CN102347929A - Verification method of user identity and apparatus thereof - Google Patents

Verification method of user identity and apparatus thereof Download PDF

Info

Publication number
CN102347929A
CN102347929A CN201010240235XA CN201010240235A CN102347929A CN 102347929 A CN102347929 A CN 102347929A CN 201010240235X A CN201010240235X A CN 201010240235XA CN 201010240235 A CN201010240235 A CN 201010240235A CN 102347929 A CN102347929 A CN 102347929A
Authority
CN
China
Prior art keywords
user
information
authentication
corresponding
client
Prior art date
Application number
CN201010240235XA
Other languages
Chinese (zh)
Inventor
王凯
秦韬
陈贵艺
Original Assignee
阿里巴巴集团控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司 filed Critical 阿里巴巴集团控股有限公司
Priority to CN201010240235XA priority Critical patent/CN102347929A/en
Publication of CN102347929A publication Critical patent/CN102347929A/en

Links

Abstract

Embodiments of the invention disclose a verification method of a user identity and an apparatus thereof. The method comprises the following steps: receiving a user request transmitted by a client, wherein the user request includes a user name of the client; searching corresponding user information according to the user name; analyzing the user information; outputting a verification mode to the client according to an analysis result of the user information; determining whether verification information returned by the client according to the verification mode is correct or not; if the verification information is correct, passing user identity verification, otherwise, not passing the user identity verification. In the embodiments of the invention, a single verification mode with a higher grade is not the only mode to output to the user but the verification modes with different verification grades are output according to the user information. Therefore, system resources consumed during carrying out user identity verification can be saved; a processing speed and efficiency of the identity verification can be raised. The verification with complex operations does not need to be performed every time so that verification experience of the user can be raised too.

Description

一种用户身份的验证方法及装置 A user identity authentication method and device

技术领域 FIELD

[0001] 本申请涉及网络通信技术领域,特别涉及一种用户身份的验证方法及装置。 [0001] The present application relates to network communication technology field, and particularly relates to a method and an apparatus to verify user identity. 背景技术 Background technique

[0002] 在互联网行业中,客户端要使用服务提供商提供的业务,就需要与业务服务器进行交互,业务服务器识别使用客户端的用户身份后,方能允许用户通过客户端访问相应的业务。 [0002] In the Internet industry, the client to use the service provider business, you need to interact with the service server, the server recognizes the service using the client user identity, in order to allow the user access to the appropriate service by the client. 现有技术中,服务器验证客户端用户是否合法的方法,可以基于用户所知进行验证, 包括验证口令、提出安全问题、验证个人识别号或密钥等;也可以基于用户所有进行验证, 包括验证用户所持有的证书、令牌、身份证、银行卡等是否合法;也可以基于用户属性进行验证,包括用户的语音特征、笔记、指纹等。 Prior art, the server verifies whether the client user lawful methods, based on the user knowledge to verify, including verification password, raised security issues, verify personal identification number or key, etc.; also be based on all the user to verify, including verification held by the user certificates, tokens, ID cards, bank cards, etc. is legitimate; can also be verified based on user attributes, including voice characteristics of the user, notes, fingerprints.

[0003] 发明人在对现有技术的研究过程中发现,服务器对客户端进行用户身份识别时, 基于不同的业务采用不同的识别方式,进一步,对于同一种业务,还可以根据用户种类的不同细分识别方式。 When [0003] In the course of the study the inventors found the prior art, a client server user identification, different identification methods based on different business, further, for the same service, the user may also be a different kind of subdivision of identification. 现有技术中的验证方式都是从业务和用户分类的角度预先设置好的,由于验证用户身份是为了防止和识别其他人的冒用,因此通常需要采用验证级别较高的验证方式;但是,验证方式的级别越高,往往导致用户操作越复杂,相应的用户为这种验证需要付出更高的成本,同时从系统角度来看,较高级别的验证方式,比如短信验证码的方式,在用户验证的时候需要通过短信向用户发送验证码,因此系统需要付出更多的资源来处理这些验证,导致系统的处理过程缓慢,且在短信发送中如果短信遗失则会中断整个业务处理, 用户必须重新提交验证请求,如此,导致整个系统业务处理缓慢、效率低下。 Prior art authentication mode is pre-set from the perspective of traffic and users, since the user's identity is verified and identified to prevent fraudulent use of others, it is often necessary to employ a higher authentication level manner; however, the higher the level of authentication, the user often leads to more complex operations, such as the appropriate user authentication required to pay a higher cost, while from the perspective of the system, a higher level of authentication, such as message authentication code, in user authentication via SMS when you need to send a verification code to the user, so the system needs to pay more resources to deal with these verification, resulting in slow processing systems, and in the SMS message is lost if the entire business process is interrupted, the user must resubmit authentication request, thus, the entire system business process slow and inefficient.

[0004] 综上所述,较高级别的验证方式虽然能更有效的提高用户身份验证的安全性,但也很大程度地影响了系统的处理业务的速度和效率,因此需要一种更为有效且更减少系统资源浪费的验证方式。 [0004] In summary, although a higher level of authentication can more effectively improve the security of user authentication, but also affected the speed and efficiency of processing operations system to a large extent, and therefore need a more reduce waste of resources and more effective system authentication.

发明内容 SUMMARY

[0005] 本申请实施例的目的在于提供一种用户身份的验证方法及装置,以解决现有技术中单一采用验证级别较高的验证方式导致系统对业务的处理效率不高,且浪费系统资源的问题。 [0005] The object of embodiments of the present application is to provide a method and apparatus for verification of user identity, in order to solve the prior art single use of higher authentication level embodiment results in the processing efficiency of the traffic is not high, and the waste of system resources The problem.

[0006] 为解决上述技术问题,本申请实施例提供一种用户身份的验证方法,是这样实现的: [0006] To solve the above problems, the present embodiment provides a method of verification of a user identity, it is achieved:

[0007] 一种用户身份的验证方法,包括: [0007] A user identity authentication method, comprising:

[0008] 接收客户端发送的用户请求,所述用户请求中包含所述客户端的用户名; [0008] The user receives the request sent by the client, the user request includes a user name of the client;

[0009] 根据所述用户名搜索对应的用户信息; [0009] The search for the corresponding user information according to the user name;

[0010] 分析所述用户信息; [0010] analyzing the user information;

[0011] 根据所述用户信息的分析结果向所述客户端输出验证方式; [0011] output to the client authentication of the user according to the analysis result information;

[0012] 判断客户端根据所述验证方式返回的验证信息是否正确,若正确,则通过用户身份验证,否则,不通过用户身份验证。 [0012] Analyzing the client returns the authentication mode according to the authentication information is correct, if correct, the verification by the user, or, without passing through user authentication. [0013] 为解决上述技术问题,本申请实施例还提供一种用户身份的验证装置,是这样实现的: [0013] To solve the above problems, embodiments of the present application further provides an apparatus for user identity verification, it is achieved:

[0014] 接收单元,用于接收客户端发送的用户请求,所述用户请求中包含所述客户端的用户名; [0014] a receiving unit, configured to receive a request sent by the client user, the user request includes a user name of the client;

[0015] 搜索单元,用于根据所述用户名搜索对应的用户信息; [0015] search unit, according to the user information for the user name corresponding to the search;

[0016] 分析单元,用于分析所述用户信息; [0016] analysis unit for analyzing the user information;

[0017] 输出单元,用于根据所述用户信息的分析结果向所述客户端输出验证方式; [0017] The output unit configured to output the client authentication of the user according to the analysis result information;

[0018] 验证单元,用于判断客户端根据所述验证方式返回的验证信息是否正确,若正确, 则通过用户身份验证,否则,不通过用户身份验证。 [0018] The verification unit, for determining returned by the client according to the authentication verification information is correct, if correct, the verification by the user, or, without passing through user authentication.

[0019] 由以上本申请实施例提供的技术方案可见,本申请实施例中接收客户端发送的包含用户名的用户请求,根据用户名搜索对应的用户信息,分析用户信息,并根据用户信息的分析结果向客户端输出验证方式,判断客户端根据验证方式返回的验证信息是否正确,若正确,则通过用户身份验证,否则,不通过用户身份验证。 [0019] The technical solutions provided by the above present application is visible to the present application user request comprises a user name Examples sent by a client of the embodiment, the user name search for the corresponding user information, analyze the user information and the user information the results output to the client authentication method to determine the client returned by the authentication methods to verify the information is correct, if correct, the user authentication, otherwise, without user authentication. 本申请实施例不局限于仅向用户输出级别较高的单一验证方式,而是根据用户信息输出验证级别不同的验证方式,因此节约了系统进行用户身份验证时所耗费的系统资源,提高了身份验证的处理速度和效率;由于不必每次都进行操作复杂的验证,因此也提高了用户的验证体验,并且由于验证方式不唯一,因此在保证了验证安全性的同时,也提高了验证系统的验证灵活性。 Example embodiments of the present application is not limited only to the output of a single higher level user authentication, but depending on the user authentication level information output mode, thus saving system resources for user authentication system expended to improve the identity verification processing speed and efficiency; since no complicated operation every time authentication, and therefore improve the user experience authentication, and authentication is not unique since, thus ensuring the security and to verify, but also to improve the verification system verify flexibility.

附图说明 BRIEF DESCRIPTION

[0020] 为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。 [0020] In order to more clearly illustrate the technical solutions according to the prior art embodiment of the present application, briefly introduced hereinafter, embodiments are described below in the accompanying drawings or described in the prior art needed to be used in describing the embodiments the drawings are only some embodiments of the present application are described, those of ordinary skill in the art is concerned, without any creative effort, and can obtain other drawings based on these drawings.

[0021] 图1为本申请用户身份的验证方法的第一实施例流程图; The verification method of the first embodiment [0021] Figure 1 is a flow chart of the application user identity;

[0022] 图2为本申请用户身份的验证方法的第二实施例流程图; Verification method of the second embodiment [0022] FIG 2 is a flowchart of the application user identity;

[0023] 图3为本申请用户身份的验证方法的第三实施例流程图; [0023] FIG 3 user identity authentication method according to the present application flowchart of a third embodiment;

[0024] 图4为本申请用户身份的验证装置的第一实施例框图; Example of a block diagram of a first embodiment of authentication device [0024] FIG. 4 of the present application user identity;

[0025] 图5为本申请用户身份的验证装置的第二实施例框图。 A block diagram of a second embodiment of authentication device [0025] FIG. 5 of the present application user identity.

具体实施方式 Detailed ways

[0026] 在如下本申请的多个实施例中,有些实施例提供了一种用户身份的验证方法,有些实施例提供了一种用户身份的验证装置。 [0026] In the present application embodiment a plurality of the following Examples, some embodiments provide a method of user identity verification, some embodiments provide an apparatus for verification of a user identity.

[0027] 为了使本技术领域的人员更好地理解本申请实施例中的技术方案,并使本申请实施例的上述目的、特征和优点能够更加明显易懂,下面结合附图对本申请实施例中技术方案作进一步详细的说明。 [0027] In order to make those skilled in the art better understand the technical solutions in the present application embodiment, and the above-described object of the present application, features and advantages of the embodiments can be more fully understood in conjunction with the accompanying drawings of embodiments of the present application technical solution will be further described in detail.

[0028] 参见图1,为本申请用户身份的验证方法的第一实施例流程图: [0028] Referring to Figure 1, the user identity authentication method of the first embodiment of the present disclosure flowchart of:

[0029] 步骤101 :接收客户端发送的用户请求,该用户请求中包含客户端的用户名。 [0029] Step 101: receive a user request sent from a client, the user request includes the user name of the client.

[0030] 用户在使用某个网站提供的业务之前,首先需要注册成为该网站的会员,在注册时网站服务器会记录用户的用户名、密码等注册信息;对于用户申请使用的业务,网站服务商可能预先向用户发送了相应的密钥、令牌等验证信息,供用户每次使用业务时对其是否合法进行验证,这些验证信息也通过用户名与对应的用户相关联。 [0030] user before using the service provided by a Web site, you first need to register as a member of the site, at the registration web server will record the user's registration information of a user name and password; user application for business use, web service providers may be sent to the user in advance corresponding keys, tokens authentication information for each user to verify the legality of its business use, the user authentication information is also associated with a corresponding user name.

[0031] 当用户通过客户端登录网站后,并选择使用某个业务时,向服务器端发送验证请求,该验证请求中包含用户的用户名。 [0031] When users log in through the client site, and you select to use a service, the request is sent to the server-side validation, the verification request contains the user's username.

[0032] 步骤102 :根据用户名搜索对应的用户信息。 [0032] Step 102: The search for the user information corresponding to the user name.

[0033] 在服务器端的数据库中,以用户名为索引保存了每个用户的各种用户信息,可以包括用户属性分类信息、用户帐户价值信息、用户历史操作信息等,这些用户信息可以用于风险判断。 [0033] In the server-side database to save the user name index for each user a variety of user information may include user attributes classified information, the value of the user account information, user operation history information, user information can be used for these risk judgment. 例如,用户属性分类信息指该用户为个人用户,或者企业用户等;用户帐户价值信息指该用户在使用业务过程中的交易量,或者该用户帐户中的余额等;用户历史操作信息指该用户曾经登录网站的IP地址,或者该用户曾经登录网站所使用的浏览器的版本等。 For example, a user attribute classification information refers to the user for individual users or corporate users, etc.; user account value information refers to transactions the user in the use of business process, or the balance of the user account and so on; the user historical operating information refers to the user version and other browsers visit the website once the IP address, or visit the website the user has used. 上述仅仅是示例了几种用户信息的维度,实际使用过程中,可以根据网站的实际情况选择所需要的维度。 The foregoing is merely illustrative of several dimensions of the user information, the actual use, the required dimensions can be selected according to the actual site.

[0034] 因此根据用户名查找数据库,就能够获取到数据库中记录的与该用户名对应的用户属性分类信息、用户帐户价值信息、用户历史操作信息等用户信息,这些信息作为判断本次验证请求的风险等级的依据。 [0034] Thus lookup database based on user name, it is possible to obtain the user attribute category information, user account value of the information, the user historical operating information of the user information corresponding to the user name recorded in the database, such information as the determination of this verification request based on the risk level.

[0035] 步骤103 :分析该用户信息。 [0035] Step 103: Analyze the subscriber information.

[0036] 在服务器端,保存了预先设置的若干验证方式,以及根据每种验证方式的安全性能为每种验证方式所设置的对应的风险级别。 [0036] On the server side, a number of stored preset authentication mode, and the corresponding level of risk for each authentication according to the security authentication for each set.

[0037] 通过分析各个种类的用户信息,并综合分析结果即可判断当前验证请求对应的风险级别,然后查找预先设置的验证方式及对应的风险级别,就能够获取与所确定的风险级别对应的验证方式。 [0037] By analyzing each type of user information, and a comprehensive analysis result to determine whether the current level of risk corresponding to the authentication request, and then find the previously set authentication mode and the corresponding risk level, it is possible to obtain a corresponding to the determined level of risk Ways of identifying.

[0038] 具体来说,在判断验证请求对应的风险级别时,可以根据预设的评分规则,确定每种类型的用户信息的分数,将每种类型的用户信息的分数进行累加,将累加的结果值与预设的每种风险级别的分数范围进行匹配,获取与该结果值匹配的风险级别。 [0038] Specifically, it is determined that the level of risk corresponding to the authentication request, according to a preset scoring rules, determining a score for each type of user information, the fraction of each type of user information is accumulated, the accumulated the resulting value with a preset range of scores for each level of risk match, get the result matches the value of the level of risk.

[0039] 步骤104 :根据用户信息的分析结果向客户端输出验证方式。 [0039] Step 104: The analysis result information to the client user authentication mode output.

[0040] 本申请实施例中,即使同一个用户在不同时间请求了同一种业务,也可能因为所处的风险级别不同,而相应输出不同的验证方式,由此提高了系统验证灵活性,增强了用户体验,保证了用户安全性。 [0040] Application of the present embodiment, even if the same user at different times to the same request for a service, which may also be due to different risk levels, and different authentication methods corresponding output, thereby increasing the flexibility of the system authentication, enhanced the user experience to ensure user safety.

[0041] 步骤105 :判断客户端根据验证方式返回的验证信息是否正确,若正确,则执行步骤106 ;否则执行步骤107。 [0041] Step 105: The client determines according to the authentication validates the returned information is correct, if correct, step 106 is performed; if not, step 107.

[0042] 步骤106 :通过用户身份验证,结束当前流程。 [0042] Step 106: The user authentication, the current process ends.

[0043] 步骤107 :不通过用户身份验证,结束当前流程。 [0043] Step 107: User authentication is not passed, the current process ends.

[0044] 由上述实施例可见,本申请不局限于仅向用户输出级别较高的单一验证方式,而是根据用户信息输出验证级别不同的验证方式,因此节约了系统进行用户身份验证时所耗费的系统资源,提高了身份验证的处理速度和效率。 Time-consuming [0044] As seen from the above embodiments, the present application is not limited only to the higher output level single user authentication methods, but according to different user authentication level information output mode, thus saving the user authentication system system resources, improves the processing speed and efficiency of authentication.

[0045] 参见图2,为本申请用户身份的验证方法的第二实施例流程图: [0045] The second embodiment of the verification method of flowchart 2, the user identity of the present application:

[0046] 步骤201 :保存若干可执行的验证方式,以及每种验证方式所对应的风险级别。 [0046] Step 201: a plurality of executable authentication saved, and risk level corresponding to each authentication.

[0047] 本申请实施例不是简单根据业务类型和用户类型向用户输出固定的验证方式,而是为每种验证方式设置相应的风险级别,以便后续根据用户本次请求的风险级别输出对应的验证方式。 [0047] Example embodiments of the present application is not simple, but the user is provided according to the service type and the type of output to the user authentication mode fixed for each corresponding authentication level of risk, the risk level for subsequent output according to a user request corresponding to this verification the way.

[0048] 例如,本申请实施例中可以设置三种验证方式及其对应的风险级别,如下表1所示: [0048] For example, application of the present embodiment can be provided and the authentication modes corresponding to the level of risk, as shown in Table 1:

[0049] 表1 [0049] TABLE 1

[0050] [0050]

Figure CN102347929AD00071

[0051] 步骤202 :接收客户端发送的用户请求,该用户请求中包含该客户端的用户名。 [0051] Step 202: receive a user request sent from a client, the user request includes the user name of the client.

[0052] 本申请实施例中,当用户申请使用某项业务时,网站服务商可能预先向用户提供了不同风险等级的验证方式,用户定制每种验证方式的验证信息后,后续在使用该项业务时,可以根据服务器端输出的不同验证方式输入不同的验证信息,由服务器端对其是否合法进行验证,这些验证信息通过用户名与对应的用户相关联。 [0052] The present application example, when the user is using a business application, web service providers may offer a pre-authentication different level of risk to the user, the authentication information for each user to customize authentication methods, follow-up in the use when traffic can enter authentication servers depending on the output side different from the authentication information, its legality by the authentication server, the authentication information corresponding to the user name associated with the user.

[0053] 本申请实施例中,结合表1,假设对于业务K来说,用户S预先根据不同风险等级定制了相应的验证方式,其中高风险等级对应证书A,中风险等级对应的安全问题为宠物名称(答案:毛毛),低风险等级对应的个人识别号为1234567。 [0053] The application of the present embodiment, with reference to Table 1, K is assumed to business, the user S corresponding pre-customized depending on the risk level authentication, wherein the certificate corresponding to the high risk level A, corresponding to the level of risk for the safety Pet name (answer: plush), personal identification number corresponding to the low-risk level is 1234567. 当用户通过客户端登录网站后, 并选择使用业务K时,触发客户端向服务器端发送验证请求,该验证请求中包含用户S的用户名。 When users log in through the client site, and choose to use the service when K, trigger the client sends a verification request to the server, the authentication request contains the username of the user S.

[0054] 步骤203 :根据用户名查找数据库。 [0054] Step 203: Find database user name.

[0055] 在服务器端的数据库中,以用户名为索引保存了每个用户的各种用户信息,可以包括用户属性分类信息、用户帐户价值信息、用户历史操作信息等,这些用户信息可以用于风险判断。 [0055] In the server-side database to save the user name index for each user a variety of user information may include user attributes classified information, the value of the user account information, user operation history information, user information can be used for these risk judgment. 例如,用户属性分类信息指该用户为个人用户,或者企业用户等;用户帐户价值信息指该用户在使用业务过程中的交易量,或者该用户帐户中的余额等;用户历史操作信息指该用户曾经登录网站的IP地址,或者该用户曾经登录网站所使用的浏览器的版本等。 For example, a user attribute classification information refers to the user for individual users or corporate users, etc.; user account value information refers to transactions the user in the use of business process, or the balance of the user account and so on; the user historical operating information refers to the user version and other browsers visit the website once the IP address, or visit the website the user has used. 上述仅仅是示例了几种用户信息的维度,实际使用过程中,可以根据网站的实际情况选择所需要的维度。 The foregoing is merely illustrative of several dimensions of the user information, the actual use, the required dimensions can be selected according to the actual site.

[0056] 步骤204 :获取数据库中记录的与用户名对应的用户信息。 [0056] Step 204: acquiring user information corresponding to the user name recorded in the database.

[0057] 该用户信息包括用户属性分类信息、用户帐户价值信息、用户历史操作信息之一或其组合。 [0057] The user information includes user attribute classified information, the value of information, one user operation history information of a user account or a combination thereof. 根据用户名查找数据库,就能够获取到数据库中记录的与该用户名对应的用户属性分类信息、用户帐户价值信息、用户历史操作信息等用户信息,这些信息作为判断本次验证请求的风险等级的依据。 Find a database based on user name, you can obtain the user attribute category name corresponding to the user, the user account value of the information, the user historical operating information such as user information recorded in the database, such information as the judge of this verification request of the risk level in accordance with.

[0058] 步骤205 :根据预设的评分规则,确定每种类型的用户信息的分数。 [0058] Step 205: according to a preset scoring rules, determining a score for each type of user information.

[0059] 假设本申请实施例中设置的评分规则如下: [0059] Suppose embodiment scoring rules provided in the present application as follows:

[0060] 对于用户属性分类信息,如果为个人用户则分数为0,如果为企业用户则分数为1 ; [0060] For the user attribute classification information for individual users if the score is zero, if business users fraction of 1;

[0061] 对于用户帐户价值信息,以用户帐户中的余额为例,如果帐户中的余额不足1000元则分数为0,如果账户中的余额超过1000元则分数为1 ; [0061] value for the user account information, user account balances, for example, if your account balance is less than 1,000 yuan a score of 0, if the account balance is more than 1000 yuan a score of 1;

[0062] 对于用户历史操作信息,以用户登录网站的IP地址为例,如果本地登录的IP地址与前次登录的IP地址一样则分数为1,如果不一样则分数为0。 [0062] For the user operation history information, log on to the site user's IP address, for example, if the IP address of the local login with the same IP address logged the previous score of 1, if not the same as the score is zero.

[0063] 上述描述仅是一种示例,实际应用过程中可以增加用户信息的维度,并进一步细分每种信息维度的评分标准。 [0063] The foregoing description is only an example, the actual application process can increase the dimension of the user information, and further subdivided score of each dimension information.

[0064] 步骤206 :将每种类型的用户信息的分数进行累加。 [0064] Step 206: the fraction of each type of user information is accumulated.

[0065] 假设根据用户S的用户名获取到的用户信息中包括:用户S为个人用户,用户S的帐户余额超过1000元,用户S本次登录网站的IP地址与前一次不同,则根据上述评分标准,用户S分别得到0分、1分和1分,将分数累加后,用户S本次验证请求可得到2分。 [0065] assumptions acquired based on the user name of the user S user information includes: User S for individual users, account balance user S of more than 1000 yuan, IP address of the user S The visit the website of the previous one it is different, according to the above score, the user S respectively 0, 1 points and 1 point, after the accumulated score, the user verification request to obtain the current S 2 minutes.

[0066] 步骤207 :将累加的结果值与预设的每种风险级别的分数范围进行匹配,获取与结果值匹配的风险级别。 [0066] Step 207: the accumulated result value with the preset range of scores for each level of risk, the risk level and obtain the results that match the value.

[0067] 结合步骤205中的示例,假设预先设置的风险级别与分数范围的对应关系如下表2所示: Example [0067] The binding step 205, assuming that correspondence relationship between the risk level and the score range set in advance as shown in Table 2:

[0068] 表2 [0068] TABLE 2

[0069] [0069]

Figure CN102347929AD00081

[0070] 根据用户S所得到的2分查找上表2,可以得到用户S本次验证请求的风险级别为“中,,。 [0070] Table 2 S 2 minutes to find the obtained user can obtain the current risk level user authentication request S is "in,,.

[0071] 步骤208 :查找预先设置的验证方式及对应的风险级别,获取与用户请求对应风险级别对应的验证方式。 [0071] Step 208: Find a risk level of authentication set in advance and the corresponding acquires authentication mode corresponding to the level of risk corresponding to the user request.

[0072] 根据风险级别“中”查找表1,可得到与风险等级“中”对应的验证方式为安全问题。 [0072] According to the level of risk "in the" look-up table 1, can be obtained with the level of risk "in the" corresponding authentication security issues.

[0073] 步骤209 :根据用户信息的分析结果向客户端输出验证方式,结束当前流程。 [0073] Step 209: The analysis result information to the user authentication client output mode, the current process ends.

[0074] 服务器端将用户预先定制的安全问题输出到客户端,即输出“宠物名称”,如果用户输入“毛毛”,则验证通过,否则,验证不通过。 [0074] The output of the user on the server side pre-customized security issues to the client, ie the output "pet name", if the user enters "hairy", is validated, otherwise, authentication fails.

[0075] 上述实施例仅仅示出了本次验证请求对应输出的验证方式,当下一次用户S再次请求该业务K时,如果根据用户S的用户信息评分为1时,则相应输出验证方式为个人识别号。 [0075] The foregoing embodiments are merely illustrates the authentication of this authentication request to a corresponding output of the next time the user S again request the service K, if the user information rates user S is 1, the corresponding output authentication for individuals identifier.

[0076] 需要说明的是,上述实施例中通过预设评分标准判断风险级别的方式,仅仅是获得风险级别的一种实现方式,实际应用过程中,还可以通过为不同的用户信息设置权重来综合分析本次验证请求的风险级别,对此本申请实施例不进行限制,本申请实施例的核心在于每一次验证请求时,可以根据用户信息向用户输出不同的验证方式。 [0076] Incidentally, the above-described embodiment, the risk level is determined by a preset score embodiment, the risk level is obtained merely one implementation, the process of practical application, can also be repeated for different user settings right comprehensive analysis of the risk level of this authentication request, to which the present application is not limited in the embodiment, the core of embodiment of the present application is that each time the verification request, the user information may be output to the user according to the different verification methods.

[0077] 参见图3,为本申请验证方式输出方法的第三实施例流程图: [0077] Referring to Figure 3, the output authentication method of the third embodiment of the present disclosure flowchart of:

[0078] 步骤301 :接收客户端发送的用户请求,该用户请求中包含客户端的用户名和所请求的业务类型信息。 [0078] Step 301: receive a user request sent from a client, the client request includes the user's user name and service type of information requested. [0079] 步骤302 :根据业务类型信息输出与该业务类型信息对应的初始验证方式。 [0079] Step 302: the initial authentication information output to the service type information corresponding to the service type according to.

[0080] 与前述实施例的不同在于,本实施例中,不是直接根据用户信息获取相应的验证方式,而是结合业务类型进行二次验证,即兼容现有的根据业务类型或用户类型进行验证的方式。 [0080] Unlike the preceding embodiment in that, in the present embodiment, not directly obtain the corresponding user authentication information, service type but the combination of secondary verification that is compatible with existing or verify service type according to the user type The way.

[0081] 本实施例中,服务器端可以预先为每种类型的业务设置相应的验证方式,当接收到验证请求后,首先根据该验证请求中的业务类型信息输出与该业务类型信息对应的验证方式。 [0081] In this embodiment, the server may be pre-set for each type of traffic the authentication mode, after receiving the verification request, the first type of information corresponding to authentication service according to the service type information in the output of the verification request the way. 当然,也可以预先为每种类型的用户设置相应的验证方式,当接收到验证请求后,首先根据该验证请求中的用户名对应的用户类型输出与该用户类型对应的验证方式。 Of course, it may be previously set the authentication mode for each type of user, after receiving the verification request, the user name of the first authentication request corresponding to the user type corresponding to the output of the user authentication type.

[0082] 步骤303 :接收客户端根据初始验证方式返回的初始验证信息。 [0082] Step 303: receiving an initial authentication information returned by the client based on the initial authentication.

[0083] 步骤304:判断初始验证信息是否通过,若是,则执行步骤305 ;否则,执行步骤311。 [0083] Step 304: determining whether through the initial authentication information, if yes, execute step 305; otherwise, step 311 is executed.

[0084] 步骤305 :根据用户名搜索对应的用户信息。 [0084] Step 305: The search for the user information corresponding to the user name.

[0085] 当初始根据业务类型或用户类型输出的初始验证方式所获得的验证信息通过时, 可以进一步采用本申请前述实施例中记载的根据用户信息选择输出不同的验证方式,在此不再赘述。 [0085] When the initial authentication information according to the initial user authentication service type or a type of the output obtained by, the present application may further be employed in accordance with the information the user selects the output of different authentication methods described in the embodiments, not described herein again .

[0086] 步骤306 :分析用户信息。 [0086] Step 306: analyze the user information.

[0087] 在服务器端,保存了预先设置的若干验证方式,以及根据每种验证方式的安全性能为每种验证方式所设置的对应的风险级别。 [0087] On the server side, a number of stored preset authentication mode, and the corresponding level of risk for each authentication according to the security authentication for each set.

[0088] 通过分析各个种类的用户信息,并综合分析结果即可判断当前验证请求对应的风险级别,然后查找预先设置的验证方式及对应的风险级别,就能够获取与所确定的风险级别对应的验证方式。 [0088] By analyzing each type of user information, and a comprehensive analysis result to determine whether the current level of risk corresponding to the authentication request, and then find the previously set authentication mode and the corresponding risk level, it is possible to obtain a corresponding to the determined level of risk Ways of identifying.

[0089] 具体来说,在判断验证请求对应的风险级别时,可以根据预设的评分规则,确定每种类型的用户信息的分数,将每种类型的用户信息的分数进行累加,将累加的结果值与预设的每种风险级别的分数范围进行匹配,获取与该结果值匹配的风险级别。 [0089] Specifically, it is determined that the level of risk corresponding to the authentication request, according to a preset scoring rules, determining a score for each type of user information, the fraction of each type of user information is accumulated, the accumulated the resulting value with a preset range of scores for each level of risk match, get the result matches the value of the level of risk.

[0090] 步骤307 :根据用户信息的分析结果向客户端输出验证方式。 [0090] Step 307: The analysis result information to the client user authentication mode output.

[0091] 步骤308 :判断客户端根据验证方式返回的验证信息是否正确,若是,则执行步骤309 ;否则,执行步骤310。 [0091] Step 308: determining whether the client returns the authentication mode according to the authentication information is correct, and if yes, step 309 is executed; otherwise, step 310 is performed.

[0092] 步骤309 :通过用户身份验证,结束当前流程。 [0092] Step 309: user authentication, end the current process.

[0093] 步骤310 :不通过用户身份验证,结束当前流程。 [0093] Step 310: User authentication is not passed, the current process ends.

[0094] 步骤311 :向客户端返回验证错误信息,结束当前流程。 [0094] Step 311: The client returns to the authentication error, the current process ends.

[0095] 当初始根据业务类型或用户类型输出的初始验证方式所获得的验证信息不通过时,直接返回验证错误信息,不再进行根据用户信息进行验证方式选择的步骤,由此减轻服务器端的负担。 [0095] When the initial authentication the authentication information output based on the initial service type or types of users is not obtained by directly returns an error message authentication, no authentication step performed according to user selection information, thereby reducing the burden on the server side .

[0096] 与本申请用户身份的验证方法的实施例相对应,本申请还提供了用户身份的验证装置的实施例。 [0096] The method of the present application and verification of the user identity corresponding to the embodiment, the present application also provides an embodiment of a user identity authentication apparatus. 本申请用户身份的验证装置通常可以设置在验证服务器中。 User identity verification apparatus of the present application may generally be provided in the authentication server.

[0097] 参见图4,为本申请用户身份的验证装置的第一实施例框图: A block diagram of a first embodiment of the verification device [0097] Referring to Figure 4, the present application user identity:

[0098] 该验证方式输出装置包括:接收单元410、搜索单元420、分析单元430、输出单元440和验证单元450。 [0098] The authentication output apparatus comprising: a receiving unit 410, a search unit 420, the analysis unit 430, an output unit 440 and the verification unit 450.

[0099] 其中,接收单元410,用于接收客户端发送的用户请求,所述用户请求中包含所述 [0099] The receiving unit 410 for receiving user requests sent by a client, the request including the user

9客户端的用户名; 9 client user name;

[0100] 获取单元420,用于根据所述用户名搜索对应的用户信息; [0100] acquiring unit 420, according to the user information for the user name corresponding to the search;

[0101] 分析单元430,用于分析所述用户信息; [0101] analysis unit 430 for analyzing the user information;

[0102] 输出单元440,用于根据所述用户信息的分析结果向所述客户端输出验证方式; [0102] The output unit 440 for output to the client authentication of the user according to the analysis result information;

[0103] 验证单元450,用于判断客户端根据所述验证方式返回的验证信息是否正确,若正确,则通过用户身份验证,否则,不通过用户身份验证。 [0103] verifying unit 450, configured to judge, according to the authentication mode client to return authentication information is correct, if correct, the user authentication, otherwise, without user authentication.

[0104] 参见图5,为本申请用户身份的验证装置的第二实施例框图: Verification means a block diagram of the second embodiment [0104] Referring to Figure 5, the present application user identity:

[0105] 该验证方式输出装置包括:保存单元510、接收单元520、验证单元530、搜索单元540、分析单元550和输出单元560。 [0105] The authentication output apparatus comprising: a storage unit 510, a receiving unit 520, the verification unit 530, a search unit 540, analyzing unit 550 and an output unit 560.

[0106] 其中,保存单元510,用于保存若干可执行的验证方式,以及每种验证方式所对应的风险级别; [0106] wherein the holding unit 510 for holding a plurality of executable authentication, and the risk level for each corresponding authentication;

[0107] 接收单元520,用于接收客户端发送的用户请求,所述用户请求中包含所述客户端的用户名和所请求的业务类型信息; [0107] The receiving unit 520 for receiving user requests sent by a client, the user of the client request includes the user name and type information of the requested service;

[0108] 输出单元560,用于根据所述业务类型信息输出与所述业务类型信息对应的初始验证方式; [0108] output unit 560, an initial authentication with the service type information output information corresponding to the service type according;

[0109] 接收单元520,还用于接收所述客户端根据所述初始验证方式返回的初始验证信息; [0109] The receiving unit 520 is further configured to receive the initial authentication information returned by the client according to the initial authentication;

[0110] 验证单元530,用于判断所述初始验证信息是否通过,若是,则触发所述搜索单元540的功能,否则,向所述客户端返回验证错误信息; [0110] verifying unit 530, configured to determine whether through the initial authentication information, and if yes, trigger the search function unit 540, otherwise, to the validation error message returned to the client;

[0111] 搜索单元540,用于当所述验证单元530的判断结果为是,根据所述用户名搜索对应的用户信息; [0111] search unit 540, configured to, when the determination result is YES verification unit 530, the user name information according to the search for the corresponding user;

[0112] 分析单元550,用于分析所述用户信息; [0112] analysis unit 550 for analyzing the user information;

[0113] 输出单元560,还用于根据所述用户信息的分析结果向所述客户端输出验证方式; [0113] The output unit 560 is further configured to output the client authentication of the user according to the analysis result information;

[0114] 验证单元,还用于判断客户端根据所述验证方式返回的验证信息是否正确,若正确,则通过用户身份验证,否则,不通过用户身份验证。 [0114] verification unit is further configured to determine based on the authentication client return authentication information is correct, if correct, the verification by the user, or, without passing through user authentication.

[0115] 具体的,所述搜索单元540还包括(图5中未示出):数据库查找单元,用于根据所述用户名查找数据库;信息获取单元,用于获取所述数据库中记录的与所述用户名对应的用户信息,所述用户信息包括用户属性分类信息、用户帐户价值信息、用户历史操作信息之一或其组合。 [0115] Specifically, the search unit 540 further comprises a (not shown in FIG. 5): the database searching unit configured to search the database based on the user name; product information acquiring unit configured to acquire and record in the database user information corresponding to the user name, the user information includes information, the information, one user attribute value of the user account user classification operation history information, or combinations thereof.

[0116] 具体的,所述分析单元550还包括(图5中未示出):风风险级别判断单元,用于根据所述用户信息判断所述用户请求对应的风险级别;验证方式查找单元,用于查找预先设置的验证方式及对应的风险级别,获取与所述用户请求对应的风险级别对应的验证方式。 [0116] Specifically, the analysis unit 550 further comprises a (not shown in FIG. 5): wind risk level determination means, for requesting a corresponding risk level is determined according to the user information of the user; authentication mode searching unit, authentication is used to find the level of risk and the corresponding set in advance, obtaining the level of risk corresponding to the user authentication mode corresponding to the request. 其中,所述风险级别判断单元在判断风险级别时,可以根据预设的评分规则,确定每种类型的用户信息的分数,将所述每种类型的用户信息的分数进行累加,将所述累加的结果值与预设的每种风险级别的分数范围进行匹配,获取与所述结果值匹配的风险级别。 Wherein, the risk level determination unit determines the level of risk at the time, based on pre-scoring rules, determining a score for each type of user information, and the score for each type of user information accumulating, the accumulated the result of the preset value with the range of scores for each level of risk of acquiring the matching result value of the risk level.

[0117] 通过以上的实施方式的描述可知,本申请实施例中接收客户端发送的包含用户名的用户请求,根据用户名搜索对应的用户信息,分析用户信息,并根据用户信息的分析结果向客户端输出验证方式,判断客户端根据验证方式返回的验证信息是否正确,若正确,则通过用户身份验证,否则,不通过用户身份验证。 [0117] By the above description of the embodiments shows that the user request comprises a user name Examples sent by a client of the present application, the user information of the user name search for the corresponding analyzes the user information, and based on the analysis of the user information to the output client authentication method to determine the client returns based on the verification way to verify the information is correct, if correct, the user authentication, otherwise, without user authentication. 本申请实施例不局限于仅向用户输出级别较高的单一验证方式,而是根据用户信息输出验证级别不同的验证方式,因此节约了系统进行用户身份验证时所耗费的系统资源,提高了身份验证的处理速度和效率;由于不必每次都操作复杂的验证方式,因此也提高了用户的验证体验,并且由于验证方式不唯一,因此在保证了验证安全性的同时,也提高了验证系统的验证灵活性。 Example embodiments of the present application is not limited only to the output of a single higher level user authentication, but depending on the user authentication level information output mode, thus saving system resources for user authentication system expended to improve the identity verification processing speed and efficiency; since no complicated operation every time authentication mode, and therefore improves the user experience authentication, and authentication is not unique since, thus ensuring the security and to verify, but also to improve the verification system verify flexibility.

[0118] 通过以上的实施方式的描述可知,本领域的技术人员可以清楚地了解到本申请可借助软件加必需的通用硬件平台的方式来实现。 [0118] By the above described embodiments can be seen, those skilled in the art can understand that the present application may be implemented by software plus a necessary universal hardware platform. 基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例或者实施例的某些部分所述的方法。 Based on such understanding, the technical solutions of the present application or the nature of the part contributing to the prior art may be embodied in a software product, which computer software product may be stored in a storage medium such as ROM / RAM, magnetic disk, , an optical disc, and includes several instructions that enable a computer device (may be a personal computer, a server, or network device) method for each application of the present embodiment or embodiments certain portions of the described embodiment is performed.

[0119] 本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。 [0119] In the present specification, various embodiments are described in a progressive manner, similar portions of the same between the various embodiments refer to each other, are different from the embodiment and the other embodiments described each embodiment focus. 尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。 In particular, for embodiments of the system, since they are substantially similar to the method embodiments, the description is relatively simple, some embodiments of the methods see relevant point can be described.

[0120] 本申请可用于众多通用或专用的计算系统环境或配置中。 [0120] The present application can be used in numerous general purpose or special purpose computing system environments or configurations. 例如:个人计算机、服务器计算机、手持设备或便携式设备、平板型设备、多处理器系统、基于微处理器的系统、置顶盒、可编程的消费电子设备、网络PC、小型计算机、大型计算机、包括以上任何系统或设备的分布式计算环境等等。 For example: personal computers, server computers, handheld or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics, network PC, minicomputers, mainframe computers, comprising any of the above systems or devices, the distributed computing environment.

[0121] 本申请可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。 [0121] The present application may be described in the general context of computer-executable instructions, executed by a computer, such as program modules. 一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。 Generally, program modules include performing particular tasks or implement particular abstract data types routines, programs, objects, components, data structures, and the like. 也可以在分布式计算环境中实践本申请,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。 This application may be practiced in a distributed computing environment, the distributed computing environments, where tasks are performed by remote processing devices that are linked through a communications network. 在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。 In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices in.

[0122] 虽然通过实施例描绘了本申请,本领域普通技术人员知道,本申请有许多变形和变化而不脱离本申请的精神,希望所附的权利要求包括这些变形和变化而不脱离本申请的精神。 [0122] While the present application is depicted by way of example, those of ordinary skill in the art that the present application many modifications and variations without departing from the spirit of the present disclosure, intended that the appended claims include such modifications and variations are possible without departing from the present application the spirit of.

Claims (11)

1. 一种用户身份的验证方法,其特征在于,包括:接收客户端发送的用户请求,所述用户请求中包含所述客户端的用户名; 根据所述用户名搜索对应的用户信息; 分析所述用户信息;根据所述用户信息的分析结果向所述客户端输出验证方式;判断客户端根据所述验证方式返回的验证信息是否正确,若正确,则通过用户身份验证,否则,不通过用户身份验证。 A user identity authentication method comprising: receiving a user request sent by a client, the user request includes a user name of the client; user name information according to the search for the corresponding user; analysis said user information; the analysis result of the user information to the client authentication mode output; analyzing returned by the client to the authentication mode according to the authentication information is correct, if correct, the user authentication, otherwise, the user is not Authentication.
2.根据权利要求1所述的方法,其特征在于,所述根据用户名搜索对应的用户信息包括:根据所述用户名查找数据库;获取所述数据库中记录的与所述用户名对应的用户信息,所述用户信息包括用户属性分类信息、用户帐户价值信息、用户历史操作信息之一或其组合。 2. The method according to claim 1, wherein the user information includes a user name corresponding to the search: Find a database according to the user name; obtaining a corresponding user and the user name recorded in the database information, the user information includes user attribute information classification information, one user operation history information of the user account value, or combinations thereof.
3.根据权利要求1所述的方法,其特征在于,还包括:保存若干可执行的验证方式,以及每种验证方式所对应的风险级别。 3. The method according to claim 1, characterized in that, further comprising: a plurality of executable authentication saved, and risk level corresponding to each authentication.
4.根据权利要求2所述的方法,其特征在于,所述分析用户信息包括: 根据所述用户信息判断所述用户请求对应的风险级别;查找预先设置的验证方式及对应的风险级别,获取与所述用户请求对应的风险级别对应的验证方式。 4. The method according to claim 2, wherein said analyzing subscriber information comprises: determining whether the user information based on the risk level corresponding to the user request; lookup risk level authentication is set in advance and the corresponding acquires corresponding to the level of risk corresponding to the authentication request user.
5.根据权利要求4所述的方法,其特征在于,所述根据用户信息判断所述用户请求对应的风险级别包括:根据预设的评分规则,确定每种类型的用户信息的分数; 将所述每种类型的用户信息的分数进行累加;将所述累加的结果值与预设的每种风险级别的分数范围进行匹配,获取与所述结果值匹配的风险级别。 The method according to claim 4, characterized in that, according to the user information corresponding to said user request determining risk level comprising: a score according to a preset rule, determining a score for each type of user information; The said fraction of each type of user information accumulating; the accumulated result value with a preset level of risk for each match score range, obtaining the results of the risk level values ​​match.
6.根据权利要求1所述的方法,其特征在于,所述用户请求中还包括所请求的业务类型信息,所述接收客户端发送的用户请求信息后,还包括:根据所述业务类型信息输出与所述业务类型信息对应的初始验证方式; 接收所述客户端根据所述初始验证方式返回的初始验证信息; 判断所述初始验证信息是否通过,若是,则执行所述根据用户名搜索对应的用户信息的操作,否则,向所述客户端返回验证错误信息。 6. The method according to claim 1, wherein the user request further comprises service type requested information, the user receives the request information sent by the client, further comprising: according to the service type information output of the initial service type information corresponding to the authentication mode; receiving the client returns to the initial authentication according to the initial authentication information; determining whether through the initial authentication information, if yes, executing the search for the corresponding user name the user operation information, otherwise, the client returns to the validation error.
7. 一种用户身份的验证装置,其特征在于,包括:接收单元,用于接收客户端发送的用户请求,所述用户请求中包含所述客户端的用户名;搜索单元,用于根据所述用户名搜索对应的用户信息; 分析单元,用于分析所述用户信息;输出单元,用于根据所述用户信息的分析结果向所述客户端输出验证方式; 验证单元,用于判断客户端根据所述验证方式返回的验证信息是否正确,若正确,则通过用户身份验证,否则,不通过用户身份验证。 A user identity authentication apparatus comprising: a receiving unit configured to receive a user request sent by a client, the user request includes a user name of the client; search unit, according to the searching the user information corresponding to the user name; an analysis unit for analyzing the user information; an output unit configured to verify the client terminal outputs the analysis result to the user mode information; verifying unit configured to determine according to the client the return of authentication to verify the information is correct, if correct, verified user, otherwise, without user authentication.
8.根据权利要求7所述的装置,其特征在于,所述搜索单元包括:数据库查找单元,用于根据所述用户名查找数据库;信息获取单元,用于获取所述数据库中记录的与所述用户名对应的用户信息,所述用户信息包括用户属性分类信息、用户帐户价值信息、用户历史操作信息之一或其组合。 8. The apparatus according to claim 7, wherein said search unit comprises: a database search unit configured to search the database based on the user name; product information acquiring unit for acquiring the records in the database and the said user information corresponding to the user name, the user information includes user attribute information classification information, one user operation history information of the user account value, or combinations thereof.
9.根据权利要求7所述的装置,其特征在于,还包括:保存单元,用于保存若干可执行的验证方式,以及每种验证方式所对应的风险级别。 9. The apparatus according to claim 7, characterized in that, further comprising: a storage unit for storing a plurality of executable authentication, validation and risk level for each corresponding manner.
10.根据权利要求9所述的装置,其特征在于,所述分析单元包括:风险级别判断单元,用于根据所述用户信息判断所述用户请求对应的风险级别; 验证方式查找单元,用于查找预先设置的验证方式及对应的风险级别,获取与所述用户请求对应的风险级别对应的验证方式。 10. The apparatus according to claim 9, wherein the analysis unit comprises: risk level determination means, for requesting a corresponding risk levels according to the user information to determine the user; authentication mode searching unit for Find the risk level and the authentication mode is set in advance corresponding to obtain the level of risk corresponding to the user authentication mode corresponding to the request.
11.根据权利要求7所述的装置,其特征在于,所述接收单元接收的用户请求中还包括所请求的业务类型信息;所述输出单元,还用于根据所述业务类型信息输出与所述业务类型信息对应的初始验证方式;所述接收单元,还用于接收所述客户端根据所述初始验证方式返回的初始验证信息; 所述验证单元,还用于判断所述初始验证信息是否通过,若是,则触发所述搜索单元的功能,否则,向所述客户端返回验证错误信息。 11. The apparatus according to claim 7, wherein the reception unit receives the user request further comprises service type of the requested information; the output unit further outputs type information for said service in accordance with the service type information corresponding to said initial authentication; the receiving unit is further configured to receive the initial authentication information returned by the client according to the initial authentication; the verification unit is further configured to determine whether the initial verification information through, and if so, the search function unit is triggered, otherwise, returned to the client validation error message.
CN201010240235XA 2010-07-28 2010-07-28 Verification method of user identity and apparatus thereof CN102347929A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010240235XA CN102347929A (en) 2010-07-28 2010-07-28 Verification method of user identity and apparatus thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010240235XA CN102347929A (en) 2010-07-28 2010-07-28 Verification method of user identity and apparatus thereof

Publications (1)

Publication Number Publication Date
CN102347929A true CN102347929A (en) 2012-02-08

Family

ID=45546223

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010240235XA CN102347929A (en) 2010-07-28 2010-07-28 Verification method of user identity and apparatus thereof

Country Status (1)

Country Link
CN (1) CN102347929A (en)

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102684882A (en) * 2012-05-16 2012-09-19 中国科学院计算机网络信息中心 Verifying method and verifying equipment
CN103051621A (en) * 2012-12-20 2013-04-17 苏州亿倍信息技术有限公司 Method and system for authenticating and processing network conference
CN103051622A (en) * 2012-12-20 2013-04-17 苏州亿倍信息技术有限公司 Method and system for authenticating network conference
CN103067515A (en) * 2012-12-31 2013-04-24 广州杰赛科技股份有限公司 Humanized system login method
CN103684981A (en) * 2012-09-21 2014-03-26 腾讯科技(深圳)有限公司 Instant messaging interactive method, system and server
CN103679437A (en) * 2012-09-13 2014-03-26 阿里巴巴集团控股有限公司 Data processing method and data processing system
CN103685146A (en) * 2012-09-03 2014-03-26 中国银联股份有限公司 Data processing device and data processing method for safety information interaction
CN104113418A (en) * 2014-07-15 2014-10-22 浪潮通用软件有限公司 Rule-configuration-based compound identity authentication method in ERP (enterprise resource planning) system
CN104184705A (en) * 2013-05-23 2014-12-03 腾讯科技(深圳)有限公司 Verification method, apparatus, server, user data center and system
CN104426884A (en) * 2013-09-03 2015-03-18 深圳市腾讯计算机系统有限公司 Method for authenticating identity and device for authenticating identity
CN104426859A (en) * 2013-08-26 2015-03-18 深圳市腾讯计算机系统有限公司 Request authorization method and apparatus, and server
CN104580118A (en) * 2013-10-28 2015-04-29 深圳市腾讯计算机系统有限公司 Method and device for recommending password change mode
CN104580075A (en) * 2013-10-14 2015-04-29 深圳市腾讯计算机系统有限公司 User login validation method, device and system
CN104580091A (en) * 2013-10-21 2015-04-29 深圳市腾讯计算机系统有限公司 Identity verification method, device and system
CN104639521A (en) * 2013-11-15 2015-05-20 腾讯科技(深圳)有限公司 Application safety verification method and system, application server and application client
CN104811428A (en) * 2014-01-28 2015-07-29 阿里巴巴集团控股有限公司 Method, device and system for verifying client identity by social relation data
CN105391724A (en) * 2015-11-25 2016-03-09 用友网络科技股份有限公司 Authorization management method and authorization management device used for information system
CN105516138A (en) * 2015-12-09 2016-04-20 赛肯(北京)科技有限公司 Verification method and device based on login log analysis
CN105610806A (en) * 2015-12-23 2016-05-25 北京奇虎科技有限公司 Method and device for generating verification code
CN105678544A (en) * 2015-12-31 2016-06-15 深圳前海微众银行股份有限公司 Risk monitoring method of remote account opening and server
CN105791270A (en) * 2016-02-19 2016-07-20 沈文策 Verification method and system for entering into circle live broadcast room
CN105978866A (en) * 2016-04-28 2016-09-28 北京网康科技有限公司 User access control implementation method, system and third party user server
CN106230868A (en) * 2016-09-29 2016-12-14 广州鹤互联网科技有限公司 A kind of sign-off initiates user management method and equipment
CN106453278A (en) * 2016-09-23 2017-02-22 财付通支付科技有限公司 Information verification method and verification platform
CN106469261A (en) * 2015-08-21 2017-03-01 阿里巴巴集团控股有限公司 A kind of auth method and device
CN106888223A (en) * 2017-04-26 2017-06-23 维沃移动通信有限公司 User account login method and mobile terminal
CN106910071A (en) * 2017-01-11 2017-06-30 中国建设银行股份有限公司 The verification method and device of user identity
CN107124420A (en) * 2017-05-10 2017-09-01 北京潘达互娱科技有限公司 Auth method and device
CN107241336A (en) * 2017-06-19 2017-10-10 广州市百果园信息技术有限公司 Auth method and device
CN107240023A (en) * 2016-03-29 2017-10-10 平安科技(深圳)有限公司 client identity confirmation method, device and system
CN107341384A (en) * 2016-04-28 2017-11-10 苏宁云商集团股份有限公司 A kind of service verification method and system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1501656A (en) * 2002-11-19 2004-06-02 华为技术有限公司 A method choosing 802.1X authentication mode
CN1642080A (en) * 2004-01-05 2005-07-20 英业达股份有限公司 Multi-user-type unified authenticating system and method thereof
CN1688953A (en) * 2002-10-30 2005-10-26 国际商业机器公司 Methods and apparatus for dynamic user authentication
CN101079172A (en) * 2007-07-20 2007-11-28 中国建设银行股份有限公司 Self-aid service system and on-line transaction method
US20070277224A1 (en) * 2006-05-24 2007-11-29 Osborn Steven L Methods and Systems for Graphical Image Authentication
CN101084643A (en) * 2004-12-21 2007-12-05 Emue控股集团公司 Authentication device and/or method
CN101453334A (en) * 2008-11-28 2009-06-10 国网信息通信有限公司 Access management method and system based Novell network
CN101546261A (en) * 2008-10-10 2009-09-30 华中科技大学 Secure web page tag library system supported by multiple strategies
CN101651541A (en) * 2008-08-14 2010-02-17 中华电信股份有限公司 System and method for authentication of network user

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1688953A (en) * 2002-10-30 2005-10-26 国际商业机器公司 Methods and apparatus for dynamic user authentication
CN1501656A (en) * 2002-11-19 2004-06-02 华为技术有限公司 A method choosing 802.1X authentication mode
CN1642080A (en) * 2004-01-05 2005-07-20 英业达股份有限公司 Multi-user-type unified authenticating system and method thereof
CN101084643A (en) * 2004-12-21 2007-12-05 Emue控股集团公司 Authentication device and/or method
US20070277224A1 (en) * 2006-05-24 2007-11-29 Osborn Steven L Methods and Systems for Graphical Image Authentication
CN101079172A (en) * 2007-07-20 2007-11-28 中国建设银行股份有限公司 Self-aid service system and on-line transaction method
CN101651541A (en) * 2008-08-14 2010-02-17 中华电信股份有限公司 System and method for authentication of network user
CN101546261A (en) * 2008-10-10 2009-09-30 华中科技大学 Secure web page tag library system supported by multiple strategies
CN101453334A (en) * 2008-11-28 2009-06-10 国网信息通信有限公司 Access management method and system based Novell network

Cited By (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102684882B (en) * 2012-05-16 2016-08-03 中国科学院计算机网络信息中心 Verification method and checking equipment
CN102684882A (en) * 2012-05-16 2012-09-19 中国科学院计算机网络信息中心 Verifying method and verifying equipment
CN103685146A (en) * 2012-09-03 2014-03-26 中国银联股份有限公司 Data processing device and data processing method for safety information interaction
CN103685146B (en) * 2012-09-03 2017-02-08 中国银联股份有限公司 Data processing device and data processing method for safety information interaction
CN103679437A (en) * 2012-09-13 2014-03-26 阿里巴巴集团控股有限公司 Data processing method and data processing system
WO2014044148A1 (en) * 2012-09-21 2014-03-27 腾讯科技(深圳)有限公司 Instant messaging interaction method and system, server and storage medium
US10057196B2 (en) 2012-09-21 2018-08-21 Tencent Technology (Shenzhen) Company Limited Instant messaging interaction method, system, server, and storage medium
CN103684981A (en) * 2012-09-21 2014-03-26 腾讯科技(深圳)有限公司 Instant messaging interactive method, system and server
CN103684981B (en) * 2012-09-21 2017-12-01 腾讯科技(深圳)有限公司 Instant communication interdynamic method, system and server
CN103051621A (en) * 2012-12-20 2013-04-17 苏州亿倍信息技术有限公司 Method and system for authenticating and processing network conference
CN103051622A (en) * 2012-12-20 2013-04-17 苏州亿倍信息技术有限公司 Method and system for authenticating network conference
CN103067515A (en) * 2012-12-31 2013-04-24 广州杰赛科技股份有限公司 Humanized system login method
CN104184705A (en) * 2013-05-23 2014-12-03 腾讯科技(深圳)有限公司 Verification method, apparatus, server, user data center and system
CN104426859A (en) * 2013-08-26 2015-03-18 深圳市腾讯计算机系统有限公司 Request authorization method and apparatus, and server
CN104426859B (en) * 2013-08-26 2019-09-20 深圳市腾讯计算机系统有限公司 Request authorization method, device and server
CN104426884A (en) * 2013-09-03 2015-03-18 深圳市腾讯计算机系统有限公司 Method for authenticating identity and device for authenticating identity
CN104580075A (en) * 2013-10-14 2015-04-29 深圳市腾讯计算机系统有限公司 User login validation method, device and system
CN104580091B (en) * 2013-10-21 2019-11-08 深圳市腾讯计算机系统有限公司 A kind of auth method, device, system and storage medium
CN104580091A (en) * 2013-10-21 2015-04-29 深圳市腾讯计算机系统有限公司 Identity verification method, device and system
CN104580118A (en) * 2013-10-28 2015-04-29 深圳市腾讯计算机系统有限公司 Method and device for recommending password change mode
CN104580118B (en) * 2013-10-28 2018-08-17 深圳市腾讯计算机系统有限公司 A kind of recommendation method and device of password modification mode
WO2015070598A1 (en) * 2013-11-15 2015-05-21 Tencent Technology (Shenzhen) Company Limited An application security verification method, application server, application client and system
CN104639521A (en) * 2013-11-15 2015-05-20 腾讯科技(深圳)有限公司 Application safety verification method and system, application server and application client
CN104811428A (en) * 2014-01-28 2015-07-29 阿里巴巴集团控股有限公司 Method, device and system for verifying client identity by social relation data
CN104113418A (en) * 2014-07-15 2014-10-22 浪潮通用软件有限公司 Rule-configuration-based compound identity authentication method in ERP (enterprise resource planning) system
CN106469261A (en) * 2015-08-21 2017-03-01 阿里巴巴集团控股有限公司 A kind of auth method and device
CN105391724A (en) * 2015-11-25 2016-03-09 用友网络科技股份有限公司 Authorization management method and authorization management device used for information system
CN105391724B (en) * 2015-11-25 2019-04-16 用友网络科技股份有限公司 Authorization management method and empowerment management device for information system
CN105516138A (en) * 2015-12-09 2016-04-20 赛肯(北京)科技有限公司 Verification method and device based on login log analysis
CN105516138B (en) * 2015-12-09 2019-02-15 广州密码科技有限公司 A kind of verification method and device based on login log analysis
CN105610806A (en) * 2015-12-23 2016-05-25 北京奇虎科技有限公司 Method and device for generating verification code
CN105678544A (en) * 2015-12-31 2016-06-15 深圳前海微众银行股份有限公司 Risk monitoring method of remote account opening and server
CN105791270A (en) * 2016-02-19 2016-07-20 沈文策 Verification method and system for entering into circle live broadcast room
CN107240023A (en) * 2016-03-29 2017-10-10 平安科技(深圳)有限公司 client identity confirmation method, device and system
CN105978866A (en) * 2016-04-28 2016-09-28 北京网康科技有限公司 User access control implementation method, system and third party user server
CN107341384A (en) * 2016-04-28 2017-11-10 苏宁云商集团股份有限公司 A kind of service verification method and system
CN105978866B (en) * 2016-04-28 2019-04-23 北京网康科技有限公司 A kind of method and system of user access control, third party's client server
CN106453278A (en) * 2016-09-23 2017-02-22 财付通支付科技有限公司 Information verification method and verification platform
CN106453278B (en) * 2016-09-23 2019-04-30 财付通支付科技有限公司 Information Authentication method and verification platform
CN106230868A (en) * 2016-09-29 2016-12-14 广州鹤互联网科技有限公司 A kind of sign-off initiates user management method and equipment
CN106910071A (en) * 2017-01-11 2017-06-30 中国建设银行股份有限公司 The verification method and device of user identity
CN106888223A (en) * 2017-04-26 2017-06-23 维沃移动通信有限公司 User account login method and mobile terminal
CN107124420A (en) * 2017-05-10 2017-09-01 北京潘达互娱科技有限公司 Auth method and device
CN107241336A (en) * 2017-06-19 2017-10-10 广州市百果园信息技术有限公司 Auth method and device

Similar Documents

Publication Publication Date Title
TWI227986B (en) Device independent authentication system and method
US9665868B2 (en) One-time use password systems and methods
US9124582B2 (en) Mobile security fob
US9471920B2 (en) Transaction assessment and/or authentication
EP2748781B1 (en) Multi-factor identity fingerprinting with user behavior
JP4972320B2 (en) Method and system for integrating multiple identification indicators, identification mechanisms, and identification providers in a single user paradigm
US8516377B2 (en) Indicating Website reputations during Website manipulation of user information
CN101146108B (en) Method, system for authenticating a user seeking to perform an electronic service request
US8438499B2 (en) Indicating website reputations during user interactions
US7765481B2 (en) Indicating website reputations during an electronic commerce transaction
US9824199B2 (en) Multi-factor profile and security fingerprint analysis
US8756661B2 (en) Dynamic user authentication for access to online services
US10341370B2 (en) Human-assisted entity mapping
JP4039632B2 (en) Authentication system, server, authentication method and program
US20080010678A1 (en) Authentication Proxy
JP2012501010A (en) Method and service integration platform system for providing internet services
JP2009527850A (en) Identification of information including reputation information
US20160255078A1 (en) Method and system for verifying an account operation
CN103179134A (en) Single sign on method and system based on Cookie and application server thereof
WO2006119481A2 (en) Indicating website reputations within search results
CN105099673A (en) Authorization method, authorization requesting method and devices
US8489740B2 (en) Method and an apparatus to generate message authentication codes at a proxy server for validating a web session
US9154470B2 (en) System and method for processing transactions
CN101751629A (en) Method and system for authenticating multifactor with changing unique values
US8793759B2 (en) Authentication collaboration system and ID provider device

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1163966

Country of ref document: HK

C12 Rejection of a patent application after its publication
REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1163966

Country of ref document: HK