CN109829321B - Method, device, equipment and storage medium for authenticating identity - Google Patents
Method, device, equipment and storage medium for authenticating identity Download PDFInfo
- Publication number
- CN109829321B CN109829321B CN201910044152.4A CN201910044152A CN109829321B CN 109829321 B CN109829321 B CN 109829321B CN 201910044152 A CN201910044152 A CN 201910044152A CN 109829321 B CN109829321 B CN 109829321B
- Authority
- CN
- China
- Prior art keywords
- authentication
- current user
- identity
- user
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The application provides a method, a device, equipment and a storage medium for authenticating identity, wherein the method comprises the following steps: outputting a first authentication interface, and acquiring first authentication information input by a current user based on the first authentication interface; if the acquired first authentication information passes the verification, outputting a second authentication interface; acquiring second authentication information returned by the associated user of the current user based on the second authentication interface; and authenticating the identity of the current user based on the acquired second authentication information. The identity authentication method and the terminal equipment can authenticate the identity of the current user based on the second authentication information returned by the associated user of the current user, can reduce the dependence of an identity authentication scheme on the associated terminal equipment, and can still finish the identity authentication process of the user when the user forgets to bring the terminal equipment or the terminal equipment fails to receive the verification information.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for authenticating an identity.
Background
For the purpose of information security, software such as an existing enterprise management system generally adopts a scheme of combining an account number, a password and a short message verification code to perform identity authentication. However, this solution has a high degree of dependence on account-bound terminal devices (e.g., a user's smart phone, etc.). When a user forgets to carry the terminal equipment or cannot receive the short message verification code due to the fact that the terminal equipment breaks down, the identity of the user cannot be authenticated, and the user login system is influenced.
Disclosure of Invention
In view of the above, the present application provides a method, an apparatus, a device and a storage medium for authenticating an identity, which can solve the problems in the above-mentioned identity authentication method.
Specifically, the method is realized through the following technical scheme:
according to a first aspect of the present application, a method of authenticating an identity is presented, comprising:
outputting a first authentication interface, and acquiring first authentication information input by a current user based on the first authentication interface;
if the acquired first authentication information passes the verification, outputting a second authentication interface;
acquiring second authentication information returned by the associated user of the current user based on the second authentication interface;
and authenticating the identity of the current user based on the acquired second authentication information.
In an embodiment, the obtaining, based on the second authentication interface, second authentication information returned by an associated user of the current user includes:
acquiring associated user information;
sending an identity verification request aiming at the current user to the associated user based on the associated user information;
and acquiring second authentication information returned by the associated user in response to the identity verification request based on the second authentication interface.
In an embodiment, the method further comprises:
starting a countdown when an identity verification request for the current user is sent to the associated user based on the associated user information;
and if the second authentication information is obtained before the countdown is finished, executing the operation of authenticating the identity of the current user based on the obtained second authentication information.
In an embodiment, the method further comprises:
and if the second authentication information is not obtained before the countdown is finished, re-executing the operation of outputting the first authentication interface, or re-executing the operation of outputting the second authentication interface.
In an embodiment, the method further comprises:
presenting question information related to the identity of the current user requesting authentication;
receiving answer information returned by the current user in response to the question information;
and if the answer information is consistent with the pre-stored correct answer, executing the operation of outputting the second authentication interface.
In an embodiment, the first authentication information includes a target account and a preset password;
the method further comprises the following steps:
and if the answer information is inconsistent with the pre-stored correct answer, locking the target account within a preset time after the current moment.
In an embodiment, the method further comprises:
outputting a third authentication interface, wherein the third authentication interface is used for the current user to input third authentication information;
and if the preset operation for representing that the current user cannot acquire the third authentication information is detected, executing the operation of outputting the second authentication interface.
According to a second aspect of the present application, there is provided an apparatus for authenticating an identity, comprising:
the first interface output module is used for outputting a first authentication interface and acquiring first authentication information input by a current user based on the first authentication interface;
the second interface output module is used for outputting a second authentication interface when the acquired first authentication information passes verification;
the second information acquisition module is used for acquiring second authentication information returned by the associated user of the current user based on the second authentication interface;
and the user identity authentication module is used for authenticating the identity of the current user based on the acquired second authentication information.
According to a third aspect of the present application, there is provided an apparatus for authenticating an identity, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements any of the above methods for authenticating an identity when executing the program.
According to a fourth aspect of the present application, a computer-readable storage medium is proposed, the storage medium storing a computer program for performing any of the methods of authenticating an identity described above.
According to the technical scheme, the method comprises the steps of outputting a first authentication interface, acquiring first authentication information input by a current user based on the first authentication interface, outputting a second authentication interface when the acquired first authentication information is verified, acquiring second authentication information returned by a related user of the current user based on the second authentication interface, and further authenticating the identity of the current user based on the acquired second authentication information, wherein the scheme of authenticating the identity of the user by using a terminal device bound by an account can be replaced by authenticating the identity of the current user based on the second authentication information returned by the related user of the current user, the dependence of the identity authentication scheme on the related terminal device is reduced, and when the user forgets to take the terminal device or the terminal device fails to receive the verification information, the identity authentication process of the user can be conveniently and quickly completed.
Drawings
Fig. 1 is a flow chart illustrating a method of authenticating an identity according to a first exemplary embodiment of the present application;
fig. 2A is a flowchart illustrating how to obtain second authentication information returned by a user associated with a current user according to a second exemplary embodiment of the present application;
FIG. 2B is a diagram illustrating an application scenario in which an identity audit request is sent to an associated user according to an exemplary embodiment of the present application;
fig. 3A is a flow chart illustrating a method of authenticating an identity according to a third exemplary embodiment of the present application;
fig. 3B is a schematic diagram illustrating an application scenario of the quiz information according to an exemplary embodiment of the present application;
FIG. 4A is a flow chart illustrating a method of authenticating an identity in accordance with a fourth exemplary embodiment of the present application;
fig. 4B is a schematic view of an application scenario of a third authentication interface according to an exemplary embodiment of the present application;
FIG. 5 is a block diagram of an apparatus for authenticating an identity in accordance with an exemplary embodiment of the present application;
FIG. 6 is a block diagram of an apparatus for authenticating an identity according to yet another exemplary embodiment of the present application;
fig. 7 is a block diagram illustrating an apparatus for authenticating an identity according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
FIG. 1 is a flow chart illustrating a method of authenticating an identity according to an exemplary embodiment of the present application; the embodiment can be used for terminal electronic equipment (such as a tablet computer, a desktop computer, a smart phone and the like) or electronic equipment of a server (such as a server cluster formed by one server and a plurality of servers and the like) for running enterprise management system software. As shown in fig. 1, the method comprises steps S101-S104:
in step S101, a first authentication interface is output, and first authentication information input by a current user based on the first authentication interface is acquired.
In an embodiment, when a current user needs to log in the enterprise management system, a client of enterprise management system software may be opened in the terminal electronic device or the server electronic device, and the client may output a first authentication interface.
In an embodiment, the first authentication interface is used for a current user to input first authentication information. In an embodiment, the first authentication information may include a target account number to which the current user requests to log in and a preset password.
In one embodiment, after the client outputs the first authentication interface, the current user may input the first authentication information based on the first authentication interface. For example, the current user may input corresponding first authentication information in a first authentication information input field presented in the first authentication interface.
In step S102, if the first authentication information passes the verification, a second authentication interface is output.
In an embodiment, after acquiring first authentication information input by the current user based on the first authentication interface, the first authentication information may be verified.
It should be noted that, the above-mentioned manner of verifying the first authentication information may refer to the prior art, for example, an account password corresponding to a target account input by a current user may be searched based on a pre-stored correspondence between a system account and the account password, and then a preset password input by the current user is compared with the searched account password, and then a comparison result is used as a verification result of the first authentication information, and the like.
In an embodiment, when the acquired first authentication information is verified, a second authentication interface may be output.
In an embodiment, the second authentication interface is configured to obtain second authentication information from a user associated with the current user.
In step S103, second authentication information returned by the associated user of the current user is acquired based on the second authentication interface.
In an embodiment, after the second authentication interface is output, second authentication information returned by the associated user of the current user may be acquired based on the second authentication interface.
In an embodiment, the associated user of the current user may be a user, to which the target account is pre-bound, for checking the identity of the current user, or a user, to which the current user temporarily specifies for checking the identity of the current user.
In an embodiment, in order to ensure the information security of the system, the associated users may be limited to a peer of the current user, or an affiliated HRBP (HR Business Partner), which is not limited in this embodiment.
In an embodiment, the number of the associated users of the current user may be one or more, which is not limited in this embodiment.
In an embodiment, the second authentication information may include a result of verifying the identity of the current user by an associated user of the current user.
In an embodiment, a manner of obtaining the second authentication information returned by the associated user based on the second authentication interface may also refer to the following embodiment shown in fig. 2A, which will not be described in detail herein.
In step S104, the identity of the current user is authenticated based on the acquired second authentication information.
In an embodiment, after second authentication information returned by the user associated with the current user is acquired based on the second authentication interface, the identity of the current user may be authenticated based on the acquired second authentication information.
In an embodiment, if the obtained second authentication information indicates that the associated user passes the identity audit of the current user, the client passes the identity authentication of the current user, and the current user is allowed to log in the target account.
As can be seen from the above description, in this embodiment, by outputting a first authentication interface, acquiring first authentication information input by a current user based on the first authentication interface, and when the acquired first authentication information is verified, outputting a second authentication interface, then acquiring second authentication information returned by an associated user of the current user based on the second authentication interface, and further authenticating the identity of the current user based on the acquired second authentication information, because the identity of the current user is authenticated based on the second authentication information returned by the associated user of the current user, a scheme of authenticating the identity of the user by using a terminal device bound by an account can be replaced, dependency of the identity authentication scheme on the associated terminal device is reduced, and when the user forgets to bring the terminal device or the terminal device fails to receive the verification information, the user identity authentication process can still be conveniently and quickly completed.
FIG. 2A is a flow chart illustrating a method of authenticating an identity according to an exemplary embodiment of the present application; the embodiment can be used for terminal electronic equipment (such as a tablet computer, a desktop computer, a smart phone and the like) or electronic equipment of a server (such as a server cluster formed by one server and a plurality of servers and the like) for running enterprise management system software. As shown in fig. 2A, the method may include S201-S206:
in step S201, a first authentication interface is output, and first authentication information input by a current user based on the first authentication interface is acquired.
In step S202, if the first authentication information passes the verification, a second authentication interface is output.
In step S203, associated user information is acquired.
In an embodiment, if the associated user of the current user is a user that is temporarily specified by the current user and checks the identity of the login user, the associated user information input by the current user may be acquired based on the output second authentication interface.
In another embodiment, if the associated user of the current user is a user, which is pre-bound to the target account and is used for verifying the identity of the current user, the associated user information used for verifying the identity of the login user may be read from the local database.
In an embodiment, the content of the associated user information may be set by a developer according to actual needs, for example, the content may be set as one or more of an account number, a name, a job number, a mobile phone number, and an identification number of the associated user, which is not limited in this embodiment.
In step S204, an identity audit request for the current user is sent to the associated user based on the associated user information, and a countdown is started.
In an embodiment, after obtaining the associated user information, the associated user of the current user may be determined based on the associated user information, and an identity audit request for the current user may be sent to the associated user.
In an embodiment, after determining the associated user of the current user, the identity verification request may be sent to a client of the enterprise management system of the associated user or a terminal device (e.g., a smart phone, etc.) of the associated user.
In an embodiment, the content and the form of the identity audit request may be set by a developer according to a service requirement, for example, set to "please audit the identity of XXX (i.e., the current user)", which is not limited in this embodiment.
In an embodiment, a countdown may be started when an identity audit request for the current user is sent to the associated user based on the associated user information.
It should be noted that the above-mentioned countdown manner may be set by a developer according to actual business requirements, such as turning on a countdown timer, which is not limited in this embodiment.
In step S205, it is determined whether the second authentication information is obtained based on the second authentication interface before the countdown ends: if yes, go to step S206; if not, step S201 is executed again (or step S202 may be executed again, not shown in the figure).
In an embodiment, the time counted down may be set by a developer according to a service requirement, for example, set to 1 minute, 3 minutes, and the like, which is not limited in this embodiment.
In an embodiment, fig. 2B is a schematic view of an application scenario that an identity audit request is sent to an associated user according to an exemplary embodiment of the present application. As shown in fig. 2B, after sending an identity verification request for the current user to the associated user "liking", a countdown of 3 minutes may be started, and the remaining time is displayed to the current user to prompt the current user to perform offline communication with the associated user as soon as possible, so as to request the associated user to verify the identity of the current user.
It can be understood that, if the second authentication information is not obtained based on the second authentication interface within the preset time after the countdown is started, the security of the target account can be protected by re-executing step S201 (i.e., re-outputting the first authentication interface); and the re-execution of step S202 (i.e., re-outputting the second authentication interface) may facilitate the current user to re-designate the associated user.
In step S206, the identity of the current user is authenticated based on the acquired second authentication information.
In an embodiment, second authentication information returned by the associated user in response to the identity audit request may be obtained.
In an embodiment, after sending an identity audit request for the current user to the associated user based on the associated user information, the associated user may return second authentication information in response to the identity audit request, such as "identity audit on XXX is passed" or "identity audit on XXX is not passed" or the like.
In an embodiment, in the process of sending the identity verification request to the associated user based on the associated user information, the current user may communicate with the associated user online to request the associated user to verify the identity of the associated user, so as to ensure the success rate and efficiency of obtaining the second authentication information.
In an embodiment, the associated user may return the second authentication information by triggering an option preset in the identity audit request (e.g., "pass" or "fail"), and the like.
For the explanation and description of steps S201-S202, reference may be made to the above embodiments, which are not described herein again.
As can be seen from the above, in this embodiment, by obtaining associated user information, sending an identity audit request for the current user to the associated user based on the associated user information, and further obtaining second authentication information returned by the associated user in response to the identity audit request based on the second authentication interface, the second authentication information returned by the associated user of the current user based on the second authentication interface can be obtained, so as to provide a basis for subsequently authenticating the identity of the current user based on the second authentication information. And because the countdown is started when the identity auditing request aiming at the current user is sent to the associated user based on the associated user information, the timeliness of the identity authentication of the current user can be ensured, and the safety of the target account is improved.
FIG. 3A is a flow chart illustrating a method of authenticating an identity in accordance with a third exemplary embodiment of the present application; the embodiment can be used for terminal electronic equipment (such as a tablet computer, a desktop computer, a smart phone and the like) or electronic equipment of a server (such as a server cluster formed by one server and a plurality of servers and the like) for running enterprise management system software. As shown in fig. 3A, the method includes steps S301-S308:
in step S301, a first authentication interface is output, and first authentication information input by a current user based on the first authentication interface is acquired.
In step S302, if the obtained first authentication information is verified, question information related to the identity requested to be authenticated by the current user is displayed.
In an embodiment, after the obtained first authentication information is verified, the identity of the current user may be preliminarily authenticated, and the specific method includes displaying question information and the like related to the identity requested to be authenticated by the current user, and further may continue to perform subsequent steps of associated user auditing after the preliminary authentication is passed.
In an embodiment, the presentation mode of the question information can be flexibly set by a developer according to business needs. For example, fig. 3B is a schematic diagram of an application scenario of the question information according to an exemplary embodiment of the present application. As shown in fig. 3B, user information of a plurality of users including a directly superior level of the current user may be presented to ask the current user to select its directly superior level and the like from the presented plurality of user information.
In step S303, answer information returned by the current user in response to the question information is received.
Still taking the example as 3B, after presenting the question information related to the identity requested to be authenticated by the current user, the current user may return corresponding answer information in response to the question information. In one embodiment, the current user may return answer information by triggering an option of the user information presented in the above-mentioned question information, and may submit the answer information by clicking on the "ok" option.
In step S304, it is determined whether the answer information is consistent with a pre-stored correct answer: if yes, go to step S305; if not, go to step S308;
in an embodiment, after receiving answer information returned by the current user in response to the question information, the received answer information may be compared with a pre-stored correct answer to determine whether the answer information is consistent with the correct answer: if yes, the subsequent process of checking the identity of the current user through the associated user may be continuously executed, that is, step S305 is executed; otherwise, step S308 may be performed.
In step S305, a second authentication interface is output.
In step S306, second authentication information returned by the associated user of the current user is acquired based on the second authentication interface.
In step S307, the identity of the current user is authenticated based on the acquired second authentication information.
In step S308, the target account is locked within a preset time after the current time.
In an embodiment, if it is determined that the received answer information is inconsistent with the correct answer, the target account may be locked within a preset time after the current time in order to ensure the security of the target account.
In an embodiment, the length of the preset time may be set by a developer according to a service requirement, for example, set to 10 minutes, 30 minutes, and the like, which is not limited in this embodiment.
For the explanation and description of steps S301 to S302 and S305 to S307, reference may be made to the above embodiments, which are not repeated herein.
As can be seen from the above description, in this embodiment, by displaying the question information related to the identity requested to be authenticated by the current user, and receiving the answer information returned by the current user in response to the question information, when the answer information is consistent with the pre-stored correct answer, a second authentication interface is output, so as to execute a subsequent process of checking the identity of the current user by the associated user, and reduce the dependency of the identity authentication scheme on the associated terminal device; and when the answer information is inconsistent with the pre-stored correct answer, locking the target account within a preset time after the current moment, so that the safety of the target account can be ensured.
Fig. 4A is a flowchart of a method of authenticating an identity according to a fourth exemplary embodiment of the present application; the embodiment can be used for terminal electronic equipment (such as a tablet computer, a desktop computer, a smart phone and the like) or electronic equipment of a server (such as a server cluster formed by one server and a plurality of servers and the like) for running enterprise management system software. As shown in fig. 4A, the method includes steps S401-S405:
in step S401, a first authentication interface is output, and first authentication information input by a current user based on the first authentication interface is acquired.
In step S402, if the first authentication information passes the verification, a third authentication interface is output.
In an embodiment, after the obtained first authentication information is verified, a third authentication interface may be output, where the third authentication interface is used for the current user to input third authentication information.
In an embodiment, the third authentication information may include authentication information, such as a short message verification code, obtained by a current user based on an associated terminal device, which is not limited in this embodiment.
In step S403, if a preset operation for representing that the current user cannot acquire the third authentication information is detected, a second authentication interface is output.
In an embodiment, after the third authentication interface is output, if the current user cannot acquire the third authentication information due to some reason, for example, forgets to carry the terminal device, or cannot receive the third authentication information due to a failure of the terminal device, a preset operation for representing that the current user cannot acquire the third authentication information may be triggered, and then the client may output the second authentication interface after detecting the preset operation.
In an embodiment, fig. 4B is an application scenario diagram of a third authentication interface according to an exemplary embodiment of the present application. As shown in fig. 4B, the third authentication interface may further include an option for indicating that the third authentication information cannot be acquired, that is, an option of "cannot acquire the verification code", in addition to an input field for the current user to input the third authentication information (e.g., the verification code). Furthermore, after the user clicks the option, the client may output the second authentication interface, and then execute a subsequent process of checking the identity of the current user through the associated user.
In step S404, second authentication information returned by the associated user of the current user is acquired based on the second authentication interface.
In step S405, the identity of the current user is authenticated based on the acquired second authentication information.
For the explanation and description of steps S401 and S404-S405, reference may be made to the above embodiments, which are not described herein again.
As can be seen from the above description, in this embodiment, by outputting the third authentication interface when the first authentication information is verified, and executing the operation of outputting the second authentication interface when the preset operation for representing that the current user cannot acquire the third authentication information is detected, the identity authentication scheme based on the short message verification code can be retained, and the identity authentication scheme based on the third authentication information returned by the associated user can be quickly switched to when the short message verification code cannot be acquired, so that the efficiency of identity authentication can be further improved.
FIG. 5 is a block diagram illustrating an apparatus for authenticating an identity according to an exemplary embodiment of the present application; as shown in fig. 5, the apparatus includes: a first interface output module 110, a second interface output module 120, a second information acquisition module 130, and a user identity authentication module 140, wherein:
a first interface output module 110, configured to output a first authentication interface and obtain first authentication information input by a current user based on the first authentication interface;
a second interface output module 120, configured to output a second authentication interface when the obtained first authentication information is verified;
a second information obtaining module 130, configured to obtain, based on the second authentication interface, second authentication information returned by a user associated with the current user;
a user identity authentication module 140, configured to authenticate the identity of the current user based on the obtained second authentication information.
As can be seen from the above description, in this embodiment, by outputting a first authentication interface, acquiring first authentication information input by a current user based on the first authentication interface, and when the acquired first authentication information is verified, outputting a second authentication interface, then acquiring second authentication information returned by an associated user of the current user based on the second authentication interface, and further authenticating the identity of the current user based on the acquired second authentication information, because the identity of the current user is authenticated based on the second authentication information returned by the associated user of the current user, a scheme of authenticating the identity of the user by using a terminal device bound by an account can be replaced, dependency of the identity authentication scheme on the associated terminal device is reduced, and when the user forgets to take the terminal device or the terminal device fails to take the verification information, the identity authentication process of the user can be conveniently and quickly completed.
FIG. 6 is a block diagram of an apparatus for authenticating an identity according to yet another exemplary embodiment of the present application; the first interface output module 210, the second interface output module 220, the second information obtaining module 230, and the user identity authentication module 240 have the same functions as the first interface output module 110, the second interface output module 120, the second information obtaining module 130, and the user identity authentication module 140 in the embodiment shown in fig. 5, and are not described herein again. As shown in fig. 6, the second information obtaining module 230 may include:
a user information acquiring unit 231 for acquiring associated user information;
an audit request sending unit 232, configured to send an identity audit request for the current user to the associated user based on the associated user information;
a second information obtaining unit 233, configured to obtain, based on the second authentication interface, second authentication information returned by the associated user in response to the identity verification request.
In an embodiment, the second information obtaining module 230 may further include:
a timing unit 234, configured to start countdown when an identity audit request for the current user is sent to the associated user based on the associated user information;
on this basis, the user identity authentication module 240 may be further configured to, when the second authentication information is obtained before the countdown ends, perform the operation of authenticating the identity of the current user based on the obtained second authentication information.
In an embodiment, when the second authentication information is not obtained before the countdown is finished, the first interface output module 210 re-executes the operation of outputting the first authentication interface, or the second interface output module 220 re-executes the operation of outputting the second authentication interface.
In an embodiment, the apparatus may further comprise: an identity information question-answering module 250;
the identity information question-answering module 250 may include:
a question information display unit 251, configured to display question information related to the identity requested to be authenticated by the current user;
an answer information receiving unit 252, configured to receive answer information returned by the current user in response to the question information;
on this basis, the second interface output module 220 may be further configured to perform the operation of outputting the second authentication interface when the answer information is consistent with the pre-stored correct answer.
In an embodiment, the first authentication information may include a target account and a preset password;
the apparatus may further include:
and the target account locking module 260 is configured to lock the target account within a preset time after the current time when the answer information is inconsistent with a pre-stored correct answer.
In an embodiment, the apparatus may further comprise:
a third interface output module 270, configured to output a third authentication interface, where the third authentication interface is used for the current user to input third authentication information;
the second interface output module 220 may be further configured to, when a preset operation for representing that the current user cannot obtain the third authentication information is detected, execute the operation of outputting the second authentication interface.
It should be noted that, all the above-mentioned optional technical solutions may be combined arbitrarily to form the optional embodiments of the present disclosure, and are not described in detail herein.
The embodiment of the identity authentication device can be applied to network equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a device in a logical sense, the device is formed by reading, by a processor of a device in which the device is located, a corresponding computer program instruction in a nonvolatile memory into an internal memory for running, where the computer program is used to execute the method for authenticating an identity provided in the embodiments shown in fig. 1 to fig. 4A. From a hardware level, as shown in fig. 7, which is a hardware structure diagram of the identity authentication device of the present invention, in addition to the processor, the network interface, the memory, and the nonvolatile memory shown in fig. 7, the device may also include other hardware, such as a forwarding chip responsible for processing a packet, and the like; the device may also be a distributed device in terms of hardware structure, and may include multiple interface cards, so as to perform extension of message processing on a hardware level. On the other hand, the present application further provides a computer-readable storage medium, where the storage medium stores a computer program, and the computer program is configured to execute the method for authenticating an identity provided in the embodiments shown in fig. 1 to fig. 4A.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement without inventive effort.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (10)
1. A method of authenticating an identity, comprising:
a terminal electronic device or a server electronic device outputs a first authentication interface through a client of enterprise management system software, and acquires first authentication information input by a current user based on the first authentication interface, wherein the first authentication information comprises a target account number and a preset password for the current user to request login;
if the acquired first authentication information is verified, displaying user information of a plurality of users including a directly superior level of the current user in a client of enterprise management system software of the terminal electronic device or the server electronic device so as to ask the current user to select the directly superior level from the displayed plurality of user information;
if the authentication is determined to pass according to the selection of the current user, outputting a second authentication interface;
sending an identity auditing request aiming at the current user to an associated user so as to acquire second authentication information returned by the associated user of the current user based on the second authentication interface, wherein the associated user comprises a directly superior level or a human resource business partner of the current user, and the associated user is a user which is read from a local database and pre-bound and audits the identity of the current user;
and authenticating the identity of the current user based on the acquired second authentication information, and allowing the current user to log in the target account at the terminal electronic equipment or the server-side electronic equipment when the identity authentication is passed.
2. The method according to claim 1, wherein the obtaining second authentication information returned by the associated user of the current user based on the second authentication interface comprises:
acquiring associated user information;
sending an identity verification request aiming at the current user to the associated user based on the associated user information;
and acquiring second authentication information returned by the associated user in response to the identity verification request based on the second authentication interface.
3. The method of claim 2, further comprising:
starting a countdown when an identity verification request for the current user is sent to the associated user based on the associated user information;
and if the second authentication information is obtained before the countdown is finished, executing the operation of authenticating the identity of the current user based on the obtained second authentication information.
4. The method of claim 3, further comprising:
and if the second authentication information is not obtained before the countdown is finished, re-executing the operation of outputting the first authentication interface, or re-executing the operation of outputting the second authentication interface.
5. The method of claim 1, further comprising:
presenting question information related to the identity of the current user requesting authentication;
receiving answer information returned by the current user in response to the question information;
and if the answer information is consistent with the pre-stored correct answer, executing the operation of outputting the second authentication interface.
6. The method according to claim 5, wherein the first authentication information includes a target account and a preset password;
the method further comprises the following steps:
and if the answer information is inconsistent with a pre-stored correct answer, locking the target account within a preset time after the current moment.
7. The method of any one of claims 1-6, further comprising:
outputting a third authentication interface, wherein the third authentication interface is used for the current user to input third authentication information;
and if the preset operation for representing that the current user cannot acquire the third authentication information is detected, executing the operation of outputting a second authentication interface.
8. An apparatus for authenticating an identity, comprising:
the first interface output module is used for outputting a first authentication interface by the terminal electronic equipment or the server electronic equipment through a client of enterprise management system software, and acquiring first authentication information input by a current user based on the first authentication interface, wherein the first authentication information comprises a target account number and a preset password for the current user to request login;
a second interface output module, configured to, when the obtained first authentication information is verified, display user information of a plurality of users including a directly superior level of the current user in a client of enterprise management system software of the terminal electronic device or the server electronic device, so as to request the current user to select the directly superior level from the displayed plurality of user information, and if it is determined that the authentication is passed according to the selection of the current user, output a second authentication interface;
a second information obtaining module, configured to send an identity audit request for the current user to an associated user, so as to obtain, based on the second authentication interface, second authentication information returned by the associated user of the current user, where the associated user includes a directly superior level of the current user or a human resource service partner to which the current user belongs, and the associated user is a user that reads from a local database and audits the identity of the current user in a pre-bound manner;
and the user identity authentication module is used for authenticating the identity of the current user based on the acquired second authentication information and allowing the current user to log in the target account at the terminal electronic equipment or the server electronic equipment when the identity authentication is passed.
9. An apparatus for authenticating identity, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the program to implement the method of authenticating identity as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium, characterized in that the storage medium stores a computer program for executing the method of authenticating an identity of any one of the preceding claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910044152.4A CN109829321B (en) | 2019-01-17 | 2019-01-17 | Method, device, equipment and storage medium for authenticating identity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910044152.4A CN109829321B (en) | 2019-01-17 | 2019-01-17 | Method, device, equipment and storage medium for authenticating identity |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109829321A CN109829321A (en) | 2019-05-31 |
| CN109829321B true CN109829321B (en) | 2022-08-26 |
Family
ID=66860270
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910044152.4A Active CN109829321B (en) | 2019-01-17 | 2019-01-17 | Method, device, equipment and storage medium for authenticating identity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109829321B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110827830B (en) * | 2019-11-15 | 2020-12-22 | 北京三快在线科技有限公司 | Voiceprint recognition method, voiceprint recognition device, terminal and storage medium based on voice data |
| CN112347460A (en) * | 2020-10-29 | 2021-02-09 | 深圳市裕展精密科技有限公司 | User authority management method, electronic device and storage medium |
| CN113190813A (en) * | 2021-05-25 | 2021-07-30 | 数字广东网络建设有限公司 | Dual-authentication processing method, device, equipment and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2120415A1 (en) * | 2008-05-14 | 2009-11-18 | Dialogue Technology Corp. | Security system and method for a remote device in a wireless wide area network |
| CN105812398A (en) * | 2016-06-06 | 2016-07-27 | 百度在线网络技术(北京)有限公司 | Remote login authorization method and remote login authorization device |
| CN108551437A (en) * | 2018-03-13 | 2018-09-18 | 百度在线网络技术(北京)有限公司 | Method and apparatus for authentication information |
-
2019
- 2019-01-17 CN CN201910044152.4A patent/CN109829321B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2120415A1 (en) * | 2008-05-14 | 2009-11-18 | Dialogue Technology Corp. | Security system and method for a remote device in a wireless wide area network |
| CN105812398A (en) * | 2016-06-06 | 2016-07-27 | 百度在线网络技术(北京)有限公司 | Remote login authorization method and remote login authorization device |
| CN108551437A (en) * | 2018-03-13 | 2018-09-18 | 百度在线网络技术(北京)有限公司 | Method and apparatus for authentication information |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109829321A (en) | 2019-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110213356B (en) | Login processing method based on data processing and related equipment | |
| US11190527B2 (en) | Identity verification and login methods, apparatuses, and computer devices | |
| CN106453415B (en) | Block chain-based equipment authentication method, authentication server and user equipment | |
| CN111030812A (en) | Token verification method, device, storage medium and server | |
| CN110582769A (en) | single-account multi-identity login method, device, server and storage medium | |
| CN112651011B (en) | Login verification method, device and equipment for operation and maintenance system and computer storage medium | |
| CN109829321B (en) | Method, device, equipment and storage medium for authenticating identity | |
| CN110417730B (en) | Unified access method of multiple application programs and related equipment | |
| CN110784450A (en) | Single sign-on method and device based on browser | |
| US20140053251A1 (en) | User account recovery | |
| CN105162775A (en) | Logging method and device of virtual machine | |
| CN103475484B (en) | USB key authentication methods and system | |
| CN109684873B (en) | Data access control method and device, computer equipment and storage medium | |
| CN105162774A (en) | Virtual machine login method and device used for terminal | |
| CN110601832A (en) | Data access method and device | |
| US9866587B2 (en) | Identifying suspicious activity in a load test | |
| CN108737398B (en) | Processing method and device of trust system, computer equipment and storage medium | |
| CN112434054A (en) | Audit log updating method and device | |
| CN110750765B (en) | Service system, front-end page control method thereof, computer device, and storage medium | |
| CN112165448A (en) | Service processing method, device, system, computer equipment and storage medium | |
| CN107645474B (en) | Method and device for logging in open platform | |
| CN109714363B (en) | Method and system for modifying switch password | |
| CN110971609A (en) | Anti-cloning method of DRM client certificate, storage medium and electronic equipment | |
| CN112597118B (en) | Shared file adding method and device | |
| CN107517177B (en) | Interface authorization method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221025 Address after: 100102 Room 01, Floor 3, Room 01, Building 2 to 4, Yard 6, Wangjing East Road, Chaoyang District, Beijing Patentee after: Beijing three cloud computing Co.,Ltd. Patentee after: BEIJING SANKUAI ONLINE TECHNOLOGY Co.,Ltd. Address before: 100080 2106-030, 9 North Fourth Ring Road, Haidian District, Beijing. Patentee before: BEIJING SANKUAI ONLINE TECHNOLOGY Co.,Ltd. |