CN114867017A

CN114867017A - Identity authentication method, device, equipment and system

Info

Publication number: CN114867017A
Application number: CN202210283340.4A
Authority: CN
Inventors: 夏军
Original assignee: Alipay Hangzhou Information Technology Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd
Priority date: 2022-03-22
Filing date: 2022-03-22
Publication date: 2022-08-05

Abstract

The embodiment of the specification discloses an identity authentication method, an identity authentication device, identity authentication equipment and an identity authentication system, wherein the identity authentication method is applied to a first terminal and comprises the following steps: sending an identity authentication request of a user to a preset service server; receiving an identity authentication instruction sent by the service server, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through a second terminal; establishing wireless connection with the second terminal, and sending the identity authentication instruction to the second terminal through the wireless connection; and receiving the identity authentication result of the user sent by the second terminal, and triggering the service server to perform service processing on the target service based on the identity authentication result.

Description

Identity authentication method, device, equipment and system

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a system for identity authentication.

Background

With the advance of the trend of digitization, more and more organizations start to implement paperless Office work, and internal OA (Office Automation) systems, ERP (Enterprise Resource Planning) systems, CRM (Customer Relationship Management) systems, and the like of the organizations need to authenticate users who are operating, and in addition, many online businesses also need to authenticate users who request the businesses.

Most of the current personal computer PCs adopt Password, short message, and TOTP (Time-based One-Time Password, dynamic Password), and the like, while the mobile-end authentication method has been developed into a biometric authentication method (such as fingerprint authentication method, face authentication method, and voiceprint authentication method), and the authentication method can verify the identity of a user very accurately and efficiently. Therefore, it is necessary to provide a technical solution that can improve the identity authentication technical means in the current PC environment, thereby reducing the possibility of being attacked by grey black products.

Disclosure of Invention

The embodiment of the specification aims to provide a technical scheme which can improve the identity authentication technical means in the current PC environment so as to reduce the possibility of being attacked by grey black.

In order to implement the above technical solution, the embodiments of the present specification are implemented as follows:

an identity authentication method provided by an embodiment of the present specification is applied to a first terminal, and the method includes: and sending an identity authentication request of the user to a preset service server. And receiving an identity authentication instruction sent by the service server, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through a second terminal. And establishing wireless connection with the second terminal, and sending the identity authentication instruction to the second terminal through the wireless connection. And receiving the identity authentication result of the user sent by the second terminal, and triggering the service server to perform service processing on the target service based on the identity authentication result.

An identity authentication method provided by an embodiment of the present specification is applied to a service server, and the method includes: and receiving an identity authentication request of the user, which is sent by a first terminal of the user. And sending an identity authentication instruction of the user to the first terminal based on the identity authentication request so as to trigger the first terminal to establish wireless connection with the second terminal, and sending the identity authentication instruction to the second terminal through the wireless connection, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through the second terminal. And receiving the identity authentication result of the user sent by the second terminal, and performing service processing on the target service when receiving the identity authentication result of the user sent by the first terminal.

An identity authentication system provided by an embodiment of the present specification includes a server, a first terminal, and a second terminal, where: and the first terminal sends an identity authentication request of the user to the server. And the server sends an identity authentication instruction of the user to the first terminal based on the identity authentication request, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through a second terminal. And the first terminal establishes wireless connection with the second terminal and sends the identity authentication instruction to the second terminal through the wireless connection. And the second terminal authenticates the identity of the user based on the identity authentication instruction to obtain the identity authentication result of the user. And the first terminal receives the identity authentication result of the user sent by the second terminal and triggers the service server to perform service processing on the target service based on the identity authentication result.

An identity authentication device provided by the embodiments of this specification, the device includes: and the authentication request module is used for sending an identity authentication request of the user to a preset service server. And the authentication instruction module is used for receiving an identity authentication instruction sent by the service server, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through a second terminal. And the wireless connection module is used for establishing wireless connection with the second terminal and sending the identity authentication instruction to the second terminal through the wireless connection. And the service processing module is used for receiving the identity authentication result of the user sent by the second terminal and triggering the service server to perform service processing on the target service based on the identity authentication result.

An identity authentication device provided by the embodiments of this specification, the device includes: the request receiving module receives an identity authentication request of the user, which is sent by a first terminal of the user. And the instruction sending module is used for sending an identity authentication instruction of the user to the first terminal based on the identity authentication request so as to trigger the first terminal to establish wireless connection with the second terminal and send the identity authentication instruction to the second terminal through the wireless connection, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through the second terminal. And the service processing module is used for receiving the identity authentication result of the user sent by the second terminal and carrying out service processing on the target service when receiving the identity authentication result of the user sent by the first terminal.

An identity authentication device provided in an embodiment of the present specification, the identity authentication device includes: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to: and sending an identity authentication request of the user to a preset service server. And receiving an identity authentication instruction sent by the service server, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through a second terminal. And establishing wireless connection with the second terminal, and sending the identity authentication instruction to the second terminal through the wireless connection. And receiving the identity authentication result of the user sent by the second terminal, and triggering the service server to perform service processing on the target service based on the identity authentication result.

An identity authentication device provided in an embodiment of the present specification, the identity authentication device includes: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to: and receiving an identity authentication request of the user, which is sent by a first terminal of the user. And sending an identity authentication instruction of the user to the first terminal based on the identity authentication request so as to trigger the first terminal to establish wireless connection with the second terminal, and sending the identity authentication instruction to the second terminal through the wireless connection, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through the second terminal. And receiving the identity authentication result of the user sent by the second terminal, and performing service processing on the target service when receiving the identity authentication result of the user sent by the first terminal.

Embodiments of the present specification also provide a storage medium for storing computer-executable instructions, which when executed by a processor implement the following processes: and sending an identity authentication request of the user to a preset service server. And receiving an identity authentication instruction sent by the service server, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through a second terminal. And establishing wireless connection with the second terminal, and sending the identity authentication instruction to the second terminal through the wireless connection. And receiving the identity authentication result of the user sent by the second terminal, and triggering the service server to perform service processing on the target service based on the identity authentication result.

Embodiments of the present specification also provide a storage medium for storing computer-executable instructions, which when executed by a processor implement the following processes: and receiving an identity authentication request of the user, which is sent by a first terminal of the user. And sending an identity authentication instruction of the user to the first terminal based on the identity authentication request so as to trigger the first terminal to establish wireless connection with the second terminal, and sending the identity authentication instruction to the second terminal through the wireless connection, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through the second terminal. And receiving the identity authentication result of the user sent by the second terminal, and performing service processing on the target service when receiving the identity authentication result of the user sent by the first terminal.

Drawings

In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.

FIG. 1 illustrates an embodiment of a method for identity authentication according to the present disclosure;

FIG. 2 is a schematic diagram of an identity authentication system according to the present disclosure;

FIG. 3 is another embodiment of an identity authentication method of the present disclosure;

FIG. 4 is a schematic diagram of an identity authentication process of the present description;

FIG. 5 is a diagram illustrating another embodiment of a method for authenticating an identity;

FIG. 6 is a diagram illustrating another embodiment of a method for authenticating an identity;

FIG. 7 is a schematic diagram of another identity authentication system according to the present disclosure;

FIG. 8 illustrates an embodiment of an identity authentication device according to the present disclosure;

FIG. 9 is another embodiment of an identity authentication device according to the present disclosure;

fig. 10 is an embodiment of an identity authentication device in the present specification.

Detailed Description

The embodiment of the specification provides an identity authentication method, an identity authentication device, identity authentication equipment and an identity authentication system.

In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.

Example one

As shown in fig. 1, an execution subject of the method may be a first terminal, where the first terminal may be a computer device such as a laptop or a desktop, or may also be an IoT device (specifically, a smart watch, a vehicle-mounted device, etc.). The method may specifically comprise the steps of:

in step S102, an identity authentication request of a user is sent to a preset service server.

The service server may be a background server of any service (which may be a target service), and the service server may be an independent server, or a server cluster formed by a plurality of servers, and the like. The target service may be any service, such as a biometric service, a financial service (specifically, a payment service, a transfer service, a loan service, or an insurance service), and the like, and may be set according to an actual situation, which is not limited in the embodiments of the present specification. The identity authentication request may be a request for authenticating the identity of a user, and in an actual application, the identity authentication request may be an authentication request triggered with other requests or instructions, for example, when a payment service is executed, and when a payment request is sent to a corresponding server, an identity authentication request for the user may be triggered first, and after the authentication is passed, a payment process is executed.

In implementation, with the advance of digitization trend, more and more organizations start to implement paperless office, the internal OA system, the ERP system, the CRM system, and the like of the organizations all need to authenticate the identity of the operating user, in addition, many online businesses also need to authenticate the identity of the user requesting the business, most of the current ways of authenticating the identity of the user on the PC adopt the password, the short message, the TOTP, and the like, while the mobile-end identity authentication way has been developed into the biometric authentication way (such as the fingerprint authentication way, the human face authentication way, the voiceprint authentication way, and the like), which can verify the identity of the user with high efficiency very accurately, obviously, the PC-end identity authentication way is relatively lagged behind, and risks of authentication information loss, theft, and the like also exist. Therefore, it is necessary to provide a technical solution that can improve the identity authentication technical means in the current PC environment, thereby reducing the possibility of being attacked by grey black products. The embodiment of the present specification provides an implementable technical solution, which may specifically include the following contents:

in practical application, when a user needs to execute a certain service (i.e. a target service), the user may trigger the target service execution through a corresponding application program installed in a first terminal, and when the first terminal determines that the user needs to execute the target service, it may detect whether identity authentication is needed before executing the target service, and if it is determined that identity authentication is needed before executing the target service, the first terminal may obtain relevant information of the user (specifically, such as an identifier (specifically, an account number, a code, and the like) of the user and relevant information of the first terminal (specifically, such as an identifier (specifically, a name, a MAC address, an IP address, and the like) of the first terminal) and the like, and then may generate an identity authentication request of the user based on the obtained information, and send the identity authentication request of the user to a service server.

In step S104, an identity authentication instruction sent by the service server is received, where the identity authentication instruction is used to instruct the user to authenticate the identity of the user through the second terminal.

The second terminal may be a terminal capable of executing a certain identity authentication mode, such as a mobile phone, a tablet computer, and the like, and the identity authentication mode may include multiple types, such as a fingerprint authentication mode, a face authentication mode, a voiceprint authentication mode, and the like, which may be specifically set according to an actual situation, and this is not limited in this description embodiment.

In implementation, as shown in fig. 2, after receiving an identity authentication request of a user, a service server may determine whether the target service needs to authenticate the identity of the user through another terminal (i.e., a second terminal), and if so, may obtain related information (such as the related information of the user and the related information of the first terminal), and generate an identity authentication instruction based on the obtained related information, where the identity authentication instruction may be used to instruct the user to authenticate the identity of the user through the second terminal, and may send the identity authentication instruction to the first terminal, and the first terminal may receive the identity authentication instruction sent by the service server.

In step S106, a wireless connection with the second terminal is established, and the identity authentication command is sent to the second terminal through the wireless connection.

The wireless connection may include multiple types, for example, the wireless connection may be realized in a bluetooth connection manner, or the wireless connection may be realized in a near field communication NFC manner, which may be specifically set according to an actual situation, and this is not limited in this description embodiment.

In implementation, after receiving an identity authentication instruction of a user, a first terminal may start a component corresponding to a local wireless connection mode, for example, the first terminal includes a bluetooth component, at this time, the bluetooth component may be started, bluetooth signals of other terminals may be searched through the bluetooth component of the first terminal, a bluetooth signal of another terminal of the user may be selected from the searched bluetooth signals, after the selection is completed, the terminal corresponding to the selected bluetooth signal may be used as a second terminal, at this time, the first terminal may establish a wireless connection with the second terminal through bluetooth, and after the establishment is completed, the identity authentication instruction may be sent to the second terminal through the wireless connection.

In step S108, the identity authentication result of the user sent by the second terminal is received, and the service server is triggered to perform service processing on the target service based on the identity authentication result.

In implementation, after the second terminal receives the identity authentication instruction through the wireless connection, the identity authentication mode set in the second terminal may be invoked, for example, the identity authentication mode set in the second terminal is a fingerprint authentication mode, the fingerprint authentication mode set in the second terminal may be invoked, at this time, the user may press a finger on the fingerprint input component, the fingerprint input component may collect fingerprint data of the user, and may compare the collected fingerprint data with fingerprint data stored in the second terminal, if the collected fingerprint data matches with the fingerprint data stored in the second terminal, it is determined that the identity authentication result of the user is authenticated, and if the collected fingerprint data does not match with the fingerprint data stored in the second terminal, it is determined that the identity authentication result of the user is not authenticated. If the identity authentication result of the user is authenticated, a subsequent process may be performed, that is, a service server is triggered to perform a service process on the target service based on the identity authentication result, for example, it may be determined that the user can log in an internal OA system of an organization based on the identity authentication result, and at this time, the user may use the OA system.

An embodiment of the present specification provides an identity authentication method, which is applied to a first terminal, and is configured to receive an identity authentication instruction sent by a service server by sending an identity authentication request of a user to a preset service server, where the identity authentication instruction is used to instruct the user to authenticate the identity of the user through a second terminal, then establish a wireless connection with the second terminal, send the identity authentication instruction to the second terminal through the wireless connection, and finally trigger the service server to perform service processing on a target service based on an identity authentication result of the user, so that when the user performs an operation on a PC for the target service and needs to perform identity authentication on the target service, a core-body service sends a core-body instruction to the second terminal of the user, such as a mobile phone or a tablet computer, where the wireless connection is established, and the user can authenticate the identity of the user through an identity authentication mode set in the second terminal (specifically, such as a face, and a face, and a face, and a face, and a face, and a face, and a face, and a face, and a, Fingerprint, palm print, iris and other biological characteristics are subjected to identity authentication and the like), when a user passes through the verification, the target service on the PC can be automatically pushed and finally service processing is completed, so that intermediate links of service processing are reduced, reliable contact of information is ensured, and the safety of service processing is improved.

Example two

As shown in fig. 3, an execution subject of the method may be a first terminal, where the first terminal may be a computer device such as a laptop or a desktop, or may also be an IoT device (specifically, a smart watch, a vehicle-mounted device, etc.). The method may specifically comprise the steps of:

in step S302, an identity authentication request of a user is sent to a preset service server.

In implementation, as shown in fig. 4, an application program for executing a certain service (i.e., a target service) may be installed in the first terminal, and a trigger mechanism of the target service may be set in the application program, when a user performs a service operation through the application program, a service of the target service may request to perform identity authentication, at this time, the first terminal may obtain relevant information of the user, relevant information of the first terminal, and the like, and then may generate an identity authentication request of the user based on the obtained information, and send the identity authentication request of the user to the service server.

In step S304, the current operating environment information is acquired.

In implementation, an SDK for identity authentication may be set in the first terminal, and the SDK may collect relevant information of the first terminal of the user, specifically, whether a bluetooth component, an NFC component, or the like exists in the first terminal is collected, in addition, a bluetooth signal and/or an NFC signal, or the like, which exists around the first terminal may be obtained through the bluetooth component, the NFC component, or the like of the first terminal, and it may be determined whether a signal, or the like, which is sent by another terminal of the user exists in the bluetooth signal and/or the NFC signal, which exist around the first terminal, and the relevant information obtained through the above method may be used as current operating environment information.

In step S306, the operation environment information is sent to the service server, where the operation environment information is used to trigger the service server to determine whether the user identity can be authenticated by the second terminal, and if so, the operation environment information sends the identity authentication instruction to the first terminal.

In implementation, the first terminal may send the operation environment information to the service server, and the service server may start or trigger a corresponding processing mechanism of the core service, and then may determine whether the user identity can be authenticated by the second terminal based on the operation environment information, and if the user identity can be authenticated by the second terminal, may send the identity authentication instruction to the first terminal, and a generation manner of the identity authentication instruction may refer to the above-mentioned related contents, which is not described herein again.

In step S308, an identity authentication instruction sent by the service server is received, where the identity authentication instruction is used to instruct the user to authenticate the identity of the user through the second terminal.

In step S310, a currently broadcasted wireless signal is searched for.

In an implementation, after the service server returns the identity authentication command to the first terminal, the first terminal may pull up the identity authentication front-end component through the SDK for identity authentication, and the identity authentication front-end component may search for a currently broadcast wireless signal (including a bluetooth signal or an NFC signal, etc.).

In step S312, a wireless connection with the second terminal is established by means of a bluetooth connection or a near field communication based on the searched wireless signal.

In implementation, the first terminal may monitor a pairing connection condition of the bluetooth component or the NFC component, prompt a user to "please bring the second terminal close to the first terminal" when the bluetooth component or the NFC component is not connected, and then select a wireless signal sent by the second terminal from the searched wireless signals, so that the first terminal establishes a wireless connection with the second terminal.

In practical applications, when a wireless connection is specifically established, the following steps a2 to A8 may be further performed:

in step A2, the identity of the user is obtained.

The identifier of the user may include an account number, a code, and the like of the user, which may be specifically set according to an actual situation, and this is not limited in this specification.

In step a4, device information of the terminal device corresponding to the user's identification is determined.

In implementation, the correspondence between the user identifier and the device information of the terminal device may be pre-established, and one user may correspond to the device information of a plurality of different terminal devices. Based on this, the device information of the terminal device corresponding to the user identifier can be acquired from the pre-established correspondence between the user identifier and the device information of the terminal device through the acquired user identifier.

In step a6, based on the determined device information, device information of the second terminal is determined.

In implementation, one piece of device information may be randomly selected from the determined device information as the device information of the second terminal, or the device information with the strongest performance of one piece of terminal device may be selected from the determined device information as the device information of the second terminal, which may be specifically set according to actual situations, and this is not limited in this embodiment of the present specification.

In step A8, a wireless connection is established with the second terminal based on the device information of the second terminal.

In step S314, the identity authentication command is transmitted to the second terminal through the wireless connection.

In step S316, the user identity authentication result sent by the second terminal is received, and a service processing request of the target service is sent to the service server, where the service processing request includes the identity authentication result.

In implementation, the user can click the identity authentication instruction received by the second terminal, at this time, the second terminal can open the identity authentication module of the second terminal, the identity authentication module can be configured in advance according to actual conditions, and fingerprints, human faces, digital certificates and the like of the user can be verified through the identity authentication module, so that the purpose of identity authentication is achieved. The user collects biometric data (such as facial feature data or fingerprint data) of the user through the identity authentication module, and then, the collected biological characteristic data can be encrypted, the encrypted biological characteristic data can be submitted to a service server for identity authentication under the condition of user authorization, and after the identity authentication is finished, the service server may return the authentication result of the user to the second terminal, the second terminal may transmit the authentication result of the user to the first terminal, or, the user collects the biological feature data (such as facial feature data or fingerprint data) of the user through the identity authentication module, the acquired biometric data may then be matched with corresponding pre-stored biometric data, thereby obtaining the identity authentication result of the user, and the second terminal can send the identity authentication result of the user to the first terminal and the service server.

The first terminal can analyze the identity authentication result of the user, and if the identity authentication result is that the authentication is passed, the first terminal can further acquire the related service data of the target service, can generate a service processing request of the target service based on the acquired service data and the identity authentication result, and sends the service processing request of the target service to the service server.

In step S318, data corresponding to the service processing request sent by the service server is received, where the data corresponding to the service processing request is sent when the service server determines that the authentication result is that the user passes the authentication, and the service server stores the user 'S authentication result sent by the second terminal, and the user' S authentication result sent by the second terminal passes the authentication.

EXAMPLE III

As shown in fig. 5, an execution subject of the method may be a service server, where the service server may be an independent server, or a server cluster formed by a plurality of servers, and the service server may be a background server of a financial service or an online shopping service, or a background server of an application, or a management server of an internal system of an organization. The method may specifically comprise the steps of:

in step S502, an identity authentication request of a user sent by a first terminal of the user is received.

In step S504, based on the identity authentication request, an identity authentication instruction of the user is sent to the first terminal to trigger the first terminal to establish a wireless connection with the second terminal, and the identity authentication instruction is sent to the second terminal through the wireless connection, where the identity authentication instruction is used to instruct the user to authenticate the identity of the user through the second terminal.

In step S506, the identity authentication result of the user sent by the second terminal is received, and when the identity authentication result of the user sent by the first terminal is received, the target service is processed.

The specific processing procedures of the steps S502 to S506 may refer to the related contents, and are not described herein again.

An embodiment of the present specification provides an identity authentication method, which is applied to a service server, and is configured to receive an identity authentication instruction sent by the service server by sending an identity authentication request of a user to a preset service server, where the identity authentication instruction is used to instruct the user to authenticate the identity of the user through a second terminal, then establish a wireless connection with the second terminal, send the identity authentication instruction to the second terminal through the wireless connection, and finally trigger the service server to perform service processing on a target service based on an identity authentication result of the user, so that when the user performs an operation on the target service on a PC and needs to perform identity authentication on the target service, a kernel-based service sends a kernel-based instruction to the second terminal of the user, such as a mobile phone or a tablet computer, where the wireless connection is established, and the user can authenticate the identity of the user through an identity authentication mode set in the second terminal (specifically, such as a face, a mobile phone, a tablet computer, or the like), Fingerprint, palm print, iris and other biological characteristics are subjected to identity authentication and the like), when a user passes through the verification, the target service on the PC can be automatically pushed and finally service processing is completed, so that intermediate links of service processing are reduced, reliable contact of information is ensured, and the safety of service processing is improved.

Example four

As shown in fig. 6, an execution subject of the method may be a service server and a first terminal, where the first terminal may be a computer device such as a laptop or a desktop, or may also be an IoT device (specifically, a smart watch, a vehicle-mounted device, etc.). The service server may be an independent server, or a server cluster composed of a plurality of servers, and the service server may be a background server of financial service or online shopping service, or a background server of an application program, or a management server of an internal system of an organization. The method may specifically comprise the steps of:

in step S602, the service server receives an identity authentication request of a user sent by a first terminal of the user.

In step S604, the first terminal acquires current operating environment information.

In step S606, the service server receives the operating environment information sent by the first terminal.

In step S608, the service server determines whether the identity of the user can be authenticated by the second terminal based on the operating environment information.

In step S610, if yes, the service server sends an identity authentication instruction of the user to the first terminal based on the identity authentication request.

In step S612, the first terminal establishes a wireless connection with the second terminal, and sends the identity authentication instruction to the second terminal through the wireless connection.

In step S614, the first terminal receives the identity authentication result of the user sent by the second terminal.

In step S616, the service server receives a service processing request of the target service sent by the first terminal, where the service processing request includes the identity authentication result.

In step S618, if the authentication result is that the user passes the authentication, the user identity authentication result sent by the second terminal is stored locally, and the user identity authentication result sent by the second terminal passes the authentication, the service server performs service processing on the target service to obtain data corresponding to the service processing request.

In step S620, the service server transmits data corresponding to the service processing request to the first terminal.

The specific processing procedures of the steps S602 to S620 may refer to the related contents, and are not described herein again.

An embodiment of the present specification provides an identity authentication method, where an identity authentication request of a user is sent to a preset service server, an identity authentication instruction sent by the service server is received, where the identity authentication instruction is used to instruct the user to authenticate the identity of the user through a second terminal, then a wireless connection with the second terminal may be established, the identity authentication instruction is sent to the second terminal through the wireless connection, and finally, a service server is triggered to perform service processing on a target service based on an identity authentication result of the user, so that when the user performs operation on the target service on a PC and needs to perform identity authentication on the target service, a core-body service may send a core-body instruction to the second terminal of the user, such as a mobile phone or a tablet computer, where the wireless connection is established, and the user may authenticate the identity of the user through an identity authentication mode set in the second terminal (specifically, such as a human face, a user identity authentication method, a mobile phone, and a mobile phone, and a mobile phone Fingerprint, palm print, iris and other biological characteristics are subjected to identity authentication and the like), when a user passes through the verification, the target service on the PC can be automatically pushed and finally service processing is completed, so that intermediate links of service processing are reduced, reliable contact of information is ensured, and the safety of service processing is improved.

EXAMPLE five

Based on the same idea, the identity authentication method provided in the embodiment of the present specification further provides an identity authentication system, as shown in fig. 7, where the identity authentication system includes a server 701, a first terminal 702, and a second terminal 703, where:

the first terminal 702 sends an identity authentication request of a user to the server 701;

the server 701, based on the identity authentication request, sends an identity authentication instruction of the user to the first terminal 702, where the identity authentication instruction is used to instruct the user to authenticate the identity of the user through the second terminal 703;

the first terminal 702 establishes a wireless connection with the second terminal 703, and sends the identity authentication instruction to the second terminal 703 through the wireless connection;

the second terminal 703 authenticates the identity of the user based on the identity authentication instruction to obtain an identity authentication result of the user;

the first terminal 702 receives the identity authentication result of the user sent by the second terminal 703, and triggers the server 701 to perform service processing on the target service based on the identity authentication result.

In this embodiment of the present specification, the second terminal 703 authenticates the identity of the user based on the identity authentication instruction in any one of the following identity authentication manners to obtain an identity authentication result of the user: fingerprint authentication mode, palm print authentication mode, iris authentication mode, human face authentication mode and voiceprint authentication mode.

In this embodiment, the second terminal 703 acquires target data required for authenticating the identity of the user based on the identity authentication instruction, encrypts the target data, and sends the encrypted target data to the server 701;

the server 701 decrypts the encrypted target data, authenticates the identity of the user based on the decrypted target data to obtain an identity authentication result of the user, and sends the identity authentication result of the user to the second terminal 703.

For the specific processing procedures of the server 701, the first terminal 702, and the second terminal 703, reference may be made to the related contents, which are not described herein again.

An embodiment of the present specification provides an identity authentication system, which receives an identity authentication instruction sent by a server by sending an identity authentication request of a user to a preset server, where the identity authentication instruction is used to instruct the user to authenticate the identity of the user through a second terminal, then may establish a wireless connection with the second terminal, send the identity authentication instruction to the second terminal through the wireless connection, and finally trigger a server to perform service processing on a target service based on an identity authentication result of the user, so that, when the user performs operation on the target service on a PC and needs to perform identity authentication on the target service, a core-body service may send a core-body instruction to the second terminal of the user, such as a mobile phone or a tablet computer, where the wireless connection is established, and the user may authenticate the identity of the user through an identity authentication method set in the second terminal (specifically, such as a face authentication method, and a mobile phone number authentication method) Fingerprint, palm print, iris and other biological characteristics are subjected to identity authentication and the like), when a user passes through the verification, the target service on the PC can be automatically pushed and finally service processing is completed, so that intermediate links of service processing are reduced, reliable contact of information is ensured, and the safety of service processing is improved.

EXAMPLE six

Based on the same idea, the identity authentication system provided in the embodiment of the present specification further provides an identity authentication device, as shown in fig. 8.

The identity authentication device includes: an authentication request module 801, an authentication instruction module 802, a wireless connection module 803 and a service processing module 804, wherein:

an authentication request module 801, configured to send an identity authentication request of a user to a preset service server;

an authentication instruction module 802, configured to receive an identity authentication instruction sent by the service server, where the identity authentication instruction is used to instruct the user to authenticate the identity of the user through a second terminal;

a wireless connection module 803, which establishes a wireless connection with the second terminal and sends the identity authentication instruction to the second terminal through the wireless connection;

the service processing module 804 receives the identity authentication result of the user sent by the second terminal, and triggers the service server to perform service processing on the target service based on the identity authentication result.

In this embodiment of the present specification, the authentication instruction module 802 includes:

an environment information acquisition unit that acquires current operating environment information;

the information sending unit is used for sending the operation environment information to the service server, the operation environment information is used for triggering the service server to judge whether the identity of the user can be authenticated through a second terminal, and if so, the identity authentication instruction is sent to the first terminal;

and the instruction receiving unit is used for receiving the identity authentication instruction sent by the service server.

In this embodiment, the wireless connection module 803 includes:

an identifier acquisition unit that acquires an identifier of the user;

the first information determining unit is used for determining the equipment information of the terminal equipment corresponding to the user identification;

a second information determination unit that determines device information of the second terminal based on the determined device information;

and the first wireless connection unit is used for establishing wireless connection with the second terminal based on the equipment information of the second terminal.

In this embodiment, the wireless connection module 803 includes:

a signal search unit searching for a currently broadcasted wireless signal;

and the second wireless connection unit establishes wireless connection with the second terminal in a Bluetooth connection mode or a near field communication mode based on the searched wireless signals.

In this embodiment of this specification, the service processing module 804 includes:

a service request unit, configured to send a service processing request of the target service to the service server, where the service processing request includes the identity authentication result;

and the data receiving unit is used for receiving data corresponding to the service processing request sent by the service server, wherein the data corresponding to the service processing request is sent when the service server determines that the identity authentication result is authenticated, the identity authentication result of the user sent by the second terminal is stored in the service server, and the identity authentication result sent by the second terminal is authenticated.

An embodiment of the present specification provides an identity authentication apparatus, which receives an identity authentication instruction sent by a service server by sending an identity authentication request of a user to a preset service server, where the identity authentication instruction is used to instruct the user to authenticate the identity of the user through a second terminal, then may establish a wireless connection with the second terminal, send the identity authentication instruction to the second terminal through the wireless connection, and finally trigger the service server to perform service processing on a target service based on an identity authentication result of the user, so that, when the user performs operation on the target service on a PC and needs to perform identity authentication on the target service, a core-body service may send a core-body instruction to the second terminal of the user, such as a mobile phone or a tablet computer, where the wireless connection is established, and the user may authenticate the identity of the user through an identity authentication mode set in the second terminal (specifically, such as a human face, a user identity authentication method, a mobile phone, and a mobile phone, and a mobile phone Fingerprint, palm print, iris and other biological characteristics are subjected to identity authentication and the like), when a user passes through the verification, the target service on the PC can be automatically pushed and finally service processing is completed, so that intermediate links of service processing are reduced, reliable contact of information is ensured, and the safety of service processing is improved.

EXAMPLE seven

Based on the same idea, embodiments of the present specification further provide an identity authentication apparatus, as shown in fig. 9.

The identity authentication device includes: a request receiving module 901, an instruction sending module 902 and a service processing module 903, wherein:

a request receiving module 901, configured to receive an identity authentication request of a user sent by a first terminal of the user;

an instruction sending module 902, configured to send, based on the identity authentication request, an identity authentication instruction of the user to the first terminal, so as to trigger the first terminal to establish a wireless connection with the second terminal, and send the identity authentication instruction to the second terminal through the wireless connection, where the identity authentication instruction is used to instruct the user to authenticate the identity of the user through the second terminal;

the service processing module 903 is configured to receive the user identity authentication result sent by the second terminal, and perform service processing on the target service when receiving the user identity authentication result sent by the first terminal.

In this embodiment of this specification, the request receiving module 901 includes:

an environment information receiving unit which receives the operation environment information sent by the first terminal;

a judging unit that judges whether the identity of the user can be authenticated by the second terminal based on the operating environment information;

and the request receiving unit is used for sending the identity authentication instruction of the user to the first terminal based on the identity authentication request if the user is authenticated.

In this embodiment of this specification, the service processing module 903 includes:

a service processing request unit, configured to receive a service processing request of the target service sent by the first terminal, where the service processing request includes the identity authentication result;

a service processing unit, configured to perform service processing on the target service to obtain data corresponding to the service processing request if the identity authentication result is that the user passes the authentication, the user identity authentication result sent by the second terminal is locally stored, and the identity authentication result sent by the second terminal passes the authentication;

and the data sending unit is used for sending the data corresponding to the service processing request to the first terminal.

Example eight

Based on the same idea, the identity authentication apparatus provided in the embodiment of the present specification further provides an identity authentication device, as shown in fig. 10.

The identity authentication device may provide the first device or the service server for the above embodiments.

The identity authentication device may have a large difference due to different configurations or performances, and may include one or more processors 1001 and a memory 1002, and one or more stored applications or data may be stored in the memory 1002. Memory 1002 may be, among other things, transient storage or persistent storage. The application stored in memory 1002 may include one or more modules (not shown), each of which may include a series of computer-executable instructions for the identity authentication device. Still further, the processor 1001 may be configured to communicate with the memory 1002 to execute a series of computer-executable instructions in the memory 1002 on the authentication device. The identity authentication apparatus may also include one or more power supplies 1003, one or more wired or wireless network interfaces 1004, one or more input-output interfaces 1005, one or more keyboards 1006.

In particular, in this embodiment, the identity authentication apparatus comprises a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may comprise one or more modules, and each module may comprise a series of computer-executable instructions for the identity authentication apparatus, and the one or more programs configured to be executed by the one or more processors comprise computer-executable instructions for:

sending an identity authentication request of a user to a preset service server;

receiving an identity authentication instruction sent by the service server, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through a second terminal;

establishing wireless connection with the second terminal, and sending the identity authentication instruction to the second terminal through the wireless connection;

and receiving the identity authentication result of the user sent by the second terminal, and triggering the service server to perform service processing on the target service based on the identity authentication result.

In an embodiment of this specification, the receiving an identity authentication instruction sent by the identity authentication device includes:

acquiring current operating environment information;

sending the operating environment information to the service server, wherein the operating environment information is used for triggering the service server to judge whether the identity of the user can be authenticated through a second terminal, and if so, sending the identity authentication instruction to the first terminal;

and receiving the identity authentication instruction sent by the service server.

In an embodiment of this specification, the establishing a wireless connection with the second terminal includes:

acquiring the identification of the user;

determining the equipment information of the terminal equipment corresponding to the user identification;

determining device information of the second terminal based on the determined device information;

and establishing wireless connection with the second terminal based on the equipment information of the second terminal.

searching for a currently broadcasted wireless signal;

and establishing wireless connection with the second terminal in a Bluetooth connection mode or a near field communication mode based on the searched wireless signals.

In this embodiment of the present specification, the triggering, by the service server, the service processing on the target service based on the identity authentication result includes:

sending a service processing request of the target service to the service server, wherein the service processing request comprises the identity authentication result;

and receiving data corresponding to the service processing request sent by the service server, wherein the data corresponding to the service processing request is sent when the service server determines that the identity authentication result is authenticated, and the identity authentication result of the user sent by the second terminal is stored in the service server, and the identity authentication result sent by the second terminal is authenticated.

Further, in particular in this embodiment, the identity authentication apparatus comprises a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may comprise one or more modules, and each module may comprise a series of computer-executable instructions for the identity authentication apparatus, and the one or more programs configured to be executed by the one or more processors comprise computer-executable instructions for:

receiving an identity authentication request of a user, which is sent by a first terminal of the user;

based on the identity authentication request, sending an identity authentication instruction of the user to the first terminal to trigger the first terminal to establish wireless connection with the second terminal, and sending the identity authentication instruction to the second terminal through the wireless connection, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through the second terminal;

and receiving the identity authentication result of the user sent by the second terminal, and performing service processing on the target service when receiving the identity authentication result of the user sent by the first terminal.

In this embodiment of the present specification, the sending, to the first terminal, an identity authentication instruction of the user based on the identity authentication request includes:

receiving operation environment information sent by the first terminal;

judging whether the identity of the user can be authenticated by the second terminal or not based on the operating environment information;

and if so, sending an identity authentication instruction of the user to the first terminal based on the identity authentication request.

In this embodiment of the present specification, the performing service processing on a target service when receiving an identity authentication result of the user sent by the first terminal includes:

receiving a service processing request of the target service sent by the first terminal, wherein the service processing request comprises the identity authentication result;

if the identity authentication result is that the authentication is passed, the identity authentication result of the user sent by the second terminal is locally stored, and the identity authentication result sent by the second terminal is that the authentication is passed, performing service processing on the target service to obtain data corresponding to the service processing request;

and sending the data corresponding to the service processing request to the first terminal.

Example nine

Further, based on the methods shown in fig. 1 to fig. 6, one or more embodiments of the present specification further provide a storage medium for storing computer-executable instruction information, in a specific embodiment, the storage medium may be a usb disk, an optical disk, a hard disk, or the like, and when executed by a processor, the storage medium stores the computer-executable instruction information, which can implement the following processes:

acquiring current operating environment information;

acquiring the identification of the user;

searching for a currently broadcasted wireless signal;

In addition, in another specific embodiment, the storage medium may be a usb disk, an optical disk, a hard disk, or the like, and the storage medium stores computer executable instruction information that, when executed by the processor, can implement the following process:

receiving operation environment information sent by the first terminal;

An embodiment of the present disclosure provides a storage medium, which receives an identity authentication instruction sent by a service server by sending an identity authentication request of a user to a preset service server, where the identity authentication instruction is used to instruct the user to authenticate the identity of the user through a second terminal, then may establish a wireless connection with the second terminal, send the identity authentication instruction to the second terminal through the wireless connection, and finally trigger the service server to perform service processing on a target service based on an identity authentication result of the user, so that, when the user performs operation on the target service on a PC and needs to perform identity authentication on the target service, a core-body service may send a core-body instruction to the second terminal of the user, such as a mobile phone or a tablet computer, where the wireless connection is established, and the user may authenticate the identity of the user through an identity authentication manner set in the second terminal (specifically, a face of the user may be used to authenticate the identity of the user through an identity authentication manner set in the second terminal) Fingerprint, palm print, iris and other biological characteristics are subjected to identity authentication and the like), when a user passes through the verification, the target service on the PC can be automatically pushed and finally service processing is completed, so that intermediate links of service processing are reduced, reliable contact of information is ensured, and the safety of service processing is improved.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

The systems, apparatuses, modules or units described in the above embodiments may be specifically implemented by a computer chip or an entity, or implemented by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations in implementing one or more embodiments of the present description.

As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

Embodiments of the present description are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable fraud case serial-parallel apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable fraud case serial-parallel apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable fraud case to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable fraud case serial-parallel apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

The above description is only an example of the present specification, and is not intended to limit the present application. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.

Claims

1. An identity authentication method is applied to a first terminal, and comprises the following steps:

2. The method of claim 1, wherein the receiving the authentication instruction sent by the authentication device comprises:

acquiring current operating environment information;

3. The method according to claim 1 or 2, said establishing a wireless connection with the second terminal comprising:

acquiring the identification of the user;

4. The method of claim 3, the establishing a wireless connection with the second terminal comprising:

searching for a currently broadcasted wireless signal;

5. The method of claim 4, wherein the triggering the service server to perform service processing on the target service based on the identity authentication result comprises:

6. An identity authentication method is applied to a service server, and comprises the following steps:

7. The method of claim 6, wherein sending the authentication instruction of the user to the first terminal based on the authentication request comprises:

receiving operation environment information sent by the first terminal;

8. The method according to claim 6 or 7, wherein the performing service processing on the target service when receiving the identity authentication result of the user sent by the first terminal, includes:

9. An identity authentication system comprising a server, a first terminal and a second terminal, wherein:

the first terminal sends an identity authentication request of a user to the server;

the server sends an identity authentication instruction of the user to the first terminal based on the identity authentication request, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through a second terminal;

the first terminal establishes wireless connection with the second terminal and sends the identity authentication instruction to the second terminal through the wireless connection;

the second terminal authenticates the identity of the user based on the identity authentication instruction to obtain an identity authentication result of the user;

and the first terminal receives the identity authentication result of the user sent by the second terminal and triggers the service server to perform service processing on the target service based on the identity authentication result.

10. The system of claim 9, wherein the second terminal authenticates the identity of the user based on the identity authentication instruction by any one of the following identity authentication methods to obtain the identity authentication result of the user: fingerprint authentication mode, palm print authentication mode, iris authentication mode, human face authentication mode and voiceprint authentication mode.

11. The system according to claim 9, wherein the second terminal, based on the identity authentication instruction, acquires target data required for authenticating the identity of the user, encrypts the target data, and sends the encrypted target data to the server;

the server decrypts the encrypted target data, authenticates the identity of the user based on the decrypted target data to obtain the identity authentication result of the user, and sends the identity authentication result of the user to the second terminal.

12. An identity authentication apparatus, the apparatus comprising:

the authentication request module is used for sending an identity authentication request of a user to a preset service server;

the authentication instruction module is used for receiving an identity authentication instruction sent by the service server, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through a second terminal;

the wireless connection module is used for establishing wireless connection with the second terminal and sending the identity authentication instruction to the second terminal through the wireless connection;

and the service processing module is used for receiving the identity authentication result of the user sent by the second terminal and triggering the service server to perform service processing on the target service based on the identity authentication result.

13. An identity authentication apparatus, the apparatus comprising:

the request receiving module is used for receiving an identity authentication request of a user, which is sent by a first terminal of the user;

the instruction sending module is used for sending an identity authentication instruction of the user to the first terminal based on the identity authentication request so as to trigger the first terminal to establish wireless connection with the second terminal and send the identity authentication instruction to the second terminal through the wireless connection, wherein the identity authentication instruction is used for indicating the user to authenticate the identity of the user through the second terminal;

and the service processing module is used for receiving the identity authentication result of the user sent by the second terminal and carrying out service processing on the target service when receiving the identity authentication result of the user sent by the first terminal.

14. An identity authentication device, the device comprising a trusted execution environment, the identity authentication device comprising:

a processor; and

a memory arranged to store computer executable instructions that, when executed, cause the processor to:

15. An identity authentication device, the device comprising a trusted execution environment, the identity authentication device comprising:

a processor; and

16. A storage medium for storing computer-executable instructions, which when executed by a processor implement the following:

17. A storage medium for storing computer executable instructions which, when executed by a processor, implement the following flow: