備,以及一種電腦可讀取儲存媒體,在下面的實施例中逐一進行詳細說明。
圖1示出了根據本說明書一個實施例提供的應用於第三方平台提供的第三方應用程式的一種身份認證方法的流程圖,包括步驟102至步驟106。
步驟102:在需要確認用戶身份時,根據該用戶的銀行卡免登錄授權狀態資訊,判斷該用戶是否已經授權銀行卡免登錄。
例如,該銀行卡免登錄授權狀態資訊,可以包括已授權狀態或者未授權狀態。
可選地,還可以在該用戶未授權銀行卡免登錄的情況下,取得該用戶對銀行卡免登錄的授權。例如,可以在第三方應用程式彈出請求授權的對話框,通過該對話框接收用戶輸入的確定授權資訊,並相應更新銀行卡免登錄授權狀態資訊為已授權狀態。通過該實施方式,第三方應用程式可以直接向用戶取得授權,無需用戶額外尋找進入授權的頁面,授權即時、過程簡單高效。
步驟104:在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在該第三方平台綁定的銀行卡資訊。
例如,該銀行卡資訊,可以包括銀行卡私密資訊,如銀行卡卡號、密碼等。其中,該第三方平台如支付寶等第三方支付平台。
可選地,可以提供銀行卡免登錄授權組件,在需要確認用戶身份時,呼叫銀行卡免登錄授權組件,以便該銀行卡免登錄授權組件回應於該呼叫,根據保存的該用戶的銀行卡免登錄授權狀態資訊判斷該用戶是否已經授權銀行卡免登錄。通過為第三方應用程式提供通用的銀行卡免登錄授權組件,簡化了第三方應用程式的免登錄授權相關邏輯,可以提高第三方應用程式的回應速度,提高了用戶體驗。相應地,第三方應用程式可以在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的銀行卡資訊。其中,該銀行卡資訊可以由該銀行卡免登錄授權組件在判定該用戶未授權銀行卡免登錄的情況下,取得該用戶授權之後從該第三方平台的內部查詢出來並返回給該第三方應用程式,或者,由該銀行卡免登錄授權組件在判定該用戶已經授權銀行卡免登錄的情況下從該第三方平台的內部查詢出來並返回給該第三方應用程式。
可選地,為了保證用戶隱私資訊的安全性,第三方應用程式可以在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的加簽加密後的銀行卡資訊,將該加簽加密後的銀行卡資訊發送給該銀行服務端,以便該銀行服務端對加簽加密後的銀行卡資訊進行驗簽解密,根據解密後的該銀行卡資訊進行用戶身份認證。在該實施例中,由於銀行卡資訊在從銀行卡免登錄授權組件到第三方應用程式,再從第三方應用程式到銀行服務端的傳輸過程中,一直處於加密狀態,直到銀行服務端才解密得到明文資訊,從而保障了用戶隱私資訊的安全性。
步驟106:將該銀行卡資訊發送給銀行服務端,以便該銀行服務端根據該銀行卡資訊進行用戶身份認證。
可選地,還可以將業務請求例如支付請求發送給該銀行服務端,以便該服務端在完成用戶身份認證之後,執行該業務請求對應的業務邏輯,向該第三方應用程式返回業務資料,接收該銀行服務端返回的業務資料。可見,對於查詢餘額、帳單明細、支付等業務請求的場景中,不需要用戶再次輸入銀行卡資訊,用戶在銀行小程式等第三方應用程式中進行一次銀行卡免登錄授權,就可以完成在銀行服務端的身份認證以及後續的業務邏輯處理,簡單高效,簡化用戶操作,提高用戶體驗。
可見,由於本說明書實施例提供的身份認證方法在銀行服務端需要確認用戶身份時,根據用戶的授權,第三方應用程式可以從第三方平台內部獲得綁定的銀行卡資訊,發送給銀行服務端進行用戶身份認證,從而簡化了餘額查詢、帳單查詢等集中於卡維度的業務場景下的二次身份認證流程,只要用戶已經在第三方應用程式中銀行卡免登錄授權就可以完成在銀行服務端的身份認證以及後續的業務邏輯處理,無需輸入銀行卡資訊來進行二次登錄,簡單高效,簡化用戶操作,提高用戶體驗。
與上述身份認證方法實施例相對應,本說明書還提供了一種身份認證裝置實施例,圖2示出了本說明書一個實施例提供的一種身份認證裝置的結構示意圖。該身份認證裝置可以配置於第三方平台提供的第三方應用程式。如圖2所示,該裝置包括:授權判斷第一模組202、卡查詢第一模組204、卡發送第一模組206。
該授權判斷第一模組202,可以被配置為在需要確認用戶身份時,根據該用戶的銀行卡免登錄授權狀態資訊,判斷該用戶是否已經授權銀行卡免登錄。
該卡查詢第一模組204,可以被配置為在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在該第三方平台綁定的銀行卡資訊。
該卡發送第一模組206,可以被配置為將該銀行卡資訊發送給銀行服務端,以便該銀行服務端根據該銀行卡資訊進行用戶身份認證。
可見,由於本說明書實施例提供的身份認證方法在銀行服務端需要確認用戶身份時,根據用戶的授權,第三方應用程式可以從第三方平台內部獲得綁定的銀行卡資訊,發送給銀行服務端進行用戶身份認證,從而簡化了餘額查詢、帳單查詢等集中於卡維度的業務場景下的二次身份認證流程,只要用戶已經在第三方應用程式中銀行卡免登錄授權就可以完成在銀行服務端的身份認證以及後續的業務邏輯處理,無需輸入銀行卡資訊來進行二次登錄,簡單高效,簡化用戶操作,提高用戶體驗。
圖3示出了本說明書一個或多個實施例提供的一種身份認證裝置的結構示意圖。該身份認證裝置可以配置於第三方平台提供的第三方應用程式。如圖3所示,該裝置還可以包括:授權取得模組208,可以被配置為在該用戶未授權銀行卡免登錄的情況下,取得該用戶對銀行卡免登錄的授權。
通過該實施方式,第三方應用程式可以直接向用戶取得授權,無需用戶額外尋找進入授權的頁面,授權即時、過程簡單高效。
可選地,如圖3所示,該授權判斷第一模組202,可以被配置為在需要確認用戶身份時,呼叫銀行卡免登錄授權組件,以便該銀行卡免登錄授權組件回應於該呼叫,根據保存的該用戶的銀行卡免登錄授權狀態資訊判斷該用戶是否已經授權銀行卡免登錄。該卡查詢第一模組204,可以被配置為在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的銀行卡資訊;其中,該銀行卡資訊由該銀行卡免登錄授權組件在判定該用戶未授權銀行卡免登錄的情況下,取得該用戶授權之後從該第三方平台的內部查詢出來並返回給該第三方應用程式,或者,由該銀行卡免登錄授權組件在判定該用戶已經授權銀行卡免登錄的情況下從該第三方平台的內部查詢出來並返回給該第三方應用程式。通過為第三方應用程式提供通用的銀行卡免登錄授權組件,簡化了第三方應用程式的免登錄授權相關邏輯,可以提高第三方應用程式的回應速度,提高了用戶體驗。
可選地,該卡查詢第一模組204,可以被配置為在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的加簽加密後的銀行卡資訊。該卡發送第一模組206,可以被配置為將該加簽加密後的銀行卡資訊發送給該銀行服務端,以便該銀行服務端對加簽加密後的銀行卡資訊進行驗簽解密,根據解密後的該銀行卡資訊進行用戶身份認證。在該實施例中,由於銀行卡資訊在從銀行卡免登錄授權組件到第三方應用程式,再從第三方應用程式到銀行服務端的傳輸過程中,一直處於加密狀態,直到銀行服務端才解密得到明文資訊,從而保障了用戶隱私資訊的安全性。
如圖3所示,該裝置還可以包括:請求發送模組210,可以被配置為將業務請求發送給該銀行服務端,以便該服務端在完成用戶身份認證之後,執行該業務請求對應的業務邏輯,向該第三方應用程式返回業務資料。資料接收模組212,可以被配置為接收該銀行服務端返回的業務資料。
例如,該請求發送模組210,可以被配置為將支付請求發送給該銀行服務端。
可見,對於查詢餘額、帳單明細、支付等業務請求的場景中,不需要用戶再次輸入銀行卡資訊,用戶在銀行小程式等第三方應用程式中進行一次銀行卡免登錄授權,就可以完成在銀行服務端的身份認證以及後續的業務邏輯處理,簡單高效,簡化用戶操作,提高用戶體驗。
上述為本實施例的一種身份認證裝置的示意性方案。需要說明的是,該身份認證裝置的技術方案與上述的身份認證方法的技術方案屬於同一構思,身份認證裝置的技術方案未詳細描述的細節內容,均可以參見上述身份認證方法的技術方案的描述。
圖4示出了根據本說明書一個實施例提供的一種實現免登錄授權組件的方法的流程圖,包括步驟402至步驟406。
步驟402:回應於第三方平台中第三方應用程式的呼叫,針對該呼叫涉及的用戶,根據保存的該用戶的銀行卡免登錄授權狀態資訊判斷該用戶是否已經授權銀行卡免登錄。
例如,可以通過授權中心判斷用戶是否已經授權銀行卡免登錄。授權中心,可以用於保存用戶的銀行卡免登錄授權狀態資訊,決策是否需要用戶進行授權。
步驟404:在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在第三方平台綁定的銀行卡資訊。
例如,可以在判定該用戶未授權銀行卡免登錄的情況下,取得該用戶授權,更新該用戶的銀行卡免登錄授權狀態資訊,從該第三方平台的內部查詢出該銀行卡資訊。在判定該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該銀行卡資訊。
可選地,可以通過開放閘道器從該第三方平台的內部查詢出該銀行卡資訊,其中,該開放閘道器用於對該銀行卡資訊進行加簽加密。例如,可以採用RSA、SHA256等加密演算法。在該實施例中,由於銀行卡資訊從第三平台內部查詢出來之後通過開放閘道器加簽加密,在整個傳輸過程中,一直處於加密狀態,從而保障了用戶隱私資訊的安全性。
步驟406:將該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該銀行卡資訊發送給銀行服務端,使該銀行服務端根據該銀行卡資訊進行用戶身份認證。
例如,將加簽加密後的該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該加簽加密後的銀行卡資訊發送給銀行服務端,使該銀行服務端對加簽加密後的銀行卡資訊進行驗簽解密,根據解密後的該銀行卡資訊進行用戶身份認證。在該實施例中,由於銀行卡資訊在從銀行卡免登錄授權組件到第三方應用程式,再從第三方應用程式到銀行服務端的傳輸過程中,一直處於加密狀態,從而保障了用戶隱私資訊的安全性。
可見,由於本說明書實施例提供的實現免登錄授權組件的方法,實現了可供第三方應用程式呼叫的銀行卡免登錄授權組件,使第三方應用程式可以在用戶授權的情況下獲得第三方平台內部綁定的銀行卡資訊,發送給銀行服務端進行用戶身份認證,從而為第三方應用程式簡化餘額查詢、帳單查詢等集中於卡維度的業務場景下的二次身份認證流程提供了通用的銀行卡免登錄授權組件,只要用戶已經在第三方應用程式中銀行卡免登錄授權就可以完成在銀行服務端的身份認證以及後續的業務邏輯處理,無需輸入銀行卡資訊來進行二次登錄,簡單高效,簡化用戶操作,提高用戶體驗。
為了使本說明書一個或多個實施例更加易於理解,下面結合圖5所示根據本說明書一個或多個實施例的方案架構示意圖進行說明。如圖5所示,在根據本說明書一個或多個實施例的方案架構中,可以包括五層結構:業務場景502、應用層504、銀行卡免登錄授權組件層506、基礎層508、資料層510。其中,業務場景502可以包括:餘額查詢、帳單明細、還款查詢、帳戶資訊查詢等。應用層504可以包括:銀行小程式、銀行服務端。銀行卡免登錄授權組件506的功能可以包括:通過基礎層508的授權中心進行用戶授權,通過基礎層508的開放閘道器進行銀行卡資訊查詢,通過基礎層508的開放閘道器及加密演算法進行加簽加密。基礎層508可以包括:開放閘道器、授權中心、用於實現銀行小程式的小程式平台、加密演算法。銀行卡免登錄授權組件508是位於開放閘道器、授權中心、加密演算法之上的應用層。資料層510可以包括:例如真實姓名、手機號等用戶資訊、銀行卡資訊、如銀行名稱、銀行簡稱等銀行資訊。其中,根據實施場景需要,銀行服務端可以將用戶資訊與銀行卡資訊、銀行資訊一併返回給銀行小程式。
基於圖5所示方案架構,用戶在使用銀行在第三方平台開發的銀行小程式時,對於餘額查詢、帳單查詢等場景,底層可以依賴開放閘道器、授權中心、加密演算法等基礎功能,使用戶的銀行卡資訊這樣的隱私資料在整個傳輸過程中,通過用戶授權及全程使用非對稱加密演算法進行加密,從而保障了用戶隱私資訊的通用性及安全性。
下面,再結合圖6所示的消息交互示意圖,對基於圖5所示方案架構的本說明書一個或多個實施例的流程進行說明。具體步驟包括步驟602至步驟634。
步驟602:銀行小程式回應於用戶使用某銀行功能,例如,餘額查詢、帳單明細、還款查詢、帳戶資訊查詢等,根據該銀行功能需要銀行卡資訊進行身份認證,呼叫銀行卡免登錄授權組件。
步驟604:銀行卡免登錄授權組件向授權中心發送授權判斷請求。
步驟606:授權中心回應於接收到授權判斷請求,根據該用戶的銀行卡免登錄授權狀態資訊,判斷該用戶是否已經授權銀行卡免登錄。
步驟608:授權中心在判定該用戶未授權銀行卡免登錄的情況下,向該銀行小程式返回用戶未授權資訊。
步驟610:銀行小程式根據該用戶未授權資訊展示請求授權對話框以便讓用戶授權。
步驟612:在用戶確認授權的情況下,向該授權中心發送該用戶的確認授權資訊。
步驟614:授權中心根據該確認授權資訊,更新該用戶的銀行卡免登錄授權狀態資訊。
步驟616:授權中心在該用戶已經授權銀行卡免登錄的情況下,向該開放閘道器發送銀行卡資訊查詢請求。
步驟618:開放閘道器回應於接收到該銀行卡資訊查詢請求,向第三方平台內部的資料服務發送查詢該用戶的銀行卡資訊的查詢請求。
步驟620:開放閘道器從第三方平台的資料服務接收其返回的該用戶的銀行卡資訊。
步驟622:開放閘道器對該銀行卡資訊進行加簽加密。
步驟624:開放閘道器將加簽加密後的銀行卡資訊返回給銀行卡免登錄授權組件。
步驟626:銀行卡免登錄授權組件將加簽加密後的銀行卡資訊返回給銀行小程式。
步驟628:銀行小程式將攜帶有加簽加密後的銀行卡資訊的業務請求發送給銀行服務端。
步驟630:銀行服務端對加簽加密後的銀行卡資訊進行驗簽解密,根據解密後的該銀行卡資訊進行用戶身份認證,認證通過後執行該業務請求。
步驟632:銀行服務端向銀行小程式返回該業務請求對應的業務資料。
步驟634:銀行小程式根據接收到的業務資料渲染業務頁面。
通過該實施例可見,本實施例可以在用戶存取銀行小程式一些功能的時候,通過用戶授權,允許例如支付寶等第三方平台將用戶在其上綁定的銀行卡資訊傳遞給銀行小程式使用,用於身份確認以及資訊查詢等業務場景,並且在銀行卡資訊傳遞過程中加入加簽、加密等用戶隱私保護機制,銀行服務端在拿到用戶的銀行卡資訊後再進行驗簽、解密等處理,通過銀行卡資訊識別用戶身份並做後續業務處理,從而免去用戶輸入銀行卡資訊的操作,簡化用戶操作步驟,提高用戶體驗。
與上述實現免登錄授權組件的方法實施例相對應,本說明書還提供了一種實現免登錄授權組件的裝置的實施例,圖7示出了本說明書一個實施例提供的一種實現免登錄授權組件的裝置的結構示意圖。如圖7所示,該裝置包括:授權判斷第二模組702、卡查詢第二模組704及卡發送第二模組706。
該授權判斷第二模組702,可以被配置為回應於第三方平台中第三方應用程式的呼叫,針對該呼叫涉及的用戶,根據保存的該用戶的銀行卡免登錄授權狀態資訊判斷該用戶是否已經授權銀行卡免登錄。
該卡查詢第二模組704,可以被配置為在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在第三方平台綁定的銀行卡資訊。
該卡發送第二模組706,可以被配置為將該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該銀行卡資訊發送給銀行服務端,使該銀行服務端根據該銀行卡資訊進行用戶身份認證。
可見,由於本說明書實施例提供的實現免登錄授權組件的方法,實現了可供第三方應用程式呼叫的銀行卡免登錄授權組件,使第三方應用程式可以在用戶授權的情況下獲得第三方平台內部綁定的銀行卡資訊,發送給銀行服務端進行用戶身份認證,從而為第三方應用程式簡化餘額查詢、帳單查詢等集中於卡維度的業務場景下的二次身份認證流程提供了通用的銀行卡免登錄授權組件,只要用戶已經在第三方應用程式中銀行卡免登錄授權就可以完成在銀行服務端的身份認證以及後續的業務邏輯處理,無需輸入銀行卡資訊來進行二次登錄,簡單高效,簡化用戶操作,提高用戶體驗。
可選地,該卡發送第二模組706,可以被配置為將加簽加密後的該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該加簽加密後的銀行卡資訊發送給銀行服務端,使該銀行服務端對加簽加密後的銀行卡資訊進行驗簽解密,根據解密後的該銀行卡資訊進行用戶身份認證。在該實施例中,由於銀行卡資訊在從銀行卡免登錄授權組件到第三方應用程式,再從第三方應用程式到銀行服務端的傳輸過程中,一直處於加密狀態,從而保障了用戶隱私資訊的安全性。
可選地,該卡查詢第二模組704,可以被配置為通過開放閘道器從該第三方平台的內部查詢出該銀行卡資訊,其中,該開放閘道器用於對該銀行卡資訊進行加簽加密。在該實施例中,由於銀行卡資訊從第三平台內部查詢出來之後通過開放閘道器加簽加密,在整個傳輸過程中,一直處於加密狀態,從而保障了用戶隱私資訊的安全性。
上述為本實施例的一種實現免登錄授權組件的裝置的示意性方案。需要說明的是,該實現免登錄授權組件的裝置的技術方案與上述的實現免登錄授權組件的方法的技術方案屬於同一構思,實現免登錄授權組件的裝置的技術方案未詳細描述的細節內容,均可以參見上述實現免登錄授權組件的方法的技術方案的描述。
圖8示出了根據本說明書一個實施例提供的一種計算設備800的結構方塊圖。該計算設備800的部件包括但不限於記憶體810和處理器820。處理器820與記憶體810通過匯流排830相連接,資料庫850用於保存資料。
計算設備800還包括接入設備840,接入設備840使得計算設備800能夠經由一個或多個網路860通信。這些網路的示例包括公用交換電話網(PSTN)、區域網路(LAN)、廣域網路(WAN)、個人區域網路(PAN)或諸如網際網路的通信網路的組合。接入設備840可以包括有線或無線的任何類型的網路介面(例如,網路介面卡(NIC))中的一個或多個,諸如IEEE802.11無線區域網路(WLAN)無線介面、全球微波互聯接入(Wi-MAX)介面、以太網介面、通用序列匯流排(USB)介面、蜂巢式網路介面、藍牙介面、近場通信(NFC)介面,等等。
在本說明書的一個實施例中,計算設備800的上述部件以及圖8中未示出的其他部件也可以彼此相連接,例如通過匯流排。應當理解,圖8所示的計算設備結構方塊圖僅僅是出於示例的目的,而不是對本說明書範圍的限制。本領域技術人員可以根據需要,增添或替換其他部件。
計算設備800可以是任何類型的靜止或行動計算設備,包括行動電腦或行動計算設備(例如,平板電腦、個人數位助理、筆記型電腦、筆記本電腦、輕省筆電等)、行動電話(例如,智慧型手機)、可佩戴的計算設備(例如,智慧型手錶、智慧型眼鏡等)或其他類型的行動設備,或者諸如台式電腦或PC的靜止計算設備。計算設備800還可以是行動式或靜止式的伺服器。
本說明書一方面的一個或多個實施例中,處理器820可以用於執行如下電腦可執行指令:
在需要確認用戶身份時,根據該用戶的銀行卡免登錄授權狀態資訊,判斷該用戶是否已經授權銀行卡免登錄;
在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在該第三方平台綁定的銀行卡資訊;
將該銀行卡資訊發送給銀行服務端,以便該銀行服務端根據該銀行卡資訊進行用戶身份認證。
可選地,還包括:在該用戶未授權銀行卡免登錄的情況下,取得該用戶對銀行卡免登錄的授權。
可選地,該在需要確認用戶身份時,根據該用戶的銀行卡免登錄授權狀態資訊,判斷該用戶是否已經授權銀行卡免登錄包括:
在需要確認用戶身份時,呼叫銀行卡免登錄授權組件,以便該銀行卡免登錄授權組件回應於該呼叫,根據保存的該用戶的銀行卡免登錄授權狀態資訊判斷該用戶是否已經授權銀行卡免登錄;
該在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在該第三方平台綁定的銀行卡資訊包括:
在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的銀行卡資訊;
其中,該銀行卡資訊由該銀行卡免登錄授權組件在判定該用戶未授權銀行卡免登錄的情況下,取得該用戶授權之後從該第三方平台的內部查詢出來並返回給該第三方應用程式,或者,由該銀行卡免登錄授權組件在判定該用戶已經授權銀行卡免登錄的情況下從該第三方平台的內部查詢出來並返回給該第三方應用程式。
可選地,該在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的銀行卡資訊包括:
在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的加簽加密後的銀行卡資訊;
該將該銀行卡資訊發送給銀行服務端包括:
將該加簽加密後的銀行卡資訊發送給該銀行服務端,以便該銀行服務端對加簽加密後的銀行卡資訊進行驗簽解密,根據解密後的該銀行卡資訊進行用戶身份認證。
可選地,還包括:
將業務請求發送給該銀行服務端,以便該服務端在完成用戶身份認證之後,執行該業務請求對應的業務邏輯,向該第三方應用程式返回業務資料;
接收該銀行服務端返回的業務資料。
可選地,該將業務請求發送給該銀行服務端包括:
將支付請求發送給該銀行服務端。
上述為本實施例的一種計算設備的示意性方案。需要說明的是,該計算設備的技術方案與上述的身份認證方法的技術方案屬於同一構思,計算設備的技術方案未詳細描述的細節內容,均可以參見上述身份認證方法的技術方案的描述。
本說明書另一方面的一個或多個實施例中,處理器820可以用於執行如下電腦可執行指令:
回應於第三方平台中第三方應用程式的呼叫,針對該呼叫涉及的用戶,根據保存的該用戶的銀行卡免登錄授權狀態資訊判斷該用戶是否已經授權銀行卡免登錄;
在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在第三方平台綁定的銀行卡資訊;
將該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該銀行卡資訊發送給銀行服務端,使該銀行服務端根據該銀行卡資訊進行用戶身份認證。
可選地,該將該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該銀行卡資訊發送給銀行服務端,使該銀行服務端根據該銀行卡資訊進行用戶身份認證包括:
將加簽加密後的該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該加簽加密後的銀行卡資訊發送給銀行服務端,使該銀行服務端對加簽加密後的銀行卡資訊進行驗簽解密,根據解密後的該銀行卡資訊進行用戶身份認證。
可選地,該從該第三方平台的內部查詢出該銀行卡資訊包括:
通過開放閘道器從該第三方平台的內部查詢出該銀行卡資訊,其中,該開放閘道器用於對該銀行卡資訊進行加簽加密。
上述為本實施例的一種計算設備的示意性方案。需要說明的是,該計算設備的技術方案與上述的實現免登錄授權組件的方法的技術方案屬於同一構思,計算設備的技術方案未詳細描述的細節內容,均可以參見上述實現免登錄授權組件的方法的技術方案的描述。
本說明書一方面一實施例還提供一種電腦可讀取儲存媒體,其儲存有電腦指令,該指令被處理器執行時以用於:
在需要確認用戶身份時,根據該用戶的銀行卡免登錄授權狀態資訊,判斷該用戶是否已經授權銀行卡免登錄;
在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在該第三方平台綁定的銀行卡資訊;
將該銀行卡資訊發送給銀行服務端,以便該銀行服務端根據該銀行卡資訊進行用戶身份認證。
可選地,還包括:在該用戶未授權銀行卡免登錄的情況下,取得該用戶對銀行卡免登錄的授權。
可選地,該在需要確認用戶身份時,根據該用戶的銀行卡免登錄授權狀態資訊,判斷該用戶是否已經授權銀行卡免登錄包括:
在需要確認用戶身份時,呼叫銀行卡免登錄授權組件,以便該銀行卡免登錄授權組件回應於該呼叫,根據保存的該用戶的銀行卡免登錄授權狀態資訊判斷該用戶是否已經授權銀行卡免登錄;
該在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在該第三方平台綁定的銀行卡資訊包括:
在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的銀行卡資訊;
其中,該銀行卡資訊由該銀行卡免登錄授權組件在判定該用戶未授權銀行卡免登錄的情況下,取得該用戶授權之後從該第三方平台的內部查詢出來並返回給該第三方應用程式,或者,由該銀行卡免登錄授權組件在判定該用戶已經授權銀行卡免登錄的情況下從該第三方平台的內部查詢出來並返回給該第三方應用程式。
可選地,該在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的銀行卡資訊包括:
在該用戶已經授權銀行卡免登錄的情況下,獲得該銀行卡免登錄授權組件所返回的加簽加密後的銀行卡資訊;
該將該銀行卡資訊發送給銀行服務端包括:
將該加簽加密後的銀行卡資訊發送給該銀行服務端,以便該銀行服務端對加簽加密後的銀行卡資訊進行驗簽解密,根據解密後的該銀行卡資訊進行用戶身份認證。
可選地,還包括:
將業務請求發送給該銀行服務端,以便該服務端在完成用戶身份認證之後,執行該業務請求對應的業務邏輯,向該第三方應用程式返回業務資料;
接收該銀行服務端返回的業務資料。
可選地,該將業務請求發送給該銀行服務端包括:
將支付請求發送給該銀行服務端。
上述為本實施例的一種電腦可讀取儲存媒體的示意性方案。需要說明的是,該儲存媒體的技術方案與上述的身份認證方法的技術方案屬於同一構思,儲存媒體的技術方案未詳細描述的細節內容,均可以參見上述身份認證方法的技術方案的描述。
本說明書另一方面一實施例還提供一種電腦可讀取儲存媒體,其儲存有電腦指令,該指令被處理器執行時以用於:
回應於第三方平台中第三方應用程式的呼叫,針對該呼叫涉及的用戶,根據保存的該用戶的銀行卡免登錄授權狀態資訊判斷該用戶是否已經授權銀行卡免登錄;
在該用戶已經授權銀行卡免登錄的情況下,從該第三方平台的內部查詢出該用戶在第三方平台綁定的銀行卡資訊;
將該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該銀行卡資訊發送給銀行服務端,使該銀行服務端根據該銀行卡資訊進行用戶身份認證。
可選地,該將該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該銀行卡資訊發送給銀行服務端,使該銀行服務端根據該銀行卡資訊進行用戶身份認證包括:
將加簽加密後的該銀行卡資訊發送給該第三方應用程式,以便該第三方應用程式將該加簽加密後的銀行卡資訊發送給銀行服務端,使該銀行服務端對加簽加密後的銀行卡資訊進行驗簽解密,根據解密後的該銀行卡資訊進行用戶身份認證。
可選地,該從該第三方平台的內部查詢出該銀行卡資訊包括:
通過開放閘道器從該第三方平台的內部查詢出該銀行卡資訊,其中,該開放閘道器用於對該銀行卡資訊進行加簽加密。
上述為本實施例的一種電腦可讀取儲存媒體的示意性方案。需要說明的是,該儲存媒體的技術方案與上述的實現免登錄授權組件的方法的技術方案屬於同一構思,儲存媒體的技術方案未詳細描述的細節內容,均可以參見上述實現免登錄授權組件的方法的技術方案的描述。
上述對本說明書特定實施例進行了描述。其它實施例在所附申請專利範圍的範圍內。在一些情況下,在申請專利範圍中記載的動作或步驟可以按照不同於實施例中的順序來執行並且仍然可以實現期望的結果。另外,在圖式中描繪的過程不一定要求示出的特定順序或者連續順序才能實現期望的結果。在某些實施方式中,多任務處理和並行處理也是可以的或者可能是有利的。
該電腦指令包括電腦程式碼,該電腦程式碼可以為原始碼形式、目的碼形式、可執行文件或某些中間形式等。該電腦可讀取媒體可以包括:能夠攜帶該電腦程式碼的任何實體或裝置、記錄媒體、隨身碟、行行動硬碟、磁碟、光碟、電腦記憶體、唯讀記憶體(ROM,Read-Only Memory)、隨機存取記憶體(RAM,Random Access Memory)、電載波信號、電信信號以及軟體分發媒體等。需要說明的是,該電腦可讀取媒體包含的內容可以根據司法管轄區內立法和專利實踐的要求進行適當的增減,例如在某些司法管轄區,根據立法和專利實踐,電腦可讀取媒體不包括電載波信號和電信信號。
需要說明的是,對於前述的各方法實施例,為了簡便描述,故將其都表述為一系列的動作組合,但是本領域技術人員應該知悉,本說明書實施例並不受所描述的動作順序的限制,因為依據本說明書實施例,某些步驟可以採用其它順序或者同時進行。其次,本領域技術人員也應該知悉,說明書中所描述的實施例均屬於優選實施例,所涉及的動作和模組並不一定都是本說明書實施例所必須的。
在上述實施例中,對各個實施例的描述都各有側重,某個實施例中沒有詳述的部分,可以參見其它實施例的相關描述。
以上公開的本說明書優選實施例只是用於幫助闡述本說明書。可選實施例並沒有詳盡敘述所有的細節,也不限制該發明僅為所述的具體實施方式。顯然,根據本說明書實施例的內容,可作很多的修改和變化。本說明書選取並具體描述這些實施例,是為了更好地解釋本說明書實施例的原理和實際應用,從而使所屬技術領域技術人員能很好地理解和利用本說明書。本說明書僅受申請專利範圍及其全部範圍和等效物的限制。 In the following description, numerous specific details are set forth in order to provide a thorough understanding of the specification. However, this specification can be implemented in many other ways different from those described here, and those skilled in the art can make similar extensions without violating the connotation of this specification, so this specification is not limited by the specific implementations disclosed below. Terms used in one or more embodiments of this specification are for the purpose of describing specific embodiments only, and are not intended to limit one or more embodiments of this specification. As used in one or more embodiments of this specification and the appended claims, the singular forms "a", "the", and "the" are also intended to include the plural forms unless the context clearly dictates otherwise. It should also be understood that the term "and/or" used in one or more embodiments of the present specification refers to and includes any or all possible combinations of one or more associated listed items. It should be understood that although the terms first, second, etc. may be used to describe various pieces of information in one or more embodiments of the present specification, these pieces of information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, the first may also be referred to as the second, and similarly, the second may also be referred to as the first without departing from the scope of one or more embodiments of the present specification. Depending on the context, the word "if" as used herein may be interpreted as "at" or "when" or "in response to a determination." First, terms and terms involved in one or more embodiments of this specification are explained. In this specification, an identity authentication method and a method for implementing a login-free authorization component are provided. This specification also relates to an identity authentication device, a device for implementing a login-free authorization component, a computing device, and a computer-readable storage medium. Each will be described in detail in the following examples. FIG. 1 shows a flow chart of an identity authentication method applied to a third-party application program provided by a third-party platform according to an embodiment of the present specification, including steps 102 to 106 . Step 102: When it is necessary to confirm the user's identity, judge whether the user has authorized the bank card free login according to the user's bank card free login authorization status information. For example, the bank card login-free authorization status information may include an authorized status or an unauthorized status. Optionally, if the user does not authorize bank card free login, the user's authorization for bank card free login may also be obtained. For example, a dialog box requesting authorization can be popped up in a third-party application program, through which the confirmed authorization information input by the user can be received, and the status information of the bank card login-free authorization status can be updated accordingly to the authorized status. Through this implementation mode, the third-party application program can directly obtain the authorization from the user, without requiring the user to search for an additional page to enter the authorization, and the authorization is instant, and the process is simple and efficient. Step 104: In the case that the user has authorized the bank card to be exempt from login, query the information of the bank card bound to the user on the third-party platform from within the third-party platform. For example, the bank card information may include bank card private information, such as bank card number and password. Among them, the third-party platform such as Alipay and other third-party payment platforms. Optionally, a bank card login-free authorization component can be provided. When the user identity needs to be confirmed, the bank card login-free authorization component is called, so that the bank card login-free authorization component responds to the call. The login authorization status information judges whether the user has authorized the bank card to be exempt from login. By providing a common bank card login-free authorization component for third-party applications, the logic related to login-free authorization of third-party applications is simplified, the response speed of third-party applications can be improved, and user experience is improved. Correspondingly, the third-party application program can obtain the bank card information returned by the bank card non-login authorization component when the user has authorized the bank card without login. Wherein, the bank card information can be queried from the third-party platform and returned to the third-party application by the bank card free login authorization component after obtaining the user's authorization in the case that the bank card free login authorization component determines that the user has not authorized the bank card free login program, or, the bank card free login authorization component inquires from the inside of the third-party platform and returns to the third-party application program when it is determined that the user has authorized the bank card free login. Optionally, in order to ensure the security of the user's private information, the third-party application program can obtain the signed and encrypted bank card information returned by the bank card free login authorization component when the user has authorized the bank card without login , sending the signed and encrypted bank card information to the bank server, so that the bank server can verify and decrypt the signed and encrypted bank card information, and perform user identity authentication according to the decrypted bank card information. In this embodiment, since the bank card information is always in an encrypted state during the transmission process from the bank card free login authorization component to the third-party application, and then from the third-party application to the bank server, it is not decrypted until the bank server. Clear text information, thus ensuring the security of user privacy information. Step 106: Send the bank card information to the bank server, so that the bank server performs user identity authentication based on the bank card information. Optionally, a business request such as a payment request can also be sent to the bank server, so that the server executes the business logic corresponding to the business request after completing user identity authentication, returns business data to the third-party application, and receives The business information returned by the bank server. It can be seen that in the scenario of querying balance, billing details, payment and other business requests, the user does not need to enter the bank card information again, and the user can complete the bank card login-free authorization once in the third-party application such as the bank applet The identity authentication of the bank server and the subsequent business logic processing are simple and efficient, simplifying user operations and improving user experience. It can be seen that when the identity authentication method provided by the embodiment of this manual needs to confirm the user's identity at the bank server, according to the authorization of the user, the third-party application can obtain the bound bank card information from the third-party platform and send it to the bank server Perform user identity authentication, thereby simplifying the secondary identity authentication process in card-focused business scenarios such as balance inquiry and bill inquiry. As long as the user has authorized the bank card in the third-party application without login, the bank service can be completed Terminal identity authentication and subsequent business logic processing, no need to enter bank card information for secondary login, simple and efficient, simplify user operations, and improve user experience. Corresponding to the above embodiment of the identity authentication method, this specification also provides an embodiment of an identity authentication device. FIG. 2 shows a schematic structural diagram of an identity authentication device provided by an embodiment of this specification. The identity authentication device can be configured in a third-party application program provided by a third-party platform. As shown in FIG. 2 , the device includes: a first authorization judgment module 202 , a first card query module 204 , and a first card sending module 206 . The authorization judging first module 202 can be configured to judge whether the user has authorized the bank card free login according to the user's bank card free login authorization status information when the user identity needs to be confirmed. The card query first module 204 can be configured to query the bank card information bound by the user on the third-party platform from within the third-party platform when the user has authorized the bank card to be exempt from login. The card sending first module 206 can be configured to send the bank card information to the bank server, so that the bank server can perform user identity authentication according to the bank card information. It can be seen that when the identity authentication method provided by the embodiment of this manual needs to confirm the user's identity at the bank server, according to the authorization of the user, the third-party application can obtain the bound bank card information from the third-party platform and send it to the bank server Perform user identity authentication, thereby simplifying the secondary identity authentication process in card-focused business scenarios such as balance inquiry and bill inquiry. As long as the user has authorized the bank card in the third-party application without login, the bank service can be completed Terminal identity authentication and subsequent business logic processing, no need to enter bank card information for secondary login, simple and efficient, simplify user operations, and improve user experience. Fig. 3 shows a schematic structural diagram of an identity authentication device provided by one or more embodiments of this specification. The identity authentication device can be configured in a third-party application program provided by a third-party platform. As shown in FIG. 3 , the device may further include: an authorization obtaining module 208 , which may be configured to obtain the user's authorization of the bank card free login if the user has not authorized the bank card free login. Through this implementation mode, the third-party application program can directly obtain the authorization from the user, without requiring the user to search for an additional page to enter the authorization, and the authorization is instant, and the process is simple and efficient. Optionally, as shown in FIG. 3 , the authorization judgment first module 202 may be configured to call the bank card login-free authorization component when it is necessary to confirm the user identity, so that the bank card login-free authorization component responds to the call , according to the saved authorization status information of the user's bank card free login, it is judged whether the user has authorized the bank card free login. The card query first module 204 can be configured to obtain the bank card information returned by the bank card free login authorization component when the user has authorized the bank card to be free of login; wherein, the bank card information is provided by the bank When the card free login authorization component determines that the user has not authorized the bank card free login, after obtaining the user's authorization, it will query from the inside of the third-party platform and return it to the third-party application program, or the bank card free login The authorization component inquires from the inside of the third-party platform and returns to the third-party application program when it is determined that the user has authorized the bank card to be exempt from login. By providing a common bank card login-free authorization component for third-party applications, the logic related to login-free authorization of third-party applications is simplified, the response speed of third-party applications can be improved, and user experience is improved. Optionally, the card query first module 204 can be configured to obtain the signed and encrypted bank card information returned by the bank card free-login authorization component when the user has authorized the bank card free-login-free authorization component. The card sending first module 206 can be configured to send the signed and encrypted bank card information to the bank server, so that the bank server can verify and decrypt the signed and encrypted bank card information, according to The decrypted bank card information is used for user identity authentication. In this embodiment, since the bank card information is always in an encrypted state during the transmission process from the bank card free login authorization component to the third-party application, and then from the third-party application to the bank server, it is not decrypted until the bank server. Clear text information, thus ensuring the security of user privacy information. As shown in Figure 3, the device may also include: a request sending module 210, which may be configured to send the service request to the bank service end, so that the service end executes the service corresponding to the service request after completing the user identity authentication logic to return business data to the third-party application. The data receiving module 212 can be configured to receive the business data returned by the bank server. For example, the request sending module 210 may be configured to send the payment request to the bank server. It can be seen that in the scenario of querying balance, billing details, payment and other business requests, the user does not need to enter the bank card information again, and the user can complete the bank card login-free authorization once in the third-party application such as the bank applet The identity authentication of the bank server and the subsequent business logic processing are simple and efficient, simplifying user operations and improving user experience. The foregoing is a schematic solution of an identity authentication device in this embodiment. It should be noted that the technical solution of the identity authentication device and the above-mentioned technical solution of the identity authentication method belong to the same idea, and details of the technical solution of the identity authentication device that are not described in detail can be found in the description of the technical solution of the above-mentioned identity authentication method . FIG. 4 shows a flow chart of a method for implementing a login-free authorization component according to an embodiment of the present specification, including steps 402 to 406 . Step 402: Responding to the call of the third-party application program on the third-party platform, for the user involved in the call, judge whether the user has authorized the bank card free login according to the saved authorization status information of the user's bank card free login. For example, the authorization center can be used to determine whether the user has authorized the bank card to be exempt from login. The authorization center can be used to save the user's bank card login-free authorization status information, and decide whether the user needs to authorize. Step 404: In the case that the user has authorized the bank card to be exempt from login, query the information of the bank card bound to the user on the third-party platform from within the third-party platform. For example, if it is determined that the user has not authorized the free login of the bank card, the authorization of the user can be obtained, the authorization status information of the user's bank card free of login can be updated, and the bank card information can be queried from the inside of the third-party platform. When it is determined that the user has authorized the bank card to be exempt from login, the bank card information is queried from within the third-party platform. Optionally, the bank card information can be queried from inside the third-party platform through an open gateway, wherein the open gateway is used to sign and encrypt the bank card information. For example, encryption algorithms such as RSA and SHA256 can be used. In this embodiment, since the bank card information is signed and encrypted through the open gateway after being queried from the third platform, it is always in an encrypted state during the entire transmission process, thereby ensuring the security of the user's private information. Step 406: Send the bank card information to the third-party application program, so that the third-party application program sends the bank card information to the bank server, so that the bank server performs user identity authentication based on the bank card information. For example, send the bank card information after signing and encrypting to the third-party application program, so that the third-party application program can send the bank card information after signing and encrypting to the bank server, so that the bank server can check the bank card information after signing. The encrypted bank card information is verified and decrypted, and user identity authentication is performed according to the decrypted bank card information. In this embodiment, since the bank card information is always in an encrypted state during the transmission process from the bank card login-free authorization component to the third-party application, and then from the third-party application to the bank server, thereby protecting the privacy of the user. safety. It can be seen that due to the method for realizing the login-free authorization component provided by the embodiment of this manual, the bank card login-free authorization component that can be called by the third-party application is realized, so that the third-party application can obtain the authorization of the third-party platform under the authorization of the user. The internally bound bank card information is sent to the bank server for user identity authentication, thus providing a common way for third-party applications to simplify the secondary identity authentication process in business scenarios such as balance inquiry and bill inquiry that focus on the card dimension The bank card login-free authorization component, as long as the user has authorized the bank card login-free in the third-party application, the identity authentication and subsequent business logic processing on the bank server can be completed, and there is no need to enter bank card information for secondary login, which is simple and efficient , to simplify user operations and improve user experience. In order to make one or more embodiments of this specification easier to understand, the following description will be made in conjunction with a schematic diagram of a solution architecture according to one or more embodiments of this specification shown in FIG. 5 . As shown in Figure 5, the solution architecture according to one or more embodiments of this specification may include five layers: business scenario 502, application layer 504, bank card login-free authorization component layer 506, base layer 508, and data layer 510. Wherein, the business scenario 502 may include: balance inquiry, bill details, repayment inquiry, account information inquiry, and the like. The application layer 504 may include: a bank applet and a bank server. The functions of the bank card login-free authorization component 506 may include: user authorization through the authorization center of the base layer 508, bank card information query through the open gateway of the base layer 508, and encryption calculation through the open gateway of the base layer 508 Signature encryption is not possible. The base layer 508 may include: an open gateway, an authorization center, an applet platform for implementing a bank applet, and an encryption algorithm. The bank card login-free authorization component 508 is an application layer located on an open gateway, an authorization center, and an encryption algorithm. The data layer 510 may include user information such as real name and mobile phone number, bank card information, bank information such as bank name and bank abbreviation. Among them, according to the needs of the implementation scenario, the bank server can return user information, bank card information, and bank information to the bank applet. Based on the solution architecture shown in Figure 5, when users use the bank applet developed by the bank on the third-party platform, for scenarios such as balance inquiry and bill inquiry, the bottom layer can rely on basic functions such as open gateways, authorization centers, and encryption algorithms. , so that private data such as the user's bank card information is encrypted through the user's authorization and the entire process using an asymmetric encryption algorithm during the entire transmission process, thereby ensuring the versatility and security of the user's private information. In the following, the flow of one or more embodiments of this specification based on the solution architecture shown in FIG. 5 will be described in combination with the message interaction schematic diagram shown in FIG. 6 . The specific steps include step 602 to step 634 . Step 602: The bank applet responds to the user's use of a certain banking function, such as balance inquiry, bill details, repayment inquiry, account information inquiry, etc. According to the banking function that requires bank card information for identity authentication, call the bank card for login-free authorization components. Step 604: The bank card login-free authorization component sends an authorization judgment request to the authorization center. Step 606: In response to receiving the authorization judgment request, the authorization center judges whether the user has authorized the bank card free login according to the user's bank card free login authorization status information. Step 608: The authorization center returns the user's unauthorized information to the bank applet if it determines that the user has not authorized the bank card to be exempt from login. Step 610: The bank applet displays an authorization request dialog box according to the user's unauthorized information to allow the user to authorize. Step 612: When the user confirms the authorization, send the user's confirmation authorization information to the authorization center. Step 614: The authorization center updates the user's bank card login-free authorization status information according to the confirmed authorization information. Step 616: The authorization center sends a bank card information query request to the open gateway when the user has authorized the bank card to be exempt from login. Step 618: In response to receiving the bank card information query request, the opening gateway sends a query request to query the user's bank card information to the data service inside the third-party platform. Step 620: The opening gateway receives the user's bank card information returned by the data service of the third-party platform. Step 622: The open gateway performs signature encryption on the bank card information. Step 624: The open gateway returns the signed and encrypted bank card information to the bank card login-free authorization component. Step 626: The bank card login-free authorization component returns the signed and encrypted bank card information to the bank applet. Step 628: The bank applet sends the business request carrying the signed and encrypted bank card information to the bank server. Step 630: The bank server verifies and decrypts the signed and encrypted bank card information, performs user identity authentication according to the decrypted bank card information, and executes the business request after the authentication is passed. Step 632: The bank server returns the business data corresponding to the business request to the bank applet. Step 634: The bank applet renders the business page according to the received business data. It can be seen from this embodiment that this embodiment can allow third-party platforms such as Alipay to pass the bank card information bound by the user to the bank applet through user authorization when the user accesses some functions of the bank applet. , used in business scenarios such as identity confirmation and information query, and user privacy protection mechanisms such as signing and encryption are added in the process of bank card information transmission. The bank server performs signature verification and decryption after receiving the user's bank card information. Processing, identify the user's identity through bank card information and perform follow-up business processing, thereby eliminating the need for the user to input bank card information, simplifying user operation steps, and improving user experience. Corresponding to the above embodiment of the method for implementing the login-free authorization component, this specification also provides an embodiment of a device for implementing the login-free authorization component. Figure 7 shows a device for implementing the login-free authorization component provided by an embodiment of this specification. Schematic diagram of the device structure. As shown in FIG. 7 , the device includes: a second authorization judging module 702 , a second card inquiry module 704 and a second card sending module 706 . The authorization judging second module 702 can be configured to respond to the call of the third-party application program in the third-party platform, and judge whether the user involved in the call is based on the saved bank card login-free authorization status information of the user. The bank card has been authorized to be exempt from login. The card inquiry second module 704 can be configured to inquire about the bank card information bound by the user on the third-party platform from within the third-party platform when the user has authorized the bank card to be exempt from login. The card sending second module 706 can be configured to send the bank card information to the third-party application program, so that the third-party application program sends the bank card information to the bank server, so that the bank server can send the bank card information according to the Bank card information for user identity authentication. It can be seen that due to the method for realizing the login-free authorization component provided by the embodiment of this manual, the bank card login-free authorization component that can be called by the third-party application is realized, so that the third-party application can obtain the authorization of the third-party platform under the authorization of the user. The internally bound bank card information is sent to the bank server for user identity authentication, thus providing a common way for third-party applications to simplify the secondary identity authentication process in business scenarios such as balance inquiry and bill inquiry that focus on the card dimension The bank card login-free authorization component, as long as the user has authorized the bank card login-free in the third-party application, the identity authentication and subsequent business logic processing on the bank server can be completed, and there is no need to enter bank card information for secondary login, which is simple and efficient , to simplify user operations and improve user experience. Optionally, the card sending second module 706 can be configured to send the signed and encrypted bank card information to the third-party application program, so that the third-party application program can use the signed and encrypted bank card information The information is sent to the bank server, so that the bank server verifies and decrypts the signed and encrypted bank card information, and performs user identity authentication based on the decrypted bank card information. In this embodiment, since the bank card information is always in an encrypted state during the transmission process from the bank card login-free authorization component to the third-party application, and then from the third-party application to the bank server, thereby protecting the privacy of the user. safety. Optionally, the card query second module 704 can be configured to query the bank card information from the third-party platform through an open gateway, wherein the open gateway is used to query the bank card information Signature encryption. In this embodiment, since the bank card information is signed and encrypted through the open gateway after being queried from the third platform, it is always in an encrypted state during the entire transmission process, thereby ensuring the security of the user's private information. The foregoing is a schematic solution of a device for implementing a login-free authorization component in this embodiment. It should be noted that the technical solution of the device for realizing the login-free authorization component and the technical solution of the above-mentioned method for realizing the login-free authorization component belong to the same concept, and the details of the technical solution for the device for realizing the login-free authorization component are not described in detail. For details, please refer to the above description of the technical solution of the method for realizing the login-free authorization component. FIG. 8 shows a structural block diagram of a computing device 800 provided according to an embodiment of this specification. Components of the computing device 800 include, but are not limited to, memory 810 and processor 820 . The processor 820 is connected to the memory 810 through the bus 830, and the database 850 is used for storing data. Computing device 800 also includes an access device 840 that enables computing device 800 to communicate via one or more networks 860 . Examples of these networks include the Public Switched Telephone Network (PSTN), Local Area Network (LAN), Wide Area Network (WAN), Personal Area Network (PAN), or a combination of communication networks such as the Internet. Access device 840 may include one or more of any type of network interface (e.g., a network interface card (NIC)), wired or wireless, such as IEEE 802.11 wireless area network (WLAN) wireless interface, global microwave Internet Access (Wi-MAX) interface, Ethernet interface, Universal Serial Bus (USB) interface, cellular network interface, Bluetooth interface, Near Field Communication (NFC) interface, etc. In an embodiment of the present specification, the above-mentioned components of the computing device 800 and other components not shown in FIG. 8 may also be connected to each other, for example, through bus bars. It should be understood that the structural block diagram of the computing device shown in FIG. 8 is for the purpose of illustration only, rather than limiting the scope of this description. Those skilled in the art can add or replace other components as needed. Computing device 800 may be any type of stationary or mobile computing device, including mobile computers or mobile computing devices (e.g., tablets, personal digital assistants, notebooks, notebooks, laptops, etc.), mobile phones (e.g., smartphones), wearable computing devices (eg, smart watches, smart glasses, etc.) or other types of mobile devices, or stationary computing devices such as desktop computers or PCs. Computing device 800 may also be a mobile or stationary server. In one or more embodiments of one aspect of this specification, the processor 820 can be used to execute the following computer-executable instructions: When it is necessary to confirm the user's identity, according to the user's bank card free login authorization status information, determine whether the user has Authorize the bank card without login; In the case that the user has authorized the bank card without login, query the bank card information bound by the user on the third-party platform from the inside of the third-party platform; send the bank card information to the bank server, so that the bank server can perform user identity authentication based on the bank card information. Optionally, it also includes: obtaining the user's authorization for bank card free login when the user does not authorize bank card free login. Optionally, when the user identity needs to be confirmed, according to the user's bank card free login authorization status information, judging whether the user has authorized the bank card free login includes: When the user identity needs to be confirmed, calling the bank card free login authorization component , so that the bank card no-login authorization component responds to the call, and judges whether the user has authorized bank card no-login according to the saved bank card no-login authorization status information of the user; if the user has authorized bank card no-login In this case, the bank card information bound to the user on the third-party platform is queried from within the third-party platform, including: In the case that the user has authorized the bank card to be free of login, obtain the information returned by the bank card free of login authorization component Bank card information; Wherein, the bank card information is queried from the inside of the third-party platform by the bank card free login authorization component after obtaining the authorization of the user and returning it to the The third-party application program, or the bank card free login authorization component inquires from the inside of the third-party platform and returns to the third-party application program when it determines that the user has authorized the bank card free login. Optionally, in the case that the user has authorized the bank card to be free of login, obtaining the bank card information returned by the bank card non-login authorization component includes: The signature-encrypted bank card information returned by the card-free login authorization component; sending the bank card information to the bank server includes: sending the signature-encrypted bank card information to the bank server, so that the bank The server verifies and decrypts the signed and encrypted bank card information, and performs user identity authentication based on the decrypted bank card information. Optionally, it also includes: sending the business request to the bank server, so that the server executes the business logic corresponding to the business request and returns the business data to the third-party application after completing the user identity authentication; The business data returned by the server. Optionally, the sending the service request to the bank server includes: sending the payment request to the bank server. The foregoing is a schematic solution of a computing device in this embodiment. It should be noted that the technical solution of the computing device is of the same concept as the technical solution of the above-mentioned identity authentication method. For details not described in detail in the technical solution of the computing device, refer to the description of the technical solution of the above-mentioned identity authentication method. In one or more embodiments of another aspect of this specification, the processor 820 may be configured to execute the following computer-executable instructions: responding to a call from a third-party application program on a third-party platform, for the user involved in the call, according to the saved The user's bank card free login authorization status information determines whether the user has authorized the bank card free login; in the case that the user has authorized the bank card free login, it can be found from the third-party platform that the user is tied to the third-party platform The specified bank card information; Send the bank card information to the third-party application, so that the third-party application can send the bank card information to the bank server, so that the bank server can perform user identity authentication based on the bank card information . Optionally, send the bank card information to the third-party application, so that the third-party application sends the bank card information to the bank server, so that the bank server performs user identity authentication based on the bank card information, including : Send the signed and encrypted bank card information to the third-party application, so that the third-party application can send the signed and encrypted bank card information to the bank server, so that the bank server can encrypt the signed Signature verification and decryption are performed on the bank card information after decryption, and user identity authentication is performed according to the bank card information after decryption. Optionally, the querying the bank card information from the third-party platform includes: querying the bank card information from the third-party platform through an open gateway, wherein the open gateway is used for the bank The card information is signed and encrypted. The foregoing is a schematic solution of a computing device in this embodiment. It should be noted that the technical solution of the computing device and the technical solution of the above-mentioned method for realizing the login-free authorization component belong to the same concept. For details not described in detail in the technical solution of the computing device, please refer to the above-mentioned realization of the login-free authorization component. Description of the technical solution of the method. On the one hand, an embodiment of this specification also provides a computer-readable storage medium, which stores computer instructions, and when the instructions are executed by the processor, they are used to: When the identity of the user needs to be confirmed, according to the user's bank card, the login-free authorization Status information, to determine whether the user has authorized the bank card to be free of login; if the user has authorized the bank card to be free of login, query the bank card information bound to the user on the third-party platform from within the third-party platform; Send the bank card information to the bank server, so that the bank server can perform user identity authentication based on the bank card information. Optionally, it also includes: obtaining the user's authorization for bank card free login when the user does not authorize bank card free login. Optionally, when the user identity needs to be confirmed, according to the user's bank card free login authorization status information, judging whether the user has authorized the bank card free login includes: When the user identity needs to be confirmed, calling the bank card free login authorization component , so that the bank card no-login authorization component responds to the call, and judges whether the user has authorized bank card no-login according to the saved bank card no-login authorization status information of the user; if the user has authorized bank card no-login In this case, the bank card information bound to the user on the third-party platform is queried from within the third-party platform, including: In the case that the user has authorized the bank card to be free of login, obtain the information returned by the bank card free of login authorization component Bank card information; Wherein, the bank card information is queried from the inside of the third-party platform by the bank card free login authorization component after obtaining the authorization of the user and returning it to the The third-party application program, or the bank card free login authorization component inquires from the inside of the third-party platform and returns to the third-party application program when it determines that the user has authorized the bank card free login. Optionally, in the case that the user has authorized the bank card to be free of login, obtaining the bank card information returned by the bank card non-login authorization component includes: The signature-encrypted bank card information returned by the card-free login authorization component; sending the bank card information to the bank server includes: sending the signature-encrypted bank card information to the bank server, so that the bank The server verifies and decrypts the signed and encrypted bank card information, and performs user identity authentication based on the decrypted bank card information. Optionally, it also includes: sending the business request to the bank server, so that the server executes the business logic corresponding to the business request and returns the business data to the third-party application after completing the user identity authentication; The business data returned by the server. Optionally, the sending the service request to the bank server includes: sending the payment request to the bank server. The foregoing is a schematic solution of a computer-readable storage medium in this embodiment. It should be noted that the technical solution of the storage medium and the technical solution of the above-mentioned identity authentication method belong to the same idea, and details not described in detail in the technical solution of the storage medium can refer to the description of the technical solution of the above-mentioned identity authentication method. Another embodiment of this specification also provides a computer-readable storage medium, which stores computer instructions, and when the instructions are executed by a processor, they are used to: respond to a call from a third-party application program on a third-party platform, for the For the user involved in the call, judge whether the user has authorized the bank card free login according to the saved authorization status information of the user's bank card; if the user has authorized the bank card free login, query from the internal of the third-party platform Get the bank card information bound by the user on the third-party platform; send the bank card information to the third-party application, so that the third-party application can send the bank card information to the bank server, so that the bank server can The bank card information is used for user identity authentication. Optionally, send the bank card information to the third-party application, so that the third-party application sends the bank card information to the bank server, so that the bank server performs user identity authentication based on the bank card information, including : Send the signed and encrypted bank card information to the third-party application, so that the third-party application can send the signed and encrypted bank card information to the bank server, so that the bank server can encrypt the signed Signature verification and decryption are performed on the bank card information after decryption, and user identity authentication is performed according to the bank card information after decryption. Optionally, the querying the bank card information from the third-party platform includes: querying the bank card information from the third-party platform through an open gateway, wherein the open gateway is used for the bank The card information is signed and encrypted. The foregoing is a schematic solution of a computer-readable storage medium in this embodiment. It should be noted that the technical solution of the storage medium and the above-mentioned technical solution of the method for realizing the login-free authorization component belong to the same concept. For details not described in detail in the technical solution of the storage medium, please refer to the above-mentioned realization of the login-free authorization component. Description of the technical solution of the method. The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims can be performed in an order different from that in the examples and still achieve desirable results. In addition, the processes depicted in the figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. Multitasking and parallel processing are also possible or may be advantageous in certain embodiments. The computer instruction includes computer program code, and the computer program code may be in the form of source code, object code, executable file or some intermediate form. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, flash drive, mobile hard drive, magnetic disk, optical disk, computer memory, read-only memory (ROM, Read- Only Memory), Random Access Memory (RAM, Random Access Memory), electrical carrier signal, telecommunication signal, and software distribution media, etc. It should be noted that the computer-readable medium may contain appropriate additions or subtractions as required by legislation and patent practice in the jurisdiction. For example, in some jurisdictions, computer-readable media may Media excludes electrical carrier signals and telecommunication signals. It should be noted that, for the sake of simplicity of description, the above-mentioned method embodiments are expressed as a series of action combinations, but those skilled in the art should know that the embodiments of this specification are not limited by the described action sequence. Because according to the embodiment of the present specification, certain steps may be performed in other orders or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the embodiments of the specification. In the foregoing embodiments, the descriptions of each embodiment have their own emphases, and for parts not described in detail in a certain embodiment, reference may be made to relevant descriptions of other embodiments. The preferred embodiments of the present specification disclosed above are only for helping to explain the present specification. Alternative embodiments are not exhaustive in all detail, nor are the inventions limited to specific implementations described. Obviously, many modifications and changes can be made according to the contents of the embodiments of this specification. This specification selects and specifically describes these embodiments in order to better explain the principles and practical applications of the embodiments of this specification, so that those skilled in the art can well understand and use this specification. This specification is to be limited only by the claims and their full scope and equivalents.