CN116561735B - Mutual trust authentication method and system based on multiple authentication sources and electronic equipment - Google Patents
Mutual trust authentication method and system based on multiple authentication sources and electronic equipment Download PDFInfo
- Publication number
- CN116561735B CN116561735B CN202310835321.2A CN202310835321A CN116561735B CN 116561735 B CN116561735 B CN 116561735B CN 202310835321 A CN202310835321 A CN 202310835321A CN 116561735 B CN116561735 B CN 116561735B
- Authority
- CN
- China
- Prior art keywords
- authentication
- source
- optimal
- information
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 76
- 230000015654 memory Effects 0.000 claims abstract description 25
- 230000004044 response Effects 0.000 claims abstract description 16
- 238000004590 computer program Methods 0.000 claims abstract description 6
- 238000012216 screening Methods 0.000 claims abstract description 6
- 230000003044 adaptive effect Effects 0.000 claims description 25
- 238000013528 artificial neural network Methods 0.000 claims description 12
- 238000012549 training Methods 0.000 claims description 7
- 238000004891 communication Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 12
- 230000008569 process Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 230000003068 static effect Effects 0.000 description 6
- 230000000694 effects Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 230000006978 adaptation Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Abstract
The specification discloses a mutually trusted authentication method, a mutually trusted authentication system and electronic equipment based on multiple authentication sources, which can improve the mutually trusted authentication efficiency, simplify the user operation and optimize the user experience. The method comprises the following steps: receiving a mutual trust authentication request and acquiring application attribute information of a current application terminal; aiming at the mutually trusted authentication request, selecting an optimal authentication source from a plurality of authentication sources based on a preset matching rule according to the application attribute information; user authentication information is obtained from the optimal authentication source, and authentication response is carried out on the mutually trusted authentication request based on the user authentication information. The system comprises an information acquisition module, an optimal authentication source screening module and a mutually trusted authentication response module. The electronic device comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes a mutually trusted authentication method based on multiple authentication sources when executing the program.
Description
Technical Field
The invention relates to the technical field of information security authentication, in particular to a mutual trust authentication method and system based on multiple authentication sources and electronic equipment.
Background
With the continuous development of information technology, information interaction and function connection between various information systems and information platforms are becoming more and more intimate. Various application service programs have more abundant functions, and can provide multi-party services for users in a cross-platform and cross-system mode. When an application service program provides services for users in a cross-platform and cross-system mode, a service provider needs to conduct identity authentication on the users, and therefore the mutual trust condition between the current application program and the service provider is required to be met. The mutual trust usually combines different authentication sources to authenticate the identity information of the user through a standard protocol, a federal mutual trust relationship is formed among a plurality of authentication sources, and the authentication sources in federal can mutually pull the identity information of the user to authenticate.
In general, the requirements of one-way one-to-one mutual trust authentication service can be met based on the federal mutual trust relationship. With further development of information technology, the number of authentication sources in the mutually trusted federation is gradually increased, and mutually trusted authentication services often face one-to-many or even many-to-many authentication scenes, so that a user is required to manually select the authentication sources, the operation complexity of the user is greatly increased, the response efficiency of an application program is reduced, and the user experience is also affected.
Disclosure of Invention
In view of the above, the embodiments of the present invention provide a mutual trust authentication method, system and electronic device based on multiple authentication sources, which can improve mutual trust authentication efficiency, simplify user operation, and optimize user experience.
In a first aspect, embodiments of the present disclosure provide a mutually trusted authentication method based on multiple authentication sources, including:
receiving a mutual trust authentication request and acquiring application attribute information of a current application terminal;
aiming at the mutually trusted authentication request, selecting an optimal authentication source from a plurality of authentication sources based on a preset matching rule according to the application attribute information;
user authentication information is obtained from the optimal authentication source, and authentication response is carried out on the mutually trusted authentication request based on the user authentication information.
Optionally, for the mutually trusted authentication request, selecting an optimal authentication source from a plurality of authentication sources based on a preset matching rule according to the application attribute information, including:
determining a target service item which corresponds to the mutually trusted authentication request and needs to be called;
selecting an adaptive authentication source corresponding to the target service item from a plurality of authentication sources;
evaluating a plurality of adaptive authentication sources based on the preset matching rules to determine matching values of the adaptive authentication sources relative to the mutually trusted authentication requests;
and selecting and determining the optimal authentication source from a plurality of adaptive authentication sources according to the matching value.
