CN115378692A - Account number sharing method and system - Google Patents

Account number sharing method and system Download PDF

Info

Publication number
CN115378692A
CN115378692A CN202210994273.7A CN202210994273A CN115378692A CN 115378692 A CN115378692 A CN 115378692A CN 202210994273 A CN202210994273 A CN 202210994273A CN 115378692 A CN115378692 A CN 115378692A
Authority
CN
China
Prior art keywords
terminal
target
password
request
account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210994273.7A
Other languages
Chinese (zh)
Inventor
吕明明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202210994273.7A priority Critical patent/CN115378692A/en
Publication of CN115378692A publication Critical patent/CN115378692A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the application discloses an account sharing method and an account sharing system, which can be applied to the fields of mobile interconnection, network security or finance, wherein after an account sharing request of a request terminal is received, a password request message is generated and a target terminal is issued to acquire a password, the password input by the target terminal is acquired after the current user information of the target terminal is acquired and verified, and after the password input by the target terminal is verified successfully, the target account is directly authorized to log in on the request terminal, the password is issued to a temporary password security module of the request terminal to be stored, the password input by the request terminal is not required, the account sharing is realized by means of remotely inputting the password by the target terminal, the condition that the password is disclosed to a user requesting the account sharing is avoided, the password is not required to be changed repeatedly, the face information of the user of the target terminal is acquired, the further verification is realized, and the security and the convenience are improved when the user shares the account.

Description

Account number sharing method and system
Technical Field
The present application relates to the field of data sharing technologies, and in particular, to an account sharing method and system.
Background
At present, many websites and application programs are logged in by inputting account passwords, sometimes, under the condition that transactions are conveniently processed or other users are authorized to use own account rights and interests, the users can use own accounts by other users, in the existing scheme, the user A generally informs the password of the user B, the user B logs in own accounts on own mobile phones, after the user B finishes using the accounts, the user A updates the new passwords to ensure the safety of the accounts, however, in the existing scheme, the users need to frequently update the passwords, when the users do not forget to update the passwords, the accounts can be stolen, and the safety of the user accounts is low.
Disclosure of Invention
The account sharing method achieves account sharing in a mode that a request terminal does not need to input a password, the password is prevented from being disclosed to a user requesting account sharing, the password does not need to be changed repeatedly, face information of the user of the target terminal is collected for further verification, and safety and convenience of the user sharing the account are improved.
In order to achieve the above object, the present application provides an account sharing method, including:
acquiring an account number sharing request; the account number sharing request is sent by a request terminal; the account sharing request comprises: the method comprises the steps that a target account and a terminal identification of a target terminal are obtained;
obtaining pre-stored standard face information of the target account, and generating a password request message according to the target account and the standard face information of the target account;
sending the password request message to the target terminal according to the terminal identification of the target terminal;
acquiring a face recognition result generated by the target terminal according to the password request message, wherein the face recognition result comprises: the user face information acquired by the target terminal is the same as the standard face information of the target account, or the user face information acquired by the target terminal is different from the standard face information of the target account;
if the face recognition result is that the user face information acquired by the target terminal is the same as the standard face information of the target account, acquiring password information sent by the target terminal;
judging whether a first password in the password information is the same as a preset password or not;
and if the first password is the same as the preset password, authorizing the target account to log in the request terminal, and sending the first password to a temporary password security module of the request terminal for storage.
Optionally, before generating the password request message according to the target account, the method further includes:
judging whether the terminal identification of the target terminal is the same as the pre-stored terminal identification or not; the pre-stored terminal identification comprises: a terminal identification corresponding to a terminal bound by the target account and a terminal identification corresponding to an administrator terminal of the target account;
and if the terminal identification of the target terminal is the same as the pre-stored terminal identification, executing the step of acquiring the pre-stored standard face information of the target account, and generating a password request message according to the target account and the standard face information of the target account.
Optionally, the password information includes a first password, a random parameter c, a random parameter d, and user face information acquired by the target terminal, and after it is determined that the first password is the same as the preset password, the method further includes:
generating user face feature data according to the user face information, and determining user face feature data a and user face feature data b from the user face feature data;
encrypting the first password by using a preset encryption algorithm to obtain an encrypted first password Z; wherein, Z is the encrypted first password, e is the base number of the natural logarithm, and f is a random number;
the sending the first password to the requesting terminal includes: and sending the encrypted first password to the request terminal.
Optionally, the method further comprises:
acquiring an administrator information editing instruction sent by a terminal bound with the target account;
updating the administrator information of the target account according to the target account and the editing content in the administrator information editing instruction, wherein the editing content in the administrator information editing instruction comprises: adding or deleting by an administrator and setting the authority of the administrator.
Optionally, if the first password is the same as the preset password, the method further includes:
judging whether the target terminal is a terminal bound by the target account or not according to the terminal identifier of the target terminal;
if the target terminal is a terminal bound by the target account, sending an operation authority list acquisition request to the target terminal, and receiving an operation authority list returned by the target terminal; the operation authority list is used for limiting the operation authority of the request terminal in the target account;
if the target terminal is not the terminal bound by the target account, acquiring a target administrator permission list corresponding to the terminal identifier of the target terminal in prestored administrator information;
judging whether the target administrator permission list comprises a setting request terminal operation permission;
if the target administrator permission list comprises the operation permission of the setting request terminal, sending an operation permission list acquisition request to the target terminal, and receiving an operation permission list returned by the target terminal;
if the target administrator permission does not include the operation permission of the set request terminal, acquiring a pre-stored initial operation permission list, and limiting the operation permission of the request terminal in the target account according to the initial operation permission list or the operation permission list.
Optionally, the method further comprises:
judging whether the request terminal logs in the target account or not;
if the request terminal logs in the target account, acquiring the authority used by the real-time operation of the request terminal;
judging whether the authority used by the real-time operation of the request terminal accords with the operation authority set by the authority list or not;
if the authority used by the real-time operation of the request terminal exceeds the operation authority set by the authority list, adding 1 to the number of the over-authority times of the request terminal;
judging whether the number of times of the over-right of the request terminal is greater than or equal to a preset number of times;
and if the number of the over-rights times of the request terminal is greater than or equal to the preset number, logging out the target account from the request terminal, and deleting the first password stored in the request terminal.
Optionally, the method further comprises:
judging whether the terminal identification of the target terminal is the same as the terminal identification corresponding to the terminal bound by the target account;
if the terminal identification of the target terminal is different from the terminal identification corresponding to the terminal bound by the target account; judging whether a sharing stopping instruction is received or not; the sharing stopping instruction is generated by the target terminal or the terminal bound by the target account;
and if the sharing stopping instruction is received, according to the target account number in the sharing stopping instruction and the terminal identification of the request terminal, logging out the target account number from the request terminal, and deleting the first password stored in the request terminal.
The application also provides an account sharing system, which comprises:
the first acquisition module is used for acquiring an account number sharing request; the account number sharing request is sent by a request terminal; the account sharing request comprises: the method comprises the steps that a target account and a terminal identification of a target terminal are obtained;
the request generation module is used for acquiring pre-stored standard face information of the target account and generating a password request message according to the target account and the standard face information of the target account;
a first sending module, configured to send the password request message to the target terminal according to a terminal identifier of the target terminal;
a second obtaining module, configured to obtain a face recognition result generated by the target terminal according to the password request message, where the face recognition result includes: the user face information acquired by the target terminal is the same as the standard face information of the target account, or the user face information acquired by the target terminal is different from the standard face information of the target account; if the face recognition result is that the user face information acquired by the target terminal is the same as the standard face information of the target account, acquiring password information sent by the target terminal;
the judgment module is used for judging whether a first password in the password information is the same as a preset password;
and the second sending module is used for authorizing the target account to log in the request terminal if the first password is the same as the preset password, and sending the first password to the temporary password security module of the request terminal for storage.
Optionally, the determining module is further configured to determine whether the terminal identifier of the target terminal is the same as a pre-stored terminal identifier; the pre-stored terminal identification comprises: a terminal identification corresponding to a terminal bound by the target account and a terminal identification corresponding to an administrator terminal of the target account;
and if the terminal identification of the target terminal is the same as the pre-stored terminal identification, the request generation module executes the acquisition of the pre-stored standard face information of the target account, and generates a password request message according to the target account and the standard face information of the target account.
Optionally, the password information includes a first password, a random parameter c, a random parameter d, and user face information acquired by the target terminal, and the system further includes:
the encryption module is used for generating user face feature data according to the user face information and determining user face feature data a and user face feature data b from the user face feature data; encrypting the first password by using a preset encryption algorithm to obtain an encrypted first password Z; wherein, Z is the encrypted first password, e is the base number of the natural logarithm, and f is a random number;
the second sending module is specifically configured to send the encrypted first password to the request terminal.
The embodiment of the application provides an account sharing method, which comprises the steps of acquiring prestored standard face information of a target account based on an account sharing request, generating a password request message according to the target account and the standard face information of the target account in the account sharing request, and sending the password request message to a target terminal according to a terminal identifier of the target terminal in the account sharing request; acquiring a face recognition result generated by the target terminal according to the password request message, if the face recognition result is that user face information acquired by the target terminal is the same as standard face information of the target account, acquiring password information sent by the target terminal, and judging whether a first password in the password information is the same as a preset password; and if the first password is the same as the preset password, authorizing the target account to log in the request terminal, and sending the first password to a temporary password security module of the request terminal for storage. The account sharing method comprises the steps of generating a password request message and issuing a target terminal to acquire a password after receiving an account sharing request of a request terminal, wherein the current user information of the target terminal is collected and verified to ensure the reliability of a current user of the target terminal, then the password input by the target terminal is acquired, the target account is directly authorized to log in the request terminal after the password input by the target terminal is successfully verified, the password is stored in a temporary password security module of the request terminal, the password input by the request terminal is not needed, account sharing is realized by means of remotely inputting the password by the target terminal, the password is prevented from being disclosed to the user requesting account sharing, the password does not need to be repeatedly changed, face information of the user of the target terminal is collected for further verification, and the security and the convenience when the user shares the account are improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of an account sharing method provided in an embodiment of the present application;
fig. 2 is a schematic diagram of an account sharing system according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present application will be described clearly and completely with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In the existing scheme, in order to facilitate transaction processing or authorize other users to use own account rights and interests, the user can enable other users to use own accounts, generally, the user A informs the password of the user B, the user B logs in own account on own mobile phone, after the user B uses up the account, the user A updates the new password, so as to ensure the security of the account, however, the existing scheme has the problems that the user needs to frequently update the password, the operation of the user is complicated, and the user does not forget to update the password, the account can be stolen, and the security of the user account is low.
The embodiment of the application discloses an account sharing method and an account sharing system, the account sharing method generates a password request message and sends the password request message to a target terminal to obtain a password after receiving an account sharing request of a request terminal, wherein the reliability of a current user of the target terminal is guaranteed by acquiring and verifying the current user information of the target terminal, then the password input by the target terminal is obtained, the target account is directly authorized to log in on the request terminal after the password input by the target terminal is verified, the password is sent to a temporary password security module of the request terminal to be stored, the password does not need to be input by the request terminal, account sharing is realized by means of remotely inputting the password by the target terminal, the problem that the password is disclosed to the user requesting account sharing is avoided, the password does not need to be repeatedly changed, the face information of the user of the target terminal is acquired, further verification is achieved, and safety and convenience in account sharing of the user are improved.
It should be noted that the account sharing method and system provided by the embodiment of the present application may be applied to the field of mobile internet, the field of network security, or the field of finance. The above is merely an example, and the application field of the account sharing method and system provided by the present application is not limited.
An account sharing method in the present application is described in detail below:
fig. 1 is a flowchart of an account sharing method according to an embodiment of the present disclosure. As shown in fig. 1, the account sharing method in the embodiment of the present application may be applied to a server or an account sharing system, and taking the example that the account sharing method is applied to a server, the account sharing method specifically includes:
s101: acquiring an account number sharing request; the account number sharing request is sent by a request terminal; the account sharing request comprises: the method comprises the steps that a target account and a terminal identification of a target terminal are obtained;
it should be noted that, the user B sends an account sharing request to the server through the request terminal, so as to request account sharing from the user a through the server, where the server may be a server of a bank or a server for managing an account of the user, and is not limited herein.
The target terminal may be a terminal to which the target account is bound, or a terminal of an administrator who is primarily authorized by the account of the target account. The terminal can be a mobile terminal such as a mobile phone and a computer, and the terminal identifier can be a mobile phone number.
S102: acquiring pre-stored standard face information of the target account, and generating a password request message according to the target account and the standard face information of the target account;
the server generates a password request message, wherein the password request message is used for requesting a password corresponding to the target account number from the target terminal, so that the user A can input the password corresponding to the target account number according to the target account number in the request message after receiving the request message through the target terminal.
The password request message in the embodiment of the application comprises standard face information of a target account, and the standard face information of the target account is used for verifying the face information of the current user acquired by a target terminal, so that the current user holding the target terminal is ensured to be a standard user meeting the conditions.
Preferably, in the embodiment of the application, after acquiring the account sharing request, the server may determine whether the terminal identifier of the target terminal in the account sharing request is the same as a pre-stored terminal identifier; the pre-stored terminal identification comprises: a terminal identification corresponding to a terminal bound by the target account and a terminal identification corresponding to an administrator terminal of the target account; and if the terminal identification of the target terminal is the same as the pre-stored terminal identification, executing the steps of acquiring the pre-stored standard face information of the target account and generating a password request message according to the target account and the standard face information of the target account.
It should be noted that, an account owner of the target account may edit and authorize an administrator of the target account, so that when receiving the target account sharing request, the sharing request may be responded to in time for processing. The account owner of the target account can edit administrator information of the target account, wherein the administrator information comprises a terminal identifier of an administrator terminal, administrator permission, administrator face information and the like; specifically, the method comprises the following steps: the account sharing method in the embodiment of the application further includes:
acquiring an administrator information editing instruction sent by a terminal bound with the target account; updating the administrator information corresponding to the target account according to the target account and the editing content in the administrator information editing instruction, wherein the editing content in the administrator information editing instruction comprises: adding or deleting by an administrator and setting the authority of the administrator.
The terminal bound by the target account is a terminal corresponding to a target account owner, and can be determined through a terminal identifier, when the target account is created by the target account owner, the account and the terminal are bound, specifically, the account and the terminal identifier are bound, and thus the terminal bound by the target account can be determined through the bound terminal identifier.
The server stores administrator information of a target account, a terminal bound to the target account edits the administrator information needing to be changed through the authority limiting module, the terminal bound to the target account generates an administrator information editing instruction and sends the administrator information editing instruction, and the server can update the administrator information of the target account according to the administrator information editing instruction, for example, the authority of an administrator A in the administrator information is adjusted, the authority of the administrator A is increased, the authority of the administrator A is reduced, and specifically, the authority of the administrator can include: the method includes the steps of setting an operation permission of a request terminal, stopping a sharing permission, inputting a password permission, obtaining an operation screen recording data permission of the request terminal, obtaining a face video data permission in the process of operating a target account number by the request terminal and the like, and is not limited here. The administrator can be determined by the terminal identification of the administrator terminal.
S103: sending the password request message to the target terminal according to the terminal identification of the target terminal;
specifically, the type of the password request message can be a 5G message, when the 5G message is oriented to a personal user, point-to-point message and group chat service are provided, the message content can support various forms such as pictures, audio, video, positions, contacts and the like besides text, and the user can receive and send the 5G messages of other mobile phone number users without downloading a client and adding friends; the 5G message provides enhanced individual and application message service for industrial customers, so that 'message as a service' is realized, a new message interaction mode, namely a Chatbot chat robot is introduced, and people can intuitively and conveniently enjoy various 5G application services such as payment recharging, ticket ordering, hotel reservation, logistics inquiry, catering booking, take-out order and the like in a message window.
Specifically, when the terminal identifier of the target terminal is the mobile phone number of the target terminal, the server transmits a 5G message to the target terminal by transmitting the 5G message to the mobile phone number, where the 5G message is a password request message.
S104: acquiring a face recognition result generated by the target terminal according to the password request message, wherein the face recognition result comprises: the user face information acquired by the target terminal is the same as the standard face information of the target account, or the user face information acquired by the target terminal is different from the standard face information of the target account;
specifically, the password request message includes standard face information of the target account, the target terminal performs face recognition after receiving the password request message, and the standard face information of the target account may include account number master face information of the target account and administrator face information of the target account, or may include only account number master face information of the target account.
S105: if the face recognition result is that the user face information acquired by the target terminal is the same as the standard face information of the target account, acquiring password information sent by the target terminal;
preferably, if the standard face information of the target account includes only the face information of the owner of the target account, when performing face recognition, it is verified whether the current user of the specified mobile phone (target terminal) is the owner of the account, if so, the server can send an enable signal, the enable signal enables the current user of the specified mobile phone to input password information in the 5G message, and embed the collected face information of the user in the password message, or the server enables to receive the password information of the target terminal, the password information embeds the collected face information of the user, so that data can be transmitted; if not, real-time recognition is started, the acquired face data of the current user of the specified mobile phone is transmitted back to the server, and then the server further verifies whether the face data of the current person is contained in the pre-stored face data of the administrator. If the password information is not contained, the 5G message does not allow the password to be input, or the server is disconnected from the target terminal, and even if the user inputs the password information at the target terminal, the password information cannot be successfully transmitted. If the face data of the administrator is contained in the pre-stored face data of the administrator, the server can send a permission signal, the permission signal allows the current user of the appointed mobile phone to input password information in a 5G message, the acquired face information of the user is embedded in the password information, or the server allows the password information of the target terminal to be received, so that the data can be transmitted.
Preferably, if the standard face information of the target account includes the account owner face information of the target account and the administrator face information of the target account, when performing face recognition, it is verified whether the current user of the specified mobile phone (target terminal) is the account owner face information or the authorized administrator face information, and if not, the 5G message will not allow the password input behavior, or the server disconnects from the target terminal, and even if the user inputs the password at the target terminal, the transmission cannot be successful. If the mobile phone is in the 5G state, the server can send an allowing signal, the allowing signal allows a current user of the specified mobile phone to input password information in the 5G message and embed the acquired face information of the user in the password information, or the server allows the receiving of the password information of the target terminal, and the password information is embedded in the acquired face information of the user, so that data can be transmitted.
S106: judging whether a first password in the password information is the same as a preset password or not;
after the server acquires the password information returned by the target terminal, a first password in the password information and a preset password prestored by the server are acquired for judgment, whether the first password is the same as the preset password is judged, and the preset password is the password of the target account set by the target account owner.
S107: and if the first password is the same as the preset password, authorizing the target account to log in the request terminal, and sending the first password to a temporary password security module of the request terminal for storage.
Specifically, if the first password is the same as the preset password, the server authorizes the login request terminal to login the target account, so that the password of the target account is not disclosed to the request terminal user, the user cannot acquire the first password, and the first password is sent to the request terminal, namely after the server verifies the correctness of the password, if the password is correct, the server authorizes the login request terminal to login the target account, the password does not need to be disclosed to the user of the request terminal, the encrypted first password is sent to the request terminal, the request terminal stores the first password in the temporary password security module, the temporary password security module cannot be accessed externally, the confidentiality and the security of the first password are ensured, when the request terminal needs to input the password of the target account, the request terminal sends the first password in the temporary password security module to the server, the server directly matches the first password, determines the matched target account, and realizes that the request terminal directly logs in the target account, and does not need to disclose the first password to the user of the request terminal.
Preferably, in the embodiment of the present application, the server may further encrypt the first password and then send the encrypted first password to the request terminal, so as to further improve the security of the first password stored in the request terminal;
specifically, the password information includes a first password, a random parameter c, a random parameter d, and user face information acquired by the target terminal, and after it is determined that the first password is the same as the preset password, the method further includes: generating user face feature data according to the user face information, and determining user face feature data a and user face feature data b from the user face feature data; using a predetermined encryption algorithm Z = (a x b-c x d) e f Encrypting the first password to obtain an encrypted first password Z; wherein, Z is the encrypted first password, e is the base number of the natural logarithm, and f is a random number; the sending the first password to the requesting terminal includes: and sending the encrypted first password to the request terminal. The random number f is randomly generated by the server.
The user face feature data includes a plurality of key face feature data, such as eye feature data, mouth region feature data, nose region feature data, and the like, and the user face feature data a and the user face feature data b may be any two of the plurality of key face feature data.
It should be noted that, the temporary password security module stores the encrypted first password, and each time a user logs in a target account through a request terminal and needs to input a password, the temporary password security module directly sends the password to the server, and then the server decrypts the password according to a decryption algorithm to obtain the first password, matches the first password, determines a matched target account, and realizes that the request terminal directly logs in the target account without disclosing the first password to the user of the request terminal.
It should be noted that the decryption algorithm corresponds to the encryption algorithm, and since the server stores the random parameter c, the random parameter d, and the random number f during encryption of the first password, which are returned by the user for the target account, the encrypted first password is decrypted according to the decryption algorithm corresponding to the encryption algorithm, so that the corresponding first password can be obtained.
Preferably, in this embodiment of the application, the operation permission of the request terminal on the target account can be defined, so that the security of the target account is ensured, and the risk of being used by the target account with the permission being exceeded is avoided, specifically, if the first password is the same as the preset password, the method further includes: judging whether the target terminal is a terminal bound by the target account or not according to the terminal identifier of the target terminal; if the target terminal is a terminal bound by the target account, sending an operation permission list to the target terminal to obtain a request permission list request, and receiving an operation permission list returned by the target terminal; the operation authority list is used for limiting the operation authority of the request terminal in the target account; if the target terminal is not the terminal bound by the target account, acquiring a target administrator permission list corresponding to the terminal identifier of the target terminal in prestored administrator information; judging whether the target administrator permission list comprises a setting request terminal operation permission; if the target administrator permission list comprises the operation permission of the setting request terminal, sending an operation permission list acquisition request to the target terminal, and receiving an operation permission list returned by the target terminal; if the target administrator permission does not include the operation permission of the set request terminal, acquiring a pre-stored initial operation permission list, and limiting the operation permission of the request terminal in the target account according to the initial operation permission list or the operation permission list. It should be noted that the initial operation permission list is set according to personal requirements of an account owner when the account owner registers the account.
Preferably, in the embodiment of the present application, the password in the temporary password security module may automatically clear and force to log out the target account logged in by the request terminal when a certain time is reached or when the following conditions are met, which specifically includes: 1. the user main clicks the remote termination module of the mobile phone end; 2. an administrator who inputs the password remotely clicks the remote termination module of the mobile phone terminal; 3. multiple occurrences of behavior that exceeds permissions; 4. forbidding an external reading module to detect that multiple processes attempt to directly access the temporary password security module; 5. and the request terminal actively quits the current account.
Preferably, taking the action of requesting the terminal to exceed the authority for multiple occurrences as an example, the method includes:
judging whether the request terminal logs in the target account or not; if the request terminal logs in the target account, acquiring the authority used by the real-time operation of the request terminal; judging whether the authority used by the real-time operation of the request terminal accords with the operation authority set by the authority list or not; if the authority used by the real-time operation of the request terminal exceeds the operation authority set by the authority list, adding 1 to the number of times of the excess authority of the request terminal; judging whether the number of times of the over-right of the request terminal is greater than or equal to a preset number of times; and if the number of times of the exceeding right of the request terminal is more than or equal to the preset number of times, logging out the target account from the request terminal, and deleting the first password stored in the request terminal.
It should be noted that the preset number of times can be determined empirically by those skilled in the art. The requesting terminal has a behavior of exceeding the authority for many times, which means that the target account has a high risk of logging in at the requesting terminal and low security, and the target account which is forcibly logged out of the requesting terminal can further ensure the security of the target account. In the embodiment of the application, when the request terminal is forcibly logged out, the login is limited and the request terminal is pulled into the blacklist, the request terminal can request sharing again only by actively moving the request terminal out of the blacklist by the account owner, and the target account is logged in after verification.
Preferably, taking an account number master clicking a remote termination module at a mobile phone end or an administrator remotely inputting a password clicking the remote termination module at the mobile phone end as an example, the method further includes: judging whether the terminal identification of the target terminal is the same as the terminal identification corresponding to the terminal bound by the target account; if the terminal identification of the target terminal is different from the terminal identification corresponding to the terminal bound by the target account; judging whether a sharing stopping instruction is received or not; the sharing stopping instruction is generated by the target terminal or the terminal bound by the target account; and if the sharing stopping instruction is received, according to the target account number in the sharing stopping instruction and the terminal identification of the request terminal, logging out the target account number from the request terminal, and deleting the first password stored in the request terminal.
And when the terminal identifier of the target terminal is the terminal identifier corresponding to the terminal bound by the target account, only the target terminal can generate a sharing stop instruction, and when the terminal identifier of the target terminal is the terminal identifier corresponding to the administrator terminal of the target account, both the target terminal and the terminal bound by the target account can generate the sharing stop instruction.
Preferably, taking as an example that the external reading module is prohibited from detecting multiple attempts of directly accessing the temporary cryptographic security module by a process, the method further includes: judging whether alarm information sent by an external reading module in the request terminal is received or not; and if the alarm information is received, logging out the target account from the request terminal, and deleting the first password stored in the request terminal.
It should be noted that the external read module is disabled: the module can be embedded into a request terminal to supervise and forbid the actions of other processes in the user terminal for reading the password from the temporary password security module in real time. When the external reading module is prohibited from detecting that the temporary password security module is directly accessed by multiple processes, alarm information is sent to the server, and the alarm information is used for indicating that the number of times that the request terminal accesses the temporary password security module by the processes reaches a threshold value, so that the password security is low. The threshold value may be determined empirically by one skilled in the art.
Preferably, in the embodiment of the present application, the operation of the request terminal and the portrait video data of the request terminal may also be monitored, specifically, the portrait video data of the request terminal may be generated by recording the whole course of the face of the user used by the request terminal through a real-time recording module in the request terminal, where the real-time recording module may be a front-facing camera; recording all mobile phone screen operation behaviors of a user using the request terminal in a state that the request terminal logs in a target account through a mobile phone screen recording module in the request terminal, and generating operation screen recording data of the request terminal; and then the request terminal sends the portrait video data of the request terminal and the operation screen recording data of the request terminal to a target terminal through a 5G message module, if the target terminal is not a terminal bound by a target account, namely not a terminal of an account owner, the portrait video data of the request terminal and the operation screen recording data of the request terminal are sent to the target terminal and the terminal of the account owner at the same time, and after the portrait video data of the request terminal and the operation screen recording data of the request terminal are received by the target terminal or the target terminal and the terminal of the account owner through the 5G message module, the received portrait video data of the request terminal and the received operation screen recording data of the request terminal are spliced into video data through a message reading module, and then the spliced video data are played through a front-end display module of the target terminal.
According to the account sharing method in the embodiment of the application, after an account sharing request of a request terminal is received, a password request message is generated and sent to a target terminal to obtain a password, wherein the current user information of the target terminal is collected and verified to ensure the reliability of a current user of the target terminal, the password input by the target terminal is obtained, after the password input by the target terminal is verified successfully, the target account is directly authorized to log in the request terminal, the password is sent to a temporary password security module of the request terminal to be stored, the password does not need to be input by the request terminal, account sharing is realized in a mode that the password is remotely input by the target terminal, the password is prevented from being disclosed to the user requesting account sharing, the password does not need to be repeatedly changed, the face information of the user of the target terminal is collected for further verification, and the security and the convenience when the user shares the account are improved.
Referring to fig. 2, based on an account sharing method in the foregoing embodiment, the account sharing method is implemented by an account sharing system in the embodiment of the present application, where the account sharing system in the embodiment of the present application includes:
a first obtaining module 10, configured to obtain an account sharing request; the account number sharing request is sent by a request terminal; the account sharing request comprises: the method comprises the steps that a target account and a terminal identification of a target terminal are obtained;
the request generation module 20 is configured to obtain pre-stored standard face information of the target account, and generate a password request message according to the target account and the standard face information of the target account;
a first sending module 30, configured to send the password request message to the target terminal according to the terminal identifier of the target terminal;
a second obtaining module 40, configured to obtain a face recognition result generated by the target terminal according to the password request message, where the face recognition result includes: the user face information acquired by the target terminal is the same as the standard face information of the target account, or the user face information acquired by the target terminal is different from the standard face information of the target account; if the face recognition result is that the user face information acquired by the target terminal is the same as the standard face information of the target account, acquiring password information sent by the target terminal;
the judging module 50 is configured to judge whether a first password in the password information is the same as a preset password;
and a second sending module 60, configured to authorize the target account to log in the request terminal if the first password is the same as the preset password, and send the first password to a temporary password security module of the request terminal for storage.
Preferably, the judging module is further configured to judge whether the terminal identifier of the target terminal is the same as a pre-stored terminal identifier; the pre-stored terminal identification comprises: a terminal identification corresponding to a terminal bound by the target account and a terminal identification corresponding to an administrator terminal of the target account;
if the terminal identification of the target terminal is the same as the pre-stored terminal identification, the request generation module executes the obtaining of the pre-stored standard face information of the target account, and generates a password request message according to the target account and the standard face information of the target account.
Preferably, the account sharing system further comprises an encryption module;
the password information comprises a first password, a random parameter c, a random parameter d and user face information collected by the target terminal, and the system further comprises:
the encryption module is used for generating user face feature data according to the user face information and determining user face feature data a and user face feature data b from the user face feature data; encrypting the first password by using a preset encryption algorithm to obtain an encrypted first password Z; wherein, Z is the encrypted first password, e is the base number of the natural logarithm, and f is a random number;
the second sending module is specifically configured to send the encrypted first password to the request terminal.
Preferably, the account sharing system further comprises an administrator information management module;
the second acquisition module is also used for acquiring an administrator information editing instruction sent by the terminal bound by the target account;
the administrator information management module is configured to update administrator information of the target account according to the target account and the editing content in the administrator information editing instruction, where the editing content in the administrator information editing instruction includes: adding or deleting by an administrator and setting the authority of the administrator.
Preferably, if the first password is the same as the preset password, the judging module in the system is further configured to judge whether the target terminal is a terminal bound to the target account according to the terminal identifier of the target terminal;
the first sending module is further configured to send an operation permission list obtaining request to the target terminal if the target terminal is a terminal bound to the target account;
the second acquisition module is also used for receiving the operation authority list returned by the target terminal; the operation authority list is used for limiting the operation authority of the request terminal in the target account;
a third obtaining module, configured to obtain a target administrator permission list corresponding to a terminal identifier of the target terminal in the prestored administrator information if the target terminal is not a terminal bound to the target account;
the judging module is also used for judging whether the target administrator permission list comprises the operation permission of the setting request terminal;
the first sending module is further used for sending an operation authority list obtaining request to the target terminal if the target administrator authority list comprises a setting request terminal operation authority;
the second acquisition module is also used for receiving the operation authority list returned by the target terminal;
the third acquisition module is also used for acquiring a pre-stored initial operation permission list if the target administrator permission does not comprise the setting request terminal operation permission;
and the authority monitoring module is used for limiting the operation authority of the request terminal in the target account according to the initial operation authority list or the operation authority list.
The system comprises a judging module and a judging module, wherein the judging module is also used for judging whether the request terminal logs in the target account;
the authority monitoring module is used for acquiring the authority used by the real-time operation of the request terminal if the request terminal logs in the target account;
the judging module is also used for judging whether the authority used by the real-time operation of the request terminal accords with the operation authority set by the authority list;
the authority monitoring module is also used for adding 1 to the number of the over-rights of the request terminal if the authority used by the real-time operation of the request terminal exceeds the operation authority set by the authority list;
the judging module is also used for judging whether the number of the over-rights times of the request terminal is more than or equal to the preset number of times;
and the termination module is used for logging out the target account from the request terminal and deleting the first password stored in the request terminal if the number of times of the over-rights of the request terminal is greater than or equal to the preset number of times.
Preferably, the determining module is further configured to determine whether the terminal identifier of the target terminal is the same as the terminal identifier corresponding to the terminal bound to the target account; if the terminal identification of the target terminal is different from the terminal identification corresponding to the terminal bound by the target account; judging whether a sharing stopping instruction is received or not; the sharing stopping instruction is generated by the target terminal or the terminal bound by the target account;
the second obtaining module is further configured to receive a sharing stop instruction.
And the pause module is used for quitting the target account from the request terminal according to the target account in the sharing stop instruction and the terminal identification of the request terminal and deleting the first password stored in the request terminal if the sharing stop instruction is received.
According to the account sharing system in the embodiment of the application, after an account sharing request of a request terminal is received, a password request message is generated and sent to a target terminal to obtain a password, wherein the current user information of the target terminal is collected and verified to ensure the reliability of a current user of the target terminal, the password input by the target terminal is obtained, after the password input by the target terminal is verified successfully, the target account is directly authorized to log in on the request terminal, the password is sent to a temporary password security module of the request terminal to be stored, the password does not need to be input by the request terminal, account sharing is realized by means of remote password input by the target terminal, the password is prevented from being disclosed to the user requesting account sharing, the password does not need to be changed repeatedly, the face information of the user of the target terminal is collected for further verification, and the security and the convenience when the user shares the account are improved.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. An account sharing method, characterized in that the method comprises:
acquiring an account number sharing request; the account number sharing request is sent by a request terminal; the account sharing request comprises: the method comprises the steps that a target account and a terminal identification of a target terminal are obtained;
acquiring pre-stored standard face information of the target account, and generating a password request message according to the target account and the standard face information of the target account;
sending the password request message to the target terminal according to the terminal identification of the target terminal;
acquiring a face recognition result generated by the target terminal according to the password request message, wherein the face recognition result comprises: the user face information acquired by the target terminal is the same as the standard face information of the target account, or the user face information acquired by the target terminal is different from the standard face information of the target account;
if the face recognition result is that the user face information acquired by the target terminal is the same as the standard face information of the target account, acquiring password information sent by the target terminal;
judging whether a first password in the password information is the same as a preset password or not;
and if the first password is the same as the preset password, authorizing the target account to log in the request terminal, and sending the first password to a temporary password security module of the request terminal for storage.
2. The method of claim 1, wherein prior to the generating a password request message based on the target account number, the method further comprises:
judging whether the terminal identification of the target terminal is the same as the pre-stored terminal identification or not; the pre-stored terminal identification comprises: a terminal identification corresponding to a terminal bound by the target account and a terminal identification corresponding to an administrator terminal of the target account;
and if the terminal identification of the target terminal is the same as the pre-stored terminal identification, executing the step of acquiring the pre-stored standard face information of the target account, and generating a password request message according to the target account and the standard face information of the target account.
3. The method of claim 1, wherein the password information includes a first password, a random parameter c, a random parameter d, and user face information collected by the target terminal, and after the first password is determined to be the same as the preset password, the method further includes:
generating user face feature data according to the user face information, and determining user face feature data a and user face feature data b from the user face feature data;
using a predetermined encryption algorithm Z = (a x b-c x d) e f Encrypting the first password to obtain an encrypted first password Z; wherein, Z is the encrypted first password, e is the base number of the natural logarithm, and f is a random number;
the sending the first password to the requesting terminal includes: and sending the encrypted first password to the request terminal.
4. The method of claim 2, further comprising:
acquiring an administrator information editing instruction sent by a terminal bound with the target account;
updating the administrator information of the target account according to the target account and the editing content in the administrator information editing instruction, wherein the editing content in the administrator information editing instruction comprises: adding or deleting by an administrator and setting the authority of the administrator.
5. The method of claim 2, wherein if the first password is the same as the predetermined password, the method further comprises:
judging whether the target terminal is a terminal bound by the target account or not according to the terminal identifier of the target terminal;
if the target terminal is a terminal bound by the target account, sending an operation authority list acquisition request to the target terminal, and receiving an operation authority list returned by the target terminal; the operation authority list is used for limiting the operation authority of the request terminal in the target account;
if the target terminal is not the terminal bound by the target account, acquiring a target administrator permission list corresponding to the terminal identifier of the target terminal in prestored administrator information;
judging whether the target administrator permission list comprises a setting request terminal operation permission or not;
if the target administrator permission list comprises the operation permission of the setting request terminal, sending an operation permission list acquisition request to the target terminal, and receiving an operation permission list returned by the target terminal;
if the target administrator permission does not include the operation permission of the setting request terminal, acquiring a pre-stored initial operation permission list;
and limiting the operation authority of the request terminal in the target account according to the initial operation authority list or the operation authority list.
6. The method of claim 5, further comprising:
judging whether the request terminal logs in the target account or not;
if the request terminal logs in the target account, acquiring the authority used by the real-time operation of the request terminal;
judging whether the authority used by the real-time operation of the request terminal accords with the operation authority set by the authority list or not;
if the authority used by the real-time operation of the request terminal exceeds the operation authority set by the authority list, adding 1 to the number of the over-authority times of the request terminal;
judging whether the number of times of the request terminal over-right is greater than or equal to a preset number of times;
and if the number of the over-rights times of the request terminal is greater than or equal to the preset number, logging out the target account from the request terminal, and deleting the first password stored in the request terminal.
7. The method of claim 1, further comprising:
judging whether the terminal identification of the target terminal is the same as the terminal identification corresponding to the terminal bound by the target account;
if the terminal identification of the target terminal is different from the terminal identification corresponding to the terminal bound by the target account number; judging whether a sharing stopping instruction is received or not; the sharing stopping instruction is generated by the target terminal or the terminal bound by the target account;
and if the sharing stopping instruction is received, logging out the target account from the request terminal according to the target account in the sharing stopping instruction and the terminal identification of the request terminal, and deleting the first password stored in the request terminal.
8. An account sharing system, the system comprising:
the first acquisition module is used for acquiring an account number sharing request; the account number sharing request is sent by a request terminal; the account sharing request comprises: the method comprises the steps that a target account and a terminal identification of a target terminal are obtained;
the request generation module is used for acquiring the pre-stored standard face information of the target account and generating a password request message according to the target account and the standard face information of the target account;
the first sending module is used for sending the password request message to the target terminal according to the terminal identification of the target terminal;
a second obtaining module, configured to obtain a face recognition result generated by the target terminal according to the password request message, where the face recognition result includes: the user face information acquired by the target terminal is the same as the standard face information of the target account, or the user face information acquired by the target terminal is different from the standard face information of the target account; if the face recognition result is that the user face information acquired by the target terminal is the same as the standard face information of the target account, acquiring password information sent by the target terminal;
the judgment module is used for judging whether a first password in the password information is the same as a preset password;
and the second sending module is used for authorizing the target account to log in the request terminal if the first password is the same as the preset password, and sending the first password to the temporary password security module of the request terminal for storage.
9. The system according to claim 8, wherein the determining module is further configured to determine whether the terminal identifier of the target terminal is the same as a pre-stored terminal identifier; the pre-stored terminal identification comprises: a terminal identification corresponding to a terminal bound by the target account and a terminal identification corresponding to an administrator terminal of the target account;
and if the terminal identification of the target terminal is the same as the pre-stored terminal identification, the request generation module executes the acquisition of the pre-stored standard face information of the target account, and generates a password request message according to the target account and the standard face information of the target account.
10. The system of claim 8, wherein the password information includes a first password, a random parameter c, a random parameter d, and user face information collected by the target terminal, and the system further includes:
the encryption module is used for generating user face feature data according to the user face information and determining user face feature data a and user face feature data b from the user face feature data; using a predetermined encryption algorithm Z = (a x b-c x d) e f Encrypting the first password to obtain an encrypted first password Z; wherein, Z is the encrypted first password, e is the base number of the natural logarithm, and f is a random number;
the second sending module is specifically configured to send the encrypted first password to the request terminal.
CN202210994273.7A 2022-08-18 2022-08-18 Account number sharing method and system Pending CN115378692A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210994273.7A CN115378692A (en) 2022-08-18 2022-08-18 Account number sharing method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210994273.7A CN115378692A (en) 2022-08-18 2022-08-18 Account number sharing method and system

Publications (1)

Publication Number Publication Date
CN115378692A true CN115378692A (en) 2022-11-22

Family

ID=84066581

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210994273.7A Pending CN115378692A (en) 2022-08-18 2022-08-18 Account number sharing method and system

Country Status (1)

Country Link
CN (1) CN115378692A (en)

Similar Documents

Publication Publication Date Title
CN110162936B (en) Software content use authorization method
KR101718277B1 (en) Supervised online identity
CN107251035B (en) Account recovery protocol
US8850558B2 (en) Controlling access to a process using a separate hardware device
CN111064757B (en) Application access method and device, electronic equipment and storage medium
WO2019079928A1 (en) Access token management method, terminal and server
CN107103245B (en) File authority management method and device
JP2009524165A (en) Network security system and method
EP3579595B1 (en) Improved system and method for internet access age-verification
CN111275419A (en) Block chain wallet signature right confirming method, device and system
CN111222167A (en) Private data access method based on block chain and explicit authorization mechanism
CN108280369A (en) Cloud document offline access system, intelligent terminal and method
TW201544983A (en) Data communication method and system, client terminal and server
KR101651563B1 (en) Using history-based authentication code management system and method thereof
CN115547441B (en) Safety acquisition method and system based on personal health medical data
CN111417122A (en) Attack prevention method and device
CN115473655B (en) Terminal authentication method, device and storage medium for access network
JP7079528B2 (en) Service provision system and service provision method
US11539697B1 (en) Method for controlling access to computer resources utilizing user device fingerprints
CN115378692A (en) Account number sharing method and system
CN112084485B (en) Data acquisition method, device, equipment and computer storage medium
US20080022004A1 (en) Method And System For Providing Resources By Using Virtual Path
JP2002245003A (en) Security enhancement system using one time url
CN104361269A (en) Access control method and device of access target in terminal
CN114422150B (en) Method for preventing passive deletion, client and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination