CN117955661A

CN117955661A - Identity unified verification method, gateway and system

Info

Publication number: CN117955661A
Application number: CN202211277893.5A
Authority: CN
Inventors: 范端胜; 王洪波
Original assignee: Tols Tianxiang Net An Information Technology Co ltd
Current assignee: Tols Tianxiang Net An Information Technology Co ltd
Priority date: 2022-10-18
Filing date: 2022-10-18
Publication date: 2024-04-30

Abstract

The application discloses an identity unified verification method, a gateway and a system, wherein the method comprises the following steps: intercepting a target request sent by a terminal, wherein the target request comprises a target object and user identity information; determining whether the user identity information contained in the target request passes verification according to the target object and the user identity information; when the user identity information fails verification, a configuration port for receiving the identity information is sent to the terminal, so that zero-trust identity verification can be performed on the target request, and the access security inside and outside an enterprise is effectively improved.

Description

Identity unified verification method, gateway and system

Technical Field

The present disclosure relates generally to the field of internet security, and in particular, to a method, gateway, and system for unified authentication of identities.

Background

With the development of information technology, IT (Internet Technology, internet devices) devices and software are increasing, most of them are used in networking, and the devices and software used in networking generally require user login verification to ensure that users are legally used.

In the related art, IT is generally required to perform identity integration modification on these IT devices and software, for example, using a local SDK or using a network API to call an identity system API for identity storage and verification, that is, to integrate with a modification program. But for some inconvenient to change IT equipment or software, there is currently no relevant solution.

Disclosure of Invention

In view of the above-mentioned drawbacks or shortcomings in the prior art, it is desirable to provide an identity unified verification method, gateway and system, which can perform zero-trust identity verification on a target request, and effectively improve access security inside and outside an enterprise.

In a first aspect, an embodiment of the present application provides an identity unified verification method, including:

Intercepting a target request sent by a terminal, wherein the target request comprises a target object and user identity information;

determining whether the user identity information contained in the target request passes verification according to the target object and the user identity information;

and when the user identity information fails to pass the verification, sending a configuration port for receiving the identity information to the terminal.

In some embodiments, the sending, to the terminal, a configuration port for receiving identity information when the user identity information is not verified, includes:

transmitting the target object and the user identity information to a unified identity system so that the unified identity system determines a target configuration type corresponding to the target object and the user identity information;

And receiving the target configuration type sent by the unified identity system, and sending the target configuration type to the terminal so that the terminal generates the configuration port according to the target configuration type.

In some embodiments, the method further comprises:

Receiving authentication information acquired based on the configuration port, wherein the authentication information comprises the user identity information;

the identity verification information is sent to a unified identity system, so that the unified identity system verifies the identity verification information;

And when the authentication information passes the authentication, receiving and storing the user identity information and the corresponding authentication passing identification.

In some embodiments, the determining whether the user identity information contained in the target request is verified according to the target object and the user identity information includes:

acquiring an identity verification feature corresponding to the target object according to the target object;

and when the identity verification feature corresponding to the user identity information is identified as passing verification, determining that the user identity information passes verification.

And when the authentication mark is not acquired according to the authentication feature corresponding to the user identity information, or the authentication feature mark is not authenticated, determining that the user identity information is not authenticated.

In a second aspect, an embodiment of the present application provides an identity unified authentication gateway, including:

the acquisition module is used for intercepting a target request sent by the terminal, wherein the target request comprises a target object and user identity information;

The determining module is used for determining whether the user identity information contained in the target request passes verification according to the target object and the user identity information;

And the first sending module is used for sending a configuration port for receiving the identity information to the terminal when the user identity information fails verification.

In some embodiments, the sending module is configured to

In some embodiments, the gateway further comprises:

The first receiving module is used for receiving the identity verification information acquired based on the configuration port, wherein the identity verification information comprises the user identity information;

The second sending module is used for sending the identity verification information to a unified identity system so that the unified identity system verifies the identity verification information;

And the second receiving module is used for receiving and storing the user identity information and the corresponding verification passing identification when the verification passing of the identity verification information is passed.

In some embodiments, the determining module is configured to:

In a third aspect, an embodiment of the present application provides an identity unified verification system, including:

A gateway for executing the identity unified verification method;

and the unified identity system is used for receiving the target object and/or the identity verification information sent by the gateway and returning the identity verification mode and/or the identity verification result determined according to the target object.

In a fourth aspect, embodiments of the present application provide an electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing a method as described in embodiments of the present application when the program is executed by the processor.

In a fifth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method as described in embodiments of the present application.

The identity unified verification method provided by the embodiment of the application can carry out zero-trust identity verification on the target request, effectively improve the access security inside and outside enterprises, realize the purpose of acquiring the identity information for verification without modifying equipment or application programs by sending the configuration port for receiving the identity information to the terminal when the user identity information of the target request fails to pass the verification, and effectively improve the universality of the identity unified verification.

Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.

Drawings

Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the accompanying drawings in which:

FIG. 1 shows an implementation environment architecture diagram of an identity unified verification method provided by an embodiment of the application;

Fig. 2 is a flow chart illustrating an identity unified verification method according to an embodiment of the present application;

Fig. 3 is a schematic flow chart of an identity unified verification method according to another embodiment of the present application;

Fig. 4 is a schematic flow chart of an identity unified verification method according to another embodiment of the present application;

Fig. 5 is a schematic flow chart of an identity unified verification method according to still another embodiment of the present application;

Fig. 6 is a schematic flow chart of an identity unified verification method according to still another embodiment of the present application;

fig. 7 is a schematic structural diagram of a gateway according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a gateway according to another embodiment of the present application;

fig. 9 shows a schematic diagram of a computer system suitable for use in implementing an electronic device or server of an embodiment of the application.

Detailed Description

The application is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be noted that, for convenience of description, only the portions related to the application are shown in the drawings.

It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.

With the gradual popularization of unified identity authentication, unified authentication of user identities has become an important means in enterprise security protection. However, due to the cost saving or history legacy, the enterprise user at the present stage is easy to have some legacy devices for storing important files, and when the enterprise user uses the legacy devices and legacy applications in the legacy devices, since the devices cannot generally incorporate unified identity management by conventional modification of APIs or SDKs, user identity verification cannot be achieved, so that the security of enterprise information is seriously affected.

Based on the above, the application provides an identity unified verification method, a gateway and a system, which realize zero trust verification on the request by intercepting the target request,

The embodiment environment of the identity unified verification method provided by the application is shown in fig. 1. Fig. 1 shows an implementation environment architecture diagram of an identity unified verification method provided by an embodiment of the application.

As shown in fig. 1, the implementation environment architecture includes: terminal equipment 101, an identity unified authentication system 102 and an application server 103.

The terminal device 101 is configured to provide an interactive interface to receive a target request input by a user, where the interactive interface includes, but is not limited to, an identity login interface, a character terminal interface, a web browser interface, and the like provided by various application programs apps. The terminal device 101 may be a desktop computer, a notebook computer, a smart phone, a tablet computer, an electronic book reader, smart glasses, a smart watch, etc., but is not limited thereto.

The identity unified verification system 102 is configured to intercept a target request sent by a terminal device, and then determine, according to a target object accessed by the target request and user identity information, whether the user identity information passes verification, so as to implement identity unified verification on the target request.

The unified identity verification system 102 may include an unified identity verification gateway 10 and a unified identity system 20, where the unified identity verification gateway 10 is used to intercept target requests sent by terminal devices, and the unified identity system 20 is used to perform identity verification when identity information fails verification.

The application server 103 is configured to receive the target request and return corresponding data according to the target request. The application server 103 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, basic cloud computing services such as big data and artificial intelligence platforms.

The identity unified verification method provided by the application can be implemented by the identity unified verification gateway.

In order to further explain the technical solution provided by the embodiments of the present application, the following details are described with reference to the accompanying drawings and the detailed description. Although embodiments of the present application provide method operational instruction steps as illustrated in the following embodiments or figures, more or fewer operational instruction steps may be included in the method, either on a regular or non-inventive basis. In steps where there is logically no necessary causal relationship, the execution order of the steps is not limited to the execution order provided by the embodiments of the present application. The methods may be performed sequentially or in parallel as shown in the embodiments or the drawings when the actual processing or the apparatus is performed.

Referring to fig. 2, fig. 2 is a flowchart illustrating an identity unified verification method according to an embodiment of the application. As shown in fig. 2, the method includes:

step 201, intercepting a target request sent by a terminal, wherein the target request comprises a target object and user identity information.

It should be noted that, in the embodiment of the present application, all target requests sent by the terminal are intercepted based on the technical idea of zero trust, that is, the target requests may include multiple requests such as a data access request and a login request. In other words, requests sent by the terminal through the network path all need to be intercepted.

The key of the zero-trust technical idea represents a new generation of network security protection idea, namely breaking the default 'trust', summarizing by a sentence of popular words, namely 'continuous verification and never trust'. Anyone, devices and systems inside and outside the enterprise network are not trusted by default, and the trust basis for access control is reconstructed based on identity authentication and authorization, thereby ensuring identity trust, device trust, application trust and link trust.

In a possible embodiment, the target request includes the target object and user identity information. Wherein the target object is an object accessed by a user, such as an application server providing application data, and the user identity information is information for indicating the identity of the user, including but not limited to identity information corresponding to the application server, such as a user identity ID, and the like. The application program can be SSH or other CS application, telnet, ftp, LDAP or other character terminal. The user identity information may also be attribute information of the device, such as a device model number, a device address, etc., so that the device for access can be determined through the device address, so that identity unified verification can be performed on access behaviors based on the device, and identity security of a user using the device is ensured.

In a possible embodiment, after intercepting the target request, the identity unified verification gateway may decrypt the target request first to obtain plaintext data of the target request, and then obtain a target access address in the target request according to the plaintext data of the target request, so as to determine a target object according to the target access address, and determine user identity information according to an identity in the target request.

Step 202, determining whether the user identity information contained in the target request passes verification according to the target object and the user identity information.

The identity unified verification gateway can determine whether user identity information contained in the target request passes verification by inquiring whether a target object and a passing verification identifier corresponding to the user identity exist through the cache device.

In a possible embodiment, as shown in fig. 3, step 202, determining whether the user identity information included in the target request passes the verification according to the target object and the user identity information includes:

step 2021, according to the target object, acquiring the authentication feature corresponding to the target object.

In step 2022, when the identity of the identity verification feature corresponding to the user identity information is verified, it is determined that the user identity information is verified.

Step 2023, when the authentication feature corresponding to the user identity information is not obtained, or when the identity of the authentication feature is not authenticated, determining that the user identity information is not authenticated.

It should be appreciated that the authentication feature may be preset in advance according to the unified identity management requirement, for example, the authentication feature may be SID (Security Identifiers, security identifier). One of the authentication features may correspond to one or more target objects, and one of the target objects may also correspond to one or more of the authentication features. In the application, the mapping relation between the target object and the identity verification feature is pre-stored in the identity unified verification gateway in advance, so that the identity verification feature of the target object can be obtained according to the target object.

In a possible embodiment, the target object, the user identity information and the authentication feature may be stored in the form of a data table, such as a two-dimensional data table or the like. For example, each target object may correspond to a data table, a transverse identifier of the data table may be at least one identity verification feature corresponding to the target object, a longitudinal identifier of the data table may be each user identity information intercepted and parsed by the gateway, when an identifier corresponding to at least one identity verification feature corresponding to the user identity information is an identifier passing verification, it is determined that the user identity information passes verification, and at each identity verification feature corresponding to the user identity information, no identifier passing verification exists, or each identifier does not pass verification, it is determined that the user identity information does not pass verification.

And 203, when the user identity information fails to pass the verification, sending a configuration port for receiving the identity information to the terminal.

That is, when the user identity information fails to pass authentication, it is indicated that the user does not perform the authentication before access or the previous authentication does not pass unified authentication, and at this time, the trustworthiness of the target request needs to be verified, and therefore, the identity information for authentication is acquired by sending a configuration port for receiving the identity information to the terminal, so that the target request is authenticated.

Therefore, the identity unified verification method provided by the embodiment of the application can perform zero-trust identity verification on the target request, effectively improve the access security inside and outside enterprises, and can realize the purpose of acquiring the identity information for verification without modifying equipment or an application program by sending the configuration port for receiving the identity information to the terminal when the user identity information of the target request fails to pass the verification, and effectively improve the universality of the identity unified verification.

In a possible embodiment, as shown in fig. 4, step 203, when the user identity information fails to pass verification, sends a configuration port for receiving the identity information to the terminal, including:

Step 2031, sending the target object and the user identity information to the unified identity system, so that the unified identity system determines a target configuration type corresponding to the target object and the user identity information.

Step 2032, receiving the target configuration type sent by the unified identity system, and sending the target configuration type to the terminal, so that the terminal generates a configuration port according to the target configuration type.

In the embodiment of the application, the user identity information is the attribute information of the equipment, the unified identity system determines at least one configuration type for receiving the user identity information through the attribute information of the equipment, and then determines the target configuration type by combining the identity verification type provided by the target object.

It should be understood that in order to effectively improve the flexibility of identity verification of each device, the application can configure a suitable target configuration type for the device in advance in a unified identity system. For example, when the device is an legacy device with a microphone, the legacy device may set a corresponding target configuration type including a character configuration and/or a voice recognition configuration in the unified identity system in advance, so that the configuration port may be a character terminal interface and/or a voice receiving interface, so that the legacy device may input user identity information of a current user through the character terminal interface and/or receive voice data of the current user through the voice receiving interface, and then the unified identity system verifies the identity of the current user according to the user identity information and/or the voice data.

Optionally, the target configuration type may further include, for example, fingerprint identification configuration, face recognition configuration, and so on, where specific settings may be configured in advance in the unified identity system according to the device and/or the information receiving manner provided by the application on the device.

The unified identity system determines that the device can provide the character interface and the voice receiving interface according to the attribute information of the device when receiving the attribute information of the device in the target object and the user identity information, takes the character interface and the voice receiving interface as candidate configuration types, then obtains a verification mode corresponding to the target object, determines that the character interface is the target configuration type when the verification mode of the target object is character interface and fingerprint identification, and takes the character interface and voice identification as the target configuration type when the verification mode of the target object is character interface and voice identification receiving interface.

For example, the current banking system generally provides fingerprint login and fingerprint payment functions, and when the unified identity system determines that the current access device does not have the fingerprint input function according to the attribute information of the device, the unified identity system can still provide a character terminal interface for the current access device, so that a user can normally provide identity verification information, and the user can normally use the device to obtain the target object function when the identity verification information passes.

That is, when adding the device and/or application program to be managed, the information receiving manner provided by the device and/or application program to be managed can be determined in advance, and then the corresponding configuration type is set in the unified identity system according to the information receiving manner provided by the device and/or application program to be managed, so that the device and/or application program to be managed obtains a more suitable identity verification manner, such as the latest identity verification manner, through the preset configuration type, and the like, and the device and/or application program to be managed does not need to be modified, and only needs to execute the information sent by the identity unified verification gateway to provide the corresponding configuration port, so that the difficulty that developers develop security modifications one by one according to the device and/or application program to be managed in each security revolution is greatly reduced, and meanwhile, the loss caused by that part of the device and/or application program to be managed cannot be compatible with the security modifications and has to be abandoned.

In a possible embodiment, as shown in fig. 5, the method for identity unified verification provided in the embodiment of the present application further includes:

Step 204, receiving authentication information acquired based on the configuration port, the authentication information including user identity information.

Step 205, the authentication information is sent to the unified identity system, so that the unified identity system verifies the authentication information.

And 206, receiving and storing the user identity information and the corresponding verification passing identification when the identity verification information passes.

That is, after the configuration port is sent to the terminal, the authentication gateway continues to receive the authentication information acquired by the configuration port, where the authentication information may include only user identity information, such as fingerprint data, face data, voice data, and the like, and the authentication information may also include user identity information and key information, such as a user ID and a password received by the character terminal interface.

The identity unified verification gateway sends the identity verification information received by the configuration port to the unified identity system so that the unified identity system verifies the identity verification information. Specifically, the unified identity system can match the identity verification information with a preset trusted identity information table, if the identity verification information is successfully matched with any one of the trusted identity information table, the identity verification information is determined to pass verification, and if the identity verification information is not successfully matched with any one of the trusted identity information table, the identity verification information is determined to not pass verification. The unified identity system sends the verification result (namely passing verification or failing verification) to the identity unified verification gateway, and the identity unified verification gateway can correspondingly store the identification of the verification result passing verification and failing verification, or store the user identity information and the corresponding identification passing verification when the identification is passing verification in order to reduce the cache data volume.

It should also be understood that when the identity unified verification gateway receives the verified identifier, the identity unified verification gateway can confirm that the user identity information corresponding to the target request passes the verification according to the verified identifier, and send the target request to the application server so as to meet the request requirement of the user.

In a possible embodiment, as shown in fig. 6, the identity unified verification method includes:

Step 301, the unified identity authentication gateway intercepts a target request sent by a terminal.

Step 302, the unified identity authentication gateway decrypts the encrypted target request to obtain the request data.

The identity unified verification gateway can pre-store decryption keys of various communication protocols, and can meet the decryption requirements of the environment where the identity unified verification gateway is used.

Step 303, the unified identity verification gateway searches the preset identity verification feature of the access object according to the address of the access object in the request data.

The unified identity verification gateway can determine the accessed target object according to the address of the accessed object based on an address mapping information table preset in advance, and then determine the identity verification feature corresponding to the target object according to the identity verification feature mapping information table.

Step 304, the unified identity verification gateway determines whether the user identity can be determined according to the user identity information in the target request.

It should be understood that if the identity unified verification gateway stores user identity information, the user identity can be determined, the identity of the identity verification feature corresponding to the user identity information can be further queried according to the user identity to determine whether the user identity information is authenticated, and if the identity unified verification gateway does not store user identity information, the user identity cannot be determined, and if the user identity cannot be determined, the user identity information can be directly determined to be not authenticated.

If the user identity can be determined, then step 305 is performed;

If the user identity cannot be determined, step 306 is performed.

In step 305, the unified identity verification gateway determines whether the user identity information is authenticated.

The identity unified verification gateway can search the identity of the identity verification feature corresponding to the user identity information according to the user identity information, if the identity is a passing verification identity, the identity verification is determined, and if the identity is not passing the identity or is not present, the identity verification is determined not to be passed.

If the identity is verified, the target request is forwarded to the application server.

If not, step 306 is performed.

Step 306, the unified identity verification gateway sends a request for obtaining the identity verification mode of the target object to the unified identity system.

Wherein the request contains the attribute information of the target object and the device sending the target request.

In step 307, the unified identity system determines the target configuration type according to the attribute information of the target object and the device.

Step 308, the unified identity system sends the target configuration type to the identity unified verification gateway.

Step 309, the unified identity verification gateway sends the target configuration type to the terminal.

In step 310, the terminal generates a configuration port according to the target configuration type.

In step 311, the terminal receives the authentication information input by the user through the configuration port.

In step 312, the terminal sends the authentication information to the unified identity system.

In step 313, the unified identity system verifies the identity verification information.

The unified identity system matches the identity verification information with a preset trusted identity information table, if the identity verification information is successfully matched with any one of the trusted identity information table, the identity verification information is determined to pass verification, and if the identity verification information is not successfully matched with any one of the trusted identity information table, the identity verification information is determined to not pass verification.

In step 314, the unified identity system sends the verification result to the identity unified verification gateway.

Step 315, when the authentication information passes authentication, the authentication unified authentication gateway stores the user authentication information and the corresponding authentication passing identifier, and sends the authentication result to the terminal.

The stored user identity information may include, among other things, attribute information of the device and authentication information of the user, i.e. that a certain user using a certain device has been authenticated.

Step 316, the unified identity authentication gateway sends the authentication result to the terminal when the authentication information fails to pass the authentication.

In summary, the identity unified verification method provided by the embodiment of the application can perform zero-trust identity verification on the target request, effectively improve the access security inside and outside enterprises, and can realize the purpose of acquiring the identity information for verification without modifying equipment or an application program by sending the configuration port for receiving the identity information to the terminal when the user identity information of the target request fails to pass the verification, and effectively improve the universality of the identity unified verification.

Fig. 7 is a schematic structural diagram of an authentication gateway according to an embodiment of the present application.

As shown in fig. 7, the authentication gateway 10 includes:

the acquiring module 11 is configured to intercept a target request sent by a terminal, where the target request includes a target object and user identity information;

a determining module 12, configured to determine, according to the target object and the user identity information, whether the user identity information included in the target request passes verification;

And the first sending module 13 is used for sending a configuration port for receiving the identity information to the terminal when the user identity information fails to pass verification.

In some embodiments, the first sending module 13 is configured to:

In some embodiments, as shown in fig. 8, the gateway further comprises:

a first receiving module 14, configured to receive authentication information acquired based on the configuration port, where the authentication information includes the user identity information;

the second sending module 15 is configured to send the authentication information to a unified identity system, so that the unified identity system verifies the authentication information;

And the second receiving module 16 is configured to receive and store the user identity information and the corresponding verification passing identifier when the verification passing identifier passes.

In some embodiments, the determining module 12 is configured to:

It should be understood that the elements or modules depicted in the apparatus 10 correspond to the various steps in the method described with reference to fig. 2. Thus, the operations and features described above with respect to the method are equally applicable to the apparatus 10 and the units contained therein and are not described in detail herein. The apparatus 10 may be implemented in advance in a browser or other security application of the electronic device, or may be loaded into the browser or security application of the electronic device by means of downloading or the like. The corresponding elements in the apparatus 10 may cooperate with elements in an electronic device to implement aspects of embodiments of the present application.

The division of the modules or units mentioned in the above detailed description is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.

Referring now to fig. 9, fig. 9 shows a schematic diagram of a computer system suitable for use in implementing an electronic device or server of an embodiment of the application,

As shown in fig. 9, the computer system includes a Central Processing Unit (CPU) 901, which can execute various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 902 or a program loaded from a storage section 908 into a Random Access Memory (RAM) 903. In the RAM903, various programs and data required for operation instructions of the system are also stored. The CPU901, ROM902, and RAM903 are connected to each other through a bus 904. An input/output (I/O) interface 905 is also connected to the bus 904.

The following components are connected to the I/O interface 905; an input section 906 including a keyboard, a mouse, and the like; an output portion 907 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage portion 908 including a hard disk or the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as needed. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on the drive 910 so that a computer program read out therefrom is installed into the storage section 908 as needed.

In particular, the process described above with reference to flowchart fig. 2 may be implemented as a computer software program according to an embodiment of the application. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program contains program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from the network via the communication portion 909 and/or installed from the removable medium 911. The above-described functions defined in the system of the present application are performed when the computer program is executed by a Central Processing Unit (CPU) 901.

The computer readable medium shown in the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation instructions of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, blocks shown in two separate connections may in fact be performed substantially in parallel, or they may sometimes be performed in the reverse order, depending on the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units or modules involved in the embodiments of the present application may be implemented in software or in hardware. The described units or modules may also be provided in a processor, for example, as: a processor includes an acquisition module, a determination module, and a first transmission module. Where the names of the units or modules do not in some way constitute a limitation of the units or modules themselves, e.g. the acquisition module, may also be described as "intercepting a target request sent by the terminal, said target request comprising a target object and user identity information".

As another aspect, the present application also provides a computer-readable storage medium that may be included in the electronic device described in the above embodiment or may exist alone without being incorporated in the electronic device. The computer-readable storage medium stores one or more programs that when executed by one or more processors perform the identity unified authentication method described in the present application.

The above description is only illustrative of the preferred embodiments of the present application and of the principles of the technology employed. It will be appreciated by persons skilled in the art that the scope of the disclosure referred to in the present application is not limited to the specific combinations of technical features described above, but also covers other technical features which may be formed by any combination of the technical features described above or their equivalents without departing from the spirit of the disclosure. Such as the above-mentioned features and the technical features disclosed in the present application (but not limited to) having similar functions are replaced with each other.

Claims

1. An identity unified verification method is characterized by comprising the following steps:

2. The method according to claim 1, wherein said sending a configuration port for receiving identity information to said terminal when said user identity information is not authenticated, comprises:

3. The method according to claim 1, wherein the method further comprises:

4. The method of claim 1, wherein said determining whether said user identity information contained in said target request is verified based on said target object and said user identity information comprises:

when the identity verification feature corresponding to the user identity information is identified as passing verification, determining that the user identity information passes verification;

5. An identity unified authentication gateway, comprising:

6. The gateway of claim 5, wherein the first sending module is configured to:

7. The gateway of claim 5, further comprising:

8. The gateway of claim 5, wherein the determining module is configured to:

9. An identity unified verification system, comprising:

a gateway performing the identity unified verification method of any one of claims 1-4;

10. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the identity unified authentication method according to any one of claims 1-4.