Optionally, for the mutually trusted authentication request, selecting an optimal authentication source from a plurality of authentication sources based on a preset matching rule according to the application attribute information, including:
extracting a plurality of attribute information items from the application attribute information;
selecting a plurality of authentication sources matched with the attribute information items to form an authentication subset according to the preset matching rule;
and determining intersections of a plurality of authentication subsets corresponding to the attribute information items, and taking an authentication source in the intersections as the optimal authentication source.
Optionally, after selecting the optimal authentication source, the method further includes:
generating recommendation information according to the optimal authentication source, and receiving feedback information of a user aiming at the recommendation information;
determining whether the user accepts the optimal authentication source according to the feedback information;
and responding to the user receiving the optimal authentication source, and acquiring user authentication information from the optimal authentication source to perform mutual trust authentication.
Optionally, after receiving the feedback information each time, the method further includes:
collecting the feedback information, and creating a user feedback database according to a plurality of pieces of feedback information;
the user feedback database comprises a plurality of feedback record items, wherein the feedback record items comprise the feedback information, the optimal authentication source corresponding to the feedback information, the mutually trusted authentication request and the application attribute information.
Optionally, the method further includes performing real-time optimization updating on the preset matching rule according to the user feedback database.
Optionally, in response to the user not accepting the optimal authentication source, the method further comprises:
determining a matching authentication source corresponding to the mutually trusted authentication request and the application attribute information as a new optimal authentication source by using a neural network matching model;
generating new recommendation information based on the new optimal authentication source, and recommending again;
the neural network matching model is generated by training the user feedback database.
Optionally, obtaining user authentication information from the optimal authentication source includes:
selecting a mutual trust authentication protocol corresponding to the optimal authentication source, and communicating with the optimal authentication source according to the mutual trust authentication protocol to acquire the user authentication information.
In a second aspect, embodiments of the present disclosure further provide a mutually trusted authentication system based on multiple authentication sources, the system comprising:
the information acquisition module is used for receiving the mutual trust authentication request and acquiring application attribute information of the current application terminal;
the optimal authentication source screening module is used for selecting an optimal authentication source from a plurality of authentication sources based on a preset matching rule according to the application attribute information aiming at the mutually trusted authentication request; and
and the mutual trust authentication response module is used for acquiring user authentication information from the optimal authentication source and carrying out authentication response on the mutual trust authentication request based on the user authentication information.
In a third aspect, embodiments of the present specification also provide a multi-authentication-source based mutually-trusted authentication electronic device, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the multi-authentication-source based mutually-trusted authentication method as described in the first aspect when the program is executed.
From the above, it can be seen that the mutually trusted authentication method, system and electronic device based on multiple authentication sources provided in the embodiments of the present disclosure have the following beneficial technical effects:
the mutually-trusted authentication method, the mutually-trusted authentication system and the electronic equipment based on the multiple authentication sources receive mutually-trusted authentication requests and acquire application attribute information of the current application terminal, and the mutually-trusted authentication is performed by selecting an optimal authentication source with highest suitability with the mutually-trusted authentication request from the multiple authentication sources according to a preset matching rule based on the mutually-trusted authentication requests and the application attribute information. The mode automatically selects the authentication source to execute mutual trust authentication without manual selection of a user, so that user operation is simplified, the selected authentication source is the authentication source with the highest adaptation degree relative to the current application terminal, the efficiency effect of mutual trust authentication can be ensured, and user experience is optimized.
Drawings
The features and advantages of the present invention will be more clearly understood by reference to the accompanying drawings, which are illustrative and should not be construed as limiting the invention in any way, in which:
FIG. 1 is a flow chart of a mutually trusted authentication method based on multiple authentication sources provided in one or more alternative embodiments of the present disclosure;
FIG. 2 is a flow chart of a method for selecting an optimal authentication source in a mutually trusted authentication method based on multiple authentication sources according to one or more embodiments of the present disclosure;
FIG. 3 is a flow chart of another method for selecting an optimal authentication source in a mutually trusted authentication method based on multiple authentication sources according to one or more alternative embodiments of the present disclosure;
FIG. 4 is a flow chart of a method for generating recommendation information and responding to feedback in a mutually trusted authentication method based on multiple authentication sources according to one or more alternative embodiments of the present disclosure;
FIG. 5 is a schematic diagram of a mutually trusted authentication system based on multiple authentication sources according to one or more alternative embodiments of the present disclosure;
FIG. 6 illustrates a schematic diagram of a mutually trusted authentication electronic device based on multiple authentication sources provided in one or more alternative embodiments of the present disclosure;
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to fall within the scope of the invention.
With the continuous development of information technology, information interaction and function connection between various information systems and information platforms are becoming more and more intimate. Various application service programs have more abundant functions, and can provide multi-party services for users in a cross-platform and cross-system mode. When an application service program provides services for users in a cross-platform and cross-system mode, a service provider needs to conduct identity authentication on the users, and therefore the mutual trust condition between the current application program and the service provider is required to be met. The mutual trust usually combines different authentication sources to authenticate the identity information of the user through a standard protocol, a federal mutual trust relationship is formed among a plurality of authentication sources, and the authentication sources in federal can mutually pull the identity information of the user to authenticate.
In general, the requirements of one-way one-to-one mutual trust authentication service can be met based on the federal mutual trust relationship. As information technology further develops, the number of authentication sources in the mutually trusted federation also increases, and mutually trusted authentication services often face one-to-many or even many-to-many authentication scenarios, in which case a user is required to manually select an authentication source. A list of various authentication sources is typically presented to the user for manual selection by the user, requiring additional steps of operation, and operations. Many times, the user may directly select the authentication source with the first rank for authentication for convenience. One problem with this situation is that it cannot be guaranteed that the first authentication source in the list is the most suitable authentication source, and although a plurality of authentication sources in the mutually trusted federation all store user identity information, the emphasis of data stored by different authentication sources is biased, and there may be differences in data interaction protocols adopted by mutually trusted authentication of different authentication sources, and performing mutually trusted authentication based on the authentication source selected by the user at will may cause a decrease in authentication efficiency. Such a manner greatly increases the complexity of user operations, reduces the response efficiency of the application program, and affects the user experience.
Aiming at the problems, the embodiment of the specification aims to provide a mutually trusted authentication method, a mutually trusted authentication system and electronic equipment based on multiple authentication sources, wherein the optimal authentication source is selected from the multiple authentication sources according to a user authentication request and current service information to perform mutually trusted authentication, so that the mutually trusted authentication efficiency can be improved, the user operation is simplified, and the user experience is optimized.
In view of the above, in one aspect, embodiments of the present disclosure provide a mutual trust authentication method based on multiple authentication sources.
As shown in fig. 1, one or more alternative embodiments of the present disclosure provide a mutual trust authentication method based on multiple authentication sources, including:
s1: and receiving a mutual trust authentication request and acquiring application attribute information of the current application terminal.
In the use process of the current application terminal, the user may need to jump to other service systems and platforms based on the current application terminal so as to call other functional services, and in this case, the mutually trusted authentication request is triggered. For example, a user may need to query for a concrete definition of a particular concept during browsing information on a forum website, at which point an external database service may be invoked for the particular concept. The mutually trusted authentication request may include a user ID, user rights information, service function information desired to be invoked, and the like.
The user invokes other service functions based on the current application terminal, and also needs to determine application attribute information of the current application terminal, where the application attribute information may include static attribute information and dynamic attribute information.
The static attribute information may be application type information of the current application terminal, where the application type information may include public service class (such as government service platform), forum website class (such as information exchange platform), life service class (such as shopping website, payment application), and the like, and the static attribute information may also include terminal type information of the current application terminal, including web page application, PC application, mobile application, and the like.
The dynamic attribute information may include dynamic operation information performed by a user on the current application terminal, including operation time information, operation location information, operation instruction information, or other operation environment information, etc.
S2: and selecting an optimal authentication source from a plurality of authentication sources according to the application attribute information and based on a preset matching rule aiming at the mutually trusted authentication request.
And aiming at the mutual trust authentication request, the user selects one authentication source from a plurality of authentication sources based on the current application terminal to execute mutual trust authentication. And determining the matching degree of a plurality of authentication sources relative to the application attribute information according to the preset matching rule, so as to select the optimal authentication source.
The preset matching rule can be determined according to an expert knowledge model, and in the application process, the preset matching rule can be optimized, updated and adjusted according to actual requirements.
S3: user authentication information is obtained from the optimal authentication source, and authentication response is carried out on the mutually trusted authentication request based on the user authentication information.
After the optimal authentication source is determined, the current application terminal can communicate with the optimal authentication source to acquire required user authentication information from the optimal authentication source, and identity mutual trust authentication is carried out on the user according to the user authentication information. After the mutual trust authentication is passed, the user can successfully call the service functions of other service systems or platforms through the current application terminal.
In some optional embodiments, the current application terminal may acquire a mutually trusted authentication protocol corresponding to the optimal authentication source, and communicate with the optimal authentication source according to the mutually trusted authentication protocol to acquire the user authentication information.
In the mutual trust authentication method based on multiple authentication sources, a mutual trust authentication request is received, application attribute information of a current application terminal is obtained, and mutual trust authentication is carried out by selecting an optimal authentication source with highest suitability with the mutual trust authentication request from multiple authentication sources according to a preset matching rule based on the mutual trust authentication request and the application attribute information. The mode automatically selects the authentication source to execute mutual trust authentication without manual selection of a user, so that user operation is simplified, the selected authentication source is the authentication source with the highest adaptation degree relative to the current application terminal, the efficiency effect of mutual trust authentication can be ensured, and user experience is optimized.
As shown in fig. 2, in a mutually trusted authentication method based on multiple authentication sources provided in one or more alternative embodiments of the present disclosure, for the mutually trusted authentication request, selecting an optimal authentication source from multiple authentication sources based on a preset matching rule according to the application attribute information, includes:
s201: and determining a target service item which corresponds to the mutually trusted authentication request and needs to be called.
The mutual trust authentication request can comprise user ID, user authority information, service function information expected to be called and the like, and the target service item required to be called by the user at the current application terminal can be determined according to the mutual trust authentication request. The target service item may be, for example, a payment service, a communication service, a kiosk, or the like.
S202: and selecting an adaptive authentication source corresponding to the target service item from a plurality of authentication sources.
Taking the target service item as a payment service as an example, the current application terminal may be a shopping webpage, and the user may trigger the mutually trusted authentication request by clicking a payment link in the shopping webpage. In this case, for the mutually trusted authentication request, an authentication source associated with a payment service needs to be selected from a plurality of authentication sources as the adapted authentication source. It should be noted that there may be a plurality of different payment service providers corresponding to the payment service, and there may be a plurality of the adapted authentication sources corresponding to the plurality of payment service providers.
S203: and evaluating a plurality of adaptive authentication sources based on the preset matching rule so as to determine matching values of the adaptive authentication sources relative to the mutually trusted authentication request.
The preset matching rule can comprise a plurality of rule items, and different rule items correspond to different matching coefficients. In some optional embodiments, the evaluation of the adaptive authentication source based on the preset matching rule may adopt the following scheme: firstly, determining a rule item hit by the adaptive authentication source and a corresponding matching coefficient, and if the adaptive authentication source does not hit the rule item, indicating that the adaptive authentication source is completely not matched with the mutually trusted authentication request; and calculating and determining the matching value of the adaptive authentication source relative to the mutually trusted authentication request according to one or more rule items corresponding to the adaptive authentication source and the corresponding matching coefficient.
S204: and selecting and determining the optimal authentication source from a plurality of adaptive authentication sources according to the matching value. And selecting the adaptive authentication source with the highest matching value as the optimal authentication source.
In the mutual trust authentication method based on multiple authentication sources, firstly, an adaptive authentication source is selected from multiple authentication sources based on a mutual trust authentication request, and further, the matching values of the multiple adaptive authentication sources are calculated and determined according to the preset matching rules, so that the optimal authentication source is selected. The optimal authentication source has the highest adaptation degree relative to the mutually trusted authentication request, and the optimal authentication source is selected to have the highest mutually trusted authentication efficiency and the best effect.
As shown in fig. 3, in a mutually trusted authentication method based on multiple authentication sources provided in one or more alternative embodiments of the present disclosure, for the mutually trusted authentication request, selecting an optimal authentication source from multiple authentication sources based on a preset matching rule according to the application attribute information, includes:
s301: and extracting a plurality of attribute information items from the application attribute information.
The application attribute information may include static attribute information and dynamic attribute information, and may be specifically subdivided into a plurality of attribute information items.
S302: and selecting a plurality of authentication sources matched with the attribute information items to form an authentication subset according to the preset matching rule.
For a plurality of attribute information items in the application attribute information, one or more authentication sources which hit corresponding to the attribute information items can be selected from a plurality of authentication sources according to the preset matching rule, and the hit one or more authentication sources can form an authentication subset of the attribute information items.
S303: and determining intersections of a plurality of authentication subsets corresponding to the attribute information items, and taking an authentication source in the intersections as the optimal authentication source.
And performing an intersection operation on a plurality of authentication subsets, wherein the authentication sources in the determined intersection are authentication sources meeting the preset matching rule, and the authentication sources can be used as optimal authentication sources.
As shown in fig. 4, the mutual trust authentication method based on multiple authentication sources provided in one or more alternative embodiments of the present disclosure further includes, after selecting an optimal authentication source:
s401: and generating recommendation information according to the optimal authentication source, and receiving feedback information of a user aiming at the recommendation information.
S402: and determining whether the user accepts the optimal authentication source according to the feedback information.
S403: and responding to the user receiving the optimal authentication source, and acquiring user authentication information from the optimal authentication source to perform mutual trust authentication.
In the mutual trust authentication method based on multiple authentication sources, after the optimal authentication source is determined from multiple authentication sources, recommendation information is generated based on the optimal authentication source and pushed to a user so as to determine whether the user accepts the optimal authentication source, feedback information of the user in the mechanism has higher decision priority, and the optimal authentication source is used for mutual trust authentication under the condition that the user accepts the optimal authentication source. In the mode, the user feedback information is taken as the high priority basis of the overall decision, and the user feedback is taken into consideration without manually selecting from a plurality of authentication sources, so that the user experience is further optimized.
According to the mutual trust authentication method based on multiple authentication sources provided by one or more optional embodiments of the present disclosure, after receiving the feedback information each time, the feedback information is collected, and a user feedback database is created according to multiple pieces of feedback information; the user feedback database comprises a plurality of feedback record items, wherein the feedback record items comprise the feedback information, the optimal authentication source corresponding to the feedback information, the mutually trusted authentication request and the application attribute information.
According to the mutually trusted authentication method based on the multiple authentication sources, when other service functions are required to be called based on the current application terminal, the optimal authentication source is determined according to the mutually trusted authentication request, and meanwhile feedback information of a user according to the optimal authentication source is recorded, so that a user feedback database is generated. Each feedback record item in the user feedback database records the process information of one mutual trust authentication.
The feedback record data in the user feedback database has high application value. In some optional embodiments, the record data in the user feedback database is updated in real time, and in the mutual trust authentication method based on multiple authentication sources, the preset matching rule may be optimized and updated in real time according to the user feedback database. Specifically, a clustering algorithm, an artificial intelligence algorithm or a neural network training mode may be adopted to analyze and generalize big data in the user feedback database, so as to generate a new matching rule, where the matching rule is used to reflect the mapping relationship among the mutually trusted authentication request, the application attribute information and the optimal authentication source.
In one or more optional embodiments of the present disclosure, if the user is to accept the optimal authentication source, the mutual trust authentication method based on multiple authentication sources may further determine, by using a neural network matching model, an adapted authentication source corresponding to the mutual trust authentication request and the application attribute information as a new optimal authentication source, and generate new recommendation information based on the new optimal authentication source, and recommend again. The neural network matching model is generated by training the user feedback database.
And the optimal authentication source selects and determines from a plurality of authentication sources according to the preset matching rule, and based on recommendation information determined by the optimal authentication source, a new selection strategy, namely, a neural network matching model is adopted to conduct prediction recommendation under the condition that the recommendation information is not accepted by a user, and the matching authentication source is selected from the plurality of authentication sources again to recommend to the user. The neural network matching model is generated by training the user feedback database. As the scheme is continuously implemented, the data volume in the user feedback database is gradually increased, and the matching authentication source determined based on the neural network matching model generated by training the user feedback database is more accurate.
It should be noted that the methods of one or more embodiments of the present description may be performed by a single device, such as a computer or server. The method of the embodiment can also be applied to a distributed scene, and is completed by mutually matching a plurality of devices. In the case of such a distributed scenario, one of the devices may perform only one or more steps of the methods of one or more embodiments of the present description, the devices interacting with each other to accomplish the methods.
It should be noted that the foregoing describes specific embodiments of the present invention. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Based on the same inventive concept, the embodiment of the present specification also provides a mutually trusted authentication system based on multiple authentication sources, corresponding to the method of any embodiment described above.
Referring to fig. 5, the mutual trust authentication system based on multiple authentication sources includes:
the information acquisition module is used for receiving the mutual trust authentication request and acquiring application attribute information of the current application terminal;
the optimal authentication source screening module is used for selecting an optimal authentication source from a plurality of authentication sources based on a preset matching rule according to the application attribute information aiming at the mutually trusted authentication request; and
and the mutual trust authentication response module is used for acquiring user authentication information from the optimal authentication source and carrying out authentication response on the mutual trust authentication request based on the user authentication information.
In the mutually trusted authentication system based on multiple authentication sources provided in one or more optional embodiments of the present disclosure, the optimal authentication source screening module is further configured to determine a target service item to be invoked corresponding to the mutually trusted authentication request; selecting an adaptive authentication source corresponding to the target service item from a plurality of authentication sources; evaluating a plurality of adaptive authentication sources based on the preset matching rules to determine matching values of the adaptive authentication sources relative to the mutually trusted authentication requests; and selecting and determining the optimal authentication source from a plurality of adaptive authentication sources according to the matching value.
In the mutually trusted authentication system based on multiple authentication sources provided in one or more optional embodiments of the present disclosure, the optimal authentication source screening module is further configured to extract multiple attribute information items from the application attribute information; selecting a plurality of authentication sources matched with the attribute information items to form an authentication subset according to the preset matching rule; and determining intersections of a plurality of authentication subsets corresponding to the attribute information items, and taking an authentication source in the intersections as the optimal authentication source.
The mutual trust authentication system based on multiple authentication sources provided by one or more optional embodiments of the present disclosure further includes an optimal authentication source recommendation module. The optimal authentication source recommending module is used for generating recommending information according to the optimal authentication source and receiving feedback information of a user for the recommending information; determining whether the user accepts the optimal authentication source according to the feedback information; and responding to the user receiving the optimal authentication source, and acquiring user authentication information from the optimal authentication source to perform mutual trust authentication.
The mutual trust authentication system based on multiple authentication sources provided by one or more alternative embodiments of the present disclosure further includes a feedback information collection module. The feedback information collection module is used for collecting the feedback information after receiving the feedback information each time, and creating a user feedback database according to a plurality of pieces of feedback information; the user feedback database comprises a plurality of feedback record items, wherein the feedback record items comprise the feedback information, the optimal authentication source corresponding to the feedback information, the mutually trusted authentication request and the application attribute information.
According to the mutually trusted authentication system based on multiple authentication sources provided by one or more optional embodiments of the present disclosure, the feedback information collection module is further configured to perform real-time optimization update on the preset matching rule according to the user feedback database.
In the mutually trusted authentication system based on multiple authentication sources provided in one or more optional embodiments of the present disclosure, the optimal authentication source recommendation module is further configured to determine, by using a neural network matching model, a matching authentication source corresponding to the mutually trusted authentication request and the application attribute information as a new optimal authentication source when the user does not accept the optimal authentication source; generating new recommendation information based on the new optimal authentication source, and recommending again; the neural network matching model is generated by training the user feedback database.
In the mutually trusted authentication system based on multiple authentication sources provided in one or more alternative embodiments of the present disclosure, the mutually trusted authentication response module is further configured to select a mutually trusted authentication protocol corresponding to the optimal authentication source, and communicate with the optimal authentication source according to the mutually trusted authentication protocol to obtain the user authentication information.
For convenience of description, the above devices are described as being functionally divided into various modules, respectively. Of course, the functions of each module may be implemented in one or more pieces of software and/or hardware when implementing one or more embodiments of the present description.
The device of the foregoing embodiment is configured to implement the corresponding method in the foregoing embodiment, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Fig. 6 shows a more specific hardware architecture of an electronic device according to this embodiment, where the device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 implement communication connections therebetween within the device via a bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit ), microprocessor, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, etc. for executing relevant programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory ), static storage device, dynamic storage device, or the like. Memory 1020 may store an operating system and other application programs, and when the embodiments of the present specification are implemented in software or firmware, the associated program code is stored in memory 1020 and executed by processor 1010.
The input/output interface 1030 is used to connect with an input/output module for inputting and outputting information. The input/output module may be configured as a component in a device (not shown) or may be external to the device to provide corresponding functionality. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various types of sensors, etc., and the output devices may include a display, speaker, vibrator, indicator lights, etc.
Communication interface 1040 is used to connect communication modules (not shown) to enable communication interactions of the present device with other devices. The communication module may implement communication through a wired manner (such as USB, network cable, etc.), or may implement communication through a wireless manner (such as mobile network, WIFI, bluetooth, etc.).
Bus 1050 includes a path for transferring information between components of the device (e.g., processor 1010, memory 1020, input/output interface 1030, and communication interface 1040).
It should be noted that although the above-described device only shows processor 1010, memory 1020, input/output interface 1030, communication interface 1040, and bus 1050, in an implementation, the device may include other components necessary to achieve proper operation. Furthermore, it will be understood by those skilled in the art that the above-described apparatus may include only the components necessary to implement the embodiments of the present description, and not all the components shown in the drawings.
The electronic device of the foregoing embodiment is configured to implement the corresponding method in the foregoing embodiment, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same inventive concept, corresponding to any of the above embodiments of the method, the present disclosure further provides a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the multi-authentication source based mutually trusted authentication method as described in any of the above embodiments.
The computer readable media of the present embodiments, including both permanent and non-permanent, removable and non-removable media, may be used to implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device.
The storage medium of the foregoing embodiments stores computer instructions for causing the computer to perform the mutually trusted authentication method based on multiple authentication sources as described in any one of the foregoing embodiments, and has the advantages of the corresponding method embodiments, which are not described herein.
It will be appreciated by those skilled in the art that implementing all or part of the above-described embodiment method may be implemented by a computer program to instruct related hardware, where the program may be stored in a computer readable storage medium, and the program may include the above-described embodiment method when executed. Wherein the storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a Flash Memory (Flash Memory), a Hard Disk (HDD), or a Solid State Drive (SSD); the storage medium may also comprise a combination of memories of the kind described above.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functions of each element may be implemented in one or more software and/or hardware elements when implemented in the present application.
It will be appreciated by those skilled in the art that embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the present specification may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present description can take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the disclosure, including the claims, is limited to these examples; combinations of features of the above embodiments or in different embodiments are also possible within the spirit of the present disclosure, steps may be implemented in any order, and there are many other variations of the different aspects of one or more embodiments described above which are not provided in detail for the sake of brevity.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The present disclosure is intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Any omissions, modifications, equivalents, improvements, and the like, which are within the spirit and principles of the one or more embodiments of the disclosure, are therefore intended to be included within the scope of the disclosure.
Claims (9)
1. A mutually trusted authentication method based on multiple authentication sources, the method comprising:
receiving a mutual trust authentication request and acquiring application attribute information of a current application terminal;
aiming at the mutually trusted authentication request, selecting an optimal authentication source from a plurality of authentication sources based on a preset matching rule according to the application attribute information;
acquiring user authentication information from the optimal authentication source, and performing authentication response to the mutually trusted authentication request based on the user authentication information;
aiming at the mutually trusted authentication request, selecting an optimal authentication source from a plurality of authentication sources based on a preset matching rule according to the application attribute information, wherein the method comprises the following steps:
extracting a plurality of attribute information items from the application attribute information;
selecting a plurality of authentication sources matched with the attribute information items to form an authentication subset according to the preset matching rule;
and determining intersections of a plurality of authentication subsets corresponding to the attribute information items, and taking an authentication source in the intersections as the optimal authentication source.
2. The method of claim 1, wherein selecting an optimal authentication source from a plurality of authentication sources based on a preset matching rule according to the application attribute information for the mutually trusted authentication request, comprises:
determining a target service item which corresponds to the mutually trusted authentication request and needs to be called;
selecting an adaptive authentication source corresponding to the target service item from a plurality of authentication sources;
evaluating a plurality of adaptive authentication sources based on the preset matching rules to determine matching values of the adaptive authentication sources relative to the mutually trusted authentication requests;
and selecting and determining the optimal authentication source from a plurality of adaptive authentication sources according to the matching value.
3. The method of claim 1, further comprising, after selecting the optimal authentication source:
generating recommendation information according to the optimal authentication source, and receiving feedback information of a user aiming at the recommendation information;
determining whether the user accepts the optimal authentication source according to the feedback information;
and responding to the user receiving the optimal authentication source, and acquiring user authentication information from the optimal authentication source to perform mutual trust authentication.
4. A method according to claim 3, wherein the method further comprises, after each receipt of the feedback information:
collecting the feedback information, and creating a user feedback database according to a plurality of pieces of feedback information;
the user feedback database comprises a plurality of feedback record items, wherein the feedback record items comprise the feedback information, the optimal authentication source corresponding to the feedback information, the mutually trusted authentication request and the application attribute information.
5. The method of claim 4, further comprising optimizing and updating the preset matching rules in real time according to the user feedback database.
6. The method of claim 4, wherein in response to the user not accepting the optimal authentication source, the method further comprises:
determining a matching authentication source corresponding to the mutually trusted authentication request and the application attribute information as a new optimal authentication source by using a neural network matching model;
generating new recommendation information based on the new optimal authentication source, and recommending again;
the neural network matching model is generated by training the user feedback database.
7. The method of claim 1, wherein obtaining user authentication information from the optimal authentication source comprises:
selecting a mutual trust authentication protocol corresponding to the optimal authentication source, and communicating with the optimal authentication source according to the mutual trust authentication protocol to acquire the user authentication information.
8. A mutually trusted authentication system based on multiple authentication sources, the system comprising:
the information acquisition module is used for receiving the mutual trust authentication request and acquiring application attribute information of the current application terminal;
the optimal authentication source screening module is configured to select, for the mutually trusted authentication request, an optimal authentication source from a plurality of authentication sources based on a preset matching rule according to the application attribute information, and includes:
extracting a plurality of attribute information items from the application attribute information; selecting a plurality of authentication sources matched with the attribute information items to form an authentication subset according to the preset matching rule; determining intersections of a plurality of authentication subsets corresponding to a plurality of attribute information items, and taking an authentication source in the intersections as the optimal authentication source;
and the mutual trust authentication response module is used for acquiring user authentication information from the optimal authentication source and carrying out authentication response on the mutual trust authentication request based on the user authentication information.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 7 when the program is executed by the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310835321.2A CN116561735B (en) | 2023-07-10 | 2023-07-10 | Mutual trust authentication method and system based on multiple authentication sources and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310835321.2A CN116561735B (en) | 2023-07-10 | 2023-07-10 | Mutual trust authentication method and system based on multiple authentication sources and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116561735A CN116561735A (en) | 2023-08-08 |
| CN116561735B true CN116561735B (en) | 2024-04-05 |
Family
ID=87502278
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310835321.2A Active CN116561735B (en) | 2023-07-10 | 2023-07-10 | Mutual trust authentication method and system based on multiple authentication sources and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116561735B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109145574A (en) * | 2018-07-26 | 2019-01-04 | 深圳市买买提信息科技有限公司 | Identity identifying method, device, server and storage medium |
| CN109685449A (en) * | 2018-11-29 | 2019-04-26 | 甘肃万维信息科技有限责任公司 | Government affairs service system Internet-based |
| CN110012028A (en) * | 2019-04-19 | 2019-07-12 | 福建医联康护信息技术有限公司 | Medical identity identifying method and system |
| CN114491489A (en) * | 2022-02-17 | 2022-05-13 | 中国工商银行股份有限公司 | Request response method and device, electronic equipment and storage medium |
| CN116192476A (en) * | 2023-01-13 | 2023-05-30 | 宁波璇玑大数据有限公司 | Mutually trusted login system and method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111383022B (en) * | 2018-12-29 | 2020-12-08 | 广州市百果园信息技术有限公司 | Background architecture method, system, computer equipment and storage medium for aggregated payment |
-
2023
- 2023-07-10 CN CN202310835321.2A patent/CN116561735B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109145574A (en) * | 2018-07-26 | 2019-01-04 | 深圳市买买提信息科技有限公司 | Identity identifying method, device, server and storage medium |
| CN109685449A (en) * | 2018-11-29 | 2019-04-26 | 甘肃万维信息科技有限责任公司 | Government affairs service system Internet-based |
| CN110012028A (en) * | 2019-04-19 | 2019-07-12 | 福建医联康护信息技术有限公司 | Medical identity identifying method and system |
| CN114491489A (en) * | 2022-02-17 | 2022-05-13 | 中国工商银行股份有限公司 | Request response method and device, electronic equipment and storage medium |
| CN116192476A (en) * | 2023-01-13 | 2023-05-30 | 宁波璇玑大数据有限公司 | Mutually trusted login system and method |
Non-Patent Citations (1)
| Title |
|---|
| 基于LDAP实现多认证源的统一身份认证实践――以华东师范大学图书馆为例;李欣 等;现代图书情报技术(第04期);第89-93页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116561735A (en) | 2023-08-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110297848B (en) | Recommendation model training method, terminal and storage medium based on federal learning | |
| JP6549128B2 (en) | System and method for guided user action | |
| US20130110992A1 (en) | Electronic device management using interdomain profile-based inferences | |
| US10915524B1 (en) | Scalable distributed data processing and indexing | |
| CN109831532B (en) | Data sharing method, device, equipment and medium | |
| CN113190757A (en) | Multimedia resource recommendation method and device, electronic equipment and storage medium | |
| CN107807841B (en) | Server simulation method, device, equipment and readable storage medium | |
| JP2021103506A (en) | Method and device for generating information | |
| JP5264813B2 (en) | Evaluation apparatus, evaluation method, and evaluation program | |
| CN115841366B (en) | Method and device for training object recommendation model, electronic equipment and storage medium | |
| CN113807926A (en) | Recommendation information generation method and device, electronic equipment and computer readable medium | |
| CN109992719B (en) | Method and apparatus for determining push priority information | |
| JP2024508502A (en) | Methods and devices for pushing information | |
| CN116561735B (en) | Mutual trust authentication method and system based on multiple authentication sources and electronic equipment | |
| US11593449B1 (en) | Reducing computing calls for webpage load times and resources | |
| CN111582456B (en) | Method, apparatus, device and medium for generating network model information | |
| CN113822429A (en) | Interpretation method, device and equipment for recommendation system and readable storage medium | |
| CN110852873A (en) | Data trust method, device, equipment and computer readable storage medium | |
| CN110580200A (en) | Data synchronization method and device | |
| CN112286609B (en) | Method and device for managing shortcut setting items of intelligent terminal | |
| CN114944962B (en) | Data security protection method and system | |
| KR102641628B1 (en) | Method and system for providing service using segmented deep learning model | |
| CN116501993B (en) | House source data recommendation method and device | |
| CN111582482B (en) | Method, apparatus, device and medium for generating network model information | |
| CN111526054B (en) | Method and device for acquiring network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |