CN111786931B

CN111786931B - Identity authentication method and device

Info

Publication number: CN111786931B
Application number: CN201910267496.1A
Authority: CN
Inventors: 曾文举; 武建军; 李美丰
Original assignee: Beijing Dexin Orient Network Technology Co ltd
Current assignee: Beijing Dexin Orient Network Technology Co ltd
Priority date: 2019-04-03
Filing date: 2019-04-03
Publication date: 2022-08-02
Anticipated expiration: 2039-04-03
Also published as: CN111786931A

Abstract

The embodiment of the application provides an identity authentication method and device, wherein the method comprises the following steps: determining whether identity authentication information stored by a client is about to expire or not; when the identity authentication information is determined to be about to expire, determining a first data request message from the currently unprocessed data request message, wherein the first data request message is a part of the currently unprocessed data request message; and requesting new identity authentication information from a server according to the first data request message. The identity authentication method and device can avoid that the user cannot acquire the requested data due to failure of the identity authentication mechanism, further avoid system breakdown and improve user experience.

Description

Identity authentication method and device

Technical Field

The present application relates to the field of computer application technologies, and more particularly, to a method and an apparatus for identity authentication.

Background

With the development of computer technology, the process of sending data requests between a client and a server by identity authentication information becomes more and more important. Generally, after a user logs in a client for the first time, a server will issue an identity authentication message and return the identity authentication message to the client, and then the user only needs to take the identity authentication message when requesting data from the client, and does not need to take a user name and a password. In order to prevent others from requesting data using the authentication information, the authentication information generally has a validity period, which may be set to 2 hours, for example. When the identity authentication information is expired, if data is requested after 2 hours, when a client needs to process a plurality of data request messages at the same time, the identity authentication mechanism fails, the currently unprocessed data request messages cannot be responded, so that the user may not acquire the requested data, the system may be seriously crashed, and the user experience is reduced.

Therefore, a scheme capable of avoiding the failure of the identity authentication mechanism and improving the user experience is required to be provided.

Disclosure of Invention

The application provides an identity authentication method and device, which can avoid the failure of an identity authentication mechanism and improve the user experience.

In a first aspect, a method for identity authentication is provided, including: determining whether identity authentication information stored by a client is about to expire or not; when the identity authentication information is determined to be about to expire, determining a first data request message from the currently unprocessed data request message, wherein the first data request message is a part of the currently unprocessed data request message; and requesting new identity authentication information from a server according to the first data request message.

According to the identity authentication method, when the fact that the identity authentication information stored by the client is about to expire is determined, part of data request messages in the data request messages which are not processed currently are processed, the situation that the data request messages which are not processed currently cannot be responded when an identity authentication mechanism suddenly fails, and therefore a user cannot acquire the requested data can be avoided, further, system breakdown can be avoided, and user experience is improved.

With reference to the first aspect, in a possible implementation manner of the first aspect, the determining a first data request message from currently unprocessed data request messages includes: determining a processing order of the currently unprocessed data request messages; determining a first processed data request message as the first data request message.

With reference to the first aspect, in a possible implementation manner of the first aspect, the determining a processing order of the currently unprocessed data request messages includes: determining a processing order of the currently unprocessed data request messages according to at least one of the following information: reception time information of the data request message, address information of a terminal that transmits the data request message, priority information of a user, and type/size information of the request data.

In the identity authentication method provided by the application, the processing order of the currently unprocessed data request message is determined according to the information, and new identity authentication information can be requested to the server according to the first data request message which is processed preferentially, so that a specific user can receive the requested data in time, and the user experience is improved.

With reference to the first aspect, in a possible implementation manner of the first aspect, the method further includes: determining whether the identity authentication information is expired; wherein, the requesting new identity authentication information from the server according to the first data request message includes: and when the identity authentication information is determined to be out of date, requesting new identity authentication information from a server according to the first data request message.

In the identity authentication method provided by the application, when the client determines that the locally stored identity authentication information is about to expire, the client can avoid requesting new identity authentication information when the identity authentication information is about to expire but not yet by further determining whether the current identity authentication information is expired or not and requesting new identity authentication information from the server according to the first data request message only when the identity authentication information is expired, so that the efficiency of processing the data request message by the client can be improved, and the waste of broadband resources can be avoided.

With reference to the first aspect, in a possible implementation manner of the first aspect, when a server successfully requests new identity authentication information according to the first data request message, the method further includes: updating the identity authentication information stored by the client to the new identity authentication information; and performing data request processing on the currently unprocessed data request message according to the new identity authentication information.

With reference to the first aspect, in a possible implementation manner of the first aspect, the performing, according to the new identity authentication information, data request processing on the currently unprocessed data request message includes: determining the number of the current unprocessed data request messages; when the number of the current unprocessed data request messages is smaller than or equal to a first threshold value, performing data request processing on the current unprocessed data request messages; and/or when the current unprocessed data request is larger than the first threshold value, processing the data request of the current unprocessed data request message in batches, wherein the number of the data request messages processed in each batch is smaller than or equal to the first threshold value.

With reference to the first aspect, in a possible implementation manner of the first aspect, when a server does not successfully request new identity authentication information according to the first data request message, the method further includes: determining a second data request message from the currently unprocessed data request in addition to the first data request message; and requesting new identity authentication information from a server according to the second data request message.

With reference to the first aspect, in a possible implementation manner of the first aspect, the determining whether identity authentication information saved by the client is about to expire includes: acquiring the storage time of the identity authentication information; and determining whether the identity authentication information is about to expire or not according to the storage time and the current time of the identity authentication information.

With reference to the first aspect, in a possible implementation manner of the first aspect, the determining whether the identity authentication information is about to expire by using the storage time and the current time of the identity authentication information includes: comparing the storage time of the identity authentication information with the current time; if the difference value between the current time and the storage time of the identity authentication information is larger than or equal to a second threshold value, determining that the identity authentication information is about to expire; and if the difference value between the current time and the storage time of the identity authentication information is smaller than the second threshold value, determining that the identity authentication information is not about to expire.

With reference to the first aspect, in a possible implementation manner of the first aspect, the determining whether the identity authentication information is expired includes: acquiring a response status code of the identity authentication information; and determining whether the identity authentication information is expired or not according to the response status code.

With reference to the first aspect, in a possible implementation manner of the first aspect, the determining whether the identity authentication information is expired according to the response status code includes: comparing the response state code with a formulated response state code table; and determining whether the identity authentication information is overdue or not according to the comparison result.

With reference to the first aspect, in a possible implementation manner of the first aspect, the identity authentication information is a token.

In a second aspect, there is provided an apparatus for identity authentication, including means for performing the method of the first aspect or any possible implementation manner thereof.

In a third aspect, the present application further provides a client, including the above identity authentication apparatus.

In a fourth aspect, the present application further provides a computer-readable storage medium storing computer-executable instructions configured to perform the method for identity authentication described above.

In a fifth aspect, the present application also provides a computer program product comprising a computer program stored on a computer-readable storage medium, the computer program comprising program instructions which, when executed by a computer, cause the computer to perform the method of identity authentication described above.

In a sixth aspect, the present application further provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions, when executed by the at least one processor, cause the at least one processor to perform the method of identity authentication described above.

Drawings

One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the accompanying drawings and not in limitation thereof, in which elements having the same reference numeral designations are shown as like elements and not in limitation thereof, and wherein:

FIG. 1 is a schematic diagram of a scenario in which the solution of an embodiment of the present application is applied;

FIG. 2 is a schematic flow chart diagram of a method of identity authentication provided in accordance with one embodiment of the present application;

FIG. 3 is a schematic flow chart diagram of a method of identity authentication provided in accordance with another embodiment of the present application;

FIG. 4 is a schematic flow chart diagram of a method of identity authentication provided in accordance with yet another embodiment of the present application;

FIG. 5 is a schematic flow chart diagram of a method of identity authentication provided in accordance with yet another embodiment of the present application;

FIG. 6 is a schematic flow chart diagram of a method of identity authentication provided in accordance with yet another embodiment of the present application;

FIG. 7 is a schematic flow chart diagram of a method of identity authentication provided in accordance with yet another embodiment of the present application;

FIG. 8 is a schematic flow chart diagram of a method of identity authentication provided in accordance with yet another embodiment of the present application;

FIG. 9 is a schematic block diagram of an apparatus for identity authentication provided in accordance with one embodiment of the present application;

FIG. 10 is a schematic block diagram of an apparatus for identity authentication provided in accordance with another embodiment of the present application;

FIG. 11 is a schematic block diagram of an apparatus for identity authentication provided in accordance with yet another embodiment of the present application;

FIG. 12 is a schematic block diagram of an apparatus for identity authentication provided in accordance with yet another embodiment of the present application;

FIG. 13 is a schematic block diagram of an apparatus for identity authentication provided in accordance with yet another embodiment of the present application;

FIG. 14 is a schematic block diagram of an apparatus for identity authentication provided in accordance with yet another embodiment of the present application;

fig. 15 is a schematic structural diagram of an electronic device provided according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application are described below with reference to the accompanying drawings. It should be understood that the specific examples in this specification are provided solely to assist those skilled in the art in better understanding the embodiments of the present application and are not intended to limit the scope of the embodiments of the present application.

It should be understood that, in the various embodiments of the present application, the size of the serial number of each process does not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.

It should also be understood that the various embodiments described in this specification can be implemented individually or in combination, and are not limited to the examples in this application.

Unless otherwise defined, all technical and scientific terms used in the examples of this application have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used in the present application is for the purpose of describing particular embodiments only and is not intended to limit the scope of the present application.

In order to more clearly understand the present application, the following describes the process of identity authentication, so as to facilitate the subsequent understanding of the method of the present application. However, it should be understood that the following description is only for better understanding of the present application and should not be taken as limiting the present application in particular.

Fig. 1 shows a schematic diagram of a scenario to which the technical solution of the embodiment of the present application is applied.

As shown in fig. 1, in the application scenario, the specific identity authentication process is as follows:

taking token as an example, step 110, the user 30 registers for the first time at the client 20 using a user name and password; step 111, the client 20 requests the server 10 to log in using the user name and password; step 112, after receiving the login request message sent by the client 20, the server 10 verifies the user name and the password, and if the verification is successful, the server 10 issues a token and sends the token to the client 20; step 113, after receiving the token issued by the server 10, the client 20 stores the token locally at the client, so as to facilitate subsequent data requests; step 114, the client 20 receives the data request message again, and step 115, the client 20 requests the server 10 for the data requested by the data message according to the saved token; step 116, after the server 10 successfully verifies the token, that is, the token is in the valid period, the server 10 returns the data requested by the data request message to the client 20; in step 117, after receiving the data requested by the server return, the client 20 returns the received data to the user 30, so that the user 30 can receive the requested data.

In order to prevent others from requesting data by using a token, the token is an expirable token, which is generally set to 2 hours, if data is requested after 2 hours, when a client needs to process data request messages of multiple users at the same time, an identity authentication mechanism may fail, and a currently unprocessed data request message cannot be responded, so that the user may not obtain the requested data, which may seriously cause system crash, and reduce user experience.

In view of the foregoing problems, an embodiment of the present application provides an identity authentication method. The method for authenticating identity provided in the embodiment of the present application is described in detail below with reference to fig. 2.

Fig. 2 shows a schematic flow chart of a method 200 of identity authentication of an embodiment of the present application. The method 200 may be performed by a client. As shown in FIG. 2, the method 200 may include step 210 and step 230.

And 210, determining whether the identity authentication information stored by the client is about to expire.

The identity authentication information is information for confirming the identity of an operator in the computer network world so as to ensure the safety of a system and data. In a computer network, the identity authentication information includes a plurality of authentication methods, for example, token, cookie, and the like. However, it should be understood that the token is used as an example in the embodiments of the present application only for better understanding of the present application, and the present application should not be particularly limited.

In the embodiment of the application, the token is locally stored at the client, and after a user logs in the client for the first time, the server can issue one token and send the token to the client, so that the subsequent user can request data from the client again.

The token has a validity period, for example, the validity period of the token issued by the server for the first time is set to 2 hours, and after 2 hours, the server may issue a new token again to the client, so that a subsequent user can request data from the client again, and therefore, the token may be the token issued by the server for the first time, or may be the token issued by the subsequent user again.

It is understood that the time of the validity period of the token set for the sake of safety should be as short as possible, and the validity period of the token set for the above is only an example, and may also be set to 1.5 hours, 2.5 hours, etc., and the present application is not limited thereto.

In the embodiment of the present application, the term "token" is a string of character strings generated by the server side, and is used as an identifier for the client side to make a request. Generally, a simple token may be composed of an identity (uid) of a user, a timestamp (time) of a current time, and a signature (sign), or may be composed of a string of character strings randomly generated by a server, which is not specifically limited in this application, and the embodiments of the present application may be applied as long as it is ensured that the generated token can be correspondingly identified between the server and the client.

220, when it is determined that the identity authentication information is about to expire, determining a first data request message from the currently unprocessed data request message, where the first data request message is a part of the currently unprocessed data request message.

In the embodiment of the present application, when the client determines that the token is about to expire, a first data request message is determined from the currently unprocessed data request messages, that is, a partial data request message is selected from the currently unprocessed data request messages, and the data request message is used as the first data request message to request a new token from the server.

It can be understood that the currently unprocessed data request message may be a data request message sent by multiple users at the same time, or may be a data request message sent by multiple users not at the same time; the currently unprocessed data request message may be a data request message that is simultaneously received by the client, or may be a data request message that is not simultaneously received by the client, which is not limited in this application.

And 230, requesting new identity authentication information from the server according to the first data request message.

Specifically, after determining the first data request message, the client requests a new token from the server for subsequent data requests.

When a token stored by a client expires and the client needs to process multiple data request messages simultaneously, because the original token on the server fails after requesting the token from the server each time, if the client does not update the new token to the local of the client when processing the next data request message, the client will continue to request the new token from the server, thereby causing the user to fail to receive the requested data. According to the identity authentication method, when the fact that the identity authentication information stored by the client is about to expire is determined, by processing part of the data request information in the current unprocessed data request information, the situation that the current unprocessed data request information cannot be responded when an identity authentication mechanism suddenly fails, and therefore a user cannot acquire the requested data can be avoided, further, system breakdown can be avoided, and user experience is improved.

Optionally, in some embodiments, the processing order of the currently unprocessed data request messages may also be determined, and the first processed data request message may be determined as the first data request message. For example, when the client determines that the token is about to expire, if the client needs to process 1000 data request messages at the same time, the 1000 data request messages may be sorted first, and one or more data request messages sorted before are used as the data request message processed first.

The first processed data request message may be the first ordered data request message, or may be a plurality of first ordered partial data request messages. For example, if the first processed data request message is the first ordered data request message, the first ordered data request message is used as the first data request message; and if the first processed data request is a plurality of partial data request messages which are sequenced at the front, taking the plurality of data request messages which are sequenced at the front as the first data request message.

Optionally, in some embodiments, the processing order of the currently unprocessed data request messages may be determined according to at least one of the following information: reception time information of the data request message, address information of a terminal that transmits the data request message, priority information of a user, and type/size information of the request data.

For example, taking the receiving time information of the data request message as an example, if the client receives the data request message of the user a first and then receives the data request message of the user B, but the client needs to process the data request messages of the user a and the user B at the same time due to the failure of the network, the data request message of the user a may be processed first.

In this embodiment, the client may also determine, according to other information, a processing order of the currently unprocessed data request message, which is not specifically limited in this application.

In some embodiments, when the client determines that the token stored locally is about to expire, the first data request message is determined from the currently unprocessed data request message, and in the process of performing data request processing on the determined first data request message, it may also be determined whether the current token is expired, and when the current token is determined to be expired, a new token is requested from the server, so that the efficiency of processing the data request message by the client can be improved, and meanwhile, the waste of broadband resources can be avoided.

Optionally, in some embodiments, as shown in fig. 3, the method 200 may further include step 240.

240, determining whether the identity authentication information is expired;

wherein, the requesting new identity authentication information from the server according to the first data request message includes:

231, when it is determined that the identity authentication information is expired, requesting new identity authentication information from the server according to the first data request message.

Specifically, when the client determines that the current token is about to expire, the current unprocessed data request messages are sequenced, a first data request message is determined, when the first data request message is processed to request data, whether the current token is expired or not can be determined, and when the current token is determined to be expired, a new token is requested from the server according to the first data request message; or when the first data request message is determined, a new token may be directly requested from the server, and the user may also receive the requested data, but at the same time, the efficiency of processing the data request message by the client is also reduced, and broadband resources are wasted.

For example, when the client determines that the current token is about to expire, first, a first data request message is determined, at this time, the number of the first data request messages may be 1, in the process of performing data request processing on the 1 data request message, it may be determined whether the current token is expired, and if it is determined that the current token is not expired, the current token may be used to perform data request processing on the 1 data request message; if the current token is determined to be expired, a new token can be continuously requested from the server according to the result of the determined 1 first data request message, and the user can also receive the requested data, but the efficiency of processing the data request message by the client is reduced, and broadband resources are wasted.

When a new authentication message is requested from the server according to the first data request message, the request may be successful, and the request may also be failed. Thus, there may be corresponding processing methods for different request results.

Optionally, in some embodiments, when successfully requesting new authentication information from the server according to the first data request message, as shown in fig. 4, step 230 of the method 200 may further include step 232 and step 233.

232, updating the identity authentication information stored in the client to the new identity authentication information.

And 233, performing data request processing on the currently unprocessed data request message according to the new identity authentication information.

In an implementation manner, when a new token is successfully requested from the server according to the first data request message, because the token is stored locally at the client, if the new token is not updated locally at the client, the client performs data request processing on the currently unprocessed data request message according to the original token, which may cause a decrease in the capability of the client to process the requested data, and the user may not receive the requested data. Therefore, the new token that is successfully requested needs to be updated to the local client, and then the data request processing is performed on the currently unprocessed data request message according to the new token.

In another implementation manner, the new token requested by the client may also be automatically updated to the local of the client, which is not specifically limited in this application, and the embodiment of the present application may be applied as long as the new token can be updated to the local of the client.

The first data request message may be response information received after the client requests a new token from the server, where the response information may be the new token or indication information received by the client, and the indication information indicates that the client receives the new token, which is not specifically limited in this application.

Optionally, in some embodiments, the data request may be processed according to the number of currently unprocessed data request messages.

When the number of the current unprocessed data request messages is smaller than or equal to a first threshold value, performing data request processing on the current unprocessed data request messages; and/or

And when the current unprocessed data request is larger than the first threshold, processing the data request of the current unprocessed data request message in batches, wherein the number of the data request messages processed in each batch is smaller than or equal to the first threshold.

Specifically, when it is determined that the first data request message is successful and the client acquires a new token, the number of the current unprocessed data request messages may be determined first, and if the number of the current unprocessed data request messages is smaller than or equal to the first threshold, the new token is used to process the current unprocessed data request, and request the server to acquire data.

For example, if the client is capable of processing 2000 data requests at the same time, but the number of the currently unprocessed data request messages is 1000, the currently unprocessed data request messages may be processed by using the new token, that is, the new token may be used to request the server to obtain the content of the data request.

Optionally, if the number of the first data request messages is one of the currently unprocessed data request messages, the client requests a new token from the server according to the data request message, and when the client receives the new token, the client processes the currently unprocessed data request message according to the new token to request data from the server.

If the number of the currently unprocessed data request messages is greater than the first threshold, the currently unprocessed data requests may be processed in batches. The batch processing can be set according to the capacity of the client for processing the data request message or according to experience; the number of the data request messages processed in each batch may be the same or different, and the application is not particularly limited to this.

For example, if the client can process 2000 data request messages at the same time, but the number of currently unprocessed data request messages is 3000, 1500 data request messages may be processed first, and then the remaining 1500 data request messages may be processed; alternatively, 2000 data request messages may be processed first, and then the remaining 1000 data request messages may be processed. This is not a specific limitation in the present application.

The first threshold may be set according to the capability of the client to process the data request message, or may be set by the client according to experience, but should not exceed the number of data request messages that the client can process at the same time.

It should be understood that, at a certain time, the client receives multiple data request messages simultaneously, if the client determines that the current token is about to expire and requests the server to obtain a new token, when the client has not yet successfully requested the new token, a new data request message may be sent to the client, and after the client successfully requests the new token, the client processes not only multiple data requests received simultaneously but also new data requests received subsequently.

For example, if the client can process 2000 data request messages at the same time, but the number of currently unprocessed data request messages is 3000, when the client has not yet successfully requested a new token, 500 new data request messages are received, and when the client successfully requests a new token, not only the 3000 data requests received first but also the 500 data requests received subsequently need to be processed, and specifically, the data request processing may be performed in batches.

The content of the data requested by the data request message may include various information, such as weather information of beijing for the next several days, flight information from beijing to shanghai, or some landscape pictures, etc., as required, which is not specifically limited in this application.

In the foregoing, when the client successfully requests the server for the new token, the client processes the data request for the currently unprocessed data request message, and in some embodiments, it is also possible that the client does not successfully request the server for the new token.

Therefore, optionally, in some embodiments, when the server does not successfully request new authentication information according to the first data request message, as shown in fig. 5, 230 of the method 200 may further include step 234 and step 235.

Determining 234 a second data request message from the currently unprocessed data request in addition to the first data request message.

And 235, requesting new identity authentication information from the server according to the second data request message.

In this embodiment of the application, for example, the number of currently unprocessed data request messages is 1000, the number of determined first data request messages is 100, and if a request fails when a new token is requested from a server according to the 100 data request messages, a second data request message may be determined from the remaining 900 data request messages, and a new token may be requested from the server.

It is to be understood that the second data request message may also be a data request message received by a subsequent client, for example, when it is determined that a token currently stored by the client is about to expire, the number of currently unprocessed data request messages is 1000, if 200 new data request messages are received by the client in the process of requesting a new token from the server according to the first data request message, when it is failed to request a new token from the server according to the first data request message, the second data request message may also be determined from the 200 received new data request messages, which is not specifically limited in this application.

The first data request message may be response information received after the client requests a new token from the server, where the response information may be that the new token is not received, or that the client receives an indication information indicating that the client does not receive the new token, and this application is not limited to this specifically.

According to the method provided by the embodiment of the application, under the condition that the first data request message fails, the second data request message can still be determined according to the currently unprocessed data request message, and the server is continuously requested for a new token until the request is successful, so that the capability of the client for processing the data request message can be improved, the user can receive the requested data, the safety of the system is ensured, and the experience of the user is improved.

There are a number of ways for the client to determine whether the current token is about to expire, and optionally, in some embodiments, may be determined based on time.

As shown in FIG. 6, the step 210 of the method 200 may further include

steps

211 and 212.

211, obtaining the storage time of the identity authentication information.

And 212, determining whether the identity authentication information is about to expire or not according to the storage time and the current time of the identity authentication information.

It should be understood that the purpose of determining whether the token is about to expire is to process the token in advance, so as to avoid that the currently unprocessed data request message cannot be responded when the token is suddenly expired, and thus the user cannot acquire the requested data. When the validity period of the token is set to 2 hours, the difference between the current time and the generation period of the token can be judged, and if the difference is 1.5 hours or 1.6 hours and has not reached 2 hours, the token can be considered to be out of date.

Optionally, in some embodiments, the storage time and the current time of the identity authentication information are used to determine whether the identity authentication information is about to expire, and the storage time and the current time of the identity authentication information are compared; if the difference value between the current time and the storage time of the identity authentication information is larger than or equal to a second threshold value, determining that the identity authentication information is about to expire; and if the difference value between the current time and the storage time of the identity authentication information is smaller than the second threshold value, determining that the identity authentication information is not about to expire.

In the embodiment of the present application, it may be determined whether the current token is about to expire or not by setting a threshold, for example, if the validity period of the current token is set to 2 hours, the threshold may be set to 1.5 hours, that is, when the current time and the saving time of the token are greater than 1.5 hours, it may be determined that the token is about to expire.

It should be understood that the second threshold may be set according to the capability of the client to process the data request, or may be set according to an empirical value, which is not specifically limited in this application.

If the setting is performed according to the capability of the client to process the data request, when the capability of the client to process the data request is stronger, the threshold may be set to be larger, but must be smaller than the term of the valid value of token, for example, the threshold may be set to be 1.8 hours; when the client has a weak capability of processing the data request, the threshold may be set to be smaller, for example, may be set to 1.4 hours, so as to reserve enough time for the client to process the data request, and at the same time, have enough time to request a new token from the server, which is not specifically limited in this application.

There are a number of ways for the client to determine whether the current token has expired, and optionally, in some embodiments, may be determined based on the response status code.

As shown in FIG. 7, step 240 of the method 200 may further include steps 241-242.

241, obtaining the response status code of the identity authentication information.

242, determining whether the identity authentication information is expired according to the response status code.

In this embodiment of the present application, whether the current token is expired may be determined by a response status code, where the response status code may be a status code table generated by the server when the token is generated, and corresponds to an expired or unexpired status of the token.

When the client determines whether the current token is expired, the client may request a response status code corresponding to the token from the server, or may send the response status code to the client together when the server generates the token, which is not specifically limited.

Optionally, in some embodiments, determining whether the identity authentication information is expired according to the response status code may be performed by comparing the response status code with a prepared response status code table; and determining whether the identity authentication information is expired or not according to the comparison result.

Specifically, when determining whether the token is expired, the response status code may be used for the determination. After the server generates the token, a corresponding response status code may be provided, for example, when 100 is that the token is valid and 101 is that the token is expired, the server generates the token and issues the token to the client, the response status code table corresponding to the token may also be issued to the client, the client acquires the response status code, and whether the current token is expired or not may be determined according to the response status code.

It can be understood that, if the server does not send the response status code corresponding to the token to the client, the server may also directly determine whether the current token is expired according to the response status code, and when the client requests the server to obtain the response status code, the server sends the determination result and/or the response status code to the client.

Fig. 8 is an example of a particular implementation of method 200. As shown in FIG. 8, the method 300 of FIG. 8 may include steps 302-322.

302, a user registers a client with a user name and a password for the first time, the client requests to log in a server, and the server verifies the user name and the password after receiving the request of the client.

304, after the user name and password are successfully verified, the server issues a token and sends the issued token to the client.

The token is a string of character strings generated by the server, and is used as an identifier for the client to request. In general, a simple "token" may be composed of an identity (uid) of a user, a time stamp (time) of a current time, and a signature (sign), or may be composed of a string of characters randomly generated by a server, which is not specifically limited in this application,

306, when the client processes multiple data request messages at the same time, the client determines whether the current local token is about to expire.

If the current local token is about to expire, step 312 may be performed; if the current local token is not about to expire, step 308 may be performed.

308, the client requests data from the server according to the current local token.

The data requested by the server may be text information, picture information, or digital information, which is not specifically limited in this embodiment of the present application.

And 310, the server verifies the token sent by the client, and when the verification is successful, the server returns the requested data to the client.

When the server verifies that the token sent by the client is not expired, the server returns the requested data to the client.

312, determine the first data request message from the currently unprocessed data request messages, and when processing the first data request message, the client checks again whether the current token is expired.

The step is an optional step, a first data request message is determined from the current unprocessed data request messages, and a new token can be requested from the server according to the first data request message; when a data request is performed on the first data request message, whether the current token is expired or not can be determined, so that the problem of cyclic failure can be avoided, and the waste of broadband resources can be avoided.

And 314, requesting new identity authentication information from the server according to the first data request message.

If the request is successful when requesting new authentication information from the server according to the first data request message, step 318 may be performed; if the request for new authentication information from the server according to the first data request message is not successful, step 316 may be performed.

In 316, the client may determine the second data request message when the client fails to request new authentication information from the server.

The second data request message may be a currently unprocessed data request message other than the first data request message, or may be a data request message that is newly received by the client, which is not specifically limited in this embodiment of the application.

When the client requests new authentication information from the server successfully, the client may determine the number of data request messages that are currently unprocessed 318.

When the client successfully requests a new token from the server according to the first data request message, if the number of the currently unprocessed data request messages is less than or equal to the first threshold, step 320 may be executed; if the number of currently unprocessed data request messages is greater than the first threshold, step 322 may be performed.

And 320, when the number of the current unprocessed data request messages is less than or equal to the first threshold value, processing the data request messages.

When it is determined that the first data request message is successful and the client acquires the new token, the number of the current unprocessed data request messages may be determined first, and if the number of the current unprocessed data request messages is less than or equal to the first threshold, the new token is used to process the current unprocessed data request, and the server is requested to acquire data.

322, when the number of currently unprocessed data request messages is greater than the first threshold, batch processing is performed on the currently unprocessed data request messages.

The batch processing can be set according to the capacity of the client for processing the data request message or according to experience; the number of the data request messages processed in each batch may be the same or different, and the application is not particularly limited to this.

The method embodiment of the present application is described in detail above with reference to fig. 1 to 8, and the apparatus embodiment of the present application is described below with reference to fig. 9 to 15, where the apparatus embodiment and the method embodiment correspond to each other, so that the non-detailed portions can refer to the foregoing method embodiments, and the apparatus can implement any possible implementation manner in the above method side.

Fig. 9 shows a schematic block diagram of an apparatus 400 for identity authentication according to an embodiment of the present application. The apparatus 400 may execute the corresponding subject in the identity authentication method according to the embodiment of the present application.

As shown in fig. 9, the apparatus 400 may include a first determination module 410, a second determination module 420, and a request module 430.

A first determining module 410, configured to determine whether the authentication information stored by the client is about to expire.

A second determining module 420, configured to determine, when it is determined that the identity authentication information is about to expire, a first data request message from a currently unprocessed data request message, where the first data request message is a part of the currently unprocessed data request message;

the request module 430 is configured to request new identity authentication information from the server according to the first data request message.

According to the identity authentication device, when the fact that the identity authentication information stored by the client is about to expire is determined, the data request information which is determined and processed from the data request information which is processed at present can be avoided, the problem that the data request information which is not processed at present cannot be responded when the identity authentication information mechanism suddenly expires and fails, the client cannot process the data request information in time, and therefore the user cannot receive the data which is obtained as the request is caused can be solved, further, system breakdown can be avoided, and user experience is improved.

Optionally, in some embodiments, the second determining module is further configured to: determining a processing order of the currently unprocessed data request messages; determining a first processed data request message as the first data request message.

Optionally, in some embodiments, the second determining module is further configured to determine a processing order of the currently unprocessed data request messages according to at least one of the following information: reception time information of the data request message, address information of a terminal that transmits the data request message, priority information of a user, and type/size information of the request data.

In the identity authentication device provided by the application, the processing sequence of the currently unprocessed data request message is determined according to the information, and new identity authentication information can be requested to the server according to the first data request message which is processed preferentially, so that a specific user can receive the requested data in time, and the user experience is improved.

In some embodiments, when the client determines that the token stored locally is about to expire, the first data request message is determined from the currently unprocessed data request message, and in the process of performing data request processing on the determined first data request message, it may also be determined whether the current token is expired, and when the current token is determined to be expired, a new token is requested from the server, so that the problem of cycle failure can be avoided, and waste of broadband resources can also be avoided.

Optionally, in some embodiments, as shown in fig. 10, the apparatus 400 further comprises a third determining module 440.

A third determining module 440, configured to determine whether the identity authentication information is expired.

The request module 430 is configured to request new identity authentication information from a server according to the first data request message when it is determined that the identity authentication information is expired.

According to the identity authentication device, when the client determines that the locally stored identity authentication information is about to expire, whether the current identity authentication information is expired or not is further determined, and only when the identity authentication information is expired, new identity authentication information is requested from the server according to the first data request message, so that the requirement for new identity authentication information when the identity authentication information is about to expire but not yet expired can be avoided, the efficiency of processing the data request message by the client can be improved, and meanwhile, the waste of broadband resources can be avoided.

Optionally, in some embodiments, as shown in fig. 11, the apparatus 400 may further include an updating module 450 and a processing module 460.

The updating module 450 is configured to update the identity authentication information stored in the client to the new identity authentication information.

The processing module 460 is configured to perform data request processing on the currently unprocessed data request message according to the new identity authentication information.

Optionally, in some embodiments, the processing module 460 is further configured to determine the number of currently unprocessed data request messages.

Optionally, in some embodiments, as shown in fig. 12, the apparatus 400 may further include a fourth determining module 470.

A fourth determining module 470, configured to determine a second data request message from the currently unprocessed data requests except the first data request message.

The request module 430 is further configured to request new identity authentication information from the server according to the second data request message.

According to the device provided by the embodiment of the application, under the condition that the first data request message fails, the second data request message can still be determined according to the currently unprocessed data request message, and the server is continuously requested for a new token until the request is successful, so that the capability of the client for processing the data request message can be improved, the user can receive the requested data, the safety of the system is ensured, and the experience of the user is improved.

Optionally, in some embodiments, as shown in fig. 13, the first determining module 410 may include a first obtaining unit 411 and a first determining unit 412.

A first obtaining unit 411, configured to obtain a saving time of the identity authentication information.

A first determining unit 412, configured to determine whether the identity authentication information is about to expire according to the storage time and the current time of the identity authentication information.

Optionally, in some embodiments, the first determining unit 411 is further configured to compare the storage time of the identity authentication information with the current time.

And if the difference value between the current time and the storage time of the identity authentication information is greater than or equal to a second threshold value, determining that the identity authentication information is about to expire.

And if the difference value between the current time and the storage time of the identity authentication information is smaller than the second threshold value, determining that the identity authentication information is not about to expire.

Alternatively, in some embodiments, as shown in fig. 14, the third determining module 440 may include a second obtaining unit 441 and a second determining unit 442.

The second obtaining unit 441 is configured to obtain a response status code of the identity authentication information.

The second determining unit 442 is configured to determine whether the identity authentication information is expired according to the response status code.

Optionally, in some embodiments, the second determining unit 442 is further configured to compare the response status code with a prepared response status code table; and determining whether the identity authentication information is expired or not according to the comparison result.

According to the identity authentication device, when the fact that the identity authentication information stored by the client is about to expire is determined, by processing part of data request messages in the current unprocessed data request messages, the situation that the current unprocessed data request messages cannot be responded when an identity authentication mechanism suddenly fails, and therefore a user cannot acquire requested data can be avoided, further, system breakdown can be avoided, and user experience is improved.

The embodiment of the present application further provides a computer (or a device such as a mobile phone) including the identity authentication apparatus 400.

Embodiments of the present application further provide a computer-readable storage medium storing computer-executable instructions configured to perform the identity authentication method 200 or 300.

Embodiments of the present application also provide a computer program product comprising a computer program stored on a computer-readable storage medium, the computer program comprising program instructions that, when executed by a computer, cause the computer to perform the above-mentioned identity authentication method 200 or 300.

The computer-readable storage medium described above may be a transitory computer-readable storage medium or a non-transitory computer-readable storage medium.

An embodiment of the present application further provides an electronic device 500, a structure of which is shown in fig. 15, and the electronic device includes:

at least one processor (processor)510, one processor 510 being exemplified in fig. 15; and a memory (memory)520, and may further include a communication interface (communication interface)540 and a bus 530. The processor 510, the communication interface 540, and the memory 520 may communicate with each other via the bus 530. Communication interface 540 may be used for information transfer. Processor 510 may invoke logic instructions in memory 520 to perform the method of identity authentication of the above-described embodiments.

In addition, the logic instructions in the memory 520 may be implemented in software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as a stand-alone product.

The memory 520 is a computer-readable storage medium and can be used for storing software programs, computer-executable programs, such as program instructions or modules corresponding to the methods in the embodiments of the present application. The processor 510 executes the functional application and data processing by executing the software program, instructions and modules stored in the memory 520, namely, implements the method of identity authentication in the above method embodiments.

The memory 520 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal device, and the like. Further, memory 520 may include high speed random access memory, and may also include non-volatile memory.

The technical solution of the embodiment of the present application may be embodied in the form of a software product, where the computer software product is stored in a storage medium and includes one or more instructions to enable a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method described in the embodiment of the present application. And the aforementioned storage medium may be a non-transitory storage medium comprising: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, may also be transient storage media.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working process of the apparatus described above may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

As used in this application, although the terms "first," "second," etc. may be used in this application to describe various apparatus, these apparatus should not be limited by these terms. These terms are only used to distinguish one device from another. For example, a first device may be called a second device, and likewise, a second device may be called a first device, without changing the meaning of the description, so long as all occurrences of the "first device" are renamed consistently and all occurrences of the "second device" are renamed consistently. The first device and the second device are both devices, but may not be the same device.

The words used in this application are words of description only and not of limitation of the claims. As used in the description of the embodiments and the claims, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. Similarly, the term "and/or" as used in this application is meant to encompass any and all possible combinations of one or more of the associated listed. Furthermore, the terms "comprises" and/or "comprising," when used in this application, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

The various aspects, implementations, or features of the described embodiments can be used alone or in any combination. Aspects of the described embodiments may be implemented by software, hardware, or a combination of software and hardware. The described embodiments may also be embodied by a computer-readable medium having computer-readable code stored thereon, the computer-readable code comprising instructions executable by at least one computing device. The computer readable medium can be associated with any data storage device that can store data which can be read by a computer system. Exemplary computer readable media can include read-only memory, random-access memory, CD-ROMs, HDDs, DVDs, magnetic tape, and optical data storage devices, among others. The computer readable medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.

The above description of the technology may refer to the accompanying drawings, which form a part hereof, and in which is shown by way of illustration embodiments in which the described embodiments may be practiced. These embodiments, while described in sufficient detail to enable those skilled in the art to practice them, are non-limiting; other embodiments may be utilized and changes may be made without departing from the scope of the described embodiments. For example, the order of operations described in a flowchart is non-limiting, and thus the order of two or more operations illustrated in and described in accordance with the flowchart may be altered in accordance with several embodiments. As another example, in several embodiments, one or more operations illustrated in and described with respect to the flowcharts are optional or may be eliminated. Additionally, certain steps or functions may be added to the disclosed embodiments, or two or more steps may be permuted in order. All such variations are considered to be encompassed by the disclosed embodiments and the claims.

Additionally, terminology is used in the foregoing description of the technology to provide a thorough understanding of the described embodiments. However, too much detail is not required to implement the described embodiments. Accordingly, the foregoing description of the embodiments has been presented for purposes of illustration and description. The embodiments presented in the foregoing description and the examples disclosed in accordance with these embodiments are provided solely to add context and aid in the understanding of the described embodiments. The above description is not intended to be exhaustive or to limit the described embodiments to the precise form disclosed. Many modifications, alternative uses, and variations are possible in light of the above teaching. In some instances, well known process steps have not been described in detail in order to avoid unnecessarily obscuring the described embodiments.

The above description is only a specific implementation of the embodiments of the present application, but the scope of the embodiments of the present application is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the embodiments of the present application, and all the changes or substitutions should be covered by the scope of the embodiments of the present application. Therefore, the protection scope of the embodiments of the present application shall be subject to the protection scope of the claims.

Claims

1. A method of identity authentication, comprising:

determining whether identity authentication information stored by a client is about to expire or not;

when the identity authentication information is determined to be about to expire, determining a first data request message from the currently unprocessed data request message, wherein the first data request message is a part of the currently unprocessed data request message;

requesting new identity authentication information from a server according to the first data request message;

when the server does not successfully request new identity authentication information according to the first data request message, the method further comprises:

determining a second data request message from the currently unprocessed data request in addition to the first data request message;

and requesting new identity authentication information from a server according to the second data request message.

2. The method of claim 1, wherein determining the first data request message from the currently unprocessed data request messages comprises:

determining a processing order of the currently unprocessed data request messages;

determining a first processed data request message as the first data request message.

3. The method of claim 1 or 2, wherein the determining the processing order of the currently unprocessed data request messages comprises:

determining a processing order of the currently unprocessed data request messages according to at least one of the following information: reception time information of the data request message, address information of a terminal that transmits the data request message, priority information of the user, and type/size information of the request data.

4. The method according to any one of claims 1 to 3, further comprising:

determining whether the identity authentication information is expired;

and when the identity authentication information is determined to be out of date, requesting new identity authentication information from a server according to the first data request message.

5. The method according to any one of claims 1 to 4, wherein when a new authentication information is successfully requested from a server according to the first data request message, the method further comprises:

updating the identity authentication information stored by the client to the new identity authentication information;

and performing data request processing on the currently unprocessed data request message according to the new identity authentication information.

6. The method according to claim 5, wherein the performing data request processing on the currently unprocessed data request message according to the new identity authentication information comprises:

determining the number of the current unprocessed data request messages;

7. The method of any one of claims 1 to 6, wherein the determining whether the authentication information saved by the client is about to expire comprises:

acquiring the storage time of the identity authentication information;

and determining whether the identity authentication information is about to expire or not according to the storage time and the current time of the identity authentication information.

8. The method of claim 7, wherein the determining whether the authentication information is about to expire by using the retention time and the current time of the authentication information comprises:

comparing the storage time of the identity authentication information with the current time;

if the difference value between the current time and the storage time of the identity authentication information is larger than or equal to a second threshold value, determining that the identity authentication information is about to expire;

9. The method of claim 4, wherein the determining whether the identity authentication information is expired comprises:

acquiring a response status code of the identity authentication information;

and determining whether the identity authentication information is overdue or not according to the response status code.

10. The method of claim 9, wherein determining whether the authentication information is expired according to the response status code comprises:

comparing the response state code with a formulated response state code table;

and determining whether the identity authentication information is expired or not according to the comparison result.

11. The method according to any one of claims 1 to 10, wherein the identity authentication information is a token.

12. An identity authentication device, comprising

The first determining module is used for determining whether the identity authentication information stored by the client is about to expire or not;

a second determining module, configured to determine, when it is determined that the identity authentication information is about to expire, a first data request message from a currently unprocessed data request message, where the first data request message is a part of the currently unprocessed data request message;

the request module is used for requesting new identity authentication information from a server according to the first data request message;

the device further comprises:

a fourth determining module for determining a second data request message from the currently unprocessed data requests other than the first data request message;

the request module is further to:

13. The apparatus of claim 12, wherein the second determining module is further configured to:

14. The apparatus according to claim 12 or 13, wherein the second determining module is further configured to determine the processing order of the currently unprocessed data request messages according to at least one of the following information: reception time information of the data request message, address information of a terminal that transmits the data request message, priority information of a user, and type/size information of the request data.

15. The apparatus of any one of claims 12 to 14, further comprising:

a third determining module, configured to determine whether the identity authentication information is expired;

the request module is configured to:

16. The apparatus of any one of claims 12 to 15, further comprising:

the updating module is used for updating the identity authentication information stored by the client into the new identity authentication information;

and the processing module is used for carrying out data request processing on the currently unprocessed data request message according to the new identity authentication information.

17. The apparatus of claim 16, wherein the processing module is further configured to:

determining the number of the current unprocessed data request messages;

18. The apparatus of any of claims 12-17, wherein the first determining module comprises:

the first acquisition unit is used for acquiring the storage time of the identity authentication information;

and the first determining unit is used for determining whether the identity authentication information is about to expire or not according to the storage time and the current time of the identity authentication information.

19. The apparatus of claim 18, wherein the first determining unit is further configured to:

20. The apparatus of claim 15, wherein the third determining module comprises:

the second acquisition unit is used for acquiring the response status code of the identity authentication information;

and the second determining unit is used for determining whether the identity authentication information is expired according to the response status code.

21. The apparatus of claim 20, wherein the second determining unit is further configured to:

comparing the response state code with a formulated response state code table;

22. The apparatus according to any one of claims 12 to 21, wherein the identity authentication information is a token.