CN105516133A - User identity verification method, server and client - Google Patents
User identity verification method, server and client Download PDFInfo
- Publication number
- CN105516133A CN105516133A CN201510897091.8A CN201510897091A CN105516133A CN 105516133 A CN105516133 A CN 105516133A CN 201510897091 A CN201510897091 A CN 201510897091A CN 105516133 A CN105516133 A CN 105516133A
- Authority
- CN
- China
- Prior art keywords
- user
- client
- good friend
- module
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The invention discloses a user identity verification method, a server and a client. The method is applied to the server, and comprises the steps of receiving a user identity verification request, aiming at a user, sent by a first client; determining a credible friend of the user according to the user identity verification request; obtaining a problem for verifying the user identity and a verification answer corresponding to the problem from a second client where the credible friend is located; sending the problem to the first client; receiving the answer, which is input by the user, sent by the first client; and determining that whether the identity verification of the user is successful according to that whether the answer input by the user is matched with the verification answer. By using the method provided by the invention, the resource utilization rate of the device can be improved, and the security of the user account and the validity of the identity verification can be improved.
Description
Technical field
The application relates to areas of information technology, particularly relates to the verification method of user identity, server and client.
Background technology
When user logs in client on the terminal device, need to verify the identity of user.At present, the verification mode used comprises: password, cryptoguard problem, password protection mobile phone etc.
When using its identity of codon pair of user's input to verify, there is the risk revealed, crack in the password inputted.Such as, when user uses JICQ and good friend to carry out interaction on the internet, the password of input is formed, easily by hack by numeral and password combination usually.In addition, due to the limited length of password, and user can not change password within a period of time usually, and password is easily revealed.
When giving password for change, the mode of can access to your password protection problem and ciphered cell phone.But, if user does not use for a long time after arranging cryptoguard problem, be easy to forget the initial correct option arranged, and this answer is also easily by hack.And for the mode of ciphered cell phone, if mobile phone is lost, also there is very high stolen risk in account.
Visible, all there is the possibility that account is stolen, identifying code is revealed or malice cracks in the mode of above-mentioned three kinds of identifying user identities, therefore fail safe is lower.
Summary of the invention
In view of this, the invention provides a kind of verification method of user identity, server and client, the resource utilization of equipment can be improved, ensure the fail safe of user account and the validity of authentication.
Technical scheme of the present invention is achieved in that
The invention provides a kind of verification method of user identity, be applied to server, comprising: receive the subscriber authentication request for a user that the first client sends; The credible good friend of this user is determined according to described subscriber authentication request; Obtain for verifying the problem of this user identity and the Validation Answer Key corresponding with described problem from second client at described credible good friend place; Described problem is sent to described first client; Receive the answer of this user input that described first client sends; And whether the answer inputted according to this user and described Validation Answer Key mate is determined whether this user passes through authentication.
Present invention also offers a kind of verification method of user identity, be applied to the first client, comprise: the solicit operation receiving user, subscriber authentication request is sent to server, the credible good friend of this user is determined according to described subscriber authentication request to make described server, obtain for verifying the problem of this user identity and the Validation Answer Key corresponding with described problem from second client at described credible good friend place, and described problem is sent to described first client; Receive and export the described problem that described server returns; Receive the answer that this user inputs for described problem; And send the answer of this user input to described server, whether the answer inputted according to this user to make described server and described Validation Answer Key mate is determined whether this user passes through authentication.
Invention further provides a kind of server, comprising: receiver module, for receiving the subscriber authentication request for a user that the first client sends; With, receive the answer of this user input that described first client sends; Determination module, the credible good friend of this user is determined in the subscriber authentication request for receiving according to described receiver module; Acquisition module, the second client for the credible good friend place determined from described determination module obtains for verifying the problem of this user identity and the Validation Answer Key corresponding with described problem; Sending module, the problem for being got by described acquisition module sends to described first client; And authentication module, whether the answer that this user for receiving according to described receiver module inputs and the Validation Answer Key that described acquisition module gets mate is determined whether this user passes through authentication.
The invention provides a kind of client, comprising: subscriber interface module, sending module and receiver module, wherein: described subscriber interface module, for receiving the solicit operation of user; With, export the problem that described receiver module receives, and receive the answer that this user inputs for described problem; Described sending module, for the solicit operation received in response to described subscriber interface module, subscriber authentication request is sent to server, the credible good friend of this user is determined according to described subscriber authentication request to make described server, obtain for verifying the described problem of this user identity and the Validation Answer Key corresponding with described problem from the client at described credible good friend place, and described in described problem being sent to, be used for the client of subscriber authentication; With, send the answer of this user input that described subscriber interface module receives to described server, whether the answer inputted according to this user to make described server and described Validation Answer Key mate is determined whether this user passes through authentication; And receiver module, for receiving the described problem that described server returns, and exports described problem by described subscriber interface module.
Compared with prior art, the present invention utilizes the relation chain between good friend and Confidential Talk to carry out authentication, reduce in conventional method the possibility that the verification mode such as to access to your password easily is revealed and cracked, greatly ensure the fail safe of user account and the validity of authentication, and improve the resource utilization of terminal equipment and server.
Accompanying drawing explanation
The implementation environment schematic diagram of Fig. 1 involved by the embodiment of the present invention;
Fig. 2 is the schematic flow sheet of the verification method of the user identity of foundation one embodiment of the invention;
Fig. 3 a is the interface schematic diagram of the first client transmission subscriber authentication request according to one embodiment of the invention;
Fig. 3 b is the interface schematic diagram inputting problem for authentication and answer in the second client according to one embodiment of the invention;
Fig. 3 c is the interface schematic diagram that in the first client according to one embodiment of the invention, user answers the question;
Fig. 4 is the sequential chart of the verification method of the user identity of foundation one embodiment of the invention;
Fig. 5 is the time diagram of the verification method of the user identity of foundation another embodiment of the present invention;
Fig. 6 is the schematic flow sheet of the method for the subscriber authentication of foundation another embodiment of the present invention;
Fig. 7 is the composition schematic diagram of the server according to one embodiment of the invention;
Fig. 8 is the composition schematic diagram of the server according to another embodiment of the present invention;
Fig. 9 is the hardware configuration schematic diagram of the server according to one embodiment of the invention;
Figure 10 is the composition schematic diagram of the client according to the present invention one example;
Figure 11 is the hardware configuration schematic diagram of the client according to the present invention one example;
Figure 12 is the composition schematic diagram of the subscriber identity authentication system of the client of foundation the present invention one example.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
The implementation environment schematic diagram of Fig. 1 involved by the embodiment of the present invention.See Fig. 1, this subscriber identity authentication system 100 comprises: the first client 101 run in first user terminal 102, subscriber authentication server 103, customer data base 104 and the second client 105 run on the second user terminal 106.
When carrying out subscriber authentication, first client 101 sends subscriber authentication request in response to the operation of user to subscriber authentication server 103, subscriber authentication server 103 is receiving the related data of subscriber authentication request rear line database 104 acquisition request user, as the friend relation chain of user, the social record of user, account safety record, subscriber authentication server 103 determines the credible good friend of the user of use first client 101 according to the data obtained, and send validation problem acquisition request to credible good friend place second client 105, after the problem obtaining the user identity for verifying use first client 101 from the second client 105 and Validation Answer Key, this problem is sent to the first client 101, then the Validation Answer Key that the answer returned based on the first client 101 and the second client 105 return determines that whether this user identity is by checking.
Wherein, first user terminal 102 and the second user terminal 106 can be independent subscriber authentication equipment, also can be arbitrary electronic equipments with subscriber authentication function, include but not limited to smart mobile phone, palmtop PC, panel computer etc.
When a kind of implementation, first user terminal 102 and the second user terminal 106 can be same subscriber terminal equipments, and now the first client 101 and the second client 105 are the same clients logged in by a user and credible good friend thereof respectively.
Subscriber authentication server 103 can be communicated with first user terminal 102, second user terminal 106 by wireless with wired mode.
Fig. 2 is the schematic flow sheet of the verification method of the user identity of foundation one embodiment of the invention.The method is applied to server.See Fig. 2, the method comprises:
Step 201, receive first client send the subscriber authentication request for a user.
In one embodiment, subscriber authentication request carries the log-on message of this user.Fig. 3 a is interface 310 schematic diagram of the first client transmission subscriber authentication request according to one embodiment of the invention.User logs in the first client, user name is inputted as its log-on message in square frame 311, it is such as the individual pet name with numeral and monogram, then the button of " request authentication " in square frame 312 is clicked, such first client, after receiving the clicking operation of user, sends the subscriber authentication request carrying this user name to server.
Step 202, determine the credible good friend of this user according to subscriber authentication request.
In one embodiment, server reads this log-on message entrained by subscriber authentication request, as the user name of this user, then searches the friend relation chain obtaining this user according to user name.Such as, a kind of mode of searching is the friend relation chain of server to this user of customer data base acquisition request, receives the friend relation chain that customer data base returns.Then, server filters out the one or more credible good friend of this user from this friend relation chain according to the screening strategy preset.
In another kind of embodiment, server can pre-determine out the credible good friend of each user.Be specially, obtain the friend relation chain of each user from customer data base, from each friend relation chain, filter out the one or more credible good friend of respective user according to screening strategy, and store the credible friend information of each user.After receiving subscriber authentication request, from stored credible friend information, search the credible good friend obtained corresponding to this user according to log-on message.
Above-mentioned screening strategy can comprise following three kinds of execution modes.
Execution mode one, determines the social cohesion of this user and each good friend according to the social activity record of good friend each in user and friend relation chain thereof, the good friend social cohesion being greater than predetermined threshold value is defined as credible good friend.
Particularly, server can to the social record of this good friend of customer data base request, then server according to from customer data base request to social activity record determine social cohesion.Or, customer data base is except preserving the social record of each good friend in each user and friend relation chain thereof, and determine further and preserve the social cohesion of this user and each good friend, now, server can obtain the social cohesion of this user and each good friend directly to customer data base request, the good friend then social cohesion being greater than predetermined threshold value is defined as credible good friend.
The comment etc. that the chat record that can comprise user and good friend is recorded in this social activity, the information being positioned at same group is delivered record, delivered for counter-party information.Determined social cohesion can be delivered record and make comments total degree for the information within a period of time in above-mentioned chat record, same group, or the number of times sum after being weighted according to the weight of above-mentioned three kinds of social informations.Now, predetermined threshold value can be the number of times in this time period after statistical average, and such as, in nearest one month, frequency threshold value is 500 times.Whether this social cohesion based on total degree may be used for indicating between recent user and this good friend frequent interactive.
Or social cohesion can deliver the number of days sum after record and total number of days at date place of making comments or weighting for information within long period of time in above-mentioned chat record, same group.Now, predetermined threshold value can be the number of days in this time period after statistical average, and such as, within nearest half a year, number of days threshold value is 80 days.This social cohesion based on total number of days may be used for the long-term interaction frequency between indicating user and this good friend.
Execution mode two, the account safety record of each good friend in friend relation chain according to user in predetermined amount of time, determine that the account of each good friend in this predetermined amount of time is stolen and/or issue the total degree of invalid information, the good friend this total degree being less than predetermined threshold value is defined as credible good friend.
Server can obtain the account safety record of each good friend to customer data base request, record that is stolen by the account of each good friend and/or issue invalid information judges whether this account is in a safe condition within a period of time, determine good friend in a safe condition for account as credible good friend, wherein, can be half a year or 1 year in predetermined amount of time, predetermined threshold value can be that account is stolen and/or issue the threshold value of invalid information number of times, and such as within half a year, predetermined threshold value is 1 time.
Execution mode three, determine the social cohesion of this user and each good friend according to the social activity record of good friend each in user and friend relation chain thereof, social cohesion is greater than predetermined threshold value and account is stolen and/or issue the good friend that the total degree of invalid information is less than predetermined threshold value and be defined as credible good friend within a predetermined period of time.
Step 203, to obtain for verifying the problem of this user identity and the Validation Answer Key corresponding with problem from second client at credible good friend place, and problem being sent to the first client.
Server is after receiving subscriber authentication request, send validation problem to the second client and obtain request, receive problem and Validation Answer Key that the second client returns and respectively as sending to the Validation Answer Key used when the problem of the first client and checking.
Such as, in a concrete scene, client is instant communication software QQ, and a recent user uses QQ and its good friend to chat, and link up the matters about handling Canadian immigrant visa, this good friend learns that this user has handled visa in the recent period.So can carry out authentication to the user logging in QQ by the enquirement of this good friend.Fig. 3 b is interface 320 schematic diagram inputting problem for authentication and answer in the second client according to one embodiment of the invention.In the interface 320 of the second client display, remind good friend's " being the identity of your good friend * * * of checking; your problem and answer please be provided ", problem is inputted in square frame 321, as " nearest Canadian immigrant visa has been finished? ", in square frame 322, input answer "Yes" as Validation Answer Key simultaneously, and click confirming button, then the second client end response is in user operation, the problems referred to above and answer is returned to the authentication that server is used for the first client.
Server sends to the problem of the first client can be multiple.Such as, the credible good friend determined is for multiple, and such as 3-4, each credible good friend provides a problem and answer thereof.And for example, the credible good friend determined is one, and this good friend place second user end to server provides multiple problem and answer thereof.
The answer that step 204, this user receiving the first client transmission input, whether the answer inputted according to this user and Validation Answer Key mate is determined whether this user passes through authentication.
Fig. 3 c is interface 330 schematic diagram that in the first client according to one embodiment of the invention, user answers the question.First client exports the problem received from server in interface 330, prompting user " in order to verify your identity; following problem please be answer ", showing problem in square frame 331, as " nearest Canadian immigrant visa has been finished? ", in square frame 332, input the answer of this user simultaneously, and click confirming button, then the first client end response is in user operation, sends to server to carry out authentication further inputted answer.
If the account is safe, so user will input answer "Yes" in square frame 332, send to server to carry out authentication further this answer.Corresponding to Fig. 3 b, the Validation Answer Key given by credible good friend is also "Yes", and therefore server judges that the answer that user inputs and Validation Answer Key are identical, and so this user is by authentication, successful log first client.
When being multiple when sending to the problem of the first client, server is verified one by one for each problem, judges whether the answer that this user inputs and Validation Answer Key mate.If the number of the problem that the answer of this user input and Validation Answer Key match is greater than predetermined quantity, determine that this user passes through authentication.Such as, predetermined quantity is 2/3 of Issue Totals.Here, coupling can refer to that the description of two answers is identical, or the number of word identical in two answers reaches certain numerical value, or, judge that whether the essentiality content of two answers is identical by the semantic analysis of intelligence.
In the present embodiment, by receiving the subscriber authentication request for a user that the first client sends, determine the credible good friend of this user, obtain for verifying the problem of this user identity and the Validation Answer Key corresponding with problem from second client at credible good friend place, then whether mate determine whether this user passes through authentication according to the answer of user's input and Validation Answer Key, make use of the authentication that relation chain between good friend and Confidential Talk carry out user, make account safer, and the problem that this good friend provides and answer thereof are revealed, the possibility be cracked reduces greatly, the cost of protection account also decreases, therefore, improve the resource utilization of terminal equipment and server.
Fig. 4 is the sequential chart of the verification method of the user identity of foundation one embodiment of the invention.See Fig. 4, wherein relate to the first client, server and the second client, concrete steps comprise:
Step 401, the first client end response, in user operation, receive the log-on message of user's input.
Step 402, the first user end to server send the subscriber authentication request carrying log-on message.
Step 403, server determine the credible good friend of this user according to log-on message.
Step 404, server send validation problem to the second client and obtain request.
Step 405, the second user end to server return problem for verifying this user identity and the Validation Answer Key corresponding with problem.
Step 406, server send the problem obtained from the second client to the first client.
Step 407, the first client export problem, and receive the answer of user's input.
Step 408, the first objective user orientation server send the answer of user's input.
Whether the answer that step 409, server input according to this user and Validation Answer Key mate is determined whether this user passes through authentication.
Step 410, server return the announcement information indicated whether by authentication to the first client.
Step 411, the first client output notice information.
In the present embodiment, server is after receiving subscriber authentication request, determine the credible good friend of this user, then send validation problem to the second client and obtain request, obtain for verifying the problem of this user identity and the Validation Answer Key corresponding with problem, thisly determine credible good friend in real time, the verification mode of Real-time Obtaining problem and answer can reduce the possibility that answer is cracked greatly, ensure that the fail safe of user account, avoid accessing to your password etc. verification mode time inconvenience real-time update, the problem that is easily cracked.
During embody rule, in step 404, in order to reduce the interference to the second client user, a predetermined time interval is set, at least in distance last time to after the second client sends request a predetermined time interval, then send validation problem to the second client and obtain request.Such as predetermined time interval is one day, namely at least after last time sends request one day to the second client, sends validation problem again to the second client and obtains request.If have received again the subscriber authentication request of this user within predetermined time interval, now server can use the problem asking last time to obtain and answer for the checking of this user identity.
In step 405, if server does not receive the response of the second client in certain hour section, such as the second client user is online, cannot respond in time, and so the server problem that also can use obtained from the second client last time and answer are for the checking of this user identity.
Fig. 5 is the sequential chart of the verification method of the user identity of foundation another embodiment of the present invention.See Fig. 5, wherein relate to the first client, server and the second client, concrete steps comprise:
Step 500, server filter out the credible good friend of respective user from the friend relation chain of each user according to screening strategy, and store the credible friend information of each user.
Step 501, according to each credible good friend place from predetermined period to each user second client send validation problem obtain request.
Step 502, each second client end response, in request, return problem and the Validation Answer Key of the user identity for verifying login first client to server.
The problem that each second client of step 503, server stores returns and Validation Answer Key.
By above-mentioned steps, the problem that each credible good friend that server stores each user in advance provides and Validation Answer Key.
Step 504, the first client end response, in user operation, receive the log-on message of user's input.
Step 505, the first user end to server send the subscriber authentication request carrying log-on message.
Step 506, server search the credible good friend obtaining this user from stored credible friend information according to log-on message.
In another embodiment, this step also can according to the method described in step 403, and namely server determines the credible good friend (not illustrating in the drawings) of this user according to the log-on message received and friend relation chain, then performs step 507.
Step 507, server, for second client at the credible good friend place of this user, read and correspond to the up-to-date problem of this second client and Validation Answer Key respectively as sending to the Validation Answer Key used when the problem of the first client and checking from stored problem and Validation Answer Key.
Step 508, server send problem to the first client.
Step 509, the first client export problem, and receive the answer of user's input.
Step 510, the first objective user orientation server send the answer of user's input.
Whether the answer that step 511, server input according to this user and Validation Answer Key mate is determined whether this user passes through authentication.
Step 512, server return the announcement information indicated whether by authentication to the first client.
Step 513, the first client output notice information.
In the present embodiment, server determines the credible good friend of each user in advance, problem and Validation Answer Key is obtained from the second client according to predetermined period, communicate with the second client when receiving subscriber authentication request without the need to server, thus can problem be returned to the first client fast and provide the result, improve the ageing of authentication.
Fig. 6 is the schematic flow sheet of the method for the subscriber authentication of foundation another embodiment of the present invention.The method is applied to the first client of request authentication.See Fig. 6, corresponding to the processing method of server side, the method comprises:
The solicit operation of step 601, reception user, subscriber authentication request is sent to server, the credible good friend of this user is determined according to subscriber authentication request to make server, obtain for verifying the problem of this user identity and the Validation Answer Key corresponding with problem from second client at credible good friend place, and problem is sent to the first client.
Step 602, to receive and the problem that returns of export server.
Step 603, in response to user operation, receive the answer that this user inputs for problem.
Step 604, to send the answer of this user input to server, whether the answer inputted according to this user to make server and Validation Answer Key mate is determined whether this user passes through authentication.
In the present embodiment, user, when request logs in a client, without the need to inputting password, but answers the problem from credible good friend returned by server, thus improves the reliability of authentication, ensured the fail safe of account.
Based on said method embodiment, the embodiment of the present invention additionally provides a kind of server for subscriber authentication.Fig. 7 is the composition schematic diagram of the server 700 according to one embodiment of the invention, comprising: receiver module 710, determination module 720, acquisition module 730, sending module 740 and authentication module 750, wherein,
Receiver module 710, for receiving the subscriber authentication request for a user that the first client sends; With, receive the answer of this user input that the first client sends;
Determination module 720, the credible good friend of this user is determined in the subscriber authentication request for receiving according to receiver module 710;
Acquisition module 730, the second client for the credible good friend place determined from determination module 720 obtains for verifying the problem of this user identity and the Validation Answer Key corresponding with problem;
Sending module 740, the problem for being got by acquisition module 730 sends to the first client; And,
Authentication module 750, whether the answer that this user for receiving according to receiver module 710 inputs and the Validation Answer Key that acquisition module 730 gets mate is determined whether this user passes through authentication.
In one embodiment, subscriber authentication request carries the log-on message of this user.
Correspondingly, determination module 720 for: the friend relation chain of searching this user according to log-on message, filters out the credible good friend of this user from this friend relation chain according to screening strategy.
Fig. 8 is the composition schematic diagram of the server 800 according to one embodiment of the invention.On the basis of the server 700 shown in Fig. 7, server 800 also comprises:
Screening module 760, for filtering out the credible good friend of respective user from the friend relation chain of each user according to screening strategy;
Memory module 770, for storing the credible friend information of each user that screening module 760 filters out.
Wherein, subscriber authentication request carries the log-on message of this user.
Correspondingly, determination module 720 for: from the credible friend information that memory module 770 stores, search the credible good friend obtaining this user according to log-on message.
In one embodiment, acquisition module 730 for: send validation problem by sending module 740 to the second client and obtain request, receive problem and Validation Answer Key that the second client returns and the Validation Answer Key that the problem of the first client and authentication module 750 will be sent to use respectively as sending module 740 by receiver module 710.
In one embodiment, sending module 740 is further used for: according to the second client transmission validation problem acquisition request of predetermined period to the credible good friend place of each user;
Correspondingly, receiver module 710 is further used for: receive problem and Validation Answer Key that each second client returns;
Memory module 770 is further used for: the problem that storage receiver module 710 receives and Validation Answer Key;
Acquisition module 730, for second client of the credible good friend for this user, reads the Validation Answer Key corresponding to problem that the up-to-date problem of this second client and Validation Answer Key send respectively as sending module 740 and authentication module 750 use from memory module 770 problem stored and Validation Answer Key.
Fig. 9 is the hardware configuration schematic diagram of the server 900 according to one embodiment of the invention.This terminal equipment can comprise: processor 910, memory 920, port 930 and bus 940.It is interconnected that processor 910 and memory 920 pass through bus 940.Processor 910 receives by port 930 and sends data.Wherein,
The machine readable instructions module that processor 910 stores for execute store 920.
Memory 920 stores the executable machine readable instructions module of processor 910.The executable instruction module of processor 910 comprises: receiver module 921, determination module 922, acquisition module 923, sending module 924 and authentication module 925.
Wherein, when receiver module 921 is performed by processor 910 can be: receive the subscriber authentication request for a user that the first client sends; With, receive the answer of this user input that the first client sends.
When determination module 922 is performed by processor 910 can be: the credible good friend of this user is determined in the subscriber authentication request received according to receiver module 921.
When acquisition module 923 is performed by processor 910 can be: obtain for verifying the problem of this user identity and the Validation Answer Key corresponding with problem from second client at the credible good friend place that determination module 922 is determined.
When sending module 924 is performed by processor 910 can be: the problem that acquisition module 923 gets is sent to the first client; And,
When authentication module 925 is performed by processor 910 can be: whether the Validation Answer Key that the answer of this user input received according to receiver module 921 and acquisition module 923 get mates is determined whether this user passes through authentication.
In one embodiment, the executable instruction module of processor 910 also comprises screening module 926 and memory module 927.Wherein,
Screening module 926 when being performed by processor 910 can be: the credible good friend filtering out respective user according to screening strategy from the friend relation chain of each user.
When memory module 927 is performed by processor 910 can be: the credible friend information storing each user that screening module 926 filters out.
Wherein, subscriber authentication request carries the log-on message of this user.
Correspondingly, when determination module 922 is performed by processor 910 can be: from the credible friend information that memory module 927 stores, search the credible good friend obtaining this user according to log-on message.
In another embodiment, when sending module 924 is performed by processor 910 can be: according to the second client transmission validation problem acquisition request of predetermined period to the credible good friend place of each user.
Correspondingly, when receiver module 921 is performed by processor 910 can be: receive problem and Validation Answer Key that each second client returns.
When memory module 927 is performed by processor 910 can be: the problem that storage receiver module 921 receives and Validation Answer Key.
Can be: for second client of the credible good friend for this user the problem stored from memory module 927 and Validation Answer Key, read the Validation Answer Key corresponding to problem that the up-to-date problem of this second client and Validation Answer Key send respectively as sending module 924 and authentication module 925 use when acquisition module 923 is performed by processor 910.
This shows, when being stored in the instruction module in memory 920 and being performed by processor 910, the various functions of receiver module in foregoing individual embodiments, determination module, acquisition module, sending module, authentication module, screening module and memory module can be realized.
Figure 10 is the composition schematic diagram of the client 1000 according to the present invention one example, comprising: subscriber interface module 1010, sending module 1020 and receiver module 1030, wherein,
Subscriber interface module 1010, for receiving the solicit operation of user; With, export the problem that receiver module 1030 receives, and receive the answer that this user inputs for problem;
Sending module 1020, for the solicit operation received in response to subscriber interface module 1010, subscriber authentication request is sent to server, the credible good friend of this user is determined according to subscriber authentication request to make server, obtain for verifying the problem of this user identity and the Validation Answer Key corresponding with problem from the client at credible good friend place, and problem is sent to the client for subscriber authentication; With, send the answer of this user input that subscriber interface module 1010 receives to server, whether the answer inputted according to this user to make server and Validation Answer Key mate is determined whether this user passes through authentication; And,
Receiver module 1030, for the problem that reception server returns, and exports problem by subscriber interface module 1010.
Figure 11 is the hardware configuration schematic diagram of the client 1100 according to the present invention one example.This server can comprise: processor 1110, memory 1120, port one 130 and bus 1140.It is interconnected that processor 1110 and memory 1120 pass through bus 1140.Processor 1110 receives by port one 130 and sends data.Wherein,
The machine readable instructions module that processor 1110 stores for execute store 1120.
Memory 1120 stores the executable machine readable instructions module of processor 1110.The executable instruction module of processor 1110 comprises: subscriber interface module 1121, sending module 1122 and receiver module 1123.Wherein,
When subscriber interface module 1121 is performed by processor 1110 can be: the solicit operation receiving user; With, export the problem that receiver module 1123 receives, and receive the answer that this user inputs for problem.
When sending module 1122 is performed by processor 1110 can be: the solicit operation received in response to subscriber interface module 1121, subscriber authentication request is sent to server, the credible good friend of this user is determined according to subscriber authentication request to make server, obtain for verifying the problem of this user identity and the Validation Answer Key corresponding with problem from the client at credible good friend place, and problem is sent to the client for subscriber authentication; With, send the answer of this user input that subscriber interface module 1121 receives to server, whether the answer inputted according to this user to make server and Validation Answer Key mate is determined whether this user passes through authentication; And,
When receiver module 1123 is performed by processor 1110 can be: the problem that reception server returns, and export problem by subscriber interface module 1211.
This shows, when being stored in the instruction module in memory 1120 and being performed by processor 1110, the various functions of subscriber interface module in foregoing individual embodiments, sending module and receiver module can be realized.
In said apparatus embodiment, the concrete grammar that modules and unit realize self function all has description in embodiment of the method, repeats no more here.
Based on said method and device embodiment, Figure 12 is the composition schematic diagram of the subscriber identity authentication system 1200 according to the present invention one example.Subscriber identity authentication system 1200 comprises the first client 1210, server 1220 and the second client 1230.Below only the operation that the first client 1210, server 1220 and the second client 1230 between relating to are mutual is described.The module with intercorrelation in the first client 1210 and server 1220 is illustrate only in Figure 12, specific as follows:
The sending module 1020 of the first client 1210 sends subscriber authentication request to the receiver module 710 of server 1220, determines the credible good friend of this user to make server 1220 according to subscriber authentication request; Send the answer of user's input with, the receiver module 710 to server 1220, whether the answer inputted according to this user to make server 1220 and Validation Answer Key mate is determined whether this user passes through authentication.
The problem that the sending module 740 of receiver module 1030 reception server 1220 of the first client 1210 returns.
In addition, the sending module 740 of server 1220 sends validation problem to second client 1230 at the credible good friend place of user and obtains request.The receiver module 710 of server 1220 receives the problem and Validation Answer Key that each second client 1230 returns.
In said system embodiment, the concrete grammar that modules realizes self function all has description in method and apparatus embodiment, repeats no more here.
In addition, each functional module in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of modules exists, also can two or more module integrations in a unit.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.
In addition, each embodiment of the present invention can be realized by the data processor performed as computer by data processing equipment.Obviously, data processor constitutes the present invention.In addition, program is read out storage medium or memory device (as hard disk and or internal memory) the middle execution by program being installed or copied to data processing equipment by direct by the data processor be usually stored in a storage medium.Therefore, such storage medium also constitutes the present invention.Storage medium can use the recording mode of any type, such as paper storage medium (as paper tape etc.), magnetic storage medium (as floppy disk, hard disk, flash memory etc.), optical storage media (as CD-ROM etc.), magnetic-optical storage medium (as MO etc.) etc.
The invention also discloses a kind of storage medium, wherein store data processor, this data processor is for performing any one embodiment of said method of the present invention.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (15)
1. a verification method for user identity, is characterized in that, is applied to server, and described method comprises:
Receive the subscriber authentication request for a user that the first client sends;
The credible good friend of this user is determined according to described subscriber authentication request;
Obtain for verifying the problem of this user identity and the Validation Answer Key corresponding with described problem from second client at described credible good friend place;
Described problem is sent to described first client;
Receive the answer of this user input that described first client sends; And,
Whether the answer inputted according to this user and described Validation Answer Key mate is determined whether this user passes through authentication.
2. method according to claim 1, wherein, described subscriber authentication request carries the log-on message of this user;
Wherein, describedly determine that the credible good friend of this user comprises according to described subscriber authentication request:
Search the friend relation chain of this user according to described log-on message, from this friend relation chain, filter out the described credible good friend of this user according to screening strategy.
3. method according to claim 1, also comprises:
From the friend relation chain of each user, filter out the credible good friend of respective user according to screening strategy, and store the credible friend information of each user;
Wherein, described subscriber authentication request carries the log-on message of this user, describedly determines that the credible good friend of this user comprises according to described subscriber authentication request:
From stored credible friend information, the described credible good friend obtaining this user is searched according to described log-on message.
4. according to the method in claim 2 or 3, wherein, described screening strategy comprises:
The social cohesion of this user and each good friend is determined according to the social activity record of good friend each in user and friend relation chain thereof;
The good friend that described social cohesion is greater than predetermined threshold value is defined as described credible good friend.
5. according to the method in claim 2 or 3, wherein, described screening strategy comprises:
The account safety record of each good friend in friend relation chain according to user in predetermined amount of time, determines that the account of each good friend in this predetermined amount of time is stolen and/or issue the total degree of invalid information;
The good friend this total degree being less than predetermined threshold value is defined as described credible good friend.
6. according to the method in any one of claims 1 to 3, wherein, described the second client from described credible good friend place obtains and comprises for the problem and the Validation Answer Key corresponding with described problem verifying this user identity:
Send validation problem to described second client and obtain request, receive problem and Validation Answer Key that described second client returns and respectively as sending to the described Validation Answer Key used when the described problem of described first client and checking.
7. method according to claim 3, also comprises:
Send validation problem according to predetermined period to second client at the credible good friend place of each user and obtain request, receive and store the problem and Validation Answer Key that each second client returns;
Wherein, described the second client from described credible good friend place obtains and comprises for the problem and the Validation Answer Key corresponding with described problem verifying this user identity:
For second client at the described credible good friend place of this user, read from stored problem and Validation Answer Key and correspond to the up-to-date problem of this second client and Validation Answer Key respectively as sending to the described Validation Answer Key used when the described problem of described first client and checking.
8. according to the method in any one of claims 1 to 3, wherein, when being multiple when sending to the described problem of described first client, whether the described answer that inputs according to this user and described Validation Answer Key mate is determined whether this user is comprised by authentication:
For each described problem, judge whether the answer that this user inputs and described Validation Answer Key mate;
If the number of the problem that the answer of this user input and described Validation Answer Key match is greater than predetermined quantity, determine that this user passes through authentication.
9. a verification method for user identity, is characterized in that, is applied to the first client, and described method comprises:
Receive the solicit operation of user, subscriber authentication request is sent to server, the credible good friend of this user is determined according to described subscriber authentication request to make described server, obtain for verifying the problem of this user identity and the Validation Answer Key corresponding with described problem from second client at described credible good friend place, and described problem is sent to described first client;
Receive and export the described problem that described server returns;
Receive the answer that this user inputs for described problem; And,
Send the answer of this user input to described server, whether the answer inputted according to this user to make described server and described Validation Answer Key mate is determined whether this user passes through authentication.
10. a server, is characterized in that, comprising:
Receiver module, for receiving the subscriber authentication request for a user that the first client sends; With, receive the answer of this user input that described first client sends;
Determination module, the credible good friend of this user is determined in the subscriber authentication request for receiving according to described receiver module;
Acquisition module, the second client for the credible good friend place determined from described determination module obtains for verifying the problem of this user identity and the Validation Answer Key corresponding with described problem;
Sending module, the problem for being got by described acquisition module sends to described first client; And,
Authentication module, whether the answer that this user for receiving according to described receiver module inputs and the Validation Answer Key that described acquisition module gets mate is determined whether this user passes through authentication.
11. servers according to claim 10, wherein, described subscriber authentication request carries the log-on message of this user;
Described determination module is used for: the friend relation chain of searching this user according to described log-on message, filters out the described credible good friend of this user according to screening strategy from this friend relation chain.
12. servers according to claim 10, also comprise:
Screening module, for filtering out the credible good friend of respective user from the friend relation chain of each user according to screening strategy;
Memory module, for storing the credible friend information of each user that described screening module filters out;
Wherein, described subscriber authentication request carries the log-on message of this user;
Described determination module is used for: from the credible friend information that described memory module stores, search the described credible good friend obtaining this user according to described log-on message.
13. according to claim 10 to the server according to any one of 12, and wherein, described acquisition module is used for:
Send validation problem by described sending module to described second client and obtain request, receive by described receiver module the problem and Validation Answer Key the Validation Answer Key that the problem of described first client and described authentication module will be sent to use respectively as described sending module that described second client returns.
14. servers according to claim 12, wherein,
Described sending module is further used for: according to the second client transmission validation problem acquisition request of predetermined period to the credible good friend place of each user;
Described receiver module is further used for: receive problem and Validation Answer Key that each second client returns;
Described memory module is further used for: store problem and Validation Answer Key that described receiver module receives;
Described acquisition module, for second client of the described credible good friend for this user, the problem stored from described memory module and Validation Answer Key, read the Validation Answer Key that the up-to-date problem corresponding to this second client and Validation Answer Key will send to the problem of described first client and described authentication module to use respectively as described sending module.
15. 1 kinds of clients, is characterized in that, comprise subscriber interface module, sending module and receiver module, wherein:
Described subscriber interface module, for receiving the solicit operation of user; With, export the problem that described receiver module receives, and receive the answer that this user inputs for described problem;
Described sending module, for the solicit operation received in response to described subscriber interface module, subscriber authentication request is sent to server, the credible good friend of this user is determined according to described subscriber authentication request to make described server, obtain for verifying the described problem of this user identity and the Validation Answer Key corresponding with described problem from the client at described credible good friend place, and described in described problem being sent to, be used for the client of subscriber authentication; With, send the answer of this user input that described subscriber interface module receives to described server, whether the answer inputted according to this user to make described server and described Validation Answer Key mate is determined whether this user passes through authentication; And,
Described receiver module, for receiving the described problem that described server returns, and exports described problem by described subscriber interface module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510897091.8A CN105516133B (en) | 2015-12-08 | 2015-12-08 | User identity verification method, server and client |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510897091.8A CN105516133B (en) | 2015-12-08 | 2015-12-08 | User identity verification method, server and client |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105516133A true CN105516133A (en) | 2016-04-20 |
| CN105516133B CN105516133B (en) | 2019-12-13 |
Family
ID=55723770
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510897091.8A Active CN105516133B (en) | 2015-12-08 | 2015-12-08 | User identity verification method, server and client |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105516133B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105812398A (en) * | 2016-06-06 | 2016-07-27 | 百度在线网络技术(北京)有限公司 | Remote login authorization method and remote login authorization device |
| CN106330872A (en) * | 2016-08-16 | 2017-01-11 | 广州比特软件科技有限公司 | Rapid qualification authentication method and system based on voucher |
| CN106332054A (en) * | 2016-10-20 | 2017-01-11 | 广东欧珀移动通信有限公司 | Method and device for identifying verification in data migration |
| CN106487789A (en) * | 2016-10-10 | 2017-03-08 | 广东欧珀移动通信有限公司 | A kind of method of the password of modification application account, device and mobile terminal |
| WO2017054504A1 (en) * | 2015-09-28 | 2017-04-06 | 腾讯科技(深圳)有限公司 | Identity authentication method and device, and storage medium |
| CN106878275A (en) * | 2017-01-03 | 2017-06-20 | 阿里巴巴集团控股有限公司 | Auth method and device and server |
| CN107292628A (en) * | 2017-04-11 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Service implementation method and device |
| WO2017190668A1 (en) * | 2016-05-05 | 2017-11-09 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
| CN107846388A (en) * | 2016-09-21 | 2018-03-27 | 腾讯科技(深圳)有限公司 | Good friend's cohesion determines method and device, account complaint method and device |
| CN108600220A (en) * | 2018-04-24 | 2018-09-28 | 上海掌门科技有限公司 | The method and apparatus given for change for log-on message |
| CN109104280A (en) * | 2017-06-20 | 2018-12-28 | 腾讯科技(深圳)有限公司 | Forward the method and device of message |
| CN110046491A (en) * | 2019-03-05 | 2019-07-23 | 北京达佳互联信息技术有限公司 | Method of calibration, device, electronic equipment and the storage medium of close guarantor's problem |
| CN110555081A (en) * | 2019-04-18 | 2019-12-10 | 国家计算机网络与信息安全管理中心 | Social interaction user classification method and device, electronic equipment and medium |
| CN111181981A (en) * | 2019-12-31 | 2020-05-19 | 联想(北京)有限公司 | Processing method and device and computer equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179098A (en) * | 2011-12-23 | 2013-06-26 | 阿里巴巴集团控股有限公司 | Method and device for retrieving password of network account number |
| CN104883367A (en) * | 2015-05-20 | 2015-09-02 | 吴振祎 | Method for auxiliary verification login, system, and application client |
| CN104954131A (en) * | 2014-03-31 | 2015-09-30 | 腾讯科技(深圳)有限公司 | Method for verifying verification code and system thereof |
| CN105007255A (en) * | 2014-04-22 | 2015-10-28 | 腾讯科技(深圳)有限公司 | Verification method, server and system |
-
2015
- 2015-12-08 CN CN201510897091.8A patent/CN105516133B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179098A (en) * | 2011-12-23 | 2013-06-26 | 阿里巴巴集团控股有限公司 | Method and device for retrieving password of network account number |
| CN104954131A (en) * | 2014-03-31 | 2015-09-30 | 腾讯科技(深圳)有限公司 | Method for verifying verification code and system thereof |
| CN105007255A (en) * | 2014-04-22 | 2015-10-28 | 腾讯科技(深圳)有限公司 | Verification method, server and system |
| CN104883367A (en) * | 2015-05-20 | 2015-09-02 | 吴振祎 | Method for auxiliary verification login, system, and application client |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017054504A1 (en) * | 2015-09-28 | 2017-04-06 | 腾讯科技(深圳)有限公司 | Identity authentication method and device, and storage medium |
| US10728033B2 (en) | 2015-09-28 | 2020-07-28 | Tencent Technology (Shenzhen) Company Limited | Identity authentication method, apparatus, and storage medium |
| CN107347054B (en) * | 2016-05-05 | 2021-08-03 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
| WO2017190668A1 (en) * | 2016-05-05 | 2017-11-09 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
| CN107347054A (en) * | 2016-05-05 | 2017-11-14 | 腾讯科技(深圳)有限公司 | A kind of auth method and device |
| CN105812398B (en) * | 2016-06-06 | 2019-06-04 | 百度在线网络技术(北京)有限公司 | Telnet authorization method and device |
| CN105812398A (en) * | 2016-06-06 | 2016-07-27 | 百度在线网络技术(北京)有限公司 | Remote login authorization method and remote login authorization device |
| CN106330872A (en) * | 2016-08-16 | 2017-01-11 | 广州比特软件科技有限公司 | Rapid qualification authentication method and system based on voucher |
| CN107846388A (en) * | 2016-09-21 | 2018-03-27 | 腾讯科技(深圳)有限公司 | Good friend's cohesion determines method and device, account complaint method and device |
| CN106487789A (en) * | 2016-10-10 | 2017-03-08 | 广东欧珀移动通信有限公司 | A kind of method of the password of modification application account, device and mobile terminal |
| CN106332054A (en) * | 2016-10-20 | 2017-01-11 | 广东欧珀移动通信有限公司 | Method and device for identifying verification in data migration |
| CN106332054B (en) * | 2016-10-20 | 2018-03-27 | 广东欧珀移动通信有限公司 | The method and device of Data Migration authentication |
| CN106878275A (en) * | 2017-01-03 | 2017-06-20 | 阿里巴巴集团控股有限公司 | Auth method and device and server |
| CN106878275B (en) * | 2017-01-03 | 2020-05-19 | 阿里巴巴集团控股有限公司 | Identity verification method and device and server |
| CN107292628A (en) * | 2017-04-11 | 2017-10-24 | 阿里巴巴集团控股有限公司 | Service implementation method and device |
| CN109104280A (en) * | 2017-06-20 | 2018-12-28 | 腾讯科技(深圳)有限公司 | Forward the method and device of message |
| CN109104280B (en) * | 2017-06-20 | 2021-09-28 | 腾讯科技(深圳)有限公司 | Method and device for forwarding message |
| US11363020B2 (en) | 2017-06-20 | 2022-06-14 | Tencent Technology (Shenzhen) Company Limited | Method, device and storage medium for forwarding messages |
| CN108600220A (en) * | 2018-04-24 | 2018-09-28 | 上海掌门科技有限公司 | The method and apparatus given for change for log-on message |
| CN110046491A (en) * | 2019-03-05 | 2019-07-23 | 北京达佳互联信息技术有限公司 | Method of calibration, device, electronic equipment and the storage medium of close guarantor's problem |
| CN110046491B (en) * | 2019-03-05 | 2022-09-09 | 北京达佳互联信息技术有限公司 | Method and device for verifying security problem, electronic equipment and storage medium |
| CN110555081A (en) * | 2019-04-18 | 2019-12-10 | 国家计算机网络与信息安全管理中心 | Social interaction user classification method and device, electronic equipment and medium |
| CN111181981A (en) * | 2019-12-31 | 2020-05-19 | 联想(北京)有限公司 | Processing method and device and computer equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105516133B (en) | 2019-12-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105516133A (en) | User identity verification method, server and client | |
| US11138300B2 (en) | Multi-factor profile and security fingerprint analysis | |
| EP2748781B1 (en) | Multi-factor identity fingerprinting with user behavior | |
| CN108989346B (en) | Third-party valid identity escrow agile authentication access method based on account hiding | |
| US11924247B1 (en) | Access control policy simulation and testing | |
| CN104468553B (en) | A kind of method, apparatus and system that public account logs in | |
| CN110442712B (en) | Risk determination method, risk determination device, server and text examination system | |
| CN106131047A (en) | Account login method and relevant device, account login system | |
| CN104468249A (en) | Method and device for detecting abnormal account number | |
| CN104954383A (en) | Application program login method and system | |
| CN107979525A (en) | A kind of red packet distribution method, equipment and medium | |
| CN108718337B (en) | Website account login, verification and verification information processing method, device and system | |
| CN104184705A (en) | Verification method, apparatus, server, user data center and system | |
| CN109831310B (en) | Identity verification method, system, equipment and computer readable storage medium | |
| CN109698809A (en) | A kind of recognition methods of account abnormal login and device | |
| CN102469074A (en) | Method and system for accessing website | |
| CN105207985A (en) | Application program login method and mobile terminal | |
| CN110113366A (en) | A kind of detection method and device of CSRF loophole | |
| CN109729044A (en) | A kind of general internet data acquisition is counter to climb system and method | |
| CN111476640B (en) | Authentication method, system, storage medium and big data authentication platform | |
| CN104065618A (en) | Method, terminal and server for controlling user permission | |
| CN114117264A (en) | Illegal website identification method, device, equipment and storage medium based on block chain | |
| CN106559386A (en) | A kind of authentication method and device | |
| CN104935548A (en) | Identity verification method, device and system based on intelligent tattooing equipment | |
| EP2896005A1 (en) | Multi-factor profile and security fingerprint analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |