CN106506459A

CN106506459A - Identity information verification method and device

Info

Publication number: CN106506459A
Application number: CN201610901831.5A
Authority: CN
Inventors: 张军; 潘俊; 衣少君
Original assignee: Beijing Xiaomi Mobile Software Co Ltd
Current assignee: Beijing Xiaomi Mobile Software Co Ltd
Priority date: 2016-10-17
Filing date: 2016-10-17
Publication date: 2017-03-15
Anticipated expiration: 2036-10-17
Also published as: CN106506459B

Abstract

The disclosure is directed to a kind of identity information verification method and device, belong to networking technology area, the method includes：When the Authentication Events for detecting user account are triggered, obtain the history use information of the user account, the information that the history use information is used when carrying out network operation by the user account before current time, it is based on the history use information, generate authentication request message, the authentication request message is sent to the user terminal for currently triggering the Authentication Events, when the authentication response message that the user terminal is sent is received based on the authentication request message, based on the authentication response message and the history use information, identity information is verified, so, due to the information used when the history use information is that user is daily carries out network operation, therefore, user is not needed purposely to remember, avoid the situation that user easily forgets, provide users with the convenient.

Description

Identity information verification method and device

Technical field

It relates to networking technology area, more particularly to a kind of identity information verification method and device.

Background technology

With the continuous development of network technology, Email Accounts, instant messaging account, Internet bank's account, social networks account Number grade takes on important role in daily life, and at the same time, for such account, user generally arranges difference Password.In actual use, in some cases, it usually needs the identity information of user is verified, for example, when When user needs to modify set password, or, when the password of user input is mismatched with account etc..

In correlation technique, the process of identity information checking is generally included：When initial password is arranged, account management server Multiple problems are provided the user, user selects at least one problem from the plurality of problem, fills in answering at least one problem Case, and sent to the account management server by terminal, at least one problem and answer are carried out by account management server Corresponding storage.When needing to verify identity information, the account management server provides the user above-mentioned at least one again Individual problem, user need the answer for filling at least one problem, afterwards, are sent the answer that is filled in the account by terminal Number management server, the answer filled in user by the account management server verify, that is, judge that what user filled in answers Whether the answer arranged during initial with the user setup password of case is identical, if identical, it is determined that identity information is verified.

Content of the invention

For overcoming problem present in correlation technique, the disclosure to provide a kind of identity information verification method and device.

First aspect, there is provided a kind of identity information verification method, methods described include：

When the Authentication Events for detecting user account are triggered, the history of the user account is obtained using letter Breath, the information that the history use information is used when carrying out network operation by the user account before current time；

Based on the history use information, authentication request message is generated；

The authentication request message is sent to the user terminal for currently triggering the Authentication Events；

When the authentication response message that the user terminal is sent is received based on the authentication request message, Based on the authentication response message and the history use information, identity information is verified.

Alternatively, the history use information for obtaining the user account, including：

Information acquisition request is sent to data server, described information obtains request and carries the user account, the letter Breath obtains request to be used for indicating that the data server is obtained and returns the history use information of the user account；

Receive the history use information that the data server sends.

Alternatively, described based on the history use information, authentication request message is generated, including：

According to specified strategy, the partial information in the history use information is obtained；

Based on the partial information, the first checking request message is generated, the first checking request message is used for indicating base Other information in the partial information is to the history use information in addition to the partial information is supplemented；

The first checking request message is defined as the authentication request message.

When the history use information is telephone number, in the history use information, add multiple phone numbers at random Code；

History use information after based on interpolation, generates the second checking request message, and the second checking request message is used The history use information is selected in history use information of the instruction from after interpolation；

The second checking request message is defined as the authentication request message.

When the pictorial information that the history use information includes picture and the picture, the is generated based on the picture Three checking request message, the 3rd checking request message fill in the pictorial information of the picture for instruction；

The 3rd checking request message is defined as the authentication request message.

When the history use information also includes safe class mark, select from the history use information with described The corresponding target use information of safe class mark, the history that the safe class mark is verified needed for being used for indicating is using letter Breath；

Based on the target use information, the authentication request message is generated.

Alternatively, described based on the authentication response message and the history use information, identity information is carried out Checking, including：

The first checking information carried in the authentication response message is obtained, first checking information at least includes The partial information；

When first checking information is identical with the history use information, determine that the identity information is verified；

When first checking information is differed with the history use information, determine that the identity information checking is not led to Cross.

Obtain the second checking information carried in the authentication response message；

When second checking information is identical with the telephone number, determine that the identity information is verified；

When second checking information is differed with the telephone number, determine that the identity information checking does not pass through.

Obtain the 3rd checking information carried in the authentication response message；

When the 3rd checking information is identical with the pictorial information, determine that the identity information is verified；

When the 3rd checking information is differed with the pictorial information, determine that the identity information checking does not pass through.

Alternatively, the determination identity information checking is by afterwards, also including：

The authentication request message is resend, and the number of times for resending the authentication request message is entered Row statistics；

When the number of times for resending the authentication request message is more than or equal to predetermined threshold value, stop resending The authentication request message.

Alternatively, before obtaining the history use information of the user account, also include：

When the user account is detected and the unmatched number of times of password reaches preset times, the user account is triggered Authentication Events；Or

When Modify password request is received, the Authentication Events of the user account are triggered.

Second aspect, there is provided a kind of identity information verifies that device, described device include：

Acquisition module, during for being triggered when the Authentication Events for detecting user account, obtains the user account History use information, the history use information made when carrying out network operation before current time by the user account Information；

Generation module, for the history use information obtained based on the acquisition module, generates authentication request Message；

Sending module, for sending the authentication request message that the generation module is generated to current triggering institute State the user terminal of Authentication Events；

Authentication module, is tested based on the identity that the authentication request message sends for receiving the user terminal During card response message, based on the authentication response message and the history use information, identity information is verified.

Alternatively, the acquisition module is used for：

Receive the history use information that the data server sends.

Alternatively, the generation module is used for：

Alternatively, the generation module is additionally operable to：

Alternatively, the authentication module is used for：

Alternatively, the authentication module is additionally operable to：

Alternatively, described device also includes：

Statistical module, for resending the authentication request message, and please to resending the authentication The number of times of message is asked to be counted；

Stopping modular, for being more than or equal to predetermined threshold value when the number of times for resending the authentication request message When, stop resending the authentication request message.

Alternatively, described device also includes trigger module, and the trigger module is used for：

The third aspect, there is provided a kind of identity information verifies that device, described device include：

Processor；

For storing the memory of processor executable；

Wherein, the processor is configured to：

The technical scheme that embodiment of the disclosure is provided can include following beneficial effect：

In the disclosed embodiments, when the Authentication Events that server detects user account are triggered, illustrate to need The identity information of the user is verified, the server obtains the user account and carried out network operation before current time When the history use information that used, that is to say, the history use information is that the user is daily to be carried out being used during network operation Information, for example, the history use information can be ship-to information etc., and the server is based on the history use information, raw Into authentication request message, afterwards, the authentication request message is sent to user terminal, when the server is based on the body During the authentication response message that part checking request message sink is sent to the user terminal, the server is based on the authentication Response message, verifies to the identity information of the user, carries out network operation as the history use information is that user is daily When the information that used, therefore, there is no need to user and purposely remember, it is to avoid the situation that user easily forgets, provide the user Convenience.

It should be appreciated that above general description and detailed description hereinafter are only exemplary and explanatory, not The disclosure can be limited.

Description of the drawings

Accompanying drawing herein is merged in specification and constitutes the part of this specification, shows the enforcement for meeting the disclosure Example, and the principle for being used for explaining the disclosure together with specification.

Figure 1A is a kind of implementation environment schematic diagram according to an exemplary embodiment.

Figure 1B is a kind of flow chart of the identity information verification method according to an exemplary embodiment.

Fig. 2A is a kind of flow chart of the identity information verification method that implements to exemplify according to another exemplary.

Fig. 2 B are a kind of display schematic diagrams of the login interface involved by Fig. 2A embodiments.

Fig. 2 C (1) are a kind of display schematic diagrams of the authentication request message involved by Fig. 2A embodiments.

Fig. 2 C (2) are the display schematic diagrams of another kind of authentication request message involved by Fig. 2A embodiments.

Fig. 2 D are the display schematic diagrams of another kind of authentication request message involved by Fig. 2A embodiments.

Fig. 3 A are the block diagrams that a kind of identity information according to an exemplary embodiment verifies device.

Fig. 3 B are a kind of block diagrams of the identity information checking device that implements to exemplify according to another exemplary.

Fig. 3 C are a kind of block diagrams of the identity information checking device that implements to exemplify according to another exemplary.

Fig. 4 is the block diagram that a kind of identity information according to an exemplary embodiment verifies device 400.

Specific embodiment

Here in detail exemplary embodiment will be illustrated, its example is illustrated in the accompanying drawings.Explained below is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the disclosure.Conversely, they be only with as appended by The example of consistent apparatus and method in terms of some that described in detail in claims, the disclosure.

Figure 1A is a kind of implementation environment schematic diagram according to an exemplary embodiment, mainly includes in the implementation environment User terminal 110, account management server 120 and data server 130.Wherein, the data server 130 respectively with the user Communication connection is set up by cable network or wireless network between terminal 110 and the account management server 120.

Wherein, application or browser can have been run in the user terminal 110, and user can pass through the application or browser Carry out the operation such as account login.The user terminal 110 can be the equipment of such as mobile phone, panel computer, computer or the like.

Wherein, the account management server 120 is mainly used in verifying the identity information of user, additionally, the account Management server 120 can be also used for managing user account and password, wherein, in a kind of possible implementation, the account Management server 120 and above-mentioned data server 130 can be same server.

Wherein, the data server 130 at least can be used for the history use information for storing the user account, for example, should Data server 130 can be cloud server, operator's background server etc., and for example, operator's background server can be with Background server for millet shop etc..

Figure 1B is a kind of flow chart of the identity information verification method according to an exemplary embodiment, as shown in figure 1, The identity information verification method is comprised the following steps.

In a step 101, when the Authentication Events for detecting user account are triggered, going through for the user account is obtained History use information, the letter that the history use information is used when carrying out network operation by the user account before current time Breath.

In a step 102, based on the history use information, authentication request message is generated.

In step 103, the authentication request message was sent to the user's end for currently triggering the Authentication Events End.

At step 104, rung based on the authentication that the authentication request message sends when receiving the user terminal When answering message, based on the authentication response message and the history use information, identity information is verified.

In the disclosed embodiments, when the Authentication Events that server detects user account are triggered, illustrate to need The identity information of the user is verified, the server obtains the user account and carried out network operation before current time When the history use information that used, that is to say, the history use information is that the user is daily to be carried out being used during network operation Information, for example, the history use information can be ship-to etc., and the server generates body based on the history use information Part checking request message, afterwards, the authentication request message is sent to user terminal, when the server is tested based on the identity When card request message receives the authentication response message that the user terminal sends, the server is based on the authentication response Message, verifies to the identity information of the user, carries out network operation when institute as the history use information is that user is daily The information for using, therefore, there is no need to user and purposely remember, it is to avoid the situation that user easily forgets, provide the user side Just.

Alternatively, the history use information of the acquisition user account, including：

Information acquisition request is sent to data server, the information acquisition request carries the user account, the acquisition of information Ask for indicating that the data server is obtained and returns the history use information of the user account；

Receive the history use information that the data server sends.

Alternatively, authentication request message should be generated based on the history use information, including：

Based on the partial information, the first checking request message is generated, the first checking request message is based on for instruction should Partial information is supplemented to the other information in the history use information in addition to the partial information；

When the history use information is telephone number, in the history use information, add multiple telephone numbers at random；

History use information after based on interpolation, generates the second checking request message, and the second checking request message is used for Indicate to select the history use information in the history use information from after interpolation；

When the pictorial information that the history use information includes picture and the picture, the 3rd is generated based on the picture and verified Request message, the 3rd checking request message fill in the pictorial information of the picture for instruction；

3rd checking request message is defined as the authentication request message.

When the history use information also includes safe class mark, selection and the safety etc. from the history use information The corresponding target use information of level mark, the history use information that the safe class mark is verified needed for being used for indicating；

Alternatively, identity information should be verified based on the authentication response message and the history use information, is wrapped Include：

The first checking information carried in the authentication response message is obtained, first checking information at least includes the portion Divide information；

When first checking information is differed with the history use information, determine that the identity information checking does not pass through.

Alternatively, this determines the identity information checking not by afterwards, also including：

The authentication request message is resend, and the number of times for resending the authentication request message is united Meter；

When the number of times for resending the authentication request message is more than or equal to predetermined threshold value, stop resending this Authentication request message.

When the user account is detected and the unmatched number of times of password reaches preset times, the body of the user account is triggered Part checking event；Or

Above-mentioned all optional technical schemes, can be according to the alternative embodiment for arbitrarily combining to form the disclosure, disclosure reality Apply example no longer to repeat this one by one.

Fig. 2A is a kind of flow chart of the identity information verification method according to an exemplary embodiment, such as Fig. 2A institutes Show, the embodiment of the present disclosure is illustrated so that multi-party interactive mode realizes the identity information verification method as an example, and the identity information is tested Card method is comprised the following steps：

In step 201, when the Authentication Events that account management server detects user account are triggered, obtain The history use information of the user account, the history use information carried out network operation before current time for the user account When the information that used.

During using user account and password, in some cases, need unavoidably to enter the identity information of user Row checking.At present, in the identity information verification method provided by correlation technique, as user is typically easy to forget that setting is initially close Set answer during code, therefore, causes the user cannot be by the checking of identity information, thus, bringing inconvenience to user.For This, in the disclosed embodiments, there is provided a kind of identity information verification method, the identity information verification method can avoid above-mentioned Problem, text specific as follows are described.

Wherein, before the identity information to user is verified, the Authentication Events for triggering the user account are needed, That is to say, before the history use information of the user account is obtained, the account management server needs, under specified requirements, to touch Send out the Authentication Events of the user account.Wherein, the specified requirements can include any one possible implementation following：

First kind of way：When the user account is detected and the unmatched number of times of password reaches preset times, triggering should The Authentication Events of user account.

Wherein, the preset times can be by user's self-defined setting according to the actual requirements, it is also possible to taken by the account management Business device default setting, the embodiment of the present disclosure are not limited to this.

In this kind of implementation, when the user account is detected and the unmatched number of times of password reaches preset times, Illustrate that the user may not be the owner of the user account, accordingly, it would be desirable to the identity to the user is verified, i.e., in this kind In the case of, trigger the Authentication Events of the user account.

The second way：When Modify password request is received, the Authentication Events of the user account are triggered.

In this kind of implementation, when Modify password request is received, in order to ensure the safety of account, need to wanting The identity information of the user of Modify password verified, i.e. the authentication thing of the account management server triggers user account Part.

Wherein, in a kind of possible implementation, the Modify password request is sent by user terminal, and the user terminal When Modify password instruction is received, Modify password request is sent.Wherein, the Modify password instruction can be triggered by user, The user can be triggered by assigned operation, and the assigned operation can include that clicking operation, slide etc., the disclosure are implemented Example is not limited to this.

For example, Fig. 2 B be refer to, include in the current display interface of the user terminal login account option 21, log in close Code option 22 and the Modify password option 23, when user wants Modify password, can click on the Modify password option 23, should User terminal determines that receiving Modify password instructs, and afterwards, the user terminal sends the modification to the account management server Password request.

It should be noted that in the disclosed embodiments, only it is the account management server with above-mentioned two situations Illustrate as a example by the Authentication Events for triggering the user account, in another embodiment, can also be in other cases, The Authentication Events of the account management server triggers user accounts, the embodiment of the present disclosure are not construed as limiting to this.

When the Authentication Events that the account management server detects user account are triggered, the user account is obtained History use information, the history use information by the user is daily carry out network operation when the information that uses.Wherein, the net Network operation can be the operation synchronized by the data message on user terminal, for example, data message on the user terminal Can include：Picture, note in the telephone number of all good friends, photograph album etc..Or, the network operation can also be online Transactional operation, wherein, the online transaction operation can include shopping online operation, online transfer operation etc. again.Certainly, the network Operation can also not be limited to this for other operations, the embodiment of the present disclosure.

That is to say, when user carries out such network operation based on the user account, this can have been retained in the server and gone through History use information, for example, when user carries out shopping online based on the user account, it will usually have place of acceptance in the server Location information etc..Wherein, the server can be the account management server, and certainly, the server can also be for storing net The data server of network data, different according to the species referred to by the server, the history of the above-mentioned acquisition user account is used Information realizes that process can include any one possible implementation following：

First kind of way：Information acquisition request is sent to data server, the information acquisition request carries the user account, The information acquisition request receives the number for indicating that the data server is obtained and returns the history use information of the user account According to the history use information that server sends.

Wherein, the data server is at least used for the history use information for storing the user account, for example, the data, services Device can be cloud server, the data message being stored with the cloud server on the corresponding user terminal of the user account, In this case, the history use information can be some or all of data message on the user terminal.

In this kind of implementation, the account management server is triggered in the Authentication Events for detecting user account When, information acquisition request is sent to the data server, after the data server receives the information acquisition request, deposit from itself In multiple use informations of storage, obtain the corresponding history use information of the user account, and by the history use information send to The account management server, thus, the account management server gets the history use information of the user account.

In addition, in this kind of implementation, the data server is also possible to the safe class with checking information and requires, That is, for different pieces of information server, there may be different safe classes to require to checking information, for example, for high in the clouds For server, it usually needs checking telephone number, the telephone number can be the telephone number of user oneself, or should The telephone number of the good friend of user, and for some shopping websites, it may not be necessary to telephone number is verified, as long as checking is received Goods address information.When also there is the data server safe class of checking information to require, the data server is received To after information acquisition request, any one in the implementation of following (1)-(2) can also be included：

(1), safe class demand of the data server according to itself, obtains the history of the user account for needing checking Use information, and the history use information is sent to the account management server.

In this kind of implementation, for the account management server, it is not necessary to which the data server is sent History use information is screened, that is to say, that the data server is sending history use to the account management server Before information, according to the safe class demand of itself, select to need from the corresponding multiple history use informations of the user account History use information to be verified.

(2), the data server obtains all history use informations of the safe class mark and the user account of itself, And send all history use informations of the safe class mark and the user account to the account management server.

Wherein, the history use information of checking needed for the safe class mark is used for indicating.With above-mentioned implementation (1) no With, in this kind of implementation, all history of the safe class mark and the user account are made by the data server Be sent to after the account management server with information, the account management server is needed based on the safe class mark, from the use The history use information for needing to be verified is selected in all history use informations of family account.

Wherein, the division of above-mentioned safe class can be arranged according to the actual requirements by technical staff, for example, the safe class Division can be：Checking grade of the checking grade of telephone number higher than the ship-to information, etc., the embodiment of the present disclosure This is not limited.In addition, the safe class mark can be rank 1, rank 2, rank 3 etc., with the increase of numeral, safety Grade diminishes, and as a example by above-mentioned, the corresponding safe class mark of the checking grade of the telephone number is rank 1, the ship-to The corresponding safe class mark of the checking grade of information can be rank 2 or rank 3 etc..Certainly, the safe class mark may be used also To exist in other forms, the embodiment of the present disclosure is not limited to this.

The second way：The account management server obtains the user account from the multiple use informations for prestoring History use information.

As described above, in a kind of possible implementation, as the account management server and data server can Think same equipment, therefore, when the account management server and the data server are same equipment, the history use information Itself can be prestored by the account management server.

In step 202., the account management server generates authentication request message based on the history use information.

Wherein, the account management server generates the realization of authentication request message based on the history use information Journey can include at least one possible implementation as follows：

First kind of way：According to specified strategy, the partial information in the history use information is obtained, based on the part letter Breath, generates the first checking request message, and the first checking request message is used for indicating to use the history based on the partial information Other information in information in addition to the partial information is supplemented, and the first checking request message is defined as the identity and is tested Card request message.

Wherein, the specified strategy can be arranged in the account management server in advance.For example, the specified strategy can be with For：The other information in addition to numeral and letter in the history use information is obtained, and the other information is determined the portion Divide information.Or, the specified strategy can also be：Determine the character number i that the history use information includes, obtain the history The corresponding history use information of i/2 character before in use information, and acquired history use information is defined as above-mentioned portion Divide information, etc., wherein, character number i is more than or equal to 1.

For example, with above-mentioned this specified strategy as obtain in the history use information except numeral and letter in addition to other Information, and as a example by the other information is determined the partial information, when the history use information includes ship-to information, and the receipts Goods address information is No. 16 Bank of New York buildings in New York Wall Street Building A, then the partial information can be New York Wall Street xx knobs About banking house x seats.That is to say, need user to fill in " 16 " and " A " in the ship-to information.

The second way：When the history use information is telephone number, in the history use information, random interpolation is more Individual telephone number, based on interpolation after history use information, generate the second checking request message, the second checking request message is used In indicating the history use information to be selected in the history use information from after interpolation, the second checking request message is defined as this Authentication request message.

In this kind of implementation, add the plurality of telephone number at random, its object is to allow the user based on interpolation In the case of obscuring number, the telephone number of to one's name good friend is selected in the history use information from after the interpolation, i.e., When the user is with the addition of from this in history use information for obscuring number, select the user buddy phone number when, can be with Determine that the user is not the owner of the user account.

The third mode：When the pictorial information that the history use information includes picture and the picture, based on the picture The 3rd checking request message is generated, the 3rd checking request message fills in the pictorial information of the picture for instruction, by the 3rd Checking request message is defined as the authentication request message.

For example, in a kind of possible implementation, the pictorial information can serve to indicate that whom the personage in the picture is, That is to say, generated after the 3rd checking request message based on the picture, so that user terminal receives the 3rd checking request Message, after showing the picture, user is recognized to the personage in the picture, and people information by determined by is sent to the account Whether number management server, the people information for being easy to the account management server to judge that user determines are identical with the pictorial information.

It should be noted that in the disclosed embodiments, be only in above-mentioned three kinds of modes, based on the history use information, Illustrate as a example by generating authentication request message, in another embodiment, it is also possible to by other forms, based on the history Use information, generates authentication request message, and the embodiment of the present disclosure is not limited to this.

Three kinds of implementations of above-mentioned offer are corresponding with implementation in step 201 (1), that is to say, carry above-mentioned For three kinds of implementations, can be by the data server according to the safe class demand of itself, corresponding from the user account Multiple history use informations in, selecting needs the history use information verified, and by selected history use information Send to the account management server, that is to say, that for the account management server, it is not necessary to the history using letter Breath is selected, and the data server is sent to the account management server which history use information, account management service Device generates authentication request message i.e. based on which history use information.

In addition, in alternatively possible implementation, as described in implementation (2) in step 201, when the history is used When information also includes safe class mark, the account management server is selected from the history use information and the safe class mark Know corresponding target use information, the history use information that the safe class mark is verified needed for being used for indicating, based on the target Use information, generates the authentication request message.

Wherein, based on the target use information, generate authentication request message implementation with above-mentioned based on history Use information, generates the implementation of authentication request message in the same manner, is not detailed herein.

In step 203, the account management server sends the authentication request message to currently triggering the identity The user terminal of checking event.

In step 204, the user terminal receives authentication request message, shows the identity in current display interface Checking request message.

The account management server sends the authentication request message to the user terminal, correspondingly, user's end After termination receives the authentication request message, show the authentication request message in current display interface, so that user The information related to history use information can be filled in or be selected based on shown authentication request message.

For example, in a kind of possible implementation, the authentication request message can be shown as such as Fig. 2 C (1) institute Show, when the authentication request message is generated based on above-mentioned partial information by the account management server, the display interface The middle partial information 24 for showing carrying in the authentication request message, and in the display interface, also include input reminder item 25, the input reminder item 25 pairs should have input frame 26, user be input in the input frame 26 in the history use information and remove Other information outside above-mentioned partial information, afterwards, the user can click on the confirmation option 27.

And for example, in alternatively possible implementation, the authentication request message can be shown as such as Fig. 2 C (2) institute Show, when the authentication request message is generated based on above-mentioned telephone number by the account management server, the display interface The middle all telephone numbers for showing carrying in the authentication request message, and show just like the prompting in figure shown in 281：Please select Each telephone number is selected in the telephone number of good friend, and all telephone numbers to there is an option 282, user can be from In shown multiple telephone numbers, the telephone number of the good friend of oneself is selected, that is, the telephone number for clicking on oneself good friend is corresponding Option 282, afterwards, the user can click on the confirmation option 27.

For another example, in another possible implementation, the authentication request message can be shown as shown in Figure 2 D, When the authentication request message is generated based on above-mentioned picture by the account management server, showing in the display interface should The picture 29 carried in authentication request message, and point out the person names of user input picture, i.e., the display interface is provided Input frame 30, user can be input into the title of personage in the picture in the input frame 30, and afterwards, the user can click on this Confirm option 27.

In step 205, when the user terminal receives authentication response instruction based on the authentication request message When, based on the checking information, authentication response message is generated, and the authentication response message is sent to the account management Server.

Wherein, the authentication response instruction can be triggered by user, and the user can be triggered by above-mentioned assigned operation. For example, as shown in Figure 2 C, after the user clicks on the confirmation option 27, the user terminal confirms to receive the authentication response Instruction, information and the partial information that the user terminal is input into based on the user generate the authentication response message.

In step 206, account management server ought receive the user terminal and be sent out based on the authentication request message During the authentication response message for sending, based on the authentication response message and the history use information, identity information is carried out Checking.

Wherein, the content difference for being included according to the history use information, based on the authentication response message and the history Use information, identity information is verified realize process can include following any one：

First kind of way：Obtain the first checking information carried in the authentication response message, first checking information At least include the partial information, when first checking information is identical with the history use information, determine the identity information checking Pass through, when first checking information is differed with the history use information, determine that the identity information checking does not pass through.

The first implementation be that implementation (1) is corresponding in above-mentioned steps 202, for example, if the history makes It is ship-to information with information, and the ship-to information is No. 16 Bank of New York buildings in New York Wall Street Building A, the part letter Cease for New York Wall Street xx Banks of New York building x seats, then when first checking information is the Bank of New York of New York Wall Street 16 During building Building A, determine that the identity information is verified, and it is big for the Bank of New York of New York Wall Street 23 to work as first checking information During building Building B, determine that the identity information checking does not pass through.

It should be noted that above-mentioned first checking information at least includes that the partial information is only exemplary, in another enforcement In example, first checking information can also only include the other information in the history use information in addition to the partial information, In this case, after the account management server receives first checking information, judge first checking information and be somebody's turn to do Whether the other information in history use information in addition to the partial information is identical, if first checking information and the history Other information in use information in addition to the partial information is identical, it is determined that the identity information of the user is verified, no Then, it is determined that the identity information checking of the user does not pass through, and the embodiment of the present disclosure is not limited to this.

The second way：The second checking information carried in the authentication response message is obtained, when the second checking letter When breath is identical with the telephone number, determine that the identity information is verified, when second checking information and the telephone number not phase Meanwhile, determine that the identity information checking does not pass through.

The second way is corresponding with implementation (2) in above-mentioned steps 202, when second checking information and the phone Number is identical, illustrates that the user can be with the addition of from this in multiple telephone numbers that obscures, selects the electricity of to one's name good friend Words number, that is to say, it may be determined that the identity information of the user is the corresponding identity information of the account information, the account management clothes Business device determines that the identity information of the user is verified.

Example is exemplified as with above-mentioned, the history use information includes telephone number 138xxxx5608,136xxxx3507 and 184xxxx9561, when second checking information includes 138xxxx5608,136xxxx3507 and 184xxxx9561, determines The identity information of the user is verified, when second checking information includes 138xxxx75608,135xxxx3507 and During 184xxxx3561, determine that the identity information checking of the user does not pass through.

The third mode：The 3rd checking information carried in the authentication response message is obtained, when the 3rd checking letter When breath is identical with the pictorial information, determine that the identity information is verified, when the 3rd checking information and the pictorial information not phase Meanwhile, determine that the identity information checking does not pass through.

Example is exemplified as with above-mentioned, the pictorial information in the history use information is " jony ", when the 3rd checking information is When " jony ", determine that the identity information of the user is verified, when the 3rd checking information is " honiey ", determine the user Identity information checking do not pass through.

It should be noted that the embodiment of the present disclosure is only in above-mentioned three kinds of modes, based on the authentication response message and The history use information, illustrates as a example by verifying to identity information, in another embodiment, can also pass through other sides Formula, based on the authentication response message and the history use information, verifies to identity information, the embodiment of the present disclosure is to this Do not limit.

So far, the embodiment of the present disclosure achieves the identity information verification method, in addition, in actual application, may Due to reasons such as input errors, the information of user input for the first time may be wrong, in this case, if it is determined that the user Identity information authentication failed, may make troubles to user.Therefore, for this kind of situation, the embodiment of the present disclosure is also provided Following steps 207 and step 208.

In step 207, the account management server resends the authentication request message, and to resending this The number of times of authentication request message is counted.

After the identity information checking for determining the user does not pass through, in order to avoid verifying caused by the error due to the user Do not pass through, the account management server sends authentication request message to the terminal again, so that the user can fill out again Write or select corresponding information.

In addition, when the information of user input is incorrect all the time, illustrating that the user may not be all of the user account Person, therefore, for the security of the user account, the server also enters to the number of times for resending the authentication request message Row statistics.

In a step 208, the account management server when resend the number of times of the authentication request message more than or When being equal to predetermined threshold value, stop resending the authentication request message.

Wherein, the predetermined threshold value can be by user's self-defined setting according to the actual requirements, it is also possible to taken by the account management Business device default setting, the embodiment of the present disclosure are not limited to this.

When the number of times for resending the authentication request message is more than or equal to predetermined threshold value, you can to determine the use Family is not the owner of the user account, i.e., the user does not have the authority using the user account, or, the user does not also have There is the authority for changing the user account password, therefore, account management server stopping resends the authentication request and disappears Breath, that is, determine the identity information authentication failed of the user.

In the disclosed embodiments, when the Authentication Events that server detects user account are triggered, illustrate to need The identity information of the user is verified, the server obtains the user account and carried out network operation before current time When the history use information that used, that is to say, the history use information is that the user is daily to be carried out being used during network operation Information, for example, the history use information can be ship-to etc., and the server generates body based on the history use information Part checking request message, afterwards, the authentication request message is sent to user terminal, so that the user can be based on the body Part checking request message, fills in or selects the information related to the historical user information, and afterwards, the user passes through the user terminal The information filling in or select is sent authentication response to be sent to the server, the i.e. user terminal to the server and disappear Breath, the authentication response message carry the information that the user fills in or selects, and the server is filled in or selected based on the user Information, the identity information of the user is verified, due to when the history use information is that user is daily carries out network operation The information for being used, therefore, there is no need to user and purposely remember, it is to avoid the situation that user easily forgets, provide the user Convenient.

Fig. 3 A are a kind of identity information checking devices according to an exemplary embodiment.The identity information checking device Can by software, hardware or both be implemented in combination with, identity information checking device includes：

Acquisition module 310, during for being triggered when the Authentication Events for detecting user account, obtains the user account History use information, the history use information used when carrying out network operation by the user account before current time Information；

Generation module 320, for the history use information obtained based on the acquisition module 310, generating authentication please Seek message；

Sending module 330, for sending the authentication request message that the generation module 320 is generated to current triggering The user terminal of the Authentication Events；

Authentication module 340, is tested based on the identity that the authentication request message sends for receiving the user terminal During card response message, based on the authentication response message and the history use information, identity information is verified.

Alternatively, Fig. 3 B to Fig. 3 C refer to, and the acquisition module 310 is used for：

Receive the history use information that the data server sends.

Alternatively, the generation module 320 is used for：

Alternatively, the generation module 320 is additionally operable to：

3rd checking request message is defined as the authentication request message.

Alternatively, the generation module 320 is additionally operable to：

Alternatively, the authentication module 340 is used for：

Alternatively, the authentication module 340 is additionally operable to：

Alternatively, the device also includes：

Statistical module 350, for resending the authentication request message, and to resending the authentication request The number of times of message is counted；

Stopping modular 360, for being more than or equal to predetermined threshold value when the number of times for resending the authentication request message When, stop resending the authentication request message.

Alternatively, the device also includes trigger module 370, and the trigger module 370 is used for：

Device in regard to above-described embodiment, wherein modules execute the concrete mode of operation in relevant the method Embodiment in be described in detail, explanation will be not set forth in detail herein.

Fig. 4 is the block diagram that a kind of identity information according to an exemplary embodiment verifies device 400.For example, device 400 may be provided in an account management server.With reference to Fig. 4, device 400 includes process assembly 422, and which further includes one Individual or multiple processors, and the memory resource representated by memory 432, can holding by process assembly 422 for storage Capable instruction, such as application program.In memory 432 store application program can include one or more each Module corresponding to one group of instruction.Additionally, process assembly 422 is configured to execute instruction, to execute above-mentioned identity information checking Method.

Device 400 can also include that a power supply module 426 is configured to the power management of performs device 400, and one has Line or radio network interface 450 are configured to for device 400 to be connected to network, and input and output (I/O) interface 458.Dress Put 400 to operate based on the operating system for being stored in memory 432, such as Windows Server^TM, Mac OS X^TM, Unix^TM,Linux^TM, FreeBSD^TMOr it is similar.

Those skilled in the art will readily occur to its of the disclosure after considering specification and putting into practice invention disclosed herein Its embodiment.The application is intended to any modification, purposes or the adaptations of the disclosure, these modifications, purposes or Person's adaptations follow the general principle of the disclosure and including the undocumented common knowledge in the art of the disclosure Or conventional techniques.Description and embodiments be considered only as exemplary, the true scope of the disclosure and spirit by following Claim is pointed out.

It should be appreciated that the disclosure is not limited to the precision architecture for being described above and being shown in the drawings, and And various modifications and changes can carried out without departing from the scope.The scope of the present disclosure is only limited by appended claim.

Claims

1. a kind of identity information verification method, it is characterised in that methods described includes：

When the Authentication Events for detecting user account are triggered, the history use information of the user account, institute are obtained State the information used when history use information carried out network operation by the user account before current time；

When the authentication response message that the user terminal is sent is received based on the authentication request message, it is based on The authentication response message and the history use information, verify to identity information.

2. the method for claim 1, it is characterised in that the history use information of the acquisition user account, bag Include：

Information acquisition request is sent to data server, described information obtains request and carries the user account, and described information is obtained Taking request is used for indicating that the data server is obtained and returns the history use information of the user account；

Receive the history use information that the data server sends.

3. method as claimed in claim 1 or 2, it is characterised in that described based on the history use information, generates identity and tests Card request message, including：

Based on the partial information, the first checking request message is generated, the first checking request message is used for indicating to be based on institute State partial information to supplement the other information in the history use information in addition to the partial information；

4. method as claimed in claim 1 or 2, it is characterised in that described based on the history use information, generates identity and tests Card request message, including：

History use information after based on interpolation, generates the second checking request message, and the second checking request message is used for referring to Show；

5. method as claimed in claim 1 or 2, it is characterised in that described based on the history use information, generates identity and tests Card request message, including：

When the pictorial information that the history use information includes picture and the picture, the 3rd is generated based on the picture and tested Card request message, the 3rd checking request message fill in the pictorial information of the picture for instruction；

6. the method for claim 1, it is characterised in that described based on the history use information, generates authentication Request message, including：

When the history use information also includes safe class mark, select from the history use information and the safety The corresponding target use information of class letter, the history use information that the safe class mark is verified needed for being used for indicating；

7. method as claimed in claim 3, it is characterised in that described based on the authentication response message and the history Use information, verifies to identity information, including：

The first checking information carried in the authentication response message is obtained, first checking information at least includes described Partial information；

8. method as claimed in claim 4, it is characterised in that described based on the authentication response message and the history Use information, verifies to identity information, including：

9. method as claimed in claim 5, it is characterised in that described based on the authentication response message and the history Use information, verifies to identity information, including：

10. the method as described in claim 7-9 is arbitrary, it is characterised in that the determination identity information checking does not pass through Afterwards, also include：

When the number of times for resending the authentication request message is more than or equal to predetermined threshold value, stopping resends described Authentication request message.

11. the method for claim 1, it is characterised in that before obtaining the history use information of the user account, also Including：

A kind of 12. identity informations verify device, it is characterised in that described device includes：

Acquisition module, during for being triggered when the Authentication Events for detecting user account, obtains going through for the user account History use information, the history use information user account carried out being used during network operation before current time Information；

Sending module, for sending the authentication request message that the generation module is generated to currently triggering the body The user terminal of part checking event；

Authentication module, for working as the authentication sound for receiving that the user terminal is sent based on the authentication request message When answering message, based on the authentication response message and the history use information, identity information is verified.

13. devices as claimed in claim 12, it is characterised in that the acquisition module is used for：

Receive the history use information that the data server sends.

14. devices as described in claim 12 or 13, it is characterised in that the generation module is used for：

15. devices as described in claim 12 or 13, it is characterised in that the generation module is additionally operable to：

Based on the history use information after the interpolation, the second checking request message is generated, the second checking request message is used The history use information is selected in history use information of the instruction from after interpolation；

16. devices as described in claim 12 or 13, it is characterised in that the generation module is additionally operable to：

17. devices as claimed in claim 12, it is characterised in that the generation module is additionally operable to：

18. device as claimed in claim 14, it is characterised in that the authentication module is used for：

19. device as claimed in claim 15, it is characterised in that the authentication module is additionally operable to：

20. devices as claimed in claim 16, it is characterised in that the authentication module is additionally operable to：

21. devices as described in claim 18-20 is arbitrary, it is characterised in that described device also includes：

Statistical module, for resending the authentication request message, and disappears to resending the authentication request The number of times of breath is counted；

Stopping modular, during for being more than or equal to predetermined threshold value when the number of times for resending the authentication request message, stops The authentication request message is only resend.

22. devices as claimed in claim 12, it is characterised in that described device also includes trigger module, the trigger module For：

A kind of 23. identity informations verify device, it is characterised in that described device includes：

Processor；

For storing the memory of processor executable；

Wherein, the processor is configured to：