CN107993058A - A kind of Information Authentication method and system and server - Google Patents

A kind of Information Authentication method and system and server Download PDF

Info

Publication number
CN107993058A
CN107993058A CN201610968841.0A CN201610968841A CN107993058A CN 107993058 A CN107993058 A CN 107993058A CN 201610968841 A CN201610968841 A CN 201610968841A CN 107993058 A CN107993058 A CN 107993058A
Authority
CN
China
Prior art keywords
server
service
verification
data
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610968841.0A
Other languages
Chinese (zh)
Inventor
杜磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201610968841.0A priority Critical patent/CN107993058A/en
Publication of CN107993058A publication Critical patent/CN107993058A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/023Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] the neutral party being a clearing house
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0613Third-party assisted

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

This programme embodiment provides a kind of Information Authentication method and system and server.On the one hand, in this programme embodiment, after the service server receives the service request of user, checking request is sent to the intermediate server, is carried and the relevant voucher of the business in the checking request;Intermediate server selection target parameter from the voucher, and the selection target information from the user information of the user;The intermediate server is to for verifying that the data server of the voucher sends the target component and the target information;The data server is based on verifying the target component with the relevant business datum of the target information, is verified as a result, and returning to configured information to the intermediate server based on the verification result.The technical solution that this programme embodiment provides is relatively simple to solve existing verification mode, caused service server adulterated accounting documents or notifying messages and the problem of can not be identified.

Description

Information verification method and system and server
[ technical field ] A method for producing a semiconductor device
The present disclosure relates to the field of information processing technologies, and in particular, to an information verification method and system and a server.
[ background of the invention ]
Currently, when a user purchases an item at a merchant through a platform, after the merchant delivers the item, if the user receives the item, the platform performs a receiving confirmation operation, and the platform can transfer the money of the item to an account of the merchant. The method is suitable for entity articles with short consumed time in the whole exchange process, but the method cannot meet the requirements of businesses with long consumed time in the exchange process, for example, in a travel scene, a user generally uses travel products after purchasing the travel products for several months, a merchant needs to prepare air tickets, hotels and the like required by travel for the user in advance, the user confirms to receive goods after using the air tickets and the hotels, the platform gives money to the merchant, and a travel agency needs to take several months or even longer to receive the money, which is unacceptable for the travel agency.
In order to solve the problem, at present, after the business server receives a purchase request of a user for a travel product, the business server provides a voucher to the platform and sends a notification short message to the user, and as long as the voucher is received by the platform, the platform can send a money of the travel product to a merchant. The existing verification mode (for example, the platform knows that the service server provides the notification short message to the user or receives the certificate) is single, and a problem that the service server forges the electronic certificate or notifies the short message and cannot be identified occurs. The verification method provided by the prior art does not meet the requirements of the existing users and service servers, and a new verification method is urgently needed to meet the requirements of various users and various service servers.
[ summary of the invention ]
In view of this, embodiments of the present disclosure provide an information verification method, an information verification system, and a server, so as to solve the problem that the existing verification method is single, and thus a service server forges an electronic certificate or notifies a short message and cannot be identified.
On one hand, an embodiment of the present disclosure provides an information verification method, which is applied to a system including a service server, an intermediate server, and a data server, and includes:
after receiving a service request of a user, the service server sends an authentication request to the intermediate server, wherein the authentication request carries a certificate related to the service;
the intermediate server selects target parameters from the certificate and selects target information from the user information of the user;
the intermediate server sends the target parameters and the target information to a data server for verifying the credentials;
and the data server verifies the target parameters based on the service data related to the target information to obtain a verification result, and returns indication information to the intermediate server based on the verification result.
The above aspect and any possible implementation manner further provide an implementation manner, where the sending, by the intermediate server, the target parameter and the target information to the data server for verifying the credential includes:
the intermediate server determines the service type of the service according to the certificate;
the intermediate server determines a data server for verifying the certificate according to the service type;
and the intermediate server calls a verification interface of the data server and inputs the target parameters and the target information to the verification interface.
The above-mentioned aspect and any possible implementation manner further provide an implementation manner, where the invoking, by the intermediate server, a verification interface of the data server, and inputting the target parameter and the target information to the verification interface, includes:
and the intermediate server sends a remote procedure call protocol (RPC) request to a verification interface of the data server, wherein the RPC request carries the target parameters and the target information.
The foregoing aspect and any possible implementation manner further provide an implementation manner, where the data server verifies the target parameter based on service data related to the target information to obtain a verification result, and the method includes:
the data server compares each parameter in the target parameters with the corresponding parameter in the business data respectively to obtain the comparison result of each parameter in the certificate;
and the data server obtains the verification result according to the comparison result of each parameter.
The above-mentioned aspect and any possible implementation manner further provide an implementation manner, where the obtaining, by the data server, the verification result according to the comparison result of each parameter includes:
if the parameters are consistent with the corresponding parameters in the service data, the data server obtains a verification result that the verification is passed; or,
and if at least one parameter is inconsistent with the corresponding parameter in the service data, the data server obtains a verification result that the verification fails.
The above-described aspect and any possible implementation further provide an implementation, where the indication information includes the verification result; or,
the verification result is verification passing, and the indication information is used for indicating verification passing or data transfer; or,
the verification result is verification failure, and the indication information is used for indicating that the verification fails or indicating that the data cannot be transferred.
The above-described aspects and any possible implementation further provide an implementation, further including:
if the indication information indicates that the verification is passed, or if the indication information indicates that the verification is passed or indicates that the data is transferred, the intermediate server transfers the data belonging to the intermediate server to the service server.
The above-described aspects and any possible implementation further provide an implementation, further including:
if the indication information indicates that the verification fails, or if the indication information indicates that the verification fails or indicates that the data cannot be transferred, the intermediate server acquires other certificates related to the service from the service server except the certificate;
and the intermediate server verifies the other certificates according to a specified verification mode to obtain a verification result.
The above-described aspects and any possible implementation further provide an implementation, further including:
and if the indication information indicates that the verification result is that the verification is passed, or if the indication information indicates that the data is transferred, the intermediate server provides a notification message that the verification is passed to the user.
The above-described aspect and any possible implementation manner further provide an implementation manner, where the user information of the user is obtained by the intermediate server according to the credential; or,
and the user information of the user is carried in the verification request.
The above-described aspect and any possible implementation manner further provide an implementation manner, where when the method is applied to a travel scenario, the service type of the service includes: at least one of a traffic type and an accommodation type.
The above-described aspects and any possible implementations further provide an implementation, wherein the credential includes: at least one of identification information of the service and detailed information of the service.
On the other hand, an embodiment of the present disclosure provides an information verification method, which is executed on an intermediate server, and includes:
after a service server receives a service request of a user, receiving an authentication request from the service server, wherein the authentication request carries a certificate related to the service;
selecting target parameters from the credentials and target information from the user information of the user;
sending the target parameters and the target information to a data server for verifying the credentials;
and receiving a verification result obtained by verifying the target parameter based on the service data related to the target information or indication information based on the verification result, which is returned by the data server.
On the other hand, an embodiment of the present disclosure provides an information verification method, including:
after receiving a service request of a user, a service server sends an authentication request to an intermediate server, wherein the authentication request carries a certificate related to the service;
the intermediate server obtains service data related to user information of the user from a data server corresponding to the service;
and the intermediate server verifies the certificate based on the service data related to the user information to obtain a verification result.
The above aspect and any possible implementation manner further provide an implementation manner, where the obtaining, by the intermediate server, service data related to the user information from a data server corresponding to the service includes:
the intermediate server determines the service type of the service according to the certificate;
the intermediate server determines a data server corresponding to the service according to the service type;
the intermediate server calls a query interface of the data server and inputs target information selected from the user information of the user to the query interface;
and the intermediate server receives the business data which is returned by the data server in response to the call of the intermediate server and is related to the target information according to the target information.
The above-mentioned aspect and any possible implementation manner further provide an implementation manner, in which the intermediate server invokes a query interface of the data server, and inputs target information selected from the user information of the user to the query interface, including:
and the intermediate server sends a remote procedure call protocol (RPC) request to a query interface of the data server, wherein the RPC request carries the target information.
The foregoing aspect and any possible implementation manner further provide an implementation manner, where the verifying the credential based on the service data related to the user information by the intermediate server to obtain a verification result, where the verifying the credential includes:
the intermediate server compares each parameter in the certificate with the corresponding parameter in the business data respectively to obtain the comparison result of each parameter in the certificate;
and the intermediate server obtains the verification result according to the comparison result of each parameter in the certificate.
The above-mentioned aspect and any possible implementation manner further provide an implementation manner, where the obtaining, by the intermediate server, the verification result according to the comparison result of each parameter in the credential includes:
if all the parameters in the certificate are consistent with the corresponding parameters in the service data, the intermediate server obtains a verification result that the verification is passed; or,
and if at least one parameter in the certificate is inconsistent with the corresponding parameter in the service data, the intermediate server obtains a verification result that the verification fails.
The above-described aspects and any possible implementation further provide an implementation, further including:
and if the verification result is that the verification is passed, the intermediate server transfers the data belonging to the intermediate server to the service server.
The above-described aspects and any possible implementation further provide an implementation, further including:
if the verification result is that the verification fails, the intermediate server acquires other certificates related to the service from the service server except the certificate;
and the intermediate server verifies the other certificates according to a specified verification mode to obtain a verification result.
The above-described aspects and any possible implementation further provide an implementation, further including:
and if the verification result is that the verification is passed, the intermediate server provides a notification message that the verification is passed to the user.
The above-described aspect and any possible implementation manner further provide an implementation manner, where the user information of the user is obtained by the intermediate server according to the credential; or,
and the user information of the user is carried in the verification request.
The above-described aspect and any possible implementation manner further provide an implementation manner, where when the method is applied to a travel scenario, the service type of the service includes: at least one of a traffic type and an accommodation type.
The above-described aspects and any possible implementations further provide an implementation, wherein the credential includes: at least one of identification information of the service and detailed information of the service.
In another aspect, an embodiment of the present disclosure provides an information verification method, executed on an intermediate server, including:
after a service server receives a service request of a user, receiving an authentication request from the service server, wherein the authentication request carries a certificate related to the service;
obtaining service data related to the user information of the user from a data server corresponding to the service;
and verifying the certificate based on the service data related to the user information to obtain a verification result.
In another aspect, an embodiment of the present disclosure provides an information verification system, including: the system comprises a business server, an intermediate server and a data server; wherein,
the service server is used for sending an authentication request to the intermediate server after receiving a service request of a user, wherein the authentication request carries a certificate related to the service;
the intermediate server is used for selecting target parameters from the certificate and selecting target information from the user information of the user;
the intermediate server is further used for sending the target parameters and the target information to a data server for verifying the credentials;
and the data server is used for verifying the target parameters based on the service data related to the target information to obtain a verification result and returning indication information to the intermediate server based on the verification result.
The above-described aspect and any possible implementation further provide an implementation, where the intermediate server is specifically configured to:
determining the service type of the service according to the certificate;
determining a data server for verifying the certificate according to the service type;
and calling a verification interface of the data server, and inputting the target parameters and the target information to the verification interface.
The above-described aspect and any possible implementation further provide an implementation, where the intermediate server is specifically configured to:
and sending a remote procedure call protocol (RPC) request to a verification interface of the data server, wherein the RPC request carries the target parameters and the target information.
The above-described aspect and any possible implementation further provide an implementation, where the data server is specifically configured to:
comparing each parameter in the target parameters with the corresponding parameter in the service data respectively to obtain a comparison result of each parameter;
and obtaining the verification result according to the comparison result of each parameter.
The above-described aspect and any possible implementation further provide an implementation, where the data server is specifically configured to:
if the parameters are consistent with the corresponding parameters in the service data, obtaining a verification result that the verification is passed; or,
and if at least one parameter is inconsistent with the corresponding parameter in the service data, obtaining a verification result that the verification fails.
The above-mentioned aspect and any possible implementation manner further provide an implementation manner, if the indication information indicates that the data is verified, or if the indication information indicates that the data is verified or indicates to transfer the data, the intermediate server is further configured to: and transferring the data belonging to the intermediate server to the service server.
The above-mentioned aspect and any possible implementation manner further provide an implementation manner, if the indication information indicates that the verification fails, or if the indication information indicates that the verification fails or indicates that the data cannot be transferred, the intermediate server is further configured to: obtaining other certificates related to the business from the business server except the certificates; and verifying the other certificates according to a specified verification mode to obtain a verification result.
The above-mentioned aspect and any possible implementation manner further provide an implementation manner, where when the system is applied to a travel scenario, the service type of the service includes: at least one of a traffic type and an accommodation type.
The above-described aspects and any possible implementations further provide an implementation, wherein the credential includes: at least one of identification information of the service and detailed information of the service.
In another aspect, an embodiment of the present disclosure provides a server, including:
a first receiving unit, configured to receive, after a service server receives a service request of a user, an authentication request from the service server, where the authentication request carries a credential related to the service;
the processing unit is used for selecting target parameters from the voucher and selecting target information from the user information of the user;
a sending unit, configured to send the target parameter and the target information to a data server for verifying the credential;
a second receiving unit, configured to receive a verification result obtained by verifying the target parameter based on the service data related to the target information, or indication information based on the verification result, where the verification result is returned by the data server.
In another aspect, an embodiment of the present disclosure provides an information verification system, including:
the service server is used for sending an authentication request to the intermediate server after receiving a service request of a user, wherein the authentication request carries a certificate related to the service;
the intermediate server is used for obtaining service data related to the user information of the user from the data server corresponding to the service;
the intermediate server is further configured to verify the credential based on the service data related to the user information to obtain a verification result.
The above-described aspect and any possible implementation further provide an implementation, where the intermediate server is specifically configured to:
determining the service type of the service according to the certificate;
determining a data server corresponding to the service according to the service type;
calling a query interface of the data server, and inputting target information selected from the user information of the user to the query interface;
and receiving the business data which is returned by the data server in response to the calling of the intermediate server and is related to the target information according to the target information.
The above-described aspect and any possible implementation further provide an implementation, where the intermediate server is specifically configured to:
and sending a remote procedure call protocol (RPC) request to a query interface of the data server, wherein the RPC request carries the target information.
The above-described aspect and any possible implementation further provide an implementation, where the intermediate server is specifically configured to:
comparing each parameter in the certificate with the corresponding parameter in the business data respectively to obtain a comparison result of each parameter in the certificate;
and obtaining the verification result according to the comparison result of each parameter in the certificate.
The above-described aspect and any possible implementation further provide an implementation, where the intermediate server is specifically configured to:
if all the parameters in the certificate are consistent with the corresponding parameters in the service data, obtaining a verification result which passes the verification; or,
and if at least one parameter in the certificate is inconsistent with the corresponding parameter in the service data, obtaining a verification result that the verification fails.
The above-mentioned aspects and any possible implementation manners further provide an implementation manner, and if the verification result is that the verification is passed, the intermediate server is further configured to transfer the data belonging to the intermediate server to the service server.
The above-mentioned aspects and any possible implementation manners further provide an implementation manner, and if the verification result is that the verification fails, the intermediate server is further configured to obtain, from the service server, credentials related to the service, except for the credentials; and verifying the other certificates according to a specified verification mode to obtain a verification result.
The above-mentioned aspect and any possible implementation manner further provide an implementation manner, where when the system is applied to a travel scenario, the service type of the service includes: at least one of a traffic type and an accommodation type.
The above-described aspects and any possible implementations further provide an implementation, wherein the credential includes: at least one of identification information of the service and detailed information of the service.
In another aspect, an embodiment of the present disclosure provides a server, including:
a receiving unit, configured to receive, after a service server receives a service request of a user, an authentication request from the service server, where the authentication request carries a credential related to the service;
an obtaining unit, configured to obtain service data related to the user information of the user from a data server corresponding to the service;
and the verification unit is used for verifying the certificate based on the service data related to the user information to obtain a verification result.
One of the above technical solutions has the following beneficial effects:
in the embodiment of the scheme, the data server is introduced, and for the certificate provided by the service server, the data server verifies the target parameter in the certificate based on the service data related to the target information in the user information to obtain the verification result, and the data server is the server which actually and directly provides the service for the user.
[ description of the drawings ]
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
Fig. 1 is an overall interaction flow of an information verification method provided by an embodiment of the present invention;
fig. 2 is a schematic flow chart of an information verification method according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of an intermediate server side in an information verification processing method provided in an embodiment of the present disclosure;
fig. 4 is a flowchart illustrating a method for implementing step 302 according to an embodiment of the present disclosure;
FIG. 5 is an exemplary diagram of invoking an authentication interface and entering credentials and user information provided by an embodiment of the present solution;
fig. 6 is another schematic diagram of the overall interaction flow in the information verification method provided by the embodiment of the present invention;
fig. 7 is another schematic flow chart of an information verification method provided in an embodiment of the present disclosure;
fig. 8 is another general interactive flow of the information verification method provided by the embodiment of the present invention;
fig. 9 is another schematic flow chart of the intermediate server side in the information processing method provided by the embodiment of the present invention;
fig. 10 is a flowchart illustrating a method for implementing step 903 provided in this embodiment of the present invention;
fig. 11 is another schematic diagram of the overall interaction flow in the information verification method provided by the embodiment of the present invention;
fig. 12 is another schematic flow chart of an information verification method provided in an embodiment of the present invention;
fig. 13 is a diagram showing an exemplary configuration of an information verification system provided in an embodiment of the present invention;
fig. 14 is a functional block diagram of a server according to an embodiment of the present invention;
fig. 15 is another functional block diagram of the server according to the embodiment of the present invention;
fig. 16 is an exemplary diagram of a server provided by the embodiment of the present invention.
[ detailed description ] embodiments
In order to better understand the technical solution of the present solution, the following describes an embodiment of the present solution in detail with reference to the accompanying drawings.
It should be clear that the described embodiments are only a part of the present solution, not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments in the present solution, belong to the protection scope of the present solution.
The terminology used in the embodiments of the present solution is for the purpose of describing particular embodiments only and is not intended to be limiting of the present solution. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be understood that the term "and/or" as used herein is merely one type of association that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrases "if determined" or "if detected (a stated condition or event)" may be interpreted as "when determined" or "in response to a determination" or "when detected (a stated condition or event)" or "in response to a detection (a stated condition or event)", depending on the context.
Aiming at the problems that the existing verification mode in the prior art, such as the intermediate server knows that the service server provides the notification short message or the electronic certificate for the user) is single, the service server forges the certificate or notifies the short message and cannot be identified, the embodiment of the scheme provides a corresponding solution idea: and verifying the certificate provided by the service server by using the data server based on the service data related to the target information in the user information.
Under the guidance of the idea, the embodiment of the scheme provides two feasible implementation schemes.
One approach is for the data server to perform authentication of the credentials. That is, the performer of the verification operation is the data server.
The second method is that the intermediate server uses the service data related to the target information in the user information provided by the data server to verify the certificate. That is, the performer of the authentication operation is the intermediate server, but still requires the assistance of the data server.
It should be noted that the embodiment of the present invention can be applied to a system including an intermediate server, a data server, and a service server. The intermediate server can be an operator platform and can temporarily store the data of the user, when the certificate provided by the service server to the user passes the verification, the intermediate server provides the data of the user to the service server, so that the problem that the certificate is forged or a short message is notified by the service server and cannot be identified is avoided, and the benefit of the service server can be simultaneously maintained on the premise of ensuring the data of the user. The service server refers to a server which can provide proxy service of the service to the user, the data server refers to a server which directly and actually provides the service to the user, the user can obtain qualification for using the service from the service server, and what really provides the service related to the service is the data server, namely, the user needs to go to the data server to use the service.
In the above two possible implementation schemes, the client may be implemented by a terminal integrated with content such as an application program or a service component, for example, a mobile phone, a tablet computer, a desktop computer, and the like. The intermediate server may be integrated on the network side. The communication between the client and the intermediate server may be directly performed by using a communication method between terminals integrated with the client and the intermediate server, or a corresponding communication method may be separately designed.
Related description about method one. The overall interactive flow of the provided information verification method is shown in fig. 1, and includes:
101. and after receiving the service request of the user, the service server sends an authentication request to the intermediate server, wherein the authentication request carries a certificate related to the service.
102. The intermediate server selects the target parameters from the credentials and selects the target information from the user information of the user.
103. The intermediate server sends the target parameters and the target information to a data server for validating the credentials.
104. And the data server verifies the target parameters based on the service data related to the target information to obtain a verification result, and returns indication information to the intermediate server based on the verification result.
For the implementation of step 101, the embodiment of this embodiment provides a possible implementation manner here, as shown in fig. 2, including:
201. the service server receives a service request initiated by a user through the intermediate server.
Specifically, a user can log in an intermediate server through a client, and then initiate a service request to a service server through the intermediate server.
202. And the service server judges whether the service can be provided for the user or not according to the service request. If so, go to step 203, and if not, go to step 205.
203. When the service server is able to provide the service to the user, the service server transmits a notification message that the service can be provided to the user. Then 204 is executed to trigger the intermediate server to execute the verification process, and the certificate of the service provided by the service server to the user is verified.
204. When the service server can provide the service for the user, the service server sends an authentication request to the intermediate server, wherein the authentication request carries a certificate related to the service.
In an alternative implementation, the authentication request may also carry user information of the user.
For example, the intermediary server may provide an input interface to the business server, where the business server may enter credentials. Or, the service server may also send the information containing the credential to the intermediate server according to the agreed format with the intermediate server, for example, the information containing the credential may be a character string conforming to the agreed format, and the intermediate server may extract the required credential from the character string; alternatively, the information containing the credentials may be a screenshot of the credentials, from which the intermediate server identifies the required credentials.
It should be noted that the service server may provide at least one type of service to the user at the same time, and correspondingly, the service server needs to provide the credential of each type of service to the intermediate server, so that the intermediate server obtains the authentication result of the credential of each type of service according to the credential of each type of service.
In this embodiment, the credential may include, but is not limited to, at least one of the following information:
identification information of the service;
details of the service.
The embodiment of the scheme can be applied to various application scenes, such as a travel scene, a ticket business scene and a field leasing scene. The types of traffic in the travel scenario may include traffic types and accommodation types. For example, the traffic under the traffic type may include airline tickets, train tickets, or boat tickets. The services in the ticketing scenario may include entrance tickets, performance tickets, game tickets, and the like. The services in the field rental scene can include venue rentals, banquet hall rentals, conference room rentals and the like.
In the following, a travel scenario is taken as an example, in which a service server is a travel agency, a service in a traffic type is an airline ticket, and a service in an accommodation type is a hotel, and credentials and user information are exemplified.
TABLE 1 airline ticket voucher, user information of the user
TABLE 2 Hotel's credentials, user information for the user
It should be noted that, the information type in the certificate and what parameters under each type can be set according to the actual situation, and the embodiment of the present invention only provides several feasible ideas, and is not limited. The following explanations of the same application scenario, service type, service and credential are referred to herein, and will not be described further.
205. When the service server can not provide the service for the user, the service server refuses the request of the user and sends a notification message that the service can not be provided to the user.
Based on the foregoing general flow, an embodiment of the present disclosure further provides a method flow for an intermediate server side, please refer to fig. 3, which is a schematic flow diagram of the intermediate server side in the information verification processing method provided in the embodiment of the present disclosure, as shown in fig. 3, the method may include:
301. after receiving a service request of a user, the service server receives an authentication request from the service server, wherein the authentication request carries a certificate related to the service.
302. Target parameters are selected from the credentials and target information is selected from user information of the user.
303. And sending the target parameters and the target information to a data server for verifying the certificate.
304. And receiving a verification result obtained by verifying the target parameters based on the service data related to the target information or indication information based on the verification result, which is returned by the data server.
For the implementation of step 302, the embodiment of the present invention provides a possible implementation manner, as shown in fig. 4, including:
3021. and the intermediate server determines the service type of the service according to the certificate.
3022. And the intermediate server determines a data server for verifying the certificate according to the service type.
3023. The intermediate server calls a verification interface of the data server and inputs target parameters and target information to the verification interface.
In one particular implementation, if the service type is included in the credential, the intermediate server may obtain the service type directly from the credential. The length and the structural characteristics of characters in the identifications of different types of services are different, so that when the voucher does not comprise the service type, the intermediate server can identify the service type according to the identification information of the service in the voucher.
It will be appreciated that one data server may have one or more validation interfaces, each validation interface corresponding to a service type. A plurality of data servers belonging to the same category may use a common authentication interface, or a plurality of data servers belonging to the same category may also use respective authentication interfaces, which is not particularly limited in this embodiment of the present invention.
For example, a certain vacation limited company can provide both entrance tickets and hotels, so that the data server of the vacation limited company can have two verification interfaces, one corresponding to the entrance tickets and the other corresponding to the hotels. If the intermediate server needs to verify the entrance ticket, a verification interface corresponding to the entrance ticket issued by the data server of the vacation limited company needs to be called, and if the intermediate server needs to verify the hotel, a verification interface corresponding to the wine shop issued by the data server of the vacation limited company needs to be called.
Alternatively, for example, if all airlines use a common service server, the common service server provides an authentication interface, and when the intermediate server determines that the service type is an airline ticket, the authentication interface of the common service server is called directly to authenticate the airline ticket.
It should be noted that, for the verification interface of the data server related in the embodiment of the present disclosure, if there is a related interface of the data server with a comparative specification in the industry, which can be called by the intermediate server to implement verification, such an interface may be directly used, for example, if there is a related interface in the current airline company, when verifying an airline ticket, the intermediate server may be directly called. If the industry does not have the relevant interfaces of the standard data server, the operator of the intermediate server can coordinate with the data server to develop the verification interface for the data server.
In a specific implementation scheme, the communication between the intermediate server and the data server can be realized through the internet, and based on the communication, the intermediate server can call the verification interface of the data server through a network request. For example, the network request may be a Remote Procedure Call Protocol (RPC) request.
For example, the intermediate server may send a HyperText Transfer Protocol (HTTP) request to the verification interface of the data server, where the HTTP request carries the target parameter and the target information.
Taking the example of an airline ticket in a travel scenario, the verification interface of the data server of the airline company may be TES _ airticket validaterq. The verification interface TES _ AirTicketValidateRQ can be obtained by packaging http:// agibe. Similarly, the invocation of the authentication interface of the hotel's data server may also be implemented using RPC requests (e.g., HTTP requests).
In the embodiment of the present invention, the intermediate server may directly obtain the user information of the user from the authentication request sent by the service server, or the intermediate server may also obtain the user information of the user after performing calculation according to the credential.
For example, the method for the intermediate server to select the target parameter from the credentials may include, but is not limited to, the following:
the first is that the intermediate server selects the target parameters from the credentials according to a pre-configured selection policy.
For example, the pre-configured selection policy is to select a time parameter related to the service and identification information of the service from the credential as target parameters. Taking the example that the service is an airline ticket, the credential provided by the service server to the intermediate server includes the following parameters: the method comprises the steps that the ticket number, the take-off time, the landing time, the departure airport mark and the arrival airport mark of the airplane ticket are selected from a voucher by an intermediate server according to a pre-configured selection strategy, time information related to business, such as the take-off time and the landing time, and identification information of the selected business, such as the ticket number of the airplane ticket, are selected, namely the intermediate server selects the take-off time, the landing time and the identification information of the business as target parameters. Taking the example that the service is a hotel, the certificate provided by the service server to the intermediate server includes the following parameters: the method comprises the steps that a reservation order number, check-in time, check-out time and a room type of a room are obtained, the intermediate server selects time information related to a service, such as check-in time and check-out time, and selects identification information of the service, such as the reservation order number of the room, from a certificate according to a pre-configured selection strategy, namely the intermediate server selects the check-in time, the check-out time and the reservation order number of the room from the certificate as target parameters.
For example, the pre-configured selection policy is to select the identification information of the service from the credentials as the target parameter. Taking the example that the service is an airline ticket, the credential provided by the service server to the intermediate server includes the following parameters: the method comprises the steps that the ticket number, the takeoff time, the landing time, the departure airport mark and the arrival airport mark of the airplane ticket are obtained, and the intermediate server selects the mark information of the business, such as the ticket number of the airplane ticket, from the voucher as target parameters according to a pre-configured selection strategy. Taking the example that the service is a hotel, the certificate provided by the service server to the intermediate server includes the following parameters: the reservation list number, the check-in time, the check-out time and the room type of the room, and the intermediate server selects the identification information of the service, such as the reservation list number of the room, from the voucher as a target parameter according to a pre-configured selection strategy.
The second is that the intermediate server selects the target parameters from the voucher according to the service type.
For example, if the type of service is a traffic type, a ticket number may be selected from the voucher as the target parameter, or if the type of service is an accommodation type, a reservation number of a room may be selected from the voucher as the target parameter. In a possible implementation scheme, the correspondence between the service type and the selected target parameter may be preset in the intermediate server.
The third is that the intermediate server selects all parameters in the voucher as target parameters.
For example, taking the example that the service is an airline ticket, the data server provides the voucher of the airline ticket with the following parameters: the ticket number, the take-off time, the landing time, the departure airport mark and the arrival airport mark of the airplane ticket, and the intermediate server takes all the parameters in the voucher as target parameters. For another example, taking the service as a hotel, the credential provided by the data server for the hotel includes the following parameters: the reservation order number, the check-in time, the check-out time and the room type of the room, and the intermediate server takes all the parameters as target parameters.
It should be noted that, the selection method of the target parameter in the credential input by the intermediate server to the verification interface of the data server may be set according to actual situations, and the embodiment of the present invention provides only a few feasible ideas, and is not limited. The following explanation of the same target parameters can refer to the same, and will not be repeated.
For example, the method for the intermediate server to select the target information from the user information of the user may include, but is not limited to, the following:
the first is that the intermediate server selects the target information from the user information of the user according to a pre-configured selection policy.
