CN106850518A

CN106850518A - Safety certifying method and device

Info

Publication number: CN106850518A
Application number: CN201510892229.5A
Authority: CN
Inventors: 邓青; 申军立; 张尧; 陈龙; 付若尘
Original assignee: Alibaba Group Holding Ltd
Current assignee: Alibaba Group Holding Ltd
Priority date: 2015-12-07
Filing date: 2015-12-07
Publication date: 2017-06-13
Anticipated expiration: 2035-12-07
Also published as: CN106850518B

Abstract

The invention discloses a kind of safety certifying method and device.Wherein, the method includes：The operation requests for specifying account to send are received, wherein, operation requests are used to indicate to specify account to perform assigned operation；Obtain the type for specifying account；When the type of specified account is the sub- account of primary account number subordinate, the security authentication request for asking to verify assigned operation is sent to the first credible equipment or the second credible equipment, wherein, first credible equipment is the credible equipment of primary account number registration, and the second credible equipment is the credible equipment of sub- account registration；The result that the first credible equipment or the second credible equipment carry out being returned after a key checking to security authentication request is received, wherein, a key is verified as the dedicated button on credible equipment and receives the verification process triggered after triggering command.

Description

Safety certifying method and device

Technical field

The present invention relates to Internet technical field, in particular to a kind of safety certifying method and device.

Background technology

PC ends in correlation technique are primarily present two approach for the safety verification of the high-risk operation of user：1. current Terminal (such as computer) installs digital certificate turns into credible equipment, has the disadvantage to be operated in present terminal, if more Exchange device needs to reinstall digital certificate and can just carry out associative operation.And.Seller's safety verification in correlation technique Scape is also mainly that security is carried out by certificate, and certificate has certain experience in itself, such as installation complexity, Browser operation system compatible problem etc..In the future, browser may not support control, cause certificate to use, Enlivening seller and sub- account and then cannot normally use for the whole network.2. short message or dynamic is received by terminal (such as mobile phone) State password, then the information for receiving is input on PC by checking, have the disadvantage to be required for checking every time, and need Handover operation and information is manually entered on PC and mobile phone, the easy input error of step redundant and complicated.

For above-mentioned problem, effective solution is not yet proposed at present.

The content of the invention

According to the one side of the embodiment of the present application, there is provided a kind of safety certifying method, including：Receive and specify account The operation requests of transmission, wherein, operation requests are used to indicate to specify account to perform assigned operation；Obtain and specify account Type；When the type of specified account is the sub- account of primary account number subordinate, to the first credible equipment or the second credible equipment The security authentication request for asking to verify assigned operation is sent, wherein, the first credible equipment is noted for primary account number The credible equipment of volume, the second credible equipment is the credible equipment of sub- account registration；Receive the first credible equipment or second can Letter equipment carries out the result returned after a key checking to security authentication request, wherein, a key is verified as being set credible Standby upper dedicated button receives the verification process triggered after triggering command.

According to the another aspect of the embodiment of the present application, a kind of safety certifying method is additionally provided, including：Specify account Credible equipment the reception server send for the security authentication request asking to verify assigned operation；Wherein, refer to Fixed operation is the assigned operation for specifying account to perform；In the sub- account for specifying account to be primary account number subordinate, credible equipment Including：First credible equipment or the second credible equipment, wherein, wherein, the first credible equipment can for primary account number registration Letter equipment, the second credible equipment is the credible equipment of sub- account registration；Credible equipment carries out a key to security authentication request Checking；Wherein, a key is verified as the dedicated button on credible equipment and receives triggered after triggering command authenticated Journey.

According to the another aspect of the embodiment of the present application, a kind of safety certification device is additionally provided, including：First receives mould Block, for receiving the operation requests that specified account sends, wherein, operation requests are used to indicate to specify account execution to specify Operation；Acquisition module, the type for obtaining specified account；First sending module, for specifying the type of account For primary account number subordinate sub- account when, sent for asking to assigned operation to the first credible equipment or the second credible equipment The security authentication request verified, wherein, the first credible equipment is the credible equipment of primary account number registration, and second is credible Equipment is the credible equipment of sub- account registration；Second receiver module, sets for the first credible equipment of reception or second to be credible The standby the result for carrying out being returned after a key checking to security authentication request, wherein, a key is verified as on credible equipment Dedicated button receive the verification process triggered after triggering command.

According to the another aspect of the embodiment of the present application, a kind of safety certification device is additionally provided, in credible equipment, Including：Receiver module, the safety verification for asking to verify assigned operation sent for the reception server please Ask；Wherein, assigned operation is the assigned operation for specifying account to perform；It is the sub- account of primary account number subordinate account is specified When, credible equipment includes：First credible equipment or the second credible equipment, wherein, wherein, based on the first credible equipment The credible equipment of account registration, the second credible equipment is the credible equipment of sub- account registration；Authentication module, for peace Full checking request carries out a key checking；Wherein, the dedicated button that a key is verified as on credible equipment receives triggering and refers to The verification process triggered after order.

In the embodiment of the present application, use when the specified account for carrying out assigned operation is for the sub- account of primary account number subordinate, The security authentication request for asking to verify the assigned operation is sent to the first credible equipment or the second credible equipment, And the first credible equipment or second credible equipment carry out the mode of a key checking to the security authentication request, by son Account can independently be initiated to carry out the security authentication request of assigned operation, without the mandate by primary account number, and First credible equipment or the second credible equipment are verified by the way of key checking to the security authentication request, exempted from The operation of account number cipher is gone to be input into, while after being verified by the first or second credible equipment, when carrying out again Authentication need not be again carried out during operation, and then has reached the simplified purpose for verifying flow, it is achieved thereby that quick peace The technique effect of full checking, and then solve that the authentication in correlation technique is cumbersome, not easily technical problem.

Brief description of the drawings

Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this hair Bright schematic description and description does not constitute inappropriate limitation of the present invention for explaining the present invention.In accompanying drawing In：

Fig. 1 is a kind of hardware block diagram of the terminal of safety certifying method of the embodiment of the present application；

Fig. 2 is the flow chart one according to the safety certifying method of the embodiment of the present application 1；

Fig. 3 is the flowchart 2 of the safety certifying method according to the embodiment of the present application 1；

Fig. 4 is the flow chart 3 of the safety certifying method according to the embodiment of the present application 1；

Fig. 5 is the flow chart four according to the safety certifying method of the embodiment of the present application 1；

Fig. 6 is the flow chart five according to the safety certifying method of the embodiment of the present application 1；

Fig. 7 is the schematic diagram that credible equipment is issued to according to the PC sides of the application alternative embodiment prompting checking request；

Fig. 8 is the schematic diagram that checking request is received according to the credible equipment of the application alternative embodiment；

Fig. 9 is the schematic diagram according to the help checking of the sub- account application primary account number of the application alternative embodiment；

Figure 10 is the credible equipment that primary account number is issued to according to the PC sides of the application alternative embodiment prompting checking request Schematic diagram；

Figure 11 is the schematic diagram that checking request is received according to the credible equipment of the primary account number of the application alternative embodiment；

Figure 12 is the schematic diagram of the authentication center page according to the application alternative embodiment；

Figure 13 is the schematic flow sheet of the credible equipment that primary account number is registered according to the authorization center of the application alternative embodiment；

Figure 14 is the schematic flow sheet of the credible equipment that sub- account is registered according to the authorization center of the application alternative embodiment；

Figure 15 is the schematic flow sheet of the safety certifying method according to the application alternative embodiment；

Figure 16 is the flow chart one according to the safety certifying method of the embodiment of the present application 2；

Figure 17 is the structured flowchart one according to the safety certification device of the embodiment of the present application 3；

Figure 18 is the structured flowchart two according to the safety certification device of the embodiment of the present application 3；

Figure 19 is the structured flowchart three according to the safety certification device of the embodiment of the present application 3；

Figure 20 is the structured flowchart four according to the safety certification device of the embodiment of the present application 3；

Figure 21 is the structured flowchart five according to the safety certification device of the embodiment of the present application 3；

Figure 22 is the structured flowchart six according to the safety certification device of the embodiment of the present application 3；

Figure 23 is the structured flowchart of the safety certification device according to the embodiment of the present application 4；

Figure 24 is a kind of structured flowchart of the terminal according to the embodiment of the present application.

Specific embodiment

In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention Accompanying drawing, is clearly and completely described to the technical scheme in the embodiment of the present invention, it is clear that described embodiment The only embodiment of a present invention part, rather than whole embodiments.Based on the embodiment in the present invention, ability The every other embodiment that domain those of ordinary skill is obtained under the premise of creative work is not made, should all belong to The scope of protection of the invention.

It should be noted that term " first ", " in description and claims of this specification and above-mentioned accompanying drawing Two " it is etc. for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that this The data that sample is used can be exchanged in the appropriate case, so as to embodiments of the invention described herein can with except Here the order beyond those for illustrating or describing is implemented.Additionally, term " comprising " and " having " and they Any deformation, it is intended that covering is non-exclusive to be included, for example, containing process, the side of series of steps or unit Method, system, product or equipment are not necessarily limited to those steps clearly listed or unit, but may include unclear List or for these processes, method, product or other intrinsic steps of equipment or unit.

The present invention is understood for convenience, and simplicity of explanation is carried out to term involved in the embodiment of the present invention below：

The many accounts of seller：That is seller's primary account number and sub- account, shop manager use primary account number, and shop employee uses sub- account Number assist management shop.

Credible equipment：According to data model analysis go out terminal device environment that account logged in whether safety, if it is Be credible equipment, i.e. the environment of an equipment be it is safe be just known as credible equipment, the credible equipment need through Cross authorization center to be registered and authorized, be used to replace digital certificate, short message verification, dynamic password to receive safety verification Request.

Embodiment 1

According to the embodiment of the present application, a kind of embodiment of the method for safety certification is additionally provided, it is necessary to illustrate, attached The step of flow of figure is illustrated can perform in the such as one group computer system of computer executable instructions, also, Although showing logical order in flow charts, in some cases, can be performed with different from order herein Shown or described step.

The embodiment of the method that the embodiment of the present application 1 is provided can be in mobile terminal, terminal or similar fortune Calculate execution in device.As a example by running on computer terminals, Fig. 1 is a kind of safety certification side of the embodiment of the present application The hardware block diagram of the terminal of method.As shown in figure 1, terminal 10 can include one or more (figures In only show one) (processor 102 can include but is not limited to Micro-processor MCV or programmable patrol processor 102 The processing unit of volume device FPGA etc.), the memory 104 for data storage and the transmission for communication function Module 106.It will appreciated by the skilled person that the structure shown in Fig. 1 is only to illustrate, it is not to above-mentioned The structure of electronic installation causes to limit.For example, terminal 10 may also include it is more more or less than shown in Fig. 1 Component, or with the configuration different from shown in Fig. 1.

Memory 104 can be used to store the software program and module of application software, such as safety in the embodiment of the present application Corresponding programmed instruction/the module of authentication method, processor 102 is by running software program of the storage in memory 104 And module, so as to perform various function application and data processing, that is, realize the Hole Detection of above-mentioned application program Method.Memory 104 may include high speed random access memory, may also include nonvolatile memory, such as one or many Individual magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, memory 104 The memory remotely located relative to processor 102 can be further included, these remote memories can be connected by network It is connected to terminal 10.The example of above-mentioned network includes but is not limited to internet, intranet, LAN, shifting Dynamic communication network and combinations thereof.

Transport module 106 is used to that data to be received or sent via a network.Above-mentioned network instantiation may include The wireless network that the communication providerses of terminal 10 are provided.In an example, transport module 106 includes one Network adapter (Network Interface Controller, NIC), it can be by base station and other network equipments It is connected so as to be communicated with internet.In an example, transport module 106 can be radio frequency (Radio Frequency, RF) module, it is used to wirelessly be communicated with internet.

Under above-mentioned running environment, this application provides safety certifying method as shown in Figure 2.Fig. 2 is according to this Shen Please embodiment 1 safety certifying method flow chart one, the method comprising the steps of S202 to step S208：

Step S202, receives the operation requests for specifying account to send, wherein, the operation requests are used to indicate the specified account Number perform assigned operation；

It should be noted that above-mentioned assigned operation can be the operation of specified type, the operation of the specified type can be Risky operation, such as risky operation etc. but it is also possible to be the operation without risk, i.e., safe operation, but simultaneously Not limited to this.The operation that there is risk can refer to the operation that the specified account that there is safety problem is done, Ke Yishi The operation, or the specified account operation in itself done in the network environment or equipment that there is safety problem There is risk in behavior, but be not limited to this.

Because the action type of assigned operation is different, different treatment may be carried out to the assigned operation, such as The operation of safety, can notify that equipment that the specified account is logged in directly is let pass the safe operation, without carrying out Checking, but the operation for there is risk, and need to carry out it safety verification, thus, at one of the application In embodiment, Fig. 3 is the flowchart 2 of the safety certifying method according to the embodiment of the present application 1, as shown in figure 3, After step S202, following steps are can also carry out：

Step S302, obtains the action type of the assigned operation；

Step S304, in the case where the action type is specified type, triggering obtains the type of the specified account；

Step S306, in the case where the assigned operation is not for the specified type, to the terminal that the specified account is logged in The second configured information is sent, wherein, the terminal clearance that second configured information is used to indicate the specified account to be logged in should Assigned operation.

It should be noted that above-mentioned specified type can refer to the presence of the operation of risk, by the step, there is wind The operation of danger, can just initiate the request of safety verification, in the case where clear and definite assigned operation does not exist risk, it is not necessary to Safety verification is carried out, but directly notifies the terminal clearance assigned operation for specifying account to be logged in, and then save checking The step of, improve the efficiency of checking.

Step S204, obtains the type of the specified account；

It should be noted that the type of the specified account can be the sub- account of primary account number, or primary account number subordinate, Such as, in ecommerce, the storekeeper that seller may have many accounts, seller shop has an account to manage shop Paving, each employee in shop also has an account to assist to manage shop, then in this embodiment, the account that storekeeper uses Number primary account number is properly termed as, and the account that each employee is used is properly termed as sub- account, under the scene, above-mentioned finger Fixed operation can be publishing commodity, editor's merchandise news, modification commodity price etc..

It should be noted that the environment of an equipment is safe and reliable, it is possible to be known as a credible equipment, Equipment be credible equipment in the case of, it is possible to assigned operation need not be verified, specified account can register with , it is necessary to explanation, a specified account can also register one or more to the corresponding credible equipment of the specified account Credible equipment, the credible equipment can be terminal, can be panel computer, or mobile phone, not limit In this.So that credible equipment is as mobile phone as an example, it is assumed that the environment such as network environment, running environment of mobile phone be all it is safe, It is the account of User logs in webpage to specify account, if by the logged webpage of the account in mobile phone A, in mobile phone B is upper to log in the webpage also by the account, then mobile phone A and mobile phone B can be the credible equipment of the account.

In order to save the flow of checking, assigned operation can be verified by above-mentioned credible equipment, but using , it is necessary to be registered to credible equipment before credible equipment checking, thus, in one embodiment of the application, figure 4 is the flow chart 3 of the safety certifying method according to the embodiment of the present application 1, as shown in figure 4, before step S204, The above method also includes：Step S402, in the absence of credible equipment corresponding with the specified account or is not opening a key In the case of the function of checking, the terminal logged in the specified account sends the first configured information, wherein, this first Configured information is used to indicating specified account registration and the corresponding credible equipment of the specified account.Can be by the absence of can There is credible equipment but it is not opened in the case that a key verifies in letter equipment, registration can be indicated to be specified with this The corresponding credible equipment of account, in case this or subsequent authentication are used.

It should be noted that in the case where there is the corresponding credible equipment of the specified account, can directly perform step S204, performs specific verification process.

Step S206, the specified account type for primary account number subordinate sub- account when, to the first credible equipment or the Two credible equipments send the security authentication request for asking to verify the assigned operation, wherein, this is first credible Equipment is the credible equipment of primary account number registration, and second credible equipment is the credible equipment of the sub- account registration；

In the application alternative embodiment, having there is the second credible equipment corresponding with the sub- account, And in the case of having had been switched on the function of key checking, above-mentioned steps S206 can show as：According to default excellent First level selects credible equipment from the first credible equipment and second credible equipment, and is sent to the credible equipment of selection Security authentication request.In the case of in the absence of second credible equipment corresponding with the sub- account, above-mentioned steps S206 Can show as：The security authentication request is sent to the first credible equipment.I.e. in the absence of corresponding with the sub- account In the case of two credible equipments, the first credible equipment that can be registered to primary account number sends security authentication request, but not It is limited to this.

It should be noted that the first credible equipment can be registered in the following manner：To the primary account number and the primary account number Corresponding password is verified；In the case where being proved to be successful, judge whether the primary account number has bound designated equipment； In the case of binding the designated equipment, the identifying code to being input into the designated equipment is verified；In short-message verification success In the case of, the designated equipment is registered as into first credible equipment.

It should be noted that the first credible equipment of registration can be registered by authorization center.It is unsuccessful verifying In the case of, the primary account number can be guided to bind the designated equipment.

Optionally, above-mentioned first credible equipment has the time-to-live, wherein, by the designated equipment within the time-to-live As the first credible equipment.I.e. after above-mentioned designated equipment is registered as the first credible equipment, can be with the time-to-live The designated equipment need not be verified again.The time-to-live can when registration, be entered by authorization center Row is set, it would however also be possible to employ the time-to-live of acquiescence, such as, give tacit consent in 14 days, and the designated equipment need not be pacified Full checking.

In an alternative embodiment of the application, after being credible equipment in the designated equipment, any hit wind Even if the user of danger rule is on the credible equipment, it is necessary to carry out secondary safety verification.Thus registered by designated equipment After for first credible equipment, the process of registration also includes：In the given time, detect perform with this specify In the case that the number of times of the action type identical operation of operation exceedes pre-determined number, triggering is pacified to the designated equipment Full checking, wherein, after safety verification passes through, continue the designated equipment as first credible equipment.By this The mode for planting secondary safety verification preferably improves security performance.

It should be noted that the above-mentioned scheduled time can be user predetermined according to different scenes, also may be used To use default value, however it is not limited to this.

The first credible equipment is registered with primary account number similar, it is also desirable to credible equipment is registered to sub- account, the one of the application In individual embodiment, the second credible equipment can be in the following manner registered：It is corresponding to the sub- account and the sub- account Password is verified；In the case where being proved to be successful, the primary account number belonged to the sub- account sends authorized application and asks； In the case where the primary account number mandate passes through, designated equipment is registered as into second credible equipment.

It should be noted that the second credible equipment of registration can be registered by authorization center.It is sub- account registration the Two credible equipments are needed by the license confirmation of primary account number, and primary account number can grasp the operation of all sub- accounts.Above-mentioned Two credible equipments also have the time-to-live, wherein, using the designated equipment as the second credible equipment within the time-to-live. I.e. after above-mentioned designated equipment is registered as the second credible equipment, this can be specified again within the time-to-live and set It is standby to be verified.The time-to-live can when registration, be configured by authorization center, it would however also be possible to employ The time-to-live of acquiescence, such as, give tacit consent in 14 days, the designated equipment need not carry out safety verification.

It is similar with the first credible equipment is registered as in an alternative embodiment of the application, by this specify set It is standby for after the second credible equipment, even if the user of any hit risk rule is on second credible equipment, it is also desirable to Carry out secondary safety verification.Thus after designated equipment to be registered as second credible equipment, the process of registration is also wrapped Include：In the given time, exceed in the number of times for detecting execution with the action type identical of the assigned operation is operated pre- In the case of determining number of times, triggering carries out safety verification to the designated equipment, wherein, after safety verification passes through, continue Using the designated equipment as second credible equipment.Security is preferably improved by way of this secondary safety verification Energy.

In another embodiment of the application, Fig. 5 is the flow of the safety certifying method according to the embodiment of the present application 1 Figure four, as shown in figure 5, the above method also includes：

Step S502, when the type of the specified account is primary account number, the safety verification is sent to first credible equipment Request.

It should be noted that when specifying the type of account for sub- account, can select to be sent to the first credible equipment and pacify Full checking request, it is also possible to select to send security authentication request to the second credible equipment；Based on the type of specified account In the case of account, security authentication request is sent to the first credible equipment.Thus, although sub- account belongs to primary account number, But during safety verification is carried out, both are separate, i.e., either primary account number or sub- account can Independent operation is carried out, for sub- account, it is not necessary to give sub- account to server request primary account number distribution authority.

Step S208, receive first credible equipment or second credible equipment carries out a key and tests to the security authentication request The result returned after card, wherein, the dedicated button that a key is verified as on credible equipment receives triggering command The verification process for being triggered afterwards.

It should be noted that the result can include：Confirmation is verified or refuses.

Fig. 6 is the flow chart five according to the safety certifying method of the embodiment of the present application 1, as shown in fig. 6, confirming to test After card passes through, the above method also includes：Step S602, the terminal for indicating the specified account to be logged in is let pass and is referred to from this Determine all operations of account.I.e. after confirming to be verified, can be to from the specified account in certain period of time All operations do not carry out safety verification, but directly let pass, and then after being verified by credible equipment, be not required to To operate every time to be verified, and then improves the experience of user.

By the above method, use when the specified account for carrying out assigned operation is for the sub- account of primary account number subordinate, to One credible equipment or the second credible equipment send the security authentication request for asking to verify the assigned operation, and And first credible equipment or second credible equipment mode of a key checking is carried out to the security authentication request, by sub- account Number can independently initiate to carry out the security authentication request of assigned operation, without the mandate by primary account number, and One credible equipment or the second credible equipment are verified by the way of key checking to the security authentication request, removed from The operation of input account number cipher, while after being verified by the first or second credible equipment, when being grasped again Authentication need not be again carried out when making, and then has reached the simplified purpose for verifying flow, it is achieved thereby that fast and safely The technique effect of checking, and then solve that the authentication in correlation technique is cumbersome, not easily technical problem.

So that certain shop employee logs in a certain webpage by computer as an example, it is assumed that the account (sub- account) that the employee uses Credible equipment be mobile phone A, the credible equipment of the account (primary account number) that storekeeper uses is mobile phone B, and the mobile phone A A key authentication function is all had been switched on mobile phone B, then in the present embodiment, when the employee is stepped on by the computer When recording the operation of webpage execution restocking commodity, the account that the employee for getting uses is sub- account, then can be with excellent First authorization requests are sent to mobile phone A, then the mobile phone A have received after the authorization requests, and user only needs to click one Key checking button in the lower mobile phone A can just realize the operation of the restocking commodity for agreeing to or refusing the employee.Can To select application mobile phone B to carry out help checking, you can send authorization requests with to mobile phone B, then the mobile phone B is received After the authorization requests, the key checking button that user only needs to click in the mobile phone B just can be realized agreeing to Or refuse the operation of the restocking commodity of the employee.When storekeeper carries out the operation of restocking commodity by computer login page When, the account that the storekeeper of acquisition uses is primary account number, then directly send authorization requests to mobile phone B, then the mobile phone B Have received after the authorization requests, the key checking button that user only needs to click in the mobile phone B can just be realized Agree to or refuse the operation of the restocking commodity of the storekeeper.Carried out by the mobile phone A or mobile phone B that belong to credible equipment Checking a key authentication function verified, verified without downloadable authentication or by way of short-message verification, Improve the efficiency of shop management.

In order to be better understood from the application, the application is further explained below in conjunction with optional embodiment.

This application provides a kind of method of optional safety certification, mainly include the following steps that：

Step 1, primary account number is logged in or carries out excessive risk operation (equivalent to the operation of the specified type in above-described embodiment Or assigned operation) when, if the primary account number have registered credible equipment (such as mobile phone), what service end can be to primary account number can Letter equipment sends checking request (equivalent to the step S502 in above-described embodiment), afterwards, as shown in fig. 7, PC ends The checking request can be then pointed out to have been issued to credible equipment, credible equipment receives corresponding checking request, as shown in figure 8, On credible equipment prompting have checking request need confirm, wait user be confirmed whether I operation.If the primary account number Then need guiding to install without registration credible equipment and open credible equipment (equivalent to step S402).

Step 2, sub- account logs in or carries out excessive risk operation if the sub- account has credible equipment to its sub- account pair The credible equipment answered sends authorization requests, and (same step 1) gives its primary account number corresponding if fruit account is without credible equipment Credible equipment sends authorization requests and guides user oneself to add credible equipment.

Step 3, can select to send authorization requests (equivalent to upper to primary account number when sub- account carries out safety verification State the security authentication request in embodiment), you can to select application primary account number to carry out help checking, as shown in figure 9, can Verify that button selects primary account number to help and verifies with by clicking on the provisional application primary account number in Fig. 9, afterwards, such as Figure 10 Shown, PC points out side the authorization requests to be already sent to primary account number, and prompting needs primary account number to open credible mobile phone to be carried out Confirm, can now set an effective proving time, if untreated after more than the proving time, this is awarded Power request is then failed.Afterwards, as shown in figure 11, on the credible equipment of primary account number prompting have checking request need confirm, Wait primary account number license confirmation.

Step 4, can enter the authentication center page (as shown in figure 12) manually if push (push) is asked if not receiving Loading checking request, can be set in checking request 5 minutes effectively, untreated more than 5 minutes, fail.Once net Network environment is unstable or system reason credible equipment can be caused to can not receive checking request cannot be by the situation of safety verification. Real-time update data, this abnormal conditions can be effectively reduced to service end polling request.

Step 5, PC equipment operations are verified by rear, and active user's conversation procedure (in 24 hours) need not be carried out again Safety verification (equivalent to the step S602 in above-described embodiment).

Step 6, if after PC equipment is added into credible equipment, giving tacit consent to the equipment in 14 days need not again carry out safety Checking.

Step 7, to increase do security strategy in the frequency, even if the user of any hit risk rule is on credible equipment Need to carry out secondary safety verification.For example：High-risk operation exceedes n times in 30 minutes, triggers again to the credible equipment Safety verification.

It should be noted that in the alternative embodiment of the application, the size of above-mentioned steps numbering is not represented and performed The sequencing of step.

In the alternative embodiment of the application, Figure 13 is to register primary account number according to the authorization center of the application alternative embodiment Credible equipment schematic flow sheet, as shown in figure 13, registration process includes：

Step S1302, judges whether primary account number and the corresponding password of primary account number are proved to be successful；In the feelings of authentication failed Under condition, step S1304 is performed, in the case where being proved to be successful, perform step S1306；

Step S1304, primary account number opens authorization center failure；

Step S1306, judges whether the primary account number binds mobile phone；Where it has, performing step S1308；No In the case of, perform step S1310；

Step S1308, the identifying code to being input into the mobile phone is verified；In the case where being proved to be successful, step is performed S1312；In the case where not being proved to be successful, step S1304 is performed；

Step S1310, guiding primary account number binds the mobile phone；

Step S1312, primary account number opens authorization center success；

Step S1314, using the mobile phone (current device) as the primary account number credible equipment.

Process of the process of the registration equivalent to the credible equipment of the registration primary account number in above-described embodiment.

Figure 14 is the schematic flow sheet of the credible equipment that sub- account is registered according to the authorization center of the application alternative embodiment, As shown in figure 14, registration process includes：

Step S1402, judges whether sub- account and the corresponding password of sub- account are proved to be successful；In the feelings of authentication failed Under condition, step S1404 is performed, in the case where being proved to be successful, perform step S1406；

Step S1404, sub- account opens authorization center failure；

Step S1406, authorized application is sent to the primary account number belonging to the sub- account；

Step S1408, judges whether primary account number mandate passes through；In the case where passing through, step S1410 is performed；Do not having Have in the case of, perform step S1404；

Step S1410, sub- account opens authorization center success；

Step S1412, using the mobile phone (current device) as the sub- account credible equipment.

Process of the process of the registration equivalent to the credible equipment of the sub- account of registration in above-described embodiment.

This application provides the method for another optional safety certification, Figure 15 is the peace according to the application alternative embodiment The schematic flow sheet of full authentication method, as shown in figure 15, mainly includes the following steps that：

Step S1502, PC ends request server carries out high-risk operation (equivalent to the step S202 in above-described embodiment)；

Step S1504, server judges that the operation whether there is risk；In the case where there is risk, step is performed S1506, in the case of in the absence of risk, performs step S1508；

Step S1506, server judges whether the account of the execution operation have registered credible mobile phone, and opens one Key is verified；If it is, step S1510 is performed, if not, performing step S1512；

Step S1508, PC directly lets pass at end the operation (equivalent to the step S306 in above-described embodiment)；

Step S1510, server judges whether the account is primary account number；In the case where being primary account number, step is performed S1514, in the case where being not primary account number, performs step S1516；

Step S1512, PC ends prompting and guiding is registered as credible mobile phone (equivalent to the step S402 in above-described embodiment)；

Step S1514, it is (credible to second in equivalent to step S206 to credible mobile phone that server sends checking request Equipment sends security authentication request and step S502)；

Step S1516, judges whether sub- account have registered credible mobile phone, and opens key checking；If it is, holding Row step S1514, if not, performing step S1518；

Step S1518, server send checking request to primary account number credible mobile phone (in equivalent to step S206 to First credible equipment sends security authentication request)；

Step S1520, mobile phone terminal confirms or refuses the checking request, passing server in result back；If mobile phone End time-out is untreated or mobile phone terminal is refused, then perform step S1522；If mobile phone terminal agrees to the checking request, Perform step S1524；

Step S1522, notifies that PC ends refusal is this time operated；

Step S1524, notifies that PC ends are let pass, and operates successfully.

It should be noted that for foregoing each method embodiment, in order to be briefly described, therefore it is all expressed as one it is The combination of actions of row, but those skilled in the art should know, and the present invention is not limited by described sequence of movement System, because according to the present invention, some steps can sequentially or simultaneously be carried out using other.Secondly, art technology Personnel should also know that embodiment described in this description belongs to preferred embodiment, involved action and module Not necessarily necessary to the present invention.

Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but The former is more preferably implementation method in many cases.Based on such understanding, technical scheme substantially or Say that the part contributed to prior art can be embodied in the form of software product, the computer software product is deposited Storage is in a storage medium (such as ROM/RAM, magnetic disc, CD), including some instructions are used to so that a station terminal Equipment (can be mobile phone, computer, server, or network equipment etc.) performs each embodiment of the invention and is somebody's turn to do Method.

Embodiment 2

According to the embodiment of the present application, a kind of safety certifying method is additionally provided, Figure 16 is according to the embodiment of the present application 2 Safety certifying method flow chart one, the method includes：

Step S1602, specify account credible equipment the reception server send for asking to test assigned operation The security authentication request of card；Wherein, the assigned operation is the assigned operation that the specified account is performed；In the specified account For primary account number subordinate sub- account when, the credible equipment includes：First credible equipment or the second credible equipment, wherein, Wherein, first credible equipment is the credible equipment of primary account number registration, and second credible equipment is the sub- account registration Credible equipment；

Step S1604, the credible equipment carries out a key checking to the security authentication request；Wherein, a key is verified as Dedicated button on credible equipment receives the verification process triggered after triggering command.

It should be noted that credible equipment herein, the first credible equipment and the second credible equipment and above-described embodiment 1 In credible equipment, the first credible equipment and the second credible equipment quite, and the primary account number registered first credible sets Process in the process of the second credible equipment of standby and registration sub- account and embodiment 1 be it is suitable, herein no longer Repeat.

By above-mentioned steps, verified by a key using the first credible equipment or the second credible equipment and sub- account is done Operation carry out safety verification, without input account number cipher, the purpose of simplified checking flow has been reached, so that real Show the technique effect fast and safely verified, and then it is cumbersome, not convenient to solve the authentication in correlation technique Technical problem.

It should be noted that can be with independent operation for primary account number and sub- account, when sub- account is operated, it is simultaneously Do not need primary account number distribution authority to sub- account, sub- account can just be operated and send safety verification to its credible equipment Request, when primary account number is operated, it is not required that obtain the mandate of sub- account, in one embodiment of the application, It is embodied in：When the specified account is the primary account number, the credible equipment includes：First credible equipment.

Embodiment 3

According to embodiments of the present invention, a kind of device for implementing above-mentioned safety certifying method is additionally provided, Figure 17 is root According to the structured flowchart one of the safety certification device of the embodiment of the present application 3, as shown in figure 17, the device includes：

First receiver module 1702, for receiving the operation requests that specified account sends, wherein, the operation requests are used for The specified account is indicated to perform assigned operation；

Because the action type of assigned operation is different, different treatment may be carried out to the assigned operation, such as The operation of safety, can notify that equipment that the specified account is logged in directly is let pass the safe operation, without carrying out Checking, but the operation for there is risk, and need to carry out it safety verification, thus, at one of the application In embodiment, Figure 18 is the structured flowchart two according to the safety certification device of the embodiment of the present application 3, as shown in figure 18, The device also includes：

Acquisition module 1802, the action type for obtaining the assigned operation；

Trigger module 1804, is connected with acquisition module 1802, in the case of being specified type in the action type, Triggering judges the type of the specified account；

3rd sending module 1806, is connected with trigger module 1804, for not being the specified type in the assigned operation In the case of, the terminal logged in the specified account sends the second configured information, wherein, second configured information is used Let pass the assigned operation in the terminal that is logged in of the specified account is indicated.

It should be noted that above-mentioned specified type can refer to the presence of the operation of risk, trigger module 1804 is knowing behaviour When work has risk, the request of safety verification can be just initiated, in the case where clear and definite assigned operation does not exist risk, the Three sending modules 1806 need not carry out safety verification, but directly notify that the terminal for specifying account to be logged in is let pass and specify The step of operating, and then save checking, improves the efficiency of checking.

Acquisition module 1704, is connected with the first receiver module 1702, the type for obtaining the specified account；

In order to save the flow of checking, assigned operation can be verified by above-mentioned credible equipment, but using , it is necessary to be registered to credible equipment before credible equipment checking, thus, in one embodiment of the application, figure 19 is the structured flowchart three according to the safety certification device of the embodiment of the present application 3, and as shown in figure 19, said apparatus are also Including：Second sending module 1902, in the absence of credible equipment corresponding with the specified account or do not open this one In the case of the function of key checking, the terminal logged in the specified account sends the first configured information；Wherein, this One configured information is used to indicating specified account registration and the corresponding credible equipment of the specified account.

First sending module 1706, is connected with acquisition module 1704, for being primary account number in the type of the specified account During the sub- account of subordinate, sent for asking to test the assigned operation to the first credible equipment or the second credible equipment The security authentication request of card, wherein, first credible equipment is the credible equipment of primary account number registration, and this is second credible Equipment is the credible equipment of the sub- account registration；

Figure 20 is the structured flowchart four according to the safety certification device of the embodiment of the present application 3, as shown in figure 20, above-mentioned First sending module 1706 can include：

First transmitting element 2002, for there is second credible equipment corresponding with the sub- account and In the case of opening the function of key checking, according to default priority from first credible equipment and this second can Credible equipment is selected in letter equipment, and security authentication request is sent to the credible equipment of selection；Wherein, this is default Priority includes：Priority of the priority of first credible equipment less than second credible equipment.Exist The second credible equipment corresponding with the sub- account, and had been switched on above-mentioned first in the case of the function of key checking Transmitting element 2002 can select to send safety to a credible equipment from the first credible equipment and the second credible equipment Checking request, and security authentication request can be sent to the second credible equipment with prioritizing selection.

Second transmitting element 2004, in the case of in the absence of second credible equipment corresponding with the sub- account, The security authentication request is sent to first credible equipment.I.e. in the absence of the second credible equipment corresponding with the sub- account In the case of, the first credible equipment that the second transmitting element 2004 can also be registered to primary account number sends security authentication request, But it is not limited to this.

Above-mentioned first credible equipment needs to carry out registered in advance, thus in one embodiment of the application, Figure 21 is root According to the structured flowchart five of the safety certification device of the embodiment of the present application 3, as shown in figure 21, said apparatus also include：The One Registering modules 2102, first credible equipment is registered for the primary account number, wherein, first Registering modules 2102 Can include：First authentication unit 2104, for being verified to the primary account number and the corresponding password of the primary account number； Judging unit 2106, is connected with the first authentication unit 2104, in the case where being proved to be successful, judging the main account Number whether designated equipment is bound；Second authentication unit 2108, is connected with judging unit 2106, for being somebody's turn to do in binding In the case of designated equipment, the identifying code to being input into the designated equipment is verified；Registering unit 2110, tests with second Card unit 2108 is connected, and in the case of the short-message verification is successful, the designated equipment is registered as into this first credible Equipment.

It should be noted that registering the process of the first credible equipment, or being registered by authorization center, that is, go up State during the first Registering modules 2102 may reside in authorization center.In the case of checking is unsuccessful, the master can be guided Account binds the designated equipment.

It should be noted that after above-mentioned designated equipment is registered as the first credible equipment, the user of any hit risk rule Even if, it is necessary to carry out secondary safety verification on the credible equipment, above-mentioned first Registering modules 2102 can also include： Trigger element, in the given time, being performed and the action type identical operation of the assigned operation detecting In the case that number of times exceedes pre-determined number, triggering carries out safety verification to the designated equipment, wherein, it is logical in safety verification Later, continue the designated equipment as first credible equipment.The side that secondary safety verification is passed through by trigger element Formula can preferably improve security performance.

It is similar with the first credible equipment, it is also desirable to which that the second credible equipment is registered, in one embodiment of the application In, Figure 22 is the structured flowchart six according to the safety certification device of the embodiment of the present application 3, as shown in figure 22, above-mentioned Device also includes：Second Registering modules 2202, second credible equipment is registered for the sub- account, wherein, this second Registering modules 2202 can include：Authentication unit 2204, for the sub- account and the corresponding password of the sub- account Verified；Transmitting element 2206, is connected with authentication unit 2204, in the case where being proved to be successful, to this The primary account number of sub- account ownership sends authorized application request；Registering unit 2208, is connected with transmitting element 2206, uses In the case of passing through in the primary account number mandate, designated equipment is registered as into second credible equipment.

It should be noted that register the second credible equipment for sub- account needing by the license confirmation of primary account number, primary account number The operation of all sub- accounts can be grasped.Above-mentioned second credible equipment is similar with the first credible equipment also to have the time-to-live, Wherein, using the designated equipment as the second credible equipment within the time-to-live.Is registered as in above-mentioned designated equipment After two credible equipments, the designated equipment can be verified again within the time-to-live.The time-to-live can To be when registration, to be configured by authorization center, it would however also be possible to employ the time-to-live of acquiescence, such as, write from memory Recognize in 14 days, the designated equipment need not carry out safety verification.

It is similar with the first credible equipment is registered as in an alternative embodiment of the application, by this specify set It is standby for after the second credible equipment, even if the user of any hit risk rule is on second credible equipment, it is also desirable to Carry out secondary safety verification.Thus above-mentioned second Registering modules 2202 can also include：Trigger element, for predetermined In time, feelings of the number of times more than pre-determined number that execution is operated with the action type identical of the assigned operation are being detected Under condition, triggering carries out safety verification to the designated equipment, wherein, after safety verification passes through, this is specified and set by continuation For as second credible equipment.By way of the trigger element uses this secondary safety verification, preferably to carry High safety performance.

It should be noted that above-mentioned first sending module 1706 is additionally operable to when the type of the specified account is primary account number, The security authentication request is sent to first credible equipment.

It should be noted that when it is sub- account to specify the type of account, the first sending module 1706 can be selected to the One credible equipment sends security authentication request, it is also possible to select to send security authentication request to the second credible equipment；Referring to The type of account is determined in the case of primary account number, the first sending module 1706 can send safety and test to the first credible equipment Card request.Thus, although sub- account belongs to primary account number, during safety verification is carried out, both are mutual Independent, i.e., either primary account number or sub- account can be carried out independent operation, for sub- account, it is not necessary to clothes Business device request primary account number distribution authority gives sub- account.

Second receiver module 1708, is connected with the first sending module 1706, for receiving first credible equipment or being somebody's turn to do Second credible equipment carries out the result returned after a key checking to the security authentication request, wherein, key checking It is that dedicated button on credible equipment receives the verification process triggered after triggering command.

It should be noted that the result can include：Confirmation is verified or refuses.Confirming to be verified Afterwards, safety verification can not carried out to all operations from the specified account in certain period of time, but directly Let pass, and then after being verified by credible equipment, it is not necessary to operation will be verified every time, and then be improved The experience of user.

By said apparatus, use when the specified account for carrying out assigned operation is for the sub- account of primary account number subordinate, to One credible equipment or the second credible equipment send the security authentication request for asking to verify the assigned operation, and And first credible equipment or second credible equipment mode of a key checking is carried out to the security authentication request, by sub- account Number can independently initiate to carry out the security authentication request of assigned operation, without the mandate by primary account number, and One credible equipment or the second credible equipment are verified by the way of key checking to the security authentication request, removed from The operation of input account number cipher, while after being verified by the first or second credible equipment, when being grasped again Authentication need not be again carried out when making, and then has reached the simplified purpose for verifying flow, it is achieved thereby that fast and safely The technique effect of checking, and then solve that the authentication in correlation technique is cumbersome, not easily technical problem.

Embodiment 4

According to embodiments of the present invention, a kind of device for implementing the safety certifying method of embodiment 2 is additionally provided, is schemed 23 is the structured flowchart of the safety certification device according to the embodiment of the present application 4, and as shown in figure 23, the device includes：

Receiver module 2302, for the reception server send for the safety verification asking to verify assigned operation Request；Wherein, the assigned operation is the assigned operation for specifying account to perform；It is primary account number subordinate's in the specified account During sub- account, the credible equipment includes：First credible equipment or the second credible equipment, wherein, wherein, this first can Letter equipment is the credible equipment of primary account number registration, and second credible equipment is the credible equipment of the sub- account registration；

Authentication module 2304, is connected with receiver module 2302, for carrying out a key checking to the security authentication request； Wherein, a key is verified as the dedicated button on credible equipment and receives the verification process triggered after triggering command.

It should be noted that said apparatus are located in credible equipment, can be the first credible equipment, or second Credible equipment, but it is not limited to this.

By said apparatus, verified by a key using the first credible equipment or the second credible equipment and sub- account is done Operation carry out safety verification, without input account number cipher, the purpose of simplified checking flow has been reached, so that real Show the technique effect fast and safely verified, and then it is cumbersome, not convenient to solve the authentication in correlation technique Technical problem.

Embodiment 5

Embodiments of the invention can provide a kind of terminal, the terminal can be terminal group in Any one computer terminal.Alternatively, in the present embodiment, above computer terminal can also be replaced with The terminal devices such as mobile terminal.

Alternatively, in the present embodiment, during above computer terminal may be located at multiple network equipments of computer network At least one network equipment.

In the present embodiment, above computer terminal can perform following steps in the safety certifying method of application program Program code：The operation requests for specifying account to send are received, wherein, operation requests refer to for indicating specified account to perform Fixed operation；Obtain the type for specifying account；When the type of specified account is the sub- account of primary account number subordinate, to first Credible equipment or the second credible equipment send the security authentication request for asking to verify assigned operation, wherein, First credible equipment is the credible equipment of primary account number registration, and the second credible equipment is the credible equipment of sub- account registration；Connect The result that the first credible equipment or the second credible equipment carry out being returned after a key checking to security authentication request is received, its In, a key is verified as the dedicated button on credible equipment and receives the verification process triggered after triggering command.

Alternatively, Figure 24 is a kind of structured flowchart of the terminal according to the embodiment of the present application.As shown in figure 24, Terminal A can include：One or more (one is only shown in figure) processor, memory, Yi Jichuan Defeated module.

Wherein, memory can be used to store software program and module, such as safety certifying method in the embodiment of the present invention Programmed instruction/module corresponding with device, software program and module of the processor by operation storage in memory, So as to perform various function application and data processing, that is, realize the detection method that above-mentioned system vulnerability is attacked.Storage Device may include high speed random access memory, can also include nonvolatile memory, such as one or more magnetic storage dress Put, flash memory or other non-volatile solid state memories.In some instances, memory can be further included relatively In the remotely located memory of processor, these remote memories can be by network connection to terminal A.Above-mentioned network Example include but is not limited to internet, intranet, LAN, mobile radio communication and combinations thereof.

Processor can call the information and application program of memory storage by transport module, to perform following step： The operation requests for specifying account to send are received, wherein, operation requests are used to indicate to specify account to perform assigned operation；Obtain Fetching determines the type of account；Specify the type of account for primary account number subordinate sub- account when, to the first credible equipment or Second credible equipment sends the security authentication request for asking to verify assigned operation, wherein, first credible sets Standby is the credible equipment of primary account number registration, and the second credible equipment is the credible equipment of sub- account registration；Receive first credible Equipment or the second credible equipment carry out the result returned after a key checking to security authentication request, wherein, a key is tested Card is that the dedicated button on credible equipment receives the verification process triggered after triggering command.

Using the embodiment of the present invention, use when the specified account for carrying out assigned operation is for the sub- account of primary account number subordinate, The security authentication request for asking to verify the assigned operation is sent to the first credible equipment or the second credible equipment, And the first credible equipment or second credible equipment carry out the mode of a key checking to the security authentication request, by son Account can independently be initiated to carry out the security authentication request of assigned operation, without the mandate by primary account number, and First credible equipment or the second credible equipment are verified by the way of key checking to the security authentication request, exempted from The operation of account number cipher is gone to be input into, while after being verified by the first or second credible equipment, when carrying out again Authentication need not be again carried out during operation, and then has reached the simplified purpose for verifying flow, it is achieved thereby that quick peace The technique effect of full checking, and then solve that the authentication in correlation technique is cumbersome, not easily technical problem.

It will appreciated by the skilled person that the structure shown in Figure 24 is only to illustrate, terminal can also be Smart mobile phone (such as Android phone, iOS mobile phones), panel computer, applause computer and mobile internet device The terminal device such as (Mobile Internet Devices, MID), PAD.Figure 24 its not to above-mentioned electronic installation Structure cause limit.For example, terminal A may also include components more more than shown in Figure 24 or less (such as Network interface, display device etc.), or with the configuration different from shown in Figure 24.

One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment can be Completed come the device-dependent hardware of command terminal by program, the program can be stored in a computer-readable storage medium In matter, storage medium can include：Flash disk, read-only storage (Read-Only Memory, ROM), deposit at random Take device (Random Access Memory, RAM), disk or CD etc..

Embodiment 6

In the present embodiment, above computer terminal can perform following steps in the safety certifying method of application program Program code：The reception server send for the security authentication request asking to verify assigned operation；Wherein, The assigned operation is the assigned operation that the specified account is performed；A key checking is carried out to the security authentication request；Wherein, One key is verified as the dedicated button on credible equipment and receives the verification process triggered after triggering command.

It should be noted that in sub- account of the specified account for primary account number subordinate, credible equipment includes：First can Letter equipment or the second credible equipment, wherein, wherein, first credible equipment is the credible equipment of primary account number registration, Second credible equipment is the credible equipment of the sub- account registration.The terminal can be as the credible equipment.

The structure of the terminal is similar with the structure in embodiment 5, including processor, memory and transmission Module, specific function is similar to, and processor can call the information and application program of memory storage by transport module, To perform following step：The reception server send for the security authentication request asking to verify assigned operation； Wherein, the assigned operation is the assigned operation that the specified account is performed；A key checking is carried out to the security authentication request； Wherein, a key is verified as the dedicated button on credible equipment and receives the verification process triggered after triggering command.

By the present embodiment, verified by a key using the first credible equipment or the second credible equipment and sub- account is done Operation carry out safety verification, without input account number cipher, the purpose of simplified checking flow has been reached, so that real Show the technique effect fast and safely verified, and then it is cumbersome, not convenient to solve the authentication in correlation technique Technical problem.

Embodiment 7

Embodiments of the invention additionally provide a kind of storage medium.Alternatively, in the present embodiment, above-mentioned storage medium Can be used for preserving the program code performed by the safety certifying method that above-described embodiment one is provided.

Alternatively, in the present embodiment, during above-mentioned storage medium may be located at computer network Computer terminal group In any one terminal, or in any one mobile terminal in mobile terminal group.

Alternatively, in the present embodiment, storage medium is arranged to storage for performing the program code of following steps： The operation requests for specifying account to send are received, wherein, operation requests are used to indicate to specify account to perform assigned operation；Obtain Fetching determines the type of account；Specify the type of account for primary account number subordinate sub- account when, to the first credible equipment or Second credible equipment sends the security authentication request for asking to verify assigned operation, wherein, first credible sets Standby is the credible equipment of primary account number registration, and the second credible equipment is the credible equipment of sub- account registration；Receive first credible Equipment or the second credible equipment carry out the result returned after a key checking to security authentication request, wherein, a key is tested Card is that the dedicated button on credible equipment receives the verification process triggered after triggering command.

Or, storage medium is arranged to storage for performing the program code of following steps：What the reception server sent For the security authentication request for asking to verify assigned operation；Wherein, the assigned operation is specified account execution Assigned operation；A key checking is carried out to the security authentication request；Wherein, a key is verified as on credible equipment Dedicated button receives the verification process triggered after triggering command.Wherein, it is primary account number subordinate's in the specified account During sub- account, credible equipment includes：First credible equipment or the second credible equipment, wherein, wherein, this is first credible Equipment is the credible equipment of primary account number registration, and second credible equipment is the credible equipment of the sub- account registration.The meter Calculation machine terminal can be as the credible equipment.

The embodiments of the present invention are for illustration only, and the quality of embodiment is not represented.

In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not have in certain embodiment The part of detailed description, may refer to the associated description of other embodiment.

In several embodiments provided herein, it should be understood that disclosed technology contents, can be by other Mode realize.Wherein, device embodiment described above is only schematical, such as division of described unit, It is only a kind of division of logic function, there can be other dividing mode when actually realizing, for example multiple units or component Can combine or be desirably integrated into another system, or some features can be ignored, or do not perform.It is another, institute Display or the coupling each other for discussing or direct-coupling or communication connection can be by some interfaces, unit or mould The INDIRECT COUPLING of block or communication connection, can be electrical or other forms.

The unit that is illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part for showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to On multiple NEs.Some or all of unit therein can be according to the actual needs selected to realize the present embodiment The purpose of scheme.

In addition, during each functional unit in each embodiment of the invention can be integrated in a processing unit, it is also possible to It is that unit is individually physically present, it is also possible to which two or more units are integrated in a unit.It is above-mentioned integrated Unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.

If the integrated unit is to realize in the form of SFU software functional unit and as independent production marketing or when using, Can store in a computer read/write memory medium.Based on such understanding, technical scheme essence On all or part of the part that is contributed to prior art in other words or the technical scheme can be with software product Form is embodied, and the computer software product is stored in a storage medium, including some instructions are used to so that one Platform computer equipment (can be personal computer, server or network equipment etc.) performs each embodiment institute of the invention State all or part of step of method.And foregoing storage medium includes：USB flash disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD Etc. it is various can be with the medium of store program codes.

The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improve and moisten Decorations also should be regarded as protection scope of the present invention.

Claims

1. a kind of safety certifying method, it is characterised in that including：

The operation requests for specifying account to send are received, wherein, the operation requests are used to indicate the specified account Perform assigned operation；

Obtain the type of the specified account；

When the type of the specified account is the sub- account of primary account number subordinate, can to the first credible equipment or second Letter equipment sends the security authentication request for asking to verify the assigned operation, wherein, described first Credible equipment is the credible equipment of the primary account number registration, and second credible equipment is the sub- account registration Credible equipment；

Receive first credible equipment or second credible equipment carries out a key and tests to the security authentication request The result returned after card, wherein, the dedicated button that a key is verified as on credible equipment receives tactile The verification process triggered after sending instructions.

2. method according to claim 1, it is characterised in that methods described also includes：

When the type of the specified account is primary account number, the safety verification is sent to first credible equipment Request.

3. method according to claim 1, it is characterised in that sent to the first credible equipment or the second credible equipment For the security authentication request for asking to verify the assigned operation, including：

Having there is second credible equipment corresponding with the sub- account, and have been switched on described one In the case of the function of key checking, according to default priority from first credible equipment and described second credible Credible equipment is selected in equipment, and security authentication request is sent to the credible equipment of selection；

It is credible to described first in the case of in the absence of second credible equipment corresponding with the sub- account Equipment sends the security authentication request.

4. method according to claim 3, it is characterised in that the priority of first credible equipment is less than described The priority of the second credible equipment.

5. method according to claim 1, it is characterised in that before the type of the specified account is obtained, institute Stating method also includes：

In the absence of credible equipment corresponding with the specified account or the feelings of the function that a key is verified are not being opened Under condition, the terminal logged in the specified account sends the first configured information, wherein, described first indicates letter Cease for indicating specified account registration credible equipment corresponding with the specified account.

6. method according to claim 1, it is characterised in that after the operation requests for specifying account to send are received, Methods described also includes：

Obtain the action type of the assigned operation；

In the case where the action type is specified type, triggering obtains the type of the specified account；

In the case where the assigned operation is not for the specified type, to the terminal that the specified account is logged in The second configured information is sent, wherein, second configured information is used for the end for indicating the specified account to be logged in The end clearance assigned operation.

7. method according to claim 1, it is characterised in that the primary account number registers described in the following manner One credible equipment：

The primary account number and the corresponding password of the primary account number are verified；

In the case where being proved to be successful, judge whether the primary account number has bound designated equipment；

In the case where the designated equipment is bound, the identifying code to being input into the designated equipment is verified；

In the case where being proved to be successful, the designated equipment is registered as into first credible equipment.

8. method according to claim 7, it is characterised in that first credible equipment has the time-to-live, its In, using the designated equipment as first credible equipment within the time-to-live.

9. method according to claim 7, it is characterised in that can the designated equipment is registered as into described first After letter equipment, methods described also includes：

In the given time, the number of times that execution is operated with the action type identical of the assigned operation is being detected In the case of pre-determined number, triggering carries out safety verification to the designated equipment, wherein, in safety verification By rear, continue the designated equipment as first credible equipment.

10. method according to claim 1, it is characterised in that the sub- account registers described in the following manner Two credible equipments：

The sub- account and the corresponding password of the sub- account are verified；

In the case where being proved to be successful, the primary account number belonged to the sub- account sends authorized application and asks；

In the case where the primary account number mandate passes through, designated equipment is registered as into second credible equipment.

11. methods according to any one of claim 1 to 10, it is characterised in that the result includes：Really Recognize and be verified or refuse.

12. methods according to claim 11, it is characterised in that after confirming to be verified, indicate the specified account Number terminal for being logged in is let pass all operations from the specified account.

A kind of 13. safety certifying methods, it is characterised in that including：

Specify that the credible equipment the reception server of account sends for the safety asking to verify assigned operation Checking request；Wherein, the assigned operation is the assigned operation that the specified account is performed；In the specified account Number for primary account number subordinate sub- account when, the credible equipment includes：First credible equipment or the second credible equipment, Wherein, wherein, first credible equipment is the credible equipment of primary account number registration, and described second credible sets Standby is the credible equipment of the sub- account registration；

The credible equipment carries out a key checking to the security authentication request；Wherein, a key is verified as Dedicated button on credible equipment receives the verification process triggered after triggering command.

14. methods according to claim 13, it is characterised in that including：It is the primary account number in the specified account When, the credible equipment includes：First credible equipment.

A kind of 15. safety certification devices, it is characterised in that including：

First receiver module, for receiving the operation requests that specified account sends, wherein, the operation requests are used Assigned operation is performed in the specified account is indicated；

Acquisition module, the type for obtaining the specified account；

First sending module, for the type in the specified account for primary account number subordinate sub- account when, to the The safety verification that one credible equipment or the second credible equipment send for asking to verify the assigned operation please Ask, wherein, first credible equipment is the credible equipment of the primary account number registration, second credible equipment It is the credible equipment of the sub- account registration；

Second receiver module, for receiving first credible equipment or second credible equipment to the safety Checking request carries out the result returned after a key checking, wherein, a key is verified as on credible equipment Dedicated button receive the verification process triggered after triggering command.

16. devices according to claim 15, it is characterised in that first sending module is additionally operable to be specified described When the type of account is primary account number, the security authentication request is sent to first credible equipment.

17. devices according to claim 15, it is characterised in that first sending module includes：

First transmitting element, for existed second credible equipment corresponding with the sub- account and In the case of having had been switched on the function of key checking, credible set from described first according to default priority Credible equipment is selected in standby and second credible equipment, and safety verification is sent to the credible equipment of selection Request；Wherein, the default priority includes：The priority of first credible equipment is less than described second The priority of credible equipment；

Second transmitting element, in the situation in the absence of second credible equipment corresponding with the sub- account Under, send the security authentication request to first credible equipment.

18. devices according to claim 15, it is characterised in that described device also includes：

Second sending module, in the absence of credible equipment corresponding with the specified account or not opening described In the case of the function of one key checking, the terminal logged in the specified account sends the first configured information；Its In, first configured information is used to indicating that the specified account registration to be corresponding with the specified account credible sets It is standby.

19. devices according to claim 15, it is characterised in that described device also includes：

Acquisition module, the action type for obtaining the assigned operation；

Trigger module, in the case of being specified type in the action type, triggering judges the specified account Number type；

3rd sending module, in the case of in the assigned operation not for the specified type, to the finger Determine terminal the second configured information of transmission that account is logged in, wherein, second configured information is described for indicating Specify the terminal clearance assigned operation that account is logged in.

20. devices according to claim 15, it is characterised in that described device also includes：First Registering modules, use First credible equipment is registered in the primary account number, wherein, first Registering modules include：

First authentication unit, for being verified to the primary account number and the corresponding password of the primary account number；

Judging unit, in the case where being proved to be successful, judging whether the primary account number has bound designated equipment；

Second authentication unit, in the case where the designated equipment is bound, to being input into the designated equipment Identifying code is verified；

Registering unit, in the case where being proved to be successful, the designated equipment being registered as into described first credible Equipment.

21. devices according to claim 20, it is characterised in that first credible equipment has the time-to-live, its In, using the designated equipment as first credible equipment within the time-to-live.

22. devices according to claim 20, it is characterised in that first Registering modules also include：

Trigger element, in the given time, detecting the action type phase of execution and the assigned operation In the case that the number of times of same operation exceedes pre-determined number, triggering carries out safety verification to the designated equipment, its In, after safety verification passes through, continue the designated equipment as first credible equipment.

23. devices according to claim 15, it is characterised in that described device also includes：Second Registering modules, use Second credible equipment is registered in the sub- account, wherein, second Registering modules include：

Authentication unit, for being verified to the sub- account and the corresponding password of the sub- account；

Transmitting element, in the case where being proved to be successful, the primary account number belonged to the sub- account to send and authorizes Application request；

Registering unit, in the case of passing through in the primary account number mandate, described is registered as by designated equipment Two credible equipments.

24. device according to any one of claim 15 to 23, it is characterised in that the result includes： Confirmation is verified or refuses.

25. a kind of safety certification devices, it is characterised in that in credible equipment, described device includes：

Receiver module, for the reception server send for the safety verification asking to verify assigned operation Request；Wherein, the assigned operation is the assigned operation for specifying account to perform；It is main account in the specified account During the sub- account of number subordinate, the credible equipment includes：First credible equipment or the second credible equipment, wherein, Wherein, first credible equipment is the credible equipment of the primary account number registration, and second credible equipment is institute State the credible equipment of sub- account registration；

Authentication module, for carrying out a key checking to the security authentication request；Wherein, a key is verified as Dedicated button on credible equipment receives the verification process triggered after triggering command.

26. devices according to claim 25, it is characterised in that when the specified account is the primary account number, institute Stating credible equipment includes：First credible equipment.