CN113468515A

CN113468515A - User identity authentication method and device, electronic equipment and storage medium

Info

Publication number: CN113468515A
Application number: CN202110789126.1A
Authority: CN
Inventors: 李龙
Original assignee: Futuo Network Technology Shenzhen Co ltd
Current assignee: Futuo Network Technology Shenzhen Co ltd
Priority date: 2021-07-13
Filing date: 2021-07-13
Publication date: 2021-10-01

Abstract

The application discloses a user identity authentication method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: receiving a verification code acquisition request sent by a client, wherein the verification code acquisition request carries user information of a user, the user information comprises user identification and/or current electronic equipment information operated by the user, acquiring a risk evaluation result of the user according to the user information, and sending verification information according to the risk evaluation result, wherein the verification information comprises any one of indication information of successful sending of a short message verification code and the short message verification code, a graphic verification code and indication information of successful sending of the short message verification code. Therefore, different verification information can be sent according to different risk assessment results to verify the identity of the user, and the safety of user identity verification is improved.

Description

User identity authentication method and device, electronic equipment and storage medium

Technical Field

The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for user authentication, an electronic device, and a storage medium.

Background

With the development of internet technology, many websites and Applications (APPs) widely use short message verification codes (sms) to perform user identity verification, and the sms verification codes have become the most important authentication means at present because of their convenience and easy use and wide coverage.

In the existing short message verification code verification method, after a user triggers a short message verification code acquisition request through a client, if the verification code input by the user is not received within a preset time (such as 60S), the verification is determined to be failed.

However, in a preset time, only the mobile phone number of the user needs to be acquired, and an illegal user can send an incorrect verification code to the corresponding mobile phone number by calling the simulation interface, so that harassment is caused to the user, or the illegal user tries to crack the information of the user in a script code mode. Therefore, the short message verification code verification method is low in safety.

Disclosure of Invention

The application provides a user identity verification method, a user identity verification device, electronic equipment and a storage medium, and aims to solve the problem that an existing short message verification code verification method is low in safety.

In a first aspect, the present application provides a user identity authentication method, including:

receiving a verification code acquisition request sent by a client, wherein the verification code acquisition request carries user information of a user, and the user information comprises user identification and/or current electronic equipment information operated by the user;

acquiring a risk evaluation result of the user according to the user information;

and sending verification information according to the risk assessment result, wherein the verification information comprises any one of the short message verification code, indication information of successful sending of the short message verification code, the graphic verification code and indication information of successful sending of the short message verification code.

In a second aspect, the present application provides a user identity authentication method, including:

responding to a verification code acquisition operation triggered by a user, and sending a verification code acquisition request to a server, wherein the verification code acquisition request carries user information of the user, and the user information comprises user identification and/or current electronic equipment information of user operation;

receiving verification information, wherein the verification information comprises a short message verification code and any one of indication information of successful sending of the short message verification code, a graphic verification code and indication information of successful sending of the short message verification code, the verification information is sent by the server according to the risk assessment result, and the risk assessment result is obtained by the server according to the user information;

and verifying according to the verification information.

In a third aspect, the present application provides a user authentication apparatus, including:

the system comprises a receiving module, a verification code acquiring module and a verification module, wherein the receiving module is used for receiving a verification code acquiring request sent by a client, the verification code acquiring request carries user information of a user, and the user information comprises user identification and/or current electronic equipment information operated by the user;

the acquisition module is used for acquiring a risk evaluation result of the user according to the user information;

and the sending module is used for sending verification information according to the risk assessment result, wherein the verification information comprises any one of a short message verification code, indication information of successful sending of the short message verification code, a graphic verification code and indication information of successful sending of the short message verification code.

In a fourth aspect, the present application provides a user authentication apparatus, including:

the system comprises a sending module, a receiving module and a processing module, wherein the sending module is used for responding to a verification code obtaining operation triggered by a user and sending a verification code obtaining request to a server, the verification code obtaining request carries user information of the user, and the user information comprises user identification and/or current electronic equipment information of the user operation;

the receiving module is used for receiving verification information, the verification information comprises a short message verification code and any one of indication information of successful sending of the short message verification code, a graphic verification code and indication information of successful sending of the short message verification code, the verification information is sent by the server according to the risk assessment result, and the risk assessment result is obtained by the server according to the user information;

and the verification module is used for verifying according to the verification information.

In a third aspect, the present application provides a server, comprising:

a processor; and

a memory for storing executable instructions of the processor;

wherein the processor is configured to perform the user authentication method of the first aspect or any of the possible implementations of the first aspect via execution of the executable instructions.

In a fourth aspect, the present application provides an electronic device comprising:

a processor; and

a memory for storing executable instructions of the processor;

wherein the processor is configured to execute the user authentication method of the second aspect or any of the possible embodiments of the second aspect via execution of the executable instructions.

In a fifth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the user identity authentication method described in the first aspect or any of the possible embodiments of the second aspect.

According to the user identity verification method, the device, the electronic equipment and the storage medium, when a verification code acquisition request which is sent by a client and carries user information of a user is received, wherein the user information comprises user identification and/or current electronic equipment information operated by the user, a risk evaluation result of the user is acquired according to the user information, namely the risk level of the user can be identified according to the user information, for example, a normal user and an illegal user can be identified, the verification information is sent according to the risk evaluation result, the verification information corresponding to different risk evaluation results is different, and the verification information can be any one of indication information indicating that the short message verification code and the short message verification code are successfully sent, graphic verification code and indication information indicating that the short message verification code is successfully sent. Therefore, different verification information can be sent according to different risk assessment results to verify the identity of the user, an illegal user can be prevented from trying to crack the information of the user in a script code mode, the operation of swiping a short message verification code by the illegal user can be reduced, the user can be prevented from being disturbed, and the safety of user identity verification is improved.

Drawings

Fig. 1 is a schematic view of an application scenario of a user identity authentication method according to an embodiment of the present application;

fig. 2 is an interaction flowchart of a user identity authentication method according to an embodiment of the present application;

fig. 3 is a schematic diagram of a countdown page for inputting a verification code in a user identity verification method according to an embodiment of the present application;

fig. 4 is an interaction flowchart of a user identity authentication method according to an embodiment of the present application;

fig. 5 is a schematic diagram illustrating a client displaying indication information for indicating that a request frequency exceeds a threshold according to an embodiment of the present application;

fig. 6 is an interaction flowchart of a user identity authentication method according to an embodiment of the present application;

fig. 7 is an interaction flowchart of a user authentication method according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a user authentication device according to an embodiment of the present application;

fig. 9 is a schematic structural diagram of a user authentication device according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of a server according to an embodiment of the present application;

fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings. The embodiments described below with reference to the drawings are exemplary and intended to be used for explaining the present application and should not be construed as limiting the present application.

The terms "first" and "second," and the like in the description, the claims, and the drawings of the embodiments of the present application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or electronic device that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or electronic device.

In this application, the terms "exemplary" or "such as" are used to indicate that any embodiment or aspect described as "exemplary" or "such as" in this application is not to be construed as preferred or advantageous over other embodiments or aspects. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.

In the embodiments of the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural.

In order to solve the problem of low security of the existing short message verification code verification method, embodiments of the present application provide a user identity verification method, an apparatus, an electronic device, and a storage medium, wherein when receiving a verification code acquisition request carrying user information of a user sent by a client, the user information includes a user identifier and/or current electronic device information operated by the user, a risk assessment result of the user is first obtained according to the user information, i.e., a risk level of the user, such as a normal user and an illegal user, can be identified according to the user information, verification information is sent according to the risk assessment result, verification information corresponding to different risk assessment results is different, and the verification information may be any one of indication information indicating that the short message verification code and the short message verification code are successfully sent, a graphic verification code, and indication information indicating that the short message verification code is successfully sent, when the verification information is the short message verification code and indication information that the short message verification code is successfully sent, the normal short message verification code verification process is performed, namely the server sends the short message verification code to a mobile phone number corresponding to the user identification and sends the indication information that the short message verification code is successfully sent to the client; when the verification information is a graphic verification code, user operation is required to complete verification, and an illegal user is prevented from trying to crack the information of the user in a script code mode; when the verification information is indication information that the short message verification code is successfully sent, the server only sends the indication information that the short message verification code is successfully sent to the client (the short message verification code is not actually sent to the mobile phone number corresponding to the user identifier), so that an illegal user can think that the short message verification code is successfully sent, mislead the illegal user, reduce the operation of the illegal user for swiping the short message verification code, and avoid harassment to the user. Therefore, different verification information can be sent according to different risk assessment results to verify the identity of the user, and the safety of user identity verification is improved. The technical solution provided by the present application is described in detail below with reference to the accompanying drawings.

Next, an application scenario according to an embodiment of the present application will be described as an example.

The user identity authentication method provided by the embodiment of the application can be applied to the following application scenarios, which are described below with reference to the accompanying drawings.

The user identity authentication method provided by the embodiment of the application can be applied to a scene that a website or an APP performs user identity authentication in a mode of using a short message authentication code, for example, a scene that a user logs in a website or an APP through the short message authentication code. Taking APP as an example, fig. 1 is an application scenario schematic diagram of a user identity verification method provided in an embodiment of the present application, as shown in fig. 1, a user login interface is provided for a client, the user login interface includes a mobile phone number input box, after a user inputs a mobile phone number of the user, the client interface displays a short message verification code acquisition button, the user can perform identity verification by clicking the short message verification code acquisition button, the user clicks the verification code acquisition button, that is, the user triggers a short message verification code acquisition operation, the client sends a verification code acquisition request to a server in response to the verification code acquisition operation triggered by the user, and then, the server and the client execute the user identity verification method provided in the embodiment of the present application to complete user identity verification.

It should be noted that the scenario shown in fig. 1 is merely an example, and may also be applied to a scenario in which a user logs in through a website.

The following describes the technical solutions of the present application and how to solve the above technical problems with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.

Fig. 2 is an interaction flowchart of a user identity authentication method provided in an embodiment of the present application, and as shown in fig. 2, the method of the embodiment may include:

s101, the client side responds to verification code obtaining operation triggered by a user and sends a verification code obtaining request to the server, the verification code obtaining request carries user information of the user, and the user information comprises user identification and/or current electronic equipment information operated by the user.

Specifically, the operation that the user clicks an authentication code acquisition button on a user login interface displayed by the client is that the user triggers an authentication code acquisition operation, and the client sends an authentication code acquisition request to the server in response to the authentication code acquisition operation triggered by the user. The server here may be a business server corresponding to the client.

Optionally, when the user triggers an authentication code obtaining operation, and the client sends an authentication code obtaining request to the server in response to the authentication code obtaining operation triggered by the user, the method may further include: a countdown page for inputting the verification code is displayed on the current interface, for example, the countdown is 60S, fig. 3 is a schematic view of the countdown page for inputting the verification code in the user identity verification method provided in the embodiment of the present application, as shown in fig. 3, if the user does not receive the verification code, the user may also select to click a button for retransmitting the verification code, and optionally, the user may also select to log in by using a "mobile phone number password", and may also select to log in by other manners.

The user information includes a user identifier and/or current electronic device information operated by the user, that is, the user information includes the user identifier, or the user information includes the current electronic device information operated by the user, or the user information includes the user identifier and the current electronic device information operated by the user. The user identification can be a mobile phone number or an account number, and if the user identification is the account number, the server can pre-store the corresponding relation between the user account number and the mobile phone number.

And S102, the server acquires a risk evaluation result of the user according to the user information.

Specifically, as an implementable manner, the obtaining, by the server, the risk assessment result of the user according to the user information may include:

and S1021, determining a target risk index according to the user information.

Specifically, the user information includes a user identifier, or the user information includes current electronic device information operated by the user, or the user information includes the user identifier and the current electronic device information operated by the user.

Accordingly, the risk assessment result of the user is obtained according to the user information, and the following three implementable modes are provided:

in a first mode, if the user information comprises a user identifier, determining a target risk index according to the user identifier.

Specifically, in an implementable manner, determining a target risk index according to the user identifier may specifically be: if the user identification is found from a pre-stored blacklist, determining that the first risk index is a first preset value; and if the user identification is not found in the pre-stored blacklist, determining that the first risk index is a second preset value.

And determining the second risk index according to the current electronic equipment information if the user information comprises the current electronic equipment information operated by the user.

Specifically, in an implementable manner, the target risk index of the user may be determined according to a matching degree between the current electronic device information and the electronic device information carried in the last received verification code acquisition request.

The current electronic device information operated by the user may include electronic device attribute information and/or network information used by the electronic device, where the electronic device attribute information is attribute information of the electronic device operated by the user, for example, the electronic device attribute information may include at least one of a model of the electronic device, a remaining amount of power of the electronic device, a remaining memory of the electronic device, and data currently detected by a sensor in the electronic device, the remaining memory of the electronic device may be a remaining active memory of the electronic device, and the remaining memory of the electronic device may be replaced with an active memory already used by the electronic device. Among other things, sensors within an electronic device may include pressure sensors, gyroscope sensors, magnetic sensors (e.g., magnetometers), acceleration sensors, distance sensors, proximity light sensors, fingerprint sensors, temperature sensors, touch sensors, and ambient light sensors. The data detected by the pressure sensor is a pressure value, the data detected by the gyroscope sensor is angular velocities in different directions, the data detected by the magnetic sensor is magnetic induction intensities in different directions, the data detected by the acceleration sensor is accelerations in different directions, the data detected by the distance sensor is, for example, the distance between the electronic device and a user, the data detected by the proximity light sensor is, for example, a screen brightness value set by the electronic device, the data detected by the fingerprint sensor is a fingerprint of the user, the data detected by the temperature sensor is, for example, the temperature of the electronic device or the temperature of an environment in which the electronic device is located, the data detected by the touch sensor is, for example, the area of a display screen in which the user touches the electronic device, and the data detected by the ambient light sensor is, for example, the brightness value of the environment in which the electronic device is located. It is understood that the sensor in the electronic device may also include other sensors, which are not limited by the embodiments of the present application.

Specifically, when the attribute information of the electronic device is the model of the electronic device, according to the matching degree between the current electronic device information and the electronic device information carried in the last received verification code acquisition request, whether the model of the electronic device in the current electronic device information is the same as the model of the electronic device in the electronic device information carried in the last received verification code acquisition request is judged, if so, the target risk index of the user is determined to be a first value, and if not, the target risk index of the user is determined to be a second value, wherein the first value is smaller than the second value.

When the attribute information of the electronic device is the remaining power of the electronic device, determining a matching degree between the current remaining power and the remaining power when the verification code acquisition request was received last time, where the matching degree may be determining whether a ratio of a difference between the current remaining power and the remaining power when the verification code acquisition request was received last time to time when the verification code acquisition request was received twice is within a preset range, where the preset range may be a normal power consumption ratio of the electronic device, and if the difference is within the preset range, determining that a target risk index of the user is a first value, and if the difference is not within the preset range, determining that the target risk index of the user is a second value, where the first value is smaller than the second value.

When the attribute information of the electronic device is the remaining memory of the electronic device, determining a matching degree between the current remaining memory and the remaining memory when the verification code acquisition request was received last time, which may be determining whether a difference between the current remaining memory and the remaining memory when the verification code acquisition request was received last time is within a preset range, where the preset range may be 0 or an average value of memories occupied by various APPs, if the difference is within the preset range, determining that a target risk index of the user is a first value, and if the difference is not within the preset range, determining that the target risk index of the user is a second value, where the first value is smaller than the second value.

When the attribute information of the electronic device is data currently detected by a sensor in the electronic device, according to the matching degree between the current electronic device information and electronic device information carried in a last verification code acquisition request received, different preset ranges may be set for determining the matching degree between the data currently detected by the sensor and the data detected when the verification code acquisition request was received last time, specifically, different preset ranges may be set for the data detected by different sensors, it is determined whether a difference between the data currently detected by the sensor and the data detected when the verification code acquisition request was received last time is within the preset range, if so, the target risk index of the user is determined to be a first value, and if not, the target risk index of the user is determined to be a second value, where the first value is smaller than the second value.

The network information used by the electronic device may be an IP address of a network currently used by the electronic device. Correspondingly, according to the matching degree between the current electronic device information and the electronic device information carried in the last verification code acquisition request received, whether the current IP address is the same as the IP address at the time of last verification code acquisition request received may be determined, if so, the target risk index of the user is determined to be a first value, and if not, the target risk index of the user is determined to be a second value, where the first value is smaller than the second value. Since the forged IP address of the illegal user is inconsistent with the actual IP address when the illegal user is simulated through the script, the illegal user can be identified.

And determining the first risk index according to the user identification if the user information comprises the user identification and the current electronic equipment information operated by the user, determining the second risk index according to the current electronic equipment information, and determining a target risk index according to the first risk index and the second risk index.

Specifically, the first risk index may be determined according to the user identifier in an implementable manner in the first manner, and the second risk index may be determined according to the current electronic device information in an implementable manner in the second manner.

Determining a target risk index according to the first risk index and the second risk index, which may be obtained by performing weighted average on the first risk index and the second risk index, or may be obtained by summing a preset weight of the first risk index and a preset weight of the second risk index, for example, the weight of the first risk index is a, the weight of the second risk index is B, and the target risk index is the first risk index a + the second risk index B.

S1022, if the value of the target risk index belongs to a first interval, determining that the risk evaluation result of the user is a first preset result; if the value of the target risk index belongs to a second interval, determining the risk evaluation result of the user as a second preset result; and if the value of the target risk index belongs to a third interval, determining that the risk evaluation result of the user is a third preset result.

Specifically, for example, the first preset result, the second preset result, and the third preset result are no risk, low risk, and high risk, respectively, or according to the risk level, for example, the first preset result, the second preset result, and the third preset result are risk level one, risk level two, and risk level three, respectively, and the higher the level is, the higher the risk is. Alternatively, the risk index may be a probability of determining that the user is an illegitimate user.

For example, the risk index may be divided into three preset intervals, for example, three intervals are divided by a probability of 0-1, the first interval is [0,0.2], the second interval is (0.2,0.65], and the third interval is (0.65,1 ]. according to the value of the target risk index and the preset interval, the risk assessment result of the user may be determined.

S103, the server sends verification information according to the risk assessment result, wherein the verification information comprises the short message verification code and any one of indication information of successful sending of the short message verification code, the graphic verification code and the indication information of successful sending of the short message verification code.

Specifically, the server sends verification information according to the risk assessment result, the verification information corresponding to different risk assessment results is different, and the verification information can be any one of indication information of successful sending of the short message verification code and the short message verification code, a graph verification code and indication information of successful sending of the short message verification code, wherein when the verification information is the indication information of successful sending of the short message verification code and the short message verification code, a normal short message verification code verification process is adopted, namely the server sends the short message verification code to a mobile phone number corresponding to the user identifier and sends the indication information of successful sending of the short message verification code to the client; when the verification information is a graphic verification code, user operation is required to complete verification, and an illegal user is prevented from trying to crack the information of the user in a script code mode; when the verification information is indication information that the short message verification code is successfully sent, the server only sends the indication information that the short message verification code is successfully sent to the client (the short message verification code is not actually sent to the mobile phone number corresponding to the user identifier), so that an illegal user can think that the short message verification code is successfully sent, mislead the illegal user, reduce the operation of the illegal user for swiping the short message verification code, and avoid harassment to the user.

And S104, after receiving the verification information, the client performs verification according to the verification information.

Specifically, for the three kinds of verification information, the client performs different verifications, and when the verification information is the short message verification code and indication information that the short message verification code is successfully sent, the normal short message verification code verification process is performed, that is, the server sends the short message verification code to the mobile phone number corresponding to the user identifier and sends the indication information that the short message verification code is successfully sent to the client, the client displays the indication information that the short message verification code is successfully sent on the current interface, if the verification code is sent, the user inputs the verification code on the current interface displayed on the client after receiving the short message verification code, if the verification code is input in the input verification code indication frame shown in fig. 1, the client performs verification according to the received verification code input by the user, if the user is determined to input the correct verification code, the verification is passed, otherwise, the verification is not passed.

When the verification information is the graphic verification code, the client displays the graphic verification code, identity verification is carried out on the user according to the operation of the user, the specific format of the graphic verification code is not limited in the embodiment of the application, the user operation is required to carry out the authenticity verification, if the user operation meets the preset graphic verification requirement, the verification is passed, and otherwise, the verification is not passed.

When the verification information is indication information indicating that the short message verification code is successfully sent, the client does not need to perform further verification, under the condition that the user is identified to be a user (such as an illegal user) with a higher risk level, the short message verification code is not actually sent to the mobile phone number corresponding to the user identifier, the illegal user can think that the short message verification code is successfully sent, the illegal user is misled, the operation of swiping the short message verification code by the illegal user is reduced, and the user can be prevented from being harassed.

In the user identity verification method provided by this embodiment, when a verification code acquisition request carrying user information of a user is received, where the user information includes a user identifier and/or current electronic device information operated by the user, a risk assessment result of the user is acquired according to the user information, that is, a risk level of the user can be identified according to the user information, for example, a normal user and an illegal user can be identified, verification information is transmitted according to the risk assessment result, verification information corresponding to different risk assessment results is different, and the verification information may be any one of indication information indicating that a short message verification code and a short message verification code are successfully transmitted, a graphic verification code, and indication information indicating that a short message verification code is successfully transmitted. Therefore, different verification information can be sent according to different risk assessment results to verify the identity of the user, an illegal user can be prevented from trying to crack the information of the user in a script code mode, the operation of swiping a short message verification code by the illegal user can be reduced, the user can be prevented from being disturbed, and the safety of user identity verification is improved.

Fig. 4 is an interaction flowchart of a user identity authentication method provided in the embodiment of the present application, as shown in fig. 4, on the basis of the method shown in fig. 2, optionally, S103 may include:

and S1031, if the risk evaluation result is a first preset result, the server sends a short message verification code to the mobile phone number corresponding to the user identification, and sends indication information of successful sending of the short message verification code to the client.

Specifically, for example, if the first preset result is no risk, the method enters a normal short message verification code verification process, sends a short message verification code to a mobile phone number corresponding to the user identifier, and sends an indication message that the short message verification code is successfully sent to the client, the client displays the indication message that the short message verification code is successfully sent on the current interface, if the verification code is sent, the user inputs the verification code on the current interface displayed on the client after receiving the short message verification code, if the verification code is input in an input verification code indication frame shown in fig. 1, the client performs verification according to the received verification code input by the user, if it is determined that the user inputs a correct verification code, the verification is passed, otherwise, the verification is not passed.

S1032, if the risk assessment result is a second preset result, the server sends the graphical verification code to the client, and the graphical verification code is used for the client to perform identity verification on the user according to the operation of the user.

Specifically, for example, if the second preset result is low risk, the server sends the graphical verification code to the client, the client displays the graphical verification code, performs identity verification on the user according to the user operation, if the user operation meets the preset graphical verification requirement, the verification is passed, otherwise, the verification is not passed.

And S1033, if the risk assessment result is a third preset result, sending indication information that the short message verification code is successfully sent to the client.

For example, if the third preset result is high risk, and in this case, the user is identified as a user with a higher risk level (e.g., an illegal user), sending an indication that the short message verification code is successfully sent to the client, and actually not sending the short message verification code to the mobile phone number corresponding to the user identifier, the illegal user can consider that the short message verification code is successfully sent, mislead the illegal user, reduce the operation of swiping the short message verification code by the illegal user, and avoid harassment to the user.

In the embodiment shown in fig. 2 or fig. 4, optionally, the method may further include:

s105, the server counts the request times of the verification code acquisition request received in the preset time.

And S106, if the request times are larger than or equal to a preset threshold, sending a graphic verification code to the client, or sending indication information for indicating that the request frequency exceeds the threshold to the client.

Specifically, in a case where it is determined that the request frequency of the request for obtaining the verification code is high, that is, it is determined that the request frequency is greater than or equal to a preset threshold, for example, 2 pieces in 2 minutes cannot be exceeded, if it is determined that the request frequency is greater than or equal to the preset threshold, the graphical verification code may be sent to the client to perform user authenticity verification, or indication information indicating that the request frequency exceeds the threshold is sent to the client, for example, the indication information is "the verification code request is too frequent, please try again later".

The method comprises the steps that when a client receives a graphical verification code, the graphical verification code is displayed, the user is authenticated according to user operation, and when the client receives indication information used for indicating that request frequency exceeds a threshold value, the indication information used for indicating that the request frequency exceeds the threshold value is displayed on a current interface.

Exemplarily, fig. 5 is a schematic diagram of a client displaying indication information for indicating that a request frequency exceeds a threshold according to an embodiment of the present application, and as shown in fig. 5, the indication information displayed on a current interface by the client for indicating that the request frequency exceeds the threshold is "the request for the verification code is too frequent, please try again later". It should be noted that fig. 5 is only an example.

Fig. 6 is an interaction flowchart of a user identity authentication method provided in an embodiment of the present application, as shown in fig. 6, in the method of this embodiment, based on the method shown in fig. 2 or fig. 4, optionally, based on the method shown in fig. 4, the S102 server obtains a risk assessment result of the user according to the user information, where the server may invoke the security server, so that the security server determines the risk assessment result of the user according to the user information, and sends the determined risk assessment result of the user to the server, which is described in detail below with reference to fig. 6, and for convenience of distinction, in this embodiment, the server in the embodiment shown in fig. 2 or fig. 4 is referred to as a service server, and specifically, the method in this embodiment may include:

s201, the client side responds to verification code obtaining operation triggered by a user and sends a verification code obtaining request to the service server, and the verification code obtaining request carries user information of the user.

Specifically, the user information includes user identification and/or current electronic device information operated by the user.

S202, the service server invokes the security server, which may specifically be sending an authentication code acquisition request to the security server.

S203, the security server determines the risk assessment result of the user according to the user information.

Specifically, as an implementable manner, the security server obtains the risk assessment result of the user according to the user information, and the manner shown in S1021-S1022 may be adopted, and the detailed process is referred to the content described in S1021-S1022, which is not described herein again.

And S204, the security server sends the risk assessment result of the user to the service server.

S2051, if the risk assessment result is a first preset result, the service server sends a short message verification code to the mobile phone number corresponding to the user identification, and sends indication information of successful sending of the short message verification code to the client.

S2052, if the risk assessment result is a second preset result, the business server sends the graphical verification code to the client, and the graphical verification code is used for the client to verify the identity of the user according to the operation of the user.

And S2053, if the risk assessment result is a third preset result, sending indication information that the short message verification code is successfully sent to the client.

And S206, the client side carries out verification according to the verification information.

In the above embodiment, if the user identifier is a mobile phone number, if the mobile phone number carried in the verification code obtaining request is abnormal, for example, the format is incorrect, the service server sends indication information of the abnormal mobile phone number to the client.

A detailed process of the user authentication method provided by the present application is described below with reference to a specific embodiment, where a service server is taken as an example of a wind control system in the present embodiment.

Fig. 7 is an interaction flowchart of a user identity authentication method provided in an embodiment of the present application, and as shown in fig. 7, the method of the present embodiment may include:

s301, the client side responds to the verification code obtaining operation triggered by the user and sends a verification code obtaining request to the service server, and the verification code obtaining request carries user information of the user.

Specifically, the user information includes a user identifier and/or current electronic device information operated by the user, where the user identifier is, for example, a mobile phone number in this embodiment.

S302, the service server sends a verification code acquisition request to the wind control system.

And S303, the wind control system sends the user identification carried by the verification code acquisition request to the anti-brushing system.

Specifically, the anti-brushing system prestores a blacklist, and if the anti-brushing system finds the user identifier from the prestored blacklist, the first risk index is determined to be a first preset value; and if the user identification is not found in a pre-stored blacklist, determining that the first risk index is a second preset value.

S304, the anti-brushing system sends a first risk index to the wind control system.

S305, the wind control system determines a second risk index according to the current electronic equipment information.

Specifically, in an implementable manner, the second risk index may be determined according to a matching degree between the current electronic device information and the electronic device information carried in the last received verification code acquisition request.

For a specific process of determining the second risk index, reference may be made to the description in the second mode in the above embodiment, and details are not repeated here.

S306, the wind control system determines a target risk index according to the first risk index and the second risk index, and determines a risk evaluation result according to the target risk index.

Specifically, the target risk index is determined according to the first risk index and the second risk index, the target risk index may be obtained by performing weighted average on the first risk index and the second risk index, or the target risk index may be obtained by summing a preset weight of the first risk index and a preset weight of the second risk index, for example, the weight of the first risk index is a, the weight of the second risk index is B, and the target risk index is the first risk index a + the second risk index B.

If the value of the target risk index belongs to a first interval, determining that the risk evaluation result of the user is risk-free; if the value of the target risk index belongs to a second interval, determining that the risk evaluation result of the user is low risk; and if the value of the target risk index belongs to a third interval, determining that the risk evaluation result of the user is high risk.

And S307, the wind control system sends a risk assessment result to the service server.

And S308, when the risk evaluation result shows that no risk exists, the service server performs a normal short message verification code verification process, sends a short message verification code to the mobile phone number corresponding to the user identifier, and sends indication information of successful short message verification code sending to the client.

S309, the client displays indication information of successful sending of the short message verification code.

And S310, when the risk evaluation result is low risk, the business server sends the graphic verification code to the client.

And S311, the client displays the graphic verification code and verifies according to the user operation.

And S312, when the risk evaluation result is high risk, the service server sends the indication information that the short message verification code is successfully sent to the client, and actually does not send the short message verification code to the mobile phone number corresponding to the user identification.

The following are embodiments of the apparatus of the present application that may be used to perform the above-described embodiments of the method of the present application. For details which are not disclosed in the embodiments of the apparatus of the present application, reference is made to the embodiments of the method described above in the present application.

Fig. 8 is a schematic structural diagram of a user authentication device according to an embodiment of the present application, and as shown in fig. 8, the device according to the embodiment may include: the system comprises a receiving module 11, an obtaining module 12 and a sending module 13, wherein the receiving module 11 is configured to receive a verification code obtaining request sent by a client, the verification code obtaining request carries user information of a user, and the user information includes a user identifier and/or current electronic device information of a user operation;

the obtaining module 12 is configured to obtain a risk assessment result of the user according to the user information;

the sending module 13 is configured to send verification information according to the risk assessment result, where the verification information includes any one of a short message verification code, indication information that the short message verification code is successfully sent, a graphic verification code, and indication information that the short message verification code is successfully sent.

Optionally, the obtaining module 12 is configured to invoke a security server, so that the security server determines a risk assessment result of the user according to the user information;

the receiving module 11 is further configured to receive a risk assessment result of the user sent by the security server.

Optionally, the obtaining module 12 is configured to determine a target risk index according to the user information;

if the value of the target risk index belongs to a first interval, determining that the risk evaluation result of the user is a first preset result;

if the value of the target risk index belongs to a second interval, determining the risk evaluation result of the user as a second preset result;

and if the value of the target risk index belongs to a third interval, determining that the risk evaluation result of the user is a third preset result.

Optionally, if the user information includes a user identifier and the current electronic device information, the obtaining module 12 is configured to determine the first risk index according to the user identifier;

determining the second risk index according to the current electronic equipment information;

determining a target risk index from the first risk index and the second risk index.

Optionally, the obtaining module 12 is specifically configured to determine that the first risk index is a first preset value if the user identifier is found in a pre-stored blacklist;

and if the user identification is not found in the pre-stored blacklist, determining that the first risk index is a second preset value.

Optionally, the obtaining module 12 is specifically configured to determine the second risk index of the user according to the matching degree between the current electronic device information and the electronic device information carried in the last received verification code obtaining request.

Optionally, the electronic device information includes electronic device attribute information and/or network information used by the electronic device;

the electronic equipment attribute information comprises at least one of the type of the electronic equipment, the residual electric quantity of the electronic equipment, the residual memory of the electronic equipment and data currently detected by a sensor in the electronic equipment.

Optionally, the sending module 13 is configured to send a short message verification code to the mobile phone number corresponding to the user identifier and send indication information that the sending of the short message verification code is successful to the client if the risk assessment result is a first preset result;

if the risk assessment result is a second preset result, sending the graphical verification code to the client, wherein the graphical verification code is used for the client to verify the identity of the user according to the operation of the user;

and if the risk evaluation result is a third preset result, sending indication information of successful short message verification code sending to the client.

Optionally, the sending module 13 is further configured to: counting the request times of a verification code acquisition request received within preset time;

and if the request times are larger than or equal to a preset threshold value, sending a graphic verification code to the client, or sending indication information for indicating that the request frequency exceeds the threshold value to the client.

The apparatus provided in the embodiment of the present application may implement the method embodiment, and specific implementation principles and technical effects thereof may be referred to the method embodiment, which is not described herein again.

Fig. 9 is a schematic structural diagram of a user authentication device according to an embodiment of the present application, and as shown in fig. 9, the device according to the embodiment may include: a sending module 21, a receiving module 22 and an authentication module 23,

the sending module 21 is configured to send a verification code obtaining request to a server in response to a verification code obtaining operation triggered by a user, where the verification code obtaining request carries user information of the user, and the user information includes a user identifier and/or current electronic device information of the user operation;

the receiving module 22 is configured to receive verification information, where the verification information includes a short message verification code and any one of indication information that the short message verification code is successfully sent, a graphic verification code and indication information that the short message verification code is successfully sent, the verification information is sent by the server according to the risk assessment result, and the risk assessment result is obtained by the server according to the user information;

the verification module 23 is configured to perform verification according to the verification information.

Optionally, the receiving module 22 is configured to: receiving indication information that the short message verification code sent by the server is successfully sent when the risk assessment result is determined to be a first preset result, and receiving the short message verification code input by a user; alternatively, the first and second electrodes may be,

receiving a graphical verification code sent by the server when the risk assessment result is determined to be a second preset result, wherein the graphical verification code is used for the client to verify the identity of the user according to the operation of the user;

and receiving indication information of successful transmission of the short message verification code, which is transmitted by the server when the risk evaluation result is determined to be a third preset result.

Optionally, the receiving module 22 is further configured to: and receiving the graphic verification code sent by the server when the request times are determined to be greater than or equal to a preset threshold value or indication information used for indicating that the request frequency exceeds the threshold value, wherein the request times are the times of verification code acquisition requests received in preset time.

It should be noted that the division of the modules of the above apparatus is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the processing module may be a processing element separately set up, or may be implemented by being integrated in a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and a function of the processing module may be called and executed by a processing element of the apparatus. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element here may be an integrated circuit with signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.

For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when some of the above modules are implemented in the form of a processing element scheduler code, the processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor that can call program code. As another example, these modules may be integrated together, implemented in the form of a system-on-a-chip (SOC).

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions according to the embodiments of the present application are all or partially generated when the computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wirelessly (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage electronic device including one or more available media integrated servers, data centers, and the like. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.

Fig. 10 is a schematic structural diagram of a server according to an embodiment of the present application, as shown in fig. 10, an electronic device according to this embodiment may include a processor 31 and a memory 32,

the memory 32 is used for storing executable instructions of the processor 31.

The processor 31 is configured to perform the user authentication method in the above-described method embodiments via execution of executable instructions.

Alternatively, the memory 32 may be separate or integrated with the processor 31.

When the memory 32 is a device independent of the processor 31, the electronic apparatus of the present embodiment may further include:

a bus 33 for connecting the memory 32 and the processor 31.

Optionally, the electronic device of this embodiment may further include: a communication interface 34, the communication interface 34 being connectable to the processor 31 via a bus 33.

Fig. 11 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure, as shown in fig. 11, the electronic device according to the present embodiment may include a processor 41 and a memory 42,

the memory 42 is used for storing executable instructions of the processor 41.

The processor 41 is configured to perform the user authentication method in the above-described method embodiments via execution of executable instructions.

Alternatively, the memory 42 may be separate or integrated with the processor 41.

When the memory 42 is a device independent of the processor 41, the electronic apparatus of the present embodiment may further include:

a bus 43 for connecting the memory 42 and the processor 41.

Optionally, the electronic device of this embodiment may further include: a communication interface 44, the communication interface 44 being connectable to the processor 41 via a bus 43.

The present application also provides a computer-readable storage medium having stored therein computer-executable instructions, which, when run on a computer, cause the computer to perform the user authentication method as in the above embodiments.

Embodiments of the present application further provide a computer program product, which includes a computer program, and when the computer program is executed by a processor, the user authentication method in the above embodiments is implemented.

In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.

Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.

Claims

1. A method for authenticating a user, comprising:

2. The method according to claim 1, wherein the obtaining the risk assessment result of the user according to the user information comprises:

calling a security server to enable the security server to determine a risk evaluation result of the user according to the user information;

and receiving a risk assessment result of the user sent by the security server.

3. The method according to claim 1, wherein the obtaining the risk assessment result of the user according to the user information comprises:

determining a target risk index according to the user information;

4. The method of claim 3, wherein if the user information includes a user identifier and the current electronic device information, the determining a target risk index according to the user information comprises:

determining the first risk index according to the user identification;

5. The method of claim 4, wherein determining the first risk index based on the user identifier comprises:

if the user identification is found from a pre-stored blacklist, determining that the first risk index is a first preset value;

6. The method of claim 4, wherein determining a second risk index based on the current electronic device information comprises:

and determining a second risk index of the user according to the matching degree of the current electronic equipment information and the electronic equipment information carried in the last received verification code acquisition request.

7. The method according to any one of claims 1-6, wherein said sending verification information based on said risk assessment result comprises:

if the risk assessment result is a first preset result, sending a short message verification code to a mobile phone number corresponding to the user identification, and sending indication information of successful sending of the short message verification code to the client;

8. The method according to any one of claims 1-6, further comprising:

counting the request times of a verification code acquisition request received within preset time;

9. A method for authenticating a user, comprising:

and verifying according to the verification information.

10. The method of claim 9, wherein receiving authentication information comprises:

receiving indication information that the short message verification code sent by the server is successfully sent when the risk assessment result is determined to be a first preset result, and receiving the short message verification code input by a user; alternatively, the first and second electrodes may be,

11. The method according to claim 9 or 10, characterized in that the method further comprises:

and receiving the graphic verification code sent by the server when the request times are determined to be greater than or equal to a preset threshold value or indication information used for indicating that the request frequency exceeds the threshold value, wherein the request times are the times of verification code acquisition requests received in preset time.

12. A user authentication apparatus, comprising:

13. A user authentication apparatus, comprising:

14. A server, comprising:

a processor; and

a memory for storing executable instructions of the processor;

wherein the processor is configured to perform the user authentication method of any one of claims 1-8 via execution of the executable instructions.

15. An electronic device, comprising:

a processor; and

a memory for storing executable instructions of the processor;

wherein the processor is configured to perform the user authentication method of any one of claims 9-11 via execution of the executable instructions.

16. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a method for user authentication according to any one of claims 1-8 or 9-11.