CN115622753A

CN115622753A - Data processing method, device and equipment and computer readable storage medium

Info

Publication number: CN115622753A
Application number: CN202211194697.1A
Authority: CN
Inventors: 蒋济舟; 孙长举; 廖晨; 程冉; 徐永太; 黄汉川; 李强; 陈明明; 康基鑫; 周畅; 高树旗; 孙佳慧; 杨洪平
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2022-03-30
Filing date: 2022-09-28
Publication date: 2023-01-17

Abstract

The embodiment of the application discloses a data processing method, a data processing device, data processing equipment and a computer readable storage medium. The method comprises the following steps: responding to the authorization operation of the target device, acquiring a uniform anonymous identifier of the target device, acquiring an account to be verified, determining the security level of the target device according to the account to be verified and the uniform anonymous identifier, and determining a human-computer verification strategy corresponding to the target device based on the security level of the target device. Therefore, in the account verification process, the security level of the target device can be determined based on the account to be verified and the uniform anonymous identifier, and different man-machine verification strategies are adopted for devices with different security levels, so that the account verification process is more flexible and convenient.

Description

Data processing method, device, equipment and computer readable storage medium

Technical Field

The present application relates to the field of computer technologies, and in particular, to a data processing method, apparatus, device, and computer readable storage medium.

Background

With the continuous development of computer technology, the use of applications and websites has become an indispensable part of people's lives. When an object uses an application or accesses a website, it is usually necessary to obtain the full functionality of the application or the website by logging into an account. In practical applications, a malicious node may request login in multiple applications or websites using another-person accounts (e.g., a mobile phone number), which may cause the others to be disturbed by authentication information (e.g., the mobile phone number is "bombed by short messages"). In practice, in order to improve the above situation, an application program operator or a website operator usually checks whether a current device is a malicious node (e.g., checks whether the current device is a batch machine behavior) through a turing test before performing account verification, which makes the account verification process cumbersome.

Disclosure of Invention

Embodiments of the present invention provide a data processing method, apparatus, device, and computer-readable storage medium, which can make an account verification process more flexible and convenient.

In one aspect, an embodiment of the present application provides a data processing method, including:

responding to the authorization operation of the target equipment, and acquiring a uniform anonymous identifier of the target equipment;

acquiring an account to be verified, wherein the account to be verified is used for requesting to log in a website or an application program;

determining the security level of the target device according to the account to be verified and the uniform anonymous identifier;

and determining a man-machine verification strategy corresponding to the target equipment based on the security level of the target equipment.

In one aspect, an embodiment of the present application provides a data processing apparatus, including:

an acquisition unit, configured to acquire a uniform anonymous identifier of a target device in response to an authorized operation of the target device; the account to be verified is used for requesting to log in a website or an application program;

the processing unit is used for determining the security level of the target equipment according to the account to be verified and the uniform anonymous identifier; and the system is used for determining a man-machine verification strategy corresponding to the target equipment based on the security level of the target equipment.

In one embodiment, the processing unit is configured to determine, according to the account to be authenticated and the uniform anonymous identifier, a security level of the target device, and specifically is configured to:

determining the credibility of the target equipment according to the account to be verified and the uniform anonymous identifier;

determining a security level of the target device based on the trustworthiness of the target device;

wherein the trustworthiness of the target device is derived from one or more of: the method comprises the steps of obtaining an account verification result associated with an account to be verified and a uniform anonymous identifier, a man-machine verification result associated with the account to be verified and the uniform anonymous identifier, a network parameter associated with the account to be verified and the uniform anonymous identifier, an account verification mode associated with the account to be verified and the uniform anonymous identifier, a scene environment parameter associated with the account to be verified and the uniform anonymous identifier, and account verification or man-machine verification initiation time associated with the account to be verified and the uniform anonymous identifier.

if the association record of the uniform anonymous identifier exists in the target database or the block chain network, determining the security level of the target equipment according to the association record;

and if the association record of the uniform anonymous identifier does not exist in the target database or the block chain network, determining the security level of the target device as a first security level.

In one embodiment, the association record of the uniform anonymous identifier includes one or more accounts associated with the uniform anonymous identifier, and an account verification result for each account; the processing unit is configured to determine a security level of the target device according to the association record, and specifically configured to:

if the account to be verified is matched with the target account associated with the uniform anonymous identifier, determining the security level of the target device according to the account verification result of the target account;

if the account to be verified is not matched with one or more accounts associated with the uniform anonymous identifier, determining the security level of the target device as a second security level;

the second security level is different from the man-machine verification strategy corresponding to the first security level.

In one embodiment, the associated record of the uniform anonymous identifier further includes an account verification means for each account; the processing unit is configured to determine a security level of the target device according to an account verification result of the target account, and specifically configured to:

if the account verification result of the target account is passed, determining the security level of the target equipment according to the account verification mode of the target account;

if the account verification result of the target account is not passed, determining the security level of the target device as a third security level;

the first security level, the second security level and the third security level are different from each other.

In one embodiment, the account verification mode comprises a short message verification mode and a one-key login mode; the processing unit is configured to determine a security level of the target device according to an account verification manner of the target account, and specifically is configured to:

if the verification mode of the target account is a short message verification mode, determining the security level of the target equipment as a fourth security level;

if the verification mode of the target account is a one-key login mode, determining the security level of the target equipment as a fifth security level;

the first security level, the second security level, the third security level, the fourth security level and the fifth security level are different from each other.

In one embodiment, the processing unit is further configured to:

acquiring an account verification mode of an account to be verified, and acquiring an account verification result of the account to be verified in the account verification mode;

and storing the uniform anonymous identifier, the account to be verified, the account verification mode of the account to be verified and the account verification result of the account to be verified in a target database or a block chain network in a correlation manner.

In one embodiment, the account verification mode of the account to be verified is a short message verification mode; the processing unit is configured to obtain an account verification result of the account to be verified in an account verification manner, and specifically configured to:

generating account verification information of the account to be verified, and returning the account verification information to the owner of the account to be verified;

acquiring account verification information provided by target equipment;

and if the account verification information is matched with the account verification information, judging that the account to be verified passes the account verification.

In an embodiment, the processing unit is configured to obtain a uniform anonymous identifier of the target device, and specifically is configured to:

acquiring a uniform anonymous identifier address provided by an identification service, and sending indication information to target equipment, wherein the indication information carries the uniform anonymous identifier address, and the indication information is used for indicating the target equipment to access the uniform anonymous identifier address through a cellular network;

acquiring encrypted data returned by the target equipment, wherein the encrypted data is obtained after the target equipment accesses the uniform anonymous identifier address through a cellular network;

and sending the encrypted data to the identification service, and acquiring a uniform anonymous identifier returned by the identification service, wherein the uniform anonymous identifier is obtained by the identification service through a token, and the token is obtained by decrypting the encrypted data.

In one embodiment, if the account to be authenticated is authenticated by the account, the processing unit is further configured to:

responding to the data management operation of the account to be verified, and backing up the target data indicated by the data management operation to the blockchain network;

processing the target data according to the data management operation;

the data management operation comprises a data deleting operation and an authorization canceling operation.

sending the account to be verified and the uniform anonymous identifier to a target database or a blockchain network;

obtaining a target database or a block chain network to return safety indication information, wherein the safety indication information is determined based on the correlation information of the account to be verified and the uniform anonymous identifier;

and determining the security level of the target equipment according to the security indication information.

obtaining account verification records associated with the uniform anonymous identifiers and verification records of the account to be verified;

respectively extracting features of the account verification record associated with the uniform anonymous identifier and the verification record of the account to be verified to obtain feature information of the account verification record associated with the uniform anonymous identifier and feature information of the verification record of the account to be verified;

and determining the security level of the target equipment according to the characteristic information of the account verification record associated with the uniform anonymous identifier and the characteristic information of the verification record of the account to be verified.

In one embodiment, the characteristic information of the verification record of the account to be verified comprises at least one of the following: checking times of the account to be verified in a first period of time, and the number of the unified anonymous identifiers associated with the account to be verified in the first period of time;

the characteristic information of the account check record associated with the uniform anonymous identifier comprises at least one of the following items: and the verification success rate corresponding to the uniform anonymous identifier and the account number associated with the uniform anonymous identifier in the second time period.

In one embodiment, the characteristic information of the verification record of the account to be verified comprises the verification times of the account to be verified in a first time period, and the characteristic information of the account verification record associated with the uniform anonymous identifier comprises the verification success rate corresponding to the uniform anonymous identifier;

the processing unit is configured to determine a security level of the target device according to the feature information of the account verification record and the feature information of the verification record of the account to be verified in the first time period, and specifically configured to:

if the verification success rate corresponding to the uniform anonymous identifier is less than or equal to a success rate threshold value, and the verification times of the account to be verified in the first time period are greater than or equal to a time threshold value, determining the security level of the target device as a first security level;

if the verification success rate corresponding to the uniform anonymous identifier is less than or equal to the success rate threshold value and the verification times of the account to be verified in the first time period are less than the time threshold value, determining the security level of the target device as a second security level;

if the verification success rate corresponding to the uniform anonymous identifier is greater than the success rate threshold value and the verification times of the account to be verified in the first time period are greater than or equal to the time threshold value, determining the security level of the target device as a third security level;

and if the verification success rate corresponding to the uniform anonymous identifier is greater than the success rate threshold value and the verification times of the account to be verified in the first period of time are less than the time threshold value, determining the security level of the target device as a fourth security level.

In one embodiment, the characteristic information of the verification record of the account to be verified comprises the verification times of the account to be verified in a first time period, and the characteristic information of the account verification record associated with the uniform anonymous identifier comprises the account number associated with the uniform anonymous identifier in a second time period;

the processing unit is configured to determine a security level of the target device according to the feature information of the account verification record and the feature information of the verification record of the account to be verified in the first time period, and specifically is configured to:

if the number of the accounts associated with the uniform anonymous identifier in the second period is greater than or equal to a first number threshold value, and the checking times of the account to be verified in the first period are greater than or equal to a time threshold value, determining the security level of the target device as a first security level;

if the number of the accounts associated with the uniform anonymous identifier in the second time period is larger than or equal to the first number threshold value, and the checking times of the account to be verified in the first time period are smaller than the time threshold value, determining the security level of the target device as a second security level;

if the number of the accounts associated with the uniform anonymous identifier in the second period is smaller than the first number threshold, and the checking times of the account to be verified in the first period are larger than or equal to the time threshold, determining the security level of the target device as a third security level;

and if the number of the accounts associated with the uniform anonymous identifier in the second time period is smaller than the first number threshold, and the number of times of verification of the account to be verified in the first time period is smaller than the number threshold, determining the security level of the target device as a fourth security level.

In one embodiment, the characteristic information of the verification record of the account to be verified comprises the number of the unified anonymous identifiers associated with the account to be verified in the first time period, and the characteristic information of the account verification record associated with the unified anonymous identifiers comprises the verification success rate corresponding to the unified anonymous identifiers;

if the verification success rate corresponding to the uniform anonymous identifiers is less than or equal to a success rate threshold value, and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is greater than or equal to a second number threshold value, determining the security level of the target device as a first security level;

if the verification success rate corresponding to the uniform anonymous identifier is less than or equal to the success rate threshold value, and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is less than a second number threshold value, determining the security level of the target device as a second security level;

if the verification success rate corresponding to the uniform anonymous identifiers is greater than the success rate threshold value, and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is greater than or equal to the second number threshold value, determining the security level of the target device as a third security level;

and if the verification success rate corresponding to the uniform anonymous identifiers is greater than the success rate threshold value and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is less than the second number threshold value, determining the security level of the target device as a fourth security level.

In one embodiment, the characteristic information of the verification record of the account to be verified comprises the number of the unified anonymous identifiers associated with the account to be verified in a first time period, and the characteristic information of the account check record associated with the unified anonymous identifiers comprises the number of the accounts associated with the unified anonymous identifiers in a second time period;

if the number of the accounts associated with the uniform anonymous identifiers in the second time period is larger than or equal to a first number threshold value, and the number of the uniform anonymous identifiers associated with the accounts to be verified in the first time period is larger than or equal to a second number threshold value, determining the security level of the target device as a first security level;

if the number of the accounts associated with the uniform anonymous identifiers in the second time period is larger than or equal to the first number threshold value, and the number of the uniform anonymous identifiers associated with the accounts to be verified in the first time period is smaller than the second number threshold value, determining the security level of the target device as a second security level;

if the number of the accounts associated with the uniform anonymous identifiers in the second time period is smaller than the first number threshold, and the number of the uniform anonymous identifiers associated with the accounts to be verified in the first time period is larger than or equal to the second number threshold, determining the security level of the target device as a third security level;

and if the number of the accounts associated with the uniform anonymous identifiers in the second time period is smaller than the first number threshold value, and the number of the uniform anonymous identifiers associated with the accounts to be verified in the first time period is smaller than the second number threshold value, determining the security level of the target device as a fourth security level.

In one embodiment, the feature information of the verification record of the account to be verified comprises the verification times of the account to be verified in the first time period; if the unified anonymous identifier is not associated with an account verification record, the processing unit is configured to determine a security level of the target device according to the feature information of the account verification record and the feature information of the verification record of the account to be verified in the first time period, and specifically configured to:

determining a range to which the security level of the target device belongs as a target range;

if the verification record of the account to be verified in the first time period is larger than or equal to the threshold of times, determining the security level of the target device as a first security level;

if the verification record of the account to be verified in the first time period is smaller than the time threshold, determining the security level of the target device as a second security level;

wherein the first security level and the second security level belong to a target range.

In one embodiment, the characteristic information of the authentication record of the account to be authenticated comprises the number of uniform anonymous identifiers associated with the account to be authenticated within a first time period; if the unified anonymous identifier is not associated with an account verification record, the processing unit is configured to determine a security level of the target device according to the feature information of the account verification record and the feature information of the verification record of the account to be verified in the first time period, and specifically configured to:

if the number of the unified anonymous identifiers associated with the account to be verified in the first time period is larger than or equal to a second number threshold, determining the security level of the target device as a first security level;

if the number of the unified anonymous identifiers associated with the account to be verified in the first time period is smaller than a second number threshold, determining the security level of the target device as a second security level;

In one embodiment, the processing unit is further configured to:

if the fact that the illegal behavior exists after the account to be verified passes verification is detected, a user identification card bound with the uniform anonymous identifier corresponding to the account to be verified is obtained from a provider of the uniform anonymous identifier;

and executing punishment processing on the user identification card or the user of the user identification card according to a processing rule corresponding to the illegal action.

responding to the notification management operation of the account to be verified, and updating a notification receiver corresponding to the account to be verified based on the notification management operation; and the number of the first and second groups,

when detecting that the account to be verified meets the notification condition, sending a notification to a notification receiver corresponding to the account to be verified;

wherein the notification comprises at least one of: account login notification, account exception notification, and account operation notification.

Accordingly, the present application provides a computer device comprising:

a memory having a computer program stored therein;

and the processor is used for loading a computer program to realize the data processing method.

Accordingly, the present application provides a computer readable storage medium having stored thereon a computer program adapted to be loaded by a processor and to execute the above-mentioned data processing method.

Accordingly, the present application provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the data processing method.

In the embodiment of the application, in response to an authorization operation of the target device, a uniform anonymous identifier of the target device is obtained, an account to be verified is obtained, the security level of the target device is determined according to the account to be verified and the uniform anonymous identifier, and a man-machine verification strategy corresponding to the target device is determined based on the security level of the target device. Therefore, in the account verification process, the security level of the target device can be determined based on the account to be verified and the uniform anonymous identifier, and different man-machine verification strategies are adopted for devices with different security levels, so that the account verification process is more flexible and convenient.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.

Fig. 1a is a schematic structural diagram of a data sharing system according to an embodiment of the present application;

fig. 1b is a schematic structural diagram of a block chain according to an embodiment of the present disclosure;

fig. 1c is a schematic flow chart of block generation according to an embodiment of the present disclosure;

FIG. 1d is an architecture diagram of a data processing system according to an embodiment of the present application;

fig. 1e is a schematic diagram of an interaction principle of a data processing scheme provided in an embodiment of the present application;

fig. 2 is a flowchart of a data processing method according to an embodiment of the present application;

fig. 3a is a schematic view of a landing page provided in the embodiment of the present application;

FIG. 3b is a schematic view of another landing page provided in the embodiments of the present application;

FIG. 4 is a flow chart of another data processing method provided by the embodiments of the present application;

fig. 5 is a flowchart of obtaining a uniform anonymous identifier of a target device according to an embodiment of the present application;

fig. 6 is a flowchart of acquiring an account to be authenticated according to an embodiment of the present application;

fig. 7 is a block chain network according to an embodiment of the present disclosure;

fig. 8 is an interaction flowchart of a data processing method according to an embodiment of the present application;

fig. 9 is an interaction flowchart of another data processing method provided in the embodiment of the present application;

fig. 10 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application;

fig. 11 is a schematic structural diagram of a computer device according to an embodiment of the present application;

fig. 12 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application;

fig. 13 is a schematic structural diagram of a computer device according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be described clearly and completely with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The embodiments of the present application relate to a blockchain technology, and the following briefly introduces terms and concepts related to the blockchain technology:

the block chain (Blockchain) is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. It is essentially a decentralized database, a string of data blocks associated by cryptography, each data block containing information of a batch of network transactions for verifying the validity (anti-counterfeiting) of the information and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer.

The blockchain network may be understood as a data sharing system 100, and the data sharing system 100 may refer to a system for performing data sharing between nodes, and an exemplary structure of the data sharing system 100 may be shown in fig. 1a; as shown in fig. 1a, the data sharing system 100 refers to a system for performing data sharing between nodes, the data sharing system may include a plurality of nodes 1001, and the plurality of nodes 1001 may refer to respective clients in the data sharing system. Each node 1001 may receive input information while performing normal operations and maintain shared data within the data sharing system based on the received input information. In order to ensure information intercommunication in the data sharing system, information connection can exist between each node in the data sharing system, and information transmission can be carried out between the nodes through the information connection. For example, when any node in the data sharing system receives input information, other nodes in the data sharing system acquire the input information according to a consensus algorithm, and store the input information as data in shared data, so that the data stored on all nodes in the data sharing system are consistent.

Each node in the data sharing system has a node identifier corresponding thereto, and each node in the data sharing system may store a node identifier of another node in the data sharing system, so that the generated block is broadcast to the other node in the data sharing system according to the node identifier of the other node in the following. Each node may maintain a node identifier list as shown in the following table, and store the node name and the node identifier in the node identifier list correspondingly. The node identifier may be an IP (Internet Protocol ) address and any other information that can be used to identify the node; for example, the identifier of the node may also be a binary sequence code (e.g. 110001110), and table 1 only takes the IP address as an example for illustration:

TABLE 1

Node name	Node identification
		Node 1	117.114.151.174
Node 2	117.116.189.145
		…	…
Node X (X is positive integer)	xx.xxx.xxx.xxx

Each node in the data sharing system stores one identical blockchain. The block chain is composed of a plurality of blocks, referring to fig. 1b, the block chain is composed of a plurality of blocks, the starting block includes a block header and a block main body, the block header stores an input information characteristic value, a version number, a timestamp and a difficulty value, and the block main body stores input information; the next block of the starting block takes the starting block as a parent block, the next block also comprises a block head and a block main body, the block head stores the input information characteristic value of the current block, the block head characteristic value of the parent block, the version number, the timestamp and the difficulty value, and the like, so that the block data stored in each block in the block chain is associated with the block data stored in the parent block, and the safety of the input information in the block is ensured.

When each block in the block chain is generated, referring to fig. 1c, when the node where the block chain is located receives the input information, the input information is verified, after the verification is completed, the input information is stored in the memory pool, and the hash tree for recording the input information is updated; and then, updating the updating time stamp to the time when the input information is received, trying different random numbers, and calculating the characteristic value for multiple times, so that the calculated characteristic value can meet the following formula:

SHA256(SHA256(version+prev_hash+merkle_root+ntime+nbits+x))<TARGET

wherein, SHA256 is a characteristic value algorithm used for calculating a characteristic value; version is version information of the relevant block protocol in the block chain; prev _ hash is a block head characteristic value of a parent block of the current block; merkle _ root is a characteristic value of the input information; ntime is the update time of the update timestamp; nbits is the current difficulty, is a fixed value within a period of time, and is determined again after exceeding a fixed time period; x is a random number; TARGET is a feature threshold, which can be determined from nbits.

Therefore, when the random number meeting the formula is obtained through calculation, the information can be correspondingly stored, and the block head and the block main body are generated to obtain the current block. And then, the node where the block chain is located broadcasts the newly generated block to other nodes in the data sharing system where the newly generated block is located according to the node identifiers of the other nodes in the data sharing system, the other nodes perform consensus check on the newly generated block, and the newly generated block is added to the block chain stored by the newly generated block after the consensus check is completed.

Furthermore, the present application also relates to: the International Mobile Equipment Identity (IMEI), i.e. a Mobile phone serial number and a Mobile phone "serial number", is used to identify each independent Mobile communication device, such as a Mobile phone, in a Mobile phone network. The IMEI has 15-17 digits in total, and the first 8 digits (TAC) are model approval numbers (6 digits in the early stage) for distinguishing the brands and models of the terminal equipment; then 2 bits (FAC) is the last assembly number (present only in earlier models), representing the final assembly code; the last 6 bits (SNR) are the string number, representing the production sequence number. The international mobile equipment identity is present in a memory of the terminal device.

A Mobile Equipment Identity (MEID), which is commonly used in CDMA (Code Division Multiple Access) devices, is an upgraded version of the ESN Code. The format is a 14-bit hexadecimal number.

The International Mobile Subscriber Identity (IMSI) is an Identity that does not repeat in all cellular networks, and is used to distinguish between different subscribers in a cellular network. The terminal device sends the IMSI to the cellular network in a 64-bit field. The IMSI may be used to query the information of an object in a Home Location Register (HLR) or a Visitor Location Register (VLR). In some cases, the communication between the handset and the network may use a randomly generated Temporary Mobile Subscriber Identity (TMSI) instead of the IMSI.

An advertisement Identifier (IDFA), which is a string of 16-ary 32-bit strings of numbers and letters that identify unique devices. Each device corresponds to one IDFA, and the result of obtaining the IDFA by different APPs on the same device is the same.

A Uniform Anonymous Identifier (UAID) is an Anonymous user identification service implemented based on IMEI and mobile phone number. In practical application, the IMEI and the IDFA are difficult to obtain and risk of being tampered, and the UAID can provide a more stable and unique device and object identifier for the service object.

Based on the above-mentioned block chain network structure related to the embodiment of the present application and the related introduction of the uniform anonymous identifier, the following nodes introduce the data processing scheme proposed by the embodiment of the present application based on the uniform anonymous identifier and the block chain network structure, so that the account verification process is more flexible and convenient. Referring to fig. 1d, fig. 1d is a diagram illustrating an architecture of a data processing system according to an embodiment of the present disclosure. As shown in fig. 1d, the processing system may comprise: a target device 101, a server 102, an identity provider 103, and a blockchain network 104. The data processing method provided by the embodiment of the application can be executed by the server 102. The target device 101 may include, but is not limited to: the smart phone (such as an Android phone, an IOS phone, etc.), a tablet computer, a portable personal computer, a Mobile Internet device (MID for short), a vehicle-mounted terminal, and other smart Devices having a display function, which are not limited in this embodiment of the present application. The server 102 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and an artificial intelligence platform, which is not limited in this embodiment of the present application. The identification provider 103 may specifically be an operator device. Optionally, the identity provider 103 may also be another provider (e.g., device manufacturer) for uniquely indicating the hardware identity of the target device, in which case the uniform anonymous identifier is replaced with the corresponding hardware identity (e.g., IMEI, IDFA, etc.).

It should be noted that, in fig. 1d, the target device 101, the server 102, the identity provider 103, and the blockchain network 104 may be directly or indirectly connected through wired communication or wireless communication, and the application is not limited herein. The number of target devices 101, servers 102, identity providers 103 is for example only and does not constitute a practical limitation of the present application; for example, target device 105, server 106, etc. may also be included in the data processing system.

It is understood that in the specific implementation of the present application, referring to obtaining the UAID of the target device, when the above embodiments of the present application are applied to specific products or technologies, corresponding data obtaining rights (such as authorization of the server 102 by an object) need to be obtained, and collection, use and processing of relevant data need to comply with relevant laws and regulations and standards of relevant countries and regions.

Fig. 1e is a schematic diagram of an interaction principle of a data processing scheme provided in an embodiment of the present application. As shown in fig. 1e, the general principle of the data processing scheme is as follows:

s101, when the object needs to log in the application program or the website, a login page is displayed in the target device 101, and the login page comprises an authorization rule description (such as authorizing the current application program or the website acquiring a uniform anonymous identifier of the target device). When the target device 101 detects an authorization operation of the object (e.g., the object has checked and agreed to authorize the current application program or the website), the target device 101 authorizes the server 102 corresponding to the current application program or the website.

S102, after obtaining the authorization, the server 102 sends an identifier obtaining request to the identifier provider 103. In the embodiment of the present application, taking a uniform anonymous identifier as an example for explanation, the server 102 sends a uniform anonymous identifier obtaining request to the identity provider 103 (such as an operator), where the request carries authorization information of the target device 101.

S103, after acquiring the identifier acquisition request sent by the server 102, the identifier provider 103 checks authorization information carried in the identifier acquisition request, and returns a uniform anonymous identifier of the target device 101. The server 102 obtains the uniform anonymous identifier of the target device 101.

S104, the server 102 obtains an account to be verified provided by the target device 101, where the account to be verified is used to log in an application program or a website corresponding to the server 102. The account to be verified may specifically be a mobile phone number of the object. In one embodiment, the account to be verified may be filled in by the object in the target device 101 and sent to the server 102, and in another embodiment, the account to be verified may be obtained by the server 102 through a number taking service after obtaining authorization.

S105, the server 102 sends the account to be verified provided by the target device 101 and the uniform anonymous identifier of the target device 101 to the blockchain network 104. Alternatively, the blockchain network 104 may be replaced by a target database, which may be hosted by the server 102 or maintained separately by a third party (e.g., a regulatory agency). In addition, the server 102 may also provide network parameters (such as a base station cell ID, geographic information, an IP address, and the like) of the target device, scene environment parameters (such as an identifier of an application program or an identifier of a website), an account verification method, a human-machine verification result, and other security level reference information to the blockchain network 104.

S106, after acquiring the uniform anonymous identifier and the account to be verified sent by the server 102, the blockchain network 104 queries a record associated with the uniform anonymous identifier and the account to be verified in the blockchain network, and determines the security level of the target device 101 according to the associated record. In one embodiment, the association record includes: one or more accounts associated with the uniform anonymous identifier, and an account verification result for each account; an account verification mode for each account; account verification means may include, but are not limited to: short message verification mode, telephone voice verification code mode and one-key login mode. In addition, in the account verification process, biometric identification modes such as Turing test, human face and the like can be additionally carried out, and the setting can be specifically carried out according to actual requirements, and the method is not limited in this application. If the association record of the uniform anonymous identifier does not exist in the target database or the block chain network, determining the security level of the target equipment as a first security level; if the association record of the uniform anonymous identifier exists in the target database or the block chain network, and the account to be verified is not matched with one or more accounts associated with the uniform anonymous identifier, determining the security level of the target device as a second security level; if the account to be verified is matched with the target account associated with the uniform anonymous identifier and the account verification result of the target account is that the account does not pass, determining the security level of the target device as a third security level; if the account verification result of the target account is passed and the verification mode of the target account is a short message verification mode or a telephone voice verification mode, determining the security level of the target equipment as a fourth security level; and if the account verification result of the target account is that the account passes and the verification mode of the target account is a one-key login mode, determining the security level of the target device as a fifth security level. The first security level, the second security level, the third security level, the fourth security level and the fifth security level are different from each other.

S107, the server 102 obtains the security level of the target device 101 returned by the blockchain network 104, and determines a human-machine verification policy (such as the number of times of performing human-machine verification, a human-machine verification mode, and the like) corresponding to the target device 101 according to the security level.

Optionally, if the uniform anonymous identifier of the target device cannot be obtained (if the SIM card is not loaded in the target device, the UAID cannot be generated), determining the security level of the target device as a sixth security level; further, for a target device of the sixth security level, the human machine verification policy may be set to prohibit verification using the short message verification code, so as to reduce the risk of malicious attack (such as short message bombing) on the account to be verified, and the human machine verification policy that may be used includes, but is not limited to: code scanning verification and uplink short message verification (namely, actively sending a short message carrying the school information to the server).

Based on the above data processing scheme, the embodiments of the present application provide a more detailed data processing method, and the following describes the data processing method provided by the embodiments of the present application in detail with reference to the accompanying drawings.

Fig. 2 is a flowchart of a data processing method according to an embodiment of the present application. The data processing method may be executed by a computer device, which may specifically be the server 102 shown in fig. 1 d. As shown in fig. 2, the data processing method may include, but is not limited to, steps S201 to S204:

s201, responding to the authorization operation of the target device, and acquiring the uniform anonymous identifier of the target device.

The authorization operation of the target device is to grant the computer device the right to obtain a uniform anonymous identifier for the target device. After obtaining the authorization of the target device, the computer device obtains a uniform anonymous identifier of the target device, where the uniform anonymous identifier is used to uniquely identify the target device, and the uniform anonymous identifier is obtained based on the IMEI of the target device and an identifier (mobile phone number) corresponding to a Subscriber Identity Module (SIM) loaded in the target device.

Fig. 3a is a schematic view of a landing page according to an embodiment of the present application. As shown in fig. 3a, when an object needs to log in an application or a website, a target device displays a login page 301, where the login page 301 includes an authorization entry 3015, and the authorization entry 3015 is used to authorize the application or the website corresponding to the login page 301; when the authorization information (related rights and rules) carried in the authorization entry 3015 is confirmed (e.g., the object checks the authorization information carried in the authorization entry 3015), the application corresponding to the login page 301 or the website is granted a corresponding right (e.g., a right to obtain a uniform anonymous identifier of the target device). In addition, the login page 301 may further include an account input field 3011, a verification information input field 3012, a verification information acquisition entry 3013, and a login button 3014; the account input field 3011 is used to input an account, and the verification information input field 3012 is used to input verification information; the verification information obtaining entry 3013 is configured to obtain verification information (for example, send a verification code to a mobile phone number input in the account input field 3011); the login button 3014 is used to confirm information in the login page 301 and login.

Fig. 3b is a schematic view of another landing page provided in the embodiment of the present application. As shown in fig. 3a, the login page 302 includes an account to be authenticated display area 3021, a login button 3022, and an authorization entry 3023; the to-be-verified account display area 3021 is used for displaying an account that needs to be logged in with one key, where the account may be an account plaintext or an account mask, and the application does not limit this; it should be noted that the account in the to-be-verified account display area 3021 may be displayed after the computer device sends the account to the target device through the number obtaining service, or may be directly input in the target device by the object. The specific functions of the login button 3022 and the authorization portal 3023 in the login page 302 are similar to those of the page 301, and are not described in detail herein.

S202, obtaining the account to be verified.

The account to be authenticated is an account used by the object to request to log in to a web site, or an application. The account may specifically be a mobile phone number, a mailbox, a social application account, a network platform account, or the like. It should be noted that, based on the account to be verified, the "logged-in device" of the account (i.e., the device logged in historically) may be determined, and in the subsequent process of determining the security level of the target device, the computer device may determine the security level by combining the UAID and the "logged-in device" associated with the account to be verified; for example, if the account associated with the UAID recorded in the blockchain network includes an account to be authenticated, and the login result of the account to be authenticated is successful, and the "device that has logged in" associated with the account to be authenticated includes the target device, the computer device determines that the target device is authentic.

In one embodiment, the account to be authenticated is sent to the computer device by the target device. Specifically, the object may input an account to be verified in the account input field, and the target device sends the account to be verified to the computer device after acquiring the account to be verified input by the object.

In another embodiment, the account to be authenticated is obtained by the computer device through a number taking service after authorization is obtained.

S203, determining the security level of the target device according to the account to be verified and the uniform anonymous identifier.

The security level of the target device is used for indicating the security degree of the target device, the security degrees indicated by different security levels are different, and the security levels can be specifically set according to actual requirements, which is not limited in the present application.

The security level of the target device may be determined instantly based on the account to be verified, the uniform anonymous identifier, and the current status of the target device (such as network parameters, context parameters, and the like), may be determined by the computer device through full-scale calculation based on historical data associated with the account to be verified and the uniform anonymous identifier, or may be determined by the computer device through batch calculation based on a certain period of time (such as within 30 days), or when the amount of historical data associated with the account to be verified and the uniform anonymous identifier reaches a threshold value.

In one embodiment, a database is loaded on a computer device, and the computer device determines the credibility of a target device according to an account to be verified and a uniform anonymous identifier; determining the security level of the target equipment based on the credibility of the target equipment; wherein the trustworthiness of the target device is derived from one or more of: the account verification result (such as a success ratio) associated with the account to be verified and the uniform anonymous identifier, the ratio of security operation (such as password modification and the like) to non-security operation after the account to be verified is successfully verified, the human-computer verification result associated with the account to be verified and the uniform anonymous identifier, the network parameters (such as base station cell ID, geographic information, IP address and the like) associated with the account to be verified and the uniform anonymous identifier, the account verification mode associated with the account to be verified and the uniform anonymous identifier, the scene environment parameters (such as the identifier of an application program or the identifier of a website and the like) associated with the account to be verified and the uniform anonymous identifier, the verification initiation time of the account verification or the human-computer verification associated with the account to be verified and the uniform anonymous identifier, the account verification frequency associated with the account to be verified in unit time, the human-computer verification associated with the uniform identifier in unit time, and the like.

For example, if the geographic information associated with the account to be authenticated and the uniform anonymous identifier matches the geographic information of the target device, the computer device may set the trustworthiness of the target device to 80; if the geographic information associated with the account to be authenticated and the uniform anonymous identifier does not match the geographic information of the target device, the computer device may set the trustworthiness of the target device to 50. For another example, if the account authentication or the authentication initiation time of the human-machine verification associated with the account to be authenticated and the uniform anonymous identifier is less than the time threshold, the computer device may set the trustworthiness of the target device to 30; if the account authentication or human-machine verified authentication initiation time associated with the account to be authenticated and the unified anonymous identifier is greater than or equal to the time threshold, the computer device may set the trustworthiness of the target device to 70.

The specific implementation manner of the computer device determining the security level of the target device based on the credibility of the target device is as follows: determining the security level of the target equipment based on the value range of the credibility; for example, the trustworthiness [0, 20) corresponds to a first security level, the trustworthiness [20, 40) corresponds to a second security level, the trustworthiness [40, 60) corresponds to a third security level, the trustworthiness [60, 80) corresponds to a fourth security level, and the trustworthiness [80,100] corresponds to a fifth security level.

In another embodiment, the computer device sends the account to be authenticated and the uniform anonymous identifier to the target database, or blockchain network, and obtains the security level of the target device returned by the target database, or blockchain network. It should be noted that the target database or the blockchain network may directly return the security level of the target device to the computer device, or may also return security indication information of the target device to the computer device (for example, whether an account verification record matching the account to be verified and the uniform anonymous identifier exists, whether a human-computer verification record matching the account to be verified and the uniform anonymous identifier exists, or the like exists, or not), and the computer device determines the security level of the target device according to the security indication information of the target device. For the implementation of determining the security level of the target device based on the account to be verified and the uniform anonymous identifier in the target database or the blockchain network, reference may be made to the implementation of determining the security level of the target device based on the account to be verified and the uniform anonymous identifier in the previous implementation, which is not described herein again.

Optionally, the computer device may separately calculate the trustworthiness of the target device based on the account to be authenticated or based on the uniform anonymous identifier, and determine the security level of the target device according to the trustworthiness; for example, if a certain mobile phone number performs account verification on different devices for many times and the account verification fails, the owner of the mobile phone number may be bombed by a "short message"; for another example, if a device participates in account authentication for multiple mobile phone numbers and the account authentication fails, the device may be a malicious node (i.e., the computer device determines that the device has low trustworthiness).

S204, determining a man-machine verification strategy corresponding to the target equipment based on the security level of the target equipment.

The human-computer verification strategy can comprise a human-computer verification mode, human-computer verification times and the like, different security levels can correspond to the same or different human-computer verification strategies, and the human-computer verification strategy can be specifically set according to actual requirements, and the method is not limited in this application; for example, security level 1-security level 5 may correspond to human machine verification policy 1-human machine verification policy 5, respectively; for another example, among the security levels 1 to 5, the security level 1 and the security level 2 may correspond to the human verification policy 1, the security level 3 and the security level 4 may correspond to the human verification policy 2, and the security level 5 may correspond to the human verification policy 3.

Optionally, after determining the human-machine verification policy corresponding to the target device, the computer device may further perform auxiliary verification through one or more security verification methods, where the security verification method includes: short message verification, biometric (fingerprint, voice, face, etc.) verification, associated account auxiliary verification (such as auxiliary verification through a 'friend' account of the account to be verified, or auxiliary verification through other accounts bound to the account to be verified (such as a mailbox, a social account, etc.)), phone verification, password verification, and the like.

In the embodiment of the application, in response to an authorization operation of the target device, a unified anonymous identifier of the target device is obtained, an account to be verified is obtained, a security level of the target device is determined according to the account to be verified and the unified anonymous identifier, and a human-machine verification strategy corresponding to the target device is determined based on the security level of the target device. Therefore, in the account verification process, the security level of the target device can be determined based on the account to be verified and the uniform anonymous identifier, and different man-machine verification strategies are adopted for devices with different security levels, so that the account verification process is more flexible and convenient.

Fig. 4 is a flowchart of another data processing method according to an embodiment of the present application. The data processing method may be executed by a computer device, which may specifically be the server 102 shown in fig. 1 d. As shown in fig. 4, the data processing method may include, but is not limited to, steps S401 to S406:

s401, responding to the authorization operation of the target device, and acquiring the uniform anonymous identifier of the target device.

Fig. 5 is a flowchart for obtaining a uniform anonymous identifier of a target device according to an embodiment of the present disclosure. As shown in fig. 5, the process of obtaining the uniform anonymous identifier of the target device is as follows:

step S501-step S502: the target device obtains the appointed identification address (url address, namely the uniform anonymous identifier address) of the identification function from the identification service through the computer device (server); for example, the application program in the target device requests the central database through the server of the application program, or the station provides the identification service in the mobile phone verification to generate the identification address.

Step S503: the identification service generates an identification address which can carry an Advanced Encryption Standard (AES) and a signature of the identification service, and encrypts the AES and the signature of the identification service through an RSA public key of the operator gateway.

Step S504: the identification service returns the identification address to the target equipment; in another implementation, the identification service may return an identification address to the server, and the server sends to the target device indication information carrying the identification address (i.e., a uniform anonymous identifier address), which is used to indicate the target device to access the identification address through the cellular network.

Step S505: the target device is connected to the operator base station through the cellular data network according to the indication of the identification address, and the operator gateway identifies the service requirement through the identification address and records the uniform anonymous identifier of the target device.

Step S506: the operator gateway decrypts the encrypted data by a private key thereof to obtain an Advanced Encryption Standard (AES) and a signature of the identification service, and encrypts a first token (accessCode) by the AES to obtain first encrypted data.

Step S507-step S509: and the operator gateway returns the first encrypted data to the target equipment, and the target equipment returns the first encrypted data to the identification service through the server.

Step S510: the identification service decrypts the first encrypted data by AES to obtain a first token (accessCode).

Step S511: the identification service encrypts a first token (accessCode) through an RSA public key of the operator gateway to obtain an encrypted first token, and sends the encrypted first token to the operator gateway; for example, the identification service may send a uniform anonymous identifier acquisition request to the operator gateway, the uniform anonymous identifier acquisition request carrying the encrypted first token and a signature of the identification service.

Step S512: the operator gateway decrypts the encrypted first token (accessCode) and returns a uniform anonymous identifier to the identification service based on the first token (accessCode).

Step S513: the identification service returns a uniform anonymous identifier to the server, and the server can determine subsequent business processing logic according to self requirements.

It can be understood that, in the network interaction process of the above steps S501 to S513, the communication security is ensured by technical means such as session key + public-private key encryption transmission, IP locking, and the like.

S402, obtaining the account to be verified.

Fig. 6 is a flowchart of acquiring an account to be authenticated according to an embodiment of the present application. As shown in fig. 6, the process of acquiring the account to be verified is as follows:

step S601-step S602: target equipment obtains a number-taking address (url address) appointed by a number-taking function from a number-taking service through computer equipment (server); for example, an application program in the target device requests a central database through a server of the application program, or a station provides a number-taking service in a mobile phone verification to generate a number-taking address.

Step S603: the number taking service generates a number taking address which can carry an Advanced Encryption Standard (AES) and a signature of the number taking service, and encrypts the Advanced Encryption Standard (AES) and the signature of the number taking service through an RSA public key of an operator gateway.

Step S604: the number fetch service returns a number fetch address to the target device.

Step S605: the target equipment is connected to the operator base station through the cellular data network according to the indication of the number taking address, and the operator gateway identifies the service requirement through the number taking address and records the mobile phone number used for using the cellular data network in the target equipment.

Step S606: the operator gateway decrypts the data by using its own private key to obtain an Advanced Encryption Standard (AES) and a signature of the number fetching service, and encrypts a mask of the mobile phone number (for example, the mask of 13812341234 is 138xxxx 1234) and a second token (accessCode) by using the AES to obtain second encrypted data.

Step S607-step S609: and the operator gateway returns the second encrypted data to the target equipment, and the target equipment returns the second encrypted data to the number taking service through the server.

Optionally, the operator gateway may only return a determination result whether the mobile phone number corresponding to the SIM card loaded in the target device is consistent with the mobile phone number filled by the user.

Step S610: and the number taking service decrypts the second encrypted data through the AES to obtain a mask of the mobile phone number and a second token (accessCode).

Step S611: the target equipment receives a mask of the mobile phone number returned by the number taking service, and displays the mask to the object, and the object confirms whether the mask is the mobile phone number (namely the account to be verified) needing to be verified; if the mask code is not the mobile phone number needing to be verified, the object can input the account to be verified by itself and carry out account verification; if the mask code is the mobile phone number needing to be verified, the object can authorize the server to obtain the complete mobile phone number corresponding to the mask code through a confirmation operation (i.e. agrees to perform account verification by using the complete mobile phone number corresponding to the mask code).

Step S612 to step S613: and after obtaining the authorization of the target equipment, the server sends a mobile phone number obtaining request to the number obtaining service.

Step S614: the number taking service encrypts a second token (accessCode) through an RSA public key of the operator gateway to obtain an encrypted second token, and sends the encrypted second token to the operator gateway; for example, the number taking service may send a mobile phone number obtaining request to the operator gateway, where the mobile phone number obtaining request carries the encrypted second token and a signature of the number taking service.

Step S615: the operator gateway decrypts the encrypted second token (accessCode) and determines a complete mobile phone number according to the second token (accessCode).

Step S616: the operator gateway returns the complete mobile phone number to the number taking service.

Step S617: the number taking service returns the complete mobile phone number to the server after obtaining the complete mobile phone number, and the server can determine the subsequent service processing logic according to the self requirement.

It can be understood that, in the network interaction process from step S601 to step S617, the communication security is ensured by using the technical means of session key + public and private key encryption transmission, IP locking, and the like.

S403, determining the security level of the target device according to the account to be verified and the uniform anonymous identifier.

In one embodiment, the computer device searches a target database (such as a database carried by itself or a database maintained by a third party) or whether an association record of a uniform anonymous identifier exists in the blockchain network, and if the association record of the uniform anonymous identifier exists in the target database or the blockchain network, the computer device may determine the security level of the target device according to the association record; if no associated record of the uniform anonymous identifier exists in the target database or the blockchain network (i.e., no information associated with the uniform anonymous identifier exists), the computer device determines the security level of the target device as a first security level.

Further, when an association record of the uniform anonymous identifier exists in the target database or the blockchain network, the association record of the uniform anonymous identifier may include one or more accounts associated with the uniform anonymous identifier and an account verification result for each account. The computer device checks whether a target account matched with the account to be verified exists in the one or more accounts associated with the uniform anonymous identifier, and if the target account matched with the account to be verified exists in the one or more accounts associated with the uniform anonymous identifier (namely the account to be verified is matched with the target account associated with the uniform anonymous identifier), the computer device can determine the security level of the target device according to the account verification result of the target account; if there is no target account in the one or more accounts associated with the uniform anonymous identifier that matches the account to be authenticated (i.e., none of the account to be authenticated matches the one or more accounts associated with the uniform anonymous identifier), the computer device determines the security level of the target device as a second security level.

Further, when there is a target account matching the account to be verified in the one or more accounts associated with the uniform anonymous identifier, the association record of the uniform anonymous identifier may further include an account verification manner (e.g., short message verification manner, one-touch login manner, etc.) for each account. The specific way for the computer device to determine the security level of the target device according to the account verification result of the target account is as follows: if the account verification result of the target account is passed, the computer device may determine the security level of the target device according to the account verification manner of the target account; and if the account verification result of the target account is not passed, the computer equipment determines the security level of the target equipment as a third security level.

Still further, the account verification mode may include a short message verification mode and a one-key login mode, and the specific implementation manner of the computer device determining the security level of the target device according to the account verification mode of the target account is as follows: if the verification mode of the target account is the short message verification mode, the computer equipment determines the security level of the target equipment as a fourth security level; and if the verification mode of the target account is a one-key login mode, the computer equipment determines the security level of the target equipment as a fifth security level.

It should be noted that the first security level, the second security level, the third security level, the fourth security level and the fifth security level are different from each other.

S404, determining a man-machine verification strategy corresponding to the target equipment based on the security level of the target equipment.

The specific implementation of step S404 can refer to the implementation of step S204 in fig. 2, and is not repeated herein. Optionally, if the uniform anonymous identifier of the target device cannot be obtained (if the SIM card is not loaded in the target device, the UAID cannot be generated), determining the security level of the target device as a sixth security level; further, for a target device of the sixth security level, the human machine verification policy may be set to prohibit verification using the short message verification code, so as to reduce the risk of malicious attack (such as short message bombing) on the account to be verified, and the human machine verification policy that may be used includes, but is not limited to: code scanning verification and uplink short message verification (namely, a short message carrying the school information is actively sent to a server).

In one embodiment, if the human machine verification policy corresponding to the target device indicates that: and executing man-machine verification on the target equipment, and storing the unified anonymous identifier, the account to be verified and the man-machine verification result into a target database or a block chain network in a correlation manner by the computer equipment.

S405, obtaining an account verification mode of the account to be verified, and obtaining an account verification result of the account to be verified in the current account verification mode.

The account verification result is used for indicating whether the account to be verified passes the verification. In one embodiment, the account verification mode is a short message verification mode, and in response to a verification request of the target device (for example, after the target inputs the account to be verified in the account input field 3011 shown in fig. 3a, the target clicks the verification information acquisition entry 3013), the computer device generates account verification information of the account to be verified (for example, generates a short message verification code), and returns the account verification information to the owner of the account to be verified (for example, sends the short message verification code to the mobile phone number input by the target); the computer equipment acquires account verification information provided by the target equipment (for example, after the object receives a short message verification code through an input mobile phone number, the short message verification code is input in a verification information input field 3012); after the account verification information provided by the target device is acquired, the computer device compares the account verification information with the account verification information, and if the account verification information is matched with the account verification information, the computer device judges that the account to be verified passes account verification; correspondingly, if the account verification information and the account verification information do not match, the computer device determines that the account to be verified does not pass the account verification.

Further, in addition to recording relevant data (such as an account verification result, an account verification mode, a human-computer verification result, network parameters, and the like) of the target device in the account verification process, if the account to be verified passes the account verification, the computer device may also record an operation of the account that passes the verification.

After the account passes the verification, the object can inquire data (such as bound certificate information) related to the account, manage the account (such as deleting the data in the account, canceling authorization, unsubscribing, suspending receiving verification messages and the like), and manage a notification receiver corresponding to the account to be verified; for example, the object may set a notification recipient corresponding to the account to be authenticated through the account management page (e.g., enter a mobile phone number, a mailbox, etc. of the notification recipient). Further, when the computer device detects that the account to be verified meets the notification condition (for example, the account to be verified fails to be verified for N times in a target time period, where N is a positive integer; the unified anonymous identifier for verifying the account to be verified has no association with the account to be verified; relevant information (such as a bound identity identifier, authorization information, and the like) of the account to be verified is modified), sending a notification to a notification receiver corresponding to the account to be verified; the notification specifically includes at least one of: account login notification, account exception notification, and account operation notification.

In response to the data management operation of the account to be verified, the computer device may backup the target data indicated by the data management operation into the blockchain network (i.e., performing evidence storage processing, where the evidence storage data can be acquired only by a monitoring department); after the backup is completed, the computer device may process the target data according to the data management operation (e.g., delete the target data stored in the local database). In addition, the object may also perform one or more of the following management operations: setting account abnormity (such as the verification times of an account in a preset time period exceed a threshold value, logging in different places and the like) reminding, designating one or more devices with the account login authority (such as an object can designate a uniform anonymous identifier white list, namely only devices in the uniform anonymous identifier white list are allowed to verify an account (such as a mobile phone number)) and similarly, also designating one or more devices without the account login authority (such as an object can designate a uniform anonymous identifier black list, namely devices in the uniform anonymous identifier black list are not allowed to verify the account (such as the mobile phone number)) to be verified; changing account information (such as changing bound mobile phone numbers, mailboxes and certificate information); and querying a historical login record (such as a historical login time and a historical login place) of the account.

Further, when the computer device detects that the first device verifies the target account, the computer device may perform operations such as simplifying a verification process (e.g., without performing human-computer verification); wherein the uniform anonymous identifier of the first device is included in a white list of uniform anonymous identifiers for the target account. Similarly, the computer device may perform an intercept, terminate the verification, and the like, upon detecting that the target account is verified by a second device, wherein the uniform anonymous identifier of the second device is included in a blacklist of uniform anonymous identifiers for the target account.

It should be noted that the blockchain network related to the present application may specifically be a public blockchain network, or may also be a federation blockchain, or a private blockchain (which may be used inside an enterprise and is used for preventing internal information from being tampered, preventing error deletion, and the like). Taking a federation chain as an example, the federation chain may have multiple application developers participating; in addition, the operator, or regulatory authority, may be given administrative authority for the federation chain as an administrator. The company a, the application (product) of the company a, and the scene of each application (for example, the game X is the scene of the social application Y) are all corresponding to a unique identifier on the federation blockchain.

Fig. 7 is a block chain network according to an embodiment of the present disclosure. As shown in fig. 7, the blockchain is a federation blockchain, and the federation blockchain may include multiple levels of roles, where the read permissions of the different levels of roles for data in the blockchain are different, and nodes not allowed by the federation blockchain cannot access data in the read blockchain nor receive related services provided by the blockchain (i.e., nodes not allowed by the federation blockchain cannot make substantially any connection with the blockchain). The blockchain network can be commonly maintained by product databases of various companies, one company can have one or more product databases, each product database is divided according to product scenes, and under the condition that the object authorization is not performed, data among different scenes are mutually isolated.

An intelligent contract runs in the block chain network, and data in the block chain network can be processed and then replied with business through the intelligent contract instead of directly sharing a data source; for example, when the computer device sends the account to be authenticated and the uniform anonymous identifier to the blockchain network, on one hand, the blockchain network performs comparison and determination on the association records of the account to be authenticated and the uniform anonymous identifier, and returns the determination result (such as security level indication information) or information related to the security level determination (such as a verification method of association between the account to be authenticated and the uniform anonymous identifier, whether a bad record exists in the uniform anonymous identifier, and the like) to the computer device instead of returning all source data. On the other hand, the blockchain network records relevant information (such as network parameters of the target device) provided by the computer device. And related information of account verification can be better recorded by appointing richer uplink data and scenes. Therefore, when the object initiates the verification, a clearer data source (namely information of a verification place, a verification time and the like of the account to be verified are recorded) can be provided in the block chain. And a control interface facing to a specific product can be provided for the object, so that the object can stop issuing verification forms such as short messages and the like within a period of time (for example, short message verification information sent by the application program A is not received within 1 day).

In addition, the block chain network has a supervision characteristic, and a supervision department can be used as a super manager to have the supervision authority of the block chain network; for example, the regulatory body may have a public role of providing a voucher to a node in the blockchain network, and the like, and have an authority to acquire all data of the blockchain (a scene of each company or each application, and only an authority to read the scene of the company or the application). Other federation roles can also be introduced in the blockchain network; such as an operator node. The operator node has a write right for the block chain, for example, when a mobile phone number is secondarily assigned, the operator may also write the secondary number assignment data into the block chain, so that the block chain performs operations such as freezing, not including calculation and the like on trusted verification data before the secondary number assignment in the block chain based on the secondary number assignment data.

In practical applications, the operator of the application or the website cannot acquire or provide the object information from or to other operators without authorization to transfer the object information, and it is difficult to acquire reliable credit information of the object. Through the blockchain network, the objects can be uniformly authorized to the blockchain operation main body, and each operator can directly inquire object credit indication information from the blockchain network (namely the blockchain network feeds back the object specific credit condition (obtained based on the object source data) to the inquiring operator), so that complete user mobile phone verification process data is formed at the blockchain.

It is understood that the blockchain network may be replaced by a database maintained by a third-party monitoring department, and a company of each application may write data into the blockchain network or the database, read the data written by the company, and obtain the security level indication information provided by the database or the blockchain network, or information related to the security level determination. Based on the implementation mode, data sharing among companies can be achieved, and the authorization process of the object is simplified (the object only needs to authorize the application program to obtain the security level information of the target device from the block chain network, and data intercommunication between the authorized application program and the application program is not needed).

Optionally, a manager of the blockchain network or a communications operator may also summarize data in the blockchain network or the target database (for example, a uniform anonymous identifier associated with an account that is successfully verified by a statistical account), and when an abnormal change of the uniform anonymous identifier is detected (for example, the object inputs a new account to be verified in the device), notify the service party or the object of performing security reminding, or take additional factor verification or other security measures. The above processes can be recorded in the blockchain network or the target database according to requirements, and when the target database is loaded in the computer device, the method can also be executed by the computer device.

In addition, the blockchain network or the target data can also determine a malicious node based on historical verification data; for example, the device a corresponding to the uniform anonymous identifier a authenticates a plurality of accounts within the target time period, and if the authentications all fail, the device a is determined to be a malicious node. The computer device may take a particular administrative policy for the malicious node (e.g., the malicious node is not allowed to authenticate any account for a period of time, multiple human checks are performed on the malicious node, etc.). It will be appreciated that the above method may also be performed by a computer device when the target database is mounted in the computer device.

S406, the uniform anonymous identifier, the account to be verified, the account verification mode of the account to be verified and the account verification result of the account to be verified are stored in the target database or the block chain network in an associated mode.

The unified anonymous identifier, the account to be verified, the account verification manner of the account to be verified, and the associated storage manner of the account verification result of the account to be verified may be as shown in table 2:

TABLE 2

As shown in Table 2, a uniform anonymous identifier may be associated with one or more accounts, each of which may correspond to one or more authentication methods, and the authentication results; in addition, relevant information such as geographic position, verification time and the like can be recorded in the table 2. The unified anonymous identifier and the account have an indexing function, and the related information of one or more accounts related to the unified anonymous identifier can be determined through the unified anonymous identifier; one or more uniform anonymous identifiers associated with the account, as well as information associated with the account, may be determined by the account. It is understood that "XXXXXXX", "AA", etc. in Table 2 are for illustrative purposes only and do not constitute a practical limitation of the present application. In practical applications, the uniform anonymous identifier may be a character string composed of the IMEI of the target device and a mobile phone number corresponding to a SIM card (used for using a cellular network) carried in the target device; the account may be a cell phone number, mailbox, etc.

The unified anonymous identifier, the account to be verified, the account verification manner of the account to be verified, and the associated storage manner of the account verification result of the account to be verified may also be shown in table 3:

TABLE 3

As shown in Table 3, an account may be associated with one or more uniform anonymous identifiers; each account can correspond to one or more verification modes and a verification result under one uniform anonymous identifier (namely under one device); in addition, the related information such as the geographical location and the verification time can be recorded in table 3. The unified anonymous identifier and the account have an indexing function, and the related information of one or more accounts related to the unified anonymous identifier can be determined through the unified anonymous identifier (for example, for the account A, a white list or a black list of the unified anonymous identifier of the account A can also be related, or network parameters and the like); one or more uniform anonymous identifiers associated with the account, and information associated with the account, can be determined by the account. It is understood that "XXXXXXX", "AA", etc. in Table 3 are for illustration only and do not constitute a practical limitation of the present application. In practical applications, the uniform anonymous identifier may be a character string composed of the IMEI of the target device and a mobile phone number corresponding to a SIM card (used for using a cellular network) carried in the target device; the account may be a mobile phone number, mailbox, etc.

The data processing method provided in the present application is explained in detail below by two complete examples. Fig. 8 is an interaction flowchart of a data processing method according to an embodiment of the present application. As shown in fig. 8:

step S801: the method comprises the steps that an object enters an account login page, the login page comprises an authorization rule description (such as authorization of a current application program or a uniform anonymous identifier of a target device obtained by a website), and when the target device detects authorization operation of the object (such as authorization of the current application program or authorization of the website agreed by object selection), the current application program or a server corresponding to the website is authorized.

Step S802: after obtaining the right, the server (computer device) sends an identifier obtaining request to the identifier provider, where the identifier obtaining request may carry authorization information of the target device.

Step S803: after acquiring the identifier acquisition request of the server, the identifier provider returns the uniform anonymous identifier to the server, and the specific implementation of step S802 and step S803 may refer to the implementation shown in fig. 5, which is not described herein again.

Optionally, if allowed by relevant laws and regulations and standards, the server may also apply for obtaining a hardware identifier (such as IMEI, etc.) of the target device, and at this time, the identifier provider may be a terminal device manufacturer. It should be noted that the hardware identifier of the target device may be forged, and the uniform anonymous identifier is obtained based on the IMEI and the mobile phone number, and the SIM card cannot be forged; thus, the uniform anonymous identifier is more practical in practical applications.

Step S804: the server acquires an account to be verified, wherein in one implementation mode, the account to be verified can be sent to the server after the target device acquires the account to be verified filled by the object; in another embodiment, the account to be verified may be obtained by the server from the number taking service in a number taking manner, and the specific embodiment may refer to the embodiment in fig. 6, which is not described herein again.

Step S805: the server provides the uniform anonymous identifier and the account to be authenticated to a target database, or blockchain network. Optionally, the server may also provide parameters for assisting in determining the security level of the target device to the blockchain network (i.e., introduce more wind control factors); for example, network parameters (e.g., base station cell ID, geographical information, IP address, etc.), context parameters (e.g., identification of an application, or identification of a website), etc.

Step S806: in one embodiment, the target database, or blockchain network, determines the security level of the target device based on the uniform anonymous identifier provided by the server and the account to be authenticated. In another embodiment, the target database, or the blockchain network, returns security indication information (e.g., whether there is an account verification record matching the account to be authenticated and the uniform anonymous identifier, whether there is a human machine check record matching the account to be authenticated and the uniform anonymous identifier, etc.) to the server based on the uniform anonymous identifier and the account to be authenticated provided by the server, so that the server determines the security level of the target device based on the security indication information. For a specific implementation of determining the security level of the target device, reference may be made to the implementation of step S403 in fig. 4, which is not described herein again.

Step S807: after the server obtains the security level of the target device, a human-machine verification policy corresponding to the target device is determined according to the security level of the target device (for example, whether human-machine verification is performed on the target device, the number of times of human-machine verification is performed, a human-machine verification manner is performed, and the like), and a specific human-machine verification policy can be set and adjusted according to actual requirements, which is not limited in the present application. The man-machine verification strategy can comprise a man-machine verification mode, man-machine verification times and the like, different security levels can correspond to the same or different man-machine verification strategies, and the setting can be specifically carried out according to actual requirements, and the method is not limited in the application. Optionally, after determining the human-machine verification policy corresponding to the target device, the computer device may further perform auxiliary verification through one or more security verification methods, where the security verification method includes: short message verification, biometric (fingerprint, voice, face, etc.) verification, associated account auxiliary verification (e.g., auxiliary verification through a "friend" account of the account to be verified, or auxiliary verification through other accounts bound to the account to be verified (e.g., mailbox, social account, etc.)), phone verification, password verification, and the like.

If the human-computer verification strategy corresponding to the target device is that human-computer verification needs to be executed, continuing to execute the step S808; correspondingly, if the human-machine verification policy corresponding to the target device is that the human-machine verification is not required to be performed, the step S811 is continuously performed.

Step S808: and the server instructs the target device to perform human-computer verification according to the human-computer verification strategy determined in the step S807.

Step S809: in one embodiment, the target device returns the human-computer verification information to the server, so that the server determines a human-computer verification result based on the human-computer verification information. In another embodiment, the target device returns the human-machine verification result directly to the server.

Step S810: and the server returns the man-machine verification result of the target equipment to the target database or the block chain network, so that the target database or the block chain network stores the unified anonymous identifier, the account to be verified and the man-machine verification result in a correlation manner. In addition, the server can also provide parameters related to man-machine verification, such as man-machine verification time, man-machine verification mode, man-machine verification times and the like, for the target database or the block chain network.

Step S811: the server acquires account verification information provided by the target equipment; for example, the account verification information may be a short message verification code, and the short message verification code may be generated by the server after the server acquires the account to be verified and is sent to the account to be verified.

Step S812: the server determines an account verification result of an account to be verified according to the account verification information provided by the target device; for example, the server detects whether the short message verification code provided by the target device is matched with the short message verification code generated by the server and sent to the account to be verified; if the short message verification code provided by the target device is matched with the short message verification code generated by the server and sent to the account to be verified, the server judges that the account to be verified passes the account verification; and if the short message verification code provided by the target equipment is not matched with the short message verification code generated by the server and sent to the account to be verified, the server judges that the account to be verified is not verified through the account.

Step S813: the server returns the account verification result of the target device to the target database or the block chain network, so that the target database or the block chain network stores the uniform anonymous identifier, the account to be verified and the account verification result in a correlation mode. In addition, the server can also provide parameters related to account verification, such as time of account verification, account verification mode, account verification times and the like, to the target database or the blockchain network.

Fig. 9 is an interaction flowchart of another data processing method according to an embodiment of the present application. As shown in fig. 9:

s901: an application verifier (object) enters an account login page, the login page comprises authorization rule descriptions (such as authorization of a current application program or uniform anonymous identifiers of target equipment obtained by a website), and the application verifier can authorize the current application program or a server corresponding to the website through authorization operations (such as object check agreement to authorize the current application program or the website).

S902: and after acquiring the authorization of the application verifier, the target device sends authorization information to the server.

S903: after obtaining the authority, the server sends an identification obtaining request to an identification provider (such as an operator), wherein the identification obtaining request is used for requesting the identification provider to generate a related parameter identification address (url address) verified by a uniform anonymous identifier for the target device to access.

S904: and after receiving the identification acquisition request sent by the server, the identification provider returns an identification address for verifying the relevant uniform anonymous identifier to the server.

S905: and after acquiring the identification address sent by the identification provider, the server provides the identification address for the target equipment.

S906: after receiving the identification address provided by the server, the target device accesses the identification address through the cellular network, so that the trigger provider can read the characteristic information (such as the IMEI (international mobile equipment identity) and the mobile phone number of the target device) of the device accessing the identification address, and obtain the anonymous uniform identifier of the target device based on the characteristic information of the target device.

S907: and after obtaining the uniform anonymous identifier of the target device, the identifier provider returns the uniform anonymous identifier to the server. The specific implementation of steps S902 to S907 can refer to the implementation shown in fig. 5, and is not described herein again.

S908: the target device obtains an account to be verified, wherein the account to be verified can be filled in a login page by a verifier.

S909: in one embodiment, the server obtains an account to be verified provided by the target device. In another embodiment, the account to be verified may be obtained by the server from the number taking service in a number taking manner, and the specific embodiment may refer to the embodiment in fig. 6, which is not described herein again.

S910: the server provides the uniform anonymous identifier and the account to be authenticated to a target database, or blockchain network. Optionally, the server may further provide a parameter for assisting in determining the security level of the target device to the blockchain network; for example, network parameters (e.g., base station cell ID, geographical information, IP address, etc.), context parameters (e.g., identification of an application, or identification of a website), etc.

S911: in one embodiment, the target database, or blockchain network, determines the security level of the target device based on the uniform anonymous identifier provided by the server and the account to be authenticated. In another embodiment, the target database, or the blockchain network, returns security indication information (e.g., whether there is an account verification record matching the account to be authenticated and the uniform anonymous identifier, whether there is a human machine check record matching the account to be authenticated and the uniform anonymous identifier, etc.) to the server based on the uniform anonymous identifier and the account to be authenticated provided by the server, so that the server determines the security level of the target device based on the security indication information. For a specific implementation of determining the security level of the target device, reference may be made to the implementation of step S403 in fig. 4, which is not described herein again.

S912: in one embodiment, the server receives security indication information returned by the target database or the blockchain network, and determines human-machine verification reference information (such as a human-machine verification suggested value) according to the security indication information, or determines the security level of the target device according to the security indication information. In another embodiment, the server may directly obtain the security level of the target device returned by the target database, or blockchain network.

S913: and the server returns the human-computer verification reference information or the security level of the target device to the target device.

S914: in an embodiment, the target device obtains human-computer verification reference information sent by the server, and the target device performs comprehensive judgment based on the reference information to further determine a human-computer verification policy corresponding to the target device (for example, the security level of the target device is determined according to the human-computer verification reference information, and then the human-computer verification policy corresponding to the target device is determined based on the security level of the target device). In another embodiment, the target device obtains the security level of the target device sent by the server, and determines a human-machine verification policy corresponding to the target device based on the security level of the target device (for example, operations such as not retrieving human-machine identification, retrieving more complex computation questions, or multi-puzzle checking, etc.) are not performed, and the specific human-machine verification policy may be set and adjusted according to actual requirements, which is not limited in the present application.

If the human-machine verification strategy corresponding to the target device is that human-machine verification needs to be executed, continuing to execute the step S915; correspondingly, if the human-machine verification policy corresponding to the target device is that the human-machine verification is not required to be performed, the step S922 is continuously performed.

S915: and the target equipment performs man-machine verification on the party applying for verification.

The human-machine verification strategy can include a human-machine verification mode, human-machine verification times and the like, different security levels can correspond to the same or different human-machine verification strategies, and the human-machine verification strategy can be specifically set according to actual requirements without limitation. Optionally, after determining the human-machine verification policy corresponding to the target device, the computer device may further perform auxiliary verification through one or more security verification methods, where the security verification method includes: short message verification, biometric (fingerprint, voice, face, etc.) verification, associated account auxiliary verification (e.g., auxiliary verification through a "friend" account of the account to be verified, or auxiliary verification through other accounts bound to the account to be verified (e.g., mailbox, social account, etc.)), phone verification, password verification, and the like.

S916: and the application verifier inputs the man-machine verification information.

S917: in one embodiment, the target device may check the human-computer verification information locally to obtain a human-computer verification result. In another embodiment, the target device may send the acquired human machine verification information to the server.

S918: and if the server receives the human-computer verification information sent by the target equipment, verifying the human-computer verification information and returning a human-computer verification result to the target equipment.

S919: after the target device obtains the human-computer verification result, the human-computer verification result can be displayed, and relevant parameters (such as the human-computer verification result, the human-computer verification time, the human-computer verification times and the like) of the human-computer verification are returned to the server.

S920: and the server sends the human-computer verification result and the human-computer verification parameters to the target database or the block chain network, so that the target database or the block chain network stores the unified anonymous identifier, the account to be verified, the human-computer verification result and the human-computer verification parameters in an associated manner. Optionally, the target database or the blockchain network may perform a summary calculation (e.g., statistics of a success rate of human-machine verification corresponding to the uniform anonymous identifier) based on the obtained data and the historical data.

S921: and the target database or the block chain network sends first feedback information to the server, wherein the first feedback information is used for indicating the human-computer verification result and the correlation storage result of the human-computer verification parameter.

S922: the party applying for authentication can carry out identity authentication through short message authentication, one-key login and other authentication modes; for example, the party applying for verification may enter account verification information in a login page.

S923: and after acquiring the identity authentication information, the target equipment sends the account verification information to the server.

S924: after receiving the account verification information sent by the target device, the server obtains an account verification result of the account to be verified based on the account verification information. After the account verification result of the account to be verified is obtained, the server can return the account verification result of the account to be verified to the target device, and send the account verification result of the target device to the target database or the blockchain network, so that the target database or the blockchain network can store the uniform anonymous identifier, the account to be verified and the account verification result in a correlation mode. In addition, the server may also provide parameters related to account verification, such as time of account verification, manner of account verification, number of times of account verification, etc., to the target database or the blockchain network.

S925: and the target database or the block chain network sends second feedback information to the server, wherein the second feedback information is used for indicating the associated storage result of the account verification result.

Optionally, in the account verification process, there may be a case that the application verifier fails to perform account verification for multiple times, at this time, steps S922 to S925 may be repeatedly performed, and if the number of failures exceeds the number threshold, the human-machine verification may be re-performed (steps S915 to S921), or the human-machine verification may be re-performed from step S901. Optionally, the server may perform information reminding on the mobile phone number associated with the account being verified; or checking and confirming (such as confirming whether to carry out repeated checking to the number owner of the mobile phone number); or frequency and cooling time constraints are applied to reduce possible risk-type attacks.

It should be noted that, in practical applications, the server may be split into multiple independent backgrounds, for example, the server may be split into a security module background in the target device, a background of the application program, a background of an enterprise to which the application program belongs, and the like. Each independent background can play the role of independently finishing interaction with a target database or a block chain network or participate in interaction. For convenience of understanding, the embodiments of the present application merge the backgrounds. Similarly, the target database or the blockchain network may be independent of the server or may be installed in the server (the blockchain is a private chain), which is not limited in this application.

In the embodiment of the application, in response to an authorization operation of the target device, a unified anonymous identifier of the target device is obtained, an account to be verified is obtained, a security level of the target device is determined according to the account to be verified and the unified anonymous identifier, and a human-machine verification strategy corresponding to the target device is determined based on the security level of the target device. Therefore, in the account verification process, the security level of the target device can be determined based on the account to be verified and the uniform anonymous identifier, and different man-machine verification strategies are adopted for devices with different security levels, so that the account verification process is more flexible and convenient. In addition, data sharing among companies can be achieved through the blockchain network, the authorization process of the object is simplified (the object only needs to authorize an application program to obtain the security level information of the target device from the blockchain network, data intercommunication between the authorization application program and the application program is not needed), and then the security of related data of the object is improved, and related departments can easily monitor the object.

Fig. 10 is a flowchart of another data processing method according to an embodiment of the present application. The data processing method may be executed by a computer device, which may specifically be the server 102 shown in fig. 1 d. As shown in fig. 10, the data processing method may include, but is not limited to, steps S1001 to S1006:

s1001, responding to the authorization operation of the target device, and acquiring the uniform anonymous identifier of the target device.

And S1002, acquiring the account to be verified.

The specific implementation of step S1001 and step S1002 can refer to the implementation of step S201 and step S202 in fig. 2, and is not described herein again.

S1003, obtaining account verification records associated with the uniform anonymous identifier and verification records of the account to be verified.

In one embodiment, the computer device may obtain the account verification record associated with the uniform anonymous identifier and the verification record of the account to be verified from a database (e.g., a database of an enterprise to which the computer device belongs, a third party database, a central database, etc.) or a blockchain network.

S1004, respectively extracting features of the account verification record associated with the uniform anonymous identifier and the verification record of the account to be verified to obtain feature information of the account verification record associated with the uniform anonymous identifier and feature information of the verification record of the account to be verified.

The characteristic information of the verification record of the account to be verified comprises at least one of the following items: the number of checks of the account to be verified in the first time period, and the number of associated uniform anonymous identifiers of the account to be verified in the first time period. Specifically, the computer device may count the verification records of the account to be verified, to obtain the verification times of the account to be verified in the first time period (a device corresponding to one uniform anonymous identifier may perform multiple verifications on the account to be verified in the first time period); or counting the verification records of the account to be verified to obtain the number of the unified anonymous identifiers associated with the account to be verified in the first time period. The first time period can be one day, one month, half a year, or register from the account to be verified to the present; the verification times of the account to be verified in the first time period can be the total verification times of the account to be verified in the first time period, or the verification times of the account to be verified in the first time period; the unified anonymous identifier associated with the account to be verified in the first time period refers to: for example, if all devices corresponding to the uniform anonymous identifier 1-the uniform anonymous identifier 5 verify the account to be verified in the first period and the devices corresponding to the uniform anonymous identifier 1 and the uniform anonymous identifier 4 verify the account to be verified, the uniform anonymous identifier associated with the account to be verified in the first period is: a uniform anonymous identifier 1 and a uniform anonymous identifier 4. It is understood that the computer device may further calculate, based on the verification record of the account to be verified, a verification success rate, a verification frequency, and the like of the account to be verified for the unified anonymous identifier associated with the account to be verified in the first time period.

Similarly, the characteristic information of the account check record associated with the uniform anonymous identifier includes at least one of: and the verification success rate corresponding to the uniform anonymous identifier and the account number associated with the uniform anonymous identifier in the second time period. Specifically, the computer device may perform statistics on account verification records associated with the uniform anonymous identifiers to obtain a verification success rate corresponding to the uniform anonymous identifiers, or the number of accounts associated with the uniform anonymous identifiers in the second time period. Wherein the second period of time may be one day, one month, half a year, etc.; the first period and the second period may be the same or different; the number of accounts associated with the uniform anonymous identifier in the second time period may refer to the number of all accounts that have been verified by the uniform anonymous identifier in the second time period, or may refer to the number of accounts that have been verified by the uniform anonymous identifier in the second time period. In addition, the characteristic information of the account check record associated with the uniform anonymous identifier may further include the number of checks of the uniform anonymous identifier against one or more accounts in the second period of time, and the like.

S1005, determining the security level of the target device according to the feature information of the account verification record associated with the uniform anonymous identifier and the feature information of the verification record of the account to be verified.

In one embodiment, the characteristic information of the verification record of the account to be verified comprises the verification times of the account to be verified in a first time period, and the characteristic information of the account verification record associated with the uniform anonymous identifier comprises the verification success rate corresponding to the uniform anonymous identifier; the specific implementation manner of determining, by the computer device, the security level of the target device according to the feature information of the account verification record associated with the uniform anonymous identifier and the feature information of the verification record of the account to be verified is as follows: determining the security level of the target device according to the feature information of the account verification record and the feature information of the verification record of the account to be verified in the first time period, wherein the determining comprises the following steps: if the verification success rate corresponding to the uniform anonymous identifier is less than or equal to the success rate threshold value, and the verification times of the account to be verified in the first time period are greater than or equal to the time threshold value, the computer device determines the security level of the target device as a first security level; if the verification success rate corresponding to the uniform anonymous identifier is less than or equal to the success rate threshold value and the verification times of the account to be verified in the first time period are less than the time threshold value, the computer device determines the security level of the target device as a second security level; if the verification success rate corresponding to the uniform anonymous identifier is greater than the success rate threshold value and the verification times of the account to be verified in the first time period are greater than or equal to the time threshold value, the computer device determines the security level of the target device as a third security level; and if the verification success rate corresponding to the uniform anonymous identifier is greater than the success rate threshold value and the verification times of the account to be verified in the first time period are less than the time threshold value, the computer device determines the security level of the target device as a fourth security level.

In one embodiment, the characteristic information of the verification record of the account to be verified comprises the verification times of the account to be verified in a first time period, and the characteristic information of the account verification record associated with the uniform anonymous identifier comprises the account number associated with the uniform anonymous identifier in a second time period; the specific implementation manner of determining, by the computer device, the security level of the target device according to the feature information of the account verification record associated with the uniform anonymous identifier and the feature information of the verification record of the account to be verified is as follows: if the number of the accounts associated with the uniform anonymous identifier in the second period is greater than or equal to a first number threshold value, and the checking times of the account to be verified in the first period are greater than or equal to a time threshold value, the computer device determines the security level of the target device as a first security level; if the number of the accounts associated with the uniform anonymous identifier in the second period is greater than or equal to the first number threshold, and the verification times of the account to be verified in the first period is less than the time threshold, the computer device determines the security level of the target device as a second security level; if the number of the accounts associated with the uniform anonymous identifier in the second period is smaller than the first number threshold, and the checking times of the account to be verified in the first period are larger than or equal to the time threshold, the computer device determines the security level of the target device as a third security level; if the number of the accounts associated with the uniform anonymous identifier in the second time period is smaller than the first number threshold, and the number of times of verification of the account to be verified in the first time period is smaller than the number threshold, the computer device determines the security level of the target device as a fourth security level.

In one embodiment, the characteristic information of the verification record of the account to be verified comprises the number of the unified anonymous identifiers associated with the account to be verified in the first time period, and the characteristic information of the account verification record associated with the unified anonymous identifiers comprises verification success rate corresponding to the unified anonymous identifiers; the specific implementation manner of determining, by the computer device, the security level of the target device according to the feature information of the account verification record associated with the uniform anonymous identifier and the feature information of the verification record of the account to be verified is as follows: if the verification success rate corresponding to the uniform anonymous identifier is less than or equal to the success rate threshold value, and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is greater than or equal to the second number threshold value, the computer device determines the security level of the target device as a first security level; if the verification success rate corresponding to the uniform anonymous identifier is less than or equal to the success rate threshold value, and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is less than a second number threshold value, the computer device determines the security level of the target device as a second security level; if the verification success rate corresponding to the uniform anonymous identifier is greater than the success rate threshold value and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is greater than or equal to the second number threshold value, the computer device determines the security level of the target device as a third security level; if the verification success rate corresponding to the uniform anonymous identifier is greater than the success rate threshold value and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is smaller than the second number threshold value, the computer device determines the security level of the target device as a fourth security level.

In one embodiment, the characteristic information of the verification record of the account to be verified comprises the number of the unified anonymous identifiers associated with the account to be verified in a first time period, and the characteristic information of the account check record associated with the unified anonymous identifiers comprises the number of the accounts associated with the unified anonymous identifiers in a second time period; the specific implementation mode of the computer device determining the security level of the target device according to the feature information of the account verification record associated with the uniform anonymous identifier and the feature information of the verification record of the account to be verified is as follows: if the number of the accounts associated with the uniform anonymous identifiers in the second time period is greater than or equal to a first number threshold, and the number of the uniform anonymous identifiers associated with the accounts to be verified in the first time period is greater than or equal to a second number threshold, the computer device determines the security level of the target device as a first security level; if the number of the accounts associated with the uniform anonymous identifiers in the second time period is greater than or equal to the first number threshold, and the number of the uniform anonymous identifiers associated with the accounts to be verified in the first time period is smaller than the second number threshold, the computer device determines the security level of the target device as a second security level; if the number of the accounts associated with the uniform anonymous identifiers in the second time period is smaller than the first number threshold, and the number of the uniform anonymous identifiers associated with the accounts to be verified in the first time period is larger than or equal to the second number threshold, the computer device determines the security level of the target device as a third security level; if the number of the accounts associated with the uniform anonymous identifiers in the second time period is smaller than the first number threshold, and the number of the uniform anonymous identifiers associated with the accounts to be verified in the first time period is smaller than the second number threshold, the computer device determines the security level of the target device as a fourth security level.

In one embodiment, if the unified anonymous identifier is not associated with an account verification record and is not associated with a verification record of an account to be verified, the computer device determines the security level of the target device as a preset security level; if the unified anonymous identifier is not associated with an account verification record and the account to be verified is associated with a verification record, the computer device firstly determines the range to which the security level of the target device belongs as the target range, and then determines the security level of the target device based on the characteristic information of the verification record of the account to be verified. In one embodiment, the feature information of the verification record of the account to be verified includes the verification times of the account to be verified in a first time period, and if the verification record of the account to be verified in the first time period is greater than or equal to a time threshold, the computer device determines the security level of the target device as a first security level; if the verification record of the account to be verified in the first time period is smaller than the time threshold, the computer equipment determines the security level of the target equipment as a second security level; wherein the first security level and the second security level belong to a target range. In another embodiment, the characteristic information of the authentication record of the account to be authenticated comprises the number of uniform anonymous identifiers associated with the account to be authenticated within the first time period; if the number of the unified anonymous identifiers associated with the account to be verified in the first time period is larger than or equal to a second number threshold, the computer device determines the security level of the target device as a first security level; if the number of the unified anonymous identifiers associated with the account to be verified in the first time period is smaller than a second number threshold, the computer device determines the security level of the target device as a second security level; wherein the first security level and the second security level belong to a target range. Similarly, if the unified anonymous identifier is associated with an account check record, and the account to be verified is not associated with a verification record, the computer device first determines the range to which the security level of the target device belongs as a preset range, and then determines the security level of the target device based on the feature information of the check record of the unified anonymous identifier, wherein the security level of the target device belongs to the preset range.

In practical application, the characteristic information of the account verification record associated with the uniform anonymous identifier and the characteristic information of the verification record of the account to be verified can be set to be multiple based on actual requirements; for example, the characteristic information of the account verification record associated with the uniform anonymous identifier includes a verification success rate corresponding to the uniform anonymous identifier, the number of accounts associated with the uniform anonymous identifier in the second time period, and the characteristic information of the verification record of the account to be verified includes the number of times of verification of the account to be verified in the first time period and the number of uniform anonymous identifiers associated with the account to be verified in the first time period, and the computer device may determine the security level of the target device based on the weight of each characteristic information.

Optionally, if an account associated with the uniform anonymous identifier has a malicious behavior (such as sending harassment information to another account, issuing false information, and the like) after logging in, the security level of the target device corresponding to the uniform anonymous identifier is determined as a fifth security level. In this case, the server determines that the target device has a security risk, and may increase the number of times of human-computer verification, or perform account verification time limitation, account verification number limitation, and the like on the target device.

It should be noted that, the security levels in the present application are used to distinguish different situations, and the first security level to the fifth security level in the embodiment of fig. 10 may be the same as or different from the first security level to the fifth security level in the embodiments of fig. 2 and fig. 4; for example, the human machine verification policy corresponding to the first security level in the embodiment of fig. 10 is different from the human machine verification policy corresponding to the first security level in the embodiment of fig. 2.

S1006, determining a man-machine verification strategy corresponding to the target device based on the security level of the target device.

Further, in a specific implementation manner, if it is detected that an account to be verified passes the verification of the account and then has an illegal behavior, a supervisor (such as a supervision department) may obtain a user identification card (mobile phone number) bound with a uniform anonymous identifier corresponding to the account to be verified from a provider of the uniform anonymous identifier, and perform punishment processing on the user identification card (mobile phone number) or a user of the user identification card according to a processing rule corresponding to the illegal behavior; for example, a subscriber identity card (mobile phone number) with a violation is pulled into a blacklist, a penalty is given to the user of the subscriber identity card, and the like. That is, the supervising party may profile the users of the unified anonymous identifier bound user identification card based on historical behavior records (i.e., account verification records associated with the unified anonymous identifier) to identify the users with the violations.

It can be understood that one account may be associated with a plurality of uniform anonymous identifiers, where the uniform anonymous identifier corresponding to the account to be verified refers to a uniform anonymous identifier of a target device when the account to be verified has a violation; for example, the account a is associated with a uniform anonymous identifier 1-a uniform anonymous identifier 3, the uniform anonymous identifier 1-the uniform anonymous identifier 3 correspond to the device 1-the device 3, respectively, and if the device 1 (corresponding to the uniform anonymous identifier 1) has an illegal behavior after logging in the account a, a supervisor (having a relevant supervision authority) may obtain a user identification card bound with the uniform anonymous identifier 1 from a provider of the uniform anonymous identifier, and perform a penalty on the user identification card bound with the uniform anonymous identifier 1, or perform a penalty on a user of the user identification card bound with the uniform anonymous identifier 1.

Optionally, if it is detected that the account to be verified passes the verification, and a violation occurs after the account to be verified passes the verification, the administrator may also perform a penalty on an owner of the account to be verified (e.g., a registrant of the account to be verified, or a user currently bound to the account to be verified).

For example, when a malicious user needs a large number of mobile phone number registration APPs to obtain benefits in batch, the malicious user can obtain the mobile phone number through an irregular channel, and the computer equipment can clearly identify the temporary cross-equipment login through the UAID, so that an information service provider can obtain the benefits for the temporary cross-equipment login, and adopt a restriction strategy. For a user who rents an account, the computer device can clearly recognize the temporary cross-device login through the UAID, for example, an account number of an adult is frequently effective on different UAID devices, and the UAID devices are marked as minors in the past, so that a supervision department can control the rented account number and the devices using the account number.

Table 4 is a relationship table provided in the embodiment of the present application:

TABLE 4

Object 1	Object 2	Object 3	Object 4
				Device 1	Device 2	Device 3	Device 4
Mobile phone number 1	Mobile phone number 2	Mobile phone number 3	Mobile phone number 4
				UAID1	UAID2	UAID3	UAID4

As shown in table 4, assume that object 1-object 3 are in a family relationship, and object 4 is a malicious user; and the object 2 usually verifies the mobile phone number 1 and the mobile phone number 3 through the device 2, the computer device can determine that the UAID2 is credible for the mobile phone numbers 1-3 based on the verification record of the UAID; when the object 4 checks the mobile phone number 1 or the mobile phone number 3 through the device 4, since the checking record of the UAID4 does not include the checking record of the mobile phone number 1 or the mobile phone number 3, or does not include the checking record that the mobile phone number 1 or the mobile phone number 3 successfully passes the account verification, the computer device determines that the UAID4 is not authentic for the mobile phone number 1 or the mobile phone number 3, and further performs security check.

Fig. 11 is a schematic diagram of an interaction principle of a data processing scheme according to an embodiment of the present application. As shown in fig. 11, the general principle of the data processing scheme is as follows:

s1101: on one hand, after acquiring an object authorization (for example, a user agrees to authorize, and the front end is allowed to initiate an identity identifier (for example, UAID) query and central database/blockchain verification to an identification provider (for example, an operator)), the front end in the target device initiates an identity identifier query to the identification provider to obtain an identity identifier of the target device. On the other hand, the front end in the target device acquires the account to be verified input by the object. After obtaining the identity identifier and the account to be verified, the front end transmits the identity identifier of the target device and the account to be verified to the background. The identity identifier comprises at least one of: a Universal Anonymous Identifier (UAID), an International Mobile Equipment Identity (IMEI), an International Mobile Subscriber Identity (IMSI), and an advertisement Identifier (IDFA).

The front end may specifically be a front end of an application program in the target device, or may also be a front end of a webpage accessed in the target device, which is not limited in this application. Optionally, the front end may further transmit the acquired network parameters (such as IP), geographic location, and the like, which may be used to assist in determining the security level of the target device, to the background.

S1102: the background can be loaded in the server, and after acquiring the identity identifier of the target device and the account to be verified transmitted by the front end, the background transparently transmits the requirements (such as the security level of the target device needs to be determined, or the human-computer verification policy corresponding to the target device is determined) and the parameters (including the identity identifier of the target device and the account to be verified) to the security policy module, and the security policy module can be self-contained in the background, can be independent (such as provided by a third party), and can also be shared (such as a plurality of applications or websites of a company share one security policy module).

In one embodiment, the target device is loaded with a Subscriber Identity Module (SIM) card, and the backend may also obtain a mask (e.g., 131XXXX 1234) of the SIM card from the carrier and package the mask into parameters for passing to the security policy Module.

S1103: the security policy module may be carried in the server together with the background, may also be carried in another server independently, and may also be carried in the target device, which is not limited in this application. After the security policy module obtains the requirements and parameters sent by the background, a central database (such as a local historical record database) or a three-party shared block chain initiates record retrieval of related data, such as retrieving all historical records related to the identity identifier of the target device, or retrieving all historical records related to the identity identifier within a preset time period.

The central database/blockchain network may index the identity identifier of the target device as an index condition in the central database/blockchain network and return the associated record to the security policy module.

In one embodiment, the central database/blockchain network may record in the following format: time, TEL-a, TEL7M, identity identifier, TEL, target device parameters, network parameters, app/website scenario, object id, object key information (e.g., identification card, registered mobile phone number, etc.), authentication success/failure result, authentication method, TEL. Wherein, TEL-A refers to an account to be verified (such as a mobile phone number which is input by an object in the front end and used for logging in); TEL7M refers to a mask (for example, 131XXXX 1234) of a subscriber identity card loaded in a target device obtained from an operator; the tel is a subscriber identification card (mobile phone number) for generating the UAID when the identity identifier is the UAID. It should be noted that, in the above record, the id and the account to be verified (i.e. TEL-a) are essential items, and the remaining items are optional items, and in practical applications, dynamic adjustment or expansion may be performed based on requirements, which is not limited in this application.

S1104: after acquiring records related to the identity identifier of the target equipment and records related to the account to be verified, which are returned by the central database, the security policy module determines the security level of the target equipment based on the records related to the identity identifier of the target equipment and the records related to the account to be verified; for a specific implementation, refer to the implementation of step S1005 in fig. 10, which is not described herein again. Wherein the record relating to the identity identifier of the target device comprises at least one of: the account verification result associated with the identity identifier of the target device, the account identification associated with the identity identifier of the target device, and the account number associated with the identity identifier of the target device may be counted through the account identification associated with the identity identifier of the target device (e.g., the total number of accounts associated with the identity identifier of the target device, the number of accounts associated with the identity identifier of the target device that pass verification, etc.); the record related to the account to be verified at least comprises an identity identifier of a device used for verifying the account, and the verification record of the account to be verified in the first time period can be counted according to the record related to the account to be verified. It should be noted that the verification record of the account to be verified in the first time period may specifically refer to the total number of times that the account to be verified performs verification in the first time period, and may also refer to the number of times that the account to be verified succeeds in verification in the first time period, which may be specifically set according to actual requirements, which is not limited in this application.

S1105: and the security policy module determines a corresponding human-machine verification policy according to the obtained security level and sends a human-machine verification policy suggestion of the target equipment to the background. Human-machine verification strategies include, but are not limited to: the method comprises the steps of face verification, password verification, fingerprint verification, friend-assisted verification, waterproof wall verification and short message verification.

S1106: and the background determines a security verification mode according to the man-machine verification strategy suggestion sent by the security strategy module and instructs the front end to perform security verification according to the determined security verification mode.

S1107: the front end carries out safety verification according to a determined safety verification mode, and after the safety verification is passed, the front end acquires the authentication information of the account to be verified and returns the authentication information to the background.

S1108: the background verifies the identity verification information and stores the verification result, the safety verification result and related information (such as verification mode, verification time and the like) into a central database or a block chain network. It will be appreciated that the back office and security policy modules in fig. 11 may collectively comprise a server, or the back office, security policy modules and central database may collectively comprise a service.

It is understood that the embodiments in the various drawings of the present application may be combined with each other in practical application; for example, the embodiment in which the supervisor acquires the subscriber identity card bound by the uniform anonymous identifier in step S1006 and performs penalty processing on the subscriber identity card may also be applied to the embodiments of fig. 2 and fig. 4; for another example, in step S405, the embodiment that the object manages the account correspondence notification receiver after the account passes verification may also be applied to the embodiments in fig. 2 and fig. 10; for another example, when an associated record of a uniform anonymous identifier exists in the target database or blockchain network in step S403, the computer device may proceed to perform step S1004 in fig. 10. These combinations are all within the scope of protection of the present application.

In the embodiment of the application, the security level of the target device is determined based on the feature information of the account verification record associated with the uniform anonymous identifier and the feature information of the verification record of the account to be verified, and then flexible security verification is performed on the object based on the security level of the target device, so that the account verification process is more flexible and convenient (namely, the verification strategy is determined through the security level, the verification process of a normal user is simplified, and the risk that the user is maliciously attacked is reduced). In addition, the illegal user identification number (mobile phone number) can be labeled and identified through the UAID, and convenience is brought to supervision.

The method of the embodiments of the present application is described in detail above, and in order to better implement the above-described solution of the embodiments of the present application, the following provides a device of the embodiments of the present application.

Referring to fig. 12, fig. 12 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application, where the apparatus may be mounted on a computer device, and the computer device may specifically be the server 102 shown in fig. 1 d. The data processing apparatus shown in fig. 12 may be used to perform some or all of the functions in the method embodiments described above with respect to fig. 2, 4 and 10. Referring to fig. 12, the details of each unit are as follows:

an obtaining unit 1201, configured to obtain a uniform anonymous identifier of a target device in response to an authorization operation of the target device;

the method comprises the steps of acquiring an account to be verified, wherein the account to be verified is used for requesting to log in a website or an application program;

a processing unit 1202, configured to determine a security level of a target device according to an account to be verified and a uniform anonymous identifier;

and the system is used for determining a man-machine verification strategy corresponding to the target equipment based on the security level of the target equipment.

In an embodiment, the processing unit 1202 is configured to determine, according to the account to be authenticated and the uniform anonymous identifier, a security level of the target device, and specifically is configured to:

In one embodiment, the association record of the uniform anonymous identifier includes one or more accounts associated with the uniform anonymous identifier, and an account verification result for each account; the processing unit 1202 is configured to determine, according to the association record, a security level of the target device, and specifically configured to:

the second security level is different from the human-computer verification strategy corresponding to the first security level.

In one embodiment, the associated record of the uniform anonymous identifier further includes an account verification means for each account; the processing unit 1202 is configured to determine, according to an account verification result of the target account, a security level of the target device, and specifically configured to:

In one embodiment, the account verification mode comprises a short message verification mode and a one-key login mode; the processing unit 1202 is configured to determine the security level of the target device according to an account verification manner of the target account, and specifically configured to:

In one embodiment, the processing unit 1202 is further configured to:

In one embodiment, the account verification mode of the account to be verified is a short message verification mode; the processing unit 1202 is configured to obtain an account verification result of the account to be verified in an account verification manner, and specifically configured to:

acquiring account verification information provided by target equipment;

In an embodiment, the processing unit 1202 is configured to obtain a uniform anonymous identifier of a target device, and specifically configured to:

In one embodiment, if the account to be verified is verified by the account, the processing unit 1202 is further configured to:

responding to the data management operation of the account to be verified, and backing up target data indicated by the data management operation to a block chain network;

processing the target data according to the data management operation;

and determining the security level of the target device according to the characteristic information of the account verification record associated with the uniform anonymous identifier and the characteristic information of the verification record of the account to be verified.

In one embodiment, the characteristic information of the verification record of the account to be verified comprises at least one of the following: the verification times of the account to be verified in the first time period, and the number of the associated uniform anonymous identifiers of the account to be verified in the first time period;

the characteristic information of the account verification record associated with the uniform anonymous identifier comprises at least one of the following items: and the verification success rate corresponding to the uniform anonymous identifier and the number of the accounts associated with the uniform anonymous identifier in the second time period.

the processing unit 1202 is configured to determine a security level of the target device according to the feature information of the account verification record and the feature information of the verification record of the account to be verified in the first time period, and specifically configured to:

if the verification success rate corresponding to the uniform anonymous identifier is greater than the success rate threshold value and the verification times of the account to be verified in the first period are greater than or equal to the time threshold value, determining the security level of the target device as a third security level;

and if the verification success rate corresponding to the uniform anonymous identifier is greater than the success rate threshold value and the verification times of the account to be verified in the first time period are less than the time threshold value, determining the security level of the target device as a fourth security level.

the processing unit 1202 is configured to determine, according to the feature information of the account verification record and the feature information of the verification record of the account to be verified in the first time period, a security level of the target device, and specifically configured to:

if the number of the accounts associated with the uniform anonymous identifier in the second period is larger than or equal to the first number threshold, and the checking times of the account to be verified in the first period are smaller than the time threshold, determining the security level of the target device as a second security level;

and if the number of the accounts associated with the uniform anonymous identifier in the second time period is smaller than the first number threshold value, and the number of times of verification of the account to be verified in the first time period is smaller than the number threshold value, determining the security level of the target device as a fourth security level.

In one embodiment, the characteristic information of the verification record of the account to be verified comprises the number of the unified anonymous identifiers associated with the account to be verified in the first time period, and the characteristic information of the account verification record associated with the unified anonymous identifiers comprises verification success rate corresponding to the unified anonymous identifiers;

if the verification success rate corresponding to the uniform anonymous identifier is less than or equal to the success rate threshold value, and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is greater than or equal to the second number threshold value, determining the security level of the target device as a first security level;

if the verification success rate corresponding to the uniform anonymous identifier is greater than the success rate threshold value and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is greater than or equal to the second number threshold value, determining the security level of the target device as a third security level;

In one embodiment, the characteristic information of the verification record of the account to be verified comprises the verification times of the account to be verified in a first time period; if the uniform anonymous identifier is not associated with an account verification record, the processing unit 1202 is configured to determine the security level of the target device according to the feature information of the account verification record and the feature information of the verification record of the account to be verified in the first time period, and specifically configured to:

determining the range to which the security level of the target device belongs as a target range;

if the verification record of the account to be verified in the first time period is greater than or equal to the time threshold, determining the security level of the target device as a first security level;

In one embodiment, the characteristic information of the verification record of the account to be verified comprises the number of the unified anonymous identifiers associated with the account to be verified in the first time period; if the uniform anonymous identifier is not associated with an account verification record, the processing unit 1202 is configured to determine the security level of the target device according to the feature information of the account verification record and the feature information of the verification record of the account to be verified in the first time period, and specifically configured to:

In one embodiment, the processing unit 1202 is further configured to:

In one embodiment, if the account to be verified is verified by the account verification, the processing unit 1202 is further configured to:

According to an embodiment of the present application, some steps involved in the data processing methods shown in fig. 2, fig. 4 and fig. 10 may be performed by respective units in the data processing apparatus shown in fig. 12. For example, steps S201 and S202 shown in fig. 2 may be executed by the acquisition unit 1201 shown in fig. 12, and steps S203 and S204 may be executed by the processing unit 1202 shown in fig. 12; step S401, step S402, and step S405 shown in fig. 4 may be executed by the acquisition unit 1201 shown in fig. 12, and step S403, step S404, and step S406 may be executed by the processing unit 1202 shown in fig. 12; step S1001 through step S1003 shown in fig. 10 may be executed by the acquisition unit 1201 shown in fig. 12, and step S1004 through step S1006 may be executed by the processing unit 1202 shown in fig. 12. The units in the data processing apparatus shown in fig. 12 may be respectively or entirely combined into one or several other units to form one or several other units, or some unit(s) may be further split into multiple functionally smaller units to form one or several other units, which may achieve the same operation without affecting the achievement of the technical effect of the embodiments of the present application. The units are divided based on logic functions, and in practical application, the functions of one unit can be realized by a plurality of units, or the functions of a plurality of units can be realized by one unit. In other embodiments of the present application, the data processing apparatus may also include other units, and in practical applications, the functions may also be implemented by assistance of other units, and may be implemented by cooperation of a plurality of units.

According to another embodiment of the present application, a data processing apparatus as shown in fig. 12 may be constructed by running a computer program (including program codes) capable of executing the steps involved in the respective methods shown in fig. 2, 4 and 10 on a general-purpose computing apparatus such as a computer including a Central Processing Unit (CPU), a random access storage medium (RAM), a read-only storage medium (ROM) and the like processing elements and storage elements, and implementing the data processing method of the embodiment of the present application. The computer program may be recorded on a computer-readable recording medium, for example, and loaded and executed in the above-described computing apparatus via the computer-readable recording medium.

Based on the same inventive concept, the principle and the advantageous effect of the data processing apparatus provided in the embodiment of the present application for solving the problem are similar to the principle and the advantageous effect of the data processing method in the embodiment of the present application for solving the problem, and for brevity, the principle and the advantageous effect of the implementation of the method may be referred to, and are not described herein again.

Referring to fig. 13, fig. 13 is a schematic structural diagram of a computer device according to an embodiment of the present disclosure, and as shown in fig. 13, the computer device at least includes a processor 1301, a communication interface 1302, and a memory 1303. The processor 1301, the communication interface 1302, and the memory 1303 may be connected by a bus or other means. The processor 1301 (or Central Processing Unit (CPU)) is a computing core and a control core of the computer device, and can analyze various instructions in the computer device and process various data of the computer device, for example: the CPU can be used for analyzing a power-on and power-off instruction sent to the computer equipment by a user and controlling the computer equipment to carry out power-on and power-off operation; the following steps are repeated: the CPU may transmit various types of interactive data between the internal structures of the computer device, and so on. The communication interface 1302 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI, mobile communication interface, etc.), and may be controlled by the processor 1301 to transmit and receive data; the communication interface 1302 may also be used for the transmission and interaction of data within the computer device. The Memory 1303 (Memory) is a Memory device in the computer device for storing programs and data. It is understood that the memory 1303 herein may include a built-in memory of the computer device, and may also include an extended memory supported by the computer device. Memory 1303 provides storage space that stores an operating system of the computer device, which may include, but is not limited to: android system, iOS system, windows Phone system, etc., which are not limited in this application.

An embodiment of the present application further provides a computer-readable storage medium (Memory), which is a Memory device in the terminal and is used for storing programs and data. It is understood that the computer readable storage medium herein can include both a built-in storage medium in the terminal and an extended storage medium supported by the terminal. The computer readable storage medium provides a storage space that stores a processing system of the terminal. Also stored in the memory space are one or more instructions, which may be one or more computer programs (including program code), suitable for loading and execution by processor 1301. It should be noted that the computer-readable storage medium may be a high-speed RAM memory, or may be a non-volatile memory (non-volatile memory), such as at least one disk memory; optionally, at least one computer readable storage medium located remotely from the aforementioned processor is also possible.

In one embodiment, the computer device may be specifically the server 102 shown in fig. 1 d. The processor 1301 performs the following operations by executing the executable program code in the memory 1303:

As an alternative embodiment, specific examples of determining the security level of the target device by the processor 1301 according to the account to be authenticated and the uniform anonymous identifier are as follows:

wherein the trustworthiness of the target device is derived from one or more of: the method comprises the steps of obtaining an account verification result associated with the account to be verified and the uniform anonymous identifier, a man-machine verification result associated with the account to be verified and the uniform anonymous identifier, a network parameter associated with the account to be verified and the uniform anonymous identifier, an account verification mode associated with the account to be verified and the uniform anonymous identifier, a scene environment parameter associated with the account to be verified and the uniform anonymous identifier, and verification initiation time associated with the account to be verified and the uniform anonymous identifier or man-machine verification.

As an alternative embodiment, the association record of the unified anonymous identifier includes one or more accounts associated with the unified anonymous identifier, and an account verification result for each account; the specific embodiment of the processor 1301 determining the security level of the target device according to the association record is as follows:

As an alternative embodiment, the association record of the uniform anonymous identifiers further includes an account verification manner for each account; the specific embodiment of processor 1301 determining the security level of the target device according to the account verification result of the target account is as follows:

As an optional embodiment, the account verification mode includes a short message verification mode and a one-key login mode; the specific embodiment of the processor 1301 that determines the security level of the target device according to the account verification mode of the target account is as follows:

As an alternative embodiment, the processor 1301, by running the executable program code in the memory 1303, further performs the following operations:

As an optional embodiment, the account verification mode of the account to be verified is a short message verification mode; the specific embodiment of the processor 1301 for obtaining the account verification result of the account to be verified in the account verification mode is as follows:

acquiring account verification information provided by target equipment;

As an alternative embodiment, the specific embodiment of the processor 1301 for obtaining the uniform anonymous identifier of the target device is as follows:

As an alternative embodiment, if the account to be authenticated is authenticated by the account, the processor 1301 executes the executable program code in the memory 1303, and further performs the following operations:

processing the target data according to the data management operation;

As an alternative embodiment, the feature information of the verification record of the account to be verified includes at least one of the following: the verification times of the account to be verified in the first time period, and the number of the associated uniform anonymous identifiers of the account to be verified in the first time period;

As an optional embodiment, the feature information of the verification record of the account to be verified includes the verification times of the account to be verified in the first time period, and the feature information of the account verification record associated with the uniform anonymous identifier includes the verification success rate corresponding to the uniform anonymous identifier;

the specific embodiment of the processor 1301 determining the security level of the target device according to the feature information of the account verification record and the feature information of the verification record of the account to be verified in the first time period is as follows:

if the verification success rate corresponding to the uniform anonymous identifier is less than or equal to the success rate threshold value, and the verification times of the account to be verified in the first time period are greater than or equal to the time threshold value, determining the security level of the target device as a first security level;

As an optional embodiment, the characteristic information of the verification record of the account to be verified includes the verification times of the account to be verified in the first time period, and the characteristic information of the account verification record associated with the uniform anonymous identifier includes the account number associated with the uniform anonymous identifier in the second time period;

the specific embodiment of determining the security level of the target device by the processor 1301 according to the feature information of the account verification record and the feature information of the verification record of the account to be verified in the first time period is as follows:

As an optional embodiment, the feature information of the verification record of the account to be verified includes the number of the uniform anonymous identifiers associated with the account to be verified in the first time period, and the feature information of the account verification record associated with the uniform anonymous identifiers includes the verification success rate corresponding to the uniform anonymous identifiers;

and if the verification success rate corresponding to the uniform anonymous identifier is greater than the success rate threshold value and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is less than the second number threshold value, determining the security level of the target device as a fourth security level.

As an alternative embodiment, the characteristic information of the authentication record of the account to be authenticated includes the number of the unified anonymous identifiers associated with the account to be authenticated in the first time period, and the characteristic information of the account check record associated with the unified anonymous identifiers includes the number of the accounts associated with the unified anonymous identifiers in the second time period;

if the number of the accounts associated with the uniform anonymous identifiers in the second time period is larger than or equal to the first number threshold, and the number of the uniform anonymous identifiers associated with the accounts to be verified in the first time period is smaller than the second number threshold, determining the security level of the target device as a second security level;

and if the number of the accounts associated with the uniform anonymous identifiers in the second time period is smaller than the first number threshold, and the number of the uniform anonymous identifiers associated with the accounts to be verified in the first time period is smaller than the second number threshold, determining the security level of the target device as a fourth security level.

As an optional embodiment, the feature information of the verification record of the account to be verified includes the verification times of the account to be verified in the first time period; if the unified anonymous identifier is not associated with an account verification record, the specific embodiment of the processor 1301 determining the security level of the target device according to the feature information of the account verification record associated with the unified anonymous identifier and the feature information of the verification record of the account to be verified is as follows:

As an alternative embodiment, the characteristic information of the verification record of the account to be verified includes the number of the uniform anonymous identifiers associated with the account to be verified in the first time period; if the unified anonymous identifier is not associated with an account verification record, the specific embodiment of the processor 1301 determining the security level of the target device according to the feature information of the account verification record associated with the unified anonymous identifier and the feature information of the verification record of the account to be verified is as follows:

and performing punishment processing on the user identification card or the user of the user identification card according to a processing rule corresponding to the illegal behavior.

Based on the same inventive concept, the principle and the advantageous effect of solving the problem of the computer device provided in the embodiment of the present application are similar to the principle and the advantageous effect of solving the problem of the data processing method in the embodiment of the present application, and for brevity, the principle and the advantageous effect of the implementation of the method may be referred to, and are not described herein again.

The embodiment of the present application further provides a computer-readable storage medium, in which one or more instructions are stored, and the one or more instructions are adapted to be loaded by a processor and execute the data processing method of the foregoing method embodiment.

Embodiments of the present application further provide a computer program product containing instructions, which when run on a computer, cause the computer to execute the data processing method of the above method embodiments.

Embodiments of the present application also provide a computer program product or a computer program comprising computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the data processing method.

The steps in the method of the embodiment of the application can be sequentially adjusted, combined and deleted according to actual needs.

The modules in the device can be combined, divided and deleted according to actual needs.

Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, which may include: flash disks, read-Only memories (ROMs), random Access Memories (RAMs), magnetic or optical disks, and the like.

While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made without departing from the spirit and scope of the invention as defined by the appended claims.

Claims

1. A method of data processing, the method comprising:

responding to an authorization operation of a target device, and acquiring a uniform anonymous identifier of the target device;

and determining a human-machine verification strategy corresponding to the target equipment based on the security level of the target equipment.

2. The method of claim 1, wherein the determining a security level of the target device from the account to be authenticated and the uniform anonymous identifier comprises:

wherein the trustworthiness of the target device is derived from one or more of: an account verification result associated with the account to be verified and the uniform anonymous identifier, a human-computer verification result associated with the account to be verified and the uniform anonymous identifier, a network parameter associated with the account to be verified and the uniform anonymous identifier, an account verification mode associated with the account to be verified and the uniform anonymous identifier, a scene environment parameter associated with the account to be verified and the uniform anonymous identifier, and a verification initiation time of account verification or human-computer verification associated with the account to be verified and the uniform anonymous identifier.

3. The method of claim 1, wherein the determining a security level of the target device from the account to be authenticated and the uniform anonymous identifier comprises:

if the association record of the uniform anonymous identifier exists in a target database or a block chain network, determining the security level of the target equipment according to the association record;

4. The method of claim 3, wherein the association record of the uniform anonymous identifier includes one or more accounts associated with the uniform anonymous identifier, and an account verification result for each account; the determining the security level of the target device according to the association record includes:

if the account to be verified does not match one or more accounts associated with the uniform anonymous identifier, determining the security level of the target device as a second security level;

and the human-machine verification strategies corresponding to the second security level and the first security level are different.

5. The method of claim 4, wherein the association record of uniform anonymous identifiers further comprises an account verification means for each account; the determining the security level of the target device according to the account verification result of the target account includes:

6. The method of claim 5, wherein the account authentication mode comprises a short message authentication mode and a one-key login mode; the determining the security level of the target device according to the account verification mode of the target account includes:

7. The method of claim 1, wherein the method further comprises:

acquiring an account verification mode of the account to be verified, and acquiring an account verification result of the account to be verified in the account verification mode;

and storing the uniform anonymous identifier, the account to be verified, the account verification mode of the account to be verified and the account verification result of the account to be verified in a target database or a block chain network in an associated manner.

8. The method of claim 7, wherein the account verification mode of the account to be verified is a short message verification mode; the obtaining of the account verification result of the account to be verified in the account verification mode includes:

acquiring account verification information provided by the target equipment;

and if the account verification information is matched with the account verification information, judging that the account to be verified passes account verification.

9. The method of claim 1, wherein the obtaining the uniform anonymous identifier for the target device comprises:

acquiring a uniform anonymous identifier address provided by an identification service, and sending indication information to the target device, wherein the indication information carries the uniform anonymous identifier address, and the indication information is used for indicating the target device to access the uniform anonymous identifier address through a cellular network;

obtaining encrypted data returned by the target device, wherein the encrypted data is obtained after the target device accesses the uniform anonymous identifier address through a cellular network;

10. The method of claim 1, wherein if the account to be authenticated is authenticated by an account, the method further comprises:

responding to the data management operation of the account to be verified, and backing up target data indicated by the data management operation to a blockchain network;

processing the target data according to the data management operation;

the data management operation comprises a data deleting operation and an authorizing canceling operation.

11. The method of claim 1, wherein the determining a security level of the target device from the account to be authenticated and the uniform anonymous identifier comprises:

obtaining security indication information returned by the target database or the block chain network, wherein the security indication information is determined based on the account to be verified and the associated information of the uniform anonymous identifier;

12. The method of claim 1, wherein the determining a security level of the target device from the account to be authenticated and the uniform anonymous identifier comprises:

obtaining an account verification record associated with the uniform anonymous identifier and a verification record of the account to be verified;

13. The method of claim 12, wherein the characteristic information of the verification record of the account to be verified comprises at least one of: the verification times of the account to be verified in a first period of time, and the number of the unified anonymous identifiers associated with the account to be verified in the first period of time;

the characteristic information of the account verification record associated with the uniform anonymous identifier comprises at least one of the following items: and the verification success rate corresponding to the uniform anonymous identifier is the number of the accounts associated with the uniform anonymous identifier in the second time period.

14. The method according to claim 12 or 13, wherein the characteristic information of the verification record of the account to be verified comprises the verification times of the account to be verified in the first time period, and the characteristic information of the account verification record associated with the uniform anonymous identifier comprises the verification success rate corresponding to the uniform anonymous identifier;

the determining the security level of the target device according to the feature information of the account verification record and the feature information of the verification record of the account to be verified in the first time period includes:

if the verification success rate corresponding to the uniform anonymous identifier is less than or equal to a success rate threshold value, and the verification times of the account to be verified in a first period are greater than or equal to a time threshold value, determining the security level of the target device as a first security level;

if the verification success rate corresponding to the uniform anonymous identifier is less than or equal to a success rate threshold value, and the verification times of the account to be verified in a first time period are less than a time threshold value, determining the security level of the target device as a second security level;

if the verification success rate corresponding to the uniform anonymous identifier is greater than a success rate threshold value and the verification times of the account to be verified in the first time period are greater than or equal to a time threshold value, determining the security level of the target device as a third security level;

and if the verification success rate corresponding to the uniform anonymous identifier is greater than a success rate threshold value and the verification times of the account to be verified in the first time period are less than a time threshold value, determining the security level of the target device as a fourth security level.

15. The method of claim 12 or 13, wherein the characteristic information of the verification record of the account to be verified comprises the number of times the account to be verified has been verified within a first time period, and the characteristic information of the account verification record associated with the uniform anonymous identifier comprises the number of accounts associated with the uniform anonymous identifier within a second time period;

if the number of the accounts associated with the uniform anonymous identifier in the second time period is larger than or equal to a first number threshold value, and the checking times of the account to be verified in the first time period are larger than or equal to a time threshold value, determining the security level of the target device as a first security level;

if the number of the accounts associated with the uniform anonymous identifier in the second time period is greater than or equal to a first number threshold value, and the checking times of the account to be verified in the first time period are less than a time threshold value, determining the security level of the target device as a second security level;

if the number of the accounts associated with the uniform anonymous identifier in the second period is smaller than a first number threshold, and the checking times of the account to be verified in the first period are larger than or equal to a time threshold, determining the security level of the target device as a third security level;

and if the number of the accounts associated with the uniform anonymous identifier in the second period is smaller than a first number threshold, and the checking times of the account to be verified in the first period is smaller than a time threshold, determining the security level of the target device as a fourth security level.

16. The method according to claim 12 or 13, wherein the characteristic information of the authentication record of the account to be authenticated comprises the number of the uniform anonymous identifiers associated with the account to be authenticated in the first time period, and the characteristic information of the account check record associated with the uniform anonymous identifier comprises the check success rate corresponding to the uniform anonymous identifier;

if the verification success rate corresponding to the uniform anonymous identifiers is smaller than or equal to a success rate threshold value, and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is larger than or equal to a second number threshold value, determining the security level of the target device as a first security level;

if the verification success rate corresponding to the uniform anonymous identifier is less than or equal to a success rate threshold value, and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is less than a second number threshold value, determining the security level of the target device as a second security level;

if the verification success rate corresponding to the uniform anonymous identifiers is greater than a success rate threshold value, and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is greater than or equal to a second number threshold value, determining the security level of the target device as a third security level;

and if the verification success rate corresponding to the uniform anonymous identifier is greater than a success rate threshold value and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is less than a second number threshold value, determining the security level of the target device as a fourth security level.

17. The method of claim 12 or 13, wherein the characteristic information of the authentication record of the account to be authenticated comprises a number of uniformly anonymous identifiers associated with the account to be authenticated within a first time period, and the characteristic information of the account check record associated with the uniformly anonymous identifiers comprises a number of accounts associated with the uniformly anonymous identifiers within a second time period;

if the number of the accounts associated with the uniform anonymous identifiers in the second time period is larger than or equal to a first number threshold value, and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is larger than or equal to a second number threshold value, determining the security level of the target device as a first security level;

if the number of the accounts associated with the uniform anonymous identifiers in the second time period is larger than or equal to a first number threshold value, and the number of the uniform anonymous identifiers associated with the accounts to be verified in the first time period is smaller than a second number threshold value, determining the security level of the target device as a second security level;

if the number of the accounts associated with the uniform anonymous identifiers in the second time period is smaller than a first number threshold value, and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is larger than or equal to a second number threshold value, determining the security level of the target device as a third security level;

and if the number of the accounts associated with the uniform anonymous identifiers in the second time period is smaller than the first number threshold, and the number of the uniform anonymous identifiers associated with the account to be verified in the first time period is smaller than the second number threshold, determining the security level of the target device as a fourth security level.

18. The method according to claim 12 or 13, wherein the characteristic information of the verification record of the account to be verified comprises the verification times of the account to be verified in a first period of time; if the unified anonymous identifier is not associated with an account verification record, determining the security level of the target device according to the feature information of the account verification record associated with the unified anonymous identifier and the feature information of the verification record of the account to be verified, including:

if the verification record of the account to be verified in the first time period is smaller than a time threshold value, determining the security level of the target device as a second security level;

wherein the first security level and the second security level belong to the target range.

19. The method of claim 12 or 13, wherein the characteristic information of the verification record of the account to be verified includes a number of uniform anonymous identifiers associated with the account to be verified within a first time period; if the uniform anonymous identifier is not associated with an account verification record, determining the security level of the target device according to the feature information of the account verification record associated with the uniform anonymous identifier and the feature information of the verification record of the account to be verified, including:

20. The method of any one of claims 1-19, further comprising:

if the fact that the illegal behavior exists in the account to be verified after the account to be verified passes verification is detected, a user identification card bound with the uniform anonymous identifier corresponding to the account to be verified is obtained from a provider of the uniform anonymous identifier;

21. The method of any one of claims 1-19, wherein if the account to be authenticated is authenticated by an account, the method further comprises:

22. A data processing apparatus, characterized in that the data processing apparatus comprises:

the device comprises an acquisition unit, a receiving unit and a processing unit, wherein the acquisition unit is used for responding to the authorization operation of a target device and acquiring a uniform anonymous identifier of the target device; the account to be verified is used for requesting to log in a website or an application program;

the processing unit is used for determining the security level of the target device according to the account to be verified and the uniform anonymous identifier; and the system is used for determining a human-computer checking strategy corresponding to the target equipment based on the security level of the target equipment.

23. A computer device, comprising: a memory and a processor;

a memory having a computer program stored therein;

a processor for loading the computer program to implement the data processing method of any one of claims 1 to 21.

24. A computer-readable storage medium, characterized in that it stores a computer program adapted to be loaded by a processor and to perform the data processing method according to any one of claims 1 to 21.

25. A computer program product, characterized in that the computer program product comprises a computer program adapted to be loaded by a processor and to execute the data processing method according to any of claims 1-21.