For example, the pre-configured selection policy is to select a certificate number of the user as target information from user information of the user. Taking the service as an example of an airline ticket, the user information of the user obtained by the intermediate server includes a passenger name, a passenger gender, a passenger certificate type and a passenger certificate number, and the intermediate server selects the passenger certificate number as target information from the user information of the user according to a selection strategy. Taking the example that the service is a hotel, the user information of the user obtained by the intermediate server comprises the name of the check-in person, the certificate type of the check-in person and the certificate number of the check-in person, and the intermediate server selects the certificate number of the check-in person from the user information of the user as target information according to a selection strategy.
For another example, the pre-configured selection policy is to select a user name and a user certificate number as target information from user information of the user. Taking the service as an example of an airline ticket, the user information of the user obtained by the intermediate server includes a passenger name, a passenger gender, a passenger certificate type and a passenger certificate number, and the intermediate server selects the passenger name and the passenger certificate number as target information from the user information of the user according to a selection strategy. Taking the service as a hotel as an example, the user information of the user obtained by the intermediate server comprises the name of the check-in person, the certificate type of the check-in person and the certificate number of the check-in person, and the intermediate server selects the name of the check-in person and the certificate number of the check-in person from the user information of the user as target information according to a selection strategy.
The second is that the intermediate server selects the target information from the user information of the user according to the service type.
For example, if the service type is a traffic type, a user name, a user certificate category, and a user certificate number may be selected from user information of the user as target information, or if the service type is an accommodation type, an attendee name, an attendee gender, and an attendee certificate number may be selected from a certificate as target information. In a possible implementation scheme, the correspondence between the service type and the selected target information may be preset in the intermediate server.
The third is that the intermediate server selects all information in the user information of the user as the target information.
For example, taking the example that the service is an airline ticket, the user information of the user obtained by the intermediate server includes the following information: the ticket number, the take-off time, the landing time, the departure airport mark and the arrival airport mark of the airplane ticket are all used as target information by the intermediate server. Taking the example that the service is a hotel, the user information of the user obtained by the intermediate server includes the following information: the reservation list number, the check-in time, the check-out time and the room type of the room, and the intermediate server takes all the information as target information.
It should be noted that the selection method of the target information input into the verification interface of the data server by the intermediate server may be set according to actual situations, and the embodiment of the present disclosure provides only a few feasible ideas, and is not limited. The following explanation of the same target information can refer to the same, and will not be described in detail.
For example, please refer to fig. 5, which is an exemplary diagram of invoking an authentication interface and inputting a credential and user information provided in the embodiment of the present disclosure, as shown in fig. 5, taking an example that a service is an airline ticket and a data server is a server of an airline company as an example, an intermediate server invokes an authentication interface TES _ airticket validaterq of the server of the airline company, and then inputs target information TravelerInfo selected from user information of a user and a ticket number Ticketing of the airline ticket selected from the credential to the authentication interface. Of course, the present example is only illustrated by taking these two parameters as an example, and is not used to limit the types and the number of the contents that can be input, and other parameters or other information may also be included in the practical application.
For the implementation of step 103, the embodiment of the present invention provides a feasible implementation manner, including: the data server can respond to the trigger of the intermediate server, verify the target parameters input by the intermediate server when the intermediate server calls the verification interface according to the business data related to the target information to obtain a verification result, then return indication information to the intermediate server based on the verification result, then the intermediate server can receive the indication information returned by the data server responding to the self call, and further can perform subsequent processing flow according to the indication information.
For example, the authentication method of the data server may include, but is not limited to:
the data server finds pre-stored business data related to the target information according to the target information provided by the intermediate server, and then compares each parameter in the target parameters with the corresponding parameter in the business data respectively to obtain the comparison result of each parameter; and then obtaining the verification result according to the comparison result of each parameter. If all the parameters are consistent with the corresponding parameters in the service data, the data server obtains a verification result that the verification is passed; or, if at least one parameter is inconsistent with the corresponding parameter in the service data, the data server obtains a verification result that the verification fails. It should be noted that the service data related to the target information may be generated by the data server according to the actual situation of the provided service, and therefore, in this embodiment of the present disclosure, the service data related to the target information is derived from the actual provider of the service (i.e., the data server), and has higher authenticity.
For the implementation of step 303, this embodiment provides a feasible implementation manner here, including: and the intermediate server receives indication information returned to the intermediate server by the data server based on the verification result by calling a verification interface of the data server.
In this embodiment, the implementation scheme of the indication information may include the following three types:
the first is that the indication information carries the verification result.
The second is that when the verification result is that the verification is passed, the indication information is used for indicating that the verification is passed or for indicating that the data is transferred.
And thirdly, when the verification result is that the verification fails, the indication information is used for indicating that the verification fails or indicating that the data can not be transferred.
After step 304, this embodiment may further include an optional implementation, including: and if the indication information indicates that the verification result is that the verification is passed, or if the indication information indicates that the data is transferred, the intermediate server provides a notification message that the verification is passed to the user.
For example, the intermediate server pushes a notification message that the verification is passed to the client, or may also send a notification short message that the verification is passed to the mobile terminal where the client is located.
In addition, in this embodiment of the present disclosure, the data server may also be unable to verify the credential, and at this time, the data server sends, based on the verification failure, indication information to the intermediate server, where the indication information is used to indicate that the verification failure occurs, or is used to indicate that the data cannot be transferred, or the indication information carries a verification result that the verification failure occurs.
When the verification result is that the verification fails, the intermediate server needs to acquire the other certificates of the service from the service server; and then, re-verifying other certificates according to the specified verification mode to obtain a verification result.
In this embodiment, according to the designated verification mode, the method for re-verifying the other credentials may include, but is not limited to, the following:
the first is that the intermediate server calls the verification interface of the data server by using other certificates of the service acquired from the service server to perform re-verification to obtain a verification result.
The second is that the intermediate server uses the other certificates of the service and the above-mentioned certificates obtained from the service server to call the verification interface of the data server to perform re-verification to obtain the verification result.
And thirdly, the intermediate server acquires a manual verification result obtained according to other certificates or other certificates and the certificates. For example, when the verification result is that the verification is not passed, the server adds the certificate which is not passed in the verification to a specified list, and sets the state of the certificate to be verification-failed. Then, according to the certificate in the appointed list, another certificate of the service is requested to be obtained from the service server, and then manual verification is carried out according to the certificate, or the certificate and the other certificate, so that a manual verification result is obtained and returned to the intermediate server.
It can be understood that, because the cost of manual verification is relatively high and the efficiency is relatively high, in most cases, the verification needs to be automatically realized through the intermediate server and the data server, that is, it needs to be ensured that the certificates waiting for verification have data meeting the verification requirements of the data server in different scenes (different departure dates selected by users, different numbers of people and the like lead to different certificates provided for the intermediate server by the service server), the intermediate server can provide an algorithm model, and the data required to be input into the verification interface can be calculated according to the certificates provided by the service server, so that the data server can provide the verification result. The intermediate server may also directly enter the credential into the authentication interface if the credential has met the data server authentication requirements.
For example, the service server provides the ticket number of the airplane ticket, the departure date of 11 months and 11 days, and the adult ticket of 5 days and 4 nights, but the intermediate server also needs to provide the return date to the data server, so the intermediate server needs to calculate the return date of 11 months and 15 days according to the certificate provided by the service server, and then input the ticket number, the departure date of 11 months and 11 days, the return date of 11 months and 15 days and the adult ticket into the verification interface.
In the prior art, in order to avoid that the service server cannot receive the data of the user for a long time, the intermediate server provides the data of the user to the service server after the service server sends a notification short message or a certificate to the user. However, because the notification short message or the certificate provided by the service server cannot prove whether the service server really provides the user to use the service normally according to the requirement, if the service server forges the certificate for early receiving the data, and when the service server cannot fulfill the responsibility of providing the service when the user needs to use the service, the service server returns the data to the user, the user considers the service as available, does not agree with the data return, both parties are not rigid, at present, only the operator of the intermediate server can make a solution, the user is lost, the normal operation and maintenance of the intermediate server are affected, and the verification mode cannot meet the requirements of the user and the service server. In the embodiment of the scheme, the data server is introduced, the certificate provided by the service server is verified through the data server based on the service data related to the target information in the user information to obtain the verification result, the service provider to which the data server belongs is the main body which actually and directly provides the service related to the service for the user, and the data server stores or generates the real data of the service. Furthermore, once the verification result is verified, namely the verification of the data server proves that the service server really provides the service for the user, the intermediate server transfers the data which is provided by the user to the intermediate server in advance to the service server, so that the service server can not only ensure that the user can use the service really, but also transfer the data to the service server in time, the problem that the service server can not obtain the data in time is avoided, and the requirements of both the user and the service server can be met. When the authentication fails, the intermediate server does not transfer the user data, so that the problem of user loss caused by counterfeiting of a certificate by the service server to obtain the data earlier can be avoided, and the security risk is reduced. The problem of poor user experience caused by the fact that the service server cannot provide services for the user when the user needs to use the services can be solved, the operation and maintenance burden of the intermediate server is reduced, and the reliability of data transfer control is improved.
Based on the foregoing general interaction flow, an embodiment of the present disclosure further provides a specific implementation manner for the general interaction flow, please refer to fig. 6, which is another schematic diagram of the general interaction flow in the information verification method provided in the embodiment of the present disclosure, as shown in fig. 6, the method may include:
601. and after receiving the service request of the user, the service server sends an authentication request to the intermediate server, wherein the authentication request carries a certificate related to the service.
602. And the intermediate server determines the service type according to the certificate.
603. And the intermediate server determines a data server for verifying the certificate according to the service type.
604. The intermediate server calls an authentication interface of the data server and inputs target parameters selected from the credentials and target information selected from the user information of the user to the authentication interface.
Specifically, if the service type is an airline ticket, a verification interface of a data server of the airline company is called, if the service type is a hotel, a verification interface of a data server of the hotel is called, and if the service type is a scenic spot ticket, a verification interface of a data server of the scenic spot is called.
605. And the data server obtains the service data related to the target information according to the target information, verifies the target parameters by using the service data, and returns indication information to the intermediate server based on a verification result. This example illustrates an example in which the indication information carries the verification result.
606. And the intermediate server receives the indication information returned by the data server through the verification interface, and executes a corresponding processing flow according to a verification result carried by the indication information. If the verification passes, 607 is performed; if the verification does not pass, 608 is performed.
607. The intermediate server transfers the data belonging to the intermediate server to the service server and provides a notification message that the authentication is passed to the user. Wherein, the data belonging to the intermediate server may be pre-transferred to the intermediate server by the user using the service.
608. The intermediate server adds the credential to the verification relationship table and sets the state of the credential to verify failure.
609. The operation and maintenance personnel of the intermediate server can log in the intermediate server and check the information in the verification relation table.
610. The operation and maintenance personnel can obtain other certificates of the business from the business server through the intermediate server, such as screenshot of the certificate.
611. And carrying out manual verification according to the screenshot of the certificate. If the manual verification result is that the verification is passed, that is, the screenshot of the credential is considered to pass the verification, step 607 is executed, and the verification relationship table is modified, and the state of the credential is set to pass the verification, or the credential is deleted from the verification relationship table, which indicates that the verification passes. Otherwise, if the result of the manual verification is that the verification is not passed, step 610 is executed, that is, it is necessary to continue to obtain other credentials of the service from the service server, and continue the verification process until the verification is passed, and step 607 cannot be executed.
Based on the above general flow, the embodiment of the present invention further provides a specific implementation manner for the general flow, and in this embodiment, the example is given by taking a service server of the user a and the merchant S, the service is an airline ticket, and the data server belongs to the airline company G. Please refer to fig. 7, which is another flow chart illustrating an information verification method according to an embodiment of the present invention, as shown in fig. 7, the method may include:
701. the business server of the merchant S receives a request of the user A for purchasing the airline ticket through the intermediate server.
702. The business server of the merchant S judges whether the self airline ticket can provide the required airline ticket for the user A, if so, the step 703 is executed, and if not, the step 704 is executed.
For example, the user a purchases a travel airline ticket between shanghai-okinawa and 5 days and 4 nights from the merchant S, the departure time of the user a is 11 months and 11 days, and the business server of the merchant S finds that all airline tickets in the airline ticket resource on the day are sold, so that the airline tickets cannot be normally provided to the user a, that is, the required airline tickets cannot be provided to the user, and step 704 is executed. If the business server of the merchant S finds that the airline tickets in the airline ticket resources are not sold completely, the airline tickets can be normally provided to the user a, that is, the required airline tickets can be provided to the user, and step 703 is executed.
703. If the business server of the merchant S can provide the required airline ticket to the user and the business server of the merchant S has purchased the required airline ticket for the user a, the business server of the merchant S can provide the ticket number of the airline ticket and the name of the user a as credentials to the intermediate server, and then execute step 706.
For example, the business server of the merchant S presents a round-trip airline ticket for the user a from shanghai-okinawa, the departure date is 11 months and 11 days, the return date is 11 months and 15 days, and the business server of the merchant S inputs the ticket number into an input interface provided by the intermediate server to trigger the verification process.
704. The business server of merchant S denies the user' S request in the intermediate server and then proceeds to step 705.
705. The intermediate server returns the data to the user, and the process ends.
706. The intermediate server calls the verification interface of the data server of the airline company G according to the ticket number of the airline ticket and the name of the user A input by the business server of the merchant S in the 703, and inputs the ticket number and the name of the user A into the verification interface.
The intermediate server can judge that the type is the airline ticket according to the ticket number provided by the business server of the merchant S, so that the verification interface of the data server of the airline G is determined to be called for verification.
707. The intermediate server receives the verification result returned by the data server of the airline company G, if the verification result is that the verification is passed, step 708 is executed, and if the verification result is that the verification is not passed, step 703 may be executed, that is, the business server of the merchant S is allowed to re-input the ticket number of the airline ticket. If the verification result is that the verification is not possible, step 709 may also be executed, that is, the verification is performed again in a specified manner. In this embodiment, the designation method is exemplified by a manual verification method.
Or, for another example, the business server of the merchant S inputs the ticket number 777-12345678, the identity number of the passenger is 11010119xxxxxxxxxx, the gender of the passenger is male, the business server calls the authentication interface of the data server of the airline G, and inputs the voucher and the user information of the user, wherein the voucher comprises the ticket number 777-12345678, the user information comprises the identity number of the passenger is 11010119 xxxxxxxxxxxx, the gender of the passenger is male, and the data server of the airline G finds the ticket number of the airline ticket related to the user according to the user information. And then judging whether the inquired ticket number of the airplane ticket related to the user is consistent with the ticket number of the airplane ticket input by the intermediate server, if so, judging that the verification result is that the verification is passed, and if not, judging that the verification result is that the verification is not passed.
