CN113158156A - Service processing method, system, device, electronic equipment and storage medium - Google Patents

Service processing method, system, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113158156A
CN113158156A CN202110349734.0A CN202110349734A CN113158156A CN 113158156 A CN113158156 A CN 113158156A CN 202110349734 A CN202110349734 A CN 202110349734A CN 113158156 A CN113158156 A CN 113158156A
Authority
CN
China
Prior art keywords
information
service
authentication
target
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110349734.0A
Other languages
Chinese (zh)
Inventor
任肖丽
郑桂浩
刘丽娟
许腾
廖敏飞
何伟明
赖敷君
董思
陈泽智
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202110349734.0A priority Critical patent/CN113158156A/en
Publication of CN113158156A publication Critical patent/CN113158156A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The embodiment of the invention discloses a service processing method, a system, a device, electronic equipment and a storage medium. The method comprises the following steps: a service processing end receives a service response request of a target user sent by a client, wherein the service response request carries identity authentication result information of the target user; if the service processing terminal detects that the service response request contains a target service identifier corresponding to the identity authentication result information, processing a target service corresponding to the service response request based on the identity authentication result information; and the target service identifier is generated by the service processing terminal based on a service identifier acquisition request initiated by the client and is fed back to the client. By the technical scheme of the embodiment of the invention, replay attack and picture tampering initiated by the client are prevented, and the safety performance of service authentication is further ensured.

Description

Service processing method, system, device, electronic equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of artificial intelligence, in particular to a service processing method, a system, a device, electronic equipment and a storage medium.
Background
At present, the face recognition and authentication technology has penetrated the aspects of work and life. In many mobile applications, face recognition technology is commonly used for real-name authentication. However, since there are many service providers providing face recognition in the market, and the whole face recognition authentication process does not make much security protection for simple docking, most security measures are solved by the caller.
When the face information is authenticated, firstly, the living body detection is carried out through a client camera and a face picture is collected, then, the face picture and the user identity information are sent to a face authentication server side to carry out face information verification, and an authentication result is returned to the client side after verification. The risk of tampering exists in the process of transmitting the face pictures, the whole process is finished at the client, and the safety cannot be effectively guaranteed.
Disclosure of Invention
The embodiment of the invention provides an invention name to prevent replay attack and picture tampering initiated by a client and further guarantee the safety performance of service authentication.
In a first aspect, an embodiment of the present invention provides a service processing method, where the method includes:
a service processing end receives a service response request of a target user sent by a client, wherein the service response request carries identity authentication result information of the target user;
if the service processing terminal detects that the service response request contains a target service identifier corresponding to the identity authentication result information, processing a target service corresponding to the service response request based on the identity authentication result information;
and the target service identifier is generated by the service processing terminal based on a service identifier acquisition request initiated by the client and is fed back to the client.
In a second aspect, an embodiment of the present invention further provides a service processing system, where the system includes: the system comprises a client and a service processing terminal; wherein the content of the first and second substances,
a service processing end receives a service response request of a target user sent by a client, wherein the service response request carries identity authentication result information of the target user;
if the service processing terminal detects that the service response request contains a target service identifier corresponding to the identity authentication result information, processing a target service corresponding to the service response request based on the identity authentication result information;
and the target service identifier is generated by the service processing terminal based on a service identifier acquisition request initiated by the client and is fed back to the client.
The technical scheme of the embodiment of the technical scheme of the invention specifically comprises the following steps: when the service processing end receives a service response request of a target user sent by the client, when the target service identification corresponding to the identity authentication result information of the target user fed back by the information authentication end carried in the service response request is determined to be consistent with the target service identification generated by the service processing end based on the service identification acquisition request initiated by the client, the target service corresponding to the service response request is processed based on the identity authentication result information carried in the service response request. According to the technical scheme of the embodiment, different target service identifiers are generated by the server based on the client request, so that replay attack initiated by the client is prevented, and the safety performance of service authentication is further guaranteed.
Drawings
In order to more clearly illustrate the technical solutions of the exemplary embodiments of the present invention, a brief description is given below of the drawings used in describing the embodiments. It should be clear that the described figures are only views of some of the embodiments of the invention to be described, not all, and that for a person skilled in the art, other figures can be derived from these figures without inventive effort.
Fig. 1 is a schematic flowchart of a service processing method according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a service processing method according to a second embodiment of the present invention;
fig. 3 is an interaction diagram of a service processing method according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a service processing apparatus according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
It should be further noted that, for the convenience of description, only some but not all of the relevant aspects of the present invention are shown in the drawings. Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Example one
Fig. 1 is a flowchart of service processing according to an embodiment of the present invention, which is applicable to a case of processing a service response request sent by a user, and specifically, may be a case of processing the service response request based on identity authentication result information when the service response request sent by the user is received. The method may be performed by a service processing apparatus, which may be implemented by means of software and/or hardware. Specifically, the technical solution of this embodiment includes the following steps:
step 110, the service processing end receives a service response request of a target user sent by the client, wherein the service response request carries identity authentication result information of the target user.
In the embodiment of the present invention, when receiving a service response request of a target user sent by a client, a service processing end may process a target service corresponding to the service response request according to identity authentication result information of the target user carried in the service response request, and feed back a processing result to the processing end of the client, that is, the service processing end takes identity authentication result information carried in the service response request sent by the client as a request condition, performs corresponding processing on the target service corresponding to the service response request according to whether the request condition meets the processing condition, and feeds back the processing result to the client.
The service response request is a request sent to the service processing terminal by the target user based on the client terminal. And the service processing end receives the service response request sent by the client, processes the received service response request and feeds back the identity authentication result information carried in the service response request to a corresponding processing result of the client. The service response request carries identity authentication result information of the target user.
The identity authentication result information is identity authentication result information generated by authenticating the identity of the target user based on the information of the target user by the information authentication terminal. The information authentication end is a processing end used for authenticating the identity information of the target object. The identity authentication result information fed back by the information authentication end can include authentication result query information, that is, the identity authentication result of the target user can be queried at the information authentication end according to the authentication result query information. Optionally, the authentication result query information may be an authentication serial number generated based on the time of information authentication and the authentication identity when the target user is authenticated.
And step 120, if the service processing terminal detects that the service response request contains the target service identifier corresponding to the identity authentication result information, processing the target service corresponding to the service response request based on the identity authentication result information.
In this embodiment, the identity authentication result information fed back to the client by the information authentication end may further include a target service identifier carried by the client when the client sends the identity authentication of the target user to the information authentication end, on the basis that the identity authentication result information includes the authentication result query information. The target service identification is generated by the service processing terminal based on the client when the client initiates a service identification request, and the target service identification is fed back to the client. Optionally, the target service Identifier includes, but is not limited to, a Universal Unique Identifier (UUID). The target service identifier may also be another identifier, that is, an identifier of the service authentication request that can uniquely identify the current target user may be used as the target service identifier, and the target service identifier is not limited in this embodiment.
In this embodiment, the beneficial effect of detecting whether the service response request includes the target service identifier corresponding to the identity authentication result information is as follows: whether the currently received service response request is a service which is authenticated in advance can be determined quickly, the identity authentication result information of the target user corresponding to the service response request can be determined quickly and safely according to the target service identification, and the service response request of the corresponding target user sent by the client side is processed correspondingly according to the identity authentication result information.
Specifically, when receiving a service response request of a target user sent by a client, a service processing end detects whether the service response request carries a target service identifier corresponding to identity authentication result information. And when the service response request is detected to contain the target service identification corresponding to the identity authentication result information, processing the target service corresponding to the service response request based on the identity authentication result information. And when the target service identification corresponding to the identity authentication result information is not detected to be contained in the service response request, the target service corresponding to the service response request is not processed, and prompt information of the reason of the non-processing is fed back to the client. Illustratively, the hint information may be: the service response request is not subjected to service authentication by the service processing terminal, so the service response request is not processed. The prompt information may be operation instruction information for prompting the user how to operate the service processing terminal to obtain service authentication.
Optionally, the method for processing the target service corresponding to the service response request based on the identity authentication result information may be: the service processing terminal initiates an authentication result query request to the information authentication terminal based on the authentication result query information and receives a target authentication result which is returned by the information authentication terminal and corresponds to the authentication result query request; and if the target authentication result is that the identity authentication is passed, responding to the service response request, and providing the target service corresponding to the service response request.
Specifically, the service processing terminal sends an authentication result query to the information authentication terminal based on the authentication result query information in the identity authentication result information. Specifically, the target service identifier of the target user corresponding to the identity authentication result information may also be carried when sending the authentication result query to the information authentication end, so that the information authentication end can quickly determine the target authentication result corresponding to the target user according to the target service identifier, and return the target authentication result to the service processing end. And the service processing terminal receives a target authentication result which is determined and fed back by the information authentication terminal based on the authentication result query information in the authentication result query and the target service identification, and processes the target service which is sent by the client and corresponds to the service response request based on the target authentication result.
Optionally, when receiving a target service identifier corresponding to a target authentication result returned by the information authentication end, verifying the target service identifier returned by the information authentication end; and if the target service identification returned by the information authentication end is consistent with the target service identification corresponding to the authentication result query information and the target authentication result is that the identity authentication is passed, responding to the service response request and providing the target service corresponding to the service response request.
Specifically, the method for verifying the target service identifier returned by the information authentication end may be: and comparing and checking the target service identification corresponding to the target authentication result fed back by the authentication server with the target service identification of the target user carrying the identity authentication result information when the authentication result query is sent to the information authentication terminal, and when the comparison results of the two target service identifications are completely consistent, indicating that the target authentication result is the target authentication result of the current target user.
Optionally, when the comparison result of the two target service identifiers is inconsistent, it indicates that the target authentication result may not be the target authentication result of the target user, and at this time, a risk prompting message may be sent to the service processing end. Illustratively, the prompting message may be: the identity authentication result of the current target user does not match the authentication information of the target user, so that the user is prompted to be attacked by replay or the risk that the authentication information is tampered.
On the basis, when the target authentication result is that the identity authentication is passed, responding to the service response request, providing the target service corresponding to the service response request, and feeding back the target service to the client. Optionally, when the identity authentication of the target authentication result fails, the service response request is not processed, and an unprocessed response result is fed back to the client. In order to improve the user experience, prompt information of unprocessed reasons can be further sent to the client, so that the user can know the problem in time and then solve the problem. For example, the prompt message may be used to prompt that the identity authentication of the target user fails, or that the service has no right to enjoy the service, and so on, and therefore the service response request is not processed.
On the basis of the above embodiment, in order to ensure the security of the target service processing environment, the service processing end checks the target service identifier after detecting that the service response request includes the target service identifier. And if the target service identification passes the verification, processing the target service corresponding to the service response request based on the identity authentication result information.
Specifically, the method for checking the target service identifier may be: and checking the target service identification in the service response request sent by the client and the target service identification generated when the client sends the service authentication request generated by the service processing terminal. If the two target service identification verification results are consistent, it indicates that the target service identification contained in the service response request passes the target verification, and the service response request can be correspondingly processed according to the identity authentication result information carried in the service response request. And if the target service identification verification result is inconsistent, the service response request is not processed, and a prompt message of an unprocessed reason is sent to the client. Illustratively, the prompting message may be: the service response requests service requests that are not service authenticated, so the service response requests are not processed.
The technical scheme of the embodiment specifically comprises the following steps: when the service processing end receives a service response request of a target user sent by the client, when the target service identification corresponding to the identity authentication result information of the target user fed back by the information authentication end carried in the service response request is determined to be consistent with the target service identification generated by the service processing end based on a service identification acquisition request initiated by the client, the target service corresponding to the service response request is processed based on the identity authentication result information carried in the service response request. According to the technical scheme of the embodiment, different target service identifiers are generated by the server based on the client request, so that replay attack initiated by the client is prevented, and the safety performance of service authentication is further guaranteed.
Example two
Fig. 2 is a flowchart of a service processing method provided in the second embodiment of the present invention, and in this embodiment, based on the above embodiments, a service processing end further generates a target service identifier corresponding to a service identifier request based on a service identifier request of a target user sent by a client, and feeds back the target service identifier to the client, so that when the service end detects the target service identifier corresponding to identity authentication result information, the service end processes a target service corresponding to a service response request based on the identity authentication result information, and further ensures security performance of service authentication. Wherein explanations of the same or corresponding terms as those of the above embodiments are omitted.
Specifically, the technical solution of this embodiment includes the following steps:
s210, the service processing terminal generates a target service identifier corresponding to the service identifier request based on the service identifier request of the target user sent by the client terminal, and feeds the target service identifier back to the client terminal.
In the embodiment of the invention, when receiving a service authentication request of a target user, a client generates a service identification request corresponding to the service authentication request and sends the service identification request to a service processing end; and the service processing terminal generates a target service identifier corresponding to the service identifier request and feeds the target service identifier back to the client. The service authentication request is a request generated by a target user at a client terminal and used for requesting an identifier corresponding to a requested target service.
Specifically, when receiving a service authentication request of a target user, a client generates a service identification request corresponding to the service authentication request based on the service authentication request, and sends the service identification request to a service processing end, so that the service processing end generates a target service identification corresponding to the service identification request and returns the target service identification to the client. And when receiving the service identification request, the service processing terminal generates a corresponding target service identification according to the identification request and feeds the target service identification back to the client.
On the basis of the above embodiment, after the client acquires the target service identifier corresponding to the service authentication request of the target user, the client also sends identity authentication to the information authentication terminal based on the basic information of the target user. For example, the basic information may include user identity information of the target user, biometric authentication information, and the like.
Optionally, the client acquires user identity information and biometric authentication information of the target user; the client side sends the user identity information, the biological authentication information and the received target service identification to an information authentication end; the information authentication end authenticates the target user based on the received user identity information and the received biological authentication information, generates identity authentication result information, and feeds back the authentication result information to the client, wherein the identity authentication result information can comprise authentication result query information and a target service identifier. And the client generates a service response request based on the identity authentication result information and sends the service response request to the service processing terminal.
The user identity information may be information for proving the identity of the user, and may be information such as a user name, a password, identity card information, bank card information, mobile phone number information, and the like of the target user. The biometric authentication information may be biometric information used by the target user for authentication, and specifically, the biometric authentication information includes at least one of face image information, retina information, iris information, fingerprint information, voice information, and the like. That is, the biometric authentication information may include biometric authentication information generated from one, two, or more types of biometric information among the above-described information. For example, the biometric authentication information may be face image information, or may be biometric authentication information generated by two types of biometric information, such as face image information and retina information, retina information and iris information, or may be any combination of the two or more types of biometric information, and the above embodiments are only optional embodiments, and the biometric authentication information may be generated by a plurality of types of biometric information, or may be composed of other biometric information, and the present embodiment does not limit the biometric authentication information.
Specifically, the method for the client to obtain the user identity information of the target user may be to obtain the input information of the target user based on the input device of the client, or may be to obtain the input information from a database storing the basic information of the target user based on the client, and the obtaining manner is not limited in this embodiment.
Specifically, the manner of the client acquiring the biometric authentication information of the target user may be: and controlling the biological information acquisition device to acquire the biological authentication information of the target user. The biological information acquisition device includes, but is not limited to, at least one of a camera, an infrared scanner, a fingerprint scanner, and the like.
On the basis of the embodiment, after the client acquires the user identity information and the biological authentication information of the target user, the client further generates first data verification information based on the biological authentication information, and sends the user identity information, the biological authentication information, the data verification information and the received target service identifier to the information authentication end, so that the information authentication end generates identity authentication result information and feeds the identity authentication result information back to the client.
The Data verification information may be verification information for increasing security of the biometric Authentication information, and specifically, the first Data verification information may be Data verification information obtained by processing the biometric Authentication information based on a key, such as a Hash-based Message Authentication code (HMAC), or may be Data verification information obtained by processing the biometric Authentication information based on another key Algorithm, such as an International Data Encryption Algorithm (IDEA). For example, the key K of the above key may be a matrix key of 24. The present embodiment does not impose any limitation on the information type and the information generation method of the first data verification information.
Optionally, the method for processing the biometric authentication information based on the secret key to obtain the data verification information may be: and processing the acquired biological authentication information through a biological information acquisition control corresponding to the biological information acquisition device to obtain data verification information. The biological information collection control may be an upper computer that controls the biological information collection device, for example, a control system or control application software of a terminal connected to the camera collection device, which is not limited in this embodiment.
On the basis of the above embodiment, after the client acquires the user identity information of the target user, the client further generates second data verification information corresponding to the service authentication request. The second data check information may be generated by: and acquiring random verification information corresponding to the service authentication request, and taking the random verification information as second data verification information. The client sends the user identity information, the biological authentication information, the data verification information and the received target service identification to the information authentication end, so that the information authentication end generates identity authentication result information and feeds the identity authentication result information back to the client.
Optionally, the method for obtaining the random check information corresponding to the service authentication request may be: the client acquires time information corresponding to the service authentication request or the biometric authentication request, generates a time stamp based on the time information, and uses the time stamp as random verification information corresponding to the service authentication request. Of course, the random check information may also be generated according to the current content information of the service authentication request, or the random code may be generated based on the random code generator, and the generation manner and the type of the random check information are not limited in this embodiment.
In the implementation of the invention, the first data verification information is generated by processing the biometric authentication information of the target user based on the key algorithm, and the second data verification information is generated based on the random information such as the timestamp, and the like, and the beneficial effects are that: the information encryption is carried out on the biological authentication information to be authenticated through the data verification information, so that the biological authentication information is prevented from being tampered, and the safety of the identity authentication process is further ensured.
Step 220, the service processing end receives a service response request of the target user sent by the client, wherein the service response request carries identity authentication result information of the target user.
Step 230, if the service processing end detects that the service response request includes the target service identifier corresponding to the identity authentication result information, processing the target service corresponding to the service response request based on the identity authentication result information.
According to the technical scheme of the embodiment, after the client receives the service authentication request of the target user, the client acquires user identity information and biological authentication information of the target user, generates first data verification information based on the biological authentication information, generates second data verification information based on the service authentication information, and uploads the identity information biological authentication information of the target user to the information authentication terminal based on the first verification information or the second verification information, so that the information authentication terminal generates identity authentication result information and feeds the identity authentication result information back to the client. By the technical scheme of the embodiment of the invention, the picture falsification initiated by the client is prevented, and the safety performance of service authentication is further ensured.
EXAMPLE III
Fig. 3 is an interaction flowchart of a service processing method according to a third embodiment of the present invention, and this embodiment specifically introduces an interaction processing procedure of the service processing method as an optional embodiment based on the foregoing embodiments. Wherein explanations of the same or corresponding terms as those of the above embodiments are omitted.
Specifically, the interaction method related to this embodiment is as follows:
s310, when receiving a service authentication request of a target user, a client generates a service identification request corresponding to the service authentication request and sends the service identification request to the service processing terminal.
S320, the service processing terminal generates a target service identifier corresponding to the service identifier request and feeds the target service identifier back to the client.
S330, the client sends the acquired user identity information, the biometric authentication information and the received target service identification to an information authentication terminal.
S340, the information authentication end authenticates the target user based on the received user identity information and the received biological authentication information, generates identity authentication result information, and feeds back the authentication result information to the client.
S350, the client generates a service response request based on the identity authentication result information, and sends the service response request to the service processing terminal.
S360, the service processing terminal initiates an authentication result query request to the information authentication terminal based on the authentication result query information.
And S370, the information authentication end returns the target authentication result corresponding to the authentication result query request to the service processing end.
And S380, the service processing terminal processes the target service corresponding to the service response request based on the identity authentication result information when detecting that the service response request contains the target service identification corresponding to the identity authentication result information.
The technical scheme of the embodiment specifically comprises the following steps: when the service processing end receives a service response request of a target user sent by the client, when the target service identification corresponding to the identity authentication result information of the target user fed back by the information authentication end carried in the service response request is determined to be consistent with the target service identification generated by the service processing end based on the service identification acquisition request initiated by the client, the target service corresponding to the service response request is processed based on the identity authentication result information carried in the service response request. According to the technical scheme of the embodiment, different target service identifiers are generated by the server based on the client request, so that replay attack initiated by the client is prevented, and the safety performance of service authentication is further guaranteed.
The following is an embodiment of a service processing system provided in an embodiment of the present invention, the system and the service processing method in the foregoing embodiments belong to the same inventive concept, and details that are not described in detail in the embodiment of the service processing system may refer to the above embodiment of the index data statistical method.
Example four
Fig. 4 is a schematic structural diagram of a service processing system according to a fourth embodiment of the present invention, which is applicable to a case of processing a service response request sent by a user, and specifically, may be a case of processing the service response request based on identity authentication result information when the service response request sent by the user is received. The specific structure of the service processing system comprises: a client 410 and a service processing terminal 420; wherein:
a service processing end receives a service response request of a target user sent by a client, wherein the service response request carries identity authentication result information of the target user;
if the service processing terminal detects that the service response request contains a target service identifier corresponding to the identity authentication result information, processing a target service corresponding to the service response request based on the identity authentication result information;
and the target service identifier is generated by the service processing terminal based on a service identifier acquisition request initiated by the client and is fed back to the client.
The technical scheme of the embodiment specifically comprises the following steps: when the service processing end receives a service response request of a target user sent by the client, when the target service identification corresponding to the identity authentication result information of the target user fed back by the information authentication end carried in the service response request is determined to be consistent with the target service identification generated by the service processing end based on the service identification acquisition request initiated by the client, the target service corresponding to the service response request is processed based on the identity authentication result information carried in the service response request. According to the technical scheme of the embodiment, different target service identifiers are generated by the server based on the client request, so that replay attack initiated by the client is prevented, and the safety performance of service authentication is further guaranteed.
On the basis of the above embodiment, the identity authentication result information includes authentication result query information; the processing the target service corresponding to the service response request based on the identity authentication result information comprises:
the service processing terminal initiates an authentication result query request to an information authentication terminal based on the authentication result query information, and receives a target authentication result which is returned by the information authentication terminal and corresponds to the authentication result query request;
and if the target authentication result is that the identity authentication is passed, responding to the service response request, and providing the target service corresponding to the service response request.
On the basis of the foregoing embodiment, if the target authentication result is that the identity authentication passes, providing the target service corresponding to the service response request in response to the service response request includes:
receiving a target service identifier corresponding to the target authentication result returned by the information authentication end, and verifying the target service identifier returned by the information authentication end;
and if the target service identification returned by the information authentication end is consistent with the target service identification corresponding to the authentication result query information and the target authentication result is identity authentication pass, responding to the service response request and providing the target service corresponding to the service response request.
On the basis of the embodiment, when receiving a service authentication request of a target user, the client generates a service identification request corresponding to the service authentication request and sends the service identification request to the service processing terminal;
and the service processing terminal generates a target service identifier corresponding to the service identifier request and feeds the target service identifier back to the client.
On the basis of the above embodiment, after the client receives the service authentication request of the target user, the method further includes:
the client acquires user identity information and biological authentication information of the target user;
the client side sends the user identity information, the biological authentication information and the received target service identification to an information authentication end;
the information authentication end authenticates a target user based on the received user identity information and biological authentication information, generates identity authentication result information and feeds the authentication result information back to the client, wherein the identity authentication result information comprises authentication result query information and the target service identification;
and the client generates a service response request based on the identity authentication result information and sends the service response request to the service processing terminal.
On the basis of the above embodiment, the authentication result query information includes an authentication serial number.
On the basis of the above embodiment, after the client acquires the user identity information and the biometric authentication information of the target user, the method further includes:
the client generates first data verification information based on the biological authentication information;
the client sends the user identity information, the biological authentication information and the received target service identifier to an information authentication end, and the method comprises the following steps:
and the client sends the user identity information, the biological authentication information, the data verification information and the received target service identification to an information authentication end.
On the basis of the above embodiment, the obtaining, by the client, biometric authentication information of the target user includes:
and the client controls a biological information acquisition device to acquire the biological authentication information of the target user.
On the basis of the above embodiment, the processing the biometric authentication information based on the hash operation message authentication code related to the secret key to obtain first data verification information includes:
and processing the biological authentication information based on a hash operation message authentication code related to a secret key through a biological information acquisition control corresponding to the biological information acquisition device to obtain first data verification information.
On the basis of the above embodiment, after the client receives the service authentication request of the target user, the method further includes:
and the client generates second data verification information corresponding to the service authentication request.
On the basis of the foregoing embodiment, the generating, by the client, second data verification information corresponding to the service authentication request includes:
and the client acquires random verification information corresponding to the service authentication request, and takes the random verification information as second data verification information.
On the basis of the foregoing embodiment, the obtaining, by the client, the random verification information corresponding to the service authentication request includes:
the client acquires time information corresponding to the service authentication request or the biometric authentication request, generates a timestamp based on the time information, and uses the timestamp as random verification information corresponding to the service authentication request.
On the basis of the above embodiment, the biometric authentication information includes at least one of face image information, retina information, iris information, fingerprint information, and voice information.
On the basis of the foregoing embodiment, after the service processing end detects that the service response request includes the target service identifier, the method further includes:
the service processing end verifies the target service identifier;
the processing the target service corresponding to the service response request based on the identity authentication result information comprises:
and if the target service identification passes the verification, processing the target service corresponding to the service response request based on the identity authentication result information.
On the basis of the above embodiment, the target service identifier includes a universal unique identification code.
The product can execute the method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE five
Fig. 5 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present invention. FIG. 5 illustrates a block diagram of an exemplary electronic device 12 suitable for use in implementing embodiments of the present invention. The electronic device 12 shown in fig. 5 is only an example and should not bring any limitation to the function and the scope of use of the embodiment of the present invention.
As shown in FIG. 5, electronic device 12 is embodied in the form of a general purpose computing electronic device. The components of electronic device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Electronic device 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by electronic device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)30 and/or cache memory 32. The electronic device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 5, and commonly referred to as a "hard drive"). Although not shown in FIG. 5, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. System memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in system memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
Electronic device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), with one or more devices that enable a user to interact with electronic device 12, and/or with any devices (e.g., network card, modem, etc.) that enable electronic device 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. Also, the electronic device 12 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet) via the network adapter 20. As shown in FIG. 5, the network adapter 20 communicates with the other modules of the electronic device 12 via the bus 18. It should be appreciated that although not shown in FIG. 5, other hardware and/or software modules may be used in conjunction with electronic device 12, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 16 executes various functional applications and sample data acquisition by running the program stored in the system memory 28, for example, implementing the steps of a data drawing method provided in this embodiment, where the data drawing method includes:
a service processing end receives a service response request of a target user sent by a client, wherein the service response request carries identity authentication result information of the target user;
if the service processing terminal detects that the service response request contains a target service identifier corresponding to the identity authentication result information, processing a target service corresponding to the service response request based on the identity authentication result information;
and the target service identifier is generated by the service processing terminal based on a service identifier acquisition request initiated by the client and is fed back to the client.
Of course, those skilled in the art can understand that the processor may also implement the technical solution of the sample data obtaining method provided in any embodiment of the present invention.
EXAMPLE six
The sixth embodiment provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements, for example, the steps of a data rendering method provided in this embodiment, where the data rendering method includes:
a service processing end receives a service response request of a target user sent by a client, wherein the service response request carries identity authentication result information of the target user;
if the service processing terminal detects that the service response request contains a target service identifier corresponding to the identity authentication result information, processing a target service corresponding to the service response request based on the identity authentication result information;
and the target service identifier is generated by the service processing terminal based on a service identifier acquisition request initiated by the client and is fed back to the client.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer-readable storage medium may be, for example but not limited to: an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It will be understood by those skilled in the art that the modules or steps of the invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of computing devices, and optionally they may be implemented by program code executable by a computing device, such that it may be stored in a memory device and executed by a computing device, or it may be separately fabricated into various integrated circuit modules, or it may be fabricated by fabricating a plurality of modules or steps thereof into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (17)

1. A service processing method, comprising:
a service processing end receives a service response request of a target user sent by a client, wherein the service response request carries identity authentication result information of the target user;
if the service processing terminal detects that the service response request contains a target service identifier corresponding to the identity authentication result information, processing a target service corresponding to the service response request based on the identity authentication result information;
and the target service identifier is generated by the service processing terminal based on a service identifier acquisition request initiated by the client and is fed back to the client.
2. The method according to claim 1, wherein the identity authentication result information includes authentication result query information; the processing the target service corresponding to the service response request based on the identity authentication result information comprises:
the service processing terminal initiates an authentication result query request to an information authentication terminal based on the authentication result query information, and receives a target authentication result which is returned by the information authentication terminal and corresponds to the authentication result query request;
and if the target authentication result is that the identity authentication is passed, responding to the service response request, and providing the target service corresponding to the service response request.
3. The method according to claim 2, wherein the providing the target service corresponding to the service response request in response to the service response request if the target authentication result is that the identity authentication is passed comprises:
receiving a target service identifier corresponding to the target authentication result returned by the information authentication end, and verifying the target service identifier returned by the information authentication end;
and if the target service identification returned by the information authentication end is consistent with the target service identification corresponding to the authentication result query information and the target authentication result is identity authentication pass, responding to the service response request and providing the target service corresponding to the service response request.
4. The method of claim 1, further comprising:
the client generates a service identification request corresponding to the service authentication request when receiving the service authentication request of a target user, and sends the service identification request to the service processing terminal;
and the service processing terminal generates a target service identifier corresponding to the service identifier request and feeds the target service identifier back to the client.
5. The method of claim 4, wherein after the client receives the service authentication request of the target user, the method further comprises:
the client acquires user identity information and biological authentication information of the target user;
the client side sends the user identity information, the biological authentication information and the received target service identification to an information authentication end;
the information authentication end authenticates a target user based on the received user identity information and biological authentication information, generates identity authentication result information and feeds the authentication result information back to the client, wherein the identity authentication result information comprises authentication result query information and the target service identification;
and the client generates a service response request based on the identity authentication result information and sends the service response request to the service processing terminal.
6. The method of claim 5, wherein the authentication result query message comprises an authentication serial number.
7. The method according to claim 5, further comprising, after the client acquires the user identity information and the biometric authentication information of the target user:
the client generates first data verification information based on the biological authentication information;
the client sends the user identity information, the biological authentication information and the received target service identifier to an information authentication end, and the method comprises the following steps:
and the client sends the user identity information, the biological authentication information, the data verification information and the received target service identification to an information authentication end.
8. The method of claim 7, wherein the client generates first data verification information based on the biometric authentication information, comprising:
and processing the biological authentication information based on the hash operation message authentication code related to the secret key to obtain first data verification information.
9. The method of claim 5, wherein the client obtaining the biometric authentication information of the target user comprises:
and the client controls a biological information acquisition device to acquire the biological authentication information of the target user.
10. The method of claim 9, wherein the processing the biometric authentication information based on the key-dependent hash message authentication code to obtain first data verification information comprises:
and processing the biological authentication information based on a hash operation message authentication code related to a secret key through a biological information acquisition control corresponding to the biological information acquisition device to obtain first data verification information.
11. The method of claim 5, wherein after the client receives the service authentication request of the target user, the method further comprises:
and the client generates second data verification information corresponding to the service authentication request.
12. The method of claim 11, wherein the client generates second data check information corresponding to the service authentication request, and wherein the generating comprises:
and the client acquires random verification information corresponding to the service authentication request, and takes the random verification information as second data verification information.
13. The method of claim 12, wherein the obtaining, by the client, the random check information corresponding to the service authentication request comprises:
the client acquires time information corresponding to the service authentication request or the biometric authentication request, generates a timestamp based on the time information, and uses the timestamp as random verification information corresponding to the service authentication request.
14. The method of claim 5, wherein the biometric authentication information includes at least one of face image information, retina information, iris information, fingerprint information, and voice information.
15. The method according to claim 1, wherein after the service processing side detects that the service response request includes a target service identifier, the method further comprises:
the service processing end verifies the target service identifier;
the processing the target service corresponding to the service response request based on the identity authentication result information comprises:
and if the target service identification passes the verification, processing the target service corresponding to the service response request based on the identity authentication result information.
16. The method of claim 1, wherein the target service identification comprises a universally unique identification code.
17. A service processing system, comprising: the system comprises a client and a service processing terminal; wherein the content of the first and second substances,
a service processing end receives a service response request of a target user sent by a client, wherein the service response request carries identity authentication result information of the target user;
if the service processing terminal detects that the service response request contains a target service identifier corresponding to the identity authentication result information, processing a target service corresponding to the service response request based on the identity authentication result information;
and the target service identifier is generated by the service processing terminal based on a service identifier acquisition request initiated by the client and is fed back to the client.
CN202110349734.0A 2021-03-31 2021-03-31 Service processing method, system, device, electronic equipment and storage medium Pending CN113158156A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110349734.0A CN113158156A (en) 2021-03-31 2021-03-31 Service processing method, system, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110349734.0A CN113158156A (en) 2021-03-31 2021-03-31 Service processing method, system, device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN113158156A true CN113158156A (en) 2021-07-23

Family

ID=76885956

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110349734.0A Pending CN113158156A (en) 2021-03-31 2021-03-31 Service processing method, system, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113158156A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113726743A (en) * 2021-07-30 2021-11-30 苏州浪潮智能科技有限公司 Method, device, equipment and medium for detecting network replay attack
CN116760648A (en) * 2023-08-22 2023-09-15 上海金电网安科技有限公司 Security service method, device, electronic equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113726743A (en) * 2021-07-30 2021-11-30 苏州浪潮智能科技有限公司 Method, device, equipment and medium for detecting network replay attack
CN116760648A (en) * 2023-08-22 2023-09-15 上海金电网安科技有限公司 Security service method, device, electronic equipment and storage medium
CN116760648B (en) * 2023-08-22 2023-11-17 上海金电网安科技有限公司 Security service method, device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN108810006B (en) Resource access method, device, equipment and storage medium
US10027641B2 (en) Method and apparatus of account login
US20170093851A1 (en) Biometric authentication system
EP3499795A1 (en) Authentication system and method, and user equipment, authentication server, and service server for performing same method
CN109587162B (en) Login verification method, device, terminal, password server and storage medium
US20140095870A1 (en) Device, method, and system for controlling access to web objects of a webpage or web-browser application
US11636261B2 (en) Capturing and sending one-time passwords using augmented reality glasses
US9830445B1 (en) Personal identification number (PIN) replacement in a one-time passcode based two factor authentication system
CN113158156A (en) Service processing method, system, device, electronic equipment and storage medium
CN113225351B (en) Request processing method and device, storage medium and electronic equipment
US11663306B2 (en) System and method for confirming a person's identity
CN110691085A (en) Login method, login device, password management system and computer readable medium
US20220182388A1 (en) Transfer of trust between authentication devices
CN113810394B (en) Service processing method, device, electronic equipment and storage medium
CN114584324B (en) Identity authorization method and system based on block chain
CN114547592A (en) Data processing method and device and electronic equipment
EP3745289A1 (en) Apparatus and method for registering biometric information, apparatus and method for biometric authentication
KR102187545B1 (en) Document management apparatus for providing secure document through user authentication based on face recognition and operating method thereof
US11128620B2 (en) Online verification method and system for verifying the identity of a subject
WO2016112792A1 (en) Identity authentication method and device
US11816231B2 (en) Using machine-learning models to determine graduated levels of access to secured data for remote devices
US20230262053A1 (en) Intelligent authentication mechanism for applications
US11706214B2 (en) Continuous multifactor authentication system integration with corporate security systems
CN114297603A (en) Biological characteristic authentication method and device based on cloud mobile phone, cloud mobile phone platform and storage medium
US20210168129A1 (en) System and method for persistent authentication of a user for issuing virtual tokens

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination