CN111368273A - Identity verification method and device - Google Patents

Identity verification method and device Download PDF

Info

Publication number
CN111368273A
CN111368273A CN202010188616.1A CN202010188616A CN111368273A CN 111368273 A CN111368273 A CN 111368273A CN 202010188616 A CN202010188616 A CN 202010188616A CN 111368273 A CN111368273 A CN 111368273A
Authority
CN
China
Prior art keywords
user
equipment
determining
identifier
default
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010188616.1A
Other languages
Chinese (zh)
Other versions
CN111368273B (en
Inventor
曹路阳
马振邦
山瑞峰
曲鹏
杨漫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hanhai Information Technology Shanghai Co Ltd
Original Assignee
Hanhai Information Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hanhai Information Technology Shanghai Co Ltd filed Critical Hanhai Information Technology Shanghai Co Ltd
Priority to CN202010188616.1A priority Critical patent/CN111368273B/en
Publication of CN111368273A publication Critical patent/CN111368273A/en
Application granted granted Critical
Publication of CN111368273B publication Critical patent/CN111368273B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present specification discloses an identity authentication method and apparatus, wherein if it is monitored that an identifier of a device to be identified corresponding to a device currently used by a user is different from a stored default device identifier corresponding to the user, a geographical position, on which the device corresponding to the identifier of the device to be identified currently used by the user is based, is obtained as a first position, and a geographical position, which meets a preset condition, is selected from geographical positions, on which the device corresponding to the default device identifier is used by the user for service processing is based, as a second position. And determining an effective geographic range for the user to perform identity authentication by taking the second position as a center, and performing identity authentication on the user according to the first position and the effective geographic range. According to the method, the user is authenticated according to the geographical position of the business processing by using the equipment corresponding to the equipment identifier to be recognized, so that the user can be ensured to use the equipment corresponding to the equipment identifier to be recognized. Compared with the prior art, the safety can be improved.

Description

Identity verification method and device
Technical Field
The present disclosure relates to the field of computers, and in particular, to a method and an apparatus for identity authentication.
Background
In practical applications, when the mobile device held by the user suddenly loses power or the mobile device is lost, great inconvenience is brought to the user. For example, if the mobile device held by the delivery staff suddenly loses power while performing the delivery task, the delivery staff may not be able to deliver the delivery object to the customer on time, which reduces the efficiency of order execution and also causes inconvenience to the customer who places the order.
In the prior art, if a user encounters a situation that a held mobile device is suddenly powered off or the mobile device is lost, the user account can be directly logged onto another mobile device to continue to execute a service. However, the service platform cannot determine whether the behavior of logging in the user account to other mobile devices is from the user himself or from other people who steal the user account, so that the security of the user information cannot be guaranteed.
Therefore, how to verify the identity of the user and ensure the information security of the user when the user account logs in other mobile devices is an urgent problem to be solved.
Disclosure of Invention
The present specification provides an identity authentication method and apparatus, which partially solve the above problems in the prior art.
The technical scheme adopted by the specification is as follows:
the present specification provides a method of identity verification, comprising:
acquiring an equipment identifier corresponding to equipment currently used by a user as an equipment identifier to be identified;
if the device identification to be recognized is determined to be different from the stored default device identification corresponding to the user, acquiring a geographical position based on which a device corresponding to the device identification to be recognized is currently used by the user as a first position;
selecting a geographical position meeting a preset condition from the geographical positions based on which the user uses the equipment corresponding to the default equipment identification to perform service processing, and taking the geographical position as a second position;
determining a valid geographic range for the user to authenticate centered on the second location;
and according to the first position and the effective geographic range, performing service processing on the equipment corresponding to the equipment identifier to be identified, which is required by the user, so as to perform identity authentication.
Optionally, the selecting, as the second location, a geographic location that meets a preset condition from the geographic locations on which the user uses the device corresponding to the default device identifier to perform service processing includes:
and determining the geographical position based on which the user uses the equipment corresponding to the default equipment identification for service processing for the last time as the geographical position meeting the preset condition.
Optionally, before determining a valid geographic range for authentication of the user centering on the second location, the method further includes:
and if the equipment corresponding to the default equipment identification is determined to be in an unavailable state, performing service processing on the equipment corresponding to the equipment identification to be identified by the user for identity verification.
Optionally, determining that the device corresponding to the default device identifier is in an unavailable state specifically includes:
sending a voice call to the equipment corresponding to the default equipment identification;
and if the equipment corresponding to the default equipment identification is determined not to be connected with the voice call, determining that the equipment corresponding to the default equipment identification is in an unavailable state.
Optionally, determining that the device corresponding to the default device identifier does not connect the voice call specifically includes:
acquiring voice prompt information of equipment corresponding to the default equipment identification responding to the voice call;
and performing voice recognition on the voice prompt information to determine that the equipment corresponding to the default equipment identification is not connected with the voice call.
Optionally, with the second location as a center, determining a valid geographic range for the user to perform identity authentication specifically includes:
determining an effective radius according to the security level corresponding to the user and/or the determined number of active users in the set area, wherein the higher the number of active users in the set area is, the smaller the effective radius is, the higher the security level corresponding to the user is, the smaller the effective radius is;
and taking the second position as a center, performing area division by using the effective radius, and determining an effective geographic range for performing identity authentication on the user in the set area.
Optionally, the determining the setting area specifically includes:
and taking the second position as a center, and performing area division by using a set radius to determine the set area.
Optionally, the authenticating the user according to the first location and the valid geographic range specifically includes:
determining a verification code corresponding to the user;
and if the first position is determined to be located in the effective geographic range and the verification code is determined to be input by the user, determining that the user passes the identity verification when the user needs to perform service processing through the equipment corresponding to the equipment identifier to be recognized.
Optionally, determining that the user inputs the verification code specifically includes:
determining the effective duration corresponding to the verification code and determining the starting time of identity verification of the user;
and if the time interval between the moment when the user inputs the verification code and the starting moment is monitored not to exceed the effective duration, determining that the user inputs the verification code.
This specification provides an apparatus for identity verification, comprising:
the first acquisition module is used for acquiring an equipment identifier corresponding to equipment currently used by a user and taking the equipment identifier as an equipment identifier to be identified;
a second obtaining module, configured to, if it is determined that the to-be-recognized device identifier is different from the stored default device identifier corresponding to the user, obtain, as the first location, a geographic location where a device corresponding to the to-be-recognized device identifier currently used by the user is based on;
a selecting module, configured to select, as a second location, a geographic location that meets a preset condition from geographic locations on which the user performs service processing using the device corresponding to the default device identifier;
the determining module is used for determining an effective geographic range for identity authentication of the user by taking the second position as a center;
and the verification module is used for performing service processing on the equipment corresponding to the equipment identifier to be identified, which is required by the user, according to the first position and the effective geographic range, so as to perform identity verification.
The present specification provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the above-described method of identity verification.
The present specification provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the above method of authentication when executing the program.
The technical scheme adopted by the specification can achieve the following beneficial effects:
in the method for authenticating identity provided in this specification, if it is monitored that an identifier of a device to be identified corresponding to a device currently used by a user is different from a stored default device identifier corresponding to the user, a geographical position, on which the device corresponding to the identifier of the device to be identified currently used by the user is based, may be obtained as a first position, and a geographical position, which meets a preset condition, is selected from geographical positions, on which the device corresponding to the default device identifier is used by the user for performing service processing, as a second position. And then, determining an effective geographic range for the user to perform identity authentication by taking the second position as a center, and performing service processing on the equipment corresponding to the equipment identifier to be identified, which is required by the user, according to the first position and the effective geographic range to perform identity authentication.
The method can be seen in that the user can be authenticated according to the geographical position of the service processing by using the equipment corresponding to the equipment identifier to be recognized, and the user can be ensured to use the equipment corresponding to the equipment identifier to be recognized to a certain extent. Compared with the prior art, the method for authenticating the user using the equipment corresponding to the identification equipment identifier does not exist, and the safety of the user information can be ensured to a certain extent.
Drawings
The accompanying drawings, which are included to provide a further understanding of the specification and are incorporated in and constitute a part of this specification, illustrate embodiments of the specification and together with the description serve to explain the specification and not to limit the specification in a non-limiting sense. In the drawings:
fig. 1 is a schematic flow chart of a method of identity verification in the present specification;
FIG. 2 is a schematic illustration of an effective geographic area and a defined area provided herein;
FIG. 3 is a schematic diagram of an authentication interface provided herein;
fig. 4 is a schematic diagram of an authentication device provided in the present specification;
fig. 5 is a schematic diagram of an electronic device corresponding to fig. 1 provided in the present specification.
Detailed Description
In order to make the objects, technical solutions and advantages of the present disclosure more clear, the technical solutions of the present disclosure will be clearly and completely described below with reference to the specific embodiments of the present disclosure and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present disclosure, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present specification without any creative effort belong to the protection scope of the present specification.
The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flow chart of an identity authentication method in this specification, which specifically includes the following steps:
s101: and acquiring the equipment identifier corresponding to the equipment currently used by the user as the equipment identifier to be identified.
S102: and if the device identifier to be recognized is determined to be different from the stored default device identifier corresponding to the user, acquiring the geographic position based on the device corresponding to the device identifier to be recognized currently used by the user as a first position.
In practical applications, a user usually uses a commonly-used device owned by the user to perform business execution, where the commonly-used device is a device that the user uses for a long time and is not replaced for a long time, and specifically may be an electronic mobile device such as a commonly-used mobile phone and a tablet computer of the user. However, in the process of executing the service, the user may have an emergency situation such as the loss of the frequently-used device or the power failure of the frequently-used device, so that the user can generally use the frequently-used device to continue the service execution in order to continue the service execution. The non-use device mentioned here refers to an electronic device that is not used frequently by a user or is used by others. In order to ensure that the action of continuing the service execution by the user using the non-commonly used device comes from the user himself, the service platform needs to authenticate the user.
Specifically, the service platform may obtain an equipment identifier corresponding to the equipment currently used by the user, and use the equipment identifier as the equipment identifier to be identified. Then, the service platform may compare the to-be-recognized device identifier with the stored default device identifier corresponding to the user, and if it is determined that the to-be-recognized device identifier and the stored default device identifier are different, a geographic location, based on which the device corresponding to the to-be-recognized device identifier currently used by the user is based, needs to be obtained as the first location.
That is to say, the service platform usually records the device identifier (such as the device number, the serial number, etc.) of the commonly used device held by the user, so the aforementioned default device identifier corresponding to the user refers to the device identifier of the commonly used device held by the user. When the user uses the non-common device to perform service processing, the user also obtains the device identifier of the non-common device (i.e., the device identifier to be identified). The service platform may compare the acquired device identifier to be identified with the recorded device identifier of the frequently-used device (i.e., default device identifier) held by the user, so as to monitor whether the user uses the frequently-used device in the service execution process.
For convenience of subsequent description, the device corresponding to the default device identifier is hereinafter referred to as a commonly used device used by the user, and for the case that the device identifier to be recognized is different from the default device identifier, the device corresponding to the device identifier to be recognized is hereinafter referred to as an unusually used device currently used by the user.
In this specification, it may be specifically determined that a user needs to use an unusual device for service processing in various forms, for example, when it is determined that the user uses the unusual device for user account login, it may be determined that the user needs to use the unusual device for service processing; for another example, when it is detected that an Application (App) installed in the non-use device is used by the user and an entry of a certain service is triggered, it is determined that the user needs to use the non-use device for service processing. Other forms are not illustrated in detail herein.
When it is monitored that the user needs to use the non-common device for business processing, the service platform can further determine a geographical position, on which the user needs to use the non-common device for business processing, as the first position. Specifically, when monitoring that the user needs to use the non-commonly used device for business processing, the service platform may perform positioning on the non-commonly used device in a preset positioning manner, which may be multiple, for example, a global positioning System (global positioning System)GPS), Wireless-Fidelity (WiFi) location, base station location, etc. The specification is not limited to a specific positioning manner.
Correspondingly, when the service platform performs identity authentication on the user in the subsequent process, that is, according to the first position, whether the behavior of performing service processing by using the non-common equipment is from the user himself is judged, and the specific process will be described in the subsequent process.
S103: and selecting a geographical position meeting a preset condition from the geographical positions based on which the user uses the equipment corresponding to the default equipment identification to perform service processing, and taking the geographical position as a second position.
After acquiring the first location where the user currently uses the non-use device, the service platform can select a geographical location meeting a preset condition from the geographical locations where the user uses the non-use device to perform service processing, and use the geographical location as the second location.
In this specification, the service platform may set the preset condition according to an actual requirement. For example, the service platform may determine a geographical location where the user has performed the service processing using the common device last time, as a geographical location meeting the preset condition; for another example, the service platform may take the geographical position where the user was in when using the common device for performing the service processing one hour before as the geographical position meeting the preset condition; for another example, the service platform may use the geographical location where the user most frequently uses the common device as the geographical location meeting the preset condition, and other forms are not necessarily illustrated herein.
It should be noted that, in order to make the result of the subsequent authentication more accurate, the service platform may further determine whether the common device of the user is in an unavailable state, and if the common device is in the unavailable state, it indicates that the user needs to use the unusual device for performing the service processing under an unforeseen condition, so that the service platform may perform the authentication on the user who needs to perform the service processing through the unusual device.
In this specification, the service platform may determine whether the frequently-used device of the user is in an unavailable state by dialing a voice call to the frequently-used device. Specifically, if the service platform dials a phone number of the frequently-used device or the frequently-used device is always in an unconnected state when the service platform dials the phone number or the internet phone, it may be determined that the frequently-used device is in an unavailable state. The service platform can also determine whether the frequently-used equipment is in an unavailable state by dialing a voice prompt obtained after the voice call of the frequently-used equipment of the user and identifying whether the voice prompt contains information such as shutdown of the frequently-used equipment or unavailable connection of the frequently-used equipment. The speech recognition algorithm used by the service platform to perform speech recognition on the speech prompt may be an existing conventional speech recognition algorithm, and the specific algorithm is not limited in this specification.
S104: and determining the effective geographic range for the user to authenticate by taking the second position as the center.
After determining the second location, the service platform may determine an effective geographic range for the user to perform authentication according to the determined second location. The valid geographic range is used to limit the geographic range within which the user is authenticated. In other words, the effective geographic range determined by the service platform is used to determine a safety range for authenticating the user, that is, if the current location of the user (the location where the user needs to use the unusual device for performing the service processing, that is, the first location) is within the safety range, it is determined that the behavior of the user that needs to use the unusual device for performing the service processing is self-owned by the user, otherwise, it is determined that the behavior of the user that needs to use the unusual device for performing the service processing is not self-owned by the user.
In this specification, there are many ways in which the service platform can determine the effective geographic scope for authentication for the user. For example, the service platform may set a circular area with a second position as a center and a set distance as a radius as an effective geographic range for the user to perform authentication, where the set distance may be set according to actual needs.
In order to ensure the accuracy of the determined effective geographic range, in this specification, the service platform may also determine the effective geographic range for the user to perform the identity authentication according to the security level corresponding to the user, the second location, and the determined number of active users in the set area.
Specifically, the service platform may determine a security level corresponding to the user and the number of active users in the set area, and then determine an effective radius as the radius of the effective geographic range according to the security level and the number of active users. Then, the service platform can use the second position as the center of the effective geographic range, that is, the effective geographic range can be determined by performing area division according to the radius of the effective geographic range and the center of the effective geographic range. As shown in fig. 2.
Fig. 2 is a schematic diagram of the effective geographic range and the set area provided by the present specification.
Taking fig. 2 as an example, the service platform may use the second position in fig. 2 as the center of the effective geographic range, and then, mark out the set area in the electronic map by using the set radius, where the set area is the area included in the great circle in fig. 2. Then, the service platform may determine the number of active users in the set area, and further determine an effective radius of an effective geographic range according to the number of active users and the security level corresponding to the user, as shown in fig. 2. Further, the service platform may perform area division by the effective radius and the second location as the center of the effective geographic range, so as to obtain the effective geographic range within the set area, i.e. the area included in the small circle in fig. 2.
In this specification, the specific form adopted for authenticating the user may refer to authenticating the verification code input by the user in the emergency device, and the determined valid geographic range may refer to a valid range in which the user inputs the verification code, that is, if the user inputs the verification code in the valid geographic range, the verification code input by the user is determined to be valid, and the user is determined to pass the authentication, otherwise, the verification code input by the user is determined to be invalid, and the user is determined not to pass the authentication.
It should be noted that, the higher the number of active users in the setting area is, the higher the authentication requirement for the user should be, because if the number of active users in the setting area is large by using the method of inputting the authentication code by the user for authentication, the authentication code used by other users may be the same as the user. Therefore, if the number of active users in the set area is higher, the length of the effective radius of the effective geographic range can be reduced, so that the possibility that the verification code input by the user in the divided effective geographic range is overlapped with the verification codes of other users is smaller. That is, in the present specification, the higher the number of active users in the set area, the smaller the determined effective radius should be, and the smaller the effective geographical range should be.
The effective radius may be determined by the particular service platform using the following equation.
Figure BDA0002415070250000091
Wherein r is the effective radius, L is the security level, and x is the number of active users in the set area, and certainly, there may be multiple formulas for specifically determining the effective radius, and it is only required to satisfy that the higher the security level is, the smaller the determined effective radius is, the larger the number of active users is, and the smaller the determined effective radius is. The security level mentioned here may be a security level set by the user, or a security level set by the service platform in a unified manner. In summary, the security level indicates the strictness of the authentication performed on the user, so that if the security level is higher, it indicates that the user needs higher security requirements, the effective radius should be smaller, and the effective geographic range is smaller.
The number of active users in the setting area mentioned above may refer to the number of users determined to use the designated App in the setting area, and the number of active users may specifically refer to the number of active users on the current day in the setting area, may also refer to the counted number of active users per day in the setting area, and may also refer to the counted number of active users per month in the setting area, which is not limited in this specification.
Of course, in this specification, the service platform may also determine the effective radius according to the security level corresponding to the user alone, or determine the effective radius according to the determined number of active users in the setting area alone, and it is only necessary to ensure that the higher the security level is, the smaller the effective radius is, the larger the number of active users is, and the smaller the effective radius is.
S105: and according to the first position and the effective geographic range, performing service processing on the equipment corresponding to the equipment identifier to be identified, which is required by the user, so as to perform identity authentication.
In this specification, the service platform may specifically perform authentication in which link the user needs to use the non-common device for business processing, which may be determined according to actual requirements, as shown in fig. 3.
Fig. 3 is a schematic diagram of an authentication interface provided in the present specification.
For example, if the service platform needs to perform authentication when the user logs in the emergency device, as shown in fig. 3, after the user completes the user account and the password, and submits the user account and the password, a page for performing authentication may be popped up to perform authentication on the user. Therefore, the service platform can perform identity authentication before the user uses the non-common equipment to perform service processing, and the user can release the permission of the user to use the non-common equipment to perform service processing if the user passes the identity authentication.
Certainly, the service platform may also perform authentication on the user in other links, for example, if the user triggers an entry of a service in the App installed on the emergency equipment, the authentication page shown in fig. 3 may be popped up, so that the user inputs a corresponding authentication code in the authentication page to complete the authentication, and other forms are not illustrated herein.
In this specification, the service platform may determine a verification code corresponding to the user, where the verification code may be set by the user, or may be a verification code set by the service platform for the user. And if the service platform authenticates the user, the user correctly inputs the authentication code and the first position is located in the effective geographic range, and the authentication of the user is determined to be passed.
Besides the authentication of the user by inputting the authentication code by the user, the service platform can also add the authentication condition, so that the authentication result of the user needing to perform service processing through the non-common equipment is more accurate.
Specifically, the service platform may determine an effective duration corresponding to the verification code and an initial time at which the user needs to be authenticated. The valid duration mentioned here may be set by the service platform for the verification code, or may be a valid duration for the verification code selected by the user in advance. The starting time mentioned here may be a time when the service platform starts to perform authentication on the user, and taking the above fig. 3 as an example, the starting time may be a time when an authentication page is popped up, or a starting time when the user inputs a user account.
And if the time interval between the moment when the user inputs the verification code and the initial moment does not exceed the effective duration, determining that the user effectively fills the verification code, and further determining that the identity verification of the user passes when the first position is determined to be located in the effective geographic range.
According to the method, the service platform can use the non-common equipment to process the business according to the geographical position of the user, so as to verify the identity of the user, and the user can be ensured to use the non-common equipment to a certain extent. That is to say, if it is monitored that the user needs to use the unusual device for business processing in the effective geographic range, it can be ensured that the behavior of the business processing comes from the user himself to a certain extent.
Based on the same idea, the present specification further provides a corresponding identity verification apparatus, as shown in fig. 4, for the method for identity verification provided above for one or more embodiments of the present specification.
Fig. 4 is a schematic diagram of an identity verification apparatus provided in this specification, which specifically includes:
a first obtaining module 401, configured to obtain an equipment identifier corresponding to equipment currently used by a user, where the equipment identifier is used as an equipment identifier to be identified;
a second obtaining module 402, configured to, if it is determined that the to-be-identified device identifier is different from the stored default device identifier corresponding to the user, obtain, as a first location, a geographic location where a device corresponding to the to-be-identified device identifier currently used by the user is based on;
a selecting module 403, configured to select, as a second location, a geographic location that meets a preset condition from geographic locations on which the user performs service processing using the device corresponding to the default device identifier;
a determining module 404, configured to determine, centering on the second location, a valid geographic range for performing identity authentication on the user;
and the verification module 405 is configured to perform identity verification on the device, to which the user needs to pass the device identifier to be identified, for service processing according to the first location and the valid geographic range.
Optionally, the selecting module 403 is specifically configured to determine, as the geographic location meeting the preset condition, a geographic location where the user has used the device corresponding to the default device identifier for service processing for the last time.
Optionally, before the determining module 404 determines the valid geographic range for the user to authenticate with regard to the user centering on the second location, the authenticating module 405 is further configured to:
and if the equipment corresponding to the default equipment identification is determined to be in an unavailable state, performing service processing on the equipment corresponding to the equipment identification to be identified by the user for identity verification.
Optionally, the verification module 405 is specifically configured to send a voice call to the device corresponding to the default device identifier; and if the equipment corresponding to the default equipment identification is determined not to be connected with the voice call, determining that the equipment corresponding to the default equipment identification is in an unavailable state.
Optionally, the verification module 405 is specifically configured to obtain voice prompt information that the device corresponding to the default device identifier responds to the voice call; and performing voice recognition on the voice prompt information to determine that the equipment corresponding to the default equipment identification is not connected with the voice call.
Optionally, the determining module 404 is specifically configured to determine an effective radius according to the security level corresponding to the user and/or the determined number of active users in the set area, where the higher the number of active users in the set area is, the smaller the effective radius is, the higher the security level corresponding to the user is, the smaller the effective radius is; and taking the second position as a center, performing area division by using the effective radius, and determining an effective geographic range for performing identity authentication on the user in the set area.
Optionally, the determining module 404 is specifically configured to perform area division with a set radius by using the second position as a center, and determine the set area.
Optionally, the verification module 405 is specifically configured to determine a verification code corresponding to the user; and if the first position is determined to be located in the effective geographic range and the verification code is determined to be input by the user, determining that the user passes the identity verification when the user needs to perform service processing through the equipment corresponding to the equipment identifier to be recognized.
Optionally, the verification module 405 is specifically configured to determine an effective duration corresponding to the verification code, and determine a starting time at which the user needs to be authenticated; and if the time interval between the moment when the user inputs the verification code and the starting moment is monitored not to exceed the effective duration, determining that the user inputs the verification code.
The present specification also provides a computer readable storage medium having stored thereon a computer program operable to perform the method of identity verification provided in figure 1 above.
This specification also provides a schematic block diagram of the electronic device shown in fig. 5. As shown in fig. 5, at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, but may also include hardware required for other services. The processor reads the corresponding computer program from the non-volatile memory into the memory and then runs the computer program to implement the method of identity authentication described in fig. 1 above. Of course, besides the software implementation, the present specification does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may be hardware or logic devices.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Language Description Language), traffic, pl (core unified Programming Language), HDCal, JHDL (Java Hardware Description Language), langue, Lola, HDL, laspam, hardsradware (Hardware Description Language), vhjhd (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the various elements may be implemented in the same one or more software and/or hardware implementations of the present description.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.

Claims (12)

1. A method of identity verification, comprising:
acquiring an equipment identifier corresponding to equipment currently used by a user as an equipment identifier to be identified;
if the device identification to be recognized is determined to be different from the stored default device identification corresponding to the user, acquiring a geographical position based on which a device corresponding to the device identification to be recognized is currently used by the user as a first position;
selecting a geographical position meeting a preset condition from the geographical positions based on which the user uses the equipment corresponding to the default equipment identification to perform service processing, and taking the geographical position as a second position;
determining a valid geographic range for the user to authenticate centered on the second location;
and according to the first position and the effective geographic range, performing service processing on the equipment corresponding to the equipment identifier to be identified, which is required by the user, so as to perform identity authentication.
2. The method according to claim 1, wherein selecting, as the second location, a geographic location that meets a preset condition from geographic locations on which the user performs service processing using the device corresponding to the default device identifier is based, specifically includes:
and determining the geographical position based on which the user uses the equipment corresponding to the default equipment identification for service processing for the last time as the geographical position meeting the preset condition.
3. The method of claim 1, wherein prior to determining a valid geographic range for authentication of the user centered on the second location, the method further comprises:
and if the equipment corresponding to the default equipment identification is determined to be in an unavailable state, performing service processing on the equipment corresponding to the equipment identification to be identified by the user for identity verification.
4. The method of claim 3, wherein determining that the device corresponding to the default device identifier is in an unavailable state specifically comprises:
sending a voice call to the equipment corresponding to the default equipment identification;
and if the equipment corresponding to the default equipment identification is determined not to be connected with the voice call, determining that the equipment corresponding to the default equipment identification is in an unavailable state.
5. The method of claim 4, wherein determining that the device corresponding to the default device identifier is not connected to the voice call comprises:
acquiring voice prompt information of equipment corresponding to the default equipment identification responding to the voice call;
and performing voice recognition on the voice prompt information to determine that the equipment corresponding to the default equipment identification is not connected with the voice call.
6. The method of claim 1, wherein centering on the second location, determining a valid geographic range for authentication of the user specifically comprises:
determining an effective radius according to the security level corresponding to the user and/or the determined number of active users in the set area, wherein the higher the number of active users in the set area is, the smaller the effective radius is, the higher the security level corresponding to the user is, the smaller the effective radius is;
and taking the second position as a center, performing area division by using the effective radius, and determining an effective geographic range for performing identity authentication on the user in the set area.
7. The method of claim 6, wherein determining the set area specifically comprises:
and taking the second position as a center, and performing area division by using a set radius to determine the set area.
8. The method of claim 1, wherein authenticating the user based on the first location and the valid geographic scope comprises:
determining a verification code corresponding to the user;
and if the first position is determined to be located in the effective geographic range and the verification code is determined to be input by the user, determining that the user passes the identity verification when the user needs to perform service processing through the equipment corresponding to the equipment identifier to be recognized.
9. The method of claim 8, wherein determining that the user entered the passcode comprises:
determining the effective duration corresponding to the verification code and determining the starting time of identity verification of the user;
and if the time interval between the moment when the user inputs the verification code and the starting moment is monitored not to exceed the effective duration, determining that the user inputs the verification code.
10. An apparatus for identity verification, comprising:
the first acquisition module is used for acquiring an equipment identifier corresponding to equipment currently used by a user and taking the equipment identifier as an equipment identifier to be identified;
a second obtaining module, configured to, if it is determined that the to-be-recognized device identifier is different from the stored default device identifier corresponding to the user, obtain, as the first location, a geographic location where a device corresponding to the to-be-recognized device identifier currently used by the user is based on;
a selecting module, configured to select, as a second location, a geographic location that meets a preset condition from geographic locations on which the user performs service processing using the device corresponding to the default device identifier;
the determining module is used for determining an effective geographic range for identity authentication of the user by taking the second position as a center;
and the verification module is used for performing service processing on the equipment corresponding to the equipment identifier to be identified, which is required by the user, according to the first position and the effective geographic range, so as to perform identity verification.
11. A computer-readable storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method of any of the preceding claims 1 to 9.
12. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 1 to 9 when executing the program.
CN202010188616.1A 2020-03-17 2020-03-17 Identity verification method and device Active CN111368273B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010188616.1A CN111368273B (en) 2020-03-17 2020-03-17 Identity verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010188616.1A CN111368273B (en) 2020-03-17 2020-03-17 Identity verification method and device

Publications (2)

Publication Number Publication Date
CN111368273A true CN111368273A (en) 2020-07-03
CN111368273B CN111368273B (en) 2023-06-20

Family

ID=71208851

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010188616.1A Active CN111368273B (en) 2020-03-17 2020-03-17 Identity verification method and device

Country Status (1)

Country Link
CN (1) CN111368273B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112016079A (en) * 2020-08-27 2020-12-01 深圳市亲邻科技有限公司 Equipment terminal verification method, device and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015035936A1 (en) * 2013-09-12 2015-03-19 腾讯科技(深圳)有限公司 Identity authentication method, identity authentication apparatus, and identity authentication system
CN104901925A (en) * 2014-03-05 2015-09-09 中国移动通信集团北京有限公司 End-user identity authentication method, device and system and terminal device
US20170195339A1 (en) * 2015-08-20 2017-07-06 Cloudwear Inc. Method and apparatus for geographic location based electronic security management
CN107682336A (en) * 2017-09-30 2018-02-09 北京梆梆安全科技有限公司 A kind of auth method and device based on geographical position
CN107731234A (en) * 2017-09-06 2018-02-23 阿里巴巴集团控股有限公司 A kind of method and device of authentication
CN108712413A (en) * 2018-05-15 2018-10-26 上海掌门科技有限公司 A kind of method and apparatus of authentication
WO2019085575A1 (en) * 2017-11-02 2019-05-09 阿里巴巴集团控股有限公司 Voiceprint authentication method and apparatus, and account registration method and apparatus
CN110245475A (en) * 2019-05-30 2019-09-17 阿里巴巴集团控股有限公司 Auth method and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015035936A1 (en) * 2013-09-12 2015-03-19 腾讯科技(深圳)有限公司 Identity authentication method, identity authentication apparatus, and identity authentication system
CN104901925A (en) * 2014-03-05 2015-09-09 中国移动通信集团北京有限公司 End-user identity authentication method, device and system and terminal device
US20170195339A1 (en) * 2015-08-20 2017-07-06 Cloudwear Inc. Method and apparatus for geographic location based electronic security management
CN107731234A (en) * 2017-09-06 2018-02-23 阿里巴巴集团控股有限公司 A kind of method and device of authentication
CN107682336A (en) * 2017-09-30 2018-02-09 北京梆梆安全科技有限公司 A kind of auth method and device based on geographical position
WO2019085575A1 (en) * 2017-11-02 2019-05-09 阿里巴巴集团控股有限公司 Voiceprint authentication method and apparatus, and account registration method and apparatus
CN108712413A (en) * 2018-05-15 2018-10-26 上海掌门科技有限公司 A kind of method and apparatus of authentication
CN110245475A (en) * 2019-05-30 2019-09-17 阿里巴巴集团控股有限公司 Auth method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李丽慧;汪振海;蒋良卫;: "基于计算机视觉的用户身份验证App设计与实现" *
熊俊;: "用户身份认证技术在计算机信息安全中的应用" *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112016079A (en) * 2020-08-27 2020-12-01 深圳市亲邻科技有限公司 Equipment terminal verification method, device and storage medium

Also Published As

Publication number Publication date
CN111368273B (en) 2023-06-20

Similar Documents

Publication Publication Date Title
US8903359B2 (en) Mobile device and NFC service protection method of the mobile device
JP2019537112A (en) Method, apparatus and server for account login
CN108990059B (en) Verification method and device
RU2630553C2 (en) Method, instrumentation, and device for adding connected expansion to address book
US9888383B2 (en) Authentication using dynamic verbal questions based on social and geospatial history
CN107070871B (en) Identity verification method and device
WO2016145706A1 (en) Method and device for implementing user mode switching on smart terminal, and smart terminal
KR20180109919A (en) Security verification method and device for smart card application
CN111835714A (en) Information verification processing method, client and server
US10419876B2 (en) Secure mobile device recovery
CN115374481B (en) Data desensitization processing method and device, storage medium and electronic equipment
CN109144600B (en) Application program running method and device and computer readable medium
CN111460428A (en) Authority management method and device of android system and readable medium
CN111368273A (en) Identity verification method and device
CN111582868A (en) Transaction request processing method, device and equipment
CN104915266B (en) A kind of application program guard method and device
CN111753270B (en) Application program login verification method, device, equipment and storage medium
CN111738473B (en) Processing method, device, equipment and system for ticket booking service
CN111580445B (en) Electrical equipment operation switching method and device, electronic equipment and storage medium
CN110175450B (en) Information processing method, device and equipment
CN107483534B (en) Service processing method and device
CN112100610B (en) Processing method, device and equipment for login and user login related services
CN114170700A (en) Attendance checking method and device
CN113849836A (en) Information prompting method, device and equipment
CN111882321A (en) Identity verification processing method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant