CN115941199B

CN115941199B - Identity information verification method, apparatus, device, storage medium and program product

Info

Publication number: CN115941199B
Application number: CN202211411834.2A
Authority: CN
Inventors: 邓建锋; 肖焯; 吴昊; 许露珉; 王依云; 张丽娟; 李慧娟; 母天石; 黄宝鑫; 谭洪华; 赖宇阳; 周子奇; 李仲斌
Original assignee: Southern Power Grid Digital Grid Research Institute Co Ltd
Current assignee: Southern Power Grid Digital Grid Research Institute Co Ltd
Priority date: 2022-11-11
Filing date: 2022-11-11
Publication date: 2024-06-25
Anticipated expiration: 2042-11-11
Also published as: CN115941199A

Abstract

The present application relates to an identity information verification method, apparatus, computer device, storage medium and computer program product. The method comprises the following steps: acquiring a user name of a target user to be authenticated, a certificate of the power monitoring system and first user identity information of the target user, wherein the user name and the certificate are sent by the power monitoring system; if the user name is matched with the certificate, acquiring a certificate serial number corresponding to the certificate; acquiring second user identity information corresponding to the certificate serial number from a plurality of candidate user identity information generated in advance; and acquiring an identity information verification result of the target user according to the first user identity information and the second user identity information. By adopting the method, the user identity in the power monitoring system can be accurately verified.

Description

Identity information verification method, apparatus, device, storage medium and program product

Technical Field

The present application relates to the technical field of power monitoring systems, and in particular, to an identity information verification method, an identity information verification device, a computer device, a storage medium, and a computer program product.

Background

With the development of the technical field of the power monitoring system, a user identity verification technology of the power monitoring system appears, and the user identity verification technology of the power monitoring system is realized through the addition of a static password to a user name.

In recent years, protection of a power monitoring system is more and more complex and diversified, and is required to be managed in a zoning mode according to actual conditions, and in an actual field implementation operation process, safety protection consciousness of a part of workers is weak, so that a problem of cross-zone interconnection occurs in the power monitoring system. The user identity verification mode of the user name plus the static password can not accurately verify the identity of the user in the power monitoring system when the cross-region interconnection occurs.

Disclosure of Invention

In view of the foregoing, it is desirable to provide an identity information verification method, apparatus, computer device, computer readable storage medium, and computer program product that can accurately verify the identity of a user in a power monitoring system.

In a first aspect, the present application provides an identity information verification method. The method comprises the following steps:

Acquiring a user name of a target user to be authenticated, which is sent by a power monitoring system, a certificate of the power monitoring system and first user identity information of the target user;

If the user name is matched with the certificate, acquiring a certificate serial number corresponding to the certificate;

Acquiring second user identity information corresponding to the certificate serial number from a plurality of candidate user identity information generated in advance;

And acquiring an identity information verification result of the target user according to the first user identity information and the second user identity information.

In one embodiment, the first user identity information includes a first signature value and first user attribute information, and the second user identity information includes a second signature value and second user attribute information; the step of obtaining the identity information verification result of the target user according to the first user identity information and the second user identity information comprises the following steps: and if the first signature value is matched with the second signature value and the first user attribute information is matched with the second user attribute information, determining that the identity information verification result of the target user is verification passing.

In one embodiment, before the acquiring the user name of the target user to be authenticated, which is sent by the power monitoring system, the certificate of the power monitoring system, and the first user identity information of the target user, the method further includes: generating the plurality of candidate user identity information; and constructing binding relations between the identity information of each candidate user and each candidate user, and storing the binding relations and the identity information of the plurality of candidate users into the power monitoring system.

In one embodiment, the generating the plurality of candidate user identity information includes:

Acquiring a current power monitoring system certificate corresponding to a current user name of a current candidate user and current user attribute information corresponding to the current user name; signing the current user attribute information to obtain a current signature value corresponding to the current user attribute information; acquiring a current certificate serial number corresponding to the current power monitoring system certificate, and associating the current certificate serial number with the current user attribute information to obtain associated current user attribute information; based on the correlated current user attribute information and the current signature value, obtaining current user identity information corresponding to the current user name; the construction of the binding relation between the identity information of each candidate user and each candidate user comprises the following steps: and constructing a binding relation between the current user identity information and the current candidate user.

In one embodiment, the acquiring the user name of the target user to be authenticated and sent by the power monitoring system, and the certificate of the power monitoring system further includes: acquiring a user name of the target user and a static password associated with the target user, which are sent by the power monitoring system; and if the user name of the target user is matched with the static password, acquiring a certificate of the power monitoring system.

In one embodiment, the method further comprises: if the user name is not matched with the static password, generating first abnormal information; if the user name is not matched with the certificate of the power monitoring system, generating second abnormal information; if the first identity verification information is not matched with the second identity verification information, third abnormal information is generated; and obtaining a user identity information exception log corresponding to the power monitoring system based on the first exception information, the second exception information and the third exception information.

In a second aspect, the application further provides an identity information verification device. The device comprises:

The user information acquisition module is used for acquiring a user name of a target user to be authenticated, which is sent by the power monitoring system, a certificate of the power monitoring system and first user identity information of the target user;

the certificate serial number acquisition module is used for acquiring a certificate serial number corresponding to the certificate if the user name is matched with the certificate;

the identity information acquisition module is used for acquiring second user identity information corresponding to the certificate serial number from a plurality of candidate user identity information which are generated in advance;

And the verification result acquisition module is used for acquiring the identity information verification result of the target user according to the first user identity information and the second user identity information.

In a third aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:

In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:

In a fifth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:

The identity information verification method, the identity information verification device, the computer equipment, the storage medium and the computer program product are used for obtaining the user name of the target user to be verified, the certificate of the power monitoring system and the first user identity information of the target user, wherein the user name and the certificate are sent by the power monitoring system; if the user name is matched with the certificate, acquiring a certificate serial number corresponding to the certificate; acquiring second user identity information corresponding to the certificate serial number from a plurality of candidate user identity information generated in advance; and acquiring an identity information verification result of the target user according to the first user identity information and the second user identity information. According to the application, through the pre-generated user identity information corresponding to each user, the user identity information is stored in the power monitoring system, when the user logs in the power monitoring system, the user name of the user is bound with the corresponding user identity information, and when the identity information of the user in the power monitoring system is verified, the user name of the user and the corresponding user identity information are sent to the identity verification platform for verification, so that the user identity in the power monitoring system can be accurately verified.

Drawings

FIG. 1 is a flow chart of an authentication method according to one embodiment;

FIG. 2 is a flow diagram of generating multiple candidate user identity information in one embodiment;

FIG. 3 is a flow diagram of generating a user identity information exception log in one embodiment;

FIG. 4 is a block diagram of an identity information verification system in one embodiment;

FIG. 5 is a flowchart of an authentication method according to another embodiment;

FIG. 6 is a block diagram of an identity information verification apparatus in one embodiment;

Fig. 7 is an internal structural diagram of a computer device in one embodiment.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.

It should be noted that, the term "first\second" related to the embodiment of the present invention is merely to distinguish similar objects, and does not represent a specific order for the objects, it is to be understood that "first\second" may interchange a specific order or precedence where allowed. It is to be understood that the "first\second" distinguishing aspects may be interchanged where appropriate to enable embodiments of the invention described herein to be implemented in sequences other than those illustrated or described.

In one embodiment, as shown in fig. 1, an identity information verification method is provided, where the method is applied to a terminal to illustrate the method, it is understood that the method may also be applied to a server, and may also be applied to a system including the terminal and the server, and implemented through interaction between the terminal and the server. In this embodiment, the method includes the steps of:

Step S101, obtaining a user name of a target user to be authenticated, a certificate of the power monitoring system, and first user identity information of the target user, which are sent by the power monitoring system.

The power monitoring system is a power equipment operation monitoring system, and the user name of the target user to be authenticated is a login account of the user to be authenticated in the users logged in the power monitoring system, and because the users of the power monitoring system may have illegal behaviors of cross-region interconnection, the identity of the users needs to be authenticated, and whether the users are local users is verified. As for the certificate of the power monitoring system, the license certificate logged in to the power monitoring system is referred to, and the certificate corresponds to the user name of the user one by one, and the first user identity information may be the user attribute of the target user.

Specifically, based on a user authentication request of a power monitoring system, a user name of a target user to be authenticated, a certificate of the power monitoring system, and first user identity information of the target user are acquired from the power monitoring system.

Step S102, if the user name is matched with the certificate, a certificate serial number corresponding to the certificate is obtained.

The serial numbers of the certificates are serial numbers of the power monitoring system certificates, and each power monitoring system certificate is provided with a unique certificate serial number which is different from the serial numbers of other certificates.

Specifically, inquiring a certificate identifier corresponding to the user name, if the certificate identifier is consistent with the identifier of the certificate, proving that the user name is matched with the certificate, and then acquiring a certificate serial number corresponding to the certificate.

Step S103, obtaining second user identity information corresponding to the certificate serial number from a plurality of candidate user identity information generated in advance.

The plurality of candidate user identity information generated in advance is identity attribute corresponding to all users generated in advance, wherein the user names of the users are in one-to-one correspondence with the user identity information, and the second user identity information is user identity information corresponding to the certificate serial number.

Specifically, second user identity information corresponding to the certificate serial number is obtained from a plurality of candidate user identity information generated in advance based on the corresponding relation between the certificate serial number and the user identity information.

Step S104, according to the first user identity information and the second user identity information, obtaining an identity information verification result of the target user.

The identity information verification result is a result of whether the target user to be authenticated passes the identity verification or not.

Specifically, if the first user identity information is matched with the second user identity information, the target user passes the identity verification; if the first user identity information is not matched with the second user identity information, the target user does not pass the identity verification.

In the identity information verification method, the user name of the target user to be verified, the certificate of the power monitoring system and the first user identity information of the target user, which are sent by the power monitoring system, are obtained; if the user name is matched with the certificate, acquiring a certificate serial number corresponding to the certificate; acquiring second user identity information corresponding to the certificate serial number from a plurality of candidate user identity information generated in advance; and acquiring an identity information verification result of the target user according to the first user identity information and the second user identity information. According to the application, through the pre-generated user identity information corresponding to each user, the user identity information is stored in the power monitoring system, when the user logs in the power monitoring system, the user name of the user is bound with the corresponding user identity information, and when the identity information of the user in the power monitoring system is verified, the user name of the user and the corresponding user identity information are sent to the identity verification platform for verification, so that the user identity in the power monitoring system can be accurately verified.

In one embodiment, the first user identity information comprises a first signature value and first user attribute information, and the second user identity information comprises a second signature value and second user attribute information; according to the first user identity information and the second user identity information, acquiring an identity information verification result of a target user, wherein the method comprises the following steps of:

If the first signature value is matched with the second signature value and the first user attribute information is matched with the second user attribute information, determining that the identity information verification result of the target user is verification passing.

The signature value is generated by encrypting the user attribute information, encryption is realized by adopting an asymmetric key cryptographic algorithm, a symmetric key cryptographic algorithm, random number generation and other modes which are approved by a national password management authority, the first signature value is a signature value corresponding to the first user identity information, and the second signature value is a signature value corresponding to the second user identity information. The user attribute information refers to the validity period, the accessible resource list, the corresponding role authority, the level, the region, the organization and the like corresponding to the target user, wherein the first user attribute information is the user attribute information corresponding to the first user identity information, and the second user attribute information is the user attribute information corresponding to the second user identity information.

Specifically, if the first signature value is consistent with the second signature value and the first user attribute information is consistent with the second user attribute information at the same time, determining that the identity information verification result of the target user is verification passing.

In this embodiment, the authentication result of the identity information of the target user can be accurately obtained through the signature value and the user attribute information.

In one embodiment, before acquiring the user name of the target user to be authenticated, the certificate of the power monitoring system, and the first user identity information of the target user, which are sent by the power monitoring system, the method further includes the following steps:

Generating a plurality of candidate user identity information; and constructing binding relations between the identity information of each candidate user and each candidate user, and storing the binding relations and the identity information of a plurality of candidate users into the power monitoring system.

The binding relationship is the association relationship between the identity information of each candidate user and each candidate user.

Specifically, based on user attribute information of a plurality of candidate users, generating a plurality of candidate user identity information in advance, then associating each candidate user identity information with a corresponding candidate user, establishing a binding relation between each candidate user identity information and each candidate user, and storing the binding relation and the plurality of candidate user identity information into a power monitoring system, so that when a certain user logs in the power monitoring system, the power monitoring system associates a user name with the corresponding user identity information through the binding relation, packages the user name, the power monitoring system certificate, the password and the associated user identity information of the user into an identity information message of the user, and when identity identification is needed, sends the identity information message to an identity information verification platform.

In this embodiment, a plurality of candidate user identity information is generated in advance; the binding relation between the identity information of each candidate user and each candidate user is constructed, so that the user name of each user can be accurately associated with the corresponding user identity information.

In one embodiment, as shown in fig. 2, generating a plurality of candidate user identity information includes the steps of:

step S201, a current power monitoring system certificate corresponding to a current user name of a current candidate user and current user attribute information corresponding to the current user name are obtained.

Wherein the current candidate user is any one of a plurality of candidate users.

Specifically, a current power monitoring system certificate and current user attribute information corresponding to a current user name of a current candidate user are obtained from a database.

Step S202, signing the current user attribute information to obtain a current signature value corresponding to the current user attribute information.

Specifically, the current user attribute information is encrypted by means of an asymmetric key cryptographic algorithm, a symmetric key cryptographic algorithm, random number generation and the like which are approved by the national cryptographic management authority, so that a current signature value corresponding to the current user attribute information is obtained.

Step S203, a current certificate serial number corresponding to the current power monitoring system certificate is obtained, and the current certificate serial number is associated with the current user attribute information to obtain the associated current user attribute information.

The associated current user attribute information is the current user attribute information with an association relationship with the current certificate serial number.

Specifically, after the current certificate serial number corresponding to the current power monitoring system certificate is obtained, a corresponding relation between the current certificate serial number and the current user attribute information is established, so that the current certificate serial number and the current user attribute information are associated, and the associated current user attribute information is obtained.

Step S204, based on the correlated current user attribute information and the current signature value, the current user identity information corresponding to the current user name is obtained.

Specifically, the associated current user attribute information and the current signature value are used as the current user identity information corresponding to the current user name.

The binding relation between the identity information of each candidate user and each candidate user is constructed, and the method comprises the following steps:

step S205, a binding relation between the identity information of the current user and the current candidate user is constructed.

The binding relationship is the corresponding relationship between the identity information of the current user and the current candidate user.

Specifically, a corresponding relation between the identity information of the current user and the current candidate user is constructed.

In this embodiment, the corresponding relationship between the current certificate serial number and the current user attribute information is established, and then the current user attribute information is encrypted to obtain the current signature value, so that the current user identity information corresponding to the current user name can be accurately generated.

In one embodiment, the method includes the steps of obtaining a user name of a target user to be authenticated sent by the power monitoring system and a certificate of the power monitoring system, and further includes the following steps:

Acquiring a user name of a target user and a static password associated with the target user, wherein the user name is sent by a power monitoring system; and if the user name of the target user is matched with the static password, acquiring a certificate of the power monitoring system.

Wherein the static password is a password, the password is a protected character string, and the static password can be used for authentication of the identity of the target user.

Specifically, a user name of a target user sent by a power monitoring system and a static password associated with the target user are obtained; if the user name of the target user is successfully matched with the static password, a certificate of the power monitoring system is further obtained, and if the user name of the target user is unsuccessfully matched with the static password, the identity verification of the target user is not passed.

In this embodiment, by matching and verifying the user name of the target user with the static password, it is possible to accurately determine whether the certificate of the power monitoring system needs to be acquired.

In one embodiment, as shown in fig. 3, the method further includes the steps of:

In step S301, if the user name does not match the static password, first exception information is generated.

The first abnormal information is abnormal information corresponding to the static password mismatch.

Specifically, if the user name is not matched with the static password, the identity verification of the target user is not passed, and first abnormal information is generated.

In step S302, if the user name does not match the certificate of the power monitoring system, second anomaly information is generated.

The second abnormal information is abnormal information corresponding to the fact that the certificate of the power monitoring system is not matched.

Specifically, if the user name is not matched with the certificate of the power monitoring system, the identity verification of the target user is not passed, and second abnormal information is generated.

Step S303, if the first authentication information is not matched with the second authentication information, third abnormal information is generated.

The third abnormal information is abnormal information corresponding to the mismatching of the authentication information.

Specifically, if the first authentication information is not matched with the second authentication information, the authentication of the target user is not passed, and third abnormal information is generated.

Step S304, based on the first abnormality information, the second abnormality information and the third abnormality information, obtaining a user identity information abnormality log corresponding to the power monitoring system.

The user identity information abnormal log is a record of user identity information abnormal data.

Specifically, the first anomaly information, the second anomaly information, the third anomaly information and other anomaly events are recorded in a user identity information anomaly log corresponding to the power monitoring system, and the log is stored.

In this embodiment, the user identity information exception log corresponding to the power monitoring system can be accurately obtained through the first exception information, the second exception information and the third exception information.

In one embodiment, as shown in FIG. 4, there is provided an identity information verification system comprising: identity recognition module, attribute management module, user identity information module, password service module and log module, wherein:

The identity recognition module is responsible for receiving and analyzing an identity recognition message sent by the power monitoring system, calling the user identity information module to carry out identity recognition on the power monitoring system, and the identity recognition module can provide service in a https/tcp/xml-based mode and receive data of the power monitoring system.

The attribute management module is responsible for defining the main body attribute of the power monitoring system, and manages the main body attribute, wherein the main body attribute can comprise an effective period, an accessible resource list, corresponding role authority, security level, region and organization information and corresponds to the real attribute of the power monitoring system.

The user identity information module is responsible for generating user identity information of the power monitoring system and providing a user identity information checking function for the identity recognition module, and can comprise a management function of user identity information application, verification and release, wherein the user identity information module can upload a power monitoring system certificate, associate a certificate serial number with an attribute, invoke a password service module to sign to obtain a signature value when the manager verifies the certificate serial number, release the main attribute and the signature value together and take effect; the file can be supported for downloading after being released; and simultaneously, a verification function is provided for the identity recognition module.

The password service module is responsible for providing password support for the user identity information module, the password service module is configured with an asymmetric key password algorithm, a symmetric key password algorithm, random number generation and the like which are approved by the national password management authority, and the password service module adopts a server password machine or a password card which passes through commercial password product authentication.

And the log module is responsible for collecting and storing the operation, abnormality and alarm events of each module in the system, and the log module adopts a synlog unified format of Linux to collect and store the operation, abnormality and alarm events in a database.

As shown in fig. 5, an identity information verification method is also provided, and the specific steps are as follows:

1. receiving a user name, a password, a certificate and user identity information sent by a power monitoring system; 2. checking the correctness of the user name, the password and the certificate; 3. checking the corresponding main body attribute and the main body attribute signature value through the certificate number; 4. and (5) completing identification.

In this embodiment, through the user identity information corresponding to each user generated in advance, the user identity information is stored in the power monitoring system, when the user logs in the power monitoring system, the user name of the user is bound with the corresponding user identity information, and when the identity information of the user in the power monitoring system is verified, the user name of the user and the corresponding user identity information are sent to the identity verification platform for verification, so that the user identity in the power monitoring system can be accurately verified.

It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.

Based on the same inventive concept, the embodiment of the application also provides an identity information verification device for realizing the above related identity information verification method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiment of one or more identity information verification devices provided below may refer to the limitation of the identity information verification method hereinabove, and will not be repeated herein.

In one embodiment, as shown in fig. 6, there is provided an identity information verifying apparatus including: a user information acquisition module 601, a certificate serial number acquisition module 602, an identity information acquisition module 603, and a verification result acquisition module 604, wherein:

The user information obtaining module 601 is configured to obtain a user name of a target user to be authenticated, a certificate of the power monitoring system, and first user identity information of the target user, which are sent by the power monitoring system;

a certificate serial number obtaining module 602, configured to obtain a certificate serial number corresponding to a certificate if the user name matches the certificate;

An identity information obtaining module 603, configured to obtain second user identity information corresponding to the certificate serial number from a plurality of candidate user identity information generated in advance;

And the verification result obtaining module 604 is configured to obtain an identity information verification result of the target user according to the first user identity information and the second user identity information.

In one embodiment, the verification result obtaining module 604 is further configured to determine that the identity information verification result of the target user is verification passing if the first signature value matches the second signature value and the first user attribute information matches the second user attribute information.

In one embodiment, the user information obtaining module 601 is further configured to generate a plurality of candidate user identity information; and constructing binding relations between the identity information of each candidate user and each candidate user, and storing the binding relations and the identity information of a plurality of candidate users into the power monitoring system.

In one embodiment, the user information obtaining module 601 is further configured to obtain a current power monitoring system certificate corresponding to a current user name of a current candidate user, and current user attribute information corresponding to the current user name; signing the current user attribute information to obtain a current signature value corresponding to the current user attribute information; acquiring a current certificate serial number corresponding to a current power monitoring system certificate, and associating the current certificate serial number with current user attribute information to obtain associated current user attribute information; based on the correlated current user attribute information and the current signature value, obtaining current user identity information corresponding to the current user name; and constructing a binding relation between the identity information of the current user and the current candidate user.

In one embodiment, the user information obtaining module 601 is further configured to obtain a user name of the target user and a static password associated with the target user, where the user name and the static password are sent by the power monitoring system; and if the user name of the target user is matched with the static password, acquiring a certificate of the power monitoring system.

In one embodiment, the verification result obtaining module 604 is further configured to generate the first exception information if the user name does not match the static password; if the user name is not matched with the certificate of the power monitoring system, generating second abnormal information; if the first identity verification information is not matched with the second identity verification information, third abnormal information is generated; and obtaining a user identity information exception log corresponding to the power monitoring system based on the first exception information, the second exception information and the third exception information.

The respective modules in the above-described identity information verifying apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided, which may be a terminal, and the internal structure of which may be as shown in fig. 7. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement an identity information verification method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.

It will be appreciated by those skilled in the art that the structure shown in FIG. 7 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

In an embodiment, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.

In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, carries out the steps of the method embodiments described above.

In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.

The user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magneto-resistive random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (PHASE CHANGE Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims

1. An identity information verification method, the method comprising:

Acquiring an identity information verification result of the target user according to the first user identity information and the second user identity information;

The first user identity information comprises a first signature value and first user attribute information, and the second user identity information comprises a second signature value and second user attribute information;

the step of obtaining the identity information verification result of the target user according to the first user identity information and the second user identity information comprises the following steps:

if the first signature value is matched with the second signature value and the first user attribute information is matched with the second user attribute information, determining that the identity information verification result of the target user is verification passing;

Before the user name of the target user to be authenticated, which are sent by the power monitoring system, the certificate of the power monitoring system and the first user identity information of the target user are obtained, the method further comprises:

generating the plurality of candidate user identity information;

constructing binding relations between each candidate user identity information and each candidate user, and storing the binding relations and the plurality of candidate user identity information into the power monitoring system;

The generating the plurality of candidate user identity information includes:

Acquiring a current power monitoring system certificate corresponding to a current user name of a current candidate user and current user attribute information corresponding to the current user name;

signing the current user attribute information to obtain a current signature value corresponding to the current user attribute information;

Acquiring a current certificate serial number corresponding to the current power monitoring system certificate, and associating the current certificate serial number with the current user attribute information to obtain associated current user attribute information;

based on the correlated current user attribute information and the current signature value, obtaining current user identity information corresponding to the current user name;

the construction of the binding relation between the identity information of each candidate user and each candidate user comprises the following steps:

And constructing a binding relation between the current user identity information and the current candidate user.

2. The method according to claim 1, wherein the obtaining the user name of the target user to be authenticated sent by the power monitoring system, the certificate of the power monitoring system, further comprises:

Acquiring a user name of the target user and a static password associated with the target user, which are sent by the power monitoring system;

and if the user name of the target user is matched with the static password, acquiring a certificate of the power monitoring system.

3. The method according to claim 2, wherein the method further comprises:

If the user name is not matched with the static password, generating first abnormal information;

If the user name is not matched with the certificate of the power monitoring system, generating second abnormal information;

If the first user identity information is not matched with the second user identity information, third abnormal information is generated;

and obtaining a user identity information exception log corresponding to the power monitoring system based on the first exception information, the second exception information and the third exception information.

4. An identity information verifying apparatus, the apparatus comprising:

The verification result acquisition module is used for acquiring the identity information verification result of the target user according to the first user identity information and the second user identity information;

The verification result acquisition module is further used for determining that the identity information verification result of the target user passes verification if the first signature value is matched with the second signature value and the first user attribute information is matched with the second user attribute information;

The user information acquisition module is further used for generating the plurality of candidate user identity information; constructing binding relations between each candidate user identity information and each candidate user, and storing the binding relations and the plurality of candidate user identity information into the power monitoring system;

The user information acquisition module is further used for acquiring a current power monitoring system certificate corresponding to a current user name of a current candidate user and current user attribute information corresponding to the current user name; signing the current user attribute information to obtain a current signature value corresponding to the current user attribute information; acquiring a current certificate serial number corresponding to the current power monitoring system certificate, and associating the current certificate serial number with the current user attribute information to obtain associated current user attribute information; based on the correlated current user attribute information and the current signature value, obtaining current user identity information corresponding to the current user name; and constructing a binding relation between the current user identity information and the current candidate user.

5. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 3 when the computer program is executed.

6. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 3.

7. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the steps of the method of any one of claims 1 to 3.