CN111552942A

CN111552942A - Identity authentication method, system, device and computer storage medium

Info

Publication number: CN111552942A
Application number: CN202010346119.XA
Authority: CN
Inventors: 闫洪康; 李�昊; 吕亚明; 赵发; 刘保江
Original assignee: Beijing Sankuai Online Technology Co Ltd
Current assignee: Beijing Sankuai Online Technology Co Ltd
Priority date: 2020-04-27
Filing date: 2020-04-27
Publication date: 2020-08-18
Anticipated expiration: 2040-04-27
Also published as: CN111552942B

Abstract

The application discloses an identity authentication method, a system, a device and a computer storage medium, belonging to the field of business processing. The method comprises the following steps: the authentication server receives an authentication detection request sent by the service server, determines N identity authentication modes configured by a target service from service configuration information of the target service according to a service identifier of the target service carried by the authentication detection request, determines at least one available identity authentication mode from the N identity authentication modes, sends mode information of the at least one available identity authentication mode to the authentication terminal through the service server, and displays an available authentication mode list by the authentication terminal, wherein the available authentication mode list comprises the at least one available identity authentication mode. That is, the availability detection of the identity authentication mode is uniformly carried out by the authentication server, unavailable authentication modes can be screened out, only the available authentication modes are presented to the user, the possibility of authentication failure is reduced, and the authentication time is saved.

Description

Identity authentication method, system, device and computer storage medium

Technical Field

The present application relates to the field of service processing, and in particular, to a method, a system, an apparatus, and a computer storage medium for identity authentication.

Background

With the development of internet technology, in order to ensure data security of a user in a service processing process, a service party needs to perform identity authentication on the user to verify the authenticity of the user identity. Through identity authentication, the method is beneficial to establishing a perfect and reliable Internet credit basis between a business party and a user.

In the related art, when a user processes a service, a service server corresponding to the processed service generally performs identity authentication for the user. When a service server of a certain service receives an identity authentication request of a user, at least one authentication mode configured for the service needs to be determined first, and the at least one authentication mode is provided for an authentication terminal. The authentication terminal can adopt any one authentication mode to carry out identity authentication, and if the adopted authentication mode fails, the service server provides the next authentication mode so that the authentication terminal can adopt the next authentication mode to carry out identity authentication. Each authentication mode corresponds to an authentication channel, and the authentication channel is used for acquiring the identity authentication information of the user. The user's identity authentication information may exist in a data system of a bank or a communication operator, etc., and the authentication channel is a data channel for acquiring the user's identity authentication information from different data systems.

For different services, the service servers of different services need to perform authentication processing, so that the processing load of the service servers is increased. Moreover, in the authentication process, after one authentication mode fails to authenticate, other authentication modes are provided, which may increase the possibility of authentication failure, resulting in long time consumption of the authentication process.

Disclosure of Invention

The embodiment of the application provides an identity authentication method, an identity authentication system, an identity authentication device and a computer storage medium, which can be used for solving the problems that the processing load of a service server is large and the time consumption of an authentication process is long in the related technology. The technical scheme is as follows:

in a first aspect, an identity authentication method is provided, which is applied in an authentication server in an identity authentication system, where the identity authentication system further includes at least one service server accessing the authentication server, and the method includes:

receiving an authentication detection request sent by a service server, wherein the authentication detection request carries a service identifier of a target service, and the service server is any one of the at least one service server;

determining N identity authentication modes configured by the target service from service configuration information of the target service according to the service identifier of the target service, and determining at least one available identity authentication mode from the N identity authentication modes, wherein the available identity authentication mode refers to an identity authentication mode in which a corresponding authentication channel meets information acquisition requirements, and N is a positive integer;

and sending the mode information of the at least one available identity authentication mode to an authentication terminal through the service server, and displaying an available authentication mode list by the authentication terminal, wherein the available authentication mode list comprises the at least one available identity authentication mode.

Optionally, the determining at least one available identity authentication method from the N identity authentication methods includes:

for a reference authentication mode in the N identity authentication modes, determining at least one authentication channel corresponding to the reference authentication mode, where the at least one authentication channel is used to obtain identity authentication information required by the reference authentication mode, and the reference authentication mode is any one of the N identity authentication modes;

and if the authentication channel meeting the information acquisition requirement exists in the at least one authentication channel, determining that the reference authentication mode is an available identity authentication mode.

Optionally, the information acquisition requirement includes at least one of the following ways:

the communication quality of the authentication channel is greater than or equal to a communication quality threshold;

the access amount of the authentication channel in unit time is greater than or equal to the access amount threshold value;

the channel security of the authentication channel is above a security threshold.

Optionally, before determining at least one available identity authentication method from the N identity authentication methods, the method further includes:

determining an authentication mode configured by the target service from service configuration information of the target service, wherein the authentication mode comprises the N identity authentication modes;

detecting the availability of the authentication mode, wherein the availability of the authentication mode means that the available identity authentication mode exists in the N identity authentication modes included in the authentication mode;

and if the authentication mode is available, sending a first notification message to the service server, wherein the first notification message is used for indicating that the authentication mode of the target service is available, so that the service server controls the authentication terminal to display an identity authentication entry according to the first notification message, and the identity authentication entry is used for triggering to jump to a display page of the available authentication mode list.

Optionally, after the detecting the availability of the authentication mode, the method further includes:

and if the authentication mode is detected to be unavailable, sending a second notification message to the service server, wherein the second notification message is used for indicating that the authentication mode of the target service is unavailable.

Optionally, after the sending the mode information of the at least one available identity authentication mode to the authentication terminal through the service server, the method further includes:

if the authentication terminal fails to authenticate by using a first authentication mode, detecting the availability of the first authentication mode, wherein the first authentication mode is any identity authentication mode in the available authentication mode list;

if the first authentication mode is an available identity authentication mode, sending a third notification message to the service server;

the third notification message is used to indicate that the first authentication mode is available, so that the service server controls the authentication terminal to redisplay an authentication page corresponding to the first authentication mode according to the third notification message, and the authentication terminal continues to perform identity authentication by using the first authentication mode.

Optionally, the method further comprises:

if the first authentication mode is an unavailable identity authentication mode, sending a fourth notification message to the service server;

the fourth notification message is used to indicate that the first authentication mode is unavailable, so that the service server controls the authentication terminal to jump to a display page of the available authentication mode list according to the fourth notification message, so that the authentication terminal selects a second authentication mode from the available authentication mode list for identity authentication, where the second authentication mode is an identity authentication mode other than the first authentication mode in the available authentication mode list.

Optionally, before receiving the authentication detection request sent by the service server, the method further includes:

receiving a signing request sent by the service server, wherein the signing request carries a service identifier of the target service and service configuration information of the target service;

and correspondingly storing the target service identifier and the service configuration information of the target service in a signing service list according to the signing request, wherein the signing service list is used for storing the service information of the signing service, and the signing service is a service allowing the authentication server to carry out availability detection on the identity authentication mode.

In a second aspect, an identity authentication method is provided, which is applied in a service server in an identity authentication system, where the identity authentication system further includes an authentication server accessed by the service server, and the method includes:

sending an authentication detection request to the authentication server according to an identity authentication request of an authentication terminal, wherein the authentication detection request carries a service identifier of a target service;

receiving mode information of at least one available identity authentication mode sent by the authentication server, wherein the at least one available identity authentication mode is determined by the authentication server from N identity authentication modes configured by the target service, the available identity authentication mode refers to an identity authentication mode in which a corresponding authentication channel meets information acquisition requirements, and N is a positive integer;

and sending the mode information of the at least one available identity authentication mode to an authentication terminal, and displaying an available authentication mode list in an identity authentication interface of the target service by the authentication terminal, wherein the authentication mode list comprises the at least one available identity authentication mode.

Optionally, before receiving the mode information of at least one available identity authentication mode sent by the authentication server, the method further includes:

receiving a first notification message sent by the authentication server, where the first notification message is used to indicate that an authentication mode of the target service configuration is available, where the availability of the authentication mode refers to an available identity authentication mode existing in the N identity authentication modes included in the authentication mode;

and controlling the authentication terminal to display an identity authentication entry according to the first authentication notification, wherein the identity authentication entry is used for triggering to jump to a display page of the available authentication mode list.

Optionally, after the sending the mode information of the at least one available identity authentication mode to the authentication terminal, the method further includes:

if the authentication terminal fails to authenticate by using a first authentication mode, sending an authentication failure notice to the authentication server, wherein the authentication failure notice carries mode information of the first authentication mode, and the first authentication mode is any identity authentication mode in the available authentication mode list;

receiving a third notification message sent by the authentication server, wherein the third notification message is used for indicating that the first authentication mode is available;

and controlling the authentication terminal to redisplay an authentication page corresponding to the first authentication mode according to the third notification message, so that the authentication terminal continues to adopt the first authentication mode to perform identity authentication.

Optionally, after sending the authentication failure notification to the authentication server, the method further includes:

receiving a fourth notification message sent by the authentication server, wherein the fourth notification message is used for indicating that the first authentication mode is unavailable;

and controlling the authentication terminal to jump to a display page of the available authentication mode list according to the fourth notification message, so that the authentication terminal selects a second authentication mode from the available authentication mode list for identity authentication, wherein the second authentication mode is an identity authentication mode except the first authentication mode in the available authentication mode list.

Optionally, before sending the authentication detection request to the authentication server according to the identity authentication request of the authentication terminal, the method further includes:

sending a signing request to the authentication server, wherein the signing request carries the service identification of the target service and the service configuration information of the target service;

the signing request is used for requesting the authentication server to correspondingly store the target service identifier and the service configuration information of the target service in a signing service list, the signing service list is used for storing the service information of the signing service, and the signing service is a service allowing the authentication server to carry out availability detection on an identity authentication mode.

In a third aspect, an identity authentication system is provided, where the identity authentication system includes at least one service server, and an authentication server accessed by the at least one service server;

the authentication server is configured to execute the identity authentication method according to any one of the first aspect;

any one of the at least one service server is configured to execute the identity authentication method according to any one of the second aspects.

In a fourth aspect, an identity authentication apparatus is provided, configured in an authentication server in an identity authentication system, where the identity authentication system further includes at least one service server accessing the authentication server, and the apparatus includes:

a receiving module, configured to receive an authentication detection request sent by a service server, where the authentication detection request carries a service identifier of a target service, and the service server is any one of the at least one service server;

a first determining module, configured to determine, according to a service identifier of the target service, N identity authentication manners configured for the target service from service configuration information of the target service, and determine at least one available identity authentication manner from the N identity authentication manners, where the available identity authentication manner is an identity authentication manner in which a corresponding authentication channel meets an information acquisition requirement, and N is a positive integer;

a sending module, configured to send the mode information of the at least one available identity authentication mode to an authentication terminal through the service server, where the authentication terminal displays an available authentication mode list, where the available authentication mode list includes the at least one available identity authentication mode.

Optionally, the first determining module includes:

a first determining sub-module, configured to determine, for a reference authentication manner in the N identity authentication manners, at least one authentication channel corresponding to the reference authentication manner, where the at least one authentication channel is used to obtain identity authentication information required by the reference authentication manner, and the reference authentication manner is any one of the N identity authentication manners;

and the second determining submodule is used for determining that the reference authentication mode is an available identity authentication mode if an authentication channel meeting the information acquisition requirement exists in the at least one authentication channel.

Optionally, the apparatus further comprises:

a second determining module, configured to determine an authentication mode configured for the target service from service configuration information of the target service, where the authentication mode includes the N identity authentication manners;

the first detection module is used for detecting the availability of the authentication mode, wherein the availability of the authentication mode refers to the existence of an available identity authentication mode in the N identity authentication modes included in the authentication mode;

the sending module is further configured to send a first notification message to the service server if it is detected that the authentication mode is available, where the first notification message is used to indicate that the authentication mode of the target service is available, so that the service server controls the authentication terminal to display an identity authentication entry according to the first notification message, and the identity authentication entry is used to trigger a jump to a display page of the available authentication mode list.

Optionally, the sending module is further configured to:

Optionally, the apparatus further comprises:

a second detection module, configured to detect availability of a first authentication method if the authentication terminal fails to authenticate using the first authentication method, where the first authentication method is any one identity authentication method in the available authentication method list;

the sending module is further configured to send a third notification message to the service server if the first authentication manner is an available identity authentication manner;

Optionally, the sending module is further configured to:

Optionally, the apparatus further comprises:

the receiving module is configured to receive a subscription request sent by the service server, where the subscription request carries a service identifier of the target service and service configuration information of the target service;

and the storage module is used for correspondingly storing the target service identifier and the service configuration information of the target service in a signing service list according to the signing request, wherein the signing service list is used for storing the service information of the signing service, and the signing service is a service allowing the authentication server to carry out availability detection on the identity authentication mode.

In a fifth aspect, an identity authentication apparatus is provided, and is configured in a service server in an identity authentication system, where the identity authentication system further includes an authentication server accessed by the service server, and the apparatus includes:

the first sending module is used for sending an authentication detection request to the authentication server according to an identity authentication request of an authentication terminal, wherein the authentication detection request carries a service identifier of a target service;

a receiving module, configured to receive mode information of at least one available identity authentication mode sent by the authentication server, where the at least one available identity authentication mode is determined by the authentication server from N identity authentication modes configured by the target service, the available identity authentication mode is an identity authentication mode in which a corresponding authentication channel meets an information acquisition requirement, and N is a positive integer;

and the second sending module is used for sending the mode information of the at least one available identity authentication mode to an authentication terminal, and the authentication terminal displays an available authentication mode list in an identity authentication interface of the target service, wherein the authentication mode list comprises the at least one available identity authentication mode.

Optionally, the apparatus further comprises:

the receiving module is further configured to receive a first notification message sent by the authentication server, where the first notification message is used to indicate that an authentication mode of the target service configuration is available, and the availability of the authentication mode refers to that an available identity authentication mode exists in the N identity authentication modes included in the authentication mode;

and the control module is used for controlling the authentication terminal to display an identity authentication entry according to the first authentication notification, wherein the identity authentication entry is used for triggering to jump to a display page of the available authentication mode list.

Optionally, the second sending module is further configured to send an authentication failure notification to the authentication server if the authentication terminal fails to authenticate using a first authentication method, where the authentication failure notification carries mode information of the first authentication method, and the first authentication method is any one identity authentication method in the available authentication method list;

the receiving module is further configured to receive a third notification message sent by the authentication server, where the third notification message is used to indicate that the first authentication manner is available;

the control module is further configured to control the authentication terminal to redisplay the authentication page corresponding to the first authentication manner according to the third notification message, so that the authentication terminal continues to perform identity authentication in the first authentication manner.

Optionally, after sending the authentication failure notification to the authentication server,

the receiving module is further configured to receive a fourth notification message sent by the authentication server, where the fourth notification message is used to indicate that the first authentication method is unavailable;

the control module is further configured to control the authentication terminal to jump to a display page of the available authentication mode list according to the fourth notification message, so that the authentication terminal selects a second authentication mode from the available authentication mode list for identity authentication, where the second authentication mode is an identity authentication mode other than the first authentication mode in the available authentication mode list.

Optionally, before sending the authentication detection request to the authentication server according to the identity authentication request of the authentication terminal,

the first sending module is further configured to send a subscription request to the authentication server, where the subscription request carries the service identifier of the target service and the service configuration information of the target service;

In a sixth aspect, a server is provided, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to implement the identity authentication method of the first and second aspects.

In a seventh aspect, a computer-readable storage medium is provided, which stores instructions that, when executed by a processor, implement the identity authentication method according to the first and second aspects.

In an eighth aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of identity authentication of the first and second aspects above.

The beneficial effects brought by the technical scheme provided by the embodiment of the application at least comprise:

in the method, the service server is accessed into the authentication server by constructing the identity authentication system, the authentication server receives the authentication detection request sent by the service server, then the available identity authentication mode is determined from the N identity authentication modes configured by the target service, the available identity authentication mode is sent to the authentication terminal through the service server, and the authentication terminal displays the list of the available authentication modes, namely, the authentication server performs availability detection on the identity authentication modes uniformly, so that the processing burden of the service server can be reduced, and the detection efficiency is improved. In addition, unusable authentication modes can be screened out, only the usable authentication modes are presented to the user, the possibility of authentication failure is reduced, and the authentication time is saved.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic diagram of an identity authentication system provided in an embodiment of the present application;

fig. 2 is a flowchart of an identity authentication method provided in an embodiment of the present application;

fig. 3 is a flowchart of another identity authentication method provided in an embodiment of the present application;

fig. 4 is a block diagram of an identity authentication apparatus according to an embodiment of the present application;

fig. 5 is a block diagram of another identity authentication apparatus provided in an embodiment of the present application;

fig. 6 is a schematic structural diagram of a server according to an embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.

Before explaining the embodiments of the present application in detail, an application scenario of the embodiments of the present application will be described.

With the rapid development of the financial industry and the internet, users tend to perform related operations of financial services through authentication terminals such as mobile phones. For example, logging in a mobile phone client for network consumption, or canceling and handling business through internet banking. In order to further guarantee data security between a business party and a user, more and more off-line and on-line businesses gradually need to perform identity authentication. For example, in the business process of applying for bank card online or making online payment, identity authentication is required. The user passing the identity authentication has higher credibility, and the data security is greatly ensured.

Generally, the identity authentication procedure is as follows: the user uploads identity information which can reflect the real identity of the user to a data system of a bank or a communication operator and the like, wherein the identity information can be as follows: identification card numbers, identification card photos, photos or videos containing facial features, and the like. When a user pays through a terminal or transacts online business, if the transaction flow of the business needs to perform identity authentication on the user, the identity information of the user is acquired through an authentication channel, and the identity of the user is verified by comparing verification information input by the user with the acquired identity information, so that data safety and business safety are ensured.

The service servers used by the service background are different for different service parties, and the authentication servers needing to verify identity information are mutually independent when identity authentication is carried out. However, a plurality of service applications are often installed on one terminal, and when a user transacts different services, different service servers are required to respectively acquire identity information of the user for identity authentication.

For example, when the user applies for the mobile phone card, the service server of the communication operator acquires the identity information of the user through the authentication channel, and compares the identity authentication information input by the user with the acquired identity information to perform identity authentication. When the user carries out online payment, the identity authentication is carried out by the online payment service server. That is, in different service platforms, a user needs to perform identity authentication for many times, the identity authentication takes a long time, and different service servers have different capabilities of acquiring identity information through an authentication channel, so that service may not be performed or service may be interrupted due to delay in acquiring identity information or failure in acquiring identity information, and user experience is poor.

Based on this, the present application proposes an identity authentication method, which is applied to an identity authentication system, and then, the identity authentication system related to the present application is introduced first.

Referring to fig. 1, fig. 1 is a schematic diagram of an identity authentication system 100 provided in an embodiment of the present application, and as shown in fig. 1, the identity authentication system 100 includes a service party 101, a service server 102, an authentication server 103, and a plurality of different authentication channels 104.

At least one service software is installed on the authentication terminal, and different service software is service software of different service parties and corresponds to different service servers 102. The service server 102 is a background server of the service party, and is configured to execute the corresponding service, and store and process related data of the corresponding service. The business party is a company or an organization, and can be any object needing identity authentication service. The authentication channel 104 is a channel connected to a third-party data system such as a bank or an operator that stores user identity information.

The authentication server 103 is configured to provide an availability detection service in an identity authentication manner for the service server 102, and assist different services to flexibly complete identity authentication. The authentication server 103 can communicate with the service server 102 of each service to obtain information related to the service, and assist the service server 102 in performing identity authentication on a user performing the related service. On the other hand, a plurality of different authentication channels 104 can be used, and the identity authentication information of the user can be acquired through the authentication channels 104. The service with the identity authentication requirement can use the authentication server 103 to detect the availability of the authentication channel, provide an available authentication mode and acquire the identity authentication information only by completing the system signing process with the authentication server 103. That is, as long as the subscription is successful, the authentication server 103 may be used for identity authentication. In addition, the authentication server 103 provided by the present application may also provide other services, and is not limited to the identity authentication service.

It should be noted that, in the embodiment of the present application, the authentication terminal may be an electronic device such as a mobile phone, a desktop computer, a notebook computer, and the like, and fig. 1 is only an example of a mobile phone, and does not limit the embodiment of the present application. Furthermore, it should be understood that the services 1, 2, and 3, and the authentication channel 1, 2, and 3 shown in fig. 1 are for illustrative purposes only and do not constitute a limitation of the present application.

After the application scenario and the implementation environment of the present application are introduced, the identity authentication method provided in the present application will be explained in detail with reference to the drawings.

Referring to fig. 2, fig. 2 is a flowchart of an identity authentication method provided in an embodiment of the present application, where the identity authentication method is used in the identity authentication system shown in fig. 1, and the identity authentication system includes at least one service server and an authentication server accessed by the at least one service server. The method comprises the following steps:

step 201: and the service server sends an authentication detection request to the authentication server according to the identity authentication request of the authentication terminal, wherein the authentication detection request carries the service identifier of the target service.

The service server is any one of at least one service server accessing the authentication server. Different service servers are used to execute different services. The service identifier of the target service is used to uniquely identify the target service, and may be a service name or a service number of the target service, which is not limited in this embodiment of the present application. Optionally, the authentication detection request may further include authentication information of the user, where the authentication information may include identity information such as an identity card number of the user, face information, a registered service account, and a user fingerprint.

As an example, the authentication terminal is installed with at least one service software, and the user can use the service software to execute different services, where each service software corresponds to one service server. As another example, the authentication terminal may also execute the service through a web page, and the service server is a background server of the web page service.

In the process of executing the target service, if identity authentication is required, the authentication terminal may send an identity authentication request to a service server of the target service, where the identity authentication request is used to request identity authentication. After receiving the identity authentication request, the service server may send an authentication detection request to the authentication server according to the identity authentication request, where the authentication detection request is used to indicate whether an authentication mode configured by the target service detected by the authentication server is available.

Different services are pre-configured with different authentication modes, and the different authentication modes can include different authentication modes and other service related information.

As an example, the authentication terminal may send an identity authentication request to a service server of the target service when detecting application software for logging in the target service, and then trigger the service server to send an authentication detection request to the authentication server. Or, the authentication terminal may also send an identity authentication request to the service server of the target service when detecting that the terminal is about to enter the display interface of the identity authentication entry, and then trigger the service server to send an authentication detection request to the authentication server. Therefore, before the identity authentication entrance is displayed to the user, the authentication detection request can be sent to the authentication server, and the availability detection of the authentication mode can be completed through the authentication server.

As an example, before sending the authentication detection request, the service server needs to complete a subscription operation with the authentication server, so that it is determined through the subscription operation that the availability detection can be performed on the identity authentication manner through the authentication server when performing identity authentication.

As an example, the subscription process between the service server and the authentication server is as follows: and the service server sends a signing request to the authentication server, wherein the signing request carries the service identifier of the target service and the service configuration information of the target service. The authentication server receives the signing request, and correspondingly stores the target service identification and the service configuration information of the target service in a signing service list according to the signing request so as to determine the target service as the signing service.

The service configuration information of the target service may include relevant information such as an authentication mode configured for the target service. The signing request is used for requesting the authentication server to correspondingly store the target service identification and the service configuration information of the target service in a signing service list. The subscription service list is used for storing service information of the subscription service, and the subscription service refers to a service allowing the authentication server to perform availability detection on the identity authentication mode, that is, a service allowing the authentication server to perform availability detection on the identity authentication mode during identity authentication.

It should be noted that the service server accessing the authentication server is a service server that has signed a contract with the authentication server. At least one service server accessing the authentication server can detect the availability of the authentication mode through the same authentication server.

Please refer to table 1, where table 1 is a subscription service list provided in the present application. As shown in table 1, the service parties subscribed to the authentication server include service 1, service 2, and service 3. The authentication mode supported by the service 1 is as follows: element verification, binary verification and face verification; the authentication mode supported by the service 2 is as follows: element verification, three-element verification and fingerprint verification; the authentication modes supported by the service 3 are three-element verification and four-element verification.

TABLE 1

Signing service party	Authentication mode supported by service
		Service 1	Element verification, binary verification and face verification
Service 2	One-element verification, three-element verification and fingerprint verification
		Service 3	Three-element verification and four-element verification

The first element, the second element, the third element and the fourth element may be a registered account number, an identity card number, a mobile phone number or an identification code randomly generated during registration, and the like, which is not limited in the present application.

Step 202: and the authentication server receives an authentication detection request sent by the service server.

Step 203: the authentication server determines N identity authentication modes configured by the target service from the service configuration information of the target service according to the service identifier of the target service, and determines at least one available identity authentication mode from the N identity authentication modes.

The available identity authentication mode refers to an identity authentication mode in which the corresponding authentication channel meets the information acquisition requirement, that is, an available identity authentication mode of the corresponding authentication channel. Generally speaking, an available authentication mode is an identity authentication mode in which an authentication server can obtain identity authentication information through a corresponding authentication channel under current network conditions. The target service is any signed service signed with the authentication server. N is a positive integer.

As an example, whether the authentication mode is available may be determined by detecting whether an authentication channel corresponding to the authentication mode is available. For example, the implementation process of determining at least one available identity authentication mode from the N identity authentication modes includes: and determining at least one authentication channel corresponding to the reference authentication mode in the N identity authentication modes. And if the authentication channel meeting the information acquisition requirement exists in the at least one authentication channel, determining that the reference authentication mode is the available identity authentication mode. And if the authentication channel meeting the information acquisition requirement does not exist in the at least one authentication channel, determining that the reference authentication mode is an unavailable identity authentication mode.

The reference authentication mode is any one of N identity authentication modes, and the at least one authentication channel is used for acquiring identity authentication information required by the reference authentication mode. The authentication channel satisfying the information acquisition requirement is an available authentication channel, that is, an authentication channel capable of acquiring the identity authentication information under the current network condition.

The authentication channel may be connected to a third-party database such as a bank, a public security department, or an operator, so as to obtain the identity authentication information of the user from the third-party database, and further check the identity of the user, thereby ensuring the security of the online service data of the user. The authentication channel may also be another third-party channel capable of acquiring the identity authentication information, which is not limited in the present application.

The information acquisition requirement refers to a requirement that the identity authentication information of the user can be acquired. For example, the information acquisition requirement includes at least one of the following modes: the communication quality of the authentication channel is greater than or equal to a communication quality threshold; the access amount of the authentication channel in unit time is greater than or equal to the access amount threshold value; the channel security of the authentication channel is above a security threshold.

The communication quality threshold, the access amount threshold, and the security threshold may be set in advance. As an example, the communication quality may be determined according to a transmission rate when data is transmitted on the authentication channel, or may be determined according to an accuracy rate of the data transmitted on the authentication channel. The access amount is the number of times of obtaining the identity authentication information through the channel in unit time. Channel security may be determined by detecting the security of the interface that the authentication server obtains and authenticates the channel. The information acquisition requirement may be in other manners, which is not limited in this application.

Optionally, if the service server determines that there is no available authentication method from the N authentication methods, the service server is notified that there is no available authentication method, so that the service server determines the subsequent operation of the authentication terminal according to the notification. For example, the service server may determine, according to the notification, that the user is not to be authenticated for the moment, and the user may still continue to perform the subsequent service process. For another example, the service server may also directly interrupt the service flow and notify the authentication terminal that the current service is unavailable when the identity authentication of the user is not possible.

As an example, before determining at least one available authentication mode from the N authentication modes, the authentication server may further detect whether an authentication mode of the target service configuration is available, where the authentication mode of the target service configuration includes the N authentication modes. And when the authentication mode is determined to be available, triggering the authentication terminal to display an identity authentication entrance so that the user can enter an authentication mode through the identity authentication entrance to display a page. When the authentication mode is unavailable, the authentication terminal is triggered to hide the identity authentication entrance, so that the user can temporarily not perform identity authentication and continue to use other services provided by the service, thereby not interrupting the service flow.

It should be noted that, for a service that strongly depends on identity authentication, a user must perform identity authentication to continue subsequent operations, and if an identity authentication entry is not displayed, the service flow is interrupted. That is, if the authentication mode configured by the service is unavailable, the user may not use the service provided by the service. For the service with weak dependence on identity authentication, after hiding the identity authentication entrance, the user can still use the related service provided by the service, that is, if the authentication mode configured by the service is unavailable, the user does not need to perform identity authentication temporarily.

As an example, the authentication mode availability detection of the target service is implemented as follows: determining an authentication mode of target service configuration from service configuration information of the target service, wherein the authentication mode comprises N identity authentication modes; and detecting the availability of the authentication mode, wherein the availability of the authentication mode means that the available authentication mode exists in N authentication modes included in the authentication mode. And if the authentication mode is available, sending a first notification message to the service server, wherein the first notification message is used for indicating that the authentication mode of the target service is available, so that the service server controls the authentication terminal to display an identity authentication entry according to the first notification message, and the identity authentication entry is used for triggering to jump to a display page of an available authentication mode list. And if the authentication mode is detected to be unavailable, sending a second notification message to the service server, wherein the second notification message is used for indicating that the authentication mode of the target service is unavailable.

In the detection process of the authentication mode, the authentication server determines whether an identity authentication entrance needs to be presented for the user on the authentication terminal by detecting whether the authentication mode of the target service is available, so that identity authentication can be performed under the condition that the user is ensured to be available in the authentication mode. That is, the method and the device for identity authentication avoid directly presenting an identity authentication entry, but a user cannot perform identity authentication after entering an identity authentication page and stays in the page all the time, the service flow is interrupted, and user experience is improved.

Step 204: the authentication server sends at least one type of mode information of available identity authentication modes to the service server.

The mode information of the at least one available identity authentication mode is used to indicate the at least one available identity authentication mode, and may be a mode name or a mode number of the at least one available identity authentication mode, which is not limited in this embodiment of the present application.

Step 205: the service server receives at least one mode information of available identity authentication modes.

Step 206: the service server sends the mode information of at least one available identity authentication mode to the authentication terminal, and the authentication terminal displays an available authentication mode list in an identity authentication interface of the target service, wherein the authentication mode list comprises at least one available identity authentication mode.

That is, the authentication server may send the mode information of at least one available authentication mode to the authentication terminal through the service server, and the authentication terminal displays the available authentication mode list.

Whether the authentication mode is available is detected through the authentication server, and only the available authentication mode is presented to the user, so that the possibility of authentication failure caused by the unavailability of the selected authentication mode in the authentication process can be reduced, the problem of long authentication time consumption caused by the authentication failure is further reduced, the authentication efficiency is improved, and the user can conveniently perform identity authentication.

After the authentication server sends the mode information of at least one available identity authentication mode to the authentication terminal through the service server, the availability of the authentication mode needs to be detected in real time in the authentication process so as to ensure that the identity authentication process of the authentication terminal is smoothly carried out.

As an example, after sending at least one type of mode information of available identity authentication mode to the authentication terminal through the service server, the service server needs to perform the following operations:

(1) if the authentication terminal fails to authenticate by using the first authentication mode, detecting the availability of the first authentication mode, wherein the first authentication mode is any identity authentication mode in an available authentication mode list; if the first authentication mode is an available identity authentication mode, sending a third notification message to the service server; after receiving the third notification message, the service server may control the authentication terminal to redisplay the authentication page corresponding to the first authentication method according to the third notification message, so that the authentication terminal continues to perform identity authentication in the first authentication method.

The third notification message is used for indicating that the first authentication mode is available, so that the service server controls the authentication terminal to redisplay an authentication page corresponding to the first authentication mode according to the third notification message, and the authentication terminal continues to perform identity authentication by using the first authentication mode.

That is, according to the method and the device, after the user selects the first authentication mode to perform identity authentication, if the first authentication mode fails, the availability of the first authentication mode is preferentially detected, so that the authentication mode preferred by the user is ensured, and the identity authentication mode is more in line with the actual selection of the user.

(2) If the first authentication mode is an unavailable identity authentication mode, sending a fourth notification message to the service server; after receiving the fourth notification message, the service server may control the authentication terminal to skip to the display page of the available authentication mode list according to the fourth notification message, so that the authentication terminal selects the second authentication mode from the available authentication mode list for identity authentication.

The fourth notification message is used for indicating that the first authentication mode is unavailable, so that the service server controls the authentication terminal to jump to a display page of the available authentication mode list according to the fourth notification message, and the authentication terminal selects the second authentication mode from the available authentication mode list to perform identity authentication. The second authentication mode is an identity authentication mode except the first authentication mode in the available authentication mode list.

That is, if it is detected that the first authentication mode selected by the user is unavailable, the user returns to the display page of the available authentication mode list, so that the user can reselect the authentication mode, and the service flow is not interrupted.

Since the availability of the authentication method is dynamically changed, the availability of the authentication method may change under different network conditions. Therefore, if the first authentication mode is an unavailable authentication mode, the authentication server can also re-determine the available authentication mode before sending the fourth notification message to the authentication terminal through the service server, and notify the service server through the fourth notification message, so that the re-determined available authentication mode is displayed after the authentication terminal jumps to the display page of the available authentication mode list.

In the embodiment of the application, the service server is accessed into the authentication server by constructing the identity authentication system, the authentication server receives the authentication detection request sent by the service server, then the available identity authentication mode is determined from the N identity authentication modes configured by the target service, the available identity authentication mode is sent to the authentication terminal through the service server, and the authentication terminal displays the list of the available authentication modes, namely, the authentication server performs availability detection on the identity authentication modes uniformly, so that the processing burden of the service server can be reduced, and the detection efficiency is improved. In addition, unusable authentication modes can be screened out, only the usable authentication modes are presented to the user, the possibility of authentication failure is reduced, and the authentication time is saved. Secondly, in the present application, when it is detected that one authentication mode fails, the authentication terminal may be further controlled to jump to a display page of the available authentication mode list, so that the authentication terminal may reselect the authentication mode from the available authentication mode list, and thus the service flow is not interrupted.

Referring to fig. 3, fig. 3 is a flowchart of another identity authentication method according to an embodiment of the present invention, where the method is used in the identity authentication system 100 shown in fig. 1, and as shown in fig. 3, the method includes the following steps:

step 301: and the service server sends a signing request to the authentication server, wherein the signing request carries the service identifier of the target service and the service configuration information of the target service.

Step 302: the authentication server receives a signing request sent by the service server, and correspondingly stores a target service identifier and service configuration information of the target service in a signing service list according to the signing request.

The subscription service list is used for storing service information of the subscription service, and the subscription service refers to a service allowing an identity authentication mode to be subjected to availability detection through an authentication server.

Step 303: and according to the identity authentication request of the authentication terminal, the service server sends an authentication detection request to the authentication server, wherein the authentication detection request carries the service identifier of the target service.

Step 304: and the authentication server receives an authentication detection request sent by the service server and detects the availability of the authentication mode of the target service.

The authentication detection request carries a service identifier of a target service, and the service server is any one of at least one service server signed with the authentication server.

Step 305: and if the authentication mode is detected to be available, sending a first notification message to the service server.

The first notification message is used for indicating that the authentication mode of the target service is available, so that the service server controls the authentication terminal to display an identity authentication entry according to the first notification message, and the identity authentication entry is used for triggering to jump to a display page of the available authentication mode list.

Optionally, step 305 may also be replaced by: and if the authentication mode is detected to be unavailable, sending a second notification message to the service server, wherein the second notification message is used for indicating that the authentication mode of the target service is unavailable.

Step 306: and the service server receives the first notification message and controls the authentication terminal to display an identity authentication entry according to the first notification message, wherein the identity authentication entry is used for triggering to jump to a display page of the available authentication mode list.

Optionally, step 306 may also be replaced with: and the service server receives the second notification message and controls the authentication terminal to hide the identity authentication entrance according to the second notification message.

Step 307: the authentication terminal displays an identity authentication entry.

Or, the authentication terminal hides the identity authentication entrance.

Step 308: and under the condition that the authentication mode is detected to be available, the authentication server sends at least one type of mode information of available identity authentication modes to the service server.

The at least one available identity authentication mode is determined by the authentication server from N identity authentication modes configured by the target service, the available identity authentication mode refers to an identity authentication mode in which a corresponding authentication channel meets the information acquisition requirement, and N is a positive integer.

Step 309: the service server receives at least one type of mode information of available identity authentication mode sent by the authentication server, and sends the at least one type of mode information of available identity authentication mode to the authentication terminal.

Step 310: the authentication terminal receives at least one type of mode information of available identity authentication modes, and displays an available authentication mode list according to the mode information.

Wherein, the available authentication mode list comprises at least one available identity authentication mode.

It should be noted that, after the authentication terminal displays the list of available authentication manners, the user may optionally perform authentication in one of the at least one available authentication manner. When the authentication mode selected by the user fails, the following steps 311 and 313 are also required to be executed to implement the degradation processing of the identity authentication and avoid the service interruption.

Step 311: and if the authentication terminal fails to authenticate by using the first authentication mode, the service server sends an authentication failure notice to the authentication server.

The authentication failure notification carries mode information of a first authentication mode, and the first authentication mode is any identity authentication mode in an available authentication mode list.

Step 312: and the authentication server receives an authentication failure notice sent by the service server, detects the availability of the first authentication mode, and sends a third notice message to the service server if the first authentication mode is an available identity authentication mode.

Optionally step 312 may also be replaced by: and the authentication server receives an authentication failure notice sent by the service server, detects the availability of the first authentication mode, and sends a fourth notice message to the authentication terminal through the service server if the first authentication mode is an unavailable identity authentication mode.

The fourth notification message is used for indicating that the first authentication mode is unavailable, so that the service server controls the authentication terminal to jump to a display page of the available authentication mode list according to the fourth notification message, the authentication terminal selects a second authentication mode from the available authentication mode list for identity authentication, and the second authentication mode is an identity authentication mode except the first authentication mode in the available authentication mode list.

Step 313: and the service server receives the third notification message sent by the authentication server, and controls the authentication terminal to redisplay the authentication page corresponding to the first authentication mode according to the third notification message.

Alternatively, step 313 may be replaced with: and the service server receives a fourth notification message sent by the authentication server, and controls the authentication terminal to jump to a display page of the available authentication mode list according to the fourth notification message.

Step 314: and the authentication terminal redisplays the first authentication mode and continues to adopt the first authentication mode to carry out identity authentication.

Similarly, step 314 may be replaced with: and the authentication terminal jumps to a display page of the available authentication mode list and selects a second authentication mode from the available authentication mode list to carry out identity authentication.

Referring to fig. 4, fig. 4 is a block diagram of an identity authentication apparatus 400 according to an embodiment of the present application, where the apparatus 400 is configured in an authentication server in an identity authentication system, the identity authentication system further includes at least one service server accessing the authentication server, and the apparatus 400 includes:

a receiving module 401, configured to receive an authentication detection request sent by a service server, where the authentication detection request carries a service identifier of a target service, and the service server is any one of at least one service server;

a first determining module 402, configured to determine, according to a service identifier of a target service, N identity authentication manners configured for the target service from service configuration information of the target service, and determine at least one available identity authentication manner from the N identity authentication manners, where the available identity authentication manner is an identity authentication manner in which a corresponding authentication channel meets an information acquisition requirement, and N is a positive integer;

a sending module 403, configured to send the mode information of the at least one available identity authentication mode to the authentication terminal through the service server, where the authentication terminal displays an available authentication mode list, where the available authentication mode list includes the at least one available identity authentication mode.

Optionally, the first determining module 402 includes:

the first determining sub-module is used for determining at least one authentication channel corresponding to a reference authentication mode in the N identity authentication modes, wherein the at least one authentication channel is used for acquiring identity authentication information required by the reference authentication mode, and the reference authentication mode is any one of the N identity authentication modes;

and the second determining submodule is used for determining that the reference authentication mode is the available identity authentication mode if the authentication channel meeting the information acquisition requirement exists in the at least one authentication channel.

Optionally, the apparatus 400 further includes:

the second determining module is used for determining an authentication mode of the target service configuration from the service configuration information of the target service, wherein the authentication mode comprises N identity authentication modes;

the first detection module is used for detecting the availability of an authentication mode, wherein the availability of the authentication mode refers to the existence of an available identity authentication mode in N identity authentication modes included in the authentication mode;

the sending module 403 is further configured to send a first notification message to the service server if it is detected that the authentication mode is available, where the first notification message is used to indicate that the authentication mode of the target service is available, so that the service server controls the authentication terminal to display an identity authentication entry according to the first notification message, and the identity authentication entry is used to trigger a jump to a display page of the available authentication mode list.

Optionally, the sending module 403 is further configured to:

Optionally, the apparatus 400 further includes:

the second detection module is used for detecting the availability of the first authentication mode if the authentication terminal fails to authenticate by using the first authentication mode, wherein the first authentication mode is any one identity authentication mode in the available authentication mode list;

the sending module 403 is further configured to send a third notification message to the service server if the first authentication manner is the available identity authentication manner;

Optionally, the sending module 403 is further configured to:

Optionally, the apparatus 400 further includes:

a receiving module 401, configured to receive a subscription request sent by a service server, where the subscription request carries a service identifier of a target service and service configuration information of the target service;

and the storage module is used for correspondingly storing the target service identification and the service configuration information of the target service in a signing service list according to the signing request, wherein the signing service list is used for storing the service information of the signing service, and the signing service refers to a service which allows an authentication server to carry out availability detection on an identity authentication mode.

It should be noted that: in the identity authentication device provided in the above embodiment, only the division of the functional modules is illustrated when performing identity authentication, and in practical applications, the function distribution may be completed by different functional modules as needed, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. In addition, the identity authentication device configured in the authentication server provided in the above embodiments belongs to the same concept as the identity authentication method embodiment applied in the authentication server, and the specific implementation process thereof is described in the method embodiment and is not described herein again.

Referring to fig. 5, fig. 5 is a block diagram of an identity authentication apparatus 500 according to an embodiment of the present application, where the apparatus 500 is configured in a service server in an identity authentication system, and the identity authentication system further includes an authentication server accessed by the service server, and the apparatus 500 includes:

a first sending module 501, configured to send an authentication detection request to an authentication server according to an identity authentication request of an authentication terminal, where the authentication detection request carries a service identifier of a target service;

a receiving module 502, configured to receive mode information of at least one available identity authentication mode sent by an authentication server, where the at least one available identity authentication mode is determined by the authentication server from N identity authentication modes configured by a target service, the available identity authentication mode is an identity authentication mode in which a corresponding authentication channel meets an information acquisition requirement, and N is a positive integer;

a second sending module 503, configured to send the mode information of the at least one available identity authentication mode to the authentication terminal, where the authentication terminal displays an available authentication mode list in an identity authentication interface of the target service, where the authentication mode list includes the at least one available identity authentication mode.

Optionally, the apparatus 500 further includes:

the receiving module 502 is further configured to receive a first notification message sent by the authentication server, where the first notification message is used to indicate that an authentication mode of the target service configuration is available, and the availability of the authentication mode refers to that an available identity authentication mode exists in N identity authentication modes included in the authentication mode;

Optionally, after sending the at least one type of information of usable identity authentication mode to the authentication terminal,

the second sending module 503 is further configured to send an authentication failure notification to the authentication server if the authentication terminal fails to authenticate using the first authentication method, where the authentication failure notification carries mode information of the first authentication method, and the first authentication method is any one identity authentication method in the available authentication method list;

a receiving module 502, configured to receive a third notification message sent by the authentication server, where the third notification message is used to indicate that the first authentication manner is available;

and the control module is further used for controlling the authentication terminal to redisplay the authentication page corresponding to the first authentication mode according to the third notification message, so that the authentication terminal continues to adopt the first authentication mode for identity authentication.

the receiving module 502 is further configured to receive a fourth notification message sent by the authentication server, where the fourth notification message is used to indicate that the first authentication method is unavailable;

and the control module is further used for controlling the authentication terminal to jump to a display page of the available authentication mode list according to the fourth notification message, so that the authentication terminal selects a second authentication mode from the available authentication mode list for identity authentication, wherein the second authentication mode is an identity authentication mode except the first authentication mode in the available authentication mode list.

the first sending module 501 is further configured to send a subscription request to the authentication server, where the subscription request carries a service identifier of the target service and service configuration information of the target service;

the signing request is used for requesting the authentication server to correspondingly store the target service identification and the service configuration information of the target service in a signing service list, the signing service list is used for storing the service information of the signing service, and the signing service is a service allowing the authentication server to carry out availability detection on the identity authentication mode.

It should be noted that: in the identity authentication device provided in the above embodiment, only the division of the functional modules is illustrated when performing identity authentication, and in practical applications, the function distribution may be completed by different functional modules as needed, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. In addition, the identity authentication apparatus configured in the service server provided in the foregoing embodiment belongs to the same concept as the identity authentication method embodiment applied in the service server, and the specific implementation process thereof is described in the method embodiment and is not described herein again.

Fig. 6 is a schematic structural diagram of a server 600 according to an embodiment of the present invention, where the server 600 may generate a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 601 and one or more memories 602, where at least one instruction is stored in the memory 602, and the at least one instruction is loaded and executed by the processor 601 to implement the identity authentication method provided by each method embodiment. Of course, the server 600 may also have components such as a wired or wireless network interface, a keyboard, and an input/output interface, so as to perform input and output, and the server 600 may also include other components for implementing the functions of the device, which is not described herein again.

In an exemplary embodiment, an identity authentication system is also provided, which includes at least one service server, and an authentication server accessed by the at least one service server. Wherein, the authentication server and the obligation server are used for executing the identity authentication method shown in the embodiment of fig. 2; or to perform the identity authentication method shown in the embodiment of fig. 3.

In an exemplary embodiment, a computer-readable storage medium is also provided, which has instructions stored thereon, which when executed by a processor, implement the above-described identity authentication method.

In an exemplary embodiment, a computer program product is also provided for implementing the above-described identity authentication method when executed.

It should be understood that reference to "a plurality" herein means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.

It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.

The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims

1. An identity authentication method, applied to an authentication server in an identity authentication system, the identity authentication system further comprising at least one service server accessing the authentication server, the method comprising:

2. The method according to claim 1, wherein the determining at least one available authentication method from the N authentication methods comprises:

3. The method of claim 1, wherein the information acquisition requirement comprises at least one of:

4. The method according to any of claims 1-3, wherein before determining at least one available authentication means from the N authentication means, further comprising:

5. The method of claim 4, wherein after detecting the availability of the authentication mode, further comprising:

6. The method according to any one of claims 1 to 3, wherein after the sending the at least one type of available identity authentication mode information to the authentication terminal via the service server, the method further comprises:

7. The method of claim 6, wherein the method further comprises:

8. The method according to any of claims 1-3, wherein before receiving the authentication detection request sent by the service server, the method further comprises:

9. An identity authentication method is applied to a service server in an identity authentication system, the identity authentication system further comprises an authentication server accessed by the service server, and the method comprises the following steps:

10. The method according to claim 9, wherein before receiving the mode information of the at least one available authentication mode sent by the authentication server, the method further comprises:

11. The method according to claim 9, wherein after sending the at least one available authentication mode information to the authentication terminal, the method further comprises:

12. The method of claim 11, wherein after sending the authentication failure notification to the authentication server, further comprising:

13. The method according to any one of claims 9-12, wherein before sending the authentication detection request to the authentication server according to the identity authentication request of the authentication terminal, the method further comprises:

14. An identity authentication system is characterized in that the identity authentication system comprises at least one service server and an authentication server accessed by the at least one service server;

the authentication server is used for executing the identity authentication method of any one of claims 1 to 8;

any service server of the at least one service server, configured to execute the identity authentication method according to any one of claims 9 to 13.

15. An identity authentication apparatus configured in an authentication server in an identity authentication system, the identity authentication system further including at least one service server accessing the authentication server, the apparatus comprising:

16. An identity authentication apparatus configured in a service server in an identity authentication system, the identity authentication system further including an authentication server to which the service server accesses, the apparatus comprising:

17. A server, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to implement the steps of the method of any one of the above claims 1 to 8 or to implement the steps of the method of any one of the above claims 9 to 13.

18. A computer readable storage medium having stored thereon instructions for performing the steps of the method of any one of claims 1 to 8 or for performing the steps of the method of any one of claims 9 to 13 when executed.