708. The intermediate server transfers the data provided by the user to the business server of the merchant S, and pushes a notification message to the client of the user, wherein the notification message may include the credential information of the merchant S for providing the airline ticket to the user. Thus, the business server of the merchant S receives the data, the user receives the notification message, and the user can use the airline ticket at the designated time, and the process is ended.
For example, if the data server of the airline G verifies the ticket number 777-12345678, and finds that the ticket number is verified, the intermediate server sends a short message "the airline ticket purchased by you has been taken out, the ticket number is 777-12345678" to the mobile phone used by the user according to the verification result, and since the airline ticket is true and valid, the user can check the corresponding airline ticket information on the airline official website according to the ticket number.
709. The intermediate server adds the ticket number of the airline ticket to the verification relationship table, and sets the status to verify failure. In this embodiment, when the ticket number cannot be verified as a result of the verification, the intermediate server also regards the ticket number as not being verified, and performs processing according to the verification failure.
710. And after seeing the ticket number in the verification relation table, the operation and maintenance personnel of the intermediate server receives the ticket drawing voucher screenshot of the airplane ticket uploaded by the business server of the merchant S.
711. And the operation and maintenance personnel perform manual verification according to the screenshot of the ticket drawing voucher. If the verification result is that the verification is passed, modifying the state of the ticket number of the airline ticket in the verification relation table to be that the verification is passed, and then executing step 708; if the verification result is that the verification is not passed, step 710 is executed, and the business server of the merchant S may provide the ticket issuing certificate of the airline ticket again, otherwise, the business server of the merchant S may not receive the data.
For example, the business server of the merchant S uploads the ticket number 777-12345678 of the airline ticket, the airline company G cannot verify whether the ticket number exists, at this time, a verification result that cannot be verified is returned to the intermediate server, the intermediate server adds the ticket number to the verification relation table, the operation and maintenance staff manually verifies whether the ticket number exists, and then feeds back the manual verification result to the intermediate server.
For another example, the operation and maintenance staff thinks that the ticket number 777-12345678 provided by the merchant S has a problem and thinks that the ticket number cannot pass the verification, and after receiving the verification result, the intermediate server notifies the business server of the merchant S to allow the business server of the merchant S to upload the voucher screenshot of the ticket number or update the ticket number.
In the prior art, after determining that a user purchases an airline ticket or orders a hotel, a business server of a merchant sends a credential to the user, and for an intermediate server, the credential represents that the merchant can guarantee the user to go out of a trip, and at this time, the intermediate server transfers data of the user to the business server of the merchant. However, this processing method has many problems in practical application because the business server transfers the user data to the business server of the merchant as long as the business server receives the certificate. Then after the business server of the merchant receives the data, the business server finds that the user can not be arranged to go out for a trip, and then the user applies for data return, but for the user, the received notification short message is considered to prompt that the user can go out for a trip on time, but the data return is needed if the user can not go out for a trip, and the user can not accept the data return. Finally, the operator of the intermediate server often makes a solution, which brings great cost and processing burden to the operation and maintenance of the intermediate server, and the verification mode cannot meet the requirements of users and merchants. In addition, the merchant can receive the data through the voucher, but the merchant does not really help the user to purchase the airline ticket, so that the security risk of escaping after the business server of the merchant receives a large amount of data exists.
By utilizing the technical scheme provided by the embodiment of the scheme, after the intermediate server receives the ticket number of the airplane ticket provided by the business server of the merchant, the data server is introduced to verify the ticket number of the airplane ticket, the authenticity of the ticket number of the airplane ticket is verified, the verification result is obtained, and the reliable verification result can be obtained by introducing the verification of the data server, so that the problems that the verification mode is single in the prior art, and the business server forges a certificate or notifies a short message and cannot be identified are solved. Furthermore, if the verification result given by the data server is that the verification is passed, which indicates that the merchant has purchased the airline ticket for the user, the user can be ensured to go out for a trip, and at this time, the intermediate server transfers the data of the user to the business server of the merchant, so that the requirements of both the user and the merchant can be met. The problem that the user cannot be arranged to go out after the merchant receives the data is avoided, the operation and maintenance cost and the processing burden of the intermediate server are reduced to a certain extent, and the user experience is improved. Further, the merchant may also receive data in time after providing the user with an airline ticket. On the contrary, if the verification result given by the data server is that the verification fails, it indicates that the merchant does not purchase the airline ticket for the user, or whether the merchant purchases the airline ticket for the user cannot be verified, at this time, the intermediate server considers that the merchant cannot guarantee the travel of the user at present, and therefore the data of the user cannot be transferred to the business server of the merchant, and the data cannot be transferred to the business server of the merchant until the verification passes. Therefore, the safety risk that the business server of the merchant does not really help the user to buy the airplane ticket and then run away after receiving the data can be reduced.
While the first method (authentication by the data server) is described above, the second method (authentication by the intermediate server) will be described below, and the explanation thereof can be referred to the above directly if the same parameter or step implementation as the first method is involved. Which will not be described in detail hereinafter.
And the related description of the second method. The overall interactive flow of the provided information processing method is shown in fig. 8, and includes:
801. and after receiving the service request of the user, the service server sends an authentication request to the intermediate server, wherein the authentication request carries a certificate related to the service.
802. The intermediate server obtains service data related to the user information of the user from a data server corresponding to the service.
803. And the intermediate server verifies the certificate based on the service data related to the user information to obtain a verification result.
Based on the foregoing general flow, an embodiment of the present disclosure further provides a method flow for a server side, please refer to fig. 9, which is another schematic flow diagram of the server side in the information processing method provided in the embodiment of the present disclosure, as shown in fig. 9, the method may include:
901. after receiving a service request of a user, the service server receives an authentication request from the service server, wherein the authentication request carries a certificate related to the service.
902. And obtaining service data related to the user information of the user from a data server corresponding to the service.
903. And verifying the certificate based on the service data related to the user information to obtain a verification result.
For the implementation of step 902, the embodiment of the present invention provides a feasible implementation manner, including: the intermediate server determines the service type of the service according to the certificate; the intermediate server determines a data server corresponding to the service according to the service type; the intermediate server calls a query interface of the data server and inputs target information selected from user information of a user to the query interface; and finally, the intermediate server receives the business data which is returned by the data server in response to the call of the intermediate server and is related to the target information according to the target information.
The service data related to the target information is generated and stored by the data server when the service server acquires the service from the data server according to the service request of the user. Since the service data related to the target information is originated from the data server, in the embodiment of the present disclosure, the service data related to the target information belongs to the real information. And the data server returns the service data related to the target information to the intermediate server through the query interface, and the intermediate server locally stores the service data related to the target information.
It will be appreciated that one data server may have one or more query interfaces, each query interface corresponding to a service type. A plurality of data servers belonging to the same category may use a common query interface, or a plurality of data servers belonging to the same category may also use respective query interfaces, which is not particularly limited in this embodiment of the present invention.
For example, a certain vacation limited company can provide both entrance tickets and hotels, so that the data server of the vacation limited company can have two query interfaces, one query interface corresponds to an entrance ticket, and the other query interface corresponds to a hotel. If the intermediate server needs to verify the entrance ticket, the inquiry interface corresponding to the entrance ticket placed by the data server of the vacation limited company needs to be called to obtain the entrance ticket data related to the target information, and if the intermediate server needs to verify the hotel, the inquiry interface corresponding to the hotel placed by the data server of the vacation limited company needs to be called to obtain the hotel data related to the target information.
Alternatively, for another example, if all airlines use a common service server, the common service server provides a query interface, and when the intermediate server determines that the service type is airline tickets, the query interface of the common service server is directly called to obtain airline ticket data related to the target information.
It should be noted that, for the query interface of the data server in the embodiment of the present disclosure, if there is a related interface of the data server with a relatively standard in the industry, and the related interface can be called by the intermediate server to implement the query, such an interface may be directly used, for example, if there is a related interface in the current airline company, when querying an airline ticket, the intermediate server may be directly called. If the industry does not have the relevant interfaces of the standard data server, the operator of the intermediate server can coordinate with the data server to develop the query interface for the data server.
In a specific implementation scheme, the communication between the intermediate server and the data server can be realized through the internet, and based on the communication, the intermediate server can call the query interface of the data server through a network request. For example, the network request may be an RPC request.
For example, the intermediate server may send an HTTP request to the query interface of the data server, where the HTTP request carries the target information.
Taking an airline ticket under a travel scene as an example, a query interface of a data server of an airline company may be public air ticket infodo getairticket info (air ticket verifydo), and the query interface may be obtained by encapsulating http:// age. Similarly, the invocation of the query interface of the hotel's data server may also be implemented using RPC requests (e.g., HTTP requests).
It should be noted that, in the embodiment of the present disclosure, the server is involved in invoking the relevant interface of the data server to complete the corresponding operation. The inquiry interface and the verification interface belonging to a data server can be realized by one interface. Alternatively, the present invention may be implemented by two interfaces, and this is not particularly limited in this embodiment of the present invention. In addition, the related interfaces related in the embodiment of the present disclosure may integrate other functions in addition to the functions mentioned in the embodiment of the present disclosure, and further description is omitted here because the relevance between the other functions and the present disclosure is low.
For the implementation of step 903, this embodiment of the present invention provides a possible implementation manner, as shown in fig. 10, including:
1001. and the intermediate server compares each parameter in the certificate with the corresponding parameter in the service data respectively to obtain a comparison result of each parameter in the certificate.
1002. And the intermediate server obtains a verification result according to the comparison result of each parameter in the certificate.
Specifically, the intermediate server compares each parameter in the certificate with a corresponding parameter in the locally stored service data related to the target information respectively to obtain a comparison result of each parameter in the certificate; and then obtaining the verification result according to the comparison result of each parameter. If all the parameters in the certificate are consistent with the corresponding parameters in the service data, the intermediate server obtains a verification result that the verification is passed; or, if at least one parameter in the certificate is inconsistent with the corresponding parameter in the service data, the intermediate server obtains a verification result that the verification fails. The service data related to the target information may be generated by the data server according to the actual situation of the provided service, and therefore, in the embodiment of the present disclosure, the service data related to the target information is derived from the data server of the service, and has higher authenticity.
After step 903, this embodiment may further include an optional implementation, including: if the verification result is that the verification is passed, the intermediate server can also provide a notification message that the verification is passed to the user. For example, the intermediate server pushes a notification message that the verification is passed to the client, or may also send a notification short message that the verification is passed to the mobile terminal where the client is located.
In addition, in this embodiment, the intermediate server may also obtain the verification result as being unverifiable, and the intermediate server may regard the verification result as unverifiable, and execute the processing flow when unverifiable is unverifiable.
When the verification result is that the verification fails, the intermediate server needs to acquire the other certificates of the service from the service server; and then, re-verifying other certificates according to the specified verification mode to obtain a verification result.
In this embodiment, according to the designated verification mode, the method for re-verifying the other credentials may include, but is not limited to, the following:
the first is that the intermediate server calls the verification interface of the data server by using other certificates of the service acquired from the service server, so that the data server performs re-verification to obtain a verification result.
The second is that the intermediate server uses the certificate of the service and the other certificates obtained from the service server to call the verification interface of the data server, so that the data server performs re-verification by combining the certificate and the other certificates to obtain the verification result.
And thirdly, the intermediate server performs re-authentication by the intermediate server by using other certificates acquired from the business server to obtain an authentication result.
And fourthly, the intermediate server performs re-authentication by the intermediate server by using the certificate acquired from the service server and the other certificates to obtain an authentication result.
And the fifth is that the intermediate server obtains the manual verification result obtained according to other certificates or the certificates and the other certificates. The implementation scheme of the intermediate server for obtaining the manual verification result may refer to the related description in the first method, and is not described herein again.
In the prior art, in order to avoid that the service server cannot receive the data of the user for a long time, the intermediate server provides the data of the user to the service server after the service server sends a notification short message or a certificate to the user. However, because the notification short message or the certificate provided by the service server cannot prove whether the service server really provides the user to use the service normally according to the requirement, if the service server forges the electronic certificate for early data reception, and when the service server cannot fulfill the responsibility of providing the service when the user needs to use the service, the service server returns the data to the user, the user considers the service as available, does not agree with the data return, both parties are not rigid, at present, only the operator of the intermediate server can take the solution, the user is lost, the normal operation and maintenance of the intermediate server are affected, and the verification mode cannot meet the requirements of the user and the service server. In the embodiment of the scheme, the data server is introduced, the business data related to the target information is obtained from the data server, then the intermediate server carries out verification based on the business data, and a verification result is obtained, the service provider to which the data server belongs is a main body which actually and directly provides the business-related service for the user, and the data server stores or generates the real data of the business. Furthermore, once the verification result is that the verification is passed, the intermediate server transfers the data belonging to the intermediate server to the service server, so that the user can use the service indeed, and the data can be transferred to the service server in time, thereby avoiding the condition that the service server can not obtain the data in time, and meeting the requirements of both the user and the service server. When the authentication fails, the intermediate server does not transfer the data, so that the problem of user loss caused by counterfeiting of a certificate by the service server to obtain the data earlier can be avoided, and the security risk is reduced. The problem of poor user experience caused by the fact that the service server cannot provide services for the user when the user needs to use the services can be solved, the operation and maintenance burden of the intermediate server is reduced, and the reliability of data transfer control is improved.
Based on the foregoing interactive method flow, an embodiment of the present invention further provides a specific implementation manner of the interactive method flow, please refer to fig. 11, which is another schematic diagram of the overall interactive flow in the information verification method provided in the embodiment of the present invention, as shown in fig. 11, the method may include:
1101. and after receiving the service request of the user, the service server sends an authentication request to the intermediate server, wherein the authentication request carries a certificate.
1102. And the intermediate server determines the service type according to the certificate.
1103. And the intermediate server determines and verifies the data server corresponding to the service according to the service type.
1104. The intermediate server calls a query interface of the data server and inputs target information selected from the user information of the user to the query interface.
Specifically, if the service type is an airline ticket, an inquiry interface of a data server of an airline company is called, if the service type is a hotel, an inquiry interface of a data server of the hotel is called, and if the service type is a scenic spot ticket, an inquiry interface of a data server of a scenic spot is called.
1105. And the intermediate server receives the business data which is returned by the data server and is related to the target information through the query interface and stores the business data.
1106. And the intermediate server verifies the certificate provided by the service server according to the service data to obtain a verification result, and executes a corresponding processing flow according to the verification result. If the verification passes, execute 1107; if the verification does not pass, execution 1108.
1107. The intermediate server transfers the data belonging to the intermediate server to the service server and provides a notification message that the authentication is passed to the user. Wherein, the data belonging to the intermediate server may be pre-transferred to the intermediate server by the user using the service.
1108. The intermediate server adds the credential to the verification relationship table and sets the state of the credential to verify failure.
1109. The operation and maintenance personnel of the intermediate server can log in the intermediate server and check the information in the verification relation table.
1110. The operation and maintenance personnel can obtain other certificates of the business from the business server through the intermediate server, such as screenshot of the certificate.
1111. And performing manual verification according to the screenshot of the certificate, if the result of the manual verification is verification passing, executing step 1107, modifying the verification relation table, and setting the state of the certificate as verification passing, or deleting the certificate in the verification relation table to indicate that the certificate passes. On the contrary, if the result of the manual verification is that the verification fails, step 1110 is executed, that is, it is necessary to continue to obtain other credentials of the service from the service server, and continue the verification process until the verification passes, step 1107 cannot be executed.
Based on the above general flow, the embodiment of the present invention further provides a specific implementation manner for the general flow, and in this embodiment, the example is given by taking a service server of the user a and the business merchant S, the service is an airline ticket, and the data server belongs to the airline company G.
Please refer to fig. 12, which is another schematic flow chart of an information verification method according to an embodiment of the present invention, as shown in fig. 12, the method may include:
1201. the business server of the merchant S receives a request of the user A for purchasing the airline ticket through the intermediate server.
1202. The business server of the merchant S judges whether the self airline ticket can provide the required airline ticket for the user A, if so, step 1203 is executed, and if not, step 1204 is executed.
For example, the user a purchases a travel airline ticket between shanghai-okinawa and 5 days and 4 nights from the merchant S, the departure time of the user a is 11 months and 11 days, and the business server of the merchant S finds that all airline tickets in the airline ticket resource on the day are sold, so that the airline tickets cannot be normally provided to the user a, that is, the required airline tickets cannot be provided to the user, and step 704 is executed. If the business server of the merchant S finds that the airline tickets in the airline ticket resources are not sold completely, the airline tickets can be provided to the user a normally, that is, the required airline tickets can be provided to the user, and step 1203 is executed.
1203. If the business server of the merchant S can provide the required airline ticket to the user and the business server of the merchant S has purchased the required airline ticket for the user a, the business server of the merchant S provides the ticket number of the airline ticket and the name of the user a to the intermediate server, and then step 1206 is performed.
For example, the business server of the merchant S presents a round-trip airline ticket for the user a from shanghai-okinawa, the departure date is 11 months and 11 days, the return date is 11 months and 15 days, and the business server of the merchant S inputs the ticket number and the name XX of the user a into an input interface provided by the intermediate server to trigger the verification process.
1204. The business server of merchant S denies the user' S request in the intermediate server and then proceeds to step 1205.
1205. The intermediate server returns the data to the user, and the process ends.
1206. The intermediate server inputs the name of the user A according to the business server of the merchant S at 1203, calls a query interface of a data server of the airline company G, inputs the name of the user A into the query interface, and then obtains airline ticket data of the user A returned by the query interface of the data server of the airline company G in response to the call.
1207. The intermediate server receives the airline ticket data of the user a returned by the data server of the airline G.
1208. The intermediate server compares the airline ticket data of the user A with the ticket number provided by the service server. If the two are consistent, the verification result is that the verification is passed, step 1209 is executed, and if the comparison result is not consistent, the verification result is that the verification is not passed, step 1203 is executed, that is, the business server of the merchant S is allowed to re-input the name or the ticket number of the user a of the airline ticket. If the verification result is that verification is not possible, step 1210 may be performed, i.e., verification is performed again in a specified manner. In this embodiment, the specifying manner may be a manual verification manner.
For example, the ticket number input to the intermediate server by the business server of the merchant S is 777-12345678, the name of the user a is king XX, the intermediate server calls the query interface of the data server of the airline company G and inputs king XX, the data server of the airline company G queries the ticket number to obtain the airplane ticket data of the king XX and returns the airplane ticket data to the intermediate server, the intermediate server finds that the ticket number of the airplane ticket in the airplane ticket data of the king XX returned by the airline company G is inconsistent with the ticket number 777-12345678 provided by the business server, the intermediate server determines that the verification fails, step 1203 is executed, and if the ticket number cannot be verified, step 1210 is executed.
1209. The intermediate server transfers the data provided by the user to a business server of the merchant S, and pushes a notification message to the client of the user, wherein the notification message may contain the credential information of the merchant S providing the airline ticket to the user. Thus, the business server of the merchant S receives the data, the user receives the notification message, and the user can use the airline ticket at the designated time, and the process is ended.
1210. The intermediate server adds the ticket number of the airline ticket to the verification relationship table, and sets the status to verify failure. In this embodiment, when the ticket number cannot be verified as a result of the verification, the intermediate server also regards the ticket number as not being verified, and performs processing according to the verification failure.
1211. And after seeing the ticket number in the verification relation table, the operation and maintenance personnel of the intermediate server receives the ticket drawing voucher screenshot of the airplane ticket uploaded by the business server of the merchant S.
1212. And the operation and maintenance personnel perform manual verification according to the screenshot of the ticket drawing voucher. If the verification result is that the verification is passed, modifying the state of the ticket number of the airline ticket in the verification relation table to be that the verification is passed, and then executing step 1209; if the manual verification result is that the verification is not passed, step 1211 is executed, and the business server of the merchant S may provide the ticket issuing certificate of the airline ticket again, otherwise, the business server of the merchant S cannot receive the data.
In the prior art, after determining that a user purchases an airline ticket or orders a hotel, a business server of a merchant sends a credential to the user, and for an intermediate server, the credential is considered to represent that the merchant can guarantee the user to go out of a trip, and at the moment, the intermediate server transfers the data of the user to the business server of the merchant as long as the intermediate server receives the credential. However, the processing method has many problems in practical application because the business server does not judge whether the merchant really purchases the airline ticket according to the voucher, and when the hotel is determined, the intermediate server transfers the data of the user to the business server of the merchant. Then after the business server of the merchant receives the data, the business server finds that the user can not be arranged to go out for a trip, and then the user applies for data return, but for the user, the received notification short message is considered to prompt that the user can go out for a trip on time, but the user can not receive the data return if the user can not go out for a trip. Finally, the operator of the intermediate server often makes a solution, which brings great cost and processing burden to the operation and maintenance of the intermediate server, and the verification mode cannot meet the requirements of users and merchants. In addition, the merchant can receive the data through the voucher, but the merchant does not really help the user to purchase the airline ticket, so that the security risk of escaping after the business server of the merchant receives a large amount of data exists.
By utilizing the technical scheme provided by the embodiment of the scheme, after the intermediate server receives the ticket number of the airplane ticket provided by the business server of the merchant, the data server is introduced to provide the business data related to the target information to verify the ticket number of the airplane ticket, the authenticity of the airplane ticket is verified, and the verification result is obtained. Furthermore, if the verification is passed, it is indicated that the merchant has purchased the airline ticket for the user, and the user can be ensured to go out of the game, at this time, the intermediate server transfers the data of the user to the business server of the merchant, and the requirements of both the user and the merchant can be met. The problem that the user cannot be arranged to go out after the merchant receives the data is avoided, the operation and maintenance cost and the processing burden of the intermediate server are reduced to a certain extent, and the user experience is improved. Further, the merchant may also receive data in time after providing the user with an airline ticket. On the contrary, if the intermediate server determines that the verification result is that the verification fails according to the service data related to the target information, which is provided by the data server, indicating that the merchant does not purchase an airline ticket for the user, or cannot verify whether the merchant purchases the airline ticket for the user, at this time, the intermediate server considers that the merchant cannot guarantee the travel of the user at present, and therefore the data is not transferred to the service server of the merchant until the verification passes. Therefore, the security risk that the merchant does not really go to the user to buy the airline ticket after receiving the data and then run away can be reduced.
The embodiment of the scheme further provides an embodiment of a device for realizing the steps and the method in the embodiment of the method.
An embodiment of the present invention provides an information verification system, as shown in fig. 13, the system includes: a service server 10, an intermediate server 11 and a data server 12; wherein,
the service server 10 is configured to send an authentication request to the intermediate server 11 after receiving a service request of a user, where the authentication request carries a credential related to a service;
an intermediate server 11 for selecting a target parameter from the voucher and selecting target information from user information of the user;
the intermediate server 11 is also used for sending target parameters and target information to a data server for verifying the certificate;
and the data server 12 is used for verifying the target parameters based on the service data related to the target information to obtain a verification result, and returning indication information to the intermediate server based on the verification result.
In a specific implementation, the intermediate server 11 is specifically configured to:
determining the service type of the service according to the certificate;
determining a data server for verifying the certificate according to the service type;
and calling a verification interface of the data server, and inputting the target parameters and the target information to the verification interface.
In a specific implementation, the intermediate server 11 is specifically configured to:
and sending a remote procedure call protocol (RPC) request to a verification interface of the data server, wherein the RPC request carries the target parameters and the target information.
In a specific implementation, the data server 12 is specifically configured to:
comparing each parameter in the target parameters with the corresponding parameter in the service data respectively to obtain a comparison result of each parameter;
and obtaining the verification result according to the comparison result of each parameter.
In a specific implementation, the data server 12 is specifically configured to:
if the parameters are consistent with the corresponding parameters in the service data, obtaining a verification result that the verification is passed; or,
and if at least one parameter is inconsistent with the corresponding parameter in the service data, obtaining a verification result that the verification fails.
In a specific implementation, if the indication information indicates that the data is verified, or if the indication information indicates that the data is verified or indicates that the data is transferred, the intermediate server 11 is further configured to: and transferring the data belonging to the intermediate server to the service server.
In a specific implementation, if the indication information indicates that the verification fails, or if the indication information indicates that the verification fails or indicates that the data cannot be transferred, the intermediate server 11 is further configured to: obtaining other certificates related to the business from the business server except the certificates; and verifying the other certificates according to a specified verification mode to obtain a verification result.
In a specific implementation scheme, when the system is applied to a travel scene, the service types of the service include: at least one of a traffic type and an accommodation type.
In a particular implementation, the credentials include: at least one of identification information of the service and detailed information of the service.
The embodiment of the scheme also provides a server, which is the intermediate server. As shown in fig. 14, includes:
a first receiving unit 110, configured to receive, after a service server receives a service request of a user, an authentication request from the service server, where the authentication request carries a credential related to the service;
a processing unit 111, configured to select a target parameter from the credential and select target information from user information of the user;
a sending unit 112, configured to send the target parameter and the target information to a data server for verifying the credential;
a second receiving unit 113, configured to receive a verification result obtained by verifying the target parameter based on the service data related to the target information, or indication information based on the verification result, where the verification result is returned by the data server.
An embodiment of the present invention further provides an information verification system, as shown in fig. 13, wherein,
the service server 10 is configured to send an authentication request to an intermediate server after receiving a service request of a user, where the authentication request carries a credential related to the service;
the intermediate server 11 is configured to obtain service data related to user information of a user from the data server 12 corresponding to the service;
the intermediate server 11 is further configured to verify the credential based on the service data related to the user information, so as to obtain a verification result.
In a specific implementation scheme, the intermediate server 11 is specifically configured to:
determining the service type of the service according to the certificate;
determining a data server corresponding to the service according to the service type;
calling a query interface of the data server, and inputting target information selected from the user information of the user to the query interface;
and receiving the business data which is returned by the data server in response to the calling of the intermediate server and is related to the target information according to the target information.
In a specific implementation scheme, the intermediate server 11 is specifically configured to:
and sending a remote procedure call protocol (RPC) request to a query interface of the data server, wherein the RPC request carries target information.
In a specific implementation scheme, the intermediate server 11 is specifically configured to:
comparing each parameter in the certificate with the corresponding parameter in the business data respectively to obtain a comparison result of each parameter in the certificate;
and obtaining the verification result according to the comparison result of each parameter in the certificate.
In a specific implementation scheme, the intermediate server 11 is specifically configured to:
if all the parameters in the certificate are consistent with the corresponding parameters in the service data, obtaining a verification result which passes the verification; or,
and if at least one parameter in the certificate is inconsistent with the corresponding parameter in the service data, obtaining a verification result that the verification fails.
In a specific implementation scheme, if the verification result is that the verification is passed, the intermediate server 11 is further configured to transfer the data belonging to the intermediate server to the service server.
In a specific implementation scheme, if the verification result is that the verification fails, the intermediate server 11 is further configured to obtain, from the service server, credentials related to the service, except for the credentials; and verifying the other certificates according to a specified verification mode to obtain a verification result.
In a specific implementation scheme, when the method is applied to a travel scene, the service types of the service include: at least one of a traffic type and an accommodation type.
In a particular implementation, the credentials include: at least one of identification information of the service and detailed information of the service.
An embodiment of the present invention further provides a server, which is the above-mentioned intermediate server, as shown in fig. 15, and includes:
a receiving unit 221, configured to receive, after a service server receives a service request of a user, an authentication request from the service server, where the authentication request carries a credential related to the service;
an obtaining unit 222, configured to obtain service data related to user information of a user from a data server corresponding to the service;
the verifying unit 223 is configured to verify the credential based on the service data related to the user information, so as to obtain a verification result.
The present embodiment further provides a server, please refer to fig. 16, which is a simplified block diagram of the server 100. The server 100 may include a processor 101 coupled to one or more data storage facilities, which may include storage media 102 and memory units 103. The server 100 may also include an input interface 104, an output interface 105 for communicating with another device or system. Program codes executed by the CPU of the processor 101 may be stored in the storage medium 102 or the memory unit 103.
The processor 101 in the server 100 calls the program code stored in the storage medium 102 or the memory unit 103 to execute the following steps:
after receiving a service request of a user, a service server receives an authentication request from the service server through the input interface 104, wherein the authentication request carries a certificate related to the service; selecting target parameters from the credentials and target information from the user information of the user; sending the target parameters and the target information to a data server for verifying the credentials through an output interface 105; receiving, through the input interface 104, a verification result obtained by verifying the target parameter based on the service data related to the target information, or indication information based on the verification result, returned by the data server.
Alternatively, the processor 101 in the server 100 calls the program code stored in the storage medium 102 or the memory unit 103 to execute the following steps:
after receiving a service request of a user, a service server receives an authentication request from the service server through an input interface 104, wherein the authentication request carries a certificate related to the service; obtaining service data related to user information of the user from a data server corresponding to the service; and verifying the certificate based on the service data related to the user information to obtain a verification result.
In the above embodiments, the storage medium may be a Read-Only Memory (ROM), or may be a Read-write medium, such as a hard disk or a flash Memory. The Memory unit may be a Random Access Memory (RAM). The memory unit may be physically integrated with the processor or integrated in the memory or implemented as a separate unit.
The processor is a control center of the above-mentioned device (the above-mentioned device is the above-mentioned server or the above-mentioned client), and provides a processing device for executing instructions, performing interrupt operation, providing a timing function and various other functions. Optionally, the processor includes one or more Central Processing Units (CPUs), such as CPU 0 and CPU 1 shown in fig. 16. The apparatus may include one or more processors. The processor may be a single core (single CPU) processor or a multi-core (multi-CPU) processor. Unless otherwise stated, a component such as a processor or a memory described as performing a task may be implemented as a general component, which is temporarily used to perform the task at a given time, or as a specific component specially manufactured to perform the task. The term "processor" as used herein refers to one or more devices, circuits and/or processing cores that process data, such as computer program instructions.
The program code executed by the CPU of the processor may be stored in a memory unit or a storage medium. Alternatively, the program code stored in the storage medium may be copied into the memory unit for execution by the CPU of the processor. The processor may execute at least one kernel (e.g., LINUX)TM、UNIXTM、WINDOWSTM、ANDROIDTM、IOSTM) It is well known for such cores to control the operation of such devices by controlling the execution of other programs or processes, controlling communication with peripheral devices, and controlling the use of computer device resources.
The above elements in the above devices may be connected to each other by a bus, such as one of a data bus, an address bus, a control bus, an expansion bus, and a local bus, or any combination thereof.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.

Claims (45)

1. An information verification method is applied to a system comprising a business server, an intermediate server and a data server, and comprises the following steps:
after receiving a service request of a user, the service server sends an authentication request to the intermediate server, wherein the authentication request carries a certificate related to the service;
the intermediate server selects target parameters from the certificate and selects target information from the user information of the user;
the intermediate server sends the target parameters and the target information to a data server for verifying the credentials;
and the data server verifies the target parameters based on the service data related to the target information to obtain a verification result, and returns indication information to the intermediate server based on the verification result.
2. The method of claim 1, wherein the intermediate server sends the target parameters and the target information to a data server for verifying the credentials, comprising:
the intermediate server determines the service type of the service according to the certificate;
the intermediate server determines a data server for verifying the certificate according to the service type;
and the intermediate server calls a verification interface of the data server and inputs the target parameters and the target information to the verification interface.
3. The method of claim 2, wherein the intermediate server calls a verification interface of the data server, and the target parameters and the target information are input to the verification interface, and the method comprises:
and the intermediate server sends a remote procedure call protocol (RPC) request to a verification interface of the data server, wherein the RPC request carries the target parameters and the target information.
4. The method of claim 1, wherein the data server verifies the target parameter based on the service data related to the target information, and obtains a verification result, comprising:
the data server compares each parameter in the target parameters with the corresponding parameter in the business data respectively to obtain the comparison result of each parameter in the certificate;
and the data server obtains the verification result according to the comparison result of each parameter.
5. The method according to claim 4, wherein the obtaining, by the data server, the verification result according to the comparison result of each parameter comprises:
if the parameters are consistent with the corresponding parameters in the service data, the data server obtains a verification result that the verification is passed; or,
and if at least one parameter is inconsistent with the corresponding parameter in the service data, the data server obtains a verification result that the verification fails.
6. The method according to any one of claims 1 to 5,
the indication information comprises the verification result; or,
the verification result is verification passing, and the indication information is used for indicating verification passing or data transfer; or,
the verification result is verification failure, and the indication information is used for indicating that the verification fails or indicating that the data cannot be transferred.
7. The method of any one of claims 1 to 6, further comprising:
if the indication information indicates that the verification is passed, or if the indication information indicates that the verification is passed or indicates that the data is transferred, the intermediate server transfers the data belonging to the intermediate server to the service server.
8. The method of any of claims 1 to 4, further comprising:
if the indication information indicates that the verification fails, or if the indication information indicates that the verification fails or indicates that the data cannot be transferred, the intermediate server acquires other certificates related to the service from the service server except the certificate;
and the intermediate server verifies the other certificates according to a specified verification mode to obtain a verification result.
9. The method of any one of claims 1 to 7, further comprising:
and if the indication information indicates that the verification result is that the verification is passed, or if the indication information indicates that the data is transferred, the intermediate server provides a notification message that the verification is passed to the user.
10. The method according to any one of claims 1 to 3,
the user information of the user is obtained by the intermediate server according to the certificate; or,
and the user information of the user is carried in the verification request.
11. The method according to any one of claims 1 to 10, wherein when the method is applied to a travel scenario, the service types of the service include: at least one of a traffic type and an accommodation type.
12. The method according to any one of claims 1 to 11, wherein the credentials comprise: at least one of identification information of the service and detailed information of the service.
13. An information verification method, implemented on an intermediate server, comprising:
after a service server receives a service request of a user, receiving an authentication request from the service server, wherein the authentication request carries a certificate related to the service;
selecting target parameters from the credentials and target information from the user information of the user;
sending the target parameters and the target information to a data server for verifying the credentials;
and receiving a verification result obtained by verifying the target parameter based on the service data related to the target information or indication information based on the verification result, which is returned by the data server.
14. An information verification method, comprising:
after receiving a service request of a user, a service server sends an authentication request to an intermediate server, wherein the authentication request carries a certificate related to the service;
the intermediate server obtains service data related to user information of the user from a data server corresponding to the service;
and the intermediate server verifies the certificate based on the service data related to the user information to obtain a verification result.
15. The method of claim 14, wherein the obtaining, by the intermediate server, service data related to the user information from a data server corresponding to the service comprises:
the intermediate server determines the service type of the service according to the certificate;
the intermediate server determines a data server corresponding to the service according to the service type;
the intermediate server calls a query interface of the data server and inputs target information selected from the user information of the user to the query interface;
and the intermediate server receives the business data which is returned by the data server in response to the call of the intermediate server and is related to the target information according to the target information.
16. The method of claim 15, wherein the intermediate server invokes a query interface of the data server to which target information selected from the user information of the user is input, comprising:
and the intermediate server sends a remote procedure call protocol (RPC) request to a query interface of the data server, wherein the RPC request carries the target information.
17. The method of claim 16, wherein the intermediary server verifies the credential based on the service data associated with the user information, and obtains a verification result, comprising:
the intermediate server compares each parameter in the certificate with the corresponding parameter in the business data respectively to obtain the comparison result of each parameter in the certificate;
and the intermediate server obtains the verification result according to the comparison result of each parameter in the certificate.
18. The method of claim 17, wherein obtaining the verification result by the intermediate server according to the comparison result of each parameter in the certificate comprises:
if all the parameters in the certificate are consistent with the corresponding parameters in the service data, the intermediate server obtains a verification result that the verification is passed; or,
and if at least one parameter in the certificate is inconsistent with the corresponding parameter in the service data, the intermediate server obtains a verification result that the verification fails.
19. The method of any one of claims 14 to 18, further comprising:
and if the verification result is that the verification is passed, the intermediate server transfers the data belonging to the intermediate server to the service server.
20. The method of any one of claims 14 to 18, further comprising:
if the verification result is that the verification fails, the intermediate server acquires other certificates related to the service from the service server except the certificate;
and the intermediate server verifies the other certificates according to a specified verification mode to obtain a verification result.
21. The method of any one of claims 14 to 20, further comprising:
and if the verification result is that the verification is passed, the intermediate server provides a notification message that the verification is passed to the user.
22. The method according to any one of claims 14 to 16,
the user information of the user is obtained by the intermediate server according to the certificate; or,
and the user information of the user is carried in the verification request.
23. The method according to any one of claims 14 to 22, wherein when the method is applied to a travel scenario, the service types of the service include: at least one of a traffic type and an accommodation type.
24. The method according to any one of claims 14 to 23, wherein the credentials comprise: at least one of identification information of the service and detailed information of the service.
25. An information verification method, implemented on an intermediate server, comprising:
after a service server receives a service request of a user, receiving an authentication request from the service server, wherein the authentication request carries a certificate related to the service;
obtaining service data related to the user information of the user from a data server corresponding to the service;
and verifying the certificate based on the service data related to the user information to obtain a verification result.
26. An information verification system, comprising: the system comprises a business server, an intermediate server and a data server; wherein,
the service server is used for sending an authentication request to the intermediate server after receiving a service request of a user, wherein the authentication request carries a certificate related to the service;
the intermediate server is used for selecting target parameters from the certificate and selecting target information from the user information of the user;
the intermediate server is further used for sending the target parameters and the target information to a data server for verifying the credentials;
and the data server is used for verifying the target parameters based on the service data related to the target information to obtain a verification result and returning indication information to the intermediate server based on the verification result.
27. The system of claim 26, wherein the intermediate server is specifically configured to:
determining the service type of the service according to the certificate;
determining a data server for verifying the certificate according to the service type;
and calling a verification interface of the data server, and inputting the target parameters and the target information to the verification interface.
28. The system of claim 27, wherein the intermediate server is specifically configured to:
and sending a remote procedure call protocol (RPC) request to a verification interface of the data server, wherein the RPC request carries the target parameters and the target information.
29. The system of claim 26, wherein the data server is specifically configured to:
comparing each parameter in the target parameters with the corresponding parameter in the service data respectively to obtain a comparison result of each parameter;
and obtaining the verification result according to the comparison result of each parameter.
30. The system of claim 29, wherein the data server is specifically configured to:
if the parameters are consistent with the corresponding parameters in the service data, obtaining a verification result that the verification is passed; or,
and if at least one parameter is inconsistent with the corresponding parameter in the service data, obtaining a verification result that the verification fails.
31. The system of any one of claims 26 to 29,
if the indication information indicates that the verification is passed, or if the indication information indicates that the verification is passed or indicates to transfer the data, the intermediate server is further configured to: and transferring the data belonging to the intermediate server to the service server.
32. The system of any one of claims 26 to 30,
if the indication information indicates that the verification fails, or if the indication information indicates that the verification fails or indicates that the data cannot be transferred, the intermediate server is further configured to: obtaining other certificates related to the business from the business server except the certificates; and verifying the other certificates according to a specified verification mode to obtain a verification result.
33. The system of any one of claims 26 to 32, wherein the service types of the service when the system is applied to a travel scenario include: at least one of a traffic type and an accommodation type.
34. The system according to any one of claims 26 to 33, wherein the credentials comprise: at least one of identification information of the service and detailed information of the service.
35. A server, comprising:
a first receiving unit, configured to receive, after a service server receives a service request of a user, an authentication request from the service server, where the authentication request carries a credential related to the service;
the processing unit is used for selecting target parameters from the voucher and selecting target information from the user information of the user;
a sending unit, configured to send the target parameter and the target information to a data server for verifying the credential;
a second receiving unit, configured to receive a verification result obtained by verifying the target parameter based on the service data related to the target information, or indication information based on the verification result, where the verification result is returned by the data server.
36. An information verification system, comprising:
the service server is used for sending an authentication request to the intermediate server after receiving a service request of a user, wherein the authentication request carries a certificate related to the service;
the intermediate server is used for obtaining service data related to the user information of the user from the data server corresponding to the service;
the intermediate server is further configured to verify the credential based on the service data related to the user information to obtain a verification result.
37. The system of claim 36, wherein the intermediate server is specifically configured to:
determining the service type of the service according to the certificate;
determining a data server corresponding to the service according to the service type;
calling a query interface of the data server, and inputting target information selected from the user information of the user to the query interface;
and receiving the business data which is returned by the data server in response to the calling of the intermediate server and is related to the target information according to the target information.
38. The system of claim 37, wherein the intermediate server is specifically configured to:
and sending a remote procedure call protocol (RPC) request to a query interface of the data server, wherein the RPC request carries the target information.
39. The system of claim 36, wherein the intermediate server is specifically configured to:
comparing each parameter in the certificate with the corresponding parameter in the business data respectively to obtain a comparison result of each parameter in the certificate;
and obtaining the verification result according to the comparison result of each parameter in the certificate.
40. The system of claim 39, wherein the intermediate server is specifically configured to:
if all the parameters in the certificate are consistent with the corresponding parameters in the service data, obtaining a verification result which passes the verification; or,
and if at least one parameter in the certificate is inconsistent with the corresponding parameter in the service data, obtaining a verification result that the verification fails.
41. The system of any one of claims 36 to 40,
and if the verification result is that the verification is passed, the intermediate server is also used for transferring the data belonging to the intermediate server to the service server.
42. The system of any one of claims 36 to 41,
if the verification result is that the verification fails, the intermediate server is also used for acquiring other certificates related to the business from the business server except the certificate; and verifying the other certificates according to a specified verification mode to obtain a verification result.
43. The system of any one of claims 36 to 42, wherein the service types of the service when the system is applied to a travel scenario include: at least one of a traffic type and an accommodation type.
44. The system according to any one of claims 36 to 43, wherein the credentials comprise: at least one of identification information of the service and detailed information of the service.
45. A server, comprising:
a receiving unit, configured to receive, after a service server receives a service request of a user, an authentication request from the service server, where the authentication request carries a credential related to the service;
an obtaining unit, configured to obtain service data related to the user information of the user from a data server corresponding to the service;
and the verification unit is used for verifying the certificate based on the service data related to the user information to obtain a verification result.
CN201610968841.0A 2016-10-27 2016-10-27 A kind of Information Authentication method and system and server Pending CN107993058A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610968841.0A CN107993058A (en) 2016-10-27 2016-10-27 A kind of Information Authentication method and system and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610968841.0A CN107993058A (en) 2016-10-27 2016-10-27 A kind of Information Authentication method and system and server

Publications (1)

Publication Number Publication Date
CN107993058A true CN107993058A (en) 2018-05-04

Family

ID=62029376

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610968841.0A Pending CN107993058A (en) 2016-10-27 2016-10-27 A kind of Information Authentication method and system and server

Country Status (1)

Country Link
CN (1) CN107993058A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108848061A (en) * 2018-05-22 2018-11-20 深圳壹账通智能科技有限公司 A kind of user information transmission method and terminal device
CN109034816A (en) * 2018-06-08 2018-12-18 平安科技(深圳)有限公司 User information verification method, device, computer equipment and storage medium
CN110971692A (en) * 2019-12-02 2020-04-07 广州酷狗计算机科技有限公司 Method and device for opening service and computer storage medium
CN112153092A (en) * 2019-06-28 2020-12-29 Oppo广东移动通信有限公司 Information pushing method and device, terminal, information pushing equipment and electronic equipment
CN114245234A (en) * 2021-12-21 2022-03-25 北京达佳互联信息技术有限公司 Virtual resource processing method and device, electronic equipment and storage medium
CN115640151A (en) * 2022-11-08 2023-01-24 首约科技(北京)有限公司 Service calling method, device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321168A (en) * 2007-06-09 2008-12-10 三星电子株式会社 Right object acquisition method and system
CN102215250A (en) * 2011-03-30 2011-10-12 广州市动景计算机科技有限公司 Automatic form filling method for mobile communication equipment terminal, server and client
CN104618101A (en) * 2013-12-27 2015-05-13 腾讯科技(深圳)有限公司 Data processing method, intermediate server and data processing system
CN105359486A (en) * 2013-05-03 2016-02-24 思杰系统有限公司 Secured access to resources using a proxy

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321168A (en) * 2007-06-09 2008-12-10 三星电子株式会社 Right object acquisition method and system
CN102215250A (en) * 2011-03-30 2011-10-12 广州市动景计算机科技有限公司 Automatic form filling method for mobile communication equipment terminal, server and client
CN105359486A (en) * 2013-05-03 2016-02-24 思杰系统有限公司 Secured access to resources using a proxy
CN104618101A (en) * 2013-12-27 2015-05-13 腾讯科技(深圳)有限公司 Data processing method, intermediate server and data processing system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108848061A (en) * 2018-05-22 2018-11-20 深圳壹账通智能科技有限公司 A kind of user information transmission method and terminal device
CN108848061B (en) * 2018-05-22 2021-08-24 深圳壹账通智能科技有限公司 User information transmission method and terminal equipment
CN109034816A (en) * 2018-06-08 2018-12-18 平安科技(深圳)有限公司 User information verification method, device, computer equipment and storage medium
CN112153092A (en) * 2019-06-28 2020-12-29 Oppo广东移动通信有限公司 Information pushing method and device, terminal, information pushing equipment and electronic equipment
CN110971692A (en) * 2019-12-02 2020-04-07 广州酷狗计算机科技有限公司 Method and device for opening service and computer storage medium
CN110971692B (en) * 2019-12-02 2022-03-29 广州酷狗计算机科技有限公司 Method and device for opening service and computer storage medium
CN114245234A (en) * 2021-12-21 2022-03-25 北京达佳互联信息技术有限公司 Virtual resource processing method and device, electronic equipment and storage medium
CN115640151A (en) * 2022-11-08 2023-01-24 首约科技(北京)有限公司 Service calling method, device and storage medium
CN115640151B (en) * 2022-11-08 2024-02-27 首约科技(北京)有限公司 Service calling method, device and storage medium

Similar Documents

Publication Publication Date Title
CN107993058A (en) A kind of Information Authentication method and system and server
US10861442B2 (en) Automated chat bot processing
US12093918B2 (en) Systems and methods for secure authentication of online transactions using tokens
US9251327B2 (en) Method and system for providing behavioral bi-directional authentication
US20190108497A1 (en) Data processing method, related apparatus, and system
US20160260031A1 (en) Systems and methods for distributing access rights
US20150220933A1 (en) Methods and systems for making secure online payments
US11055721B2 (en) Method, device and system for information verification
KR102397227B1 (en) Methods and systems for personal data sharing apps
US20150161613A1 (en) Methods and systems for authentications and online transactions
US20180047089A1 (en) Payment method, apparatus and system
US11908004B2 (en) Method and system for obtaining credit
US20150186890A1 (en) Method, Device And System For Data Processing
US20150310430A1 (en) Mobile payment system and method
CN102096877A (en) Online duty machine system and method
KR20170036463A (en) System and method of providing information on real estate for sale
KR20190021417A (en) Network transaction method and device based on privilege separation control
CN109886802A (en) It is a kind of to utilize the method for unmanned technology transacting business, server and terminal
US7483863B2 (en) Electronic commerce information processing system and method
US20170330182A1 (en) System for facilitating approval of in-flight payment account transactions
US9934541B1 (en) Method and apparatus for inferring realworld identities
CN115659313B (en) Account data processing method, device, storage medium and program product
TW201539338A (en) Method and computer program product of automatically dealing signing process
WO2017054287A1 (en) Service processing method and service device
US10419415B2 (en) Centralized authentication and reporting tool

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180504