CN117150458A

CN117150458A - Object identity authentication method and device based on target application and storage medium

Info

Publication number: CN117150458A
Application number: CN202210563945.9A
Authority: CN
Inventors: 肖承柳; 林布锴; 巨少飞
Original assignee: Guangzhou Tencent Technology Co Ltd
Current assignee: Guangzhou Tencent Technology Co Ltd
Priority date: 2022-05-23
Filing date: 2022-05-23
Publication date: 2023-12-01

Abstract

The application discloses an object identity authentication method and device based on target application and a storage medium, which can be applied to the field of maps. Certificate detection is carried out through the near field communication module; then sending the certificate encryption information detected by the near field communication module to a confidence decoding system for inquiring to obtain identity information; and receiving identity information sent by the certificate inquiry service system; and comparing the identity information with the registration information corresponding to the target object in the service background corresponding to the target application to determine an identity authentication result. Therefore, the object identity authentication process based on the target application is realized, the trusted certificate detection is carried out by adopting the near field communication, and the verification of the identity information is carried out by a multiparty system, so that the generation of counterfeit identity information can be effectively avoided, and the accuracy of the identity authentication is improved.

Description

Object identity authentication method and device based on target application and storage medium

Technical Field

The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for identifying an object based on a target application, and a storage medium.

Background

With the rapid development of internet technology, people have increasingly high requirements for identity authentication, for example, the identity authentication can be performed in games to prevent minors from being indulged.

Generally, identity information (such as a face and a fingerprint) of a target object is obtained through a biological recognition technology, and then is compared with the identity information of a registered account of the target object, and the identity of the target object and the registered account are checked to judge the consistency of the identity information and the identity information so as to identify the true identity of the current target object.

However, the identity information obtained through the biometric identification is easy to forge, and the forged identity information can easily pass through the identity identification, so that the accuracy of the identity identification is affected.

Disclosure of Invention

In view of the above, the application provides a target application-based object identity authentication method, which can effectively improve the accuracy of identity authentication.

The first aspect of the present application provides an object identity authentication method based on a target application, which can be applied to a system or a program including an object identity authentication function based on a target application in a terminal device, and specifically includes:

responding to the starting of an identity authentication process aiming at a target object in a target application, and arousing a near field communication module of terminal equipment to carry out certificate detection;

acquiring certificate encryption information detected by the near field communication module;

Sending the certificate encryption information to a confidence decoding system, so that the confidence decoding system responds to the certificate encryption information to generate a decryption receipt, wherein the decryption receipt is used for triggering a service background corresponding to the target application to initiate identity information inquiry to a certificate inquiry service system to obtain identity information, and the identity information is obtained by sending inquiry request feedback containing the decryption receipt to the confidence decoding system through the certificate inquiry service system;

receiving the identity information sent by the certificate inquiry service system;

and comparing the identity information with the registration information corresponding to the target object in the service background corresponding to the target application to determine an identity authentication result.

Optionally, in some possible implementations of the present application, the responding to the start of the identity authentication process for the target object in the target application, and calling the near field communication module of the terminal device to perform certificate detection includes:

responding to the starting of an identity authentication process aiming at the target object in the target application, and detecting a hardware environment corresponding to the target application through a near field module detection interface;

If the hardware environment supports a near field communication function, detecting the starting state of the near field communication module;

and if the starting state of the near field communication module indicates that the near field communication module is started, setting the near field communication module as a card reader mode so as to call the near field communication module to detect certificates.

Optionally, in some possible implementations of the present application, the method further includes:

if the starting state of the near field communication module indicates that the near field communication module is not started, sending a starting prompt through system broadcasting;

if the near field communication module is not evoked, entering a switch configuration page aiming at the near field communication module so as to start the near field communication module.

Optionally, in some possible implementations of the present application, in response to starting an authentication process for the target object in the target application, detecting, by a near field module detection interface, a hardware environment corresponding to the target application includes:

acquiring login information input by the target object in the target application;

uploading the login information to a verification background of the target application to perform login verification on the login information;

If the login verification is passed, starting an identity authentication process aiming at the target object;

and detecting the hardware environment corresponding to the target application through the near-field module detection interface.

Optionally, in some possible implementations of the present application, the detecting, by the near field module detection interface, a hardware environment corresponding to the target application includes:

determining time information when the target object inputs the login information based on an operation process corresponding to the target application;

acquiring an authentication period set for the target object;

comparing the time information with the authentication period;

and if the moment indicated by the moment information is in the authentication period, detecting a hardware environment corresponding to the target application through the near field module detection interface.

Optionally, in some possible implementations of the present application, the acquiring an authentication period set for the target object includes:

determining date information corresponding to the time information;

comparing preset dates based on the date information to determine an idle state corresponding to the date information;

the authentication period set for the target object is acquired according to the idle state.

Optionally, in some possible implementations of the present application, the acquiring credential encryption information detected by the near field communication module includes:

responding to the near field communication module to detect the approach of a detection object, and establishing connection between the near field communication module and an object tag corresponding to the detection object;

reading tag data contained in the object tag;

packaging the tag data as a near field communication event to distribute the near field communication event to an event detector;

determining, by the event detector, an object type of the detection object;

and if the object type is a preset type, analyzing the target data segment in the tag data to obtain the certificate encryption information.

Optionally, in some possible implementations of the present application, if the object type is a preset type, analyzing the target data segment in the tag data to obtain the certificate encryption information includes:

if the object type is a preset type, determining a data record sequence corresponding to the tag data;

analyzing the data record sequence to determine an identification data segment and the target data segment;

And analyzing the load information in the target data segment to obtain the certificate encryption information.

Optionally, in some possible implementations of the present application, the sending the certificate encryption information to a trusted decoding system, so that the trusted decoding system generates a decryption response piece in response to the certificate encryption information, including:

packaging the certificate encryption information as a decoding request;

transmitting the decoding request to the trusted decoding system so that the trusted decoding system verifies the decoding request;

if the verification is passed, the confidence decoding system generates the decryption receipt based on the certificate encryption information;

the step of receiving the identity information sent by the certificate inquiry service system comprises the following steps:

acquiring the decryption receipt fed back by the confidence decoding system;

sending the decryption receipt to a service background corresponding to the target application, so that the service background corresponding to the target application forwards the decryption receipt to the certificate inquiry service system;

the certificate inquiry service system performs validity verification based on the decryption receipt;

if the validity verification is passed, forwarding the decryption receipt to the confidence decoding system for information decoding to obtain the identity information;

And receiving the identity information sent by the certificate inquiry service system.

Optionally, in some possible implementations of the present application, the authenticating the identity information with the registration information corresponding to the target object in the service background corresponding to the target application includes:

responding to the acquisition of the identity information, and starting a verification page in the target application;

determining key information for indicating the target object based on the identity information;

encrypting and transmitting the key information to a service background corresponding to the target application through the verification page so as to identify the key information and registration information corresponding to the target object in the service background corresponding to the target application;

the outputting the identity authentication result corresponding to the target object to the target application comprises the following steps:

and receiving an identity authentication result corresponding to the target object and fed back by the service background corresponding to the target application.

determining an identity corresponding to the target object based on the identity authentication result;

binding the identity with the target object;

Broadcasting the identity mark so that the association application receives a binding relation for binding the identity mark and the target object;

and responding to the target object to trigger the association application, and carrying out identity authentication of the target object based on the identity.

Optionally, in some possible implementations of the present application, broadcasting the identity, so that the association application receives a binding relationship for binding the identity and the target object, includes:

analyzing the description information corresponding to the target application to determine the application type corresponding to the application managed by the target application;

performing application traversal based on the application type to determine the associated application;

broadcasting the identity mark so that the association application receives the binding relation for binding the identity mark and the target object.

A second aspect of the present application provides an object identity authentication device based on a target application, including:

the acquisition unit is used for responding to the starting of an identity authentication process aiming at a target object in the target application and arousing a near field communication module of the terminal equipment to carry out certificate detection;

The acquisition unit is also used for acquiring certificate encryption information detected by the near field communication module;

the sending unit is used for sending the certificate encryption information to the confidence decoding system so that the confidence decoding system responds to the certificate encryption information to generate a decryption receipt, the decryption receipt is used for triggering a service background corresponding to the target application to initiate identity information inquiry to a certificate inquiry service system to obtain identity information, and the identity information is obtained by sending inquiry request feedback containing the decryption receipt to the confidence decoding system through the certificate inquiry service system;

the receiving unit is used for receiving the identity information sent by the certificate inquiry service system;

the authentication unit is used for performing authentication processing on the identity information and registration information corresponding to the target object in a service background corresponding to the target application;

the obtaining unit is further configured to output an identity authentication result corresponding to the target object to the target application.

Optionally, in some possible implementation manners of the present application, the obtaining unit is specifically configured to detect, through a near field module detection interface, a hardware environment corresponding to the target application in response to starting an identity authentication process for the target object in the target application;

The acquiring unit is specifically configured to detect a start state of the near field communication module if the hardware environment supports a near field communication function;

the acquiring unit is specifically configured to set the near field communication module as a card reader mode if the start state of the near field communication module indicates that the near field communication module is turned on, so as to call the near field communication module to perform certificate detection.

Optionally, in some possible implementation manners of the present application, the obtaining unit is specifically configured to send an opening alert through system broadcast if the start state of the near field communication module indicates that the near field communication module is not opened;

the acquiring unit is specifically configured to enter a switch configuration page for the near field communication module if the near field communication module is not evoked, so as to open the near field communication module.

Optionally, in some possible implementations of the present application, the obtaining unit is specifically configured to obtain login information input by the target object in the target application;

the acquisition unit is specifically configured to upload the login information to a verification background of the target application, so as to perform login verification on the login information;

The acquisition unit is specifically configured to start an identity authentication process for the target object if login verification is passed;

the acquisition unit is specifically configured to detect, through the near-field module detection interface, a hardware environment corresponding to the target application.

Optionally, in some possible implementation manners of the present application, the obtaining unit is specifically configured to determine, based on an operation process corresponding to the target application, time information when the target object inputs the login information;

the acquisition unit is specifically configured to acquire an authentication period set for the target object;

the acquisition unit is specifically configured to compare the time information with the authentication period;

the acquiring unit is specifically configured to detect, through the near-field module detection interface, a hardware environment corresponding to the target application if the time indicated by the time information is within the authentication period.

Optionally, in some possible implementation manners of the present application, the acquiring unit is specifically configured to determine date information corresponding to the time information;

the acquiring unit is specifically configured to perform preset date comparison based on the date information, so as to determine an idle state corresponding to the date information;

The acquisition unit is specifically configured to acquire the authentication period set for the target object according to the idle state.

Optionally, in some possible implementations of the present application, the acquiring unit is specifically configured to, in response to the near field communication module detecting that a detection object is close, establish a connection between the near field communication module and an object tag corresponding to the detection object;

the acquiring unit is specifically configured to read tag data contained in the object tag;

the acquisition unit is specifically configured to package the tag data into a near field communication event, so as to distribute the near field communication event to an event detector;

the acquisition unit is specifically configured to determine an object type of the detection object through the event detector;

the obtaining unit is specifically configured to parse the target data segment in the tag data if the object type is a preset type, so as to obtain the certificate encryption information.

Optionally, in some possible implementation manners of the present application, the obtaining unit is specifically configured to determine a data record sequence corresponding to the tag data if the object type is a preset type;

The acquisition unit is specifically configured to parse the data record sequence to determine an identification data segment and the target data segment;

the obtaining unit is specifically configured to parse the load information in the target data segment to obtain the certificate encryption information.

Optionally, in some possible implementations of the present application, the sending unit is specifically configured to package the certificate encryption information as a decoding request;

the sending unit is specifically configured to send the decoding request to the trusted decoding system, so that the trusted decoding system checks the decoding request;

the sending unit is specifically configured to generate the decryption receipt based on the certificate encryption information by the trusted decoding system if the verification passes;

the receiving unit is specifically configured to obtain the decryption receipt fed back by the trusted decoding system;

the receiving unit is specifically configured to send the decrypted receipt to a service background corresponding to the target application, so that the service background corresponding to the target application forwards the decrypted receipt to the certificate inquiry service system;

the receiving unit is specifically used for verifying the validity of the certificate inquiry service system based on the decryption receipt;

The receiving unit is specifically configured to forward the decrypted receipt to the trusted decoding system for information decoding to obtain the identity information if the validity verification is passed;

the receiving unit is specifically configured to receive the identity information sent by the certificate query service system.

Optionally, in some possible implementations of the present application, the authentication unit is specifically configured to open a verification page in the target application in response to the obtaining of the identity information;

the authentication unit is specifically configured to determine key information for indicating the target object based on the identity information;

the authentication unit is specifically configured to encrypt the key information through the verification page and transmit the encrypted key information to a service background corresponding to the target application, so that authentication processing is performed on the key information and registration information corresponding to the target object in the service background corresponding to the target application;

the authentication unit is specifically configured to receive an identity authentication result corresponding to the target object, which is fed back by the service background corresponding to the target application.

Optionally, in some possible implementations of the present application, the authentication unit is specifically configured to determine an identity identifier corresponding to the target object based on an identity authentication result;

The authentication unit is specifically configured to bind the identity identifier with the target object;

the authentication unit is specifically configured to broadcast the identity, so that an association application receives a binding relationship for binding the identity and the target object;

the authentication unit is specifically configured to trigger the association application in response to the target object, and perform identity authentication of the target object based on the identity.

Optionally, in some possible implementation manners of the present application, the identifying unit is specifically configured to parse the description information corresponding to the target application to determine an application type corresponding to an application managed by the target application;

the authentication unit is specifically configured to perform application traversal based on the application type to determine the associated application;

the authentication unit is specifically configured to broadcast the identity, so that the association application receives a binding relationship for binding the identity and the target object.

A third aspect of the present application provides a computer apparatus comprising: a memory, a processor, and a bus system; the memory is used for storing program codes; the processor is configured to execute the object authentication method based on the target application according to the first aspect or any one of the first aspects according to an instruction in the program code.

A fourth aspect of the application provides a computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the object authentication method based on the target application of the first aspect or any one of the first aspects.

According to one aspect of the present application, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions, so that the computer device performs the object authentication method based on the target application provided in the first aspect or various optional implementations of the first aspect.

From the above technical solutions, the embodiment of the present application has the following advantages:

the method comprises the steps of starting an identity authentication process aiming at a target object in response to a target application, and calling a near field communication module of terminal equipment to detect credentials; then acquiring certificate encryption information detected by a near field communication module; the certificate encryption information is sent to the confidence decoding system, so that the confidence decoding system responds to the certificate encryption information to generate a decryption receipt, the decryption receipt is used for triggering a service background corresponding to the target application to initiate identity information inquiry to the certificate inquiry service system to obtain identity information, and the identity information is sent to the confidence decoding system through the certificate inquiry service system to be fed back by an inquiry request containing the decryption receipt; and receiving identity information sent by the certificate inquiry service system; and comparing the identity information with the registration information corresponding to the target object in the service background corresponding to the target application to determine an identity authentication result. Therefore, the object identity authentication process based on the target application is realized, the trusted certificate detection is carried out by adopting the near field communication, and the verification of the identity information is carried out by a multiparty system, so that the generation of counterfeit identity information can be effectively avoided, and the accuracy of the identity authentication is improved.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.

FIG. 1 is a diagram of a network architecture for target application-based operation of a subject identification system;

FIG. 2 is a flowchart of a target application-based object identity authentication procedure according to an embodiment of the present application;

FIG. 3 is a flowchart of an object identity authentication method based on a target application according to an embodiment of the present application;

fig. 4 is a schematic view of a scenario of an object identity authentication method based on a target application according to an embodiment of the present application;

FIG. 5 is a schematic view of another object identity authentication method based on a target application according to an embodiment of the present application;

FIG. 6 is a flowchart of another object identity authentication method based on a target application according to an embodiment of the present application;

FIG. 7 is a schematic view of another object identity authentication method based on a target application according to an embodiment of the present application;

FIG. 8 is a flowchart of another object identity authentication method based on a target application according to an embodiment of the present application;

FIG. 9 is a flowchart of another object identity authentication method based on a target application according to an embodiment of the present application;

FIG. 10 is a schematic diagram of a scenario of another object identity authentication method based on a target application according to an embodiment of the present application;

FIG. 11 is a flowchart of another object identity authentication method based on a target application according to an embodiment of the present application;

FIG. 12 is a flowchart of another object identity authentication method based on a target application according to an embodiment of the present application;

FIG. 13 is a schematic structural diagram of an object identity authentication device based on a target application according to an embodiment of the present application;

fig. 14 is a schematic structural diagram of a terminal device according to an embodiment of the present application;

fig. 15 is a schematic structural diagram of a server according to an embodiment of the present application.

Detailed Description

The embodiment of the application provides an object identity authentication method based on a target application and a related device, which can be applied to a system or a program containing an object identity authentication function based on the target application in terminal equipment, and call a near field communication module of the terminal equipment to detect credentials by responding to the starting of an identity authentication process aiming at the target object in the target application; then acquiring certificate encryption information detected by a near field communication module; the certificate encryption information is sent to the confidence decoding system, so that the confidence decoding system responds to the certificate encryption information to generate a decryption receipt, the decryption receipt is used for triggering a service background corresponding to the target application to initiate identity information inquiry to the certificate inquiry service system to obtain identity information, and the identity information is sent to the confidence decoding system through the certificate inquiry service system to be fed back by an inquiry request containing the decryption receipt; and receiving identity information sent by the certificate inquiry service system; and comparing the identity information with the registration information corresponding to the target object in the service background corresponding to the target application to determine an identity authentication result. Therefore, the object identity authentication process based on the target application is realized, the trusted certificate detection is carried out by adopting the near field communication, and the verification of the identity information is carried out by a multiparty system, so that the generation of counterfeit identity information can be effectively avoided, and the accuracy of the identity authentication is improved.

The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented, for example, in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "includes" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.

First, some terms that may appear in the embodiments of the present application will be explained.

NFC, a main difference between the NFC technology and data transmission technologies such as wifi, bluetooth and infrared is that the effective distance is generally not more than 4cm. There are various application modes, in which the card reader mode is mainly applied to entrance guard, IC card, article label, and information stored in the medium is obtained after close contact.

NDEF, a standardized data format, can be used to exchange information between any compatible NFC device and another NFC device or tag. The data format consists of NDEF messages and NDEF records. The standard is maintained by the NFC forum and can be referenced for free, but needs to accept a licensing agreement for downloading.

JSBridge is a bridge built by javascript, one end is web, and the other end is native. The purpose of setting up the bridge is also very simple, so that native can call the javascript code of the web, and the web can call the native code.

It should be understood that the object identity authentication method based on the target application provided by the present application may be applied to a system or a program including an object identity authentication function based on the target application in a terminal device, for example, a mobile phone manager, specifically, the object identity authentication system based on the target application may operate in a network architecture shown in fig. 1, as shown in fig. 1, which is a network architecture diagram operated by the object identity authentication system based on the target application, as shown in the figure, the object identity authentication system based on the target application may provide an object identity authentication process based on the target application with a plurality of information sources, that is, an acquisition of identity information based on near field communication is performed on a target object performing an operation through a triggering operation on a terminal side, so as to perform identity authentication; it will be appreciated that various terminal devices are shown in fig. 1, the terminal devices may be computer devices, in an actual scenario, there may be more or fewer terminal devices participating in the process of object identity authentication based on the target application, and the specific number and types depend on the actual scenario, which is not limited herein, and in addition, one server is shown in fig. 1, but in an actual scenario, there may also be participation of multiple servers, where the specific number of servers depends on the actual scenario.

In this embodiment, the server may be an independent physical server, or may be a server cluster or a distributed system formed by a plurality of physical servers, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud security, data security, identity authentication, game player identification, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, and basic cloud computing services such as big data and artificial intelligence platforms. The terminal may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, a smart voice interaction device, a smart home appliance, a vehicle-mounted terminal, and the like. The terminals and servers may be directly or indirectly connected by wired or wireless communication, and the terminals and servers may be connected to form a blockchain network, which is not limited herein.

It will be appreciated that the above object authentication system based on the target application may be operated in a personal mobile terminal, for example: the mobile phone manager can be used as an application, such as a mobile phone manager, and can also be used as a third party device to provide object identity authentication based on the target application so as to obtain an object identity authentication processing result based on the target application of the information source; the specific object identity authentication system based on the target application may be in a program form and run in the device, or may be run as a system component in the device, or may be used as a cloud service program, where the specific operation mode is determined by the actual scenario and is not limited herein.

In order to solve the above problems, the present application provides a target application-based object identity authentication method, which is applied to a target application-based object identity authentication flow framework shown in fig. 2, and as shown in fig. 2, the target application-based object identity authentication flow framework provided in the embodiment of the present application, the target object issues identity information to a server through near field communication through a terminal interaction operation, and performs multi-platform information verification through the server, and further performs trusted information decoding, thereby obtaining an identity authentication result.

Specifically, the method can be applied to identity authentication of the game player, namely, the NFC functional module on the intelligent device reads the national legal certificate owned by the game player, and the acquired legal certificate information is used for comparing with the real name registration identity information of the account number of the game player so as to authenticate the real identity of the current player.

It can be understood that the method provided by the application can be a program writing method, which is used as a processing logic in a hardware system, and can also be used as an object identity authentication device based on a target application, and the processing logic is realized in an integrated or external mode. As one implementation manner, the object identity authentication device based on the target application calls a near field communication module of the terminal equipment to perform certificate detection by responding to the starting of an identity authentication process aiming at the target object in the target application; then acquiring certificate encryption information detected by a near field communication module; the certificate encryption information is sent to the confidence decoding system, so that the confidence decoding system responds to the certificate encryption information to generate a decryption receipt, the decryption receipt is used for triggering a service background corresponding to the target application to initiate identity information inquiry to the certificate inquiry service system to obtain identity information, and the identity information is sent to the confidence decoding system through the certificate inquiry service system to be fed back by an inquiry request containing the decryption receipt; and receiving identity information sent by the certificate inquiry service system; and comparing the identity information with the registration information corresponding to the target object in the service background corresponding to the target application to determine an identity authentication result. Therefore, the object identity authentication process based on the target application is realized, the trusted certificate detection is carried out by adopting the near field communication, and the verification of the identity information is carried out by a multiparty system, so that the generation of counterfeit identity information can be effectively avoided, and the accuracy of the identity authentication is improved.

With reference to the above flowchart, the method for identifying an object based on a target application in the present application will be described below, referring to fig. 3, fig. 3 is a flowchart of a method for identifying an object based on a target application, where the method for managing an object based on a target application may be executed by a terminal or a server, and the embodiment of the present application at least includes the following steps:

301. and responding to the starting of an identity authentication process aiming at a target object in the target application, and arousing a near field communication module of the terminal equipment to carry out certificate detection.

In this embodiment, the target application may be an application for performing identity authentication management, or may be a game application, in which a plug-in for identity authentication management is configured, or may be a cloud-end identity authentication application, which is initiated when, for example, a game is started, where a specific form depends on an actual scenario.

In one possible scenario, for example, in the scenarios of game login, payment, etc., when the game application determines that the current target object is suspected of being a minor, the game may prompt the target object to perform identification authentication, and the game may be continued only after authentication is completed, or else the game may not be continued.

The embodiment relates to certificate reading, certificate decryption and identity authentication, and an identity recognition system is formed by connecting the three parts in series, so that the system can complete the true identity authentication of a game player. Specifically as shown in fig. 4, fig. 4 is a schematic view of a scenario of an object identity authentication method based on a target application according to an embodiment of the present application; a player of unknown identity is shown, and after being identified by the identification system of the present embodiment, will be labeled as two types, adult game player and underage game player, and the classification result will be used as an important basis for game management of player game time and consumption.

Specifically, for the process of evoking the near field communication module to perform certificate detection, the method may first respond to the start of an identity authentication process for a target object in a target application, and detect a hardware environment corresponding to the target application through a near field module detection interface, for example, judge whether the device supports an NFC function through a nfcadapter, getdefaultadapter () system interface; if the hardware environment supports the near field communication function, detecting the starting state of the near field communication module, for example, android equipment, judging whether an interface is opened or not by reading an interface of a system of an nfcadapter.isenabled (), and if the interface is not opened, starting a guide target object; if the starting state of the near field communication module indicates that the near field communication module is started, the near field communication module is set to be in a card reader mode so as to call the near field communication module to carry out certificate detection, namely, the device can read data in an NDEF format from the NFC tag, then an NFC event detector is set, and when the NFC tag is close to the device, the event detector can immediately receive NFC event notification.

Optionally, if the start state of the near field communication module indicates that the near field communication module is not started, sending a start prompt through system broadcasting; if the near field communication module is not evoked, a switch configuration page aiming at the near field communication module is entered to start the near field communication module, so that the effectiveness of identity authentication is improved.

302. And acquiring certificate encryption information detected by the near field communication module.

In this embodiment, the certificate encryption information detected by the near field communication module is a process of analyzing the tag data in the detection object.

Specifically, firstly, in response to the near field communication module detecting the approach of a detection object, the near field communication module is connected with an object tag corresponding to the detection object; then reading tag data contained in the object tag; and packaging the tag data as near field communication events to distribute the near field communication events to the event detector; then determining the object type of the detected object through an event detector; if the object type is a preset type (for example, NDEF message), analyzing the target data segment in the tag data to obtain the certificate encryption information.

Optionally, the process of parsing the target data segment to obtain the certificate encryption information may be that a data record sequence (record) corresponding to the tag data is determined first; then parsing the data record sequence to determine an identification data segment (Header) and a target data segment (Payload); and analyzing the load information in the target data segment to obtain certificate encryption information. For example, in one possible scenario, fig. 5 is a schematic diagram of a scenario of another object identity authentication method based on a target application according to an embodiment of the present application; each NDEF message contains one or more NDEF records. Each Record can be divided into a Header, which is a specific Payload, and a Payload, which identifies the content and size of the Record using the following structure.

Next, description will be made with reference to a scenario with an NDEF format as a target type, as shown in fig. 6, and as shown in fig. 6, another flowchart of an object identity authentication method based on a target application according to an embodiment of the present application is provided; the diagram shows that firstly, whether the current hardware device supports the NFC function, for example, an android device is detected, when the SDK version of the system is higher than 13, whether the device supports the NFC function can be judged through an nfcabdapter.

The current target object is then directed to turn on the NFC functionality. For example, the android device may determine whether the interface is opened by reading the nfcabalter.isenabled () system interface, and if not, it needs to guide the target object to be opened. First it is detected whether the device supports a default open path. The system broadcast transmission is tried to be performed on the options_wireless_settings and the options_nfc_settings, if the transmission fails, the cloud guidance starting scheme for the manufacturer is displayed, and if the transmission fails, the NFC switch setting page is automatically entered. After the target object successfully starts the function, the next setting step is entered.

The setting step sets NFC functionality and parameters. Firstly setting the NFC function as a card reader mode, namely, the device can read data in an NDEF format from the NFC tag, secondly setting an NFC event detector, and when the NFC tag is close to the device, the event detector can immediately receive an NFC event notification.

Further, when the target object approaches the certificate to the intelligent device, the NFC device actively establishes connection with the tag, reads the NDEF information stored in the certificate tag after connection is completed, packages tag data into NFC events, and distributes the NFC events to the event detector through an NFC event distribution mechanism. And judging whether the NDEF message carried by the NFC event is certificate data, if so, entering f, otherwise, terminating the flow. And analyzing the NDEF information according to the data format to obtain a Payload data segment, namely a certificate encryption information field.

In a possible scenario, the structure of the NDEF message is shown in fig. 7, and fig. 7 is a schematic diagram of a scenario of another object identity authentication method based on a target application according to an embodiment of the present application; the Header data segment (A1) and Payload data segment (A2) contained in the NDEF message are shown in the figure, thereby ensuring the accuracy of identifying the object.

303. And sending the certificate encryption information to the confidence decoding system so that the confidence decoding system responds to the certificate encryption information to generate a decryption receipt, wherein the decryption receipt is used for triggering a service background corresponding to the target application to initiate identity information inquiry to the certificate inquiry service system to obtain the identity information, and the identity information is fed back to the confidence decoding system through the certificate inquiry service system by sending an inquiry request containing the decryption receipt.

In this embodiment, after the terminal certificate encryption information is acquired, the certificate decoding is cooperatively completed in each link through a confidence decoding system and a certificate inquiry service system to acquire final identity data; the confidence decoding system is an identity information decoding system with public confidence, such as a management department cloud decoding system; the certificate inquiry service system is a background service which is registered in the confidence decoding system and can perform identity authentication service, for example, the certificate service card holding mechanism background, the specific multi-system type is determined by actual scenes, each system adopts confidence processing through distributed information management, the risk of information leakage is avoided, and the credibility of identity information is improved through mutual verification.

Specifically, for the multi-platform identity verification process, the certificate encryption information can be packaged as a decoding request; then sending a decoding request to the confidence decoding system so that the confidence decoding system checks the decoding request; if the verification is passed, the confidence decoding system generates a decryption receipt based on the certificate encryption information; further, a decryption receipt fed back by the confidence decoding system can be obtained; the decryption receipt is sent to a service background corresponding to the target application, so that the service background corresponding to the target application forwards the decryption receipt to the certificate inquiry service system; then the certificate inquiry service system performs validity verification based on the decryption receipt; if the validity verification is passed, forwarding the decryption receipt to a confidence decoding system for information decoding to obtain identity information; and then receives the identity information sent by the certificate inquiry service system, thereby improving the reliability of the identity information.

304. And receiving the identity information sent by the certificate inquiry service system.

In this embodiment, the receipt of the identity information sent by the certificate inquiry service system is a certificate decoding process, that is, after the terminal certificate encryption information acquisition is completed, the terminal certificate encryption information needs to be subsequently processed through the management department cloud decoding system and the certificate service card holding mechanism, and all links cooperatively complete certificate decoding, so as to obtain final identity data.

In one possible scenario, the confidence decoding system is a management cloud decoding system, and the certificate inquiry service system is a certificate service card-holding mechanism background, which is described below as an example, and other system entities having the above functions may also be applicable. As shown in fig. 8, a flowchart of another object identity authentication method based on a target application provided in the embodiment of the present application in fig. 8 is shown; the figure shows that firstly, after the NFC functional intelligent terminal equipment successfully reads the certificate encryption information block, the NFC functional intelligent terminal equipment carries the encryption information block to send a decoding request to a management department cloud decoding system. And then the management department cloud decoding system checks the encrypted data block requested and carried by the NFC function intelligent terminal, and returns a certificate detail information inquiry receipt (reqid) to the NFC function intelligent terminal after the verification is passed. Further, after the information receipt (reqid) is obtained, the NFC function intelligent terminal carries the information receipt, and forwards a network request to the background of the certificate service card holding mechanism through the application service background. Therefore, after the background of the certificate service card-holding mechanism receives the validity of the request, the request is forwarded to the cloud decoding system of the management department again. And after the cloud decoding system of the management department checks the information receipt (reqid), the corresponding decrypted certificate information including the information such as the identity card number, the name and the like is returned to the NFC functional intelligent terminal through the background of the certificate service card holding mechanism and the background of the application service in sequence, and then the certificate decoding process is completed.

305. And authenticating the identity information with the registration information corresponding to the target object in the service background corresponding to the target application.

In this embodiment, the process of comparing the identity information with the registration information corresponding to the target object in the service background corresponding to the target application is the identity authentication process. The service background corresponding to the target application can be a game service background or a background of other application types.

It can be understood that in this embodiment, the identity authentication procedure is stored in a limited time of the background of the sensitive data, and the terminal is not designed according to the trusted principle, and the verification data transmission must be completed through the interaction of the background service, that is, the verification service background (the background of the target application) encrypts the verification data through the public key, and the game service background (the service background corresponding to the target application) decrypts the verification data through the matched private key, thereby realizing the hierarchical management of the verification (authentication) process and strengthening the security of the data.

Specifically, the process of comparing the identity information with the registration information corresponding to the target object in the service background corresponding to the target application may first open a verification page in the target application in response to the acquisition of the identity information; then determining key information for indicating the target object based on the identity information; the key information is encrypted through the verification page and transmitted to a service background corresponding to the target application, so that the key information is compared with registration information corresponding to the target object in the service background corresponding to the target application; and further receiving an identity authentication result fed back by the service background corresponding to the target application.

306. And outputting the identity authentication result corresponding to the target object to the target application.

In the embodiment, the authentication processing is processed in the service background, so that the information security is ensured, and further, the flow execution after the identity authentication is performed through the target application, so that the effectiveness of the identity authentication is improved.

In one possible scenario, the target application may be a mobile phone manager, and the service background corresponding to the target application may be a game background service, and the verification process is shown in fig. 9, and fig. 9 is a flowchart of another object identity authentication method based on the target application according to the embodiment of the present application; the figure shows that the verification application is first pulled up at the game application, and a game verification H5 web page (verification page) is opened at the verification application. And then checking the agreement of the guiding target object in the H5 to the certificate related privacy acquisition and use protocol. And then starts the verification application certificate reading flow. And (3) finishing certificate reading and certificate decoding in the verification application, and obtaining verification result query key (key information). Further, the verification application transmits the query key to the game verification H5 through the jsbridge interface, and the game verification H5 transmits the query key to the game background through the encryption network. And accessing the verification application background service through the query key carried by the game background to acquire the identity data. The identification data is checked in the game background service, and the check result is sent to the game App, so that a separated authentication process is realized, and the risk of information leakage is reduced.

In addition, the dynamic protection strategy can be formulated by detecting the current game running environment, such as obtaining environment parameters of a mobile phone debugging switch, whether a computer is connected, whether a ROOT is connected, whether a ROM is customized and the like, for example, the high-risk environment uses NFC to read an identity card for authentication, and the common environment uses a face technology for authentication.

In a possible scenario, a schematic process of reading credentials by the identity authentication system of the present embodiment is shown in fig. 10, and fig. 10 is a schematic scenario diagram of another object identity authentication method based on a target application according to an embodiment of the present application; the figure shows that when the true identity of a game player needs to be verified, a game App pulls up a mobile phone manager App, the mobile phone manager App pops up an interface to guide a target object to complete certificate information collection after target object privacy collection authorization, collected data is confidential through an authority mechanism and then is transmitted back to a game side, and the game side completes final target object identity verification.

Next, description will be made with reference to a scenario of identity authentication of minors in a game, as shown in fig. 11, fig. 11 is a flowchart of another object identity authentication method based on a target application according to an embodiment of the present application; after receiving a request of a player to log in a game, the game background issues a verification instruction to a game App, and the game App can open (call) a hand management App (target application); the hand pipe App firstly initializes the NFC module function, namely, checks the NFC environment and switch configuration of the mobile phone, and then guides a player to start NFC, wherein for NFC which is not supported, the return operation is performed when the NFC is started in failure.

Further, when the certificate is detected to finish certificate reading, the hand management App sends the certificate encryption data to the certificate identity system of the management department, and the certificate identity system of the management department feeds back the Reqid, namely, the read certificate encryption block information is uploaded to the management department system to acquire a decryption receipt.

Then, the hand management App carries the Reqid and triggers the certificate identity system of the management department to return identity information through the hand management background and the certificate card holding mechanism background, namely, the decrypted identity data is requested to the third-party identity card holding mechanism by a decryption receipt, and after the decrypted identity data is obtained, a query key (key information) is immediately generated and returned to the game App and further fed back to the game background; the game background accesses the hand management background through the query key to acquire the identity data of the player, and verifies the real-name information bound by the login account of the player after the identity data is acquired, so that the final identity verification is completed.

In combination with the above embodiment, the near field communication module of the terminal device is evoked to perform certificate detection by responding to the start of the identity authentication process aiming at the target object in the target application; then acquiring certificate encryption information detected by a near field communication module; the certificate encryption information is sent to the confidence decoding system, so that the confidence decoding system responds to the certificate encryption information to generate a decryption receipt, the decryption receipt is used for triggering a service background corresponding to the target application to initiate identity information inquiry to the certificate inquiry service system to obtain identity information, and the identity information is sent to the confidence decoding system through the certificate inquiry service system to be fed back by an inquiry request containing the decryption receipt; and receiving identity information sent by the certificate inquiry service system; and comparing the identity information with the registration information corresponding to the target object in the service background corresponding to the target application to determine an identity authentication result. Therefore, the object identity authentication process based on the target application is realized, the trusted certificate detection is carried out by adopting the near field communication, and the verification of the identity information is carried out by a multiparty system, so that the generation of counterfeit identity information can be effectively avoided, and the accuracy of the identity authentication is improved.

In one possible scenario, the target application in this embodiment is used to identify the minors during the login process of the game application, and description is made below in connection with this scenario, as shown in fig. 12, fig. 12 is a flowchart of another object identification method based on the target application according to an embodiment of the present application; this embodiment includes, but is not limited to, the following steps:

1201. and acquiring login information input by the target object in the target application.

In this embodiment, since the target application may be a plug-in its management application (for example, a game or a payment application, etc., in the following embodiment, a game is described as an example), the login information input by the target object in the target application is login information in an application managed by the target application, for example, login information in a game.

It can be understood that the management of the login interface of the game by the target application enables the authentication process to be performed before the login starts, namely, the process of bypassing the authentication process through the loophole of the game is avoided, and the effectiveness of the authentication is improved.

1202. Uploading the login information to a verification background of the target application to perform login verification on the login information.

In this embodiment, since the target application intervenes in the login process of the game, after the login information is uploaded to the verification background of the target application, the verification background communicates with the game background, so that the login information is logged in and verified, direct communication between the target object and the game background is avoided, and the security of the information is improved.

1203. If the login verification is passed, an identity authentication process for the target object is started.

In this embodiment, the login verification indicates that the login information (account password) input in the game is valid, and then the identity authentication process of the target object is performed.

In one possible scenario, if the target object is configured with an identity, the identity authentication process is directly performed based on the identity, so that the efficiency of identity authentication is improved, for example, if the identity indicates that the target object is a minor, the result of identity authentication is not passed, and the configuration of the specific identity is described in the subsequent steps.

It can be understood that the identity is particularly time-efficient, and the time-efficient judgment is performed before the identity is identified based on the identity; for example, the time of the identity is 24 hours, before the identity is identified based on the identity, whether the identity is marked for 24 hours is judged, and if not, the identity can be identified based on the identity.

1204. And performing matching judgment of the authentication period.

In this embodiment, the identity authentication process is performed for the minors, and the operation period of the minors has a certain distribution characteristic, for example, the minors can log in the game after learning, so that the identity authentication process can be performed for the logging behavior of the minors in a specific period.

Specifically, the authentication period may be set manually, for example, the authentication period is from 6 to 12 pm; the authentication period may be obtained by statistics based on history information, such as statistics of a period distribution of the minors logged in to the game, and the period with dense distribution is set as the authentication period.

1205. And (5) finishing the identity verification.

In this embodiment, if the authentication period is not in, the probability that the target object is a minor is indicated to be small, and the authentication process can be skipped directly, and the game process is operated normally, so that the authentication efficiency is improved.

1206. And detecting a hardware environment corresponding to the target application through the near field module detection interface.

In this embodiment, for the identification of the authentication period before the detection of the hardware environment corresponding to the target application through the near-field module detection interface, the time information when the target object inputs the login information may be determined first based on the running process corresponding to the target application, for example, the time information is 30 minutes at 6 pm; then acquiring an authentication period set for the target object, for example, the authentication period is 6 pm to 8 pm; then comparing the time information with the identification period; if the moment indicated by the moment information is in the authentication period, detecting a hardware environment corresponding to the target application through a near field module detection interface, so that the effectiveness of identity authentication is improved.

In addition, for the determination of the authentication period, the date information corresponding to the time information may also be determined; then, comparing the preset date based on the date information to determine an idle state corresponding to the date information, for example, the preset date is a holiday or legal holiday, etc.; and then acquiring an authentication period set for the target object according to the idle state, for example, the authentication period corresponding to the holiday or legal festival is 10 am to 8 pm, thereby realizing a targeted identity authentication process, ensuring the authentication effect and improving the authentication efficiency.

1207. And starting the module based on the configuration condition of the near field communication module.

In this embodiment, different terminals have different configuration conditions for the near field communication module, so that a corresponding start procedure is required; specifically, it may be detected whether the current hardware device supports an NFC function, such as an android device, and then the current user is directed to turn on the NFC function. For example, the android device may determine whether the interface is opened by reading the nfcabalter.isenabled () system interface, and if not, the user needs to be guided to open.

In addition, it is also necessary to detect whether the device supports a default opening path, after the user successfully opens the function; the NFC functionality mode and parameters are set. Firstly setting the NFC function as a card reader mode, namely, the device can read data in an NDEF format from the NFC tag, secondly setting an NFC event detector, and when the NFC tag is close to the device, the event detector can immediately receive an NFC event notification. Further, when the user approaches the certificate to the intelligent device, the NFC device actively establishes connection with the tag, reads the NDEF information stored in the certificate tag after connection is completed, packages tag data into NFC events, and distributes the NFC events to the event detector through an NFC event distribution mechanism. And judging whether the NDEF message carried by the NFC event is certificate data, if so, entering into analyzing the NDEF message according to a data format, and analyzing a PAYLOAD data segment, namely a certificate encryption information field, otherwise, ending the flow.

1208. And acquiring certificate encryption information detected by the near field communication module.

In this embodiment, for the process of acquiring the certificate encryption information, the near field communication module may first establish a connection with an object tag corresponding to the detection object in response to the near field communication module detecting that the detection object is close; then reading tag data contained in the object tag; and packaging the tag data as near field communication events to distribute the near field communication events to the event detector; then determining the object type of the detected object through an event detector; if the object type is a preset type (for example, NDEF message), analyzing the target data segment in the tag data to obtain the certificate encryption information.

1209. The credential encryption information is sent to the trusted decoding system such that the trusted decoding system generates a decrypted response piece in response to the credential encryption information.

In this embodiment, the decryption receipt is used to trigger the service background corresponding to the target application to initiate an identity information query to the certificate query service system to obtain the identity information, and the identity information is obtained by sending a query request feedback including the decryption receipt to the trusted decoding system through the certificate query service system.

Specifically, the confidence decoding system is an identity information decoding system with public trust, such as a management department cloud decoding system; the certificate inquiry service system is a background service which is registered in the confidence decoding system and can perform identity authentication service, for example, the certificate service card holding mechanism background, the specific multi-system type is determined by actual scenes, each system adopts confidence processing through distributed information management, the risk of information leakage is avoided, and the credibility of identity information is improved through mutual verification.

1210. And receiving the identity information sent by the certificate inquiry service system.

In this embodiment, the confidence decoding system is a cloud decoding system of a management department, and the certificate inquiry service system is a background of a certificate service card-holding mechanism, which is described below as an example, and other system entities with the above functions may also be applicable.

Specifically, in the decoding and acquiring process of the identity information, the NFC functional intelligent terminal device may first send a decoding request to the cloud decoding system of the management department after successfully reading the encrypted information block of the certificate, where the encrypted information block is carried. And then the management department cloud decoding system checks the encrypted data block requested and carried by the NFC function intelligent terminal, and returns a certificate detail information inquiry receipt (reqid) to the NFC function intelligent terminal after the verification is passed.

Further, after the information receipt (reqid) is obtained, the NFC function intelligent terminal carries the information receipt, and forwards a network request to the background of the certificate service card holding mechanism through the application service background. Therefore, after the background of the certificate service card-holding mechanism receives the validity of the request, the request is forwarded to the cloud decoding system of the management department again. And after the cloud decoding system of the management department checks the information receipt (reqid), the corresponding decrypted certificate information including the information such as the identity card number, the name and the like is returned to the NFC functional intelligent terminal through the background of the certificate service card holding mechanism and the background of the application service in sequence, and then the certificate decoding process is completed.

1211. And authenticating the identity information with the registration information corresponding to the target object in the service background corresponding to the target application.

In addition, the process of comparing the identity information with the registration information corresponding to the target object in the service background corresponding to the target application may first open a verification page in the target application in response to the acquisition of the identity information; then determining key information for indicating the target object based on the identity information; the key information is encrypted through the verification page and transmitted to a service background corresponding to the target application, so that the key information is compared with registration information corresponding to the target object in the service background corresponding to the target application; and further receiving an identity authentication result fed back by the service background corresponding to the target application.

1212. And outputting an identity authentication result corresponding to the target object to the target application, and determining an identity identifier corresponding to the target object based on the identity authentication result.

In this embodiment, the identity authentication result indicates whether the target object is a minor, and the corresponding identity is configured, and then the identity is bound to the target object, so as to facilitate the calling of the relationship in the subsequent authentication process.

1213. Broadcasting the identity.

In this embodiment, the broadcasting of the identity is broadcasting the association relationship between the identity and the target object after binding, so that the association application receives the binding relationship between the binding identity and the target object; after the association object receives the association relationship, namely the identity identifier corresponding to the target object, the association application can be triggered in response to the target object, and the identity authentication of the target object can be performed based on the identity identifier.

Furthermore, the time-lapse can be configured for the identity, for example, the identity is effective in 24 hours, which considers the periodicity of minor login, thereby improving the accuracy of identity authentication based on the identity.

In another possible scenario, since the target application can manage multiple associated applications, minor identification can be performed on the same type of application, e.g., for game type applications, while authentication is not required for learning type applications.

Specifically, the description information corresponding to the target application can be parsed for the management process of the type application, so as to determine the application type corresponding to the target application management application (game); then performing application traversal based on the application type to determine the associated application (other games installed in the terminal device); and broadcasting the identity mark to enable the association application to receive the binding relation between the binding identity mark and the target object, thereby improving the efficiency of identity authentication.

1214. And carrying out an identity authentication process based on the identity.

In the embodiment, minors marked by the identity mark are managed, game log-out operation is carried out on minors, or a game can not be played through popup window reminding, and jump links of learning application are indicated; the method realizes a rapid multi-application management process, improves the efficiency of identity authentication in the multi-application management process and manages the minor game process.

Based on the embodiment, since the game industry is required to develop healthily and stably, the underage game protection is indispensable, and the underage game is protected by the black product, namely the underage game is 304772, the underage game can be protected by the embodiment, and in the game field, the authentication process of one game can be used for carrying out marking assistance on other game authentication processes rapidly, so that the identity authentication efficiency of the target application in the dimension of the terminal equipment is improved.

In order to better implement the above-described aspects of the embodiments of the present application, the following provides related apparatuses for implementing the above-described aspects. Referring to fig. 13, fig. 13 is a schematic structural diagram of an object identity authentication device based on a target application according to an embodiment of the present application, where the object identity authentication device 1300 based on the target application includes:

an obtaining unit 1301, configured to invoke a near field communication module of a terminal device to perform certificate detection in response to starting an identity authentication process for a target object in a target application;

the acquiring unit 1301 is further configured to acquire credential encryption information detected by the near field communication module;

the sending unit 1302 is configured to send the certificate encryption information to a trusted decoding system, so that the trusted decoding system generates a decryption receipt in response to the certificate encryption information, where the decryption receipt is used to trigger a service background corresponding to the target application to initiate an identity information query to a certificate query service system to obtain identity information, and the identity information sends a query request feedback containing the decryption receipt to the trusted decoding system through the certificate query service system;

a receiving unit 1303, configured to receive the identity information sent by the certificate inquiry service system;

An authentication unit 1304, configured to compare the identity information with registration information corresponding to the target object in a service background corresponding to the target application, so as to determine an identity authentication result.

Optionally, in some possible implementations of the present application, the obtaining unit 1301 is specifically configured to detect, through a near field module detection interface, a hardware environment corresponding to the target application in response to starting an identity authentication process for the target object in the target application;

the acquiring unit 1301 is specifically configured to detect a start state of the near field communication module if the hardware environment supports a near field communication function;

the acquiring unit 1301 is specifically configured to set the near field communication module to be a card reader mode if the start state of the near field communication module indicates that the near field communication module is turned on, so as to call the near field communication module to perform certificate detection.

Optionally, in some possible implementations of the present application, the obtaining unit 1301 is specifically configured to send an open alert through a system broadcast if the start state of the near field communication module indicates that the near field communication module is not open;

The acquiring unit 1301 is specifically configured to enter a switch configuration page for the near field communication module if the near field communication module is not evoked, so as to turn on the near field communication module.

Optionally, in some possible implementations of the present application, the obtaining unit 1301 is specifically configured to obtain login information input by the target object in the target application;

the obtaining unit 1301 is specifically configured to upload the login information to a verification background of the target application, so as to perform login verification on the login information;

the acquiring unit 1301 is specifically configured to start an identity authentication process for the target object if login verification is passed;

the acquiring unit 1301 is specifically configured to detect, through the near field module detection interface, a hardware environment corresponding to the target application.

Optionally, in some possible implementations of the present application, the obtaining unit 1301 is specifically configured to determine, based on an operation process corresponding to the target application, time information when the target object inputs the login information;

the acquiring unit 1301 is specifically configured to acquire an authentication period set for the target object;

The acquiring unit 1301 is specifically configured to compare the time information with the authentication period;

the acquiring unit 1301 is specifically configured to detect, through the near field module detection interface, a hardware environment corresponding to the target application if the time indicated by the time information is within the authentication period.

Optionally, in some possible implementations of the present application, the obtaining unit 1301 is specifically configured to determine date information corresponding to the time information;

the acquiring unit 1301 is specifically configured to perform preset date comparison based on the date information, so as to determine an idle state corresponding to the date information;

the acquiring unit 1301 is specifically configured to acquire the authentication period set for the target object according to the idle state.

Optionally, in some possible implementations of the present application, the obtaining unit 1301 is specifically configured to, in response to the near field communication module detecting that a detection object is close, establish a connection between the near field communication module and an object tag corresponding to the detection object;

the acquiring unit 1301 is specifically configured to read tag data included in the object tag;

The acquiring unit 1301 is specifically configured to package the tag data into a near field communication event, so as to distribute the near field communication event to an event detector;

the acquiring unit 1301 is specifically configured to determine, by using the event detector, an object type of the detection object;

the obtaining unit 1301 is specifically configured to parse the target data segment in the tag data if the object type is a preset type, so as to obtain the certificate encryption information.

Optionally, in some possible implementations of the present application, the obtaining unit 1301 is specifically configured to determine a data record sequence corresponding to the tag data if the object type is a preset type;

the acquiring unit 1301 is specifically configured to parse the data record sequence to determine an identification data segment and the target data segment;

the obtaining unit 1301 is specifically configured to parse the load information in the target data segment to obtain the certificate encryption information.

Optionally, in some possible implementations of the present application, the sending unit 1302 is specifically configured to package the certificate encryption information as a decoding request;

The sending unit 1302 is specifically configured to send the decoding request to the trusted decoding system, so that the trusted decoding system checks the decoding request;

the sending unit 1302 is specifically configured to generate, if the verification passes, the decryption receipt by using the trusted decoding system based on the certificate encryption information;

the receiving unit 1303 is specifically configured to obtain the decryption receipt fed back by the trusted decoding system;

the receiving unit 1303 is specifically configured to send the decrypted receipt to a service background corresponding to the target application, so that the service background corresponding to the target application forwards the decrypted receipt to the certificate query service system;

the receiving unit 1303 is specifically configured to perform validity verification by using the certificate query service system based on the decryption receipt;

the receiving unit 1303 is specifically configured to forward the decrypted receipt to the trusted decoding system for information decoding to obtain the identity information if the validity verification is passed;

the receiving unit 1303 is specifically configured to receive the identity information sent by the certificate query service system.

Optionally, in some possible implementations of the present application, the authentication unit 1304 is specifically configured to open a verification page in the target application in response to the obtaining of the identity information;

The authentication unit 1304 is specifically configured to determine key information for indicating the target object based on the identity information;

the authentication unit 1304 is specifically configured to encrypt the key information through the verification page and transmit the key information to a service background corresponding to the target application, so that authentication processing is performed on the key information and registration information corresponding to the target object in the service background corresponding to the target application;

the authentication unit 1304 is specifically configured to receive an identity authentication result corresponding to the target object, which is fed back by a service background corresponding to the target application.

Optionally, in some possible implementations of the present application, the authentication unit 1304 is specifically configured to determine an identity corresponding to the target object based on an identity authentication result;

the authentication unit 1304 is specifically configured to bind the identity with the target object;

the authentication unit 1304 is specifically configured to broadcast the identity, so that an association application receives a binding relationship for binding the identity and the target object;

the authentication unit 1304 is specifically configured to perform identity authentication of the target object based on the identity, in response to triggering the association application by the target object.

Optionally, in some possible implementations of the present application, the authentication unit 1304 is specifically configured to parse the description information corresponding to the target application to determine an application type corresponding to an application managed by the target application;

the authentication unit 1304 is specifically configured to perform application traversal based on the application type to determine the associated application;

the authentication unit 1304 is specifically configured to broadcast the identity, so that the association application receives a binding relationship that binds the identity and the target object.

The embodiment of the present application further provides a terminal device, as shown in fig. 14, which is a schematic structural diagram of another terminal device provided in the embodiment of the present application, for convenience of explanation, only the portion related to the embodiment of the present application is shown, and specific technical details are not disclosed, please refer to the method portion of the embodiment of the present application. The terminal may be any terminal device including a mobile phone, a tablet computer, a personal digital assistant (personal digital assistant, PDA), a point of sale (POS), a vehicle-mounted computer, and the like, taking the terminal as an example of the mobile phone:

fig. 14 is a block diagram showing a part of the structure of a mobile phone related to a terminal provided by an embodiment of the present application. Referring to fig. 14, the mobile phone includes: radio Frequency (RF) circuitry 1410, memory 1420, input unit 1430, display unit 1440, sensor 1450, audio circuitry 1460, wireless fidelity (wireless fidelity, wiFi) module 1470, processor 1480, and power supply 1490. It will be appreciated by those skilled in the art that the handset construction shown in fig. 14 is not limiting of the handset and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.

The following describes the components of the mobile phone in detail with reference to fig. 14:

the RF circuit 1410 may be used for receiving and transmitting signals during a message or a call, and particularly, after receiving downlink information of a base station, the downlink information is processed by the processor 1480; in addition, the data of the design uplink is sent to the base station. Typically, the RF circuitry 1410 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier (low noise amplifier, LNA), a duplexer, and the like. In addition, the RF circuitry 1410 may also communicate with networks and other devices through wireless communications. The wireless communications may use any communication standard or protocol including, but not limited to, global system for mobile communications (global system of mobile communication, GSM), general packet radio service (general packet radio service, GPRS), code division multiple access (code division multiple access, CDMA), wideband code division multiple access (wideband code division multiple access, WCDMA), long term evolution (long term evolution, LTE), email, short message service (short messaging service, SMS), and the like.

The memory 1420 may be used to store software programs and modules, and the processor 1480 performs various functional applications and data processing of the cellular phone by executing the software programs and modules stored in the memory 1420. The memory 1420 may mainly include a storage program area that may store an operating system, application programs required for at least one function (such as a sound playing function, an image playing function, etc.), and a storage data area; the storage data area may store data (such as audio data, phonebook, etc.) created according to the use of the handset, etc. In addition, memory 1420 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.

The input unit 1430 may be used to receive input number or character information and generate key signal inputs related to target object settings and function control of the handset. In particular, the input unit 1430 may include a touch panel 1431 and other input devices 1432. The touch panel 1431, also referred to as a touch screen, may collect touch operations on or near a target object (e.g., operations of the target object on the touch panel 1431 or near the touch panel 1431 using any suitable object or accessory such as a finger, a stylus, etc., and spaced touch operations within a certain range on the touch panel 1431), and drive the corresponding connection device according to a preset program. Alternatively, the touch panel 1431 may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch azimuth of the target object, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device and converts it into touch point coordinates, which are then sent to the processor 1480, and can receive commands from the processor 1480 and execute them. Further, the touch panel 1431 may be implemented in various types such as a resistive type, a capacitive type, an infrared type, and a surface acoustic wave type. The input unit 1430 may include other input devices 1432 in addition to the touch panel 1431. In particular, the other input devices 1432 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, mouse, joystick, etc.

The display unit 1440 may be used to display information input by a target object or information provided to the target object and various menus of a mobile phone. The display unit 1440 may include a display panel 1441, and alternatively, the display panel 1441 may be configured in the form of a liquid crystal display (liquid crystal display, LCD), an organic light-emitting diode (OLED), or the like. Further, the touch panel 1431 may overlay the display panel 1441, and when the touch panel 1431 detects a touch operation thereon or nearby, the touch operation is transferred to the processor 1480 to determine the type of the touch event, and then the processor 1480 provides a corresponding visual output on the display panel 1441 according to the type of the touch event. Although in fig. 14, the touch panel 1431 and the display panel 1441 are two separate components to implement the input and output functions of the mobile phone, in some embodiments, the touch panel 1431 may be integrated with the display panel 1441 to implement the input and output functions of the mobile phone.

The handset can also include at least one sensor 1450, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel 1441 according to the brightness of ambient light, and a proximity sensor that may turn off the display panel 1441 and/or the backlight when the phone is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the acceleration in all directions (generally three axes), and can detect the gravity and direction when stationary, and can be used for applications of recognizing the gesture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer gesture calibration), vibration recognition related functions (such as pedometer and knocking), and the like; other sensors such as gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc. that may also be configured with the handset are not described in detail herein.

Audio circuitry 1460, speaker 1461, microphone 1462 may provide an audio interface between the target object and the handset. The audio circuit 1460 may transmit the received electrical signal after the audio data conversion to the speaker 1461, and the electrical signal is converted into a sound signal by the speaker 1461 and output; on the other hand, the microphone 1462 converts the collected sound signals into electrical signals, which are received by the audio circuit 1460 and converted into audio data, which are processed by the audio data output processor 1480 and sent via the RF circuit 1410 to, for example, another cell phone, or which are output to the memory 1420 for further processing.

WiFi belongs to a short-distance wireless transmission technology, and a mobile phone can help a target object to send and receive e-mails, browse webpages, access streaming media and the like through a WiFi module 1470, so that wireless broadband Internet access is provided for the target object. Although fig. 14 shows a WiFi module 1470, it is understood that it does not belong to the necessary components of a cell phone, and can be omitted entirely as needed within the scope of not changing the essence of the invention.

The processor 1480 is a control center of the handset, connects various parts of the entire handset using various interfaces and lines, and performs various functions and processes of the handset by running or executing software programs and/or modules stored in the memory 1420, and invoking data stored in the memory 1420, thereby performing overall monitoring of the handset. In the alternative, processor 1480 may include one or more processing units; alternatively, the processor 1480 may integrate an application processor that primarily handles operating systems, target object interfaces, applications, etc., with a modem processor that primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 1480.

The handset further includes a power supply 1490 (e.g., a battery) for powering the various components, optionally in logical communication with the processor 1480 via a power management system, thereby implementing functions such as managing charge, discharge, and power consumption via the power management system.

Although not shown, the mobile phone may further include a camera, a bluetooth module, etc., which will not be described herein.

In the embodiment of the present application, the processor 1480 included in the terminal also has a function of executing each step of the page processing method as described above.

Referring to fig. 15, fig. 15 is a schematic structural diagram of a server according to an embodiment of the present application, where the server 1500 may have a relatively large difference due to different configurations or performances, and may include one or more central processing units (central processing units, CPU) 1522 (e.g., one or more processors) and a memory 1532, one or more storage media 1530 (e.g., one or more mass storage devices) storing application programs 1542 or data 1544. Wherein the memory 1532 and the storage medium 1530 may be transitory or persistent storage. The program stored on the storage medium 1530 may include one or more modules (not shown), each of which may include a series of instruction operations on the server. Still further, the central processor 1522 may be configured to communicate with a storage medium 1530 and execute a series of instruction operations on the storage medium 1530 on the server 1500.

The server 1500 may also include one or more power supplies 1526, one or more wired or wireless network interfaces 1550, one or more input/output interfaces 1558, and/or one or more operating systems 1541, such as Windows server (tm), mac OS XTM, unixTM, linuxTM, freeBSDTM, and the like.

The steps performed by the management apparatus in the above-described embodiments may be based on the server structure shown in fig. 15.

In an embodiment of the present application, there is further provided a computer readable storage medium having stored therein object authentication instructions based on a target application, which when executed on a computer, cause the computer to perform the steps performed by the object authentication apparatus based on the target application in the method described in the foregoing embodiments shown in fig. 3 to 12.

There is also provided in an embodiment of the application a computer program product comprising object authentication instructions based on a target application, which when run on a computer causes the computer to perform the steps performed by the object authentication means based on the target application in the method described in the embodiment of figures 3 to 12.

The embodiment of the application also provides a target application-based object identity authentication system, which can comprise the target application-based object identity authentication device in the embodiment shown in fig. 13, or the terminal equipment in the embodiment shown in fig. 14, or the server in fig. 15.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.

In the several embodiments provided in the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or partly in the form of a software product, or all or part of the technical solution, which is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, an object identification device based on a target application, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims

1. An object identity authentication method based on a target application, comprising the following steps:

identifying the identity information in a service background corresponding to the target application and registration information corresponding to the target object;

and outputting an identity authentication result corresponding to the target object to the target application.

2. The method according to claim 1, wherein the responding to the start of the authentication process for the target object in the target application, and the arousing the near field communication module of the terminal device to perform the certificate detection, comprises:

3. The method according to claim 2, wherein the method further comprises:

4. The method according to claim 2, wherein the detecting, by a near field module detection interface, a hardware environment corresponding to the target application in response to the initiation of an authentication process for the target object in the target application, includes:

5. The method of claim 4, wherein detecting, by the near field module detection interface, a hardware environment corresponding to the target application, comprises:

acquiring an authentication period set for the target object;

comparing the time information with the authentication period;

6. The method of claim 5, wherein the obtaining the authentication period set for the target object comprises:

determining date information corresponding to the time information;

7. The method of claim 1, wherein the obtaining credential encryption information detected by the near field communication module comprises:

Reading tag data contained in the object tag;

determining, by the event detector, an object type of the detection object;

8. The method of claim 7, wherein if the object type is a preset type, parsing the target data segment in the tag data to obtain the certificate encryption information, including:

9. The method of claim 1, wherein the sending the credential encryption information to a trusted decoding system such that the trusted decoding system generates a decrypted response piece in response to the credential encryption information comprises:

Packaging the certificate encryption information as a decoding request;

acquiring the decryption receipt fed back by the confidence decoding system;

10. The method according to claim 1, wherein the authenticating the identity information with the registration information corresponding to the target object in the service background corresponding to the target application includes:

11. The method according to any one of claims 1-10, further comprising:

binding the identity with the target object;

12. The method of claim 11, wherein broadcasting the identity such that the association application receives a binding relationship binding the identity with the target object comprises:

13. An object identity authentication device based on a target application, comprising:

14. A computer device, the computer device comprising a processor and a memory:

the memory is used for storing program codes; the processor is configured to execute the object authentication method based on the target application according to any one of claims 1 to 12 according to instructions in the program code.

15. A computer program product comprising computer programs/instructions stored on a computer readable storage medium, characterized in that the computer programs/instructions in the computer readable storage medium, when executed by a processor, implement the steps of the object identity authentication method based on a target application as claimed in any one of the preceding claims 1 to 12.