CN109842611B - Identity authentication method, identity authentication device, computer equipment and storage medium - Google Patents
Identity authentication method, identity authentication device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN109842611B CN109842611B CN201811532325.9A CN201811532325A CN109842611B CN 109842611 B CN109842611 B CN 109842611B CN 201811532325 A CN201811532325 A CN 201811532325A CN 109842611 B CN109842611 B CN 109842611B
- Authority
- CN
- China
- Prior art keywords
- service
- verification
- rule
- requirement
- identification information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application relates to an identity authentication method, an identity authentication device, computer equipment and a storage medium. The method relates to an identity authentication technology, and comprises the following steps: receiving a service request message, and extracting service identification information and user identification information from the service request message; determining a first verification rule according to the service type of the service request message and the user level of the user identification information; service pushing matching is carried out on the service identification information and each service pushing information in a preset service pushing table; performing service push adjustment processing on the first validation rule according to the service push matching result to obtain a second validation rule; and performing identity authentication processing according to the second authentication rule to obtain an identity authentication result. The method can improve the accuracy of identity authentication.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to an identity authentication method and apparatus, a computer device, and a storage medium.
Background
With the development of computer technology, various application programs are endlessly developed, and various business services such as web conferences, online shopping and other remote services can be provided online. When the service system provides corresponding services through the application program, the identity of the terminal user needs to be verified, such as an electronic signature, an account password, and the like. However, the existing remote authentication method is easy to have the problem of fraud and has limited authentication accuracy for the terminal user.
Disclosure of Invention
In view of the foregoing, it is necessary to provide an authentication method, an apparatus, a computer device, and a storage medium capable of improving authentication accuracy.
A method of identity verification, the method comprising:
receiving a service request message, and extracting service identification information and user identification information from the service request message;
determining a first verification rule according to the service type of the service request message and the user level of the user identification information;
service pushing matching is carried out on the service identification information and each service pushing information in a preset service pushing table;
performing service push adjustment processing on the first validation rule according to the service push matching result to obtain a second validation rule;
and performing identity authentication processing according to the second authentication rule to obtain an identity authentication result.
In one embodiment, determining the first validation rule according to the service type of the service request message and the user level of the user identification information includes:
determining the service type of the service request message according to the service identification information;
inquiring a preset service verification rule table;
determining a service verification rule corresponding to the service type according to the service verification rule table;
and updating the service verification rule according to the user level of the user identification information to obtain a first verification rule.
In one embodiment, updating the service validation rule according to the user level of the user identification information, and obtaining the first validation rule includes:
querying a preset user identity level table;
determining a user level corresponding to the user identification information according to the user identity level table;
determining a user level verification requirement corresponding to a user level;
a first validation rule satisfying a user-level validation requirement is extracted from the business validation rules.
In one embodiment, before performing service push matching between the service identification information and each service push information in a preset service push table, the method further includes:
acquiring historical service data of user identification information;
analyzing the service demand of the historical service data to obtain a service demand analysis result;
and generating a service push table according to the service demand analysis result.
In one embodiment, performing service push adjustment processing on the first validation rule according to the service push matching result to obtain the second validation rule includes:
acquiring a service push matching result;
inquiring a push verification requirement corresponding to the service push matching result, wherein the push verification requirement comprises a verification rule type requirement and a verification rule combination requirement;
extracting a type requirement verification rule meeting the type requirement of the verification rule from the first verification rule;
and combining the type requirement verification rules according to the verification rule combination requirements to obtain a second verification rule.
In one embodiment, performing authentication processing according to the second authentication rule to obtain an authentication result includes:
generating an identity verification message according to a second verification rule, and issuing the identity verification message to a terminal corresponding to the service request message;
receiving authentication data returned by the terminal, wherein the authentication data is obtained by acquiring authentication data by the terminal according to the authentication information;
and performing data verification on the identity verification data and preset identity reference data to obtain an identity verification result.
In one embodiment, after obtaining the authentication result, the method further includes:
when the identity authentication result is the identity abnormity, generating an identity authentication abnormity message;
and issuing an identity authentication exception message.
An authentication device, the device comprising:
a service request receiving module, configured to receive a service request message, and extract service identification information and user identification information from the service request message;
the first verification rule module is used for determining a first verification rule according to the service type of the service request message and the user level of the user identification information;
the service pushing matching module is used for carrying out service pushing matching on the service identification information and each service pushing information in a preset service pushing table;
the second validation rule module is used for carrying out service pushing adjustment processing on the first validation rule according to the service pushing matching result to obtain a second validation rule;
and the identity authentication processing module is used for performing identity authentication processing according to the second authentication rule to obtain an identity authentication result.
A computer device comprising a memory storing a computer program and a processor implementing the following steps when the computer program is executed:
receiving a service request message, and extracting service identification information and user identification information from the service request message;
determining a first verification rule according to the service type of the service request message and the user level of the user identification information;
service pushing matching is carried out on the service identification information and each service pushing information in a preset service pushing table;
performing service push adjustment processing on the first validation rule according to the service push matching result to obtain a second validation rule;
and performing identity authentication processing according to the second authentication rule to obtain an identity authentication result.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
receiving a service request message, and extracting service identification information and user identification information from the service request message;
determining a first verification rule according to the service type of the service request message and the user level of the user identification information;
service pushing matching is carried out on the service identification information and each service pushing information in a preset service pushing table;
performing service push adjustment processing on the first validation rule according to the service push matching result to obtain a second validation rule;
and performing identity authentication processing according to a second authentication rule to obtain an identity authentication result.
According to the identity authentication method, the identity authentication device, the computer equipment and the storage medium, a first authentication rule is determined according to the service type and the user level of the received service request message, a second authentication rule is obtained after the first authentication rule is adjusted according to the service pushing matching result of the service identification information and each service pushing information in a preset service pushing table, and then identity authentication processing is carried out according to the second authentication rule to obtain an identity authentication result. In the process of identity verification processing, identity verification is carried out by integrating the service type of the service request message, the user level of the user identification information and the verification rule determined by the service push matching result of the service identification information and the service push information, the pertinence of the verification rule is strong, and the accuracy of identity verification is improved.
Drawings
FIG. 1 is a diagram of an embodiment of the application of the authentication method;
FIG. 2 is a flow diagram of a method of identity verification in one embodiment;
FIG. 3 is a flowchart illustrating the generation of a service push table in an embodiment;
FIG. 4 is a flow diagram of a method of identity verification in another embodiment;
FIG. 5 is a block diagram showing the structure of an authentication apparatus according to an embodiment;
FIG. 6 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clearly understood, the present application is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad application.
The identity authentication method provided by the application can be applied to the application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The terminal 102 sends a service request message to the server 104 to request a related service, the server 104 determines a first validation rule according to the service type and the user level of the received service request message, and obtains a second validation rule according to the service pushing matching result of the service identification information and each service pushing information in a preset service pushing table after adjusting the first validation rule, and then performs authentication processing according to the second validation rule to obtain an authentication result. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the server 104 may be implemented by an independent server or a server cluster formed by a plurality of servers.
In one embodiment, as shown in fig. 2, an authentication method is provided, which is described by taking the method as an example applied to the server 104 in fig. 1, and includes the following steps:
step S201: and receiving the service request message, and extracting the service identification information and the user identification information from the service request message.
The terminal 102 sends a service request message to the server 104 to request a corresponding service. The server 104 receives the service request message, and extracts the service identification information and the user identification information from the service request message. The service identification information is used to identify a service type requested by the terminal 102, and may specifically include service information such as a service name and a service number; the user identification information is used for distinguishing each service user, and specifically may include a name, an identity card number, a mobile phone number, a service account ID, and other identity information that can uniquely identify the service user.
Step S203: and determining a first verification rule according to the service type of the service request message and the user level of the user identification information.
Different authentication rules can be set for different service types, for example, for service types with high requirements on security and confidentiality, the requirements on the authentication rules can also be higher. Different authentication rules can be set for different service users, for example, different authentication rules can be set for common service users and important service users. In this embodiment, after obtaining the user identifier information from the service request message, the service type of the service request message and the user level corresponding to the user identifier information are determined, and the first validation rule is determined according to the service type and the user level. The first authentication rule may include, but is not limited to, various authentication manners, such as a static password, a dynamic password, a digital certificate, biometric identification, and the like, and a combined authentication requirement for the various authentication manners, such as a combined authentication requirement of the static password and the dynamic password in sequence.
Step S205: and carrying out service pushing matching on the service identification information and each service pushing information in a preset service pushing table.
The service push table records various service push information of the service user corresponding to the user identification information, and the service push table can be obtained by performing big data analysis according to historical service data of the service user. In this embodiment, the service identifier information extracted from the service request message is matched with each service push information in the service push table by service push. In specific implementation, the service identification information may be matched with the service information such as the service name and the service number of each service push information in the service push table, so as to determine whether the service type corresponding to the service identification information is in the service push table according to the service push matching result, and correspondingly adjust the first verification result, for example, when the service identification information in the service request message sent by the terminal is greatly different from each service push information in the service push table, the strength of the identity verification may be enhanced, for example, the complexity of the identity verification is increased, and a suitable identity verification rule is obtained, thereby improving the accuracy of the identity verification.
Step S207: and carrying out service push adjustment processing on the first validation rule according to the service push matching result to obtain a second validation rule.
And after the service pushing matching result is obtained, carrying out service pushing adjustment processing on the first verification rule according to the service pushing matching result, and if the first verification rule is further screened according to the service pushing matching result, selecting from the first verification rule to obtain a second verification rule. In addition, the combined requirements of the verification modes in the first verification rule can be adjusted to obtain a second verification rule.
Step S209: and performing identity authentication processing according to the second authentication rule to obtain an identity authentication result.
And after the second verification rule is obtained, performing identity verification processing on the terminal according to the second verification rule. For example, when the second verification rule is static password + fingerprint identification, the static password data and the fingerprint data of the terminal may be sequentially obtained, and the identity verification processing may be comprehensively performed according to the static password data and the fingerprint data to obtain an identity verification result. In addition, when the identity verification result is that the identity is normal, the service request message is responded, and corresponding service processing is carried out according to the service request message.
In the identity authentication method, a first authentication rule is determined according to the service type and the user level of a received service request message, a second authentication rule is obtained after the first authentication rule is adjusted according to the service push matching result of the service identification information and each service push information in a preset service push table, and then identity authentication processing is carried out according to the second authentication rule to obtain an identity authentication result. In the process of identity authentication processing, identity authentication is performed by integrating the service type of the service request message, the user level of the user identification information and the authentication rule determined by the service push matching result of the service identification information and the service push information, so that the pertinence of the authentication rule is strong, and the accuracy of the identity authentication is improved.
In one embodiment, determining the first validation rule based on the service type of the service request message and the user level of the user identification information comprises: determining the service type of the service request message according to the service identification information; inquiring a preset service verification rule table; determining a service verification rule corresponding to the service type according to the service verification rule table; and updating the service verification rule according to the user level of the user identification information to obtain a first verification rule.
In this embodiment, the first validation rule relates to the service type of the service request message and the user level of the user identification information. Specifically, the service type of the service request message is determined according to the service identification information, for example, a preset service type table may be queried, and the corresponding service type is queried from the service type table according to the service identification information, that is, the service type of the service request message. Inquiring a preset service verification rule table, wherein the service verification rule table records service verification rules corresponding to various service types, the service verification rules can comprise various identity verification modes and corresponding verification mode combination requirements, and inquiring the corresponding service verification rules from the service verification rule table according to the service types of the service request messages. And after the service verification rule is obtained, updating the service verification rule from the perspective of the service user according to the user level of the user identification information to obtain a first verification rule. The obtained first verification rule integrates the service type of the service request message and the user level of the user identification information, and the verification rule is determined from the service type perspective and the service user perspective respectively, so that the accuracy of identity verification can be improved.
In one embodiment, updating the service validation rule according to the user level of the user identification information, and obtaining the first validation rule comprises: inquiring a preset user identity level table; determining a user level corresponding to the user identification information according to the user identity level table; determining a user level verification requirement corresponding to a user level; a first validation rule satisfying a user-level validation requirement is extracted from the business validation rules.
When the obtained service verification rule is updated according to the user level of the user identification information, a preset user identity level table is inquired, the user identity level table records the user level corresponding to each user identification information, and the corresponding user level is inquired from the user identity level table according to the user identification information extracted from the service request message. And further determining user level authentication requirements corresponding to the user levels, wherein the user level authentication requirements can be set according to actual application requirements, for example, the user levels are divided into five levels, namely, a high level, a medium level, a common level and a low level, and the user level authentication requirements are reduced along with the reduction of the user levels. Specifically, a preset user level requirement table may be queried, and a corresponding user level verification requirement may be determined from the user level requirement table according to the user level. After the user level verification requirement is determined, the business verification rules are screened according to the user level verification requirement, and a first verification rule meeting the user level verification requirement is obtained.
The first authentication rule may include various authentication manners, such as static passwords, dynamic passwords, digital certificates, biometric identification, and the like, wherein the biometric identification includes physical features such as voiceprints, fingerprints, palms, retinas, irises, human body odors, facial shapes, blood vessels and DNA of hands, and behavioral features such as signatures, voices, walking gait, and the like.
In an embodiment, as shown in fig. 3, before performing service push matching on the service identification information and each service push information in a preset service push table, the method further includes a step of generating the service push table:
step S301: and acquiring historical service data of the user identification information.
In this embodiment, the service push table performs big data analysis according to historical service data of the service user, and records various service push information of the service user corresponding to the user identification information. Specifically, when the service push table is generated, historical service data corresponding to the user identification information is acquired. The historical service data reflects the historical request service of the service user corresponding to the user identification information in the service system, and the service type selection of the service user can be predicted according to the historical service data. In specific application, historical service data corresponding to the user identification information, including historical service time, historical service type, historical service wind control data, historical service execution data and the like, can be queried from a service system.
Step S303: and analyzing the service demand of the historical service data to obtain a service demand analysis result.
The service requirement analysis may be statistical analysis according to the service types, the corresponding service time and the service times, for example, the service types in the historical service data are sorted according to the service time and the service times to obtain a service requirement analysis result. Generally, for a service type with long service time and many service times of the historical service data, the service user corresponding to the user identification information has the highest possibility of requesting the service of the service type again, so that a service push table can be generated for service push, and the pertinence of service push is improved.
Step S305: and generating a service push table according to the service demand analysis result.
And after a service demand analysis result is obtained, generating a service push table according to the service demand analysis result. Specifically, the service requirement analysis result may include a requirement probability corresponding to each service type, where the requirement probability reflects a degree of requirement of the service user for the corresponding service type, and the higher the requirement probability is, the greater the requirement of the surface service user for the corresponding service type is, the more likely the service user selects the service of the service type. When the service push table is generated, corresponding service push information is generated according to each service type, and the service push information is sequenced from high to low according to the demand probability.
In this embodiment, a service push table is generated according to a service demand analysis result obtained by analyzing a service demand for historical service data of a service user, so that pertinence of each service push information in the service push table is strong, the service push table can be used for service prediction verification, that is, service identification information is subjected to service push matching with each service push information in the corresponding service push table, and service push adjustment is performed according to the service push matching, so that a suitable authentication rule is obtained, and accuracy of authentication is improved.
In one embodiment, performing service push adjustment processing on the first validation rule according to the service push matching result, and obtaining the second validation rule includes: acquiring a service push matching result; inquiring a preset push verification requirement corresponding to the service push matching result, wherein the push verification requirement comprises a verification rule type requirement and a verification rule combination requirement; extracting a type requirement verification rule meeting the type requirement of the verification rule from the first verification rule; and combining the type requirement verification rules according to the verification rule combination requirements to obtain a second verification rule.
The service push adjustment processing can be performed on the obtained first validation rule according to the service push matching result. Specifically, a service push matching result is obtained, and a preset push verification requirement corresponding to the service push matching result is inquired. The push verification requirement can be set according to actual service requirements, if the push verification requirement of the corresponding level can be divided according to the matching degree of the service push matching result, the higher the matching degree is, the lower the push verification requirement is. The push verification requirement can comprise a verification rule type requirement and a verification rule combination requirement, wherein the verification rule type requirement is the limitation on a verification mode, such as the limitation that biological characteristic identification is necessary; the requirement of the verification rule combination is to limit the verification sequence among the verification modes, such as face recognition and static password verification, or dynamic password verification and fingerprint recognition.
And after the verification rule type requirement is obtained, screening all verification modes of the first verification rule according to the verification rule type requirement, and reserving the type requirement verification rule meeting the verification rule type requirement. And combining the type requirement verification rules obtained by screening according to the verification rule combination requirements to obtain a second verification rule, wherein the second verification rule is obtained by performing service push adjustment processing on the first verification rule according to the service push matching result.
In one embodiment, performing the authentication processing according to the second authentication rule, and obtaining the authentication result includes: generating an identity verification message according to a second verification rule, and issuing the identity verification message to a terminal corresponding to the service request message; receiving authentication data returned by the terminal, wherein the authentication data is obtained by acquiring authentication data by the terminal according to the authentication information; and performing data verification on the identity verification data and preset identity reference data to obtain an identity verification result.
And after the second verification rule is obtained, performing identity verification processing on the terminal according to the second verification rule. Specifically, an authentication message is generated according to the second authentication rule and is issued to the terminal, and the authentication message is used for instructing the terminal to acquire authentication data and obtain and return authentication data. The server 104 receives the authentication data returned by the terminal, and queries preset identity reference data, which is identity standard data reserved by the service user, such as reserved DNA information, fingerprint data, password, voice data, and the like. And performing data verification on the identity verification data and preset identity reference data to obtain an identity verification result. And if the data verification result of the identity verification data and the identity reference data passes, the identity verification result is normal, otherwise, the identity verification result is abnormal.
In one embodiment, after obtaining the authentication result, the method further includes: when the identity authentication result is the identity abnormity, generating an identity authentication abnormity message; and issuing an identity authentication exception message.
After the identity authentication result is obtained, if the identity authentication result is abnormal, the result indicates that the operator of the current terminal is not the service user, the operation is illegal, or the identity authentication is failed, at this time, an identity authentication abnormal message is generated and sent to the terminal to prompt the terminal to stop the service request or to perform the identity authentication again after adjustment.
In one embodiment, as shown in fig. 4, there is provided an authentication method including:
step S401: and receiving the service request message, and extracting service identification information and user identification information from the service request message.
The terminal 102 transmits a service request message to the server 104 to request a corresponding service. Server 104 receives the service request message and extracts service identification information and user identification information from the service request message. The service name and the service number are included, and the user identification information includes the name and the service account ID.
Step S402: determining the service type of the service request message according to the service identification information;
step S403: inquiring a preset service verification rule table;
step S404: determining a service verification rule corresponding to the service type according to the service verification rule table;
step S405: inquiring a preset user identity level table;
step S406: determining a user level corresponding to the user identification information according to the user identity level table;
step S407: determining a user level verification requirement corresponding to a user level;
step S408: a first validation rule satisfying a user-level validation requirement is extracted from the business validation rules.
In this embodiment, the first validation rule relates to a service type of the service request message and a user level of the user identification information. When the obtained service verification rule is updated according to the user level of the user identification information, a preset user identity level table is inquired, the user identity level table records the user level corresponding to each user identification information, and the corresponding user level is inquired from the user identity level table according to the user identification information extracted from the service request message. The first authentication rule includes various authentication methods: static passwords, dynamic passwords, digital certificates, biometric identification and the like, wherein the biometric identification comprises body characteristics such as fingerprints, palm shapes, retinas, irises, facial shapes and the like, and behavior characteristics such as signatures, voices and the like.
Step S409: service pushing matching is carried out on the service identification information and each service pushing information in a preset service pushing table;
step S410: acquiring a service push matching result;
step S411: inquiring a push verification requirement corresponding to the service push matching result, wherein the push verification requirement comprises a verification rule type requirement and a verification rule combination requirement;
step S412: extracting a type requirement verification rule meeting the type requirement of the verification rule from the first verification rule;
step S413: and combining the type requirement verification rules according to the verification rule combination requirement to obtain a second verification rule.
In this embodiment, the service push table records various service push information of the service user corresponding to the user identification information, matches the service identification information with service information such as a service name and a service number of each service push information in the service push table, determines whether a service type corresponding to the service identification information is in the service push table according to a service push matching result, and adjusts the first verification result accordingly.
Step S414: performing identity verification processing according to a second verification rule to obtain an identity verification result;
step S415: when the identity authentication result is the identity abnormity, generating an identity authentication abnormity message;
step S416: and issuing an identity authentication exception message.
And after the second verification rule is obtained, performing identity verification processing on the terminal according to the second verification rule. Specifically, the authentication process includes: generating an identity authentication message according to a second authentication rule, and issuing the identity authentication message to a terminal corresponding to the service request message; receiving authentication data returned by the terminal, wherein the authentication data is obtained by acquiring authentication data by the terminal according to the authentication information; and performing data verification on the identity verification data and preset identity reference data to obtain an identity verification result.
If the identity authentication result is that the identity authentication is abnormal, the operator of the current terminal is not the service user, the operation is illegal, or the identity authentication is failed, and at this time, an identity authentication abnormal message is generated and sent to the terminal to prompt the terminal to stop the service request or to perform the identity authentication again after adjustment. And when the identity verification result is that the identity is normal, responding to the service request message and carrying out corresponding service processing according to the service request message.
It should be understood that although the various steps in the flow charts of fig. 2-4 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-4 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 5, there is provided an authentication apparatus including: a service request receiving module 501, a first verification rule module 503, a service push matching module 505, a second verification rule module 507 and an identity verification processing module 509, wherein:
a service request receiving module 501, configured to receive a service request message, and extract service identification information and user identification information from the service request message;
a first validation rule module 503, configured to determine a first validation rule according to the service type of the service request message and the user level of the user identification information;
a service push matching module 505, configured to perform service push matching on the service identification information and each service push information in a preset service push table;
the second validation rule module 507 is configured to perform service push adjustment processing on the first validation rule according to the service push matching result to obtain a second validation rule;
and an identity authentication processing module 509, configured to perform identity authentication processing according to the second authentication rule to obtain an identity authentication result.
In one embodiment, the first validation rule module 503 comprises a service type unit, a service rule table unit, a service rule determination unit, and a first validation rule unit, wherein: a service type unit, configured to determine a service type of the service request message according to the service identification information; the business rule table unit is used for inquiring a preset business verification rule table; the service rule determining unit is used for determining a service verification rule corresponding to the service type according to the service verification rule table; and the first verification rule unit is used for updating the service verification rule according to the user level of the user identification information to obtain the first verification rule.
In one embodiment, the first validation rule unit includes a level table subunit, a user level subunit, a user validation requirement subunit, and a first validation rule subunit, wherein: the level table subunit is used for inquiring a preset user identity level table; the user level sub-unit is used for determining the user level corresponding to the user identification information according to the user identity level table; the user verification requirement subunit is used for determining a user level verification requirement corresponding to the user level; and the first verification rule subunit is used for extracting the first verification rule meeting the user-level verification requirement from the business verification rules.
In one embodiment, the system further comprises a historical data acquisition module, a service demand module and a service push table module, wherein: the historical data acquisition module is used for acquiring historical service data of the user identification information; the service demand module is used for carrying out service demand analysis on the historical service data to obtain a service demand analysis result; and the service push table module is used for generating a service push table according to the service demand analysis result.
In one embodiment, the second verification rule module 507 includes a matching result unit, a verification requirement unit, a type requirement processing unit, and a second verification rule unit, wherein: the matching result unit is used for acquiring a service pushing matching result; the verification requirement unit is used for inquiring a preset push verification requirement corresponding to the service push matching result, and the push verification requirement comprises a verification rule type requirement and a verification rule combination requirement; the type requirement processing unit is used for extracting a type requirement verification rule meeting the type requirement of the verification rule from the first verification rule; and the second verification rule unit is used for combining the type requirement verification rules according to the verification rule combination requirements to obtain a second verification rule.
In one embodiment, the authentication processing module 509 comprises an authentication message issuing unit, an authentication data receiving unit and an authentication processing unit, wherein: the verification message issuing unit is used for generating an identity verification message according to the second verification rule and issuing the identity verification message to a terminal corresponding to the service request message; the authentication data receiving unit is used for receiving authentication data returned by the terminal, and the authentication data is obtained by acquiring the authentication data by the terminal according to the authentication information; and the verification processing unit is used for performing data verification on the identity verification data and preset identity reference data to obtain an identity verification result.
In one embodiment, the system further comprises an exception message generation module and an exception message issuing module, wherein: the abnormal message generating module is used for generating an abnormal authentication message when the authentication result is abnormal; and the abnormal message issuing module is used for issuing the identity authentication abnormal message.
For specific limitations of the authentication device, reference may be made to the above limitations of the authentication method, which are not described in detail herein. The modules in the authentication device can be implemented in whole or in part by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure thereof may be as shown in fig. 6. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an authentication method.
Those skilled in the art will appreciate that the architecture shown in fig. 6 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, there is provided a computer device comprising a memory storing a computer program and a processor implementing the following steps when the processor executes the computer program:
receiving a service request message, and extracting service identification information and user identification information from the service request message;
determining a first verification rule according to the service type of the service request message and the user level of the user identification information;
service pushing matching is carried out on the service identification information and each service pushing information in a preset service pushing table;
performing service push adjustment processing on the first validation rule according to the service push matching result to obtain a second validation rule;
and performing identity authentication processing according to a second authentication rule to obtain an identity authentication result.
In one embodiment, the processor when executing the computer program further performs the steps of: determining the service type of the service request message according to the service identification information; inquiring a preset service verification rule table; determining a service verification rule corresponding to the service type according to the service verification rule table; and updating the service verification rule according to the user level of the user identification information to obtain a first verification rule.
In one embodiment, the processor when executing the computer program further performs the steps of: inquiring a preset user identity level table; determining a user level corresponding to the user identification information according to the user identity level table; determining user level verification requirements corresponding to the user levels; a first validation rule satisfying a user-level validation requirement is extracted from the business validation rules.
In one embodiment, the processor, when executing the computer program, further performs the steps of: acquiring historical service data of user identification information; analyzing the service demand of the historical service data to obtain a service demand analysis result; and generating a service push table according to the service demand analysis result.
In one embodiment, the processor when executing the computer program further performs the steps of: acquiring a service pushing matching result; inquiring a preset push verification requirement corresponding to the service push matching result, wherein the push verification requirement comprises a verification rule type requirement and a verification rule combination requirement; extracting a type requirement verification rule which meets the type requirement of the verification rule from the first verification rule; and combining the type requirement verification rules according to the verification rule combination requirements to obtain a second verification rule.
In one embodiment, the processor, when executing the computer program, further performs the steps of: generating an identity verification message according to a second verification rule, and issuing the identity verification message to a terminal corresponding to the service request message; receiving authentication data returned by the terminal, wherein the authentication data is obtained by acquiring authentication data by the terminal according to the authentication information; and performing data verification on the identity verification data and preset identity reference data to obtain an identity verification result.
In one embodiment, the processor, when executing the computer program, further performs the steps of: when the identity authentication result is the identity abnormity, generating an identity authentication abnormity message; and issuing an identity authentication exception message.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
receiving a service request message, and extracting service identification information and user identification information from the service request message;
determining a first verification rule according to the service type of the service request message and the user level of the user identification information;
service pushing matching is carried out on the service identification information and each service pushing information in a preset service pushing table;
performing service push adjustment processing on the first validation rule according to the service push matching result to obtain a second validation rule;
and performing identity authentication processing according to a second authentication rule to obtain an identity authentication result.
In one embodiment, the computer program when executed by the processor further performs the steps of: determining the service type of the service request message according to the service identification information; inquiring a preset service verification rule table; determining a service verification rule corresponding to the service type according to the service verification rule table; and updating the service verification rule according to the user level of the user identification information to obtain a first verification rule.
In one embodiment, the computer program when executed by the processor further performs the steps of: inquiring a preset user identity level table; determining a user level corresponding to the user identification information according to the user identity level table; determining a user level verification requirement corresponding to a user level; a first validation rule satisfying a user-level validation requirement is extracted from the business validation rules.
In one embodiment, the computer program when executed by the processor further performs the steps of: acquiring historical service data of user identification information; performing service demand analysis on the historical service data to obtain a service demand analysis result; and generating a service push table according to the service demand analysis result.
In one embodiment, the computer program when executed by the processor further performs the steps of: acquiring a service push matching result; inquiring a push verification requirement corresponding to the service push matching result, wherein the push verification requirement comprises a verification rule type requirement and a verification rule combination requirement; extracting a type requirement verification rule which meets the type requirement of the verification rule from the first verification rule; and combining the type requirement verification rules according to the verification rule combination requirement to obtain a second verification rule.
In one embodiment, the computer program when executed by the processor further performs the steps of: generating an identity verification message according to a second verification rule, and issuing the identity verification message to a terminal corresponding to the service request message; receiving authentication data returned by the terminal, wherein the authentication data is obtained by acquiring authentication data by the terminal according to the authentication information; and performing data verification on the identity verification data and preset identity reference data to obtain an identity verification result.
In one embodiment, the computer program when executed by the processor further performs the steps of: when the identity authentication result is the identity abnormity, generating an identity authentication abnormity message; and issuing an identity authentication exception message.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, and these are all within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. An identity verification method, the method comprising:
receiving a service request message, and extracting service identification information and user identification information from the service request message;
determining the service type of the service request message according to the service identification information;
inquiring a preset service verification rule table;
determining a service verification rule corresponding to the service type according to the service verification rule table;
extracting a first verification rule from the service verification rule according to a user level verification requirement determined based on the user level of the user identification information; the first verification rule comprises various verification modes corresponding to the service type and the user level;
performing service pushing matching on the service identification information and each service pushing information in a preset service pushing table; the service pushing information is information for pushing services aiming at the user identification information; the service pushing information is obtained by analyzing the service requirement of the historical service data of the user identification information;
acquiring a service pushing matching result;
inquiring the preset push verification requirement corresponding to the service push matching result, wherein the push verification requirement comprises a verification rule type requirement and a verification rule combination requirement;
extracting a type requirement verification rule which meets the type requirement of the verification rule from the first verification rule;
combining the type requirement verification rules according to the verification rule combination requirement to obtain a second verification rule; the second verification rule meets the pushing verification requirement corresponding to the service pushing matching result;
and performing identity authentication processing according to the second authentication rule to obtain an identity authentication result.
2. The method of claim 1, wherein the authentication means comprises at least one of a static password, a dynamic password, a digital certificate, or biometric identification.
3. The method of claim 1, wherein extracting the first validation rule from the business validation rules according to a user level validation requirement determined based on a user level of the user identification information comprises:
inquiring a preset user identity level table;
determining a user level corresponding to the user identification information according to the user identity level table;
determining a user level verification requirement corresponding to the user level;
extracting the first validation rule satisfying the user-level validation requirement from the business validation rules.
4. The method according to claim 1, before performing service push matching on the service identification information and each service push information in a preset service push table, further comprising:
acquiring historical service data of the user identification information;
performing service demand analysis on the historical service data to obtain a service demand analysis result;
and generating the service push table according to the service demand analysis result.
5. The method of claim 1, wherein the push validation requirement is inversely related to a degree of matching of the service push matching result representation.
6. The method according to claim 1, wherein performing the authentication processing according to the second authentication rule to obtain the authentication result comprises:
generating an identity authentication message according to the second authentication rule, and sending the identity authentication message to a terminal corresponding to the service request message;
receiving authentication data returned by the terminal, wherein the authentication data is obtained by acquiring authentication data by the terminal according to the authentication message;
and performing data verification on the identity verification data and preset identity reference data to obtain an identity verification result.
7. The method according to any one of claims 1-6, further comprising, after obtaining the authentication result:
when the identity authentication result is the identity abnormity, generating an identity authentication abnormity message;
and issuing the identity authentication abnormal message.
8. An authentication apparatus, the apparatus comprising:
a service request receiving module, configured to receive a service request message, and extract service identification information and user identification information from the service request message;
the first verification rule module is used for determining the service type of the service request message according to the service identification information; inquiring a preset service verification rule table; determining a service verification rule corresponding to the service type according to the service verification rule table; extracting a first verification rule from the service verification rule according to a user level verification requirement determined based on the user level of the user identification information; the first verification rule comprises various verification modes corresponding to the service type and the user level;
the service pushing matching module is used for carrying out service pushing matching on the service identification information and each service pushing information in a preset service pushing table; the service pushing information is information for pushing services aiming at the user identification information; the service pushing information is obtained by analyzing the service requirement of the historical service data of the user identification information;
the second verification rule module is used for acquiring a service push matching result; inquiring the preset push verification requirement corresponding to the service push matching result, wherein the push verification requirement comprises a verification rule type requirement and a verification rule combination requirement; extracting a type requirement verification rule which meets the type requirement of the verification rule from the first verification rule; combining the type requirement verification rules according to the verification rule combination requirement to obtain a second verification rule; the second verification rule meets the pushing verification requirement corresponding to the service pushing matching result;
and the identity authentication processing module is used for performing identity authentication processing according to the second authentication rule to obtain an identity authentication result.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811532325.9A CN109842611B (en) | 2018-12-14 | 2018-12-14 | Identity authentication method, identity authentication device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811532325.9A CN109842611B (en) | 2018-12-14 | 2018-12-14 | Identity authentication method, identity authentication device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109842611A CN109842611A (en) | 2019-06-04 |
| CN109842611B true CN109842611B (en) | 2023-04-18 |
Family
ID=66883286
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811532325.9A Active CN109842611B (en) | 2018-12-14 | 2018-12-14 | Identity authentication method, identity authentication device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109842611B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110633642B (en) * | 2019-08-14 | 2021-11-16 | 深圳市天彦通信股份有限公司 | Identity information verification method and device, terminal equipment and storage medium |
| CN110647641A (en) * | 2019-08-15 | 2020-01-03 | 平安科技(深圳)有限公司 | Identity authentication method, identity authentication device, computer equipment and storage medium |
| CN110636106B (en) * | 2019-08-15 | 2023-04-07 | 平安普惠企业管理有限公司 | Information pushing method and device, computer equipment and storage medium |
| CN110704823A (en) * | 2019-09-10 | 2020-01-17 | 平安科技(深圳)有限公司 | Data request method, device, storage medium and electronic equipment |
| CN110633560A (en) * | 2019-09-20 | 2019-12-31 | 重庆洲雄科技有限责任公司 | Identity recognition method and device, computer equipment and storage medium |
| CN110909013B (en) * | 2019-10-12 | 2023-10-03 | 中国平安财产保险股份有限公司 | Service list generation method, device, equipment and computer readable storage medium |
| CN111242576A (en) * | 2020-01-10 | 2020-06-05 | 中国建设银行股份有限公司 | Method and device for processing request |
| CN111274560B (en) * | 2020-01-14 | 2022-11-18 | 支付宝(杭州)信息技术有限公司 | Identity authentication mode recommendation method, device and equipment |
| CN113542201B (en) * | 2020-04-20 | 2023-04-21 | 上海云盾信息技术有限公司 | Access control method and equipment for Internet service |
| CN111709035B (en) * | 2020-06-12 | 2022-03-29 | 北京思特奇信息技术股份有限公司 | Business process security verification method and system |
| CN112989307B (en) * | 2021-04-21 | 2022-02-11 | 北京金和网络股份有限公司 | Service information processing method, device and terminal |
| CN113537994A (en) * | 2021-06-25 | 2021-10-22 | 浙江吉利控股集团有限公司 | Resource transfer method, device, equipment and medium |
| CN114006749B (en) * | 2021-10-29 | 2023-07-21 | 平安银行股份有限公司 | Security verification method, device, equipment and storage medium |
| CN116208953B (en) * | 2022-09-07 | 2023-08-18 | 北京诚志北分机电技术有限公司 | Communication method, system, terminal and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106228054A (en) * | 2016-08-02 | 2016-12-14 | 北京小米移动软件有限公司 | Auth method and device |
| EP3200487A1 (en) * | 2014-11-28 | 2017-08-02 | Huawei Technologies Co., Ltd. | Message processing method and apparatus |
| CN108134791A (en) * | 2017-12-22 | 2018-06-08 | 郑州云海信息技术有限公司 | A kind of data center's total management system login validation method |
| CN108810003A (en) * | 2018-06-21 | 2018-11-13 | 吉旗(成都)科技有限公司 | A kind of safety verification scheme of multi-service side's message access |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127599B (en) * | 2006-08-18 | 2011-05-04 | 华为技术有限公司 | An identity and right authentication method and system and a biological processing unit |
| CN105450582B (en) * | 2014-06-24 | 2019-10-18 | 华为技术有限公司 | Method for processing business, terminal, server and system |
| CN106612300A (en) * | 2015-10-22 | 2017-05-03 | 中兴通讯股份有限公司 | Message push method and push server |
| CN112769834B (en) * | 2016-08-30 | 2023-09-26 | 创新先进技术有限公司 | Identity verification system, method and platform |
| CN106534150B (en) * | 2016-11-29 | 2019-09-06 | 江苏通付盾科技有限公司 | Identity identifying method and system, user terminal, Website server |
| CN108650098B (en) * | 2018-05-08 | 2021-04-20 | 创新先进技术有限公司 | Method and device for user-defined verification mode |
-
2018
- 2018-12-14 CN CN201811532325.9A patent/CN109842611B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3200487A1 (en) * | 2014-11-28 | 2017-08-02 | Huawei Technologies Co., Ltd. | Message processing method and apparatus |
| CN106228054A (en) * | 2016-08-02 | 2016-12-14 | 北京小米移动软件有限公司 | Auth method and device |
| CN108134791A (en) * | 2017-12-22 | 2018-06-08 | 郑州云海信息技术有限公司 | A kind of data center's total management system login validation method |
| CN108810003A (en) * | 2018-06-21 | 2018-11-13 | 吉旗(成都)科技有限公司 | A kind of safety verification scheme of multi-service side's message access |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109842611A (en) | 2019-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109842611B (en) | Identity authentication method, identity authentication device, computer equipment and storage medium | |
| KR102038851B1 (en) | Method and system for verifying identities | |
| CN109446904B (en) | Queuing number-taking method, queuing number-taking device, computer equipment and storage medium | |
| US8607319B2 (en) | Methods and systems for determining biometric data for use in authentication transactions | |
| CN109815803B (en) | Face examination risk control method and device, computer equipment and storage medium | |
| US9237018B2 (en) | Multisystem biometric token | |
| CN110490594B (en) | Service data processing method and device, computer equipment and storage medium | |
| WO2013051019A4 (en) | Evolved biometric system with enhanced feature and method for the same | |
| CN108900536B (en) | Authentication method, authentication device, computer equipment and storage medium | |
| CN109688121B (en) | Resource data acquisition method and device, computer equipment and storage medium | |
| WO2021169305A1 (en) | Voiceprint data processing method and apparatus, computer device, and storage medium | |
| CN111241566A (en) | Policy management method, electronic device, computer device, and storage medium | |
| CN112287320A (en) | Identity verification method and device based on biological characteristics and client | |
| JPWO2013136528A1 (en) | Evaluation server, evaluation program, and evaluation method | |
| CN113872990A (en) | VPN network certificate authentication method and device based on SSL protocol and computer equipment | |
| CN112115455B (en) | Method, device, server and medium for setting association relation of multiple user accounts | |
| CN111147474B (en) | Data encryption transmission method and device, computer equipment and storage medium | |
| CN111371755B (en) | Voiceprint data processing method and device, computer equipment and storage medium | |
| CN110648052B (en) | Wind control decision method and device, computer equipment and storage medium | |
| CN109767344B (en) | Vehicle insurance service processing method, device, computer equipment and storage medium | |
| CN114238914A (en) | Digital certificate application system, method, device, computer equipment and storage medium | |
| CN112364307B (en) | Software authorization method and related equipment | |
| CN106470106B (en) | Terminal information display method and device | |
| CN114297612A (en) | Authentication method, system and device based on improved cryptographic algorithm | |
| CN110599386A (en) | Identity authentication method, identity authentication device, storage medium and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |