下面結合圖式,對本說明書揭露的多個實施例進行描述。 圖1為本說明書揭露的一個實施例提供的實人認證方法的應用場景示意圖。圖1中,當伺服器(如,伺服器可以為支付寶應用的伺服器)檢測到用戶通過終端(如,終端可以為手機、平板電腦、可穿戴智慧型設備等)對第一帳號(如,第一帳號可以為支付寶帳號)進行帳號操作(如,帳號操作可以為註冊第一帳號,或者使用第一帳號中的資金進行消費)的操作請求時,可以採用本說明書揭露的多個實施例提供的實人認證方法,對第一帳號進行實人認證,以檢驗對第一帳號進行帳號操作的操作請求的用戶是否與第一帳號的註冊資訊中的實人資訊(如,實人資訊可以為姓名和身份證號)相匹配。 本說明書揭露的多個實施例提供的實人認證方法,均基於建構的帳號圖譜執行。下面對建構帳號圖譜用於實人認證的方法進行介紹。 圖2為本說明書揭露的一個實施例提供的帳號圖譜的結構圖。如圖2所示,帳號圖譜由內向外包括核心層、中間層和外層。 圖3為本說明書揭露的一個實施例提供的建構帳號圖譜用於實人認證的方法流程圖。該方法的執行主體可以為具有處理能力的設備:伺服器或者系統或者裝置,該方法包括: 步驟S310,獲取用戶的實人資訊,該實人資訊包括證件資訊和/或生物特徵識別資訊。 具體的,獲取用戶的實人資訊,實人資訊可以唯一確認現實世界中的一個實體。其中,實體可以為自然人或組織機構,實人資訊可以包括自然人的證件(如,證件可以為身份證、駕駛證、房產證)資訊,生物特徵(例如,生物特徵可以為人臉、指紋、虹膜)識別資訊等。或者,實人資訊可以包括組織機構的統一社會信用代碼,組織機構名稱、機構登記證號等。 步驟S320,獲取用戶的帳號資訊,該帳號資訊包括帳號。 具體的,獲取用戶的帳號資訊,該帳號資訊可以包括帳號。其中的每個帳號由該帳號的頒發機構根據用戶的實人資訊產生並頒發,且每個帳號在該帳號的頒發機構內是唯一的。但因不同頒發機構頒發的帳號可能出現相同的情況,所以,對於帳號圖譜中的帳號,其表達形式可以為:頒發機構+帳號,例如,由支付寶頒發的帳號12345678,其在帳號圖譜中的表達形式為:支付寶12345678。因此,帳號資訊中每個帳號的表達形式都是唯一的。 步驟S330,獲取該用戶對該帳號進行操作的行為資料。 具體的,獲取該用戶對帳號進行操作的行為資料,該資料是由帳號產生的。行為資料可以包括:一個帳號與另一個帳號建立好友關係、帳號密碼的更改、帳號的資金交易行為等。例如,某用戶通過淘寶網的帳號購買了一件襯衫。 步驟S340,在實人資訊與帳號資訊之間建立第一關聯,在帳號資訊與行為資料之間建立第二關聯。 具體的,建立帳號之間的關聯,並根據中間層中帳號之間的關聯,對帳號進行分層,然後在分層後的帳號與核心層中的實人資訊之間建立第一關聯,第一關聯包括直接關聯或間接關聯。此時,中間層的多個帳號包括與實人資訊直接關聯的直接帳號,以及通過直接帳號與實人資訊間接關聯的間接帳號。以及,根據帳號的行為資料與帳號資訊,建立帳號資訊中的帳號與獲取的行為資料之間的第二關聯。 例如,支付寶根據用戶的實人資訊產生並頒發的客戶號為12345678,與該客戶號相關聯的用戶號(如,用戶名可以包括用戶名和密碼)可以為多個,比如,某用戶有兩個手機號,該用戶可以使用兩個手機號註冊支付寶用戶帳號。每個用戶號可以關聯有多個資金帳號(如,資金帳號可以為餘額寶帳號、螞蟻金服帳號、健康保險帳號)。其中,客戶號與實人資訊直接關聯,用戶號通過客戶號與實人資訊間接關聯,資金帳號通過用戶號和客戶號與實人資訊間接關聯。圖2中僅示出了對中間帳號分兩層的情況,對此不作限定。 步驟S350,以實人資訊作為核心層,帳號資訊作為中間層,行為資料作為外層,以第一關聯和第二關聯作為層間關聯,建構帳號圖譜用於實人認證。 需要說明的是,本說明揭露的一個實施例中,步驟S320中的帳號資訊還可以包括帳號的價值,帳號的價值包括實人關聯度和業務價值。 其中,帳號的實人關聯度可以根據該帳號的頒發機構確定。頒發機構越權威,則該帳號的實人關聯度越高。例如,對於頒發機構為政府部門(政府部門,如中國鐵路客服服務中心,社會保險經辦機構、國家銀行)的帳號,該帳號的實人關聯度可以評定為5。對於頒發機構為世界500強的企業(企業,如阿里巴巴),該帳號的實人關聯度可以評定為4。 帳號的業務價值可以根據該帳號的行為資料進行評估。行為資料可以包括建立好友關係,資金交易等。例如,對於支付寶中綁定的多個銀行卡帳號,其業務價值可以根據其交易類型、交易次數和交易金額確定。比如,某個支付寶的個人帳號在1月1日綁定了多張銀行卡,包括招商銀行、建設銀行和工商銀行,1月份這些銀行卡帳號的交易情況如表1所示,相應的,可以根據交易情況確定這些銀行帳號的業務價值。 表1
同時,因帳號圖譜中的帳號的數量可能會增加或者減少,帳號之間的關聯結構也可能發生改變,帳號的行為資料通常會不斷增加。所以,需要對帳號的價值進行更新。 圖4為本說明書揭露的一個實施例提供的帳號的價值更新流程圖。該方法中定期採用迭代的方式對帳號的價值進行更新。圖譜外層新增的行為資料和中間層中帳號關聯結構的變更,驅動帳號價值的迭代。如圖4所示,該方法包括以下步驟: 步驟S410,從中間層的帳號中的最外層帳號開始,計算最外層帳號的價值。 具體的,中間層的帳號中一共包括N層帳號,且N≥1。其中,第一層帳號為與實人資訊直接關聯的帳號,第N層帳號為最外層帳號。首先,計算第N層帳號的價值。 步驟S420,判斷當前帳號是否為最內層帳號。如果不是最內層帳號,則執行步驟S430,如果是最內層帳號,則此次迭代更新完成。 具體的,判斷N是否等於1。如果N等於1,則說明當前帳號是最內層帳號,則此次迭代更新完成,並可以結束流程。如果N不等於1,則說明當前帳號不是最內層帳號,且執行步驟S430。 步驟S430,向內推進一層。 具體的,將N的數值減1,即N=N-1,然後繼續執行步驟S410,直到N=1,即此次迭代更新完成。 需要說明的是,伺服器可以根據某個帳號外層的行為資料,以及與其關聯的其他帳號的價值,確定該帳號的價值。如,當中間層的帳號包括多個帳號,且多個帳號包括與實人資訊直接關聯的直接帳號,以及通過直接帳號與實人資訊間接關聯的間接帳號時,直接帳號的價值包括通過該直接第二帳號與實人資訊間接關聯的間接帳號的價值的和。 此外,在確定帳號的價值時,還可以考慮帳號的實人可信度。例如,當用戶選擇某個帳號的帳號資訊和行為資料進行實人認證(如,圖7或圖9所示的實施例)時,多次無法通過實人認證,但是,當該用於選擇該帳號所在帳號圖譜中的其他帳號進行實人認證時,可以順利通過實人認證。此時,該帳號存在被非法用戶冒用的風險,實人可信度低。即使根據該帳號的行為數據計算得到的業務價值很高,但因該帳號的實人可信度低,故可以在計算得到的該帳號原價值的基礎上,按照一定的比例進行折算,並將折算後的價值作為該帳號的價值。 本說明書揭露的一個實施例提供的帳號的價值更新方法,通過從最外層的帳號開始,進行價值的計算和更新,並依次向內層推進,根據帳號的外層行為資料以及與該帳號相關聯的其他帳號的價值確定該帳號的價值,實現了帳號價值的更新。 本說明書提供的一種建構帳號圖譜用於實人認證的方法,通過對用戶的相關資訊(如,證件資訊,生物特徵識別資訊、帳號的頒發機構、帳號的用戶編號、帳號的行為資料等)進行採集,以及創建這些資訊的關聯,建構包括核心層、中間層和外層的帳號圖譜,並可以通過創建的資訊的關聯對中間層帳號的價值進行更新,且該帳號圖譜可以用於實人認證。 本說明書揭露的多個實施例提供的實人認證方法,均基於建構的帳號圖譜執行。對帳號進行實人認證的依據是:如果對需要進行實人認證的帳號進行帳號操作的操作請求的用戶,與該帳號註冊資訊中的實人資訊對應的用戶為同一用戶,則該用戶應該知道與實人資訊對應的帳號圖譜中所有帳號的相關資訊,例如,該用戶已經註冊使用的帳號名稱以及近期的行為資料等。否則,對需要進行實人認證的帳號進行帳號操作的操作請求的用戶,正在冒用該帳號註冊資訊中的實人資訊。 採用本說明書揭露的多個實施例提供的實人認證方法,通過查找與帳號註冊資訊中的實人資訊對應的帳號圖譜,獲取其中的帳號資訊和行為資料,並根據帳號資訊和行為資料產生驗證內容,對正在被用戶操作的第一帳號進行實人認證,從而提高了對用戶身份進行認證的可信度。 圖5為本說明書揭露的一個實施例提供的實人認證方法流程圖。該方法的執行主體可以為具有處理能力的設備:伺服器或者系統或者裝置,例如,圖1中的伺服器。如圖5所示,該方法具體包括: 步驟S510,當檢測到用戶對第一帳號進行帳號操作的操作請求時,根據第一帳號的註冊資訊中所包含的實人資訊,查找與實人資訊對應的帳號圖譜。 需要說明的是,帳號圖譜包括核心層、中間層和外層,核心層包括實人資訊,中間層包括與實人資訊關聯的第二帳號的資訊,外層包括與第二帳號關聯的行為資料。 第一帳號可以是帳號圖譜中的帳號,如,用戶可以通過帳號圖譜中的第一帳號進行資金交易;或者,第一帳號可以不是帳號圖譜中的帳號,例如,用戶首次對第一帳號進行註冊,此前,並不存在第一帳號。同時,第一帳號的註冊主體可以為自然人,也可以為組織機構,例如,第一帳號可以為支付寶中的用戶帳號,包括個人帳號和企業帳號。 本步驟的執行主體以支付寶應用的伺服器為例。在執行本步驟之前,第一帳號不是帳號圖譜中的帳號,且以支付寶的個人帳號為例,用戶可以通過註冊支付寶的個人帳號。 具體的,用戶在註冊支付寶帳號時,首先需要填寫實人資訊。伺服器檢測到對支付寶帳號進行註冊操作的操作請求,則根據實人資訊查找與該資訊對應的帳號圖譜。 其中,伺服器根據實人資訊查找與該資訊對應的帳號圖譜,可以包括:驗證實人資訊是否合法,如果該實人資訊合法,則查找與實人資訊對應的帳號圖譜。 在一個例子中,用戶打開手機上的支付寶應用,輸入手機號,在註冊成功後,手機號將作為用戶用於登錄支付寶應用的個人帳戶。然後,輸入手機檢驗碼以通過對於手機號的驗證。之後,用戶輸入實人資訊,可以包括真實姓名、證件類型和證件號碼。如:用戶輸入的姓名為“張三”、證件類型為“身份證”,證件號碼為 “123456200011071234”。伺服器對用戶輸入的實人資訊進行驗證,驗證結果為該實人資訊為合法資訊。伺服器根據該實人資訊查找與之對應的帳號圖譜。 步驟S520,根據帳號圖譜中的行為資料,向用戶提供實人認證的驗證內容。 具體的,帳號圖譜的中間層中第二帳號的數量可以為一個,也可以為多個。當第二帳號的數量為一個時,伺服器可以根據該第二帳號的行為資料,向用戶提供實人認證的驗證內容。當第二帳號的數量為多個時,伺服器可以隨機根據第二帳號中的至少一個第二帳號的行為資料,向用戶提供實人認證的驗證內容。 在一個例子中,帳號圖譜的中間層中包括淘寶帳號,伺服器根據淘寶帳號的,如最近一個月內的交易資料,向用戶提供實人認證的驗證內容,如圖6所示,驗證內容為選出用戶最近一個月內使用該淘寶帳號購買的商品。 步驟S530,接收用戶對驗證內容的驗證操作結果,並根據該操作結果判斷用戶是否通過實人認證。 具體的,接收用戶對驗證內容的驗證操作結果,並將該操作結果與行為資料進行比對,根據預設的實人認證判別條件,判斷用戶是否通過實人認證。 在一個例子中,驗證內容如圖6所示,伺服器接收的操作結果為:用戶點擊了其中的“襯衫”、“牛奶”和“手錶”。而實際的行為資料包括:用戶最近一個月內在淘寶網上購買了“襯衫”、“牛奶”和“手錶”。伺服器預設的實人認證判別條件為:如果用戶正確選擇了購買的所有商品,則該用戶通過實人認證,如果用戶錯選或漏選了購買的商品,則該用戶沒有通過實人認證。由此可知,伺服器的判斷結果為:該用戶通過實人認證。 在另一個例子中,驗證內容如圖6所示,伺服器接收的操作結果為:用戶點擊了其中的“大閘蟹”、“襯衫”和“汽水”。而實際的行為資料包括:用戶最近一個月內在淘寶網上購買了“襯衫”、“牛奶”和“手錶”。服務器預設的實人認證判別條件為:如果用戶正確選擇了購買的所有商品,則該用戶通過實人認證,如果用戶錯選或漏選了購買的商品,則該用戶沒有通過實人認證。由此可知,伺服器的判斷結果為:該用戶沒有通過實人認證。 在上述實施例中,在執行步驟S530時,還可以包括:如果用戶沒有通過實人認證,則呈現提示資訊,提示資訊用於提示用戶需要繼續或者重新進行實人認證。 或者,如果用戶通過實人認證,且對第一帳號進行的帳號操作為新增第一帳號的操作,則呈現提示資訊,並將第一帳號的資訊添加到帳號圖譜中。 具體的,如果用戶通過實人認證,則呈現提示資訊,提示資訊的內容可以為用戶已經通過實人認證。例如,用戶對第一帳號進行註冊,當伺服器檢測到用戶在對第一帳號進行註冊操作時,發起對該用戶的實人認證,如果該用戶通過實人認證,則提示用戶已經通過實人認證,且第一帳號註冊成功。 同時,將第一帳號的資訊添加到,與第一帳號的註冊資訊中的實人資訊相關聯的帳號圖譜中。並且,可以建立第一帳號與其他第二帳號的關聯關係,以及記錄與第一帳號相關聯的行為資料。 本說明書揭露的一個實施例提供的實人認證方法,當檢測到用戶對第一帳號進行帳號操作的操作請求時,根據第一帳號中的註冊資訊中包含的實人資訊,查找與實人資訊對應的帳號圖譜,根據帳號圖譜中的行為資料,向用戶提供實人認證的驗證內容,以對用戶進行實人認證,從而提高了對用戶身份進行認證的可信度。 圖7為本說明書揭露的另一個實施例提供的實人認證方法流程圖。該方法的執行主體可以為具有處理能力的設備:伺服器或者系統或者裝置,例如,圖1中的伺服器。該第二帳號為多個第二帳號,如圖7所示,該方法具體包括: 步驟S710,當檢測到用戶對第一帳號進行帳號操作的操作請求時,根據第一帳號的註冊資訊中所包含的實人資訊,查找與實人資訊對應的帳號圖譜。 本步驟的執行主體以支付寶應用的伺服器為例,第一帳號是帳號圖譜中的帳號,且以支付寶的個人帳號為例,用戶可以通過支付寶的個人帳號進行資金交易。 具體的,用戶使用已註冊的個人帳號登錄支付寶應用,並進行資金交易,伺服器檢測到對對支付寶帳號進行資金交易操作的操作請求,則根據實人資訊查找與該資訊對應的帳號圖譜。其中,伺服器根據實人資訊查找與該資訊對應的帳號圖譜,可以包括:伺服器根據註冊資訊中的實人資訊,對用戶進行實人資訊認證,如果該用戶通過實人資訊認證,則根據實人資訊查找與該資訊對應的帳號圖譜。 例如,用戶使用個人帳號13811111111登錄支付寶應用,發起將支付寶餘額中的全部資金10,000元轉帳到一個陌生帳號(陌生帳號可以為非好友帳號)的操作。伺服器檢測到對該帳號的大額交易操作,並判斷此操作具有較高風險,首先根據該帳號註冊資訊中的實人資訊,對用戶進行實人資訊認證。實人資訊認證可以包括:要求用戶輸入用戶的姓名和身份證號,或者系統發送交易驗證碼至個人帳號中的手機號,要求用戶輸入該驗證碼。如果用戶通過實人資訊認證,則根據實人資訊查找與該資訊對應的帳號圖譜。 步驟S720,伺服器從多個第二帳號中選出至少兩個第二帳號。 具體的,伺服器可以從多個第二帳號中隨機選出至少兩個第二帳號。 在一個例子中,帳號圖譜的中間層中包括多個第二帳號,如中間層包括支付寶帳號、淘寶帳號、中國鐵路客服中心帳號、飛豬旅行帳號、銀行卡帳號等。伺服器可以從第二帳號中隨機選擇淘寶帳號和去哪兒網帳號。 或者,伺服器可以根據多個第二帳號的價值,選出至少兩個第二帳號,該價值包括業務價值和實人關聯度。 在一個例子中,第一帳號為支付寶帳號,該支付寶帳號為高價值帳號,伺服器可以根據多個第二帳號中每個第二帳號的價值,選擇兩個價值較低的帳號。如表1中所示,招商銀行帳號、建設銀行和工商銀行帳號的業務價值分別為2、10和4,且三者具有相同的實人關聯度。可以從中選出招商銀行帳號和工商銀行帳號,以呈現給用戶進行選擇。 步驟S730,向用戶呈現選出的至少兩個第二帳號的資訊,並接收用戶選擇的第二帳號。 具體的,伺服器向用戶呈現選出的至少兩個第二帳號的資訊,第二帳號的資訊可以包括第二帳號的頒佈機構的資訊,帳號名稱等,並確定用戶選擇的第二帳號。 例如,伺服器選出的至少兩個第二帳號包括飛豬旅行帳號:11111@qq.com和淘寶網帳號:22222@126.com,伺服器向用戶呈現飛豬旅行的圖標和淘寶網的圖標,如圖8所示,並接收用戶選擇的第二帳號為淘寶網帳號。 在一個例子中,伺服器向用戶呈現選出的至少兩個第二帳號的資訊,可以包括:伺服器對選出的至少兩個帳號的資訊進行脫敏處理,並向用戶呈現進行脫敏處理後的至少兩個第二帳號的資訊。 其中,脫敏處理是指對某些敏感資訊通過脫敏規則進行資料的變形,以實現敏感隱私資料的可靠保護,比如,對帳號的某幾位進行隱藏處理。 例如,終端對選出的招商銀行帳號: 1234567890987654321和工商銀行帳號: 9876543210123456789的資訊進行脫敏處理,將招商銀行帳號和工商銀行帳號中的某幾位隱藏,脫敏處理後的招商銀行帳號和工商銀行帳號分別可以為: ***************4321,***************6789。然後,將脫敏處理後的支付寶帳號和淘寶帳號呈現給用戶,並接收用戶選擇的第二帳號,第二帳號為工商銀行帳號。 步驟S740,根據用戶選擇的第二帳號查找帳號圖譜中與該帳號關聯的行為資料,並根據該行為資料向用戶提供實人認證的驗證內容。 具體的,伺服器根據用戶選擇的第二帳號查找帳號圖譜中與該帳號關聯的行為資料,並根據該行為資料產生實人認證的驗證內容,實人認證的驗證內容可以包括用戶是否使用第二帳號做出某些行為,如建立好友關係,進行某項交易等,收藏某些資料資訊等。 在一個例子中,伺服器接收用戶選擇的第二帳號為工商銀行帳號,第一帳號為已註冊使用的支付寶帳號。伺服器產生的實人認證的驗證內容包括:向該工商銀行的帳號打款,打款數額可以為0.01-0.99,並讓用戶在支付寶應用的認證頁面輸入具體的打款數額。 步驟S750,接收用戶對驗證內容的驗證操作結果,並根據該操作結果判斷用戶是否通過實人認證。 具體的,接收用戶對驗證內容的驗證操作結果,並將該操作結果與行為資料進行比對,根據預設的實人認證判別條件,判斷用戶是否通過實人認證。 在一個例子中,預設的實人認證判別條件為:如果用戶在支付寶的實人認證頁面,輸入正確的打款金額,則用戶通過實人認證。否則,用戶沒有通過實人認證。例如,某次驗證過程中正確的打款金額為0.07元,且伺服器接收用戶輸入的打款金額為0.07元,則伺服器判斷該用戶通過實人認證。又例如,某次驗證過程中正確的打款金額為0.06元,且伺服器接收用戶輸入的打款金額為0.02元,則伺服器判斷該用戶沒有通過實人認證。 在上述實施例中,在執行步驟S550時,還可以包括:如果用戶通過實人認證,則呈現提示資訊,提示用戶實人認證通過,並繼續執行原有操作。例如,用戶在使用支付寶帳號發起向陌生帳號轉帳的大額交易,伺服器檢測到用戶對支付寶帳號的操作,且該操作為高風險操作,則發起對該用戶的實人認證,如果該用戶通過實人認證,則繼續執行該轉帳操作。 本說明書揭露的一個實施例提供的實人認證方法,當檢測到用戶對第一帳號進行帳號操作的操作請求時,根據第一帳號中的註冊資訊中包含的實人資訊,查找與實人資訊對應的帳號圖譜,當帳號圖譜中包括多個第二帳號時,隨機選出或者根據第二帳號的價值選出至少兩個第二帳號,以供用戶進一步選擇,並根據帳號圖譜中與用戶選擇的第二帳號相關聯的行為資料,產生實人認證的驗證內容,以對用戶進行實人認證,從而提高了對用戶身份進行認證的可信度。 本說明書揭露的多個實施例提供的實人認證方法,可以應用於帳號圖譜中第二帳號的添加。圖9為本說明書揭露的一個實施例提供的帳號圖譜中帳號添加方法流程圖。該方法的執行主體可以為具有處理能力的設備:伺服器或者系統或者裝置,例如,圖1中的伺服器。 伺服器執行將第一帳號加入帳號圖譜中的操作,通常是在該帳號已經通過前置認證或者系統對該帳號進行授權的前提下進行的。其中,前置認證包括驗證該帳號的註冊資訊中實人資訊的合法性,系統對該帳號進行授權包括系統允許其加入帳號圖譜或從帳號圖譜中刪除。如圖9所示,該方法具體包括: 步驟S910,判斷對第一帳號的操作是系統操作還是用戶操作。如果是系統操作,則執行步驟S920。如果是用戶操作則執行步驟S930。 具體的,系統檢測到其新頒佈的第一帳號尚未添加到帳號圖譜,發起將該帳號添加到帳號圖譜中的操作。或者,某個用戶在註冊帳號時,該帳號的使用平台要求用戶進行實人認證。 步驟S920,校驗系統權限。 具體的,校驗對第一帳號進行帳號操作的操作請求的系統的權限。如果系統的權限足夠高,比如該系統為政府系統,則可以直接響應對第一帳號的操作,將第一帳號加入帳號圖譜中。如果系統的權限不夠高,比如該系統為一個信用等級較低的公司的系統,則第一帳號與帳號圖譜關聯失敗。 在一個例子中,用戶去銀行開設銀行帳號,銀行採用的身份認證方法可以極高的準確率確定該用戶提供的實人資訊與該用戶本人的身份一致。用戶在銀行成功開設銀行帳號後,銀行系統可以發起將該銀行帳號添加至帳號圖譜的操作,伺服器對銀行系統的權限進行校驗,確定其具有足夠高的權限,並將該銀行帳號添加至與該用戶的實人資訊關聯的帳號圖譜。 步驟S930,根據帳號圖譜中的資料,確定實人認證的挑戰範圍。 具體的,根據第一帳號的註冊資訊中實人資訊,查找與實人資訊相關聯的帳號圖譜。根據帳號圖譜中的資料,確定實人認證的挑戰範圍。該挑戰範圍可以包括帳號圖譜中核心層的實人資訊,如,住址資訊,以及中間層的第二帳號,如,淘寶帳號的資訊。 步驟S940,確定用戶選擇的挑戰範圍。 具體的,用戶可以從伺服器確定的挑戰範圍中,進一步選擇挑戰範圍。例如,用戶選擇驗證淘寶帳號 example****@taobao.com。 步驟S950,根據用戶選擇的挑戰範圍,確定實人認證的挑戰任務。 具體的,根據用戶選擇的淘寶帳號 example****@taobao.com,從基於該帳號的行為資料中產生挑戰任務,如,挑戰任務為選出最近的購物記錄。 步驟S960,接收用戶對挑戰任務的操作結果,判斷用戶是否通過該挑戰。 具體的,用戶在完成挑戰任務後,比如確認最近購物記錄,輸入家庭地址,支付寶打款認證等,伺服器對挑戰任務的操作結果進行判斷。如果服務器判斷出用戶通過該挑戰,則將第一帳號關聯到帳號圖譜。 如果伺服器判斷用戶沒有通過該挑戰,如任務部分成功或失敗、任務超時,發生任務相關的風險事件(如,風險事件可以為第一帳號發生凍結),則執行步驟S970。 步驟S970,判斷是否繼續進行挑戰。 具體的,如果伺服器判斷出允許用戶繼續進行挑戰,則執行步驟S930,以進入下一個循環。如果伺服器判斷出不允許用戶繼續進行挑戰或者用戶放棄挑戰,則執行步驟S980。 步驟S980,判斷是否強制關聯。 具體的,如果第一帳號不能強制關聯帳號圖譜,則第一帳號與帳號圖譜關聯失敗。如果第一帳號可以強制關聯帳號圖譜,則第一帳號與帳號圖譜關聯成功,並對該第一帳號進行標記。 在一個例子中,某些業務可能並不依賴帳號的實人認證結果。對於這些需求,該帳號仍舊可以進入帳號圖譜,即將該帳號加入帳號圖譜,同時設置冒用或其他標記。這些標記可以使用在某些場景中,例如,伺服器在步驟S830中根據這些標記,不使用帶有這些標記的帳號確定挑戰範圍,以及提醒該帳號的業務使用方,該帳號存在冒用風險。又例如,在圖4中對帳號的價值進行更新時,對於帶有這些標記的帳號,在原計算得到的價值的基礎上,按照一定的比例進行折算。 需要說明的是,在步驟S930中,還可以包括:根據第一帳號的價值,確定用戶需要進行多輪挑戰。 具體的,伺服器根據第一帳號的價值,確定用戶需要進行多輪挑戰,多輪挑戰中的挑戰範圍可以根據第二帳號的價值進行選取。如,選取價值較高的第二帳號,或者選取價值較低的第二帳號,或者搭配選取價值較高和價值交底的第二帳號。並且,伺服器可以根據用戶完成挑戰任務的結果,對低價值的第二帳號進行凍結操作。 在一個例子中,伺服器檢測到高價值帳號正在進行高風險操作,如伺服器檢測到支付寶帳號正在將全部餘額轉入陌生帳號,則伺服器發起對該帳號的實人認證。實人認證包括多輪挑戰,如3輪基於同樣高價值帳號的挑戰,以及1輪基於低價值帳號的挑戰。如果用戶順利通過3輪基於同樣高價值帳號的挑戰,但沒有通過基於低價值帳號的挑戰,此時,可以判斷出該低價值帳號有可能是冒用的,因此可以對低價值帳號進行凍結。 在步驟S960中,還可以包括:如果用戶通過當前挑戰,則繼續執行步驟S930,直到用戶成功通過所有挑戰,則將該帳號添加至帳號圖譜中。 本說明書揭露的一個實施例提供的帳號圖譜中帳號添加方法,通過判斷對第一帳號進行帳號操作的操作請求的主體,當主體為系統時,可以根據系統的高權限直接將第一帳號加入帳號圖譜。當主體為用戶時,可以發起實人認證,並根據實人認證的結果判斷是否將第一帳號添加至帳號圖譜中,從而增加了帳號圖譜中帳號資訊的可靠度,保障了用戶資訊的安全。 與上述建構帳號圖譜用於實人認證的方法對應地,本說明書揭露的多個實施例還提供一種建構帳號圖譜用於實人認證的裝置,如圖10所示,該裝置包括: 第一獲取單元1010,用於獲取用戶的實人資訊,實人資訊包括證件資訊和/或生物特徵識別資訊; 第二獲取單元1020,用於獲取用戶的帳號資訊,帳號資訊包括帳號; 第三獲取單元1030,用於獲取用戶對帳號進行操作的行為資料; 關聯單元1040,用於在實人資訊與帳號資訊之間建立第一關聯,在帳號資訊和行為資料之間建立第二關聯; 建構單元1050,用於以實人資訊為核心層,帳號資訊為中間層,行為數據為外層,以第一關聯和第二關聯作為層間關聯,建構帳號圖譜用於實人認證。 在一個可能的設計中,第二獲取單元1020獲取的帳號資訊還包括帳號的價值,價值包括業務價值和實人關聯度,業務價值由帳號的行為資料確定,實人關聯度由帳號的頒佈機構確定。 在一個可能的設計中,第二獲取單元1020獲取的帳號包括多個帳號,多個帳號中包括與實人資訊直接關聯的直接帳號,以及通過直接帳號與實人資訊間接關聯的間接帳號,直接帳號的價值包括通過該直接第二帳號與實人資訊間接關聯的間接帳號的價值的和。 在一個可能的設計中,建構單元1050還用於,當檢測到將某一帳號加入帳號圖譜的帳號操作請求時,對該帳號進行實人認證,當該帳號通過實人認證時,將該帳號加入帳號圖譜中。 與上述實人認證方法對應地,本說明書揭露的多個實施例還提供一種實人認證裝置,如圖11所示,該裝置包括: 查找單元1110,用於當檢測到用戶對第一帳號進行帳號操作的操作請求時,根據第一帳號的註冊資訊中所包含的實人資訊,查找與實人資訊對應的帳號圖譜;帳號圖譜包括與實人資訊關聯的第二帳號的資訊,以及與第二帳號關聯的行為資料; 處理單元1120,用於根據行為資料,向用戶提供實人認證的驗證內容; 判斷單元1130,接收用戶對驗證內容的驗證操作結果,並根據驗證操作結果判斷用戶是否通過實人認證。 在一種可能的設計中,查找單元1110查找到的第二帳號為多個第二帳號,處理單元1120具體包括: 選擇子單元1121,用於從多個第二帳號中選出至少兩個第二帳號; 呈現子單元1122,用於向用戶呈現至少兩個第二帳號的資訊,並接收用戶選擇的第二帳號; 產生子單元1123,用於查找與用戶選擇的第二帳號關聯的行為資料,並根據該行為資料產生實人認證的驗證內容在一種可能的設計中,處理單元1120包括的選擇子單元1121具體用於: 根據多個第二帳號的價值,選出至少兩個第二帳號,價值包括業務價值和實人關聯度,業務價值由帳號的行為資料確定,實人關聯度由帳號的頒佈機構確定。 在一種可能的設計中,查找單元1110查找到的多個第二帳號中包括與實人資訊直接關聯的直接第二帳號,以及通過直接第二帳號與實人資訊間接關聯的間接第二帳號,直接第二帳號的價值包括通過該直接第二帳號與實人資訊間接關聯的間接第二帳號的價值的和。 在一種可能的設計中,呈現子單元1122還用於,對至少兩個第二帳號的資訊進行脫敏處理,向用戶呈現進行脫敏處理後的至少兩個第二帳號的資訊。 在一種可能的設計中,查找單元1110包括: 驗證子單元1111,用於驗證第一帳號的註冊資訊中所包含的實人資訊是否合法; 查找子單元1110,用於如果實人資訊合法,則查找與實人資訊對應的帳號圖譜。 在一種可能的設計中,查找單元1110檢測到的帳號操作為新增第一帳號的操作,裝置還包括: 添加單元1140,用於如果用戶通過實人認證,則將第一帳號的資訊添加到帳號圖譜中。 在一種可能的設計中,查找單元1110查找到的實人資訊包括證件資訊和生物特徵識別資訊;第二帳號的資訊包括第二帳號的頒佈機構和用戶編號;行為資料包括第二帳號的好友關係和消費資料。 本領域技術人員應該可以意識到,在上述一個或多個示例中,本說明書揭露的多個實施例所描述的功能可以用硬體、軟體、韌體或它們的任意組合來實現。當使用軟體實現時,可以將這些功能儲存在計算機可讀介質中或者作為計算機可讀介質上的一個或多個指令或代碼進行傳輸。 以上所述的具體實施方式,對本說明書揭露的多個實施例的目的、技術方案和有益效果進行了進一步詳細說明,所應理解的是,以上所述僅為本說明書揭露的多個實施例的具體實施方式而已,並不用於限定本說明書揭露的多個實施例的保護範圍,凡在本說明書揭露的多個實施例的技術方案的基礎之上,所做的任何修改、等同替換、改進等,均應包括在本說明書揭露的多個實施例的保護範圍之內。Several embodiments disclosed in the specification are described below with reference to the drawings. FIG. 1 is a schematic diagram of an application scenario of a real person authentication method provided by an embodiment disclosed in this specification. In FIG. 1, when a server (for example, the server may be a server for an Alipay application) detects that a user has a first account (for example, When the first account number is an Alipay account number, an account operation (for example, the account number operation can be to register the first account number or use the funds in the first account number to make an operation request) may be provided by using multiple embodiments disclosed in this specification. Real-person authentication method to perform real-person authentication on the first account to check whether the user requesting the operation of the account operation on the first account is the real-person information in the registration information of the first account (for example, the real-person information may be Name and ID number). The real-person authentication methods provided by the embodiments disclosed in this specification are all executed based on the constructed account map. The following describes the method of constructing an account map for real-person authentication. FIG. 2 is a structural diagram of an account map provided by an embodiment disclosed in this specification. As shown in Figure 2, the account map includes a core layer, a middle layer, and an outer layer from the inside to the outside. FIG. 3 is a flowchart of a method for constructing an account map for real-person authentication provided by an embodiment disclosed in this specification. The execution subject of the method may be a device with a processing capability: a server or a system or a device. The method includes: Step S310, obtaining real user information of the user, the real information includes credential information and / or biometric identification information. Specifically, the real person information of the user is obtained, and the real person information can uniquely identify an entity in the real world. Among them, the entity may be a natural person or an organization, the real person information may include information of a natural person's certificate (for example, the certificate can be an identity card, a driving license, a real estate certificate), and biological characteristics (for example, the biological characteristics can be a human face, fingerprint, iris ) Identification information, etc. Alternatively, the real person information may include the unified social credit code of the organization, the name of the organization, and the registration number of the organization. Step S320: Acquire account information of the user, where the account information includes an account. Specifically, the user's account information is obtained, and the account information may include an account number. Each account number is generated and issued by the account authority based on the user's real person information, and each account number is unique within the account authority. However, because the accounts issued by different issuing organizations may have the same situation, for an account in the account map, the expression can be: issuer + account, for example, the account 12345678 issued by Alipay, its expression in the account map The format is: Alipay 12345678. Therefore, the expression of each account in the account information is unique. Step S330: Acquire behavior data of the user's operation on the account. Specifically, the behavior data of the user's operation on the account is obtained, and the data is generated by the account. The behavior data may include: establishing an amicable relationship between one account and another account, changing the account password, and the fund transaction behavior of the account. For example, a user purchased a shirt through an account on Taobao.com. Step S340: Establish a first association between real person information and account information, and establish a second association between account information and behavior data. Specifically, the associations between the accounts are established, and the accounts are layered according to the associations between the accounts in the middle layer, and then the first association is established between the layered accounts and the real person information in the core layer. An association includes a direct association or an indirect association. At this time, the multiple accounts in the middle layer include a direct account directly associated with real person information, and an indirect account that is indirectly associated with real person information through the direct account. And, according to the behavior data and account information of the account, a second association between the account in the account information and the obtained behavior data is established. For example, Alipay generates and issues a customer number of 12345678 based on the actual information of the user. The user number (for example, the user name can include a user name and a password) associated with the customer number can be multiple. For example, a user has two Mobile phone number, this user can use two mobile phone numbers to register Alipay user account. Each user number can be associated with multiple fund accounts (for example, the fund account can be a Yu'ebao account, an Ant Financial account, or a health insurance account). Among them, the customer number is directly related to the real person information, the user number is indirectly related to the real person information through the customer number, and the fund account is indirectly related to the real person information through the user number and the customer number. FIG. 2 only shows the case where the intermediate account is divided into two layers, which is not limited. In step S350, real person information is used as the core layer, account information is used as the middle layer, behavior data is used as the outer layer, and the first association and the second association are used as inter-layer associations, and an account map is constructed for real person authentication. It should be noted that, in an embodiment disclosed in this description, the account information in step S320 may further include an account value, and the account value includes real-person relevance and business value. Among them, the real-person relevance of the account can be determined according to the issuing authority of the account. The more authoritative the authority, the higher the real-person relevance of the account. For example, for an account whose issuing authority is a government department (a government department, such as the China Railway Customer Service Center, a social insurance agency, or a national bank), the real-person relevance of the account can be rated as 5. For a company with an issuer of a Fortune 500 company (such as Alibaba), the real-person relevance of the account can be rated as 4. The business value of an account can be evaluated based on the behavioral data of the account. Behavioral information can include building friendships, fund transactions, and more. For example, for multiple bank card accounts bound in Alipay, its business value can be determined based on its transaction type, number of transactions, and transaction amount. For example, a personal account of Alipay was bound with multiple bank cards on January 1, including China Merchants Bank, China Construction Bank, and Industrial and Commercial Bank of China. The transaction status of these bank card accounts in January is shown in Table 1. Correspondingly, you can Determine the business value of these bank accounts based on the transaction. Table 1 At the same time, as the number of accounts in the account map may increase or decrease, the association structure between the accounts may also change, and the behavioral information of the accounts will generally continue to increase. Therefore, the value of the account needs to be updated. FIG. 4 is a flowchart of an account value update provided by an embodiment disclosed in this specification. In this method, the value of the account is periodically updated in an iterative manner. New behavioral data in the outer layer of the map and changes in the account association structure in the middle layer drive the iteration of account value. As shown in FIG. 4, the method includes the following steps: Step S410, starting from the outermost account among the middle-level accounts, calculating the value of the outermost account. Specifically, the middle-level account includes a total of N-level accounts, and N ≧ 1. Among them, the first-level account is an account directly associated with real person information, and the N-level account is the outermost account. First, calculate the value of the Nth level account. In step S420, it is determined whether the current account is the innermost account. If it is not the innermost account number, step S430 is performed. If it is the innermost account number, then the iterative update is completed. Specifically, it is determined whether N is equal to 1. If N is equal to 1, it means that the current account is the innermost account, then the iteration update is completed, and the process can be ended. If N is not equal to 1, the current account is not the innermost account, and step S430 is performed. Step S430, advance one layer inward. Specifically, the value of N is reduced by 1, that is, N = N-1, and then step S410 is continued until N = 1, that is, the update of this iteration is completed. It should be noted that the server can determine the value of an account based on the behavioral data of the outer layer of the account and the value of other accounts associated with it. For example, when the middle-level account includes multiple accounts, and the multiple accounts include direct accounts that are directly associated with real person information, and indirect accounts that are indirectly associated with real person information through the direct account, the value of the direct account includes The sum of the value of the indirect account that the second account is indirectly associated with the real person information. In addition, when determining the value of an account, you can also consider the credibility of the account. For example, when the user selects the account information and behavior data of a certain account for real-person authentication (such as the embodiment shown in FIG. 7 or FIG. 9), the user cannot pass the real-person authentication multiple times. When other accounts in the account map where the account is located perform real-person authentication, they can pass the real-person authentication smoothly. At this time, the account is at risk of being used by an illegal user, and the real person has low credibility. Even if the business value calculated based on the account's behavior data is high, but the real person of the account has low credibility, it can be converted at a certain ratio based on the calculated original value of the account, and The converted value is used as the value of the account. The method for updating the value of an account provided by an embodiment disclosed in this specification starts with the outermost account, calculates and updates the value, and advances to the inner layer in turn, according to the outer behavior data of the account and the account associated with the account. The value of other accounts determines the value of the account and updates the account value. This manual provides a method for constructing an account map for real-person authentication, which is performed on the user's related information (such as certificate information, biometric information, account issuing authority, account user number, account behavior data, etc.) Collect and create associations of this information, construct account maps that include the core layer, middle layer, and outer layer, and can update the value of the middle layer account through the association of the created information, and the account map can be used for real person authentication. The real-person authentication methods provided by the embodiments disclosed in this specification are all executed based on the constructed account map. The basis for real-person authentication of an account is: If the user who requests an operation of an account for real-account authentication requires the same user as the user corresponding to the real-person information in the account registration information, the user should know Information about all accounts in the account map corresponding to real person information, such as the account name that the user has registered for and recent behavioral data. Otherwise, the user who requested the operation of the account for the account that needs real-person authentication is using the real-person information in the account registration information. The real-person authentication method provided by the embodiments disclosed in this specification uses the account map corresponding to the real-person information in the account registration information to obtain the account information and behavior data, and generates verification based on the account information and behavior data. Content, perform real-person authentication on the first account being operated by the user, thereby improving the credibility of authenticating the identity of the user. FIG. 5 is a flowchart of a real person authentication method provided by an embodiment disclosed in this specification. The execution subject of the method may be a device with a processing capability: a server or a system or a device, for example, the server in FIG. 1. As shown in FIG. 5, the method specifically includes: Step S510: When a user operation request for performing an account operation on the first account is detected, search for and actual person information according to the real person information included in the registration information of the first account. The corresponding account map. It should be noted that the account map includes a core layer, a middle layer, and an outer layer, the core layer includes real person information, the middle layer includes information of a second account associated with the real person information, and the outer layer includes behavior data associated with the second account. The first account number may be an account number in the account map. For example, the user may perform fund transactions through the first account number in the account map; or the first account number may not be an account number in the account map. For example, the user registers the first account number for the first time. Previously, there was no first account. At the same time, the registered subject of the first account may be a natural person or an organization. For example, the first account may be a user account in Alipay, including a personal account and an enterprise account. The main body of this step is the server of Alipay application as an example. Before performing this step, the first account number is not the account number in the account map. Taking Alipay's personal account as an example, the user can register Alipay's personal account. Specifically, when registering an Alipay account, a user first needs to fill in real person information. When the server detects an operation request for registering an Alipay account, it searches for an account map corresponding to the information based on real person information. Wherein, the server searching for the account map corresponding to the information according to the real person information may include: verifying whether the real person information is legal, and if the real person information is valid, then searching for the account map corresponding to the real person information. In one example, the user opens the Alipay application on the mobile phone and enters the mobile phone number. After the registration is successful, the mobile phone number will be used as the user's personal account for logging in to the Alipay application. Then, enter the phone verification code to pass the verification of the phone number. After that, the user enters real person information, which can include real name, certificate type and certificate number. For example, the name entered by the user is "Zhang San", the type of ID is "ID", and the ID number is "123456200011071234". The server verifies the real person information entered by the user, and the verification result is that the real person information is legal information. The server looks up the account map corresponding to the real person information. In step S520, the verification content of real-person authentication is provided to the user according to the behavior data in the account map. Specifically, the number of the second account in the middle layer of the account map may be one or multiple. When the number of the second account is one, the server may provide the user with verification content of real person authentication according to the behavior data of the second account. When the number of the second accounts is multiple, the server may randomly provide real-person authentication verification content to the user according to the behavior data of at least one second account in the second account. In one example, the middle layer of the account map includes a Taobao account, and the server provides real-person authentication verification content to the user based on the Taobao account, such as the transaction data in the last month, as shown in Figure 6. The content is to select the products purchased by the user using the Taobao account within the last month. Step S530: Receive a verification operation result of the verification content by the user, and determine whether the user passes the real person authentication according to the operation result. Specifically, the user receives the verification operation result of the verification content, compares the operation result with the behavior data, and determines whether the user has passed the real person authentication according to a preset real person authentication determination condition. In one example, the verification content is shown in FIG. 6. The operation result received by the server is that the user clicked the “shirt”, “milk” and “watch” among them. The actual behavioral information includes: The user purchased "shirt", "milk" and "watch" on Taobao within the last month. The real-person authentication judgment condition preset by the server is: if the user correctly selects all the purchased products, the user passes the real-person authentication; if the user selects the purchased products by mistake or misses the selection, the user does not pass the real-person authentication . It can be known from the server that the judgment result is that the user has passed real-person authentication. In another example, the verification content is shown in FIG. 6, and the operation result received by the server is that the user clicked “hair crab”, “shirt” and “soda” among them. The actual behavioral information includes: The user purchased "shirt", "milk" and "watch" on Taobao within the last month. The real person authentication judgment condition preset by the server is: if the user correctly selects all the purchased products, the user passes the real person authentication; if the user incorrectly selects or fails to select the purchased products, the user does not pass the real person authentication. It can be known from the server that the judgment result is that the user has not passed real-person authentication. In the above embodiment, when step S530 is performed, the method may further include: if the user fails to pass the real-person authentication, presenting prompt information, and the prompt information is used to prompt the user to continue or perform real-person authentication again. Alternatively, if the user is authenticated by a real person and the account operation performed on the first account is an operation of adding a first account, the prompt information is presented and the information of the first account is added to the account map. Specifically, if the user passes the real-person authentication, the prompt information is presented, and the content of the prompt information may be that the user has passed the real-person authentication. For example, the user registers the first account. When the server detects that the user is performing a registration operation on the first account, it initiates a real-person authentication for the user. If the user passes the real-person authentication, it prompts the user that the user has passed the real person. Authentication, and the first account registration is successful. At the same time, the information of the first account is added to the account map associated with the real person information in the registration information of the first account. In addition, it is possible to establish associations between the first account and other second accounts, and record behavioral data associated with the first account. A real-person authentication method provided by an embodiment disclosed in this specification, when detecting a user's operation request for an account operation on a first account, the real-person information is found and found based on the real-person information included in the registration information in the first account. The corresponding account map, based on the behavior information in the account map, provides users with real-person authentication verification content to authenticate users, thereby improving the credibility of user authentication. FIG. 7 is a flowchart of a real person authentication method provided by another embodiment disclosed in this specification. The execution subject of the method may be a device with a processing capability: a server or a system or a device, for example, the server in FIG. 1. The second account is a plurality of second accounts. As shown in FIG. 7, the method specifically includes: Step S710: When a user operation request for performing an account operation on the first account is detected, according to the information in the registration information of the first account. Contains real person information to find the account map corresponding to the real person information. The main body of this step is the server of the Alipay application. The first account is the account in the account map, and the personal account of Alipay is taken as an example. The user can use Alipay's personal account to conduct fund transactions. Specifically, the user uses the registered personal account to log in to the Alipay application and conducts fund transactions. When the server detects an operation request for performing a fund transaction operation on the Alipay account, it searches for an account map corresponding to the information based on real person information. Wherein, the server searching for the account map corresponding to the information according to the real information may include: the server authenticates the user with real information based on the real information in the registration information, and if the user passes the real information authentication, then Real person information to find the account map corresponding to the information. For example, a user logs in to the Alipay application with a personal account of 13811111111, and initiates an operation to transfer all the funds in the balance of Alipay to 10,000 yuan to a strange account (the strange account can be a non-friend account). The server detects a large transaction operation on the account and judges that this operation has high risks. First, the user is authenticated by the real person information according to the real person information in the account registration information. Real-person information authentication may include: requiring the user to enter the user ’s name and ID number, or the system sending a transaction verification code to the mobile phone number in the personal account, requiring the user to enter the verification code. If the user is authenticated by real information, the account map corresponding to the information is found according to the real information. In step S720, the server selects at least two second accounts from the plurality of second accounts. Specifically, the server may randomly select at least two second accounts from the plurality of second accounts. In one example, the middle layer of the account map includes multiple second accounts. For example, the middle layer includes an Alipay account, a Taobao account, a China Railway Customer Service Center account, a Flying Pig travel account, and a bank card account. The server can randomly select a Taobao account and a Qunar account from the second account. Alternatively, the server may select at least two second account numbers based on the value of multiple second account numbers, and the value includes business value and real-person relevance. In one example, the first account is an Alipay account, and the Alipay account is a high-value account. The server may select two lower-value accounts according to the value of each second account among the multiple second accounts. As shown in Table 1, the business value of China Merchants Bank account, China Construction Bank, and Industrial and Commercial Bank accounts are 2, 10, and 4, respectively, and the three have the same real-person correlation. The China Merchants Bank account and the Industrial and Commercial Bank account number can be selected from them to present to the user for selection. Step S730: Present the information of the selected at least two second accounts to the user, and receive the second account selected by the user. Specifically, the server presents the information of the selected at least two second accounts to the user, and the information of the second account may include the information of the issuing authority of the second account, the account name, etc., and determines the second account selected by the user. For example, the at least two second accounts selected by the server include the Feizhu travel account: 11111@qq.com and the Taobao account: 22222@126.com. The server presents the icon of Feizhu travel and the Taobao website to the user. Icon, as shown in Figure 8, and the second account selected by the user is a Taobao account. In one example, the server presenting the information of the selected at least two second accounts to the user may include: the server desensitizes the information of the selected at least two accounts, and presents the desensitized processing to the user. Information for at least two second accounts. Among them, desensitization processing refers to the deformation of certain sensitive information through desensitization rules to achieve reliable protection of sensitive private data, for example, hiding some digits of an account. For example, the terminal desensitizes the selected China Merchants Bank account number: 1234567890987654321 and ICBC account number: 9876543210123456789, and hides some of the China Merchants Bank account number and the Industrial and Commercial Bank account number. The desensitized China Merchants Bank account number and ICBC The account numbers can be: *************** 4321, *************** 6789. Then, the desensitized Alipay account and Taobao account are presented to the user, and the second account selected by the user is received, and the second account is an ICBC account. Step S740: Search for behavior data associated with the account in the account map according to the second account selected by the user, and provide the user with verification content of real person authentication according to the behavior data. Specifically, the server searches for behavior data associated with the account in the account map according to the second account selected by the user, and generates real-person authentication verification content according to the behavior data. The real-person authentication verification content may include whether the user uses the second account Accounts perform certain actions, such as establishing friend relationships, conducting a certain transaction, etc., and collecting certain data information. In one example, the server receives that the second account number selected by the user is an ICBC account number, and the first account number is a registered Alipay account. The verification content of the real-person authentication generated by the server includes: making a payment to the account of the Industrial and Commercial Bank of China, the amount of which can be 0.01-0.99, and allowing the user to enter a specific amount of payment on the authentication page of the Alipay application. Step S750: Receive a verification operation result of the verification content by the user, and determine whether the user passes the real person authentication according to the operation result. Specifically, the user receives the verification operation result of the verification content, compares the operation result with the behavior data, and determines whether the user has passed the real person authentication according to a preset real person authentication determination condition. In one example, the preset real-person authentication discrimination condition is: if the user enters the correct payment amount on the Alipay real-person authentication page, the user passes the real-person authentication. Otherwise, the user is not authenticated by a real person. For example, during a certain verification process, the correct payment amount is 0.07 yuan, and the server receives the payment amount input by the user as 0.07 yuan, the server judges that the user has passed the real person authentication. For another example, during a certain verification process, the correct payment amount is 0.06 yuan, and the server receives the payment amount input by the user as 0.02 yuan, the server judges that the user has not passed the real person authentication. In the above embodiment, when step S550 is performed, the method may further include: if the user passes the real person authentication, presenting prompt information to prompt the user to pass the real person authentication and continue to perform the original operation. For example, when a user initiates a large transaction with a Alipay account using an Alipay account, the server detects the user ’s operation on the Alipay account, and the operation is a high-risk operation, and initiates real-person authentication of the user. If the user passes Real person authentication, the transfer operation continues. A real-person authentication method provided by an embodiment disclosed in this specification, when detecting a user's operation request for an account operation on a first account, the real-person information is found and found based on the real-person information included in the registration information in the first account. Corresponding account map. When the account map includes multiple second accounts, randomly select or select at least two second accounts based on the value of the second account for users to further select, and according to the account map and the user's selected first The behavioral data associated with the two accounts generates real-person authentication verification content to authenticate the user, thereby increasing the credibility of authenticating the identity of the user. The real-person authentication methods provided by the embodiments disclosed in this specification can be applied to the addition of a second account in the account map. FIG. 9 is a flowchart of an account adding method in an account map provided by an embodiment disclosed in this specification. The execution subject of the method may be a device with a processing capability: a server or a system or a device, for example, the server in FIG. 1. The server performs the operation of adding the first account to the account map, usually under the premise that the account has passed pre-authentication or the system authorizes the account. Among them, the pre-authentication includes verifying the legality of real person information in the registration information of the account, and the system authorizing the account includes allowing the system to add or delete the account map. As shown in FIG. 9, the method specifically includes: Step S910, determining whether the operation on the first account is a system operation or a user operation. If it is a system operation, step S920 is performed. If it is a user operation, step S930 is performed. Specifically, the system detects that the newly issued first account has not been added to the account map, and initiates an operation of adding the account to the account map. Or, when a user registers an account, the platform for the account requires the user to perform real-person authentication. In step S920, the system authority is verified. Specifically, the authority of the system requesting the operation of the account operation on the first account is verified. If the authority of the system is high enough, for example, the system is a government system, it can directly respond to the operation of the first account and add the first account to the account map. If the system's permissions are not high enough, for example, the system is a system of a company with a lower credit rating, then the association between the first account and the account map fails. In one example, a user goes to a bank to open a bank account, and the identity authentication method used by the bank can determine with high accuracy that the real person information provided by the user is consistent with the identity of the user. After the user successfully opens a bank account in the bank, the banking system can initiate the operation of adding the bank account to the account map. The server verifies the permissions of the banking system, determines that they have sufficient permissions, and adds the bank account to Account map associated with the user's real person information. Step S930: Determine the challenge range of real person authentication according to the data in the account map. Specifically, according to the real person information in the registration information of the first account, the account map associated with the real person information is found. According to the information in the account map, determine the challenge scope of real person authentication. The scope of the challenge may include real person information in the core layer of the account map, such as address information, and second account in the middle layer, such as information on a Taobao account. Step S940: Determine a challenge range selected by the user. Specifically, the user may further select the challenge range from the challenge range determined by the server. For example, the user chooses to verify the Taobao account example****@taobao.com. Step S950: Determine the challenge task of real person authentication according to the challenge range selected by the user. Specifically, according to the Taobao account example****@taobao.com selected by the user, a challenge task is generated from the behavior data based on the account, for example, the challenge task is to select the most recent shopping record. Step S960: Receive the operation result of the user on the challenge task, and determine whether the user passes the challenge. Specifically, after the user completes the challenge task, such as confirming a recent purchase record, entering a home address, Alipay payment authentication, etc., the server judges the operation result of the challenge task. If the server determines that the user passes the challenge, it associates the first account to the account map. If the server determines that the user has not passed the challenge, such as the success or failure of a part of the task, the task timed out, and a risk event related to the task (for example, the risk event may be the freezing of the first account), step S970 is performed. In step S970, it is determined whether to continue the challenge. Specifically, if the server determines that the user is allowed to continue the challenge, step S930 is executed to enter the next cycle. If the server determines that the user is not allowed to continue the challenge or the user abandons the challenge, step S980 is performed. In step S980, it is determined whether the association is forced. Specifically, if the first account cannot forcibly associate the account map, the first account fails to associate with the account map. If the first account can be forcibly associated with the account map, the first account is successfully associated with the account map, and the first account is marked. In one example, some businesses may not rely on the actual authentication results of the account. For these needs, the account can still enter the account map, that is, the account is added to the account map, while impersonation or other marks are set. These marks can be used in some scenarios. For example, the server determines the challenge range based on the marks in step S830 without using the account with these marks, and reminds the business user of the account that the account is at risk of fraud. As another example, when the value of the account number is updated in FIG. 4, for the account numbers with these marks, based on the originally calculated value, it is converted at a certain ratio. It should be noted that, in step S930, it may further include: determining that the user needs to perform multiple rounds of challenges according to the value of the first account. Specifically, the server determines that the user needs to perform multiple rounds of challenges according to the value of the first account, and the challenge range in the multiple rounds of challenges can be selected according to the value of the second account. For example, a second account with a higher value is selected, or a second account with a lower value is selected, or a second account with a higher value and a low value is selected in combination. In addition, the server may freeze the second account of low value according to the result of the user completing the challenge task. In one example, the server detects that the high-value account is performing high-risk operations. If the server detects that the Alipay account is transferring the entire balance to a strange account, the server initiates real-person authentication of the account. Real person authentication includes multiple rounds of challenges, such as three rounds of challenges based on the same high-value account, and one round of challenges based on low-value accounts. If the user successfully passes three rounds of challenges based on the same high-value account, but fails to pass the challenge based on the low-value account, at this time, it can be determined that the low-value account may be fraudulent, so the low-value account can be frozen. In step S960, the method may further include: if the user passes the current challenge, continue to perform step S930, and until the user successfully passes all the challenges, add the account to the account map. The method for adding an account in the account map provided by an embodiment disclosed in this specification is to determine the subject of an operation request for performing an account operation on the first account. When the subject is a system, the first account can be directly added to the account according to the high authority of the system Atlas. When the subject is a user, a real person authentication can be initiated, and the first account is added to the account map based on the result of the real person authentication, thereby increasing the reliability of the account information in the account map and ensuring the security of the user information. Corresponding to the above method for constructing an account map for real-person authentication, various embodiments disclosed in this specification also provide a device for constructing an account map for real-person authentication. As shown in FIG. 10, the device includes: a first acquisition A unit 1010 is configured to obtain real user information of the user, and the real information includes credential information and / or biometric identification information; a second acquisition unit 1020 is configured to acquire user account information, and the account information includes account numbers; a third acquisition unit 1030 For acquiring behavior data of a user's operation of an account; an association unit 1040 for establishing a first association between real person information and account information, and establishing a second association between account information and behavior data; a construction unit 1050, It is used to use real person information as the core layer, account information as the middle layer, behavior data as the outer layer, the first association and the second association as the inter-layer associations, and construct the account map for real person authentication. In a possible design, the account information obtained by the second obtaining unit 1020 also includes the value of the account. The value includes the business value and the real person's relevance. The business value is determined by the account's behavior data. The real person's relevance is determined by the account's issuing authority. determine. In a possible design, the account number obtained by the second obtaining unit 1020 includes multiple account numbers, and the multiple account numbers include a direct account number directly related to the real person information, and an indirect account number indirectly related to the real person information through the direct account number. The value of the account number includes the sum of the values of indirect account numbers that are indirectly associated with real person information through the direct second account number. In a possible design, the construction unit 1050 is further configured to: when an account operation request for adding an account to the account graph is detected, perform real-person authentication on the account, and when the account passes real-person authentication, the account is Join the account map. Corresponding to the above-mentioned real-person authentication method, various embodiments disclosed in this specification also provide a real-person authentication device. As shown in FIG. 11, the device includes: a searching unit 1110, configured to detect a user's first account account when detected. When requesting an account operation, according to the real person information included in the registration information of the first account, find the account map corresponding to the real person information; the account map includes the second account information associated with the real person information, and Behavior data associated with the two accounts; processing unit 1120 is configured to provide users with verification content of real-person authentication based on the behavior data; judgment unit 1130 receives the verification operation result of the verification content by the user, and judges whether the user passes the verification operation result Real person certification. In a possible design, the second account number found by the search unit 1110 is a plurality of second account numbers, and the processing unit 1120 specifically includes: a selection subunit 1121 for selecting at least two second account numbers from the plurality of second account numbers. A presentation sub-unit 1122 for presenting information of at least two second accounts to the user and receiving the second account selected by the user; a generating sub-unit 1123 for finding behavioral data associated with the second account selected by the user, and Generate verification content of real person authentication according to the behavior data. In a possible design, the selection subunit 1121 included in the processing unit 1120 is specifically used to: select at least two second account numbers based on the value of multiple second account numbers, the value including The business value is related to the real person. The business value is determined by the account's behavior data, and the real person's correlation is determined by the account issuing body. In a possible design, the plurality of second account numbers found by the search unit 1110 include a direct second account number directly associated with real person information, and an indirect second account number indirectly associated with real person information through the direct second account number, The value of the direct second account number includes the sum of the values of the indirect second account numbers that are indirectly associated with real person information through the direct second account number. In a possible design, the presentation subunit 1122 is further configured to perform desensitization processing on the information of the at least two second account numbers, and present the information of the at least two second account numbers after the desensitization processing to the user. In a possible design, the search unit 1110 includes: a verification subunit 1111 configured to verify whether the real person information included in the registration information of the first account is legal; the search subunit 1110 is configured to, if the real person information is valid, Find an account map corresponding to real person information. In a possible design, the account operation detected by the search unit 1110 is an operation of adding a first account, and the device further includes: an adding unit 1140, configured to add information of the first account to the user if the user passes the real-person authentication. Account map. In a possible design, the real person information found by the search unit 1110 includes credential information and biometric identification information; the information of the second account includes the issuing authority and user number of the second account; the behavior data includes the friend relationship of the second account And consumer information. Those skilled in the art should be aware that in one or more of the above examples, the functions described in the embodiments disclosed in this specification may be implemented by hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on a computer-readable medium or transmitted as one or more instructions or code on a computer-readable medium. The specific implementation manners described above further describe in detail the purposes, technical solutions, and beneficial effects of the multiple embodiments disclosed in this specification. It should be understood that the above description is only for the multiple embodiments disclosed in this specification. The specific implementation manners are not intended to limit the protection scope of the multiple embodiments disclosed in this specification. Any modification, equivalent replacement, or improvement made on the basis of the technical solutions of the multiple embodiments disclosed in this specification, etc. , Should be included in the protection scope of the multiple embodiments disclosed in this specification.