CN114006749B - Security verification method, device, equipment and storage medium - Google Patents

Security verification method, device, equipment and storage medium Download PDF

Info

Publication number
CN114006749B
CN114006749B CN202111268175.7A CN202111268175A CN114006749B CN 114006749 B CN114006749 B CN 114006749B CN 202111268175 A CN202111268175 A CN 202111268175A CN 114006749 B CN114006749 B CN 114006749B
Authority
CN
China
Prior art keywords
security verification
user
verification
service
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111268175.7A
Other languages
Chinese (zh)
Other versions
CN114006749A (en
Inventor
许加帆
潘志敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Bank Co Ltd
Original Assignee
Ping An Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Bank Co Ltd filed Critical Ping An Bank Co Ltd
Priority to CN202111268175.7A priority Critical patent/CN114006749B/en
Publication of CN114006749A publication Critical patent/CN114006749A/en
Application granted granted Critical
Publication of CN114006749B publication Critical patent/CN114006749B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to the field of network security, and discloses a security verification method, a device, equipment and a storage medium, which are used for solving the technical problem that the prior art has no unified security verification item configuration rule, and the security verification specific item cannot be determined according to the specific content of a service and the information of a user, so that the security risk exists. The method comprises the following steps: receiving a service acquisition request sent by a user; analyzing the service acquisition request to obtain the information of the request user and the service scene code contained in the service acquisition request; searching a target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information; extracting a security verification tool corresponding to the target security verification rule according to the security verification rule to perform security verification on the user, so as to obtain a security verification result; if the security verification result is that the verification is passed, pushing the service content to the user; and if the security verification result is that the verification is not passed, pushing a verification failure message to the user.

Description

Security verification method, device, equipment and storage medium
Technical Field
The present invention relates to the field of network security, and in particular, to a security verification method, apparatus, device, and storage medium.
Background
With the development of information technology, the businesses executed through the Internet become rich and diversified gradually, and the convenience degree of business handling is greatly improved; however, on the other hand, the security risk of transacting business via the internet is increasing compared to the conventional business transaction methods. Especially in the case of financial services involving the internet, security risk problems are very concerned, so security verification is becoming an integral part of various services.
In the prior art, when a security verification tool is added to a service function needing security verification, which security verification items need to be verified can only be determined by experience of a product manager, and the security verification tool has no unified security verification item configuration rule, cannot determine the security verification specific items according to the specific content of the service and the information of a user, and has security risks.
Disclosure of Invention
The invention mainly aims to solve the problem that the prior art has no unified security verification project configuration rule, and the security risk is caused by the fact that the security verification project cannot be determined according to the specific content of the service and the information of the user.
The first aspect of the present invention provides a security verification method, including: receiving a service acquisition request sent by a user; analyzing the service acquisition request to obtain the request user information and the service scene code contained in the service acquisition request; searching a target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information; extracting a security verification tool corresponding to the target security verification rule according to the security verification rule to perform security verification on the user, so as to obtain a security verification result; if the security verification result is that the verification is passed, pushing service content to the user; and if the security verification result is that the verification is not passed, pushing a verification failure message to the user.
Optionally, in a first implementation manner of the first aspect of the present invention, the requested user information includes client type information and user login information; the searching the target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information comprises the following steps: searching a scene risk level corresponding to the service scene in a preset risk scene comparison table according to the service scene code; searching a client risk level corresponding to the client type information in a preset client risk comparison table according to the client type information; searching a login risk grade corresponding to a login source of the user in a preset login risk comparison table according to the user login information; respectively extracting the grade values of the client risk grade and the login risk grade to obtain a risk grade candidate set, extracting the maximum value of the grade values in the risk grade candidate set, and carrying out assignment operation according to the maximum value to obtain a user risk grade; and searching a security verification rule corresponding to the scene risk level and the user risk level in a preset security verification rule base according to the scene risk level and the user risk level to obtain a target security verification rule.
Optionally, in a second implementation manner of the first aspect of the present invention, extracting, according to the security verification rule, a security verification tool corresponding to the target security verification rule to perform security verification on the user includes: judging whether the security verification items contained in the target security verification rule are a plurality of security verification items or not; if yes, judging whether the target security verification rule supports the user to select a security verification item; if yes, receiving a selection result of the user on the security verification item, and taking the security verification item corresponding to the selection result as a target security verification item; and calling a security verification tool corresponding to the target security verification item to execute security verification operation on the user.
Optionally, in a third implementation manner of the first aspect of the present invention, the target security verification item is at least one, and the invoking the security verification tool corresponding to the target security verification item to perform a security verification operation on the user includes: extracting the security verification sequence of the target security verification project; invoking a security verification tool corresponding to the target security verification item according to the security verification sequence to send a verification information acquisition request to a user; and the verification tool receives the verification information content input by the user, and compares the verification information content with the verification information prestored in the database.
Optionally, in a fourth implementation manner of the first aspect of the present invention, before the receiving the service acquisition request sent by the user, the method further includes: acquiring service scene information of a service scene which needs to be accessed into a security verification function; classifying the service scene according to the service scene information to obtain a service scene classification result; and generating a service scene code and a service scene risk level according to the service scene classification result, and generating a risk scene comparison table according to the service scene information and the service scene risk level.
Optionally, in a fifth implementation manner of the first aspect of the present invention, after the pushing the authentication failure message to the user, the method further includes: receiving a secondary verification request sent by a user based on the verification failure message;
extracting a first security verification level of the target security verification rule corresponding to the verification failure message; searching a security verification rule with the security verification level being greater than the first security verification level in the security verification rule library to obtain a candidate secondary verification rule; pushing the candidate secondary verification rule to a user for selection, and obtaining a target secondary verification rule according to a selection result of the user; and carrying out security verification on the user according to the target secondary verification rule.
Optionally, in a sixth implementation manner of the first aspect of the present invention, the security verification tool includes a password verification tool, a sms dynamic code verification tool, a UKEY verification tool, a face recognition tool, and a voiceprint recognition tool.
A second aspect of the present invention provides a security verification apparatus comprising: the receiving module is used for receiving a service acquisition request sent by a user; the analysis module is used for analyzing the service acquisition request to obtain the request user information and the service scene code contained in the service acquisition request; the searching module is used for searching a target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information; the verification module is used for extracting a security verification tool corresponding to the target security verification rule according to the security verification rule to carry out security verification on the user, so as to obtain a security verification result; the service pushing module is used for pushing service contents to the user if the security verification result is verification passing; and the message pushing module is used for pushing the verification failure message to the user if the security verification result is that the verification is not passed.
Optionally, in a first implementation manner of the second aspect of the present invention, the request user information includes client type information and user login information; the searching module comprises: the scene risk searching unit is used for searching a scene risk grade corresponding to the service scene in a preset risk scene comparison table according to the service scene code; the user risk searching unit is used for searching the client risk grade corresponding to the client type information in a preset client risk comparison table according to the client type information; searching a login risk grade corresponding to a login source of the user in a preset login risk comparison table according to the user login information; respectively extracting the grade values of the client risk grade and the login risk grade to obtain a risk grade candidate set, extracting the maximum value of the grade values in the risk grade candidate set, and carrying out assignment operation according to the maximum value to obtain a user risk grade; and the target rule searching unit is used for searching the security verification rule corresponding to the scene risk level and the user risk level in a preset security verification rule base according to the scene risk level and the user risk level to obtain a target security verification rule.
Optionally, in a second implementation manner of the second aspect of the present invention, the verification module includes: a first judging unit configured to judge whether or not the security verification items included in the target security verification rule are plural; the second judging unit is used for judging whether the target security verification rule supports the user to select a security verification item if yes; the verification item selection unit is used for receiving a selection result of a user on the security verification item if the security verification item is supported, and taking the security verification item corresponding to the selection result as a target security verification item; and the verification execution unit is used for calling a security verification tool corresponding to the target security verification item to execute security verification operation on the user.
Optionally, in a third implementation manner of the second aspect of the present invention, the verification executing unit is specifically configured to: extracting the security verification sequence of the target security verification project; invoking a security verification tool corresponding to the target security verification item according to the security verification sequence to send a verification information acquisition request to a user; and the verification tool receives the verification information content input by the user, and compares the verification information content with the verification information prestored in the database.
Optionally, in a fourth implementation manner of the second aspect of the present invention, the security verification apparatus further includes a scene comparison table generating module, where the scene comparison table generating module is specifically configured to: acquiring service scene information of a service scene which needs to be accessed into a security verification function; classifying the service scene according to the service scene information to obtain a service scene classification result; and generating a service scene code and a service scene risk level according to the service scene classification result, and generating a risk scene comparison table according to the service scene information and the service scene risk level.
Optionally, in a fifth implementation manner of the second aspect of the present invention, the security verification device further includes a secondary verification module, where the secondary verification module is specifically configured to: receiving a secondary verification request sent by a user based on the verification failure message; extracting a first security verification level of the target security verification rule corresponding to the verification failure message; searching a security verification rule with the security verification level being greater than the first security verification level in the security verification rule library to obtain a candidate secondary verification rule; pushing the candidate secondary verification rule to a user for selection, and obtaining a target secondary verification rule according to a selection result of the user; and carrying out security verification on the user according to the target secondary verification rule.
Optionally, in a sixth implementation manner of the second aspect of the present invention, the security verification tool includes a password verification tool, a sms dynamic code verification tool, a UKEY verification tool, a face recognition tool, and a voiceprint recognition tool.
A third aspect of the present invention provides a security verification apparatus comprising: a memory and at least one processor, the memory having instructions stored therein; the at least one processor invokes the instructions in the memory to cause the security verification device to perform the steps of the security verification method described above.
A fourth aspect of the present invention provides a computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the steps of the security verification method described above.
In the technical scheme provided by the invention, a service acquisition request sent by a user is received and analyzed to obtain the information of the requested user and the service scene code contained in the request; searching a target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information; extracting a corresponding safety verification tool according to the safety verification rule to carry out safety verification on the user, so as to obtain a safety verification result; if the security verification result is that the verification is passed, pushing the service content to the user; and if the security verification result is that the verification is not passed, pushing a verification failure message to the user. In the embodiment of the invention, the security verification rule meeting the specific request user information and the service scene information contained in the service acquisition request is found in the preset security verification rule library, and the corresponding security verification tool is extracted to carry out security verification on the user, so that the security verification method can be acquired according to the preset rule, and the security risk is reduced.
Drawings
FIG. 1 is a schematic diagram of a first embodiment of a security verification method according to an embodiment of the present invention;
FIG. 2 is a diagram of a second embodiment of a security verification method according to an embodiment of the present invention;
FIG. 3 is a diagram of a third embodiment of a security verification method according to an embodiment of the present invention;
FIG. 4 is a diagram of a fourth embodiment of a security verification method according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of an embodiment of a security authentication device according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of another embodiment of a security authentication device according to an embodiment of the present invention;
fig. 7 is a schematic diagram of an embodiment of a security verification device according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a security verification method, a device, equipment and a storage medium, wherein the scheme receives and analyzes a service acquisition request sent by a user to obtain request user information and a service scene code contained in the request user information; searching a target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information; extracting a corresponding safety verification tool according to the safety verification rule to carry out safety verification on the user, so as to obtain a safety verification result; if the security verification result is that the verification is passed, pushing the service content to the user; and if the security verification result is that the verification is not passed, pushing a verification failure message to the user. In the embodiment of the invention, the security verification rule meeting the specific request user information and the service scene information contained in the service acquisition request is found in the preset security verification rule library, and the corresponding security verification tool is extracted to carry out security verification on the user, so that the security verification method can be acquired according to the preset rule, and the security risk is reduced.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
For ease of understanding, a specific flow of an embodiment of the present invention is described below with reference to fig. 1, where an embodiment of a security verification method in an embodiment of the present invention includes:
101. receiving a service acquisition request sent by a user;
it is to be understood that the execution body of the present invention may be a security verification device, and may also be a terminal or a server, which is not limited herein. The embodiment of the invention is described by taking a server as an execution main body as an example.
The security verification method in the embodiment is suitable for the financial industry or other industries with higher security environments for business operation; in such industries, when a user obtains a service, different security verifications are generally performed according to different service contents, for example, some services with lower security verification level requirements are required to perform password verification, but some services with higher security verification level requirements not only need passwords, but may also need to perform short message dynamic codes or UKEY verification or a combination of multiple verification methods to perform security verification.
When acquiring a service, a user needs to generate a service acquisition request in an APP, a webpage or other terminals, wherein the service acquisition request records information such as user information sending the request, a source terminal of the service acquisition request, a service number of the service to be acquired and the like.
102. Analyzing the service acquisition request to obtain the request user information and the service scene code contained in the service acquisition request;
after receiving the service acquisition request, the server analyzes the service acquisition request to obtain a service code and a request user Token (Token) contained in the service acquisition request. The service code is obtained by coding various services which need to be subjected to security verification in the embodiment in advance, and corresponding service information can be found in a preset database according to the service code, wherein the service information comprises information such as scene codes of the service, specific execution flow of the service and the like; the request user token corresponds to login information of the current user, can inquire the client type, account information and other contents corresponding to the current user token in a preset database according to the request user token, and further comprises client information used by the current user for sending a service acquisition request.
Specifically, the Token (Token) is a string of characters generated by the server to be used as a Token for the client to request, when the user logs in for the first time, the server generates a Token and returns the Token to the client, and the client only needs to request data with the Token before, and does not need to carry the user name and the password again.
103. Searching a target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information;
in this embodiment, a security verification rule base is preconfigured, where the security verification rule base includes preconfigured security verification rules, and the security verification rules further include a corresponding relationship between each service scenario and user risk and a security verification item, and according to the service scenario and user risk information, the security verification rule corresponding to the current service acquisition request is found based on the corresponding relationship in the preconfigured security verification rule base.
By way of specific example, when the service scenario corresponding to the service acquisition request in the embodiment is a transfer scenario and the risk level of the user is R0, searching the corresponding security verification rule in the security verification rule base according to the information, wherein the found result is that the current security verification rule only needs verification, and when the code of the verification password only is a, the wind control platform returns r_a; the current security verification rule is obtained based on the r_a code.
104. Extracting a security verification tool corresponding to the target security verification rule according to the security verification rule to perform security verification on the user, so as to obtain a security verification result;
extracting a corresponding verification tool contained in the security verification rule to perform security verification according to the queried security verification rule, wherein the security verification rule in the embodiment can be to perform security verification on a current user by calling a single verification tool or to perform security verification on the user by calling a plurality of verification tools; when the security verification rule in the embodiment is that a plurality of verification tools are called to verify a user, a specific operation sequence preset in the security verification rule for calling the verification tools to perform security verification is firstly obtained, and the specific security verification is performed according to the set operation sequence, so that a security verification result is obtained.
105. And if the security verification result is that the verification is passed, pushing the service content to the user, and if the security verification result is that the verification is not passed, pushing the verification failure message to the user.
If the obtained security verification result is that the verification is passed, the security verification operation is completed, and the user can acquire the required service to perform the next operation, namely the platform or the client can push the service content requested by the user to the user next; if the verification is not passed, a security verification failure message is pushed to the user, and the user can select to re-verify according to the received verification failure message or select other security verification modes to perform the specific operation of security verification under the condition that the current security verification rule requirement is met.
The embodiment of the invention searches the security verification rule meeting the specific request user information and the service scene information contained in the service acquisition request in the preset security verification rule library, extracts the corresponding security verification tool to carry out security verification on the user, can acquire the security verification method according to the preset rule, and reduces the security risk.
Referring to fig. 2, a second embodiment of a security verification method according to an embodiment of the present invention includes:
201. acquiring service scene information of a service scene which needs to be accessed into a security verification function;
202. classifying the service scene according to the service scene information to obtain a service scene classification result;
203. Generating a service scene code and a service scene risk level according to the service scene classification result, and generating a risk scene comparison table according to the service scene information and the service scene risk level;
before the specific operation of security verification in this embodiment is performed, when each service accesses to the specific operation server of security verification described in this embodiment, a corresponding service scenario needs to be registered according to the characteristics of the current service scenario, and verification means corresponding to various risk classes in the service scenario are configured according to the service scenario. Specifically, performing service scene classification according to the service scene information to obtain a service scene classification result, generating a service scene code and a service scene risk level according to the service scene classification result, and generating a risk scene comparison table based on the service scene information and the service scene risk level; and when the security verification is carried out later, the security verification rule information corresponding to each user risk level in the service scene can be searched in the risk scene comparison table based on the information in the service request sent by the user.
204. Receiving a service acquisition request sent by a user;
when a user acquires a service, the user needs to generate a service acquisition request in an APP, a webpage or other terminals, wherein the service acquisition request records information such as user information sending the request, a source terminal of the service acquisition request, a service number of the service to be acquired and the like.
205. Analyzing the service acquisition request to obtain the request user information and the service scene code contained in the service acquisition request;
after receiving the service acquisition request, the server analyzes the service acquisition request to obtain a service code and a request user Token (Token) contained in the service acquisition request.
Wherein, the service information comprises scene codes of the service; and according to the request user token, inquiring the information of the request user corresponding to the current user token.
206. Searching a scene risk level corresponding to the service scene in a preset risk scene comparison table according to the service scene code;
in this embodiment, a risk scene comparison table related to a service scene is pre-stored in a database, where the risk scene comparison table is a comparison table obtained by classifying each service according to different service scenes during registration and then configuring the service scenes in the development process, and includes a correspondence between a service scene code and a scene risk level.
207. Searching a client risk grade corresponding to the client type information in a preset client risk comparison table according to the client type information;
The user information in this embodiment includes client information and login information, where the client information is client information that is registered in the client information system in advance for a user who makes a service request, where the risk level may be rated according to historical operation information of the client by a pre-constructed client risk rating tool, and the rating result is pre-stored in a client risk comparison table.
208. Searching a login risk grade corresponding to a login source of a user in a preset login risk comparison table according to user login information;
209. respectively extracting the client risk level and the grade value of the login risk level to obtain a risk level candidate set, extracting the maximum value of the grade value in the risk level candidate set, and carrying out assignment operation according to the maximum value to obtain the user risk level;
the login information is current login source information of a user, the login source information is determined by analyzing equipment codes contained in a service acquisition request, and whether a current source sending the request is an APP client or a web browser can be determined according to the equipment codes. Searching a login risk grade corresponding to the current login mode in a preset login risk comparison table according to the login information.
After obtaining the login risk level and the client risk level, analyzing the login risk level and the client risk level to obtain corresponding level values, storing the obtained level values as a data set to obtain a risk level candidate set, extracting the maximum value of the level values contained in the waiting level candidate set, and carrying out assignment operation on the user risk level according to the obtained maximum value to obtain the user risk level and the level value corresponding to the user risk level. That is, the obtained login risk level and the obtained level value of the client risk level are compared to obtain a higher level value, and the level value according to the higher risk level is used as the level value of the user risk level.
210. Searching a security verification rule corresponding to the scene risk level and the user risk level in a preset security verification rule base according to the scene risk level and the user risk level to obtain a target security verification rule;
the security verification rule library comprises preset security verification rules, the security verification rules specifically comprise corresponding relations between each service scene and user risk and security verification items, and the security verification rules corresponding to the current service acquisition request are found out based on the corresponding relations in the pre-configured security verification rule library according to the service scene and the user risk information. In this step, a corresponding relationship between the scene risk level and the user risk level and the security verification rule is configured in the security verification rule base of the threshold value, and the security verification rule corresponding to the current service is found according to the scene risk level and the user risk level obtained in the previous step.
211. Extracting a security verification tool corresponding to the target security verification rule according to the security verification rule to perform security verification on the user, so as to obtain a security verification result;
according to the queried security verification rule, extracting a corresponding verification tool contained in the security verification rule to perform security verification, wherein the security verification rule in the embodiment can be to perform security verification on the current user by calling a single verification tool to obtain a security verification result.
212. And if the security verification result is that the verification is passed, pushing the service content to the user, and if the security verification result is that the verification is not passed, pushing the verification failure message to the user.
If the obtained security verification result is that the verification is passed, the security verification operation is completed, and the user can acquire the required service to perform the next operation, namely the platform or the client can push the service content requested by the user to the user next; and if the verification is not passed, pushing a security verification failure message to the user.
The embodiment of the invention searches the security verification rule meeting the specific request user information and the service scene information contained in the service acquisition request in the preset security verification rule library, extracts the corresponding security verification tool to carry out security verification on the user, can acquire the security verification method according to the preset rule, and reduces the security risk.
Referring to fig. 3, a third embodiment of a security verification method according to an embodiment of the present invention includes:
301. receiving a service acquisition request sent by a user;
when a user acquires a service, the user needs to generate a service acquisition request in an APP, a webpage or other terminals, wherein the service acquisition request records information such as user information sending the request, a source terminal of the service acquisition request, a service number of the service to be acquired and the like.
302. Analyzing the service acquisition request to obtain the request user information and the service scene code contained in the service acquisition request;
after receiving the service acquisition request, the server analyzes the service acquisition request to obtain a service code and a request user Token (Token) contained in the service acquisition request.
Wherein, the service information comprises scene codes of the service; and according to the request user token, inquiring the information of the request user corresponding to the current user token.
303. Searching a target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information;
in this embodiment, a security verification rule base is preconfigured, where the security verification rule base includes preconfigured security verification rules, and the security verification rules further include a corresponding relationship between each service scenario and user risk and a security verification item, and according to the service scenario and user risk information, the security verification rule corresponding to the current service acquisition request is found based on the corresponding relationship in the preconfigured security verification rule base.
304. Judging whether the security verification items contained in the target security verification rule are a plurality of security verification items or not;
305. if yes, judging whether the target security verification rule supports the user to select a security verification item;
in this embodiment, the found security verification rule may include a single verification item, or may verify a plurality of verification items; when there are multiple verification items in the target security verification rule, the rule may also contain the order of combination of the specific verification of the verification items.
After the target security verification rule corresponding to the service acquisition request in the embodiment is found in the foregoing steps, firstly judging whether the obtained target security verification rule includes a plurality of security verification items, if the security verification items are single verification items, directly adopting the security verification items to perform security verification on the current user, that is, invoking a security verification tool corresponding to the security verification items to perform security verification on the user; if the security verification items contained in the target security verification rule are two or more, the combination sequence of the security verification items contained in the target security verification rule during specific verification is obtained, and whether the user is supported to select the security verification items in the combination sequence is judged.
For example, when the security verification item included in the obtained target security verification rule is r1_a/B, it indicates that the current target security verification rule supports security verification by selecting one of the security item a and the security item B, where R1 indicates that the security verification risk level of the current service request is R1 level.
306. If yes, receiving a selection result of the security verification item by the user, and taking the security verification item corresponding to the selection result as a target security verification item;
if the current target security verification rule supports the user to select the security verification item, sending a verification item selection request to the user, receiving the security verification item corresponding to the selection result of the user as the target security verification item after the user inputs the selection result of the security verification item.
If the current target security verification rule does not support the user to select the security verification item, the user is verified safely according to the combination sequence of the verification items contained in the target security verification rule during specific verification.
307. Invoking a security verification tool corresponding to the target security verification item to execute security verification operation on the user to obtain a security verification result;
308. If the security verification result is that the verification is passed, pushing service content to the user, and if the security verification result is that the verification is not passed, pushing verification failure information to the user;
and calling a security verification tool corresponding to the target security verification item according to the combination sequence of the specific verification obtained in the steps to execute security verification operation on the user, so as to obtain a security verification result.
If the obtained security verification result is that the verification is passed, the security verification operation is completed, and the user can acquire the required service to perform the next operation, namely the platform or the client can push the service content requested by the user to the user next; and if the verification is not passed, pushing a security verification failure message to the user.
309. Receiving a secondary verification request sent by a user based on a verification failure message;
in this embodiment, while the security verification failure message is pushed to the user, the user is queried whether to perform the secondary verification, where the secondary verification may be re-verified according to the original target verification rule, or may be verified by adopting a security verification rule with a higher security verification level, and the user may select the secondary verification scheme according to the actual situation, and generate the secondary verification request based on the selected secondary verification scheme.
310. Extracting a first security verification level of a target security verification rule corresponding to the verification failure message;
311. searching a security verification rule with the security verification level being greater than the first security verification level in a security verification rule library to obtain a candidate secondary verification rule;
in this embodiment, when the user selects to use the security verification rule with a higher security verification level to perform verification, the security verification level of the target security verification rule corresponding to the verification failure message is extracted to obtain a first security verification level, and a security verification rule with a security verification level greater than the first security verification level is found in the security verification rule library, and a specific example is illustrated, if the security verification level of the target security verification rule is R1, the user may select the security verification rule with a security verification level of R2 or other security verification rules with a security verification level of R2 greater than R1 as the candidate secondary verification rule; when the target security verification rule is r1_a/B, the user may select a higher security verification rule to verify again, such as r2_c/D, where in a specific example, when the verification item a is a password verification item, the item B is a verification code verification item; c is UKEY, and D is face recognition.
Specifically, the number of the candidate secondary verification rules may be multiple, and when the user selects to use the security verification rule with a higher security verification level to verify, all security verification rules meeting security verification levels greater than the first security verification level are found out from the security verification rule library, so as to obtain the candidate secondary verification rules.
312. Pushing the candidate secondary verification rule to a user for selection, and obtaining a target secondary verification rule according to a selection result of the user;
313. and carrying out security verification on the user according to the target secondary verification rule.
Pushing the obtained candidate secondary verification rule to a user for selection, taking the security verification selected by the user as a target secondary verification rule, and performing security verification on the user according to the target secondary verification rule.
The embodiment of the invention searches the security verification rule meeting the specific request user information and the service scene information contained in the service acquisition request in the preset security verification rule library, extracts the corresponding security verification tool to carry out security verification on the user, can acquire the security verification method according to the preset rule, and reduces the security risk.
Referring to fig. 4, a fourth embodiment of a security verification method according to an embodiment of the present invention includes:
401. Acquiring service scene information of a service scene which needs to be accessed into a security verification function;
402. classifying the service scene according to the service scene information to obtain a service scene classification result;
403. generating a service scene code and a service scene risk level according to the service scene classification result, and generating a risk scene comparison table according to the service scene information and the service scene risk level;
the contents of steps 401 to 403 in this embodiment are substantially the same as those of steps 301 to 303 in the previous embodiment, and thus are not described herein.
404. Receiving a service acquisition request sent by a user;
405. analyzing the service acquisition request to obtain the request user information and the service scene code contained in the service acquisition request;
in this embodiment, the contents of step 404 and step 405 are substantially the same as those of step 101 and step 102 in the previous embodiment, so that the description thereof will not be repeated here.
406. Searching a scene risk level corresponding to the service scene in a preset risk scene comparison table according to the service scene code;
407. searching a client risk grade corresponding to the client type information in a preset client risk comparison table according to the client type information;
408. searching a login risk grade corresponding to a login source of a user in a preset login risk comparison table according to user login information;
409. Respectively extracting the client risk level and the grade value of the login risk level to obtain a risk level candidate set, extracting the maximum value of the grade value in the risk level candidate set, and carrying out assignment operation according to the maximum value to obtain the user risk level;
410. searching a security verification rule corresponding to the scene risk level and the user risk level in a preset security verification rule base according to the scene risk level and the user risk level to obtain a target security verification rule;
the contents of steps 406-410 in this embodiment are substantially the same as those of steps 206-210 in the previous embodiment, and thus are not described herein.
411. Judging whether the security verification items contained in the target security verification rule are a plurality of security verification items or not;
412. if yes, judging whether the target security verification rule supports the user to select a security verification item;
413. if yes, receiving a selection result of the security verification item by the user, and taking the security verification item corresponding to the selection result as a target security verification item;
the contents of steps 411 to 413 in this embodiment are substantially the same as those of steps 304 to 306 in the previous embodiment, and thus are not described herein.
414. Extracting the security verification sequence of the target security verification project;
415. invoking a security verification tool corresponding to the target security verification item according to the security verification sequence to send a verification information acquisition request to the user;
416. the verification tool receives verification information content input by a user, and compares the verification information content with verification information pre-stored in a database to obtain a security verification result;
after the target security verification item is obtained through user selection or is determined through a security verification rule, when the obtained target security verification items are multiple, searching a security verification sequence contained in the target security verification item, and calling a verification tool corresponding to each item in the target security verification item to send a verification information acquisition request to the user according to the security verification sequence; and receiving verification information input by a user to be verified, and judging whether the verification information is consistent with the verification information prestored in the database.
Specifically, the order of the security items in this embodiment may be order verification or upgrade verification, where order verification is a specific verification order for obtaining the security items, and when all the security items pass the verification according to the specific verification order, the security items pass the verification, such as an example of a specific order verification item: when the target security verification item is R1_A_B (wherein R1 represents security verification level is R1, A and B are specific risk verification item codes), firstly calling a verification tool to verify the A item, continuing to verify the B after the verification is successful, and returning to verification failure if the A verification fails; if the A verification is successful, continuing to verify the B, if the B verification is failed at the moment, returning verification failure information, and if the B verification is successful at the moment, verifying successfully. When the security item is upgrade verification, if the priority of the B item is higher than A, if the specific target security item is R1_A≡B, the verification tool is called to verify the A item, the verification is directly judged to be successful after the verification is successful, if the verification tool is called to verify the A item, the verification is called to verify the A item, if the B verification is successful at this time, the verification is considered to be passed, and if the B verification is failed at this time, namely, when both A and B are failed, the verification failure result is returned.
Specifically, in this embodiment, the security verification item may be password verification, sms dynamic code verification, UKEY verification, face recognition, voiceprint recognition, etc., where the obtained verification information is information allowed by the user during verification.
417. And if the security verification result is that the verification is passed, pushing the service content to the user, and if the security verification result is that the verification is not passed, pushing the verification failure message to the user.
If the obtained security verification result is that the verification is passed, the security verification operation is completed, and the user can acquire the required service to perform the next operation, namely the platform or the client can push the service content requested by the user to the user next; and if the verification is not passed, pushing a security verification failure message to the user.
And inquiring whether secondary verification is to be performed or not when the security verification failure message is pushed to the user, wherein the secondary verification can be performed according to the original target verification rule, and can also be performed according to the security verification rule with higher security verification level, the user can select a secondary verification scheme according to actual conditions, and a secondary verification request is generated based on the selected secondary verification scheme. Receiving a secondary verification request sent by a user based on a verification failure message; extracting a first security verification level of a target security verification rule corresponding to the verification failure message; searching a security verification rule with the security verification level being greater than the first security verification level in a security verification rule library to obtain a candidate secondary verification rule; pushing the candidate secondary verification rule to a user for selection, and obtaining a target secondary verification rule according to a selection result of the user;
Performing security verification on the user according to the target secondary verification rule
The embodiment of the invention searches the security verification rule meeting the specific request user information and the service scene information contained in the service acquisition request in the preset security verification rule library, extracts the corresponding security verification tool to carry out security verification on the user, can acquire the security verification method according to the preset rule, and reduces the security risk.
The security verification method in the embodiment of the present invention is described above, and the security verification apparatus in the embodiment of the present invention is described below, referring to fig. 5, where an embodiment of the security verification apparatus in the embodiment of the present invention includes:
a receiving module 501, configured to receive a service acquisition request sent by a user;
the parsing module 502 is configured to parse the service acquisition request to obtain the request user information and the service scene code included in the service acquisition request;
a searching module 503, configured to search a target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information;
the verification module 504 is configured to extract, according to the security verification rule, a security verification tool corresponding to the target security verification rule to perform security verification on the user, so as to obtain a security verification result;
A service pushing module 505, configured to push service content to the user if the security verification result is that verification is passed;
and the message pushing module 506 is configured to push a verification failure message to the user if the security verification result is that verification fails.
The embodiment of the invention searches the security verification rule meeting the specific request user information and the service scene information contained in the service acquisition request in the preset security verification rule library, extracts the corresponding security verification tool to carry out security verification on the user, can acquire the security verification method according to the preset rule, and reduces the security risk.
Referring to fig. 6, another embodiment of the security verification apparatus according to the present invention includes:
a receiving module 501, configured to receive a service acquisition request sent by a user;
the parsing module 502 is configured to parse the service acquisition request to obtain the request user information and the service scene code included in the service acquisition request;
a searching module 503, configured to search a target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information;
The verification module 504 is configured to extract, according to the security verification rule, a security verification tool corresponding to the target security verification rule to perform security verification on the user, so as to obtain a security verification result;
a service pushing module 505, configured to push service content to the user if the security verification result is that verification is passed;
and the message pushing module 506 is configured to push a verification failure message to the user if the security verification result is that verification fails.
In another embodiment of the present application, the request user information includes client type information and user login information; the search module 503 includes:
a scene risk searching unit 5031, configured to search a scene risk level corresponding to the service scene in a preset risk scene comparison table according to the service scene code;
the user risk searching unit 5032 is configured to extract the level values of the client risk level and the login risk level to obtain a risk level candidate set, extract the maximum value of the level values in the risk level candidate set, and perform assignment operation according to the maximum value to obtain a user risk level;
the target rule searching unit 5033 is configured to search a security verification rule corresponding to the scene risk level and the user risk level in a preset security verification rule base according to the scene risk level and the user risk level, and obtain a target security verification rule.
In another embodiment of the present application, the verification module 504 includes:
a first judging unit 5041 configured to judge whether or not the security verification items included in the target security verification rule are plural;
a second judging unit 5042, configured to judge whether the target security verification rule supports user selection of a security verification item if yes;
a verification item selecting unit 5043, configured to, if so, receive a selection result of a security verification item by a user, and take the security verification item corresponding to the selection result as a target security verification item;
the verification executing unit 5044 is configured to invoke a security verification tool corresponding to the target security verification item to execute a security verification operation on the user.
In another embodiment of the present application, the verification execution unit 5044 is specifically configured to:
extracting the security verification sequence of the target security verification project;
invoking a security verification tool corresponding to the target security verification item according to the security verification sequence to send a verification information acquisition request to a user;
and the verification tool receives the verification information content input by the user, and compares the verification information content with the verification information prestored in the database.
In another embodiment of the present application, the security verification apparatus further includes a scene comparison table generating module, where the scene comparison table generating module is specifically configured to:
acquiring service scene information of a service scene which needs to be accessed into a security verification function;
classifying the service scene according to the service scene information to obtain a service scene classification result;
and generating a service scene code and a service scene risk level according to the service scene classification result, and generating a risk scene comparison table according to the service scene information and the service scene risk level.
In another embodiment of the present application, the security verification device further includes a secondary verification module, where the secondary verification module is specifically configured to:
receiving a secondary verification request sent by a user based on the verification failure message;
extracting a first security verification level of the target security verification rule corresponding to the verification failure message;
searching a security verification rule with the security verification level being greater than the first security verification level in the security verification rule library to obtain a candidate secondary verification rule;
pushing the candidate secondary verification rule to a user for selection, and obtaining a target secondary verification rule according to a selection result of the user;
And carrying out security verification on the user according to the target secondary verification rule.
In another embodiment of the present application, the security verification tool includes a password verification tool, a message dynamic code verification tool, a UKEY verification tool, a face recognition tool, and a voiceprint recognition tool.
The embodiment of the invention searches the security verification rule meeting the specific request user information and the service scene information contained in the service acquisition request in the preset security verification rule library, extracts the corresponding security verification tool to carry out security verification on the user, can acquire the security verification method according to the preset rule, and reduces the security risk.
The security verification apparatus in the embodiment of the present invention is described in detail above in fig. 5 and 6 from the point of view of the modularized functional entity, and the security verification device in the embodiment of the present invention is described in detail below from the point of view of hardware processing.
Fig. 7 is a schematic structural diagram of a security verification device according to an embodiment of the present invention, where the security verification device 700 may have a relatively large difference due to different configurations or performances, and may include one or more processors (central processing units, CPU) 710 (e.g., one or more processors) and a memory 720, and one or more storage media 730 (e.g., one or more mass storage devices) storing application programs 733 or data 732. Wherein memory 720 and storage medium 730 may be transitory or persistent. The program stored in the storage medium 730 may include one or more modules (not shown), each of which may include a series of instruction operations in the security authentication device 700. Still further, the processor 710 may be configured to communicate with the storage medium 730 and execute a series of instruction operations in the storage medium 730 on the security authentication device 700.
The security authentication device 700 may also include one or more power supplies 740, one or more wired or wireless network interfaces 750, one or more input/output interfaces 760, and/or one or more operating systems 731, such as Windows Serve, mac OS X, unix, linux, freeBSD, etc. It will be appreciated by those skilled in the art that the security authentication device structure shown in fig. 7 is not limiting of the security authentication device and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
The present invention also provides a computer device, which may be any device capable of performing the security verification method described in the above embodiments, the computer device including a memory and a processor, the memory having stored therein computer readable instructions which, when executed by the processor, cause the processor to perform the steps of the security verification method described in the above embodiments.
The present invention also provides a computer readable storage medium, which may be a non-volatile computer readable storage medium, or a volatile computer readable storage medium, having stored therein instructions that, when executed on a computer, cause the computer to perform the steps of the security verification method.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (9)

1. A security verification method, the security verification method comprising:
receiving a service acquisition request sent by a user;
analyzing the service acquisition request to obtain the request user information and the service scene code contained in the service acquisition request;
searching a target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information;
the request user information comprises client type information and user login information; the searching the target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information comprises the following steps:
Searching a scene risk level corresponding to the service scene in a preset risk scene comparison table according to the service scene code;
searching a client risk grade corresponding to the client type information in a preset client risk comparison table according to the client type information, wherein the client risk grade is used for indicating a rating result rated according to historical operation information of a client according to a pre-built client risk rating tool;
searching a login risk grade corresponding to a login source of the user in a preset login risk comparison table according to the user login information;
respectively extracting the grade values of the client risk grade and the login risk grade to obtain a risk grade candidate set, extracting the maximum value of the grade values in the risk grade candidate set, and carrying out assignment operation according to the maximum value to obtain a user risk grade;
searching a security verification rule corresponding to the scene risk level and the user risk level in a preset security verification rule base according to the scene risk level and the user risk level to obtain a target security verification rule;
extracting a security verification tool corresponding to the target security verification rule according to the security verification rule to perform security verification on the user, so as to obtain a security verification result;
If the security verification result is that the verification is passed, pushing service content to the user;
and if the security verification result is that the verification is not passed, pushing a verification failure message to the user.
2. The security verification method according to claim 1, wherein the extracting, according to the security verification rule, a security verification tool corresponding to the target security verification rule to perform security verification on the user includes:
judging whether the security verification items contained in the target security verification rule are a plurality of security verification items or not;
if yes, judging whether the target security verification rule supports the user to select a security verification item;
if yes, receiving a selection result of the user on the security verification item, and taking the security verification item corresponding to the selection result as a target security verification item;
and calling a security verification tool corresponding to the target security verification item to execute security verification operation on the user.
3. The security verification method according to claim 2, wherein the target security verification item is at least one, and the invoking the security verification tool corresponding to the target security verification item to perform a security verification operation on the user comprises:
Extracting the security verification sequence of the target security verification project;
invoking a security verification tool corresponding to the target security verification item according to the security verification sequence to send a verification information acquisition request to a user;
and the verification tool receives the verification information content input by the user, and compares the verification information content with the verification information prestored in the database.
4. A security verification method according to any one of claims 1-3, further comprising, prior to said receiving a service acquisition request from a user:
acquiring service scene information of a service scene which needs to be accessed into a security verification function;
classifying the service scene according to the service scene information to obtain a service scene classification result;
and generating a service scene code and a service scene risk level according to the service scene classification result, and generating a risk scene comparison table according to the service scene information and the service scene risk level.
5. The security authentication method of claim 4, further comprising, after said pushing the authentication failure message to the user:
receiving a secondary verification request sent by a user based on the verification failure message;
Extracting a first security verification level of the target security verification rule corresponding to the verification failure message;
searching a security verification rule with the security verification level being greater than the first security verification level in the security verification rule library to obtain a candidate secondary verification rule;
pushing the candidate secondary verification rule to a user for selection, and obtaining a target secondary verification rule according to a selection result of the user;
and carrying out security verification on the user according to the target secondary verification rule.
6. The security verification method of claim 5, wherein the security verification tool comprises a password verification tool, a message dynamic code verification tool, a UKEY verification tool, a face recognition tool, and a voiceprint recognition tool.
7. A security verification apparatus, the security verification apparatus comprising:
the receiving module is used for receiving a service acquisition request sent by a user;
the analysis module is used for analyzing the service acquisition request to obtain the request user information and the service scene code contained in the service acquisition request;
the searching module is used for searching a target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information;
The request user information comprises client type information and user login information; the searching the target security verification rule corresponding to the service acquisition request in a preset security verification rule base according to the service scene code and the request user information comprises the following steps:
searching a scene risk level corresponding to the service scene in a preset risk scene comparison table according to the service scene code;
searching a client risk grade corresponding to the client type information in a preset client risk comparison table according to the client type information, wherein the client risk grade is used for indicating a rating result rated according to historical operation information of a client according to a pre-built client risk rating tool;
searching a login risk grade corresponding to a login source of the user in a preset login risk comparison table according to the user login information;
respectively extracting the grade values of the client risk grade and the login risk grade to obtain a risk grade candidate set, extracting the maximum value of the grade values in the risk grade candidate set, and carrying out assignment operation according to the maximum value to obtain a user risk grade;
searching a security verification rule corresponding to the scene risk level and the user risk level in a preset security verification rule base according to the scene risk level and the user risk level to obtain a target security verification rule;
The verification module is used for extracting a security verification tool corresponding to the target security verification rule according to the security verification rule to carry out security verification on the user, so as to obtain a security verification result;
the service pushing module is used for pushing service contents to the user if the security verification result is verification passing;
and the message pushing module is used for pushing the verification failure message to the user if the security verification result is that the verification is not passed.
8. A security verification device, the security verification device comprising: a memory and at least one processor, the memory having instructions stored therein;
the at least one processor invokes the instructions in the memory to cause the security verification device to perform the steps of the security verification method of any one of claims 1-6.
9. A computer readable storage medium having instructions stored thereon, which when executed by a processor, implement the steps of the security verification method of any of claims 1-6.
CN202111268175.7A 2021-10-29 2021-10-29 Security verification method, device, equipment and storage medium Active CN114006749B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111268175.7A CN114006749B (en) 2021-10-29 2021-10-29 Security verification method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111268175.7A CN114006749B (en) 2021-10-29 2021-10-29 Security verification method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114006749A CN114006749A (en) 2022-02-01
CN114006749B true CN114006749B (en) 2023-07-21

Family

ID=79924888

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111268175.7A Active CN114006749B (en) 2021-10-29 2021-10-29 Security verification method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114006749B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114302351B (en) * 2022-03-09 2022-06-17 太平金融科技服务(上海)有限公司深圳分公司 Short message service processing method and device, computer equipment and storage medium
CN115099792B (en) * 2022-08-24 2022-12-20 中科科界(北京)科技有限公司 Method, device and equipment for auditing project declaration form and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021012791A1 (en) * 2019-07-22 2021-01-28 平安科技(深圳)有限公司 Face login method, apparatus, computer device and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106980983A (en) * 2017-02-23 2017-07-25 阿里巴巴集团控股有限公司 Service authentication method and device based on virtual reality scenario
CN109120597B (en) * 2018-07-18 2020-09-01 阿里巴巴集团控股有限公司 Identity verification and login method and device and computer equipment
CN109842611B (en) * 2018-12-14 2023-04-18 平安科技(深圳)有限公司 Identity authentication method, identity authentication device, computer equipment and storage medium

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021012791A1 (en) * 2019-07-22 2021-01-28 平安科技(深圳)有限公司 Face login method, apparatus, computer device and storage medium

Also Published As

Publication number Publication date
CN114006749A (en) 2022-02-01

Similar Documents

Publication Publication Date Title
CN114006749B (en) Security verification method, device, equipment and storage medium
CN110442756A (en) Data verification method, device, computer equipment and storage medium
US8291481B2 (en) Sessionless redirection in terminal services
US10621651B2 (en) Automatic recharge system and method, and server
CN106528393A (en) Method and device for Mock testing of WebService
CN112528262A (en) Application program access method, device, medium and electronic equipment based on token
US10284561B2 (en) Method and server for providing image captcha
CN111651347B (en) Jump verification method, device, equipment and storage medium of test system
CN110795174B (en) Application program interface calling method, device, equipment and readable storage medium
CN110781485B (en) Single sign-on method and device
CN105791249A (en) Third-party application processing method, device and system
CN111355730A (en) Platform login method, device, equipment and computer readable storage medium
CN107357562B (en) Information filling method, device and client
CN112600864A (en) Verification code verification method, device, server and medium
CN116886428A (en) Service authentication method, system and related equipment
CN113240499B (en) Order processing method and device based on system switching
US20200314190A1 (en) De termining that multiple requests are received from a particular user device
CN116192445A (en) User login verification method, device, equipment and storage medium
CN112528286B (en) Terminal equipment safety detection method, associated equipment and computer program product
CN110515905B (en) Method, device and server for configuring route
CN111538481B (en) Application program customization method and system
CN112948865A (en) High-security cloud computing method
CN113468508A (en) Information verification method, device, server and storage medium
CN113535744B (en) Tenant data modification method, system, equipment and storage medium
CN111291044A (en) Sensitive data identification method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant