CN113269624A - Authentication and authorization method and device - Google Patents
Authentication and authorization method and device Download PDFInfo
- Publication number
- CN113269624A CN113269624A CN202110499555.5A CN202110499555A CN113269624A CN 113269624 A CN113269624 A CN 113269624A CN 202110499555 A CN202110499555 A CN 202110499555A CN 113269624 A CN113269624 A CN 113269624A
- Authority
- CN
- China
- Prior art keywords
- authentication
- tax
- target
- authentication mode
- tax office
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 99
- 238000013475 authorization Methods 0.000 title claims abstract description 55
- 230000008569 process Effects 0.000 claims abstract description 36
- 230000006854 communication Effects 0.000 claims abstract description 21
- 230000006399 behavior Effects 0.000 claims description 79
- 238000012795 verification Methods 0.000 claims description 60
- 230000015654 memory Effects 0.000 claims description 28
- 238000005457 optimization Methods 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 19
- 238000004891 communication Methods 0.000 claims description 17
- 238000003860 storage Methods 0.000 claims description 4
- 230000003993 interaction Effects 0.000 abstract description 15
- 238000004422 calculation algorithm Methods 0.000 description 28
- 238000010586 diagram Methods 0.000 description 18
- 230000006870 function Effects 0.000 description 9
- 238000012545 processing Methods 0.000 description 9
- 238000013478 data encryption standard Methods 0.000 description 8
- 238000005336 cracking Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000003032 molecular docking Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 229910052709 silver Inorganic materials 0.000 description 1
- 239000004332 silver Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/10—Tax strategies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/207—Tax processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- Finance (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Computer Security & Cryptography (AREA)
- Marketing (AREA)
- Technology Law (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the application discloses an authentication and authorization method and a device, wherein the method comprises the following steps: a bank server receives a tax data acquisition request sent by a user terminal; the bank server acquires an authentication mode of the target tax office according to the target tax office information, wherein the authentication mode comprises a first authentication mode or a second authentication mode; determining whether the user terminal is an authorized user according to an authentication process corresponding to the authentication mode; and if the user terminal is an authorized user, the bank server acquires tax data of the authorized user and sends the tax data to the user terminal. By adopting the method of the embodiment of the application, the problem that the authentication modes of the tax authorities of the 'bank-tax interaction' business in the business communication process have difference is solved by being compatible with the personalized authentication authorization requirements of the tax authorities of the 'bank-tax interaction' business.
Description
Technical Field
The present application relates to the field of big data processing technologies, and in particular, to an authentication and authorization method and apparatus.
Background
With the continuous improvement of the economic level of China, the 'bank-tax interaction' (interaction between a bank and a tax institution) business for solving the financing problem of enterprises is also remarkably developed, at present, for nationwide banks to develop the 'bank-tax interaction' business in various regions, technical docking needs to be realized according to the technical docking requirements of various local tax authorities and according to the personalized requirements of different local tax authorities in different regions, so that the authentication and authorization requirements of the tax authorities in different regions have differences, and further the problem of compatibility exists in the 'bank-tax interaction' business for the personalized authentication and authorization requirements of the tax authorities in different regions.
Disclosure of Invention
The embodiment of the application provides an authentication and authorization method and device, and the authentication mode of a target tax bureau is obtained through a bank server according to target tax bureau information in a tax data acquisition request sent by a user terminal, so that the compatibility problem of the authentication and authorization modes of different tax bureaus in 'bank and tax interaction' business is solved.
In a first aspect, an embodiment of the present application provides an authentication and authorization method, which is applied to a bank server, where the bank server is connected to at least one remote tax office server, and the method includes:
the method comprises the steps that a bank server receives a tax data acquisition request sent by a user terminal, wherein the tax data acquisition request comprises target tax bureau information;
the bank server acquires an authentication mode of the target tax office according to the target tax office information, wherein the authentication mode comprises a first authentication mode or a second authentication mode, the first authentication mode is bank server local authentication and remote tax office server auxiliary authentication, and the second authentication mode is remote tax office server authentication;
determining whether the user terminal is an authorized user according to an authentication process corresponding to the authentication mode;
and if the user terminal is an authorized user, the bank server acquires tax data of the authorized user and sends the tax data to the user terminal.
In one possible example, if the authentication mode is the second authentication mode, after the bank server receives the verification information sent by the user terminal, before forwarding the verification information to the target remote tax office server, the method further includes:
counting the access frequency of a target remote tax office server in a first time period to obtain an access frequency weight;
acquiring the database capacity of a target remote tax office server to obtain a database capacity weight;
multiplying the access frequency weight by the database capacity weight to obtain a target tax office grade;
if the target tax office grade is greater than or equal to the preset tax office grade, encrypting the verification information by using a first security grade encryption algorithm, wherein the first security grade encryption algorithm comprises an Advanced Encryption Standard (AES) algorithm;
and if the target tax office grade is less than the preset tax office grade, encrypting the verification information by using a second security grade encryption algorithm, wherein the second security grade encryption algorithm comprises a data encryption standard DES algorithm, and the security grade of the first security grade encryption algorithm is higher than that of the second security grade encryption algorithm.
In a second aspect, an embodiment of the present application provides an authentication and authorization apparatus, which is applied to a bank server, where the bank server is connected to at least one remote tax bureau server, and the apparatus includes:
the receiving unit is used for receiving a tax data acquisition request sent by a user terminal by a bank server, wherein the tax data acquisition request comprises target tax bureau information;
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring an authentication mode of a target tax office by a bank server according to information of the target tax office, the authentication mode comprises a first authentication mode or a second authentication mode, the first authentication mode is bank server local authentication, and remote tax office server auxiliary authentication, and the second authentication mode is remote tax office server authentication;
a determining unit, configured to determine whether a user of the user terminal is an authorized user according to an authentication process corresponding to the authentication manner;
and the calling unit is used for calling the tax data of the authorized user from the target remote tax bureau server corresponding to the target tax bureau to send to the bank server if the user of the user terminal is the authorized user.
In a third aspect, an embodiment of the present application provides an authentication and authorization apparatus, where the apparatus includes:
the system comprises a processor, a memory and a communication interface, wherein the processor, the memory and the communication interface are mutually connected and finish mutual communication work;
the memory has stored thereon executable program code, the communication interface for wireless communication;
the processor is configured to retrieve the executable program code stored in the memory, and to cause the executable program code to perform some or all of the steps described in any of the methods of the first aspect of the embodiments of the present application.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium having a computer program stored therein for electronic data exchange, the computer program comprising executable instructions for performing some or all of the steps as described in any one of the methods of the first aspect of embodiments of the present application.
In a fifth aspect, the present application provides a computer program product, where the computer program product includes a computer program operable to cause a computer to perform some or all of the steps as described in any one of the methods of the first aspect of the embodiments of the present application. The computer program product may be a software installation package.
In the embodiment of the application, the tax data acquisition request sent by the user terminal is received by the bank server, the bank server acquires the authentication mode of the target tax office according to the target tax office information, the authentication mode includes a first authentication mode or a second authentication mode, the first authentication mode is bank server local authentication and remote tax office server auxiliary authentication, the second authentication mode is remote tax office server authentication, whether the user terminal is an authorized user is determined according to the authentication process corresponding to the authentication mode, and if the user terminal is the authorized user, the bank server acquires the tax data of the authorized user and sends the tax data to the user terminal. By being compatible with the personalized authentication authorization requirements of each local tax bureau in the 'bank-tax interaction' service, the problem that the authentication modes of the local tax bureaus of the 'bank-tax interaction' service in the service communication process have difference is solved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1A is a structural deployment diagram of an authentication and authorization system applied in an embodiment of the present application;
fig. 1B is a schematic flowchart of an authentication and authorization method according to an embodiment of the present application;
fig. 2 is an exemplary schematic diagram of an authentication and authorization method provided in an embodiment of the present application;
fig. 3A is a schematic structural diagram of an authentication and authorization apparatus according to an embodiment of the present application;
fig. 3B is a detailed structure diagram of an optimization unit provided in the embodiment of the present application;
fig. 4 is a schematic structural diagram of another authentication and authorization apparatus provided in the embodiment of the present application.
Detailed Description
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," and the like in the description and claims of the present application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps is not limited to only those steps recited, but may alternatively include other steps not recited, or may alternatively include other steps inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
The apparatus according to the embodiments of the present application will be described with reference to the accompanying drawings.
Fig. 1A is a structural deployment diagram of an authentication and authorization system applied in the embodiment of the present application. As shown in fig. 1A, the authentication and authorization system includes a user terminal module, a bank server module, and a remote tax office server module. The functions of each module can be realized by a single server, or the functions of a plurality of modules can be realized by one server. And a plurality of servers realizing the functions of different modules are mutually communicated and connected.
The user terminal module is used for sending tax data acquisition requests and verification information to the bank server module and is also used for receiving tax data sent by the bank server module.
The bank server module is used for receiving a tax data acquisition request sent by the user terminal module, acquiring an authentication mode of a target tax bureau according to target tax bureau information included in the tax data acquisition request, determining whether the user terminal module is an authorized user according to an authentication process corresponding to the authentication mode, and if the user terminal module is the authorized user, acquiring tax data of the authorized user and sending the tax data to the user terminal.
The remote tax bureau server module is used for sending tax data of the authorized user to the bank server after the user terminal module is determined to be the authorized user according to the authentication process corresponding to the authentication mode.
The embodiment of the application provides an authentication and authorization method, which is applied to a bank server, wherein the bank server is connected with at least one remote tax bureau server, the method specifically comprises the steps that the bank server receives a tax data acquisition request sent by a user terminal, the bank server acquires an authentication mode of a target tax bureau according to target tax bureau information, whether the user terminal is an authorized user or not is determined according to an authentication process corresponding to the authentication mode, and if the user terminal is the authorized user, the bank server acquires tax data of the authorized user and sends the tax data to the user terminal. The embodiments of the present application will be described in detail below with reference to the accompanying drawings.
Referring to fig. 1B, fig. 1B is a schematic flowchart of an authentication and authorization method according to an embodiment of the present application, and as shown in fig. 1B, the authentication and authorization method described in the embodiment of the present application includes the following steps:
101: the method comprises the steps that a bank server receives a tax data acquisition request sent by a user terminal, wherein the tax data acquisition request comprises target tax bureau information;
the tax bureau data requested to be collected by the tax data collection request comprises tax data such as an asset liability statement, a profit statement and a reporting statement.
The target tax bureau information comprises target tax bureau related information such as a location of the target tax bureau and an authentication mode of the target tax bureau.
102: the bank server acquires an authentication mode of the target tax office according to the target tax office information, wherein the authentication mode comprises a first authentication mode or a second authentication mode, the first authentication mode is bank server local authentication and remote tax office server auxiliary authentication, and the second authentication mode is remote tax office server authentication;
the first authentication mode is bank server local authentication and remote tax bureau server auxiliary authentication, that is, in the first authentication mode, the local authentication is performed through the bank server first, and then the auxiliary authentication is performed through the remote tax bureau server. The bank server and the remote tax office server are different in verification content of the verification information initiated by the user terminal, and the verification content verified by the bank server is more than that of the remote tax office server.
Illustratively, when the authentication mode is a first authentication mode, the verification information locally input by the user terminal at the bank server comprises an enterprise name, a unified social credit code, legal representative information and mobile phone information, wherein the legal representative information comprises a legal representative name and a legal representative identity card number, and the mobile phone information comprises a legal representative mobile phone number and a short message verification code received by the mobile phone number; after the local authentication of the bank server, namely the bank server verifies the verification information, the remote tax office server performs auxiliary authentication on legal representative information and mobile phone information in the verification information, namely the remote tax office server performs auxiliary authentication on the legal representative information and the mobile phone information in the verification information and performs matching verification on the legal representative information and the mobile phone information reserved in the user terminal, and if the legal representative information and the mobile phone information in the verification information are consistent, the authentication is passed.
The second authentication mode is remote tax bureau server authentication, and means that in the second authentication mode, the bank server does not check the verification information initiated by the user terminal, the user terminal directly inputs the verification information on the remote tax bureau server, and the remote tax bureau server independently checks the verification information.
Illustratively, when the authentication mode is the second authentication mode, the verification information input by the user terminal at the corresponding position of the remote tax office server is the social credit code, the legal representative mobile phone number and the target tax office login password, and the remote tax office server performs matching verification on the verification information, and if the verification information is consistent, the authentication is passed.
103: determining whether the user terminal is an authorized user according to an authentication process corresponding to the authentication mode;
determining whether the user terminal is an authorized user according to an authentication process corresponding to the authentication mode, specifically: if the authentication mode is the first authentication mode, determining that the user terminal is an authorized user only under the condition that the verification information sent by the user terminal passes the local authentication of the bank server and the auxiliary authentication of the remote tax bureau server at the same time; and if the authentication mode is the second authentication mode, determining that the user terminal is an authorized user under the condition that the verification information sent by the user terminal passes the authentication of the remote tax bureau server.
104: and if the user terminal is an authorized user, the bank server acquires tax data of the authorized user and sends the tax data to the user terminal.
The bank server acquires tax data of an authorized user and sends the tax data to the user terminal, after the user terminal is determined to be the authorized user, the remote tax bureau server calls the tax data of the authorized user and sends the tax data to the bank server, and the bank server acquires the tax data of the authorized user and sends the tax data to the user terminal.
In the embodiment of the application, the tax data acquisition request sent by the user terminal is received by the bank server, the bank server acquires the authentication mode of the target tax office according to the target tax office information, the authentication mode includes a first authentication mode or a second authentication mode, the first authentication mode is bank server local authentication and remote tax office server auxiliary authentication, the second authentication mode is remote tax office server authentication, whether the user terminal is an authorized user is determined according to the authentication process corresponding to the authentication mode, and if the user terminal is the authorized user, the bank server acquires the tax data of the authorized user and sends the tax data to the user terminal. By being compatible with the personalized authentication authorization requirements of each local tax bureau in the 'bank-tax interaction' service, the problem that the authentication modes of the local tax bureaus of the 'bank-tax interaction' service in the service communication process have difference is solved.
In one possible example, the first authentication manner specifically includes: the bank server receives verification information sent by the user terminal, wherein the verification information comprises legal representative information and mobile phone information; the bank server checks the checking information, and if the checking information passes, the bank server sends the checking information to the target remote tax office server; matching the legal representative information with preset legal representative information through a target remote tax office server, and matching the mobile phone information with preset mobile phone information; and if the legal representative is consistent with the preset legal representative and the mobile phone information is consistent with the preset mobile phone information, the bank server determines that the user of the user terminal is an authorized user through the target remote tax office server.
The legal representative information comprises a legal representative name and a legal representative identity card number, and the mobile phone information comprises a mobile phone number of the legal representative and a short message verification code received by the mobile phone number.
The bank server checks the check information and confirms that the check information sent by the user terminal is correct for the bank server.
The legal representative information and the preset legal representative information are matched through the target remote tax office server, and the mobile phone information and the preset mobile phone information are matched, so that the target remote tax office server checks whether the legal representative information and the mobile phone information input by the user terminal are consistent with the preset tax office registration information, if the legal representative information and the mobile phone information input by the user terminal are inconsistent with the preset legal representative information and the preset mobile phone information reserved in the target remote tax office server, the fact that the enterprise worker information of the user terminal, which is not a tax data holder or the user terminal, is changed but is not updated on the tax office registration information in time is indicated, and the enterprise worker information on the tax office registration information is supervised and promoted to be updated by enterprise users in time while the safety of the tax data is ensured.
It can be seen that, in the embodiment of the application, through the first authentication mode of the local authentication of the bank server and the auxiliary authentication of the remote tax bureau server, the bank organization and the tax bureau organization verify the verification information sent by the user terminal, and through the two layers of verification, the safety problem of authentication authorization is guaranteed, and the supervising and urging effect of reminding the user of timely updating the reserved tax bureau registration information is also achieved, so that the tax information compliance is guaranteed.
In one possible example, the second authentication manner specifically includes: the bank server receives the verification information sent by the user terminal and forwards the verification information to the target remote tax office server; verifying the verification information through the target remote tax office server; and if the verification information passes the verification, the bank server determines that the user of the user terminal is an authorized user through the target remote tax office server.
The verification information comprises a social credit code, a legal representative mobile phone number and a target tax office login password.
It can be seen that, in the embodiment of the application, the second authentication mode of the remote tax office server authentication is adopted, the tax office mechanism verifies the verification information sent by the user terminal, and the requirement of local tax office authentication authorization allowing only the tax office to perform authentication is met.
In one possible example, before the bank server receives the verification information sent by the user terminal and sends the verification information to the target remote tax office server, the method further includes: the bank server generates first behavior watermark information according to the authentication process of the user terminal, wherein the behavior watermark information comprises at least one of the following items: source address IP, message authentication code MAC, behavior time and request content; and determining the legality of the authentication process according to the first behavior watermark information.
Wherein, the source address IP refers to the IP address of the user terminal.
The message authentication code MAC is used to prevent information sent by the user terminal from being tampered without authorization of the user terminal.
Wherein, the behavior time refers to a behavior occurrence time node of the user terminal.
Wherein, the request content refers to the tax data content requested to be collected by the user terminal.
The validity of the authentication process is determined according to the first behavior watermark information, the first behavior watermark information is used for carrying out electronic evidence storage on the authentication process of the user terminal, and the authentication process of the user terminal can be called as electronic evidence for use in financial arbitration.
In the embodiment of the application, before the bank server receives the verification information sent by the user terminal and sends the verification information to the target remote tax office server, the bank server generates the first behavior watermark information according to the authentication process of the user terminal, the first behavior watermark information electronically stores the authentication process of the user terminal, the legality of the authentication process is determined according to the first behavior watermark information, and the safety problem of the authentication and authorization process is guaranteed.
In one possible example, before the target remote tax office server corresponding to the target tax office calls the tax data of the authorized user to send to the bank server, the method further includes: the target remote tax office server generates a behavior log according to the behavior of the user terminal and sends the behavior log to the bank server; the bank server generates second behavior watermark information of the user terminal according to the behavior log; and the bank server matches the first behavior watermark information with the second behavior watermark information and determines that the first behavior watermark information and the second behavior watermark information are successfully matched.
Illustratively, the bank server matches the first behavior watermark information with the second behavior watermark information, specifically, matches a source address IP in the first behavior watermark information with a source address IP in the second behavior watermark information, and when the two are matched, indicates that the same user terminal is operating in the authentication process, so as to prevent other people except the non-tax data holder from performing the authentication operation, thereby implementing security control in the authentication process. Referring to fig. 2, fig. 2 is a schematic diagram illustrating an example of an authentication and authorization method according to an embodiment of the present application, as shown in fig. 2, a source address IP in the first behavior watermark information is 183.15.178 °, and a source address IP in the second behavior watermark information is 219.136.38 °, that is, the source address IP of the first behavior watermark information is inconsistent with the source address IP of the second behavior watermark information, that is, a change of an operator of a user terminal may occur at this time, and there is a certain risk, and it is considered that the first behavior watermark information and the second behavior watermark information are not successfully matched at this time.
It can be seen that, in the embodiment of the application, before the target remote tax office server corresponding to the target tax office calls the tax data of the authorized user and sends the tax data to the bank server, the target remote tax office server generates a behavior log according to the behavior of the user terminal and sends the behavior log to the bank server, the bank server generates second behavior watermark information of the user terminal according to the behavior log and matches the first behavior watermark information with the second behavior watermark information, the security of the authentication process of the user terminal is ensured by determining that the first behavior watermark information matches the second behavior watermark information successfully, even if the bank does not verify the verification information sent by the user terminal, the bank can also play a role in safety control on the authentication process of the user terminal, so that the safety of user access is guaranteed, and the risk in the authentication and authorization process is further reduced.
In one possible example, the method further includes: the bank server acquires user terminal behavior data of a target remote tax office server, wherein the user terminal behavior data comprises first-level behavior data and second-level behavior data of at least one user terminal; obtaining an authentication mode loss rate (1-second-level behavior data/first-level behavior data) × 100% according to the first-level behavior data and the second-level behavior data; and if the loss rate of the authentication mode is greater than the preset loss rate of the authentication mode, generating an optimization suggestion and sending the optimization suggestion to the target remote tax office server, wherein the optimization suggestion is used for optimizing and adjusting the authentication mode of the target tax office corresponding to the target remote tax office server.
Illustratively, the first-level behavior data of the target remote tax office server is an authenticated user arrival amount, the second-level behavior data is a tax data feedback amount, the authenticated user arrival amount is 10000, the corresponding tax data feedback amount in the 10000 user arrival amounts is 5000, and the preset authentication mode loss rate is 30%, then the authentication mode loss rate (1-5000/10000) × 100% ═ 50% and greater than 30% are greater than the preset authentication mode loss rate, at this time, an optimization suggestion is generated and sent to the target remote tax office server.
It can be seen that, in the embodiment of the application, the authentication mode loss rate is obtained according to the user terminal behavior data, and whether an optimization suggestion is generated or not is judged according to the relationship between the authentication mode loss rate and the preset authentication mode loss rate to perform optimization adjustment on the authentication mode of the corresponding target tax office on the target remote server, so that a beneficial reference is provided for the target tax office on the iterative upgrade problem of the user authentication authorization process, and the authentication authorization passing rate of the 'bank and tax interaction' service is further ensured.
In one possible example, the method further includes: if the authentication mode is the first authentication mode, optimizing and proposing to suggest that the target remote tax office server changes the authentication mode from the first authentication mode to a second authentication mode; and if the authentication mode is the second authentication mode, optimizing and proposing to replace the authentication mode from the second authentication mode to the first authentication mode by the target remote tax office server and/or optimizing and adjusting the verification information which needs to be verified by the target remote tax office server.
The optimization adjustment of the verification information to be verified by the target remote server can be realized by deleting the verification items which cause the increase of the loss rate of the authentication mode.
It can be seen that, in the embodiment of the present application, if the authentication mode is the first authentication mode, the optimization suggestion is used to suggest that the target remote tax office server changes the authentication mode from the first authentication mode to the second authentication mode, and if the authentication mode is the second authentication mode, the optimization suggestion may be to suggest that the target remote tax office server changes the authentication mode from the second authentication mode to the first authentication mode, or to suggest that the optimization adjustment is performed on the tax office check information that needs to be checked, for example, a check item that results in a large authentication mode loss rate is cancelled, so that a beneficial reference is provided for the target tax office on the iterative upgrade problem of the user authentication authorization process, and the authentication authorization pass rate of the "silver tax interaction" service is further ensured.
In one possible example, the target tax office information includes a location of the target tax office, and obtaining the authentication mode of the target tax office according to the target tax office information includes: determining whether the target tax office is in a first class area according to the location of the target tax office, wherein the first class area is a first-class administrative area of which the economic capacity reaches a first preset threshold; if not, the authentication mode corresponding to the target tax bureau is the first authentication mode; if so, acquiring the use probabilities of the tax authorities in the range of the primary administrative area for the first authentication mode and the second authentication mode, and determining the authentication mode with high use probability as the authentication mode corresponding to the target tax authority; or determining whether the target tax office is in a second type area in the first type area according to the location of the target tax office, wherein the second type area is a second-level administrative area with the economic capacity reaching a second preset threshold value, and the management range of the second-level administrative area is smaller than that of the first-level administrative area; if so, the authentication mode corresponding to the target tax bureau is the second authentication mode; if not, the authentication mode corresponding to the target tax bureau is the first authentication mode.
Wherein the economic capacity comprises a production total value GDP.
The management range of the second-level administrative area is smaller than that of the first-level administrative area, and the administrative division level of the second-level administrative area is lower than that of the first-level administrative area.
The method comprises the steps of acquiring the use probabilities of tax authorities in a first-level administrative area range for a first authentication mode and a second authentication mode, determining the authentication mode with high use probability as the authentication mode corresponding to a target tax authority, specifically, counting at least one tax authority in the first-level administrative area range, counting the authentication mode used by each tax authority in the at least one tax authority, and obtaining the number of the tax authorities in the first authentication mode and the number of the tax authorities in the second authentication mode.
Illustratively, the first preset threshold is 40000 billion, the first-level administrative region is province, the economic capacity of the province of the target tax office, namely GDP, is 30000 billion and is smaller than the first preset threshold, and the target tax office is determined not to be in the first type region, which can be marked as "affluence region" or "economic massiveness region", for example. The corresponding authentication mode of the target tax bureau is the first authentication mode at this time. The economic capacity of the identity of the target tax bureau is smaller than a first preset threshold value, and the fiscal and tax check quantity of the target tax bureau can be estimated to be smaller, so that the target tax bureau is presumed to be applicable to a first authentication mode, namely, the authentication requirement of the target tax bureau can be met by combining unified bank local authentication with remote tax bureau auxiliary authentication.
And if the economic capacity of the province of the target tax bureau is greater than or equal to a first preset threshold value, the target tax bureau is in a first type area. And determining the authentication mode used by the target tax office according to the use probability of the tax office in the first-level administrative area of the target tax office for the first authentication mode and the second authentication mode. This is because the province where the target tax bureau is located is not the first type region, but the economic development of the grade city in the province is unbalanced, and there may be a "region with large economic volume", so the target tax bureau can determine the authentication method used by itself according to the probability of the authentication method used in the province.
Or the economic quantity of the grade city where the target tax bureau is located can be further determined, and the authentication mode of the target tax bureau is determined according to the economic quantity of the grade city. Illustratively, the first preset threshold is 40000 hundred million yuan, the first-level administrative area is a province, the second preset threshold is 3000 hundred million yuan, the second-level administrative area is a city of the ground level, the economic capacity of the province of the target tax office, namely the GDP, is 110000 million yuan greater than the first preset threshold, at this time, whether the target tax office is located in the second-type area in the first-type area or not can be determined according to the location of the target tax office, the economic capacity of the city of the ground level of the target tax office is 2500 hundred million yuan less than the second preset threshold, it is determined that the target tax office is not located in the second-type area in the first-type area, and at this time, the authentication mode corresponding to the target tax office is the first authentication mode. The province economic capacity of the target tax office is larger than a first preset threshold value, but the local city is smaller than a second preset threshold value, so that the fiscal tax checking amount of the target tax office can be estimated to be small, and the target tax office is presumed to be suitable for a first authentication mode, namely, the authentication requirement of the target tax office can be met by combining unified bank local authentication with remote tax office auxiliary authentication. On the contrary, if the province economic capacity of the target tax office is larger than the first preset threshold value and the local city is larger than the second preset threshold value, the fiscal tax checking amount of the target tax office can be estimated to be larger, so that the target tax office is presumed to be applicable to a second authentication mode, namely, the target tax office is authenticated through the personalized authentication mode of the tax office.
It can be seen that, in the embodiment of the application, the area where the target tax office is located is determined according to the economic performance of the location of the target tax office, and it is first determined whether the target tax office is in the first-class area, if not, the authentication mode corresponding to the target tax office is the first authentication mode, if the target tax office is in the first-class area, the authentication mode corresponding to the target tax office is obtained for the tax office with higher use probability for the first authentication mode and the second authentication mode, or it is further determined whether the target tax office is in the second-class area with a smaller management range than the first-class administrative area, if the target tax office is in the second-class area, the authentication mode corresponding to the target tax office is the second authentication mode, and if the target tax office is not in the second-class area, the authentication mode corresponding to the target tax office is the first authentication mode. And for a target tax bureau with higher economic productivity of the location, determining that the authentication mode is a second authentication mode in which the tax bureau needs to carry out more information verification items, and ensuring the safety of important tax data by the tax bureau through a stricter authentication mode.
In one possible example, if the authentication mode is the second authentication mode, after the bank server receives the verification information sent by the user terminal, before forwarding the verification information to the target remote tax office server, the method further includes:
counting the access frequency of a target remote tax office server in a first time period to obtain an access frequency weight;
acquiring the database capacity of a target remote tax office server to obtain a database capacity weight;
multiplying the access frequency weight by the database capacity weight to obtain a target tax office grade;
if the target tax office grade is greater than or equal to the preset tax office grade, encrypting the verification information by using a first security grade encryption algorithm, wherein the first security grade encryption algorithm comprises an Advanced Encryption Standard (AES) algorithm;
and if the target tax office grade is less than the preset tax office grade, encrypting the verification information by using a second security grade encryption algorithm, wherein the second security grade encryption algorithm comprises a data encryption standard DES algorithm, and the security grade of the first security grade encryption algorithm is higher than that of the second security grade encryption algorithm.
The access frequency is the access frequency of a tax data acquisition request initiated by the user terminal to a target tax office corresponding to the target remote tax office server, and the access frequency weight is the access frequency/the first time period.
The obtaining of the database capacity of the target remote tax office server may be performed by obtaining the number of enterprises at the location of the target tax office from an enterprise and business information database such as an enterprise credit information publicity system, and if the number of enterprises at the location of the target tax office is larger, the database capacity of the target remote tax office server is larger.
The security level of the first security level encryption algorithm is higher than that of the second security level encryption algorithm, namely the difficulty of cracking the first security level encryption algorithm is higher than that of the second security level encryption algorithm, the difficulty of cracking the first security level encryption algorithm can depend on the length of a key, for example, the length of the key of the advanced encryption standard AES algorithm can be 128 bits, 192 bits and 256 bits, and the length of the key of the data encryption standard DES algorithm is 56 bits, so that the length of the key of the advanced encryption standard AES algorithm is longer than that of the data encryption standard DES algorithm, namely the key is more difficult to crack.
It can be seen that, in the embodiment of the application, the target tax office grade is obtained through the access frequency and the database capacity of the target remote tax office server, the verification information initiated by the user terminal is encrypted by using the encryption algorithms with different security levels according to the size between the target tax office grade and the preset tax office grade, the first security level encryption algorithm with higher cracking difficulty is used when the target tax office grade is higher, and the second security level encryption algorithm with lower cracking difficulty and higher encryption and decryption speed is used when the target tax office grade is lower, so that the security of the authentication and authorization process can be ensured, and the working efficiency of the authentication and authorization process can be ensured.
Referring to fig. 3A, please refer to fig. 3A in accordance with the embodiment shown in fig. 1B, where fig. 3A is a schematic structural diagram of an authentication and authorization apparatus provided in the present application, and as shown in fig. 3A:
an authentication and authorization device applied to a bank server, the bank server being connected to at least one remote tax office server, the device comprising:
301: the receiving unit is used for receiving a tax data acquisition request sent by a user terminal by a bank server, wherein the tax data acquisition request comprises target tax bureau information;
302: the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring an authentication mode of a target tax office by a bank server according to information of the target tax office, the authentication mode comprises a first authentication mode or a second authentication mode, the first authentication mode is bank server local authentication, and remote tax office server auxiliary authentication, and the second authentication mode is remote tax office server authentication;
303: a determining unit, configured to determine whether a user of the user terminal is an authorized user according to an authentication process corresponding to the authentication manner;
304: and the calling unit is used for calling the tax data of the authorized user from the target remote tax bureau server corresponding to the target tax bureau to send to the bank server if the user of the user terminal is the authorized user.
It can be seen that, in the embodiment of the application, the receiving unit enables the bank server to receive the tax data acquisition request sent by the user terminal, the obtaining unit enables the bank server to obtain the authentication mode of the target tax office according to the information of the target tax office, the authentication mode includes a first authentication mode or a second authentication mode, the first authentication mode is local authentication of the bank server and auxiliary authentication of the remote tax office server, the second authentication mode is authentication of the remote tax office server, the determining unit determines whether the user terminal is an authorized user according to the authentication process corresponding to the authentication mode, and the invoking unit enables the bank server to obtain the tax data of the authorized user and send the tax data to the user terminal when the user terminal is the authorized user. By being compatible with the personalized authentication authorization requirements of each local tax bureau in the 'bank-tax interaction' service, the problem that the authentication modes of the local tax bureaus of the 'bank-tax interaction' service in the service communication process have difference is solved.
In a possible example, please refer to fig. 3A, fig. 3A is a schematic structural diagram of an authentication and authorization apparatus according to an embodiment of the present application, and as shown in fig. 3A, the apparatus further includes:
305: the data unit is used for the bank server to obtain user terminal behavior data of the target remote tax office server, wherein the user terminal behavior data comprises first-level behavior data and second-level behavior data of at least one user terminal;
306: the calculation unit is used for obtaining the authentication mode loss rate (1-second-level behavior data/first-level behavior data) × 100% according to the first-level behavior data and the second-level behavior data;
307: and the optimization unit is used for generating an optimization suggestion and sending the optimization suggestion to the target remote tax office server if the loss rate of the authentication mode is greater than the preset loss rate of the authentication mode, wherein the optimization suggestion is used for optimizing and adjusting the authentication mode of the target tax office corresponding to the target remote tax office server.
Specifically, the authentication and authorization apparatus may be divided into functional units according to the above method example, for example, each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit. It should be noted that the division of the unit in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
In a possible example, please refer to fig. 3B, where fig. 3B is a detailed structural diagram of an optimization unit provided in an embodiment of the present application, and as shown in fig. 3B, the optimization unit includes:
3071: the first authentication mode optimization module is used for optimizing and proposing that the target remote tax bureau server changes the authentication mode from the first authentication mode to a second authentication mode if the authentication mode is the first authentication mode;
3072: and the second authentication mode optimization module is used for optimizing and proposing that the target remote tax office server needs to be verified and optimizing and adjusting verification information which is used for proposing the target remote tax office server to change the authentication mode from the second authentication mode to the first authentication mode if the authentication mode is the second authentication mode.
Referring to fig. 4, in accordance with the embodiment shown in fig. 1B, fig. 4 is a schematic structural diagram of another authentication and authorization apparatus provided in the embodiment of the present application, as shown in fig. 4:
an authentication and authorization apparatus comprising:
the system comprises a processor, a memory and a communication interface, wherein the processor, the memory and the communication interface are mutually connected and finish mutual communication work;
the memory has stored thereon executable program code, the communication interface for wireless communication;
the processor is used for calling the executable program codes stored in the memory and executing part or all of the steps of any one of the authentication and authorization methods described in the above method embodiments, and the computer comprises an electronic terminal device.
The memory may be a volatile memory such as a dynamic random access memory DRAM, or a non-volatile memory such as a mechanical hard disk. The memory is used for storing a set of executable program codes, and the processor is used for calling the executable program codes stored in the memory and can execute part or all of the steps of any one authentication and authorization method described in the authentication and authorization method embodiment.
The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System for Mobile communications), GPRS (General Packet Radio Service), CDMA2000(Code Division Multiple Access 2000), WCDMA (Wideband Code Division Multiple Access), TD-SCDMA (Time Division-Synchronous Code Division Multiple Access), FDD-LTE (Frequency Division duplex-Long Term Evolution), and TDD-LTE (Time Division duplex-Long Term Evolution).
The embodiment of the present application provides a computer-readable storage medium, in which a computer program for electronic data exchange is stored, where the computer program includes an execution instruction for executing part or all of the steps of any one of the authentication and authorization methods described in the above embodiments of the authentication and authorization method, and the computer includes an electronic terminal device.
The present application provides a computer program product, wherein the computer program product includes a computer program operable to make a computer perform part or all of the steps of any one of the authentication and authorization methods as described in the above method embodiments, and the computer program product may be a software installation package.
It should be noted that, for the sake of simplicity, any embodiment of the method for authenticating and authorizing is described as a series of combinations of actions, but those skilled in the art should understand that the present application is not limited by the described order of actions, as some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
The above embodiments of the present application are described in detail, and the principles and embodiments of an authentication and authorization method and apparatus of the present application are explained herein by applying specific embodiments, and the description of the above embodiments is only used to help understand the method and core ideas of the present application; meanwhile, for those skilled in the art, according to the idea of the present invention, the specific implementation and the application scope may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present application.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, hardware products and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks. The memory may include: flash Memory disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
While the present application has been described in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a review of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the word "a" or "an" does not exclude a plurality. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
It will be understood by those skilled in the art that all or part of the steps of the various methods of any of the above-described method embodiments of the authentication and authorization method may be implemented by a program that instructs associated hardware to perform the steps of the method, where the program may be stored in a computer-readable memory, where the memory may include: flash Memory disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
It will be appreciated that all products controlled or configured to perform the processing methods of the flowcharts described in the embodiments of a method for certificate authority of the present application, such as the apparatuses and computer program products of the flowcharts described above, are within the scope of the related products described herein.
It is apparent that those skilled in the art can make various changes and modifications to a method and apparatus for authentication and authorization provided herein without departing from the spirit and scope of the present application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (10)
1. An authentication and authorization method applied to a bank server, wherein the bank server is connected with at least one remote tax office server, and the method comprises the following steps:
the bank server receives a tax data acquisition request sent by a user terminal, wherein the tax data acquisition request comprises target tax bureau information;
the bank server acquires an authentication mode of a target tax office according to the target tax office information, wherein the authentication mode comprises a first authentication mode or a second authentication mode, the first authentication mode is bank server local authentication and remote tax office server auxiliary authentication, and the second authentication mode is remote tax office server authentication;
determining whether the user terminal is an authorized user according to an authentication process corresponding to the authentication mode;
and if the user terminal is an authorized user, the bank server acquires tax data of the authorized user and sends the tax data to the user terminal.
2. The method according to claim 1, wherein the first authentication means specifically comprises:
the bank server receives verification information sent by the user terminal, wherein the verification information comprises legal representative information and mobile phone information;
the bank server checks the checking information, and if the checking information passes, the bank server sends the checking information to the target remote tax office server;
matching the legal representative information with preset legal representative information through the target remote tax office server, and matching the mobile phone information with preset mobile phone information;
and if the legal representative is consistent with the preset legal representative information and the mobile phone information is consistent with the preset mobile phone information, the bank server determines that the user of the user terminal is an authorized user through the target remote tax office server.
3. The method according to claim 1 or 2, wherein the second authentication means specifically comprises:
the bank server receives the verification information sent by the user terminal and forwards the verification information to the target remote tax office server;
verifying the verification information through the target remote tax office server;
and if the verification information passes the verification, the bank server determines that the user of the user terminal is an authorized user through the target remote tax office server.
4. The method as claimed in claim 3, wherein before the bank server receives the verification information transmitted from the user terminal and transmits the verification information to the target remote tax office server, the method further comprises:
the bank server generates first behavior watermark information according to the authentication process of the user terminal, wherein the behavior watermark information comprises at least one of the following items: source address IP, message authentication code MAC, behavior time and request content;
and determining the legality of the authentication process according to the first behavior watermark information.
5. The method of claim 4, wherein before the target remote tax office server corresponding to the target tax office invokes the tax data of the authorized user to send to the bank server, the method further comprises:
the target remote tax office server generates a behavior log according to the behavior of the user terminal and sends the behavior log to the bank server;
the bank server generates second behavior watermark information of the user terminal according to the behavior log;
and the bank server matches the first behavior watermark information with the second behavior watermark information and determines that the first behavior watermark information is successfully matched with the second behavior watermark information.
6. The method according to any one of claims 1-5, further comprising:
the bank server acquires user terminal behavior data of the target remote tax office server, wherein the user terminal behavior data comprises first-level behavior data and second-level behavior data of at least one user terminal;
obtaining an authentication mode loss rate (1-second-level behavior data/first-level behavior data) × 100% according to the first-level behavior data and the second-level behavior data;
and if the authentication mode loss rate is greater than the preset authentication mode loss rate, generating an optimization suggestion and sending the optimization suggestion to the target remote tax office server, wherein the optimization suggestion is used for optimizing and adjusting the authentication mode of the target tax office corresponding to the target remote tax office server.
7. The method according to any one of claims 1-6, wherein the target tax office information includes a location of the target tax office, and the obtaining the authentication of the target tax office based on the target tax office information comprises:
determining whether the target tax office is in a first class area according to the location of the target tax office, wherein the first class area is a first-class administrative area with economic capacity reaching a first preset threshold;
if not, the authentication mode corresponding to the target tax bureau is the first authentication mode;
if so, acquiring the use probabilities of the tax authorities in the primary administrative region range for the first authentication mode and the second authentication mode, and determining the authentication mode with the high use probability as the authentication mode corresponding to the target tax authority; or
Determining whether the target tax office is located in a second type area in the first type area according to the location of the target tax office, wherein the second type area is a secondary administrative area with economic capacity reaching a second preset threshold, and the management range of the secondary administrative area is smaller than that of the primary administrative area;
if so, the authentication mode corresponding to the target tax office is a second authentication mode;
and if not, the authentication mode corresponding to the target tax bureau is the first authentication mode.
8. An authentication and authorization device applied to a bank server, wherein the bank server is connected with at least one remote tax bureau server, the device comprising:
the receiving unit is used for receiving a tax data acquisition request sent by a user terminal by the bank server, wherein the tax data acquisition request comprises target tax bureau information;
the acquiring unit is used for acquiring an authentication mode of a target tax office by the bank server according to the target tax office information, wherein the authentication mode comprises a first authentication mode or a second authentication mode, the first authentication mode is local authentication of the bank server, and auxiliary authentication of a remote tax office server, and the second authentication mode is remote tax office server authentication;
a determining unit, configured to determine whether a user of the ue is an authorized user according to an authentication process corresponding to the authentication manner;
and the calling unit is used for calling the tax data of the authorized user from the target remote tax office server corresponding to the target tax office and sending the tax data to the bank server if the user of the user terminal is the authorized user.
9. An authentication and authorization apparatus, the apparatus comprising:
the system comprises a processor, a memory and a communication interface, wherein the processor, the memory and the communication interface are connected with each other and complete the communication work among the processors;
the memory having stored thereon executable program code, the communication interface for wireless communication;
the processor is configured to retrieve the executable program code stored on the memory and execute the method of any of claims 1-7.
10. A computer-readable storage medium, in which a computer program for electronic data exchange is stored, the computer program comprising execution instructions for performing the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110499555.5A CN113269624A (en) | 2021-05-08 | 2021-05-08 | Authentication and authorization method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110499555.5A CN113269624A (en) | 2021-05-08 | 2021-05-08 | Authentication and authorization method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113269624A true CN113269624A (en) | 2021-08-17 |
Family
ID=77230165
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110499555.5A Pending CN113269624A (en) | 2021-05-08 | 2021-05-08 | Authentication and authorization method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113269624A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116957823A (en) * | 2023-09-18 | 2023-10-27 | 天津金城银行股份有限公司 | Tax bank authentication monitoring method, apparatus, computer device and storage medium |
| WO2024067046A1 (en) * | 2022-09-26 | 2024-04-04 | 华为技术有限公司 | Communication method and apparatus |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106529979A (en) * | 2016-12-05 | 2017-03-22 | 深圳微众税银信息服务有限公司 | Enterprise identity authentication method and system |
| CN111292174A (en) * | 2020-01-21 | 2020-06-16 | 腾讯科技(深圳)有限公司 | Tax payment information processing method and device and computer readable storage medium |
-
2021
- 2021-05-08 CN CN202110499555.5A patent/CN113269624A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106529979A (en) * | 2016-12-05 | 2017-03-22 | 深圳微众税银信息服务有限公司 | Enterprise identity authentication method and system |
| CN111292174A (en) * | 2020-01-21 | 2020-06-16 | 腾讯科技(深圳)有限公司 | Tax payment information processing method and device and computer readable storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024067046A1 (en) * | 2022-09-26 | 2024-04-04 | 华为技术有限公司 | Communication method and apparatus |
| CN116957823A (en) * | 2023-09-18 | 2023-10-27 | 天津金城银行股份有限公司 | Tax bank authentication monitoring method, apparatus, computer device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2022200068B2 (en) | Telecommunication system and method for settling session transactions | |
| CN110692228B (en) | Method and equipment for protecting transaction activity sensitive data based on intelligent contracts in blockchain | |
| EP3073670B1 (en) | A system and a method for personal identification and verification | |
| US11849051B2 (en) | System and method for off-chain cryptographic transaction verification | |
| CN111327564B (en) | Access method and device for alliance chain | |
| CN110535807B (en) | Service authentication method, device and medium | |
| CN110633963A (en) | Electronic bill processing method, electronic bill processing device, computer-readable storage medium and equipment | |
| CN112567716B (en) | Secure data transmission system and method | |
| CN110084600B (en) | Processing and verifying method, device, equipment and medium for resolution transaction request | |
| WO2020211252A1 (en) | Security management method and apparatus for open platform, and computer device and storage medium | |
| CN111292174A (en) | Tax payment information processing method and device and computer readable storage medium | |
| CN113269624A (en) | Authentication and authorization method and device | |
| WO2019178440A1 (en) | System and method for securing private keys behind a biometric authentication gateway | |
| US20240289775A1 (en) | Post-Provisioning Authentication Protocols | |
| CN110634072A (en) | Block chain transaction system based on multiple tags and hardware encryption and operation mechanism thereof | |
| KR101876672B1 (en) | Digital signature method using block chain and system performing the same | |
| US11362806B2 (en) | System and methods for recording codes in a distributed environment | |
| KR101360843B1 (en) | Next Generation Financial System | |
| US20240086575A1 (en) | Method and a system for processing transactions between entities | |
| US11677552B2 (en) | Method for preventing misuse of a cryptographic key | |
| US20240064015A1 (en) | Compliance Platform for use with Identity Data | |
| CN109658100B (en) | System and method for determining downlink digital assets |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |