CN111489172B

CN111489172B - Qualification information authentication method, terminal and server

Info

Publication number: CN111489172B
Application number: CN201910074397.1A
Authority: CN
Inventors: 马海刚; 孙洪凤; 常震华; 邓磊; 李德龙; 周权; 王玮
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2019-01-25
Filing date: 2019-01-25
Publication date: 2023-04-07
Anticipated expiration: 2039-01-25
Also published as: CN111489172A

Abstract

The embodiment of the invention discloses a qualification information authentication method, a terminal and a server, which are used for simplifying the acquisition process of qualification information and improving the information acquisition efficiency. The embodiment of the invention provides an authentication method of qualification information, which comprises the following steps: the method comprises the steps that a first terminal obtains authorization information of a user to be authenticated; the first terminal sends an authentication request to an authentication server, wherein the authentication request comprises: the authorization information of the user to be authenticated and the identity of the user to be authenticated; the first terminal receives qualification information sent by the authentication server, and the qualification information is obtained by the authentication server from a qualification data source according to the identity of the user to be authenticated; and the first terminal carries out qualification authentication on the user to be authenticated according to the qualification information.

Description

Qualification information authentication method, terminal and server

Technical Field

The invention relates to the technical field of computers, in particular to an authentication method of qualification information, a terminal and a server.

Background

In the current scheme for acquiring personal information of a user, a software as a service (SaaS) mode of purchasing a third party online may be adopted, and a mode of entrusting offline to an information provider may also be adopted. User personal information includes, but is not limited to: personal calendar information, identity information, etc.

Taking a background survey (called a back tone for short) scene commonly used at present as an example, the mainly involved processes may include: firstly, a user unit triggers a back tone, then a back tone supplier starts a back tone process, then personal authorization is required to agree, and finally a back tone report is generated and sent to the user unit, and the user unit can use the report after obtaining the back tone report.

In the above scheme for acquiring personal information of a user provided in the prior art, there are problems of complex information acquisition process, large time cost and labor cost loss, and low information acquisition efficiency. For example, an individual needs to go to each verification unit to verify various certification information, which is limited by time and place, and the time and labor cost for the transaction are high. If a human unit usually sends a request to a back-debugging provider after interviewing a candidate, the back-debugging provider also needs to obtain authorization from the candidate, the candidate sends the authorization back to the provider after confirming the authorization, and the back-debugging provider verifies according to the returned information, so that the prior art has multiple information obtaining processes, long time consumption and low efficiency.

Disclosure of Invention

The embodiment of the invention provides a qualification information authentication method, a terminal and a server, which are used for simplifying the qualification information acquisition process and improving the information acquisition efficiency.

The embodiment of the invention provides the following technical scheme:

in one aspect, an embodiment of the present invention provides a method for authenticating qualification information, including:

the method comprises the steps that a first terminal obtains authorization information of a user to be authenticated;

the first terminal sends an authentication request to an authentication server, wherein the authentication request comprises: the authorization information of the user to be authenticated and the identity of the user to be authenticated;

the first terminal receives qualification information sent by the authentication server, and the qualification information is obtained by the authentication server from a qualification data source according to the identity of the user to be authenticated;

and the first terminal carries out qualification authentication on the user to be authenticated according to the qualification information.

On the other hand, an embodiment of the present invention further provides an authentication method for qualification information, including:

the authentication server receives an authentication request sent by a first terminal;

the authentication server acquires authorization information of a user to be authenticated and an identity of the user to be authenticated from the authentication request;

after the authentication server successfully verifies the authorization information, the authentication server acquires qualification information corresponding to the user to be authenticated from a pre-configured qualification data source according to the identity of the user to be authenticated;

and the authentication server sends qualification information corresponding to the user to be authenticated to the first terminal.

On the other hand, an embodiment of the present invention further provides a terminal, where the terminal is specifically a first terminal, and the first terminal includes:

the acquisition module is used for acquiring the authorization information of the user to be authenticated;

a sending module, configured to send an authentication request to an authentication server, where the authentication request includes: the authorization information of the user to be authenticated and the identity of the user to be authenticated are obtained;

the receiving module is used for receiving qualification information sent by the authentication server, and the qualification information is obtained by the authentication server from a qualification data source according to the identity of the user to be authenticated;

and the authentication module is used for performing qualification authentication on the user to be authenticated according to the qualification information.

In the foregoing aspect, the constituent module of the first terminal may further perform the steps described in the foregoing aspect and various possible implementations, for details, see the foregoing description of the foregoing aspect and various possible implementations.

On the other hand, an embodiment of the present invention further provides an authentication server, including:

the receiving module is used for receiving an authentication request sent by a first terminal;

the user information module is used for acquiring authorization information of a user to be authenticated and an identity of the user to be authenticated from the authentication request;

the qualification obtaining module is used for obtaining qualification information corresponding to the user to be authenticated from a pre-configured qualification data source according to the identity of the user to be authenticated after the authentication server successfully verifies the authorization information;

and the sending module is used for sending qualification information corresponding to the user to be authenticated to the first terminal.

In the foregoing aspect, the constituent modules of the authentication server may also perform the steps described in the foregoing another aspect and various possible implementations, as detailed in the foregoing description of the foregoing another aspect and various possible implementations.

In another aspect, an embodiment of the present invention provides a terminal, where the terminal is specifically a first terminal, and the first terminal includes: a processor, a memory; the memory is used for storing instructions; the processor is configured to execute the instructions in the memory to cause the first terminal to perform the method according to any one of the preceding aspects.

In another aspect, an embodiment of the present invention provides an authentication server, where the authentication server includes: a processor, a memory; the memory is used for storing instructions; the processor is configured to execute the instructions in the memory to cause the authentication server to perform a method as in any of the preceding further aspects.

In another aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores instructions that, when executed on a computer, cause the computer to perform the method according to the above aspects.

In the embodiment of the invention, a first terminal firstly acquires authorization information of a user to be authenticated, then the first terminal sends an authentication request to an authentication server, the authentication server can acquire the authorization information of the user to be authenticated and an identity of the user to be authenticated from the authentication request, after the authentication server successfully verifies the authorization information, the authentication server acquires qualification information corresponding to the user to be authenticated from a pre-configured qualification data source according to the identity of the user to be authenticated, the authentication server sends the qualification information corresponding to the user to be authenticated to the first terminal, the first terminal receives the qualification information sent by the authentication server, and finally the first terminal performs qualification authentication on the user to be authenticated according to the qualification information. In the embodiment of the application, the first terminal can acquire the authorization information of the user to be authenticated first, then request for authentication from the authentication server based on the authorization information, the authentication server can verify whether the authorization information succeeds or not first, then acquire the qualification information corresponding to the user to be authenticated through interaction with the resource data source when the authentication succeeds, and the authentication server can also return the qualification information to the first terminal.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings.

Fig. 1 is a schematic view illustrating an interaction flow between a terminal and an authentication server according to an embodiment of the present invention;

fig. 2 is a schematic block flow diagram illustrating a method for authenticating qualification information performed by a first terminal according to an embodiment of the present invention;

fig. 3 is a schematic block diagram illustrating a flow of a method for authenticating qualification information performed by an authentication server according to an embodiment of the present invention;

fig. 4 is a schematic flowchart illustrating another method for authenticating qualification information performed by an authentication server according to an embodiment of the present invention;

fig. 5 is a schematic block diagram illustrating a flow of another method for authenticating qualification information performed by an authentication server according to an embodiment of the present invention;

fig. 6 is a schematic diagram of an overall design architecture of an authentication system according to an embodiment of the present invention;

fig. 7 is a schematic view of an interaction flow for obtaining a qualification report of a user according to an embodiment of the present application;

fig. 8 is a schematic view illustrating an interaction flow of a two-dimensional code sharing qualification report according to an embodiment of the present disclosure;

fig. 9 is a schematic view of an interaction flow of a short message sharing qualification report according to an embodiment of the present application;

fig. 10-a is a schematic structural diagram of a first terminal according to an embodiment of the present invention;

fig. 10-b is a schematic structural diagram of an acquisition module according to an embodiment of the present invention;

fig. 10-c is a schematic structural diagram of another first terminal according to an embodiment of the present invention;

fig. 11-a is a schematic structural diagram of an authentication server according to an embodiment of the present invention;

fig. 11-b is a schematic structural diagram of another authentication server according to an embodiment of the present invention;

fig. 11-c is a schematic structural diagram of another authentication server according to an embodiment of the present invention;

fig. 11-d is a schematic diagram of a composition structure of a qualification acquisition module according to an embodiment of the present invention;

fig. 11-e is a schematic structural diagram of another authentication server according to an embodiment of the present invention;

fig. 11-f is a schematic structural diagram of another authentication server according to an embodiment of the present invention;

fig. 12 is a schematic view of a composition structure of a terminal to which the method for authenticating qualification information according to the embodiment of the present invention is applied;

fig. 13 is a schematic structural diagram of a composition of a server to which the method for authenticating qualification information provided by the embodiment of the present invention is applied.

Detailed Description

The embodiment of the invention provides a qualification information authentication method, a terminal and a server, which are used for simplifying the acquisition process of qualification information and improving the information acquisition efficiency.

In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein, are intended to be within the scope of the present invention.

The terms "comprises" and "comprising," and any variations thereof, in the description and claims of this invention and the above-described drawings are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of elements is not necessarily limited to those elements, but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.

The following are detailed below.

The embodiment of the qualification information authentication method can be particularly applied to scenes for accurately and quickly identifying the qualification information of the user. The authentication method of the qualification information provided by the embodiment of the invention is suitable for the terminal and the server, communication connection is established between the terminal and the server, for example, the terminal can be controlled by a user, and the user can control the establishment of wireless or wired connection between the terminal and the server. The terminal provided by the embodiment of the invention can be used for acquiring the qualification information of users of other terminals and can also be used for acquiring the qualification information of the user operating the terminal, the server can be specifically an authentication server with a qualification information acquisition function, and the authentication server can be a cloud authentication server or a background server.

The qualification information authentication method provided by the embodiment of the invention can be used for quickly acquiring information in various scenes needing qualification information. For example, the user may actively send authorization information of the user to the authentication server through the terminal, so that the authentication server may extract the qualification information corresponding to the user from the qualification data source, and the authentication server may timely return the queried qualification information to the user. For another example, when the user 2 needs to obtain the qualification information of the user 1, the user 2 may actively send the authorization information of the user to the authentication server through the terminal, so that the authentication server may extract the qualification information corresponding to the user 1 from the qualification data source, and the authentication server may timely return the queried qualification information to the user 2.

The qualification information authentication method provided by the embodiment of the application has various practical application scenarios. For example, in a game scenario, when the player 2 needs to obtain the game identity information of the player 1, the player 1 may actively share the two-dimensional code to the player 2, so that the player 2 may interact with the game server based on the two-dimensional code of the player 1, and the game server may return the game identity information of the player 1 to the player 2. For another example, in a job application scenario, a Human Resource (HR) user needs to obtain qualification information of multiple candidates, for example, the qualification information may include: the HR user can interact with the authentication server through the two-dimensional code shared by each candidate, so that the authentication server can return qualification information of a plurality of users to the HR user. For another example, in a scene of marriage and love, two parties of the relatives may share the two-dimensional code with each other, and the relatives may interact with the authentication server based on the two-dimensional code shared by the opposite party, so that the authentication server may return qualification information of the opposite party to the relatives, where the qualification information may include: academic certificates, identity certificates, professional skill certificates and the like.

Referring to fig. 1, the method for authenticating qualification information according to an embodiment of the present invention includes the following steps:

101. the first terminal acquires the authorization information of the user to be authenticated.

The first terminal can be controlled by the user to operate, and can actively acquire the authorization information of the user to be authenticated, wherein the authorization information can refer to authorization confirmation of the user to be authenticated on acquiring the qualification information of the user to be authenticated. In the embodiment of the application, the authorization information can be generated after the user personally signs the online authorization book, so that the safety authorization of the qualification information is completed.

In the embodiment of the present application, the user to be authenticated may be a user who controls the first terminal, the user to be authenticated may also be a user who controls the second terminal, and the first terminal and the second terminal may be different terminals. The specific implementation manner of the user to be authenticated is not limited herein, and will be described in detail in the following embodiments.

In some embodiments of the present application, the step 101 of obtaining, by the first terminal, authorization information of a user to be authenticated includes:

the first terminal obtains the authorization information of the user to be authenticated from the second terminal, and the second terminal is controlled by the user to be authenticated.

If the user to be authenticated refers to an operation user of the second terminal, the first terminal firstly interacts with the second terminal, and therefore the second terminal acquires authorization information of the user to be authenticated. For example, a user controlling the second terminal may actively send own authorization information to the first terminal, so that the first terminal can interact with the authentication server to obtain qualification information corresponding to the user controlling the second terminal.

Further, in some embodiments of the present application, the obtaining, by the first terminal, the authorization information of the user to be authenticated from the second terminal includes at least one of the following manners:

the first terminal scans the authorized two-dimensional code generated by the second terminal and analyzes the authorized two-dimensional code to obtain the authorization information of the user to be authenticated; alternatively, the first and second electrodes may be,

and the first terminal receives the authorization link information sent by the second terminal and acquires the authorization information of the user to be authenticated according to the authorization link information.

The user of the second terminal is controlled to display the authorization information of the user in a manner of authorizing the two-dimensional code, the first terminal can scan the authorized two-dimensional code generated by the second terminal, namely the user of the second terminal is controlled to enable the first terminal to acquire the authorized two-dimensional code in a face-to-face authorization mode, and the first terminal analyzes the authorized two-dimensional code to acquire the authorization information of the user to be authenticated. For example, taking a face-to-face authorization manner as an example, when the job seeker and the HR user meet the face, the two-dimensional code authorization can be performed face to face, so that the HR user can quickly complete the qualification audit by scanning the authorized two-dimensional code of the job seeker.

In other embodiments of the present application, the user controlling the second terminal may further send authorization link information to the first terminal by using a remote authorization or short message authorization manner, so that the first terminal receives the authorization link information sent by the second terminal, and acquires the authorization information of the user to be authenticated according to the authorization link information. For example, the user of the second terminal is controlled to generate a short message authorization link, and then the short message authorization link is sent to the first terminal, so that the first terminal can obtain the authorization information of the user to be authenticated through the short message authorization link.

In some embodiments of the present application, in step 101, the obtaining, by the first terminal, authorization information of a user to be authenticated includes:

the first terminal establishes connection with an authentication server under the control of a user to be authenticated;

the first terminal extracts the authorization information of the user to be authenticated from the control operation of the user to be authenticated.

If the user to be authenticated is an operation user of the first terminal, the first terminal first establishes a connection with the authentication server according to a control instruction of the user to be authenticated, and then the user to be authenticated can perform a control operation on the first terminal, for example, the user to be authenticated can input a personal authorization instruction in a display interface of the first terminal, so that the first terminal can analyze the personal authorization instruction to obtain authorization information of the user to be authenticated. For example, the embodiment of the present application may implement a qualification survey based on an individual initiative, which is completely different from a background survey in the prior art initiated by a third-party company, and may also initiate a qualification survey of an individual user by himself/herself in the embodiment of the present application, thereby improving the qualification scheduling efficiency.

102. The first terminal sends an authentication request to an authentication server, wherein the authentication request comprises: authorization information of the user to be authenticated and an identity of the user to be authenticated.

In the embodiment of the application, the first terminal may communicate with the authentication server. When the first terminal acquires the authorization information of the user to be authenticated, the first terminal can actively send an authentication request to the authentication server so as to request the authentication server to feed back the qualification information of the user to be authenticated. Based on the foregoing scenario illustration, the content specifically included in the qualification information may be specifically configured in different scenarios, and is not limited herein. For example, the authentication server may provide an interactive interface on which the first terminal actively triggers the authentication request. Or the authentication server is preset with a service port, the first terminal may interact with the service port, and send an authentication request to the authentication server through the service port, for example, the service port may be implemented based on a timely communication tool.

In this embodiment of the application, the authentication request sent by the first terminal needs to carry an identity of the user to be authenticated in addition to the authorization information, where the identity is a unique identification code of the user to be authenticated, and may be, for example, an identity number of the user to be authenticated, a mobile phone number of the user to be authenticated, or an identification code allocated by the authentication server to different users, and the like, which is not limited herein.

In some embodiments of the present application, please refer to fig. 2, in which after the first terminal sends the authentication request to the authentication server in step 102, the method provided in the embodiments of the present application further includes the following steps:

a1, a first terminal sends a login request to a service port corresponding to an authentication server, wherein the login request carries user identity information corresponding to the first terminal.

The authentication server may set a corresponding service port, for example, the service port may be a service public number in the social communication tool. When the first terminal interacts with the authentication server, the first terminal needs to log in the service port first, and a login request sent by the first terminal also needs to carry user identity information corresponding to the first terminal, so that the authentication server can perform real-name authentication on the first terminal according to the login request.

103. The authentication server receives an authentication request sent by the first terminal.

In the embodiment of the application, the first terminal may communicate with the authentication server. The first terminal may actively send an authentication request to the authentication server so that the authentication server may receive the authentication request from the first terminal. For example, the authentication server may provide an interactive interface on which the first terminal actively triggers the authentication request. Or the authentication server is preset with a service port, the first terminal may interact with the service port, and send an authentication request to the authentication server through the service port, for example, the service port may be implemented based on a timely communication tool.

104. And the authentication server acquires the authorization information of the user to be authenticated and the identity of the user to be authenticated from the authentication request.

In the embodiment of the application, the authentication server receives an authentication request actively sent by the first terminal, analyzes the authentication request and can acquire the authorization information of the user to be authenticated, wherein the authorization information is a certificate for the user to be authenticated to authorize to acquire the qualification information of the user. In the embodiment of the application, the authorization information can be generated after the user personally signs the online authorization book, so that the safety authorization of the qualification information is completed.

In this embodiment of the application, the authentication server may obtain, from the authentication request, not only the authorization information of the user to be authenticated, but also an identity of the user to be authenticated from the authentication request sent by the first terminal, where the identity is a unique identification code of the user to be authenticated, and may be, for example, an identity number of the user to be authenticated, a mobile phone number of the user to be authenticated, or an identification code allocated by the authentication server to different users, which is not limited herein.

In some embodiments of the present application, please refer to fig. 3, before the step 105 of the authentication server obtaining the qualification information corresponding to the user to be authenticated from the pre-configured qualification data source according to the identity of the user to be authenticated, the method provided in the embodiments of the present application further includes the following steps:

c1, the authentication server receives a login request sent by the first terminal through a service port corresponding to the authentication server;

c2, the authentication server acquires user identity information corresponding to the first terminal from the login request;

and C3, the authentication server performs real-name authentication by using the user identity information corresponding to the first terminal. After the first terminal real-name authentication passes, the following steps 105 are triggered to be executed: the authentication server acquires qualification information corresponding to the user to be authenticated from a pre-configured qualification data source according to the identity of the user to be authenticated.

The authentication server may set a corresponding service port, for example, the service port may be a service public number in the social communication tool. When the first terminal interacts with the authentication server, the first terminal needs to log in the service port first, and a login request sent by the first terminal also needs to carry user identity information corresponding to the first terminal, so that the authentication server can perform real-name authentication on the first terminal according to the login request. For example, the authentication server may interact with a real-name authentication center to confirm whether the operating user of the first terminal has been authenticated by the real-name. After the first terminal real name authentication passes, the following step 105 is triggered to be executed.

In some embodiments of the present application, please refer to fig. 4, where after the authentication server verifies the authorization information successfully, the method provided in the embodiments of the present application further includes the following steps:

d1, the authentication server determines whether the user to be authenticated has paid successfully;

d2, when the user to be authenticated does not complete payment, the authentication server sends an order payment request to the first terminal;

d3, the authentication server receives an order payment instruction sent by the first terminal;

d4, the authentication server stores the payment result according to the order payment instruction, and then triggers and executes the following steps 105: the authentication server acquires qualification information corresponding to the user to be authenticated from a pre-configured qualification data source according to the identity of the user to be authenticated.

In this embodiment of the present application, the scheduling of the qualification information needs to involve a payment scenario, before the authentication server obtains the qualification information of the user to be authenticated, the authentication server needs to determine whether the first terminal has completed payment, and if no payment is made, the authentication server further sends an order payment request, where the order payment request may include: the amount to be paid, the payment name, the order serial number and other information. The first terminal executes an online payment operation according to the order payment request, for example, the first terminal needs to interact with a payment tool, and after the execution of the payment operation is completed, the first terminal can send an order payment instruction to the authentication server, so that the authentication server can receive the order payment instruction and determine that the payment of the first terminal is successful according to the order payment instruction. The authentication server can also store the payment result according to the order payment instruction, so that when the first terminal needs to acquire the qualification information of the user to be authenticated again, the authentication server does not need to request the first terminal to pay repeatedly, and the authentication server can skip the steps D2 to D3 and directly execute the step 105.

105. After the authentication server successfully verifies the authorization information, the authentication server acquires qualification information corresponding to the user to be authenticated from a pre-configured qualification data source according to the identity of the user to be authenticated.

In the embodiment of the application, after the authentication server acquires the authorization information of the user to be authenticated, whether the authorization information is true or valid needs to be verified, and the information verification is determined to be successful under the condition that the authorization information is true or valid. In the prior art, a qualification provider needs to send an authorization notice to a user to be authenticated, and can verify authorization information only by the authorization confirmation of the user to be authenticated. In the embodiment of the application, the authentication server can execute the verification of the authorization information after receiving the authentication request, thereby simplifying the verification process of the user authorization.

After the authentication server successfully verifies the authorization information, the authentication server can interact with a pre-configured qualification data source to acquire qualification information matched with the identity of the user to be authenticated. The qualification data source can be provided by a qualification supplier, and the qualification data source can store qualification information corresponding to the identity identifiers of different users. The content of the qualification information may include different content in different application scenarios, for example, the qualification information may include: identity recognition, social public safety, education background, business interest conflict, work history and the like.

In some embodiments of the present application, the step 105 of obtaining, by the authentication server, qualification information corresponding to the user to be authenticated from a pre-configured qualification data source according to the identity of the user to be authenticated includes:

the authentication server respectively sends the identity identification of the user to be authenticated to at least two different qualification data sources;

the authentication server receives qualification inquiry results respectively sent by at least two different resource data sources;

and the authentication server generates qualification information corresponding to the user to be authenticated according to the received at least two different qualification inquiry results.

The authentication server may interact with the qualification data sources to obtain the qualification data stored in the qualification data sources, for example, the authentication server may interact with a plurality of qualification data sources to obtain real and reliable qualification information.

For example, in the embodiment of the present Application, each qualification data source may be provided by a qualification provider, and the authentication server obtains the qualification information of the user to be authenticated by interfacing with an Application Programming Interface (API) of the qualification provider. The authentication server can adopt double data source information to carry out comparison and verification, and the reliability of the data result is further improved. For example, the authentication server may call up data of at least two suppliers, compare the results and make an intelligent judgment to obtain reliable investigation results, so as to eliminate the situation that a single data source is unavailable or inaccurate.

Further, the authentication server may select providers in a dynamic weight manner, which may not only have a bias to select providers, but also maintain the activity of each provider. The weight of the supplier is obtained by comprehensively judging the cost, the data reliability and the system stability, and can be automatically adjusted according to the calling result each time. For example, if a call of a provider interface fails, the authentication server records and automatically reduces the weight of the provider through corresponding logic. The authentication server selects the supplier in a dynamic weight mode, and can optimize the path for obtaining the authentication result to the maximum extent, so that the reliability of the result is ensured.

In some embodiments of the present application, please refer to fig. 5, after the authentication server acquires authorization information of the user to be authenticated and an identity of the user to be authenticated from the authentication request in step 104, the method provided in the embodiments of the present application further includes the following steps:

e1, the authentication server sends a short message verification request to the first terminal;

e2, the authentication server receives a short message verification code sent by the first terminal; when the short message verification code is confirmed, the following steps 105 are triggered and executed: the authentication server acquires qualification information corresponding to the user to be authenticated from a pre-configured qualification data source according to the identity of the user to be authenticated.

The first terminal may further determine whether to acquire qualification information of the user to be authenticated by using a short message verification method, for example, after the authentication server receives an authentication request of the first terminal, the authentication server may send the short message verification request, and the first terminal may receive a short message verification code, and then send the short message verification code to the authentication server, for example, the short message verification code may be sent to a service port (for example, a public service number of a social communication tool) of the authentication server, and after the short message verification code is confirmed, the step 105 is triggered and executed.

In some embodiments of the present application, after the short message verification code is confirmed, the aforementioned step 105 may not be triggered, please refer to fig. 5, and the authentication server performs the following steps F1 and F2.

F1, when the qualification data source adopts encryption transmission, the authentication server receives data sent by the qualification data source and decrypts the received data to obtain the qualification information corresponding to the user to be authenticated;

and F2, the authentication server encrypts and stores the qualification information corresponding to the user to be authenticated.

The interaction between the authentication server and the qualification data source can be in an encryption transmission mode, so that the authentication server can store qualification information corresponding to the user to be authenticated in a double encryption mode, sensitive information leakage is effectively prevented, and safety guarantee is provided for personal information. For example, the authentication server and the qualification data are derived from check transmission encryption, the database stores sensitive data encryption, and an available encryption algorithm is not limited herein, for example, a base64 algorithm can be used for data encryption.

106. And the authentication server sends qualification information corresponding to the user to be authenticated to the first terminal.

In the embodiment of the application, after the authentication server acquires the qualification information corresponding to the user to be authenticated through interaction with the qualification data source, the authentication server can send the qualification information read from the qualification data source to the first terminal, so that the first terminal can receive the qualification information corresponding to the user to be authenticated. For example, the authentication server is provided with a corresponding service port, and the authentication server can send qualification information corresponding to the user to be authenticated through the service port.

107. The first terminal receives qualification information sent by the authentication server, and the qualification information is obtained from a qualification data source by the authentication server according to the identity of the user to be authenticated.

In this embodiment, the first terminal may trigger to perform step 107 after performing step 102, and when the authentication server sends the qualification information, the first terminal may receive the qualification information. For example, the authentication server is provided with a corresponding service port, the authentication server can send qualification information corresponding to the user to be authenticated through the service port, and the first terminal can acquire the qualification information corresponding to the user to be authenticated through the service port.

In some embodiments of the present application, please refer to fig. 2, where after the first terminal sends the authentication request to the authentication server in step 102, the method provided in this embodiment further includes the following steps:

b1, the first terminal receives an order payment request sent by the authentication server;

and B2, the first terminal executes online payment operation according to the order payment request and sends an order payment instruction to the authentication server.

In this embodiment of the present application, the scheduling of the qualification information further needs to relate to a payment scenario, before the authentication server obtains the qualification information of the user to be authenticated, the authentication server further needs to determine whether the first terminal has completed payment, and if no payment is made, the authentication server further sends an order payment request, where the order payment request may include: the amount to be paid, the payment name, the order serial number and other information. The first terminal executes an online payment operation according to the order payment request, for example, the first terminal needs to interact with a payment tool, and after the payment operation is executed, the first terminal can send an order payment instruction to the authentication server, so that the authentication server can receive the order payment instruction and determine that the first terminal has successfully paid according to the order payment instruction.

108. And the first terminal performs qualification authentication on the user to be authenticated according to the qualification information.

In the embodiment of the application, after the first terminal acquires the qualification information corresponding to the user to be authenticated from the authentication server, the qualification authentication can be performed on the user to be authenticated based on the content in the qualification information, so as to confirm the qualification content owned by the user to be authenticated. In different application scenarios, the manner of performing qualification authentication by the first terminal may be determined according to the content included in the qualification information, which is not limited herein.

As can be seen from the description of the embodiment of the present invention, the first terminal first obtains the authorization information of the user to be authenticated, then the first terminal sends an authentication request to the authentication server, the authentication server can obtain the authorization information of the user to be authenticated and the identity of the user to be authenticated from the authentication request, after the authentication server successfully verifies the authorization information, the authentication server obtains the qualification information corresponding to the user to be authenticated from the pre-configured qualification data source according to the identity of the user to be authenticated, the authentication server sends the qualification information corresponding to the user to be authenticated to the first terminal, the first terminal receives the qualification information sent by the authentication server, and finally, the first terminal performs qualification authentication on the user to be authenticated according to the qualification information. In the embodiment of the application, the first terminal can acquire the authorization information of the user to be authenticated first, then request for authentication from the authentication server based on the authorization information, the authentication server can verify whether the authorization information succeeds or not first, then acquire the qualification information corresponding to the user to be authenticated through interaction with the resource data source when the authentication succeeds, and the authentication server can also return the qualification information to the first terminal.

In order to better understand and implement the above-mentioned schemes of the embodiments of the present invention, the following description specifically illustrates corresponding application scenarios.

The embodiment of the invention can be used for carrying out personalized deep development based on the service number and the two-dimensional code of the social communication tool, and creates a personal information verification mode based on the service port. The embodiment of the invention deeply customizes and accesses intelligent personal information verification solutions such as image recognition, voice recognition, authority data and the like on the basis of the service number capability of the social communication tool.

By adopting the embodiment of the application, the individual can quickly obtain the own information verification report through real-name authentication and authorization. Under the condition of the consent of the user, schools, enterprises and the like can also quickly obtain the information verification reports of other people. The system has the advantages that the related recruitment, learning and the like are more convenient and efficient, the experience is more intelligent and humanized, the information safety of personal information and enterprise service is ensured from the bottom layer, and the working and living environment with transparent integrity is promoted.

Specifically, the scheme provided by the embodiment of the application has the characteristics of use threshold and low cost, and based on the service number mode of the social communication tool, the verification of personal information can be performed only by paying attention to the service number, so that the experience is smooth and quick. As the personal information report, the system is convenient to transmit and is fast and convenient for others to check. The scheme provided by the embodiment of the application has the characteristics of strong social function and high information reuse, is based on the service number mode of the social communication tool, is provided with the social relation network and the social capacity of the social communication tool, and is high in use frequency. Based on the information verification certificate of the individual and the self, the enterprise or other people can obtain the information certificate which is authorized and agreed by the individual through one-time authorization and simple confirmation. The scheme provided by the embodiment of the application also has the characteristic of transparent information transmission, and based on the service number mode of the social communication tool, the information notification and sharing capability of the service platform with the social communication tool is improved, so that notification information in various forms such as text, voice, video and the like can be provided, the information can be conveniently obtained in an authorized and permitted range, and an authorizer and a user can obtain consistent information. The scheme provided by the embodiment of the application has the characteristic that the information is convenient and fast to acquire by individuals, and the individuals can rapidly verify the information of the workplaces such as academic certificates, identity confirmation, business conflicts and the like in a one-stop mode, so that the time cost and the labor input consumed by multiple personal certificate handling are saved.

Fig. 6 is a schematic diagram of the overall design architecture of the authentication system according to the embodiment of the present invention. The authentication server provided by the embodiment of the application can be realized based on the authentication system, and the authentication system is a platform based on cloud identification, storage, calling and application of personal qualification information and mainly has the following functions. The authentication system can realize identity authentication, and a rich identity qualification authentication system based on the two-dimensional code comprises identity verification, academic survey and business conflict. The rich identity is not only the name and the identity card number, but also comprises other qualification information. The authentication system can realize the safety authorization of qualification information, firstly, the real-name authentication is carried out, the identity comparison and confirmation are realized on the basis of face images and authentication videos and the personal information of the read identity card, including the identity information such as names, citizen identity numbers and the like, and the person signs an online authorization book after the real-name authentication, thereby completing the safety authorization of the qualification information. The authentication system can realize qualification investigation based on personal initiative, and different from the background investigation in the prior art which is initiated by a third-party company, the qualification investigation of the authentication system is initiated by a personal user independently in the embodiment of the application. The authentication system can realize a convenient qualification investigation authorization mode, and can complete remote authorization through the mobile phone number. The authentication system can realize a face-to-face authorization mode, and when a job seeker and an HR meet the face, two-dimensional code authorization can be carried out face-to-face, so that qualification audit is completed rapidly. The authentication system can realize the instant acquisition of qualification survey information, and the authorized party can check the information such as identity, academic calendar, business conflict and the like in time after being authorized by the authorized party, which is different from the usual qualification survey which usually takes a longer time. The authentication system can realize the protection of personal information security, double encryption of bottom data, traceless watermarking, data encryption transmission and the like.

As shown in fig. 6, the authentication system provided in the embodiment of the present application at least includes: the system comprises a user interaction layer, an information verification layer, a data storage layer and an authentication platform.

First, the user interaction layer is introduced. The premise of generating the qualification report is that the user passes real-name authentication (real-name authentication center) and authorizes an authentication server to allow personal information verification; the user 1 can share the personal report to the HR enterprise user or the individual user 2 through face-to-face authorization, remote authorization or short message authorization.

The real-name authentication center has a complete set of functions based on public security identity authentication and interaction with users. And after the user passes the function verification of the real-name authentication center, the public security identity authentication of the authentication platform can not be carried out.

Next, the information verification layer is described. The information verification layer calls a module corresponding to the authentication system through a dual information query engine, and the engine adopts dual data source information comparison verification, so that the reliability of user data is further improved. For example, when the verification from one of the data sources fails, the next data source is automatically selected for verification to ensure that the obtained data is reliable. The information verification layer generally needs to firstly perform data query with the authentication platform, and after receiving a query result, the query result is stored in the bottom layer double encryption module.

Next, the data storage layer is described. And sensitive data in the data storage layer are stored in a double encryption mode, so that sensitive information is effectively prevented from being leaked, and safety guarantee is provided for personal information.

Finally, an authentication platform is introduced, which can be used for public security identity authentication, academic authentication, business conflict authentication and social public security authentication. For example, the authentication platform is interfaced with a plurality of qualification data sources to realize the above-mentioned certification acquisition of qualification information.

For example, public security identity authentication in an authentication platform is a capability that the platform possesses. The real-name authentication center is a complete set of functions based on public security identity authentication and interaction with users. In essence, both of them use the ID number, name and the face image of the person to compare with the information recorded in the public security bureau to determine if the name is real. After the user passes the function verification of the real-name authentication center, the public security identity authentication of the authentication platform is not carried out any more; that is, the authentication platform has the ability of public security identity authentication, but can select whether to use the ability according to the system logic. In addition, the social public security certification refers to the record of checking whether there is illegal crime in the records of the public security bureau.

In the foregoing illustration, the authentication platform obtains the authentication result of the background investigation by interfacing with the API of the authoritative qualification provider. Wherein the vendor is a generic term for a system that provides background survey authentication results. The authentication platform calls a background investigation module corresponding to the authentication system through the dual information query engine, and adopts dual data source information to perform comparison and verification, so that the reliability of data results is further improved. The core logic of the double information query engine is that the data of at least two suppliers are called, the results are compared and intelligently judged, and a reliable survey result is obtained, so that the condition that a single data source is unavailable or inaccurate is eliminated. The authentication platform selects the suppliers in a dynamic weight mode, so that the suppliers can be selected with a bias, and the activity of each supplier can be kept. The weight of the supplier is obtained by comprehensively judging the cost, the data reliability and the system stability, and can be automatically adjusted according to the calling result each time. For example, if a call to a provider interface fails, the system records and automatically reduces the weight of the provider through corresponding logic. The authentication platform selects suppliers in a dynamic weight mode, and can optimize a path for obtaining an authentication result to the maximum extent, so that the reliability of the result is ensured.

As shown in fig. 7, an interactive flow diagram for obtaining a qualification report of a user provided in the embodiment of the present application is shown, and the following steps for consulting a personal qualification report may mainly include:

and S01, the user enters the social communication tool to open the service number, for example, the silent authorization login of the social communication tool is adopted.

And S02, opening the authentication server.

S03, the authentication server judges whether the current user is authenticated by the real name. If the real name authentication is not carried out, jumping to a real name authentication center for authentication, and entering the next step. If the authentication is over, the step S07 is jumped to.

And S04, jumping to a real-name authentication center.

S05, the real-name authentication center authenticates the current login user, and the authentication comprises the following steps: mobile phone confirmation, identity card information and face recognition.

And S06, after the real name succeeds, returning the personal identity information of the user to the authentication server.

And S07, generating an authentication server personal report order.

Wherein generating a report is essentially only a unique identification of generating a report. The data in the report is queried in the authentication platform after payment. The viewing report is to typeset and display the queried data.

And S08, returning the order link to the user in a two-dimensional code form.

And S09, the user identifies the two-dimension code to check the report.

S10, determine whether the user currently viewing the report has purchased the report? If not, a one-step payment is entered. If so, the process jumps to step S18.

S11, the authentication server calls a service number (for example, HR assistant) payment interface of the social communication tool.

S12, the service number (for example, HR assistant) of the social communication tool calls up a payment page of the social communication tool.

And S13, the user carries out payment operation.

S14, confirming the payment operation by the service number (such as HR assistant) of the social communication tool.

S15, the service number (such as HR assistant) of the social communication tool processes the payment operation.

S16, the service number (which may be the HR helper, for example) of the social communication tool informs the authentication server that the user has paid successfully.

S17, the authentication server performs logic processing after the user payment is successful.

And S18, the authentication server inquires the report result and generates an authentication server personal report.

And S19, returning report details to the user.

As shown in fig. 8, an interactive flow diagram of a two-dimensional code sharing qualification report provided in the embodiment of the present application is shown, and an execution flow of the two-dimensional code sharing report is described next, for example, a user 1 reports to a user 2 through two-dimensional code sharing, which mainly includes the following steps:

s21, the user enters the social communication tool to open the service number, for example, the silent authorization login of the social communication tool is adopted.

And S22, opening the authentication server.

And S23, the authentication server returns the two-dimensional code which can be used for viewing the report.

And S24, the user 2 views the report in a mode of scanning the two-dimensional code face to face with the user 1.

And after the user 2 successfully scans the code, the user 1 two-dimensional code is automatically updated. Because the information in the report is sensitive, the two-dimensional code is designed to be used once and then be invalid, for example, updated once every 30 seconds, in order to ensure that the two-dimensional code is not abused.

And S25, scanning the two-dimensional code by the user 2 to check the report.

S26, the user 2 authorizes the service number (which may be an HR assistant, for example) of the social communication tool to obtain the personal information of the social communication tool.

S27, the service number of the social communication tool (which may be the HR helper, for example) forwards the user 2' S request to the authentication server.

S28, the authentication server verifies whether the user 2 has purchased the report, and if so, the step directly jumps to step 34.

S29, the authentication server returns the page to be paid to the user 2.

And S30, the user 2 carries out payment operation and submits the payment operation.

S31, the service number (which can be HR assistant for example) of the social communication tool processes the logic and operation related to payment.

And S32, returning success information to the authentication server after the payment is successful.

And S33, the authentication server performs logic processing after the user payment is successful.

And S34, returning report details to the user.

As shown in fig. 9, an interaction flow diagram of the short message sharing qualification report provided in the embodiment of the present application is shown, and a main flow of the short message sharing report is illustrated next, for example, the user 1 sends the short message sharing report to the user 2, and the main flow mainly includes the following flows:

s41, the user enters the social communication tool to open the service number, for example, the social communication tool is adopted to carry out silent authorization login.

And S42, opening the authentication server.

S43, the authentication server returns the two-dimensional code with the generated report.

And S44, the user 1 inputs the mobile phone number of the user 2 (the user 2 acquiesces the authorization of the user 1), and the user 2 receives the qualification report sharing short message after the sharing is confirmed.

S45, the user 2 opens the link in the short message and calls up the social communication tool interface.

S46, the user 2 authorizes the service number (which can be HR assistant) of the social communication tool to obtain the personal information of the social communication tool.

S47, the service number of the social communication tool (which may be the HR assistant, for example) forwards the user 2 request to the authentication server.

And S48, the authentication server returns a page for acquiring the short message verification code.

And S49, the user 2 opens a report link to acquire the short message verification code.

S50, the user 2 confirms the submission of the verification code.

S51, the authentication server confirms the validity of the verification code. The authentication is passed and the next step 12 is followed, if not, re-authentication is obtained.

S52, open the report page, determine if the report has been purchased? If no report is purchased, go to step. If it is purchased, go directly to step 58.

S53, the authentication server returns the page to be paid to the user 2.

And S54, the user 2 carries out payment operation and submits the payment operation.

S55, the service number (which can be HR assistant) of the social communication tool processes the logic and operation related to payment.

And S56, returning successful information to the authentication server after the payment is successful.

And S57, the authentication server performs logic processing after the payment of the user is successful.

And S58, returning report detail data.

As can be seen from the foregoing illustration, in the embodiments of the present application, a personal information verification platform based on a service number of a social communication tool is used, and an individual can enjoy an instant personal information verification service by only paying attention to the public number without downloading an application program, so that the experience is smooth and quick. As the personal information report, the system is convenient to transmit and is fast and convenient for others to check. Based on the service number mode of the social communication tool, the information notification and sharing capability of the service platform with the social communication tool is improved, notification information in various forms such as characters, voice and video can be provided, information can be conveniently obtained in an authorized and permitted range, and an authorizer and a user can obtain consistent information.

It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art will appreciate that the embodiments described in this specification are presently preferred and that no acts or modules are required by the invention.

To facilitate a better implementation of the above-described aspects of embodiments of the present invention, the following also provides related apparatus for implementing the above-described aspects.

Referring to fig. 10-a, a terminal according to an embodiment of the present invention is specifically a first terminal 1000, where the first terminal includes: an obtaining module 1001, a sending module 1002, a receiving module 1003, an authenticating module 1004, wherein,

an obtaining module 1001, configured to obtain authorization information of a user to be authenticated;

a sending module 1002, configured to send an authentication request to an authentication server, where the authentication request includes: the authorization information of the user to be authenticated and the identity of the user to be authenticated;

a receiving module 1003, configured to receive qualification information sent by the authentication server, where the qualification information is obtained by the authentication server from a qualification data source according to the identity of the user to be authenticated;

and the authentication module 1004 is configured to perform qualification authentication on the user to be authenticated according to the qualification information.

In some embodiments of the present application, the obtaining module 1001 is specifically configured to obtain authorization information of the user to be authenticated from a second terminal, where the second terminal is controlled by the user to be authenticated.

In some embodiments of the present application, the obtaining module 1001 is specifically configured to perform at least one of the following manners: scanning an authorized two-dimensional code generated by the second terminal, and analyzing the authorized two-dimensional code to obtain authorization information of the user to be authenticated; or receiving authorization link information sent by the second terminal, and acquiring the authorization information of the user to be authenticated according to the authorization link information.

In some embodiments of the present application, as shown in fig. 10-b, the obtaining module 1001 includes:

a connection unit 10011, configured to establish a connection with the authentication server under the control of the user to be authenticated;

an information extracting unit 10012, configured to extract authorization information of the user to be authenticated from the control operation of the user to be authenticated.

In some embodiments of the present application, the sending module 1002 is further configured to send a login request to a service port corresponding to an authentication server after sending the authentication request to the authentication server, where the login request carries user identity information corresponding to the first terminal.

In some embodiments of the present application, as shown in fig. 10-c, the first terminal 1000, further includes: a payment module 1005, wherein,

the receiving module 1003 is configured to receive an order payment request sent by an authentication server after the sending module 1002 sends an authentication request to the authentication server;

the payment module 1005 is configured to execute an online payment operation according to the order payment request, and send an order payment instruction to the authentication server.

Fig. 10-a to fig. 10-c illustrate a first terminal according to an embodiment of the present invention, and then illustrate an authentication server interacting with the first terminal, please refer to fig. 11-a, where an authentication server 1100 according to an embodiment of the present invention includes: a receiving module 1101, a user information module 1102, a qualification acquisition module 1103, and a sending module 1104, wherein,

a receiving module 1101, configured to receive an authentication request sent by a first terminal;

a user information module 1102, configured to obtain authorization information of a user to be authenticated and an identity of the user to be authenticated from the authentication request;

a qualification obtaining module 1103, configured to obtain, after the authentication server successfully verifies the authorization information, qualification information corresponding to the user to be authenticated from a preconfigured qualification data source according to the identity of the user to be authenticated;

a sending module 1104, configured to send qualification information corresponding to the user to be authenticated to the first terminal.

In some embodiments of the present application, as shown in fig. 11-b, the authentication server further includes: an identity authentication module 1105 that, among other things,

the receiving module 1101 is further configured to receive, by the qualification acquisition module 1103, a login request sent by the first terminal through a service port corresponding to the authentication server before acquiring, according to the identity of the user to be authenticated, qualification information corresponding to the user to be authenticated from a preconfigured qualification data source;

the identity authentication module 1105 is configured to obtain user identity information corresponding to the first terminal from the login request; performing real-name authentication by using the user identity information corresponding to the first terminal; and after the first terminal real-name authentication passes, triggering and executing the qualification obtaining module 1103.

In some embodiments of the present application, as shown in fig. 11-c, the authentication server further includes: a payment processing module 1106 that, among other things,

the payment processing module 1106 is configured to determine whether the user to be authenticated has successfully paid after the authentication server verifies that the authorization information is successful;

the sending module 1104 is further configured to send an order payment request to the first terminal when the to-be-authenticated user does not complete payment;

the receiving module 1101 is further configured to receive an order payment instruction sent by the first terminal;

the payment processing module 1106 is further configured to store a payment result according to the order payment instruction, and then trigger execution of the qualification obtaining module.

In some embodiments of the present application, as shown in fig. 11-d, the qualification obtaining module 1103 includes:

an identity sending unit 11031, configured to send the identity of the user to be authenticated to at least two different qualification data sources, respectively;

a result receiving unit 11032, configured to receive qualification query results sent by the at least two different resource data sources respectively;

a qualification generating unit 11033, configured to generate qualification information corresponding to the user to be authenticated according to the received at least two different qualification query results.

In some embodiments of the present application, as shown in fig. 11-e, the authentication server 1100 further includes: a double encryption storage module 1107, wherein,

the dual encryption storage module 1107 is further configured to receive data sent by the qualification data source when the qualification data source adopts encryption transmission, and decrypt the received data to obtain qualification information corresponding to the user to be authenticated; and encrypting and storing the qualification information corresponding to the user to be authenticated.

In some embodiments of the present application, as shown in fig. 11-f, the authentication server further includes: a short message verification module 1108, wherein,

the sending module 1104 is further configured to send a short message verification request to the first terminal after the user information obtaining module obtains the authorization information of the user to be authenticated and the identity of the user to be authenticated from the authentication request;

the short message verification module 1108 is configured to receive a short message verification code sent by the first terminal; and triggering and executing the qualification obtaining module 1103 after the short message verification code is confirmed.

As can be seen from the above description of the embodiment of the present invention, the first terminal first obtains the authorization information of the user to be authenticated, then the first terminal sends an authentication request to the authentication server, the authentication server can obtain the authorization information of the user to be authenticated and the identity of the user to be authenticated from the authentication request, after the authentication server verifies the authorization information successfully, the authentication server obtains the qualification information corresponding to the user to be authenticated from the pre-configured qualification data source according to the identity of the user to be authenticated, the authentication server sends the qualification information corresponding to the user to be authenticated to the first terminal, the first terminal receives the qualification information sent by the authentication server, and finally, the first terminal performs qualification authentication on the user to be authenticated according to the qualification information. In the embodiment of the application, the first terminal can acquire the authorization information of the user to be authenticated first, then request for authentication from the authentication server based on the authorization information, the authentication server can verify whether the authorization information succeeds or not first, then acquire the qualification information corresponding to the user to be authenticated through interaction with the resource data source when the authentication succeeds, and the authentication server can also return the qualification information to the first terminal.

As shown in fig. 12, for convenience of description, only the parts related to the embodiment of the present invention are shown, and details of the specific technology are not disclosed, please refer to the method part of the embodiment of the present invention. The terminal may be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), a vehicle-mounted computer, etc., taking the terminal as the mobile phone as an example:

fig. 12 is a block diagram showing a partial structure of a cellular phone related to a terminal provided by an embodiment of the present invention. Referring to fig. 12, the handset includes: radio Frequency (RF) circuit 1010, memory 1020, input unit 1030, display unit 1040, sensor 1050, audio circuit 1060, wireless fidelity (WiFi) module 1070, processor 1080, and power source 1090. Those skilled in the art will appreciate that the handset configuration shown in fig. 12 is not intended to be limiting and may include more or fewer components than shown, or some components may be combined, or a different arrangement of components.

The following specifically describes each constituent component of the mobile phone with reference to fig. 12:

RF circuit 1010 may be used for receiving and transmitting signals during information transmission and reception or during a call, and in particular, for processing downlink information of a base station after receiving the downlink information to processor 1080; in addition, the data for designing uplink is transmitted to the base station. In general, RF circuit 1010 includes, but is not limited to, an antenna, at least one Amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, the RF circuitry 1010 may also communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to Global System for Mobile communication (GSM), general Packet Radio Service (GPRS), code Division Multiple Access (CDMA), wideband Code Division Multiple Access (WCDMA), long Term Evolution (LTE), email, short Messaging Service (SMS), and the like.

The memory 1020 can be used for storing software programs and modules, and the processor 1080 executes various functional applications and data processing of the mobile phone by operating the software programs and modules stored in the memory 1020. The memory 1020 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 1020 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The input unit 1030 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the cellular phone. Specifically, the input unit 1030 may include a touch panel 1031 and other input devices 1032. The touch panel 1031, also referred to as a touch screen, may collect touch operations by a user (e.g., operations by a user on or near the touch panel 1031 using any suitable object or accessory such as a finger, a stylus, etc.) and drive corresponding connection devices according to a preset program. Alternatively, the touch panel 1031 may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, and sends the touch point coordinates to the processor 1080, and can receive and execute commands sent by the processor 1080. In addition, the touch panel 1031 may be implemented by various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The input unit 1030 may include other input devices 1032 in addition to the touch panel 1031. In particular, other input devices 1032 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a track ball, a mouse, a joystick, or the like.

The display unit 1040 may be used to display information input by a user or information provided to the user and various menus of the cellular phone. The Display unit 1040 may include a Display panel 1041, and optionally, the Display panel 1041 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch panel 1031 can cover the display panel 1041, and when the touch panel 1031 detects a touch operation on or near the touch panel 1031, the touch operation is transmitted to the processor 1080 to determine the type of the touch event, and then the processor 1080 provides a corresponding visual output on the display panel 1041 according to the type of the touch event. Although in fig. 12, the touch panel 1031 and the display panel 1041 are two separate components to implement the input and output functions of the mobile phone, in some embodiments, the touch panel 1031 and the display panel 1041 may be integrated to implement the input and output functions of the mobile phone.

The handset may also include at least one sensor 1050, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 1041 according to the brightness of ambient light, and the proximity sensor may turn off the display panel 1041 and/or the backlight when the mobile phone moves to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in various directions (generally three axes), detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the gesture of the mobile phone (such as horizontal and vertical screen switching, related games, magnetometer gesture calibration), vibration recognition related functions (such as pedometer, tapping), and the like. As for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the mobile phone, further description is omitted here.

Audio circuitry 1060, speaker 1061, and microphone 1062 may provide an audio interface between a user and a cell phone. The audio circuit 1060 can transmit the electrical signal converted from the received audio data to the speaker 1061, and the electrical signal is converted into a sound signal by the speaker 1061 and output; on the other hand, the microphone 1062 converts the collected sound signal into an electrical signal, which is received by the audio circuit 1060 and converted into audio data, which is then processed by the audio data output processor 1080 and then sent to, for example, another cellular phone via the RF circuit 1010, or output to the memory 1020 for further processing.

WiFi belongs to short-distance wireless transmission technology, and the mobile phone can help the user to send and receive e-mail, browse web pages, access streaming media, etc. through the WiFi module 1070, which provides wireless broadband internet access for the user. Although fig. 12 shows the WiFi module 1070, it is understood that it does not belong to the essential constitution of the handset, and can be omitted entirely as needed within the scope not changing the essence of the invention.

The processor 1080 is the control center of the handset, connects various parts of the entire handset using various interfaces and lines, and performs various functions of the handset and processes data by running or executing software programs and/or modules stored in the memory 1020 and invoking data stored in the memory 1020. Optionally, processor 1080 may include one or more processing units; preferably, the processor 1080 may integrate an application processor, which handles primarily the operating system, user interfaces, applications, etc., and a modem processor, which handles primarily the wireless communications. It is to be appreciated that the modem processor described above may not be integrated into processor 1080.

The handset also includes a power source 1090 (e.g., a battery) for powering the various components, which may preferably be logically coupled to the processor 1080 via a power management system to manage charging, discharging, and power consumption via the power management system.

Although not shown, the mobile phone may further include a camera, a bluetooth module, etc., which will not be described herein.

In the embodiment of the present invention, the processor 1080 included in the terminal further has a flow for controlling the execution of the authentication method of the qualification information executed by the terminal.

Fig. 13 is a schematic diagram of a server structure provided by an embodiment of the present invention, which may have a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 1122 (e.g., one or more processors) and a memory 1132, and one or more storage media 1130 (e.g., one or more mass storage devices) for storing an application program 1142 or data 1144. Memory 1132 and storage media 1130 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 1130 may include one or more modules (not shown), each of which may include a series of instruction operations for the server. Still further, the central processor 1122 may be provided in communication with the storage medium 1130 to execute a series of instruction operations in the storage medium 1130 on the server.

The Server may also include one or more power supplies 1126, one or more wired or wireless network interfaces 1150, one or more input-output interfaces 1158, and/or one or more operating systems 1141, such as a Windows Server ^TM ，Mac OS X ^TM ，Unix ^TM ,Linux ^TM ，FreeBSD ^TM And so on.

The steps of the method for authenticating the qualification information performed by the server in the above embodiment may be based on the server structure shown in fig. 13.

It should be noted that the above-described embodiments of the apparatus are merely schematic, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. In addition, in the drawings of the embodiment of the apparatus provided by the present invention, the connection relationship between the modules indicates that there is a communication connection therebetween, and may be specifically implemented as one or more communication buses or signal lines. One of ordinary skill in the art can understand and implement it without inventive effort.

Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by software plus necessary general hardware, and may also be implemented by special hardware including special integrated circuits, special CPUs, special memories, special components and the like. Generally, functions performed by computer programs can be easily implemented by corresponding hardware, and specific hardware structures for implementing the same functions may be various, such as analog circuits, digital circuits, or dedicated circuits. However, the implementation of a software program is a more preferable embodiment for the present invention. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a readable storage medium, such as a floppy disk, a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk of a computer, and includes instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.

In summary, the above embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the above embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the above embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims

1. A method for authenticating qualification information, comprising:

the first terminal receives qualification information sent by the authentication server, and the qualification information is obtained by the authentication server from a qualification data source according to the identity of the user to be authenticated; the authentication server respectively sends the identity identification of the user to be authenticated to at least two different qualification data sources; the authentication server receives and compares the qualification inquiry results respectively sent by the at least two different resource data sources so as to screen out at least two different qualification inquiry results; the authentication server generates qualification information corresponding to the user to be authenticated according to the screened at least two different qualification inquiry results;

2. The method according to claim 1, wherein the obtaining, by the first terminal, the authorization information of the user to be authenticated comprises:

and the first terminal acquires the authorization information of the user to be authenticated from a second terminal, and the second terminal is controlled by the user to be authenticated.

3. The method according to claim 2, wherein the first terminal obtains the authorization information of the user to be authenticated from the second terminal, and the method comprises at least one of the following manners:

4. The method according to claim 1, wherein the obtaining, by the first terminal, the authorization information of the user to be authenticated comprises:

the first terminal establishes connection with the authentication server under the control of the user to be authenticated;

and the first terminal extracts the authorization information of the user to be authenticated from the control operation of the user to be authenticated.

5. The method according to any one of claims 1 to 4, wherein after the first terminal sends an authentication request to an authentication server, the method further comprises:

and the first terminal sends a login request to a service port corresponding to the authentication server, wherein the login request carries user identity information corresponding to the first terminal.

6. The method according to any one of claims 1 to 4, wherein after the first terminal sends an authentication request to an authentication server, the method further comprises:

the first terminal receives an order payment request sent by the authentication server;

and the first terminal executes online payment operation according to the order payment request and sends an order payment instruction to the authentication server.

7. A method for authenticating qualification information, comprising:

after the authentication server successfully verifies the authorization information, the authentication server respectively sends the identity identifiers of the user to be authenticated to at least two different qualification data sources; the authentication server receives and compares the qualification inquiry results respectively sent by the at least two different resource data sources so as to screen out at least two different qualification inquiry results; the authentication server generates qualification information corresponding to the user to be authenticated according to the screened at least two different qualification inquiry results;

8. The method according to claim 7, wherein before the authentication server obtains qualification information corresponding to the user to be authenticated from a pre-configured qualification data source according to the identity of the user to be authenticated, the method further comprises:

the authentication server receives a login request sent by the first terminal through a service port corresponding to the authentication server;

the authentication server acquires user identity information corresponding to the first terminal from the login request;

the authentication server performs real-name authentication by using the user identity information corresponding to the first terminal;

after the first terminal real name authentication passes, triggering and executing the following steps: and the authentication server acquires qualification information corresponding to the user to be authenticated from a pre-configured qualification data source according to the identity of the user to be authenticated.

9. The method of claim 7, wherein after the authentication server verifies that the authorization information is successful, the method further comprises:

the authentication server determines whether the user to be authenticated has paid successfully;

when the user to be authenticated does not finish payment, the authentication server sends an order payment request to the first terminal;

the authentication server receives an order payment instruction sent by the first terminal;

the authentication server stores a payment result according to the order payment instruction, and then triggers and executes the following steps: and the authentication server acquires qualification information corresponding to the user to be authenticated from a pre-configured qualification data source according to the identity of the user to be authenticated.

10. The method according to any one of claims 7 to 9, further comprising:

when the qualification data source adopts encryption transmission, the authentication server receives the data sent by the qualification data source and decrypts the received data to obtain the qualification information corresponding to the user to be authenticated;

and the authentication server encrypts and stores the qualification information corresponding to the user to be authenticated.

11. The method according to any one of claims 7 to 9, wherein after the authentication server obtains authorization information of a user to be authenticated and an identity of the user to be authenticated from the authentication request, the method further comprises:

the authentication server sends a short message verification request to the first terminal;

the authentication server receives a short message verification code sent by the first terminal;

after the short message verification code is confirmed, the following steps are triggered and executed: and the authentication server acquires qualification information corresponding to the user to be authenticated from a pre-configured qualification data source according to the identity of the user to be authenticated.

12. A terminal, characterized in that the terminal is specifically a first terminal, and the first terminal includes:

a sending module, configured to send an authentication request to an authentication server, where the authentication request includes: the authorization information of the user to be authenticated and the identity of the user to be authenticated;

the receiving module is used for receiving qualification information sent by the authentication server, and the qualification information is obtained by the authentication server from a qualification data source according to the identity of the user to be authenticated; the authentication server respectively sends the identity identification of the user to be authenticated to at least two different qualification data sources; the authentication server receives and compares the qualification inquiry results respectively sent by the at least two different resource data sources so as to screen out at least two different qualification inquiry results; the authentication server generates qualification information corresponding to the user to be authenticated according to the screened at least two different qualification inquiry results;

13. An authentication server, characterized in that the authentication server comprises:

the qualification obtaining module is used for obtaining qualification information corresponding to the user to be authenticated from a pre-configured qualification data source according to the identity of the user to be authenticated after the authentication server successfully verifies the authorization information; the authentication server respectively sends the identity identification of the user to be authenticated to at least two different qualification data sources; the authentication server receives and compares the qualification inquiry results respectively sent by the at least two different resource data sources so as to screen out at least two different qualification inquiry results; the authentication server generates qualification information corresponding to the user to be authenticated according to the screened at least two different qualification inquiry results; and the sending module is used for sending qualification information corresponding to the user to be authenticated to the first terminal.

14. A terminal, characterized in that the terminal is specifically a first terminal, and the first terminal includes: a processor and a memory;

the memory to store instructions;

the processor, configured to execute the instructions in the memory, to perform the method of any of claims 1 to 6.

15. An authentication server, characterized in that the authentication server comprises: a processor and a memory;

the memory to store instructions;

the processor, configured to execute the instructions in the memory, to perform the method of any of claims 7 to 11.

16. A computer-readable storage medium for storing a computer program for executing the method of authenticating qualification information of any one of claims 1 to 6, or for executing the method of authenticating qualification information of any one of claims 7 to 11.