CN110705989B

CN110705989B - Identity authentication method, method for realizing login-free authorization component and respective devices

Info

Publication number: CN110705989B
Application number: CN201910877524.1A
Authority: CN
Inventors: 张志浩; 宋金生
Original assignee: Advanced New Technologies Co Ltd
Current assignee: Ant Fortune Shanghai Financial Information Service Co ltd
Priority date: 2019-09-17
Filing date: 2019-09-17
Publication date: 2021-03-16
Anticipated expiration: 2039-09-17
Also published as: CN110705989A; CN113034154A; TW202113715A; TWI786404B; WO2021051884A1

Abstract

The embodiment of the specification provides an identity authentication method, a method for realizing a login-free authorization component and respective devices, wherein the identity authentication method is applied to a third-party application provided by a third-party platform and comprises the following steps: when the identity of a user needs to be confirmed, the user authorizes the bank card to be free of login according to the fact that the user authorizes the bank card to be free of login, the bank card information bound by the third-party platform is inquired from the inside of the third-party platform, the bank card information is sent to the bank server to be subjected to identity authentication, and the third-party application can obtain the bound bank card information from the inside of the third-party platform according to authorization and send the bound bank card information to the bank server to be subjected to user identity authentication.

Description

Identity authentication method, method for realizing login-free authorization component and respective devices

Technical Field

The embodiment of the specification relates to the technical field of computers, in particular to an identity authentication method and a method for realizing a login-free authorization component. One or more embodiments of the present specification also relate to an identity authentication apparatus, an apparatus implementing a login-free authorization component, a computing device, and a computer-readable storage medium.

Background

Under the big background of the third-party platform popularization of small programs, more and more merchants wish to develop a third-party application belonging to the third-party platform on the third-party platform, and invest in various large banks in the financial industry.

However, each bank has a user system belonging to one bank, and when a third-party platform user logs in a third-party application and uses a bank feature service, the problem of secondary identity authentication is often encountered, so that the user operation is complex, and the user experience is greatly reduced.

Disclosure of Invention

In view of this, the embodiments of the present specification provide an identity authentication method and a method for implementing a login-free authorization component. One or more embodiments of the present disclosure also relate to an identity authentication apparatus, an apparatus for implementing an authorization-exempt component, a computing device, and a computer-readable storage medium, so as to solve technical deficiencies in the prior art.

According to a first aspect of the embodiments of the present specification, there is provided an identity authentication method applied to a third party application provided by a third party platform, including: when the identity of a user needs to be confirmed, judging whether the user authorizes the bank card to be exempted from login according to the bank card exempting authorization state information of the user; under the condition that the user authorizes the bank card to be free from logging, inquiring bank card information bound by the user on the third-party platform from the inside of the third-party platform; and sending the information of the bank card to a bank server so that the bank server can perform user identity authentication according to the information of the bank card.

Optionally, the method further comprises: and under the condition that the user does not authorize the login exemption of the bank card, obtaining the authorization of the user for the login exemption of the bank card.

Optionally, when the user identity needs to be confirmed, judging whether the user authorizes the bank card to be exempted from login according to the bank card exempted authorization state information of the user includes: when the identity of a user needs to be confirmed, calling a bank card login-free authorization component so that the bank card login-free authorization component responds to the calling and judges whether the user authorizes the bank card login-free according to the stored bank card login-free authorization state information of the user; the inquiring of the information of the bank card bound by the user on the third-party platform from the inside of the third-party platform under the condition that the user authorizes the bank card to be free from logging comprises: under the condition that the user authorizes the bank card to be free from login, bank card information returned by the bank card free-from-login authorization component is obtained; the bank card information is obtained by the bank card login-free authorization component under the condition that the user does not authorize the bank card login-free, the bank card information is inquired from the inside of the third-party platform after the user authorization is obtained and returned to the third-party application, or the bank card login-free authorization component inquires from the inside of the third-party platform and returns to the third-party application under the condition that the user is authorized to authorize the bank card login-free.

Optionally, in the case that the user has authorized the bank card to log in, obtaining the bank card information returned by the bank card log-in-exempting authorization component includes: and under the condition that the user authorizes the bank card to be free from login, obtaining the information of the bank card which is returned by the bank card free-from-login authorization component and encrypted by adding the signature. The sending the bank card information to a bank server comprises: and sending the information of the bank card subjected to signature adding and encryption to the bank server so that the bank server can verify and decrypt the information of the bank card subjected to signature adding and encryption and perform user identity authentication according to the decrypted information of the bank card.

Optionally, the method further comprises: sending a service request to the bank server, so that the server executes a service logic corresponding to the service request after completing user identity authentication, and returns service data to the third-party application; and receiving the business data returned by the bank server.

Optionally, the sending the service request to the banking server includes: and sending the payment request to the bank server.

According to a second aspect of the embodiments of the present specification, there is provided an identity authentication apparatus configured to a third party application provided by a third party platform, including: and the authorization judgment first module is configured to judge whether the user authorizes the bank card to be free of login according to the bank card free-of-login authorization state information of the user when the identity of the user needs to be confirmed. The card inquiry module is configured to inquire the information of the bank card bound by the user on the third-party platform from the inside of the third-party platform under the condition that the user authorizes the bank card to be free from logging. And the card sending first module is configured to send the bank card information to a bank server so that the bank server can perform user identity authentication according to the bank card information.

Optionally, the method further comprises: and the authorization obtaining module is configured to obtain the authorization of the user for log-on exemption of the bank card under the condition that the user does not authorize the log-on exemption of the bank card.

Optionally, the authorization determination first module is configured to, when the identity of the user needs to be confirmed, invoke a bank card login-exempting authorization component, so that the bank card login-exempting authorization component responds to the invocation, and determines whether the user authorizes the bank card login-exempting according to the stored bank card login-exempting authorization state information of the user. The card inquiry first module is configured to obtain bank card information returned by the bank card login-exempting authorization component under the condition that the user authorizes the bank card to be login-exempted; the bank card information is obtained by the bank card login-free authorization component under the condition that the user does not authorize the bank card login-free, the bank card information is inquired from the inside of the third-party platform after the user authorization is obtained and returned to the third-party application, or the bank card login-free authorization component inquires from the inside of the third-party platform and returns to the third-party application under the condition that the user is authorized to authorize the bank card login-free.

Optionally, the card inquiry first module is configured to, in a case that the user has authorized the bank card to log in exempt, obtain the signed and encrypted bank card information returned by the bank card login exempt authorization component. The card sending first module is configured to send the signed and encrypted bank card information to the bank server, so that the bank server can check and decrypt the signed and encrypted bank card information, and can perform user identity authentication according to the decrypted bank card information.

Optionally, the method further comprises: and the request sending module is configured to send the service request to the bank server, so that the server executes the service logic corresponding to the service request after finishing the user identity authentication, and returns service data to the third-party application. And the data receiving module is configured to receive the business data returned by the bank server.

Optionally, the request sending module is configured to send a payment request to the banking server.

According to a third aspect of embodiments herein, there is provided a method for implementing a login-exempt authorization component, including: responding to the calling of a third-party application in a third-party platform, and aiming at a user involved in the calling, judging whether the user authorizes the bank card to be free from login according to the stored bank card free authorization state information of the user; under the condition that the user authorizes the bank card to be free from logging, inquiring bank card information bound by the user on a third-party platform from the inside of the third-party platform; and sending the bank card information to the third-party application so that the third-party application can send the bank card information to a bank server, and the bank server can perform user identity authentication according to the bank card information.

Optionally, the sending the bank card information to the third-party application so that the third-party application sends the bank card information to a bank server, and the bank server performs user identity authentication according to the bank card information includes: and sending the bank card information subjected to signature adding and encryption to the third-party application so that the third-party application can send the bank card information subjected to signature adding and encryption to a bank server, so that the bank server can check and decrypt the signature of the bank card information subjected to signature adding and encryption and perform user identity authentication according to the decrypted bank card information.

Optionally, the querying the bank card information from the inside of the third party platform includes: and inquiring the bank card information from the inside of the third-party platform through an open gateway, wherein the open gateway is used for signing and encrypting the bank card information.

According to a fourth aspect of the embodiments of the present specification, there is provided an apparatus for implementing a login-exempt authorization component, including: and the authorization judgment second module is configured to respond to the calling of a third-party application in a third-party platform, and judge whether the user authorizes the bank card to be exempted from login according to the saved bank card exempted authorization state information of the user aiming at the user involved in the calling. And the card inquiry second module is configured to inquire the information of the bank card bound by the user on the third-party platform from the inside of the third-party platform under the condition that the user authorizes the bank card to be free from logging. And the card sending second module is configured to send the bank card information to the third-party application so that the third-party application can send the bank card information to a bank server, and the bank server can perform user identity authentication according to the bank card information.

Optionally, the card sending second module is configured to send the bank card information subjected to signature adding and encryption to the third-party application, so that the third-party application sends the bank card information subjected to signature adding and encryption to a bank service end, the bank service end performs signature verification and decryption on the bank card information subjected to signature adding and encryption, and user identity authentication is performed according to the decrypted bank card information.

Optionally, the card querying second module is configured to query the bank card information from the inside of the third party platform through an open gateway, where the open gateway is configured to perform signature encryption on the bank card information.

According to a fifth aspect of embodiments herein, there is provided a computing device comprising: a memory and a processor; the memory is to store computer-executable instructions, and the processor is to execute the computer-executable instructions to: when the identity of a user needs to be confirmed, judging whether the user authorizes the bank card to be exempted from login according to the bank card exempting authorization state information of the user; under the condition that the user authorizes the bank card to be free from logging, inquiring bank card information bound by the user on the third-party platform from the inside of the third-party platform; and sending the information of the bank card to a bank server so that the bank server can perform user identity authentication according to the information of the bank card.

According to a sixth aspect of embodiments herein, there is provided a computer readable storage medium storing computer instructions which, when executed by a processor, implement the steps of the identity authentication method according to any of the embodiments herein.

According to a seventh aspect of embodiments herein, there is provided a computing device comprising: a memory and a processor; the memory is to store computer-executable instructions, and the processor is to execute the computer-executable instructions to: responding to the calling of a third-party application in a third-party platform, and aiming at a user involved in the calling, judging whether the user authorizes the bank card to be free from login according to the stored bank card free authorization state information of the user; under the condition that the user authorizes the bank card to be free from logging, inquiring bank card information bound by the user on a third-party platform from the inside of the third-party platform; and sending the bank card information to the third-party application so that the third-party application can send the bank card information to a bank server, and the bank server can perform user identity authentication according to the bank card information.

According to an eighth aspect of the embodiments of the present specification, there is provided a computer-readable storage medium storing computer instructions, which when executed by a processor, implement the steps of the method for implementing a login-exempt authorization component according to any of the embodiments of the present specification.

An identity authentication method in one embodiment of one aspect of the present description is applied to a third party application provided by a third party platform, when the identity of the user needs to be confirmed, according to the fact that the user authorizes the bank card to be free from login, the bank card information bound by the user on the third-party platform is inquired from the inside of the third-party platform, the bank card information is sent to a bank server side for identity authentication, because the third party application can obtain the information of the bound bank card from the inside of the third party platform according to the authorization and send the information to the bank service terminal for the user identity authentication, therefore, identity authentication and subsequent business logic processing at the bank server can be completed as long as the user does not need to log in the bank card in the third-party application without authorization, secondary login is not needed to be performed by inputting bank card information, simplicity and high efficiency are achieved, user operation is simplified, and user experience is improved.

In another embodiment of the present specification, in response to the invocation of a third-party application in a third-party platform, in a case where the user has authorized the bank card to be exempted from logging, the method queries the bank card information bound by the user on the third-party platform from the inside of the third-party platform, and sends the bank card information to the third-party application, so that the third-party application sends the bank card information to a bank server for user identity authentication, and due to the implementation of the bank card exempt-from authorization component that can be invoked by the third-party application, the third-party application can obtain the bank card information bound by the inside of the third-party platform through the bank card exempt-from authorization component under the authorization of the user, and send the bank card information to the bank server for user identity authentication, thereby simplifying the identity authentication process of the third-party application in a business scenario where the card dimension is concentrated, such as balance inquiry, bill inquiry, and the like, the universal bank card login-free authorization component is provided, identity authentication and subsequent business logic processing at a bank server can be completed as long as a user has bank card login-free authorization, secondary login is not required to be performed by inputting bank card information, simplicity and high efficiency are achieved, user operation is simplified, and user experience is improved.

Drawings

Fig. 1 is a flowchart of an identity authentication method provided in an embodiment of the present specification;

fig. 2 is a schematic structural diagram of an identity authentication apparatus according to an embodiment of the present disclosure;

fig. 3 is a schematic structural diagram of an identity authentication device provided in one or more embodiments of the present specification;

FIG. 4 is a flow diagram of a method for implementing an authorization exempt component according to one embodiment of the present specification;

FIG. 5 is a schematic diagram of a solution architecture of one or more embodiments of the present description;

FIG. 6 is a message interaction diagram of one or more embodiments of the specification;

fig. 7 is a schematic structural diagram of an apparatus for implementing an authorization exemption component according to an embodiment of the present specification;

FIG. 8 is a block diagram of a computing device, according to one or more embodiments of the present description.

Detailed Description

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, as those skilled in the art will be able to make and use the present disclosure without departing from the spirit and scope of the present disclosure.

The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present specification refers to and encompasses any and all possible combinations of one or more of the associated listed items.

It will be understood that, although the terms first, second, etc. may be used herein in one or more embodiments to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first can also be referred to as a second and, similarly, a second can also be referred to as a first without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.

First, the noun terms to which one or more embodiments of the present specification relate are explained.

In the present specification, an identity authentication method and a method for implementing an authorization-exempt component are provided, and the present specification relates to an identity authentication apparatus, an apparatus for implementing an authorization-exempt component, a computing device, and a computer-readable storage medium, which are described in detail in the following embodiments one by one.

Fig. 1 shows a flowchart of an identity authentication method applied to a third-party application provided by a third-party platform according to an embodiment of the present specification, which includes steps 102 to 106.

Step 102: and when the identity of the user needs to be confirmed, judging whether the user authorizes the bank card to be exempted from login according to the bank card exempting authorization state information of the user.

For example, the authorization status information of the bank card exempt from logging may include an authorized status or an unauthorized status.

Optionally, the authorization of the user to log in the bank card may also be obtained in the case that the user does not authorize the log in of the bank card. For example, a dialog box requesting authorization can be popped up at the third party application, the confirmed authorization information input by the user is received through the dialog box, and the login-free authorization state information of the bank card is updated to be an authorized state correspondingly. Through the implementation mode, the third-party application can directly obtain the authorization from the user, the user does not need to additionally find the page entering the authorization, the authorization is timely, and the process is simple and efficient.

Step 104: and inquiring the information of the bank card bound by the user on the third-party platform from the inside of the third-party platform under the condition that the user authorizes the bank card to be free from logging.

For example, the bank card information may include bank card private information, such as a bank card number, a password, and the like. Wherein, the third party platform is a third party payment platform such as a Payment treasure.

Optionally, a bank card login-exempting authorization component may be provided, and when the identity of the user needs to be confirmed, the bank card login-exempting authorization component is called, so that the bank card login-exempting authorization component responds to the call, and whether the user authorizes the bank card login-exempting according to the stored bank card login-exempting authorization state information of the user. By providing a universal bank card login-free authorization component for the third-party application, login-free authorization related logic of the third-party application is simplified, the response speed of the third-party application can be improved, and user experience is improved. Accordingly, the third party application may obtain the bank card information returned by the bank card login-exempting authorization component in the case that the user has authorized the bank card login-exempt. The bank card information can be obtained by the bank card login-free authorization component under the condition that the bank card is judged not to be authorized by the user, the bank card information is inquired from the inside of the third-party platform after being authorized by the user and is returned to the third-party application, or the bank card login-free authorization component inquires from the inside of the third-party platform and is returned to the third-party application under the condition that the bank card is judged to be authorized by the user to be login-free.

Optionally, in order to ensure the security of the private information of the user, the third-party application may obtain the signed and encrypted bank card information returned by the bank card login-free authorization component under the condition that the user authorizes the bank card to be login-free, and send the signed and encrypted bank card information to the bank service end, so that the bank service end performs signature verification and decryption on the signed and encrypted bank card information, and performs user identity authentication according to the decrypted bank card information. In the embodiment, the bank card information is in an encrypted state in the transmission process from the bank card login-free authorization component to the third party application and then from the third party application to the bank server, and the clear text information is not obtained through decryption until the bank server, so that the safety of the user privacy information is guaranteed.

Step 106: and sending the information of the bank card to a bank server so that the bank server can perform user identity authentication according to the information of the bank card.

Optionally, a service request, for example, a payment request, may also be sent to the banking server, so that after the service completes user identity authentication, the service executes a service logic corresponding to the service request, returns service data to the third-party application, and receives service data returned by the banking server. Therefore, in the scene of business requests such as balance inquiry, bill particulars, payment and the like, the user does not need to input the information of the bank card again, and the identity authentication and the subsequent business logic processing at the bank server can be completed by the user through one-time bank card login-free authorization in third-party applications such as bank applets and the like, so that the method is simple and efficient, the user operation is simplified, and the user experience is improved.

It can be seen that, according to the authentication method provided in the embodiment of the present specification, when the bank server needs to confirm the identity of the user, the third-party application may obtain the bound bank card information from the inside of the third-party platform according to the authorization of the user, and send the bank card information to the bank server for user identity authentication, thereby simplifying the secondary identity authentication process in the business scene of card dimension such as balance inquiry, bill inquiry and the like, and completing the identity authentication and subsequent business logic processing at the bank server as long as the user has applied the bank card in the third-party application without authorization, without inputting the bank card information for secondary login, which is simple and efficient, simplifies the user operation, and improves the user experience.

Corresponding to the above-mentioned embodiment of the identity authentication method, the present specification further provides an embodiment of an identity authentication apparatus, and fig. 2 shows a schematic structural diagram of an identity authentication apparatus provided in an embodiment of the present specification. The identity authentication device can be configured to a third party application provided by a third party platform. As shown in fig. 2, the apparatus includes: a first module 202 for judging authorization, a first module 204 for inquiring card, and a first module 206 for sending card.

The authorization determination first module 202 may be configured to determine, when the identity of the user needs to be confirmed, whether the user has authorized the bank card to be exempted from login according to the bank card exempt-login authorization status information of the user.

The card inquiry first module 204 may be configured to inquire out, from the inside of the third party platform, information of a bank card bound by the user on the third party platform, in a case that the user has authorized the bank card to be exempted from login.

The card sending first module 206 may be configured to send the bank card information to a banking server, so that the banking server performs user identity authentication according to the bank card information.

Fig. 3 is a schematic structural diagram illustrating an identity authentication apparatus according to one or more embodiments of the present disclosure. The identity authentication device can be configured to a third party application provided by a third party platform. As shown in fig. 3, the apparatus may further include: the authorization obtaining module 208 may be configured to obtain the authorization of the user to log on the bank card in case that the user does not authorize the bank card to log on.

Through the implementation mode, the third-party application can directly obtain the authorization from the user, the user does not need to additionally find the page entering the authorization, the authorization is timely, and the process is simple and efficient.

Optionally, as shown in fig. 3, the authorization determination first module 202 may be configured to invoke a bank card login-exempting authorization component when the identity of the user needs to be confirmed, so that the bank card login-exempting authorization component determines, in response to the invocation, whether the user has authorized the bank card login-exempting according to the stored bank card login-exempting authorization state information of the user. The card query first module 204 may be configured to obtain bank card information returned by the bank card login-exempting authorization component if the user has authorized the bank card login exemption; the bank card information is obtained by the bank card login-free authorization component under the condition that the user does not authorize the bank card login-free, the bank card information is inquired from the inside of the third-party platform after the user authorization is obtained and returned to the third-party application, or the bank card login-free authorization component inquires from the inside of the third-party platform and returns to the third-party application under the condition that the user is authorized to authorize the bank card login-free. By providing a universal bank card login-free authorization component for the third-party application, login-free authorization related logic of the third-party application is simplified, the response speed of the third-party application can be improved, and user experience is improved.

Optionally, the card inquiry first module 204 may be configured to obtain the signed encrypted bank card information returned by the bank card login-exempting authorization component, in a case that the user has authorized the bank card login exemption. The card sending first module 206 may be configured to send the signed and encrypted bank card information to the bank server, so that the bank server performs signature verification and decryption on the signed and encrypted bank card information, and performs user identity authentication according to the decrypted bank card information. In the embodiment, the bank card information is in an encrypted state in the transmission process from the bank card login-free authorization component to the third party application and then from the third party application to the bank server, and the clear text information is not obtained through decryption until the bank server, so that the safety of the user privacy information is guaranteed.

As shown in fig. 3, the apparatus may further include: the request sending module 210 may be configured to send a service request to the banking server, so that after the service completes user identity authentication, the service executes service logic corresponding to the service request, and returns service data to the third-party application. And the data receiving module 212 may be configured to receive the business data returned by the bank server.

For example, the request sending module 210 may be configured to send a payment request to the banking server.

Therefore, in the scene of business requests such as balance inquiry, bill particulars, payment and the like, the user does not need to input the information of the bank card again, and the identity authentication and the subsequent business logic processing at the bank server can be completed by the user through one-time bank card login-free authorization in third-party applications such as bank applets and the like, so that the method is simple and efficient, the user operation is simplified, and the user experience is improved.

The above is a schematic scheme of an identity authentication apparatus of this embodiment. It should be noted that the technical scheme of the identity authentication apparatus and the technical scheme of the identity authentication method described above belong to the same concept, and details that are not described in detail in the technical scheme of the identity authentication apparatus can be referred to the description of the technical scheme of the identity authentication method described above.

Fig. 4 shows a flowchart of a method for implementing an authorization exemption component according to an embodiment of the present specification, including steps 402 to 406.

Step 402: responding to the calling of a third-party application in a third-party platform, and aiming at the user related to the calling, judging whether the user authorizes the bank card to be free from login according to the stored bank card free authorization state information of the user.

For example, it may be determined by the authorization center whether the user has authorized the bank card to be exempted from login. The authorization center can be used for storing the login-free authorization state information of the bank card of the user and deciding whether the user needs to authorize or not.

Step 404: and inquiring the information of the bank card bound by the user on the third-party platform from the inside of the third-party platform under the condition that the user authorizes the bank card to be free from logging.

For example, when it is determined that the user does not authorize the login of the bank card, the user authorization may be obtained, the login authorization exempting state information of the bank card of the user may be updated, and the bank card information may be queried from the inside of the third-party platform. And under the condition that the user is judged to authorize the bank card to be free from logging, inquiring the bank card information from the inside of the third-party platform.

Optionally, the bank card information may be queried from inside the third party platform through an open gateway, where the open gateway is configured to perform signing encryption on the bank card information. For example, an encryption algorithm such as RSA, SHA256, or the like may be used. In the embodiment, because the bank card information is signed and encrypted through the open gateway after being inquired out from the inside of the third platform, the bank card information is always in an encrypted state in the whole transmission process, and the safety of the user privacy information is guaranteed.

Step 406: and sending the bank card information to the third-party application so that the third-party application can send the bank card information to a bank server, and the bank server can perform user identity authentication according to the bank card information.

For example, the bank card information subjected to signature adding and encryption is sent to the third-party application, so that the third-party application sends the bank card information subjected to signature adding and encryption to a bank server, the bank server conducts signature verification and decryption on the bank card information subjected to signature adding and encryption, and user identity authentication is conducted according to the decrypted bank card information. In the embodiment, the bank card information is always in an encrypted state in the transmission process from the bank card login-free authorization component to the third party application and then from the third party application to the bank server, so that the security of the user privacy information is guaranteed.

It can be seen that, according to the method for implementing the login-free authorization component provided in the embodiment of the present specification, the bank card login-free authorization component that can be called by the third-party application is implemented, so that the third-party application can obtain the bank card information bound inside the third-party platform under the condition of user authorization and send the bank card information to the bank server for user identity authentication, thereby providing a general bank card login-free authorization component for the second-time identity authentication process of the third-party application in the business scene of card dimensionality such as simplified balance inquiry, bill inquiry and the like, and the identity authentication and subsequent business logic processing at the bank server can be completed as long as the user has performed the login-free authorization at the bank card in the third-party application, and the second login is performed without inputting the bank card information, which is simple and efficient, simplifies the user operation, and improves the user experience.

In order to make one or more embodiments of the present disclosure easier to understand, the following description is made with reference to fig. 5, which is a schematic diagram of a solution architecture according to one or more embodiments of the present disclosure. As shown in fig. 5, in the scheme architecture according to one or more embodiments of the present specification, a five-layer structure may be included: business scenario 502, application layer 504, bank card login-exempt authorization component layer 506, base layer 508, data layer 510. The service scenario 502 may include: balance inquiry, bill particulars, repayment inquiry, account information inquiry and the like. The application layer 504 may include: a bank applet and a bank server. The functions of the bank card logoff authorization component 506 may include: user authorization is performed through an authorization center of the base layer 508, bank card information inquiry is performed through an open gateway of the base layer 508, and signature encryption is performed through the open gateway of the base layer 508 and an encryption algorithm. The base layer 508 may include: the system comprises an open gateway, an authorization center, an applet platform for realizing the applet of the bank and an encryption algorithm. The bank card logoff authorization component 506 is an application layer located on top of the open gateway, the authorization center, the encryption algorithm. The data layer 510 may include: such as user information like real name, mobile phone number, bank card information, bank information like bank name, bank abbreviation, etc. According to the implementation scene, the bank server can return the user information, the bank card information and the bank information to the bank applet.

Based on the scheme architecture shown in fig. 5, when a user uses a bank applet developed by a bank on a third-party platform, for scenes such as balance inquiry, bill inquiry and the like, the bottom layer can depend on basic functions such as an open gateway, an authorization center, an encryption algorithm and the like, so that private data such as bank card information of the user is encrypted through user authorization and a full-course asymmetric encryption algorithm in the whole transmission process, and the universality and the safety of the private information of the user are guaranteed.

Next, with reference to the message interaction diagram shown in fig. 6, a flow of one or more embodiments of the present specification based on the schema architecture shown in fig. 5 is described. The specific steps include steps 602 to 634.

Step 602: the bank applet responds to the user using a certain bank function, such as balance inquiry, bill particulars, repayment inquiry, account information inquiry and the like, and the identity authentication is carried out according to the bank function needing bank card information, and the bank card login-free authorization component is called.

Step 604: the bank card login-free authorization component sends an authorization judgment request to the authorization center.

Step 606: and the authorization center responds to the received authorization judgment request and judges whether the user authorizes the bank card to be free of login according to the bank card free-of-login authorization state information of the user.

Step 608: and the authorization center returns the unauthorized information of the user to the bank applet under the condition that the unauthorized bank card of the user is judged to be free from logging.

Step 610: and the bank applet displays a request authorization dialog box according to the unauthorized information of the user so as to enable the user to authorize.

Step 612: and sending the authorization confirmation information of the user to the authorization center under the condition that the user confirms authorization.

Step 614: and the authorization center updates the login-free authorization state information of the bank card of the user according to the authorization confirmation information.

Step 616: and the authorization center sends a bank card information inquiry request to the open gateway under the condition that the user authorizes the bank card to be free from logging.

Step 618: and the open gateway responds to the received bank card information inquiry request and sends an inquiry request for inquiring the bank card information of the user to a data service in a third-party platform.

Step 620: and the open gateway receives the bank card information of the user returned by the open gateway from the data service of the third-party platform.

Step 622: and the open gateway signs and encrypts the information of the bank card.

Step 624: the open gateway returns the information of the bank card after the signature encryption to the bank card login-free authorization component.

Step 626: and the bank card login-free authorization component returns the information of the bank card after signature addition and encryption to the bank applet.

Step 628: and the small bank program sends the service request carrying the signed and encrypted bank card information to a bank server.

Step 630: and the bank server checks and decrypts the signed and encrypted bank card information, performs user identity authentication according to the decrypted bank card information, and executes the service request after the authentication is passed.

Step 632: and the bank server returns the service data corresponding to the service request to the small bank program.

Step 634: and the small bank program renders a business page according to the received business data.

It can be seen from the embodiment that, in the embodiment, when a user accesses some functions of a bank applet, through user authorization, a third-party platform such as a payment bank is allowed to transmit bank card information bound by the user to the bank applet for use in service scenarios such as identity confirmation and information query, and user privacy protection mechanisms such as signature adding and encryption are added in the bank card information transmission process, a bank service end carries out processing such as signature verification and decryption after taking the bank card information of the user, and identifies the user identity and carries out subsequent service processing through the bank card information, so that the operation of inputting the bank card information by the user is omitted, the user operation steps are simplified, and the user experience is improved.

Corresponding to the above method embodiment for implementing the login-exempting authorization component, the present specification further provides an embodiment of a device for implementing the login-exempting authorization component, and fig. 7 illustrates a schematic structural diagram of the device for implementing the login-exempting authorization component provided by an embodiment of the present specification. As shown in fig. 7, the apparatus includes: an authorization determination second module 702, a card inquiry second module 704, and a card send second module 706.

The authorization determination second module 702 may be configured to, in response to a call of a third-party application in a third-party platform, determine, for a user involved in the call, whether the user has authorized the bank card to be exempted from login according to the saved bank card exempt-login authorization state information of the user.

The card inquiry second module 704 may be configured to inquire out the information of the bank card bound by the user on the third party platform from the inside of the third party platform if the user has authorized the bank card to be exempted from login.

The card sending second module 706 may be configured to send the bank card information to the third-party application, so that the third-party application sends the bank card information to a bank server, so that the bank server performs user identity authentication according to the bank card information.

Optionally, the card sending second module 706 may be configured to send the signed and encrypted bank card information to the third-party application, so that the third-party application sends the signed and encrypted bank card information to a bank service end, so that the bank service end performs signature verification and decryption on the signed and encrypted bank card information, and performs user identity authentication according to the decrypted bank card information. In the embodiment, the bank card information is always in an encrypted state in the transmission process from the bank card login-free authorization component to the third party application and then from the third party application to the bank server, so that the security of the user privacy information is guaranteed.

Optionally, the card querying second module 704 may be configured to query the bank card information from the inside of the third party platform through an open gateway, where the open gateway is configured to perform signature encryption on the bank card information. In the embodiment, because the bank card information is signed and encrypted through the open gateway after being inquired out from the inside of the third platform, the bank card information is always in an encrypted state in the whole transmission process, and the safety of the user privacy information is guaranteed.

The foregoing is an exemplary scheme of the apparatus for implementing the login-free authorization module in this embodiment. It should be noted that the technical solution of the apparatus for implementing the authorization-exempt component and the technical solution of the method for implementing the authorization-exempt component belong to the same concept, and details of the technical solution of the apparatus for implementing the authorization-exempt component, which are not described in detail, can be referred to the description of the technical solution of the method for implementing the authorization-exempt component.

FIG. 8 illustrates a block diagram of a computing device 800, according to one embodiment of the present description. The components of the computing device 800 include, but are not limited to, memory 810 and a processor 820. The processor 820 is coupled to the memory 810 via a bus 830, and the database 850 is used to store data.

Computing device 800 also includes access device 840, access device 840 enabling computing device 800 to communicate via one or more networks 860. Examples of such networks include the Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), or a combination of communication networks such as the internet. Access device 840 may include one or more of any type of network interface (e.g., a Network Interface Card (NIC)) whether wired or wireless, such as an IEEE802.11 Wireless Local Area Network (WLAN) wireless interface, a worldwide interoperability for microwave access (Wi-MAX) interface, an ethernet interface, a Universal Serial Bus (USB) interface, a cellular network interface, a bluetooth interface, a Near Field Communication (NFC) interface, and so forth.

In one embodiment of the present description, the above-described components of computing device 800, as well as other components not shown in FIG. 8, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device architecture shown in FIG. 8 is for purposes of example only and is not limiting as to the scope of the description. Those skilled in the art may add or replace other components as desired.

Computing device 800 may be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), a mobile phone (e.g., smartphone), a wearable computing device (e.g., smartwatch, smartglasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 800 may also be a mobile or stationary server.

In one or more embodiments of an aspect of the present description, processor 820 may be configured to execute the following computer-executable instructions:

when the identity of a user needs to be confirmed, judging whether the user authorizes the bank card to be exempted from login according to the bank card exempting authorization state information of the user;

under the condition that the user authorizes the bank card to be free from logging, inquiring bank card information bound by the user on the third-party platform from the inside of the third-party platform;

and sending the information of the bank card to a bank server so that the bank server can perform user identity authentication according to the information of the bank card.

Optionally, when the identity of the user needs to be confirmed, the determining, according to the information on the login-exempting authorization status of the bank card of the user, whether the user has authorized the login-exempting of the bank card includes:

when the identity of a user needs to be confirmed, calling a bank card login-free authorization component so that the bank card login-free authorization component responds to the calling and judges whether the user authorizes the bank card login-free according to the stored bank card login-free authorization state information of the user;

the inquiring of the information of the bank card bound by the user on the third-party platform from the inside of the third-party platform under the condition that the user authorizes the bank card to be free from logging comprises:

under the condition that the user authorizes the bank card to be free from login, bank card information returned by the bank card free-from-login authorization component is obtained;

the bank card information is obtained by the bank card login-free authorization component under the condition that the user does not authorize the bank card login-free, the bank card information is inquired from the inside of the third-party platform after the user authorization is obtained and returned to the third-party application, or the bank card login-free authorization component inquires from the inside of the third-party platform and returns to the third-party application under the condition that the user is authorized to authorize the bank card login-free.

Optionally, in the case that the user has authorized the bank card to log in, obtaining the bank card information returned by the bank card log-in-exempting authorization component includes:

under the condition that the user authorizes the bank card to be free from login, obtaining the bank card information which is returned by the bank card free-from-login authorization component and encrypted by adding a signature;

the sending the bank card information to a bank server comprises:

and sending the information of the bank card subjected to signature adding and encryption to the bank server so that the bank server can verify and decrypt the information of the bank card subjected to signature adding and encryption and perform user identity authentication according to the decrypted information of the bank card.

Optionally, the method further comprises:

sending a service request to the bank server, so that the server executes a service logic corresponding to the service request after completing user identity authentication, and returns service data to the third-party application;

and receiving the business data returned by the bank server.

Optionally, the sending the service request to the banking server includes:

and sending the payment request to the bank server.

The above is an illustrative scheme of a computing device of the present embodiment. It should be noted that the technical solution of the computing device and the technical solution of the identity authentication method described above belong to the same concept, and details that are not described in detail in the technical solution of the computing device can be referred to the description of the technical solution of the identity authentication method described above.

In one or more embodiments of another aspect of the present description, the processor 820 may be configured to execute the following computer-executable instructions:

responding to the calling of a third-party application in a third-party platform, and aiming at a user involved in the calling, judging whether the user authorizes the bank card to be free from login according to the stored bank card free authorization state information of the user;

under the condition that the user authorizes the bank card to be free from logging, inquiring bank card information bound by the user on a third-party platform from the inside of the third-party platform;

and sending the bank card information to the third-party application so that the third-party application can send the bank card information to a bank server, and the bank server can perform user identity authentication according to the bank card information.

Optionally, the sending the bank card information to the third-party application so that the third-party application sends the bank card information to a bank server, and the bank server performs user identity authentication according to the bank card information includes:

and sending the bank card information subjected to signature adding and encryption to the third-party application so that the third-party application can send the bank card information subjected to signature adding and encryption to a bank server, so that the bank server can check and decrypt the signature of the bank card information subjected to signature adding and encryption and perform user identity authentication according to the decrypted bank card information.

Optionally, the querying the bank card information from the inside of the third party platform includes:

and inquiring the bank card information from the inside of the third-party platform through an open gateway, wherein the open gateway is used for signing and encrypting the bank card information.

The above is an illustrative scheme of a computing device of the present embodiment. It should be noted that the technical solution of the computing device and the technical solution of the method for implementing the authorization exempting component belong to the same concept, and details that are not described in detail in the technical solution of the computing device can be referred to the description of the technical solution of the method for implementing the authorization exempting component.

An aspect of the present description also provides a computer-readable storage medium storing computer instructions, which when executed by a processor, are configured to:

the sending the bank card information to a bank server comprises:

Optionally, the method further comprises:

and receiving the business data returned by the bank server.

Optionally, the sending the service request to the banking server includes:

and sending the payment request to the bank server.

The above is an illustrative scheme of a computer-readable storage medium of the present embodiment. It should be noted that the technical solution of the storage medium belongs to the same concept as the technical solution of the above-mentioned identity authentication method, and details that are not described in detail in the technical solution of the storage medium can be referred to the description of the technical solution of the above-mentioned identity authentication method.

Another aspect of the present specification also provides a computer readable storage medium storing computer instructions that, when executed by a processor, are configured to:

The above is an illustrative scheme of a computer-readable storage medium of the present embodiment. It should be noted that the technical solution of the storage medium and the technical solution of the method for implementing the login-free authorization module belong to the same concept, and details that are not described in detail in the technical solution of the storage medium can be referred to the description of the technical solution of the method for implementing the login-free authorization module.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The computer instructions comprise computer program code which may be in the form of source code, object code, an executable file or some intermediate form, or the like. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.

It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts, but those skilled in the art should understand that the present embodiment is not limited by the described acts, because some steps may be performed in other sequences or simultaneously according to the present embodiment. Further, those skilled in the art should also appreciate that the embodiments described in this specification are preferred embodiments and that acts and modules referred to are not necessarily required for an embodiment of the specification.

In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.

The preferred embodiments of the present specification disclosed above are intended only to aid in the description of the specification. Alternative embodiments are not exhaustive and do not limit the invention to the precise embodiments described. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the embodiments and the practical application, to thereby enable others skilled in the art to best understand and utilize the embodiments. The specification is limited only by the claims and their full scope and equivalents.

Claims

1. An identity authentication method is applied to a third party application provided by a third party platform, and comprises the following steps:

2. The method of claim 1, further comprising:

and under the condition that the user does not authorize the login exemption of the bank card, obtaining the authorization of the user for the login exemption of the bank card.

3. The method of claim 1, wherein when the identity of the user needs to be confirmed, judging whether the user authorizes the bank card to be exempted from login according to the bank card exempt-login authorization state information of the user comprises:

4. The method of claim 3, wherein the obtaining bank card information returned by the bank card logoff authorization component in the event that the user has authorized bank card logoff comprises:

the sending the bank card information to a bank server comprises:

5. The method of claim 1, further comprising:

and receiving the business data returned by the bank server.

6. The method of claim 5, the sending the service request to the banking server comprising:

and sending the payment request to the bank server.

7. An identity authentication device configured for a third-party application provided by a third-party platform, comprising:

the authorization judging module is configured to judge whether the user authorizes the bank card to be free of login according to the bank card free-of-login authorization state information of the user when the identity of the user needs to be confirmed;

the card inquiry first module is configured to inquire out bank card information bound by the user on the third-party platform from the inside of the third-party platform under the condition that the user authorizes the bank card to be free from logging;

and the card sending first module is configured to send the bank card information to a bank server so that the bank server can perform user identity authentication according to the bank card information.

8. The apparatus of claim 7, further comprising:

and the authorization obtaining module is configured to obtain the authorization of the user for log-on exemption of the bank card under the condition that the user does not authorize the log-on exemption of the bank card.

9. The device of claim 7, wherein the authorization determination first module is configured to invoke a bank card login-exempt authorization component when the identity of the user needs to be confirmed, so that the bank card login-exempt authorization component determines whether the user has authorized the bank card login-exempt according to the saved bank card login-exempt authorization state information of the user in response to the invocation;

the card inquiry first module is configured to obtain bank card information returned by the bank card login-exempting authorization component under the condition that the user authorizes the bank card to be login-exempted; the bank card information is obtained by the bank card login-free authorization component under the condition that the user does not authorize the bank card login-free, the bank card information is inquired from the inside of the third-party platform after the user authorization is obtained and returned to the third-party application, or the bank card login-free authorization component inquires from the inside of the third-party platform and returns to the third-party application under the condition that the user is authorized to authorize the bank card login-free.

10. The apparatus according to claim 9, wherein the card inquiry first module is configured to obtain the signed encrypted bank card information returned by the bank card login-exempting authorization component if the user has authorized the bank card to log in exempt;

the card sending first module is configured to send the signed and encrypted bank card information to the bank server, so that the bank server can check and decrypt the signed and encrypted bank card information, and can perform user identity authentication according to the decrypted bank card information.

11. The apparatus of claim 7, further comprising:

the request sending module is configured to send a service request to the bank server, so that the server executes service logic corresponding to the service request after user identity authentication is completed, and returns service data to the third-party application;

and the data receiving module is configured to receive the business data returned by the bank server.

12. The apparatus of claim 11, the request sending module configured to send a payment request to the banking server.

13. A method of implementing a login-free authorization component, comprising:

14. The method of claim 13, wherein the sending the bank card information to the third-party application, so that the third-party application sends the bank card information to a banking server, and the banking server performs user identity authentication according to the bank card information comprises:

15. The method of claim 14, wherein the querying the bank card information from within the third party platform comprises:

16. An apparatus that implements a login-free authorization component, comprising:

the authorization judgment second module is configured to respond to the calling of a third-party application in a third-party platform, and judge whether the user is authorized to log in the bank card according to the saved bank card login-free authorization state information of the user aiming at the user related to the calling;

the card inquiry second module is configured to inquire out bank card information bound by the user on a third-party platform from the inside of the third-party platform under the condition that the user authorizes the bank card to be free from logging;

and the card sending second module is configured to send the bank card information to the third-party application so that the third-party application can send the bank card information to a bank server, and the bank server can perform user identity authentication according to the bank card information.

17. The apparatus according to claim 16, wherein the card sending second module is configured to send the encrypted signed bank card information to the third-party application, so that the third-party application sends the encrypted signed bank card information to a banking server, so that the banking server performs signature verification and decryption on the encrypted signed bank card information, and performs user identity authentication according to the decrypted bank card information.

18. The apparatus of claim 17, wherein the card querying second module is configured to query the bank card information from inside the third party platform through an open gateway, wherein the open gateway is configured to sign-up encrypt the bank card information.

19. A computing device, comprising:

a memory and a processor;

the memory is to store computer-executable instructions, and the processor is to execute the computer-executable instructions to:

when a third-party application provided by a third-party platform needs to confirm the identity of a user, judging whether the user authorizes the bank card to be free of login according to the bank card free-login authorization state information of the user;

and the third-party application sends the bank card information to a bank server so that the bank server can perform user identity authentication according to the bank card information.

20. A computer readable storage medium storing computer instructions which, when executed by a processor, carry out the steps of the identity authentication method of any one of claims 1 to 6.

21. A computing device, comprising:

a memory and a processor;

22. A computer readable storage medium storing computer instructions which, when executed by a processor, carry out the steps of the method of implementing a login-free authorization component according to any one of claims 13 to 15.