WO2016206090A1 - Two-factor authentication method, device and apparatus - Google Patents

Two-factor authentication method, device and apparatus Download PDF

Info

Publication number
WO2016206090A1
WO2016206090A1 PCT/CN2015/082495 CN2015082495W WO2016206090A1 WO 2016206090 A1 WO2016206090 A1 WO 2016206090A1 CN 2015082495 W CN2015082495 W CN 2015082495W WO 2016206090 A1 WO2016206090 A1 WO 2016206090A1
Authority
WO
WIPO (PCT)
Prior art keywords
picture
user
factor
account
password
Prior art date
Application number
PCT/CN2015/082495
Other languages
French (fr)
Chinese (zh)
Inventor
徐志贤
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201580029554.7A priority Critical patent/CN106489155A/en
Priority to PCT/CN2015/082495 priority patent/WO2016206090A1/en
Publication of WO2016206090A1 publication Critical patent/WO2016206090A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/20Image preprocessing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols

Definitions

  • the present invention relates to the field of identity authentication, and in particular, to a two-factor authentication method, apparatus, and device.
  • Two-factor authentication refers to the use of two independent and irrelevant evidence to prove identity.
  • a secret known to the person being authenticated for example, a password or a Personal Identification Number (PIN);
  • the two-factor authentication required by the network application is an enhanced way of matching the user name and password authentication mode, that is, the above 1+2 or 1+3 mode.
  • the embodiment of the invention provides a two-factor authentication method, device and device, and the authentication process is simple and the user is convenient to operate.
  • a two-factor authentication method comprising:
  • User login authentication is performed according to the account number, the password, and the picture factor.
  • the method before the receiving a password and a picture factor that are input when the user logs in, the method further includes:
  • the updated interference picture information is displayed
  • the receiving the password and picture factor input when the user logs in including:
  • the password input when the user logs in and the picture factor selected from the updated interference picture information when the user logs in are received.
  • the method before the acquiring an account that is input when the user logs in, the method further includes:
  • the receiving a password and a picture factor that are input when the user is registered include:
  • the picture selected by the user is taken as the picture factor.
  • the receiving a password and a picture factor that are input when the user registers include:
  • the user uploading the image as a picture factor includes:
  • the user uploaded images are tailored according to uniform specifications
  • the method further includes:
  • the user uploaded the image is a signature picture drawn by the user
  • the receiving the password and picture factor input when the user logs in including:
  • Performing user login authentication according to the account number, the password, and the picture factor including:
  • the method further includes:
  • User login authentication is performed according to the account number and the password.
  • the method further includes:
  • the user After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
  • the picture factor authentication function is enabled on the account according to the user's instruction
  • the method further includes:
  • the user After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
  • the picture factor authentication function is cancelled according to the user's instruction
  • the method further includes:
  • the user retrieves the password authentication according to the account number, the verification code, and the picture factor.
  • the performing user login authentication according to the account, the password, and the picture factor includes:
  • the authentication failure is confirmed, and the login authentication result of the authentication failure is displayed.
  • the method further includes:
  • a two-factor authentication method comprising:
  • the user retrieves the password authentication according to the account number, the verification code, and the picture factor.
  • the method before the receiving the verification code and the picture factor that are input when the user retrieves the password, the method further includes:
  • the updated interference picture information is displayed
  • the verification code and the picture factor input when the user receives the password including:
  • the method before the acquiring the account that is input when the user retrieves the password, the method further includes:
  • the receiving a password and a picture factor that are input when the user is registered include:
  • the user uploading the image as a picture factor includes:
  • the user uploaded images are tailored according to uniform specifications
  • the method further includes:
  • the user uploaded the image is a signature picture drawn by the user
  • Performing user password recovery authentication according to the account number, the verification code, and the picture factor including:
  • a two-factor authentication apparatus comprising:
  • a query unit configured to query whether an account factor obtained by the obtaining unit is enabled with a picture factor authentication function
  • a display unit configured to display prompt information of the input picture factor when the query result of the query unit is that the picture factor authentication function is enabled for the account;
  • a receiving unit configured to receive a password and a picture factor input when the user logs in
  • the authentication unit is configured to perform user login authentication according to the account acquired by the acquiring unit, the password received by the receiving unit, and a picture factor.
  • the device further includes:
  • a determining unit configured to determine whether the interference picture information is updated before the receiving unit receives the password and the picture factor input when the user logs in;
  • the display unit is further configured to display the updated interference picture information when the judgment result of the determining unit is that the interference picture information is updated;
  • the receiving unit is specifically configured to receive a password input when the user logs in and a picture factor selected from the updated interference picture information when the user logs in.
  • the display unit is further configured to display prompt information of the input picture factor when an instruction for enabling the picture factor authentication function for the account is obtained;
  • the receiving unit is further configured to receive a password and a picture factor input when the user registers;
  • a registration unit configured to perform user registration according to the account acquired by the acquiring unit, the password received by the receiving unit, and a picture factor, and generate interference picture information including the picture factor for the account.
  • the receiving unit includes:
  • a receiving subunit configured to receive a password input when the user registers
  • a display subunit configured to randomly generate a picture list, and display the picture list
  • the receiving subunit is further configured to receive an instruction for selecting a picture from the picture list when the user registers;
  • a picture factor confirmation subunit is configured to use a picture selected by the user by the receiving subunit as a picture factor.
  • the receiving unit includes:
  • the receiving subunit is further configured to receive an instruction that a user uploads a picture
  • the picture factor confirmation subunit is configured to use the user uploaded picture received by the receiving subunit as a picture factor.
  • the picture factor confirmation subunit is specifically configured to The grid is cropped; the cropped image is used as the image factor.
  • the display unit is further configured to display prompt information for sharing a picture uploaded by a user;
  • the receiving unit is further configured to receive an instruction of the user, and share the uploaded image of the user according to the instruction, so that the interference picture information can be generated for the other account according to the picture uploaded by the user.
  • the receiving unit is specifically configured to receive a password input by the user when logging in and a picture factor drawn by the user;
  • the authentication unit is specifically configured to verify, by using the account acquired by the acquiring unit, whether the password received by the receiving unit is correct, and by comparing the picture factor received by the receiving unit with the signature picture received by the receiving subunit. Similarity, user login authentication.
  • the receiving unit is further configured to: when the obtaining unit acquires an account that is input when the user logs in, the query unit queries whether the image factor authentication function is enabled in the account, and the query result of the query unit is the account When the picture factor authentication function is not enabled, the password input by the user is received;
  • the authentication unit is further configured to perform user login authentication according to the account acquired by the acquiring unit and the password received by the receiving unit.
  • the query unit is further configured to: after the user logs in, query whether the account factor authentication function is enabled by the account according to an instruction of the user;
  • the device also includes:
  • An enabling unit configured to: when the query result of the query unit is that the account factor is not enabled When the authentication function is performed, the picture factor authentication function is enabled for the account according to the user's instruction;
  • the display unit is further configured to display prompt information of an input picture factor
  • the receiving unit is further configured to receive a picture factor input by the user
  • the registration unit is further configured to re-register the user according to the account, the password, and the picture factor, and generate interference picture information including the picture factor for the account.
  • the query unit is further configured to: after the user logs in, query whether the account factor authentication function is enabled by the account according to an instruction of the user;
  • the device also includes:
  • a canceling unit configured to cancel a picture factor authentication function on the account according to a user instruction when the query result of the query unit is that the picture factor authentication function is enabled on the account;
  • the registration unit is further configured to perform user registration again according to the account number and the password.
  • the obtaining unit is further configured to acquire an account that is input when the user retrieves the password;
  • the query unit is further configured to query whether an account factor obtained by the obtaining unit is enabled with a picture factor authentication function
  • the display unit is further configured to: when the query result of the query unit is that the image factor authentication function is enabled for the account, display prompt information of the input picture factor;
  • the receiving unit is further configured to receive a verification code and a picture factor input by the user;
  • the authentication unit is further configured to perform user recovery password authentication according to the account number, the verification code, and the picture factor.
  • the authenticating unit is specifically configured to:
  • the authentication failure is confirmed, and the login authentication result of the authentication failure is displayed.
  • the device further includes:
  • the locking unit is configured to lock the account when the number of consecutive authentication failures of the authentication unit exceeds a preset number of times.
  • a two-factor authentication apparatus comprising:
  • the obtaining unit is configured to obtain an account entered when the user retrieves the password
  • a query unit configured to query whether an account factor obtained by the obtaining unit is enabled with a picture factor authentication function
  • a display unit configured to display prompt information of the input picture factor when the query result of the query unit is that the picture factor authentication function is enabled for the account;
  • a receiving unit configured to receive a verification code and a picture factor input when the user retrieves the password
  • the authentication unit is configured to perform user recovery password authentication according to the account acquired by the acquiring unit, the verification code received by the receiving unit, and the picture factor.
  • the device further includes:
  • a determining unit configured to determine whether the interference picture information is updated before the receiving unit receives the verification code and the picture factor input when the user retrieves the password
  • the display unit is further configured to display the updated interference picture information when the judgment result of the determining unit is that the interference picture information is updated;
  • the receiving unit is specifically configured to receive a verification code input when the user retrieves the password and a picture factor selected from the updated interference picture information when the user retrieves the password.
  • the acquiring unit is further configured to input when acquiring a password for the user to retrieve Before the account number, obtain the account number entered when the user registers;
  • the display unit is further configured to display prompt information of the input picture factor when an instruction for enabling the picture factor authentication function for the account is obtained;
  • the receiving unit is further configured to receive a password and a picture factor input when the user registers;
  • the device also includes:
  • a registration unit configured to perform user registration according to the account acquired by the acquiring unit, the password received by the receiving unit, and a picture factor, and generate interference picture information including the picture factor for the account.
  • the receiving unit includes:
  • a receiving subunit configured to receive a password input when the user registers
  • the receiving subunit is further configured to receive an instruction that a user uploads a picture
  • the picture factor confirmation sub-unit is used to use the picture uploaded by the user as a picture factor.
  • the picture factor confirmation sub-unit is specifically configured to perform, according to a unified specification, a user-uploaded picture;
  • the cropped image acts as a picture factor.
  • the display unit is further configured to display prompt information for sharing a user-uploaded picture
  • the receiving unit is further configured to receive an instruction of the user, and share the uploaded image of the user according to the instruction, so that the interference picture information can be generated for the other account according to the picture uploaded by the user.
  • the user-uploaded picture received by the receiving sub-unit is a signature picture drawn by the user
  • the receiving unit is specifically configured to receive a verification code input by the user when the password is retrieved and a picture factor drawn by the user;
  • the authentication unit is specifically configured to verify, by using the account acquired by the acquiring unit, whether the verification code received by the receiving unit is correct, and by comparing the picture factor received by the receiving unit with the receiving subunit.
  • the similarity of the signature image is used to retrieve the password for the user.
  • the memory is configured to store program instructions
  • the processor is configured to perform the following operations according to program instructions stored in the memory:
  • the processor is further configured to perform the following operations according to the program instructions stored in the memory:
  • the updated interference picture information is displayed
  • the processor performs an operation of receiving a password and a picture factor input when the user logs in, including:
  • the password input when the user logs in and the picture factor selected from the updated interference picture information when the user logs in are received.
  • the processor is further configured to perform the following operations according to the program instructions stored in the memory :
  • the performing, by the processor, the operation of receiving the password and the picture factor input when the user registers includes:
  • the picture selected by the user is taken as the picture factor.
  • the performing, by the processor, the operation of receiving the password and the picture factor input when the user registers includes:
  • the performing, by the processor, the performing a user-uploaded picture as a picture factor includes:
  • the user uploaded images are tailored according to uniform specifications
  • the processor is further configured to perform the following operations according to the program instructions stored in the memory :
  • the user uploaded the image is a signature picture drawn by the user
  • the processor performs the operation of receiving the password and the picture factor input when the user logs in, including:
  • the processor performs the operation of performing user login authentication according to the account, the password, and the picture factor, including:
  • User login authentication is performed by verifying the account number, whether the password is correct, and by comparing the similarity between the picture factor and the signature picture.
  • the processor is further configured to perform the following operations according to the program instructions stored in the memory:
  • User login authentication is performed according to the account number and the password.
  • the processor is further configured to perform the following operations according to the program instructions stored in the memory:
  • the user After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
  • the picture factor authentication function is enabled on the account according to the user's instruction
  • the processor is further configured to use the memory
  • the program instructions stored in it do the following:
  • the user After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
  • the picture factor authentication function is cancelled according to the user's instruction
  • the processor is further configured to Program instructions stored in memory perform the following operations:
  • the user retrieves the password authentication according to the account number, the verification code, and the picture factor.
  • the performing, by the processor, the performing user login authentication according to the account, the password, and the picture factor including:
  • the processor is further configured to perform The program instructions stored in the memory perform the following operations:
  • the memory is configured to store program instructions
  • the processor is configured to perform the following operations according to program instructions stored in the memory:
  • the user retrieves the password authentication according to the account number, the verification code, and the picture factor.
  • the processor is further configured to perform the following operations according to the program instructions stored in the memory:
  • the processor performs the operation of receiving the verification code and the picture factor input when the user retrieves the password, including:
  • the performing, by the processor, the operation of receiving the password and the picture factor input when the user registers includes:
  • the performing, by the processor, the performing a user-uploaded picture as a picture factor includes:
  • the processor is further configured to perform the following operations according to the program instructions stored in the memory :
  • the sixth possible implementation in the sixth aspect In the current mode, the picture uploaded by the user is a signature picture drawn by the user;
  • the processor performs the operation of receiving the verification code and the picture factor input when the user retrieves the password, including:
  • Performing user password recovery authentication according to the account number, the verification code, and the picture factor including:
  • the user retrieves the password authentication by verifying the account number, whether the verification code is correct, and by comparing the similarity between the picture factor and the signature picture.
  • the embodiment of the invention provides a two-factor authentication method, first obtaining an account input when a user logs in, and then querying whether the account factor authentication function is enabled for the account, and when the query result is that the image factor authentication function is enabled for the account, the user is Display the prompt information of the input picture factor, receive the password and picture factor input when the user logs in, and perform user login authentication according to the account number, password and picture factor.
  • the password is used as the first authentication factor
  • the picture is used as the second authentication factor, because the picture has the characteristics that the user can easily remember, and can be performed in the account server.
  • the storage does not need to be carried by the user, so the authentication process is simple and the user operates conveniently.
  • FIG. 1 is a system architecture diagram on which a two-factor authentication method according to an embodiment of the present invention is based;
  • FIG. 3 is a signal flow diagram of a registration method in a two-factor authentication method according to Embodiment 2 of the present invention.
  • FIG. 5 is a signal flow diagram of a method for setting a picture factor in a two-factor authentication method according to Embodiment 4 of the present invention.
  • FIG. 6 is a signal flow diagram of a method for canceling a picture factor in a two-factor authentication method according to Embodiment 5 of the present invention.
  • FIG. 7 is a flowchart of a two-factor authentication method according to Embodiment 6 of the present invention.
  • FIG. 8 is a signal flow diagram of an authentication method for retrieving a password in a two-factor authentication method according to Embodiment 7 of the present invention.
  • FIG. 10 is a structural diagram of a two-factor authentication apparatus according to Embodiment 9 of the present invention.
  • the account client module is responsible for generating a human-computer interaction interface, so that the user inputs the account, password, and picture factor through the human-computer interaction interface, and displays the authentication result.
  • the account client module is usually a child in the client application system. Module.
  • the account server module is responsible for the account, password, picture factor storage, verification, interference picture generation, account, password and picture factor input correctness authentication. Among them, the correctness verification verifies whether the account number, password and picture factor are input correctly, and can confirm that the picture factor input is correct when the picture factor input by the user is completely consistent with the stored picture factor; also can input the picture factor and storage in the user When the similarity of the picture factor is greater than the preset threshold, confirm that the picture factor input is correct. For example, when the picture factor is a signature picture, the account server module can also determine the correctness of the input of the picture factor by handwriting comparison or picture similarity comparison.
  • the execution body of the method may be A physical device including an account server module and an account client module, or when applied to the system architecture shown in FIG. 1(b), the execution body of the method may be a physical device including only the account client module. Specifically, it is applied to authentication during the login process, and the method includes:
  • Step 202 Query whether the account factor authentication function is enabled on the account.
  • the image factor authentication function may be locally queried in the account, and the other device may be queried whether the image factor authentication function is enabled.
  • the registration process may include: obtaining an account input when the user is registered; and when obtaining an instruction to enable the picture factor authentication function for the account, displaying the input picture factor a prompt information; receiving a password and a picture factor input when the user registers; performing user registration according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
  • the interference picture information may be specifically presented to the user in the form of a list for the user to select a picture factor from the list.
  • the user receives the picture factor input by the user, but is not limited to the following two methods: the first way, receiving the password input by the user; randomly generating the picture list, displaying the picture list; receiving the user from the The instruction for selecting a picture in the picture list is used as a picture factor for the picture selected by the user.
  • the second method the password input by the user is received; the instruction for uploading the image by the user is received, and the image uploaded by the user is used as the picture factor.
  • the using the image uploaded by the user as a picture factor may include: cutting a picture uploaded by the user according to a unified specification; and using the cut picture as a picture factor.
  • the picture factor set when the user is registered may be stored, so that when the user performs login authentication, the picture factor input when the user logs in is compared with the picture factor set when the user registers, when the two are consistent. To confirm that the picture factor entered when the user logs in is the correct picture factor.
  • the method may further include: displaying prompt information for sharing a picture uploaded by the user; receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to be according to the user
  • the uploaded image generates interference image information for other accounts.
  • the registration process may include: obtaining an account entered when the user registers; receiving an input when receiving an instruction that does not enable the picture factor authentication function for the account. Password; user registration based on the account number and the password.
  • the picture factor authentication function or the picture factor authentication function can be enabled through the account management, and the picture factor can be set, changed, or cancelled.
  • the process of enabling the picture factor authentication function may include: after the user logs in, querying whether the account is enabled with the picture factor authentication function according to the user's instruction; when the query result is that the picture factor authentication function is not enabled for the account, according to the user's instruction Enabling a picture factor authentication function for the account; displaying prompt information for inputting a picture factor; receiving a picture factor input by the user; re-registering the user according to the account number, the password, and the picture factor, and generating an inclusion for the account Interference picture information of the picture factor.
  • the process of canceling the picture factor authentication function may include: after the user logs in, querying whether the account is enabled with the picture factor authentication function according to the user's instruction; when the query result is that the picture factor authentication function is enabled for the account, according to the user's instruction Deactivating the picture factor authentication function for the account; re-registering the user according to the account number and the password.
  • Step 203 When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed.
  • Step 204 Receive a password and a picture factor input when the user logs in.
  • the interference picture information may be displayed through the user interface, and the picture factor selected by the user from the interference picture information is received.
  • the method further includes: determining whether the interference picture information is updated; and when the judgment result is that the interference picture information is updated, displaying the updated interference picture information to the user; and receiving the password and picture factor input by the user, The method includes: receiving a password input by the user and a picture factor selected by the user from the updated interference picture information.
  • Step 205 Perform user login authentication according to the account number, the password, and the picture factor.
  • the account number, the password, and the picture factor are all correct, confirming that the authentication is successful, displaying a successful login authentication result; when at least one of the account number, the password, and the picture factor is incorrect When the authentication fails, the login authentication result of the authentication failure is displayed.
  • the account is locked.
  • the time for locking the account can be configured, and the short message alarm notification can be sent to the user according to the mobile phone number bound to the account, or the email alert notification can be sent to the user according to the email address bound to the account.
  • the performing the user login authentication may include: verifying the account, whether the password is correct, and performing user login authentication by comparing the similarity between the picture factor and the signature picture. For example, when the account number and the password are correct, and the similarity between the picture factor and the signature picture is greater than a preset threshold, the authentication is confirmed to be successful.
  • step 202 When the result of the query in step 202 is that the account factor authentication function is not enabled on the account, the account is authenticated by the single factor authentication method, and specifically, the password input by the user is received; and the account and the password are used according to the account and the password. User login authentication.
  • the account is locked.
  • the embodiment of the invention provides a two-factor authentication method, first obtaining an account input when a user logs in, and then querying whether the account factor authentication function is enabled for the account, and when the query result is that the image factor authentication function is enabled for the account, the user is Display the prompt information of the input picture factor, receive the password and picture factor input by the user, and perform user login authentication according to the account number, password and picture factor.
  • the password is used as the first authentication factor
  • the picture is used as the second authentication factor, because the picture has the characteristics that the user can easily remember, and can be performed in the account server.
  • the storage does not need to be carried by the user, so the authentication process is simple and the user operates conveniently.
  • step 301 the account client obtains a registration request of the user.
  • Step 302 The account client displays a prompt message requesting the user to input an account, a password, selecting a picture, or newly uploading a picture through the user interface.
  • Step 303 The account client submits a registration request to the account server, where the registration request carries an account, a password, a selected picture information, or a picture uploaded by the user.
  • Step 304 The account server registers the account, saves the input picture information, and generates a list of interference pictures with multiple other pictures for the account.
  • step 305 the account server returns the registration result to the account client.
  • the picture factor authentication function may not be enabled, and the image or password registration is not required to be selected or loaded.
  • the image factor is subsequently selected by the user.
  • the account When not set, the account only performs password single factor authentication.
  • the user When the user selects to enable the image two-factor authentication when registering, the user is from the N pictures provided by the system. Select a picture as the picture factor, or upload a picture yourself (either a device local picture or a camera photo or software to draw a picture) as a picture factor. You can also ask the user to draw a signature image through the drawing software.
  • the login method includes a message interaction process that requires a user to select a picture factor, and the method includes:
  • step 401 the account client obtains a login request for the account.
  • Step 403 The account server queries whether the account factor authentication function is enabled in the account, and generates a query result.
  • the query information sent by the account client may also carry the previously cached interference picture list that is locally cached.
  • the account server needs to query the current interference picture list and the received interference. Whether the picture list is consistent. If they are consistent, the query result carries the identifier information of the interference picture list without updating; if not, the current interference picture list is carried in the query result.
  • the interference picture list includes a picture factor set by the user, and the interference picture list may specifically be a picture identifier or a digital abstract or a complete picture information.
  • step 404 the account server returns the query result of step 403 to the account client.
  • step 406 the account client displays a list of interference pictures, and asks the user to select a picture set by himself.
  • Step 407 The account client sends a login authentication request to the account server, where the login authentication request carries the account, the password, and the selected picture information.
  • Step 408 The correctness of the account server authentication account, the password, and the selected picture information is correct.
  • the login authentication result is confirmed as successful. Otherwise, the login authentication result is confirmed as the authentication failure.
  • the account server By selecting the picture factor, when the account server authenticates the picture factor, it compares the identifier (ID) or the digital digest or the complete picture information of the input picture information to determine whether the picture factor is selected and input correctly.
  • ID identifier
  • the account server By selecting the picture factor, when the account server authenticates the picture factor, it compares the identifier (ID) or the digital digest or the complete picture information of the input picture information to determine whether the picture factor is selected and input correctly.
  • step 409 the account server returns the login authentication result to the account client.
  • step 410 the account client displays the login authentication result.
  • the method of selecting a picture factor is mainly described. If the method of signing pictures is adopted, the specific process is different: after the account client sends the query information to the account server, the account server only returns the picture to the account client. Whether the factor authentication function is enabled or not; the account client requires the user to re-use the drawing software to draw the signature picture; the account server determines whether the picture factor is input correctly by comparing the similarity between the signature picture and the picture factor stored in the user registration.
  • FIG. 5 is a signal flow diagram of a method for setting a picture factor in a two-factor authentication method according to Embodiment 4 of the present invention.
  • the setting method includes a message interaction process for setting a picture factor after an account with no picture factor is set, and the method includes:
  • the account management interface is entered.
  • Step 502 The account client sends an inquiry to the account server according to the account management request. begging.
  • Step 503 The account server queries whether the account factor authentication function is enabled according to the query request, and obtains the query result that the account factor authentication function is not enabled for the account.
  • step 504 the account server returns the query result to the account client.
  • Step 505 The account client enables the picture factor authentication function according to the user's instruction.
  • Step 506 The account client requests the account server to obtain the interference picture list.
  • step 507 the account server returns an interference picture list to the account client.
  • the account server can randomly generate an interference picture list and then return an interference picture list to the account client.
  • Step 508 The account client displays an interference picture list, prompting the user to select a picture or upload a picture by itself, and submit a set picture factor.
  • the user When receiving the picture factor set by the user, the user may also be required to enter a password to enhance security.
  • the request can carry an account, selected pictures or newly uploaded pictures; it can also carry a password to enhance security.
  • step 510 the account server sets a picture factor for the account, and generates a list of interference pictures with multiple other pictures for the account.
  • Passwords can also be verified in this step to enhance security.
  • step 512 the account client displays the result of the successful setting of the picture factor.
  • the picture factor is selected by the user in the interference picture list, and the picture factor can also be set by using the signature picture mode.
  • FIG. 6 is a signal flow diagram of a method for canceling a picture factor in a two-factor authentication method according to Embodiment 5 of the present invention.
  • the method includes the message exchange process of canceling the picture factor after the account with the picture factor is set to be registered, and the method includes:
  • the account management interface is entered.
  • step 604 the account server sends the query result to the account client.
  • Step 606 The account client sends a request for canceling the picture factor to the account server.
  • the request can carry an account; it can also carry a password to enhance security.
  • Passwords can also be verified in this step to enhance security.
  • the password and the picture factor that are input when the user is registered may include: receiving a password input by the user when registering; receiving an instruction for uploading a picture by the user; and using the picture uploaded by the user as a picture factor.
  • the user-uploaded image is clipped according to a uniform specification; the clipped image is used as a picture factor.
  • the following process may be further included: displaying prompt information for sharing a picture uploaded by the user; receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to The picture uploaded by the user generates interference picture information for other accounts.
  • the uploaded picture of the user is a signature picture drawn by the user; correspondingly, in the authentication process of the user retrieving the password, the verification code input by the user when the password is retrieved and the user-drawn a picture factor; performing user recovery password authentication by verifying whether the account number, the verification code is correct, and by comparing the similarity between the picture factor and the signature picture.
  • step 704 it may first determine whether the interference picture information is updated; when the judgment result is that the interference picture information is updated, the updated interference picture information is displayed; and the verification code input when the user retrieves the password is received. And a picture factor selected from the updated interference picture information when the user retrieves the password.
  • step 804 the account server returns the query result of step 703 to the account client.
  • Step 806 The account client sends a request for obtaining a verification code to the account server.
  • step 809 the account client asks the user to input a verification code and a new password, and displays a list of interference pictures, and asks the user to select a picture set by himself.
  • the password, the verification code, and the picture factor can also be used to prevent brute force cracking, that is, after consecutive errors N times, the account is locked, and the lock time can be configured.
  • step 813 the account client displays the authentication result.
  • FIG. 9 is a structural diagram of a two-factor authentication apparatus according to Embodiment 8 of the present invention.
  • the apparatus is used to perform the two-factor authentication method provided by the embodiment of the present invention.
  • the method is applied to authentication in a login process, and the apparatus includes:
  • the query unit 902 is configured to query whether the account factor acquired by the obtaining unit 901 is enabled with the picture factor authentication function;
  • the display unit 903 is configured to display prompt information of the input picture factor when the query result of the query unit 902 is that the picture factor authentication function is enabled on the account;
  • the receiving unit 904 is configured to receive a password and a picture factor that are input when the user logs in;
  • the authentication unit 905 is configured to perform user login authentication according to the account acquired by the acquiring unit 901, the password received by the receiving unit 904, and a picture factor.
  • the device further includes:
  • the determining unit 906 is configured to determine whether the interference picture information is updated before the receiving unit 904 receives the password and the picture factor input when the user logs in;
  • the display unit 903 is further configured to: when the determination result of the determining unit 906 is that the interference picture information is updated, display the updated interference picture information;
  • the receiving unit 904 is specifically configured to receive a password input when the user logs in and a picture factor selected from the updated interference picture information when the user logs in.
  • the obtaining unit 901 is further configured to: obtain an account that is input when the user registers, before acquiring an account that is input when the user logs in;
  • the display unit 903 is further configured to: when the instruction for enabling the picture factor authentication function on the account is acquired, displaying prompt information of the input picture factor;
  • the receiving unit 904 is further configured to receive a password and a picture factor input when the user registers;
  • the device also includes:
  • the registration unit 907 is configured to perform user registration according to the account acquired by the obtaining unit 901, the password and the picture factor received by the receiving unit 904, and generate the picture due to the account Sub-interference picture information.
  • the receiving unit 904 includes:
  • a receiving subunit configured to receive a password input when the user registers
  • a display subunit configured to randomly generate a picture list, and display the picture list
  • the receiving subunit is further configured to receive an instruction for selecting a picture from the picture list when the user registers;
  • a picture factor confirmation subunit is configured to use a picture selected by the user by the receiving subunit as a picture factor.
  • the receiving unit 904 includes:
  • a receiving subunit configured to receive a password input when the user registers
  • the receiving subunit is further configured to receive an instruction that a user uploads a picture
  • the picture factor confirmation subunit is configured to use the user uploaded picture received by the receiving subunit as a picture factor.
  • the picture factor confirmation subunit is specifically configured to cut a picture uploaded by the user according to a unified specification; and the cut picture is used as a picture factor.
  • the display unit 903 is further configured to display prompt information for sharing a picture uploaded by the user;
  • the receiving unit 904 is further configured to receive an instruction of the user, and share the uploaded image of the user according to the instruction, so that the interference picture information can be generated for the other account according to the picture uploaded by the user.
  • the user-uploaded picture received by the receiving sub-unit is a signature picture drawn by the user
  • the receiving unit 904 is specifically configured to receive a password input by the user when logging in and a picture factor drawn by the user;
  • the authentication unit 905 is specifically configured to verify whether the account number acquired by the acquiring unit 901, the password received by the receiving unit 904 is correct, and the picture factor received by the receiving unit 904 and the receiver. The similarity of the signature pictures received by the unit, and the user login authentication is performed.
  • the receiving unit 904 is further configured to: when the acquiring unit 901 acquires an account that is input when the user logs in, the query unit 902 queries whether the account is enabled with the picture factor authentication function, and when the query unit The query result of 902 is that when the account factor authentication function is not enabled for the account, the password input by the user is received;
  • the authentication unit 905 is further configured to perform user login authentication according to the account acquired by the acquiring unit 901 and the password received by the receiving unit 904.
  • the querying unit 902 is further configured to: after the user logs in, query whether the account factor is enabled by the account according to an instruction of the user;
  • the device also includes:
  • the enabling unit 908 is configured to enable the picture factor authentication function on the account according to an instruction of the user when the query result of the query unit 902 is that the account factor is not enabled by the account;
  • the display unit 903 is further configured to display prompt information of the input picture factor
  • the receiving unit 904 is further configured to receive a picture factor input by the user;
  • the registration unit 907 is further configured to re-register the user according to the account, the password, and the picture factor, and generate interference picture information including the picture factor for the account.
  • the querying unit 902 is further configured to: after the user logs in, query whether the account factor is enabled by the account according to an instruction of the user;
  • the device also includes:
  • the canceling unit 909 is configured to cancel the picture factor authentication function on the account according to the instruction of the user when the query result of the query unit 902 is that the picture factor authentication function is enabled on the account;
  • the registration unit 907 is further configured to perform user registration again according to the account number and the password.
  • the obtaining unit 901 is further configured to acquire an account that is input when the user retrieves the password;
  • the query unit 902 is further configured to query whether the account factor acquired by the obtaining unit 901 is enabled with the picture factor authentication function;
  • the display unit 903 is further configured to: when the query result of the query unit 902 is that the image factor authentication function is enabled for the account, display prompt information of the input picture factor;
  • the receiving unit 904 is further configured to receive a verification code and a picture factor input by the user;
  • the authentication unit 905 is further configured to perform user recovery password authentication according to the account number, the verification code, and the picture factor.
  • the authentication unit 905 is specifically configured to:
  • the authentication failure is confirmed, and the login authentication result of the authentication failure is displayed.
  • the device further includes:
  • the locking unit 910 is configured to lock the account when the number of consecutive authentication failures of the authentication unit 905 exceeds a preset number of times.
  • FIG. 10 is a structural diagram of a two-factor authentication apparatus according to Embodiment 9 of the present invention.
  • the apparatus is used to perform the two-factor authentication method provided by the embodiment of the present invention.
  • the method is applied to the authentication in the process of retrieving a password, and the apparatus includes:
  • the obtaining unit 1001 is configured to obtain an account that is input when the user retrieves the password;
  • the query unit 1002 is configured to query whether the account obtained by the obtaining unit 1001 enables the picture factor authentication function;
  • the display unit 1003 is configured to display prompt information of the input picture factor when the query result of the query unit 1002 is that the picture factor authentication function is enabled for the account;
  • the receiving unit 1004 is configured to receive a verification code and a picture factor that are input when the user retrieves the password;
  • the authentication unit 1005 is configured to perform user recovery password authentication according to the account acquired by the acquiring unit 1001, the verification code received by the receiving unit 1004, and the picture factor.
  • the device further includes:
  • the determining unit 1006 is configured to determine whether the interference picture information is updated before the receiving unit 1004 receives the verification code and the picture factor input when the user retrieves the password;
  • the display unit 1003 is further configured to: when the determining unit 1006 determines that the interference result is an interference picture When the information is updated, the updated interference picture information is displayed;
  • the receiving unit 1004 is specifically configured to receive a verification code input when the user retrieves the password and a picture factor selected from the updated interference picture information when the user retrieves the password.
  • the obtaining unit 1001 is further configured to acquire an account that is input when the user registers, before acquiring an account that is input when the user retrieves the password;
  • the display unit 1003 is further configured to: when the instruction for enabling the picture factor authentication function on the account is acquired, displaying prompt information of the input picture factor;
  • the receiving unit 1004 is further configured to receive a password and a picture factor input when the user registers;
  • the device also includes:
  • the registration unit 1007 is configured to perform user registration according to the account acquired by the obtaining unit 1001, the password and the picture factor received by the receiving unit 1004, and generate interference picture information including the picture factor for the account.
  • the receiving unit 1004 includes:
  • a receiving subunit configured to receive a password input when the user registers
  • the receiving subunit is further configured to receive an instruction that a user uploads a picture
  • the picture factor confirmation sub-unit is used to use the picture uploaded by the user as a picture factor.
  • the picture factor confirmation subunit is specifically configured to cut a picture uploaded by the user according to a unified specification; and the cut picture is used as a picture factor.
  • the display unit 1003 is further configured to display prompt information for sharing a picture uploaded by the user;
  • the receiving unit 1004 is further configured to receive an instruction of the user, and share the uploaded image of the user according to the instruction, so that the interference picture information can be generated for the other account according to the picture uploaded by the user.
  • the user-uploaded picture received by the receiving sub-unit is a signature picture drawn by the user
  • the receiving unit 1004 is specifically configured to receive a verification code input by the user when the password is retrieved and a picture factor drawn by the user;
  • the authentication unit 1005 is specifically configured to verify whether the account number acquired by the acquiring unit 1001, the verification code received by the receiving unit 1004 is correct, and the ratio of the picture factor received by the receiving unit 1004 to the receiving.
  • the similarity of the signature pictures received by the subunits is performed by the user to retrieve the password authentication.
  • FIG. 11 is a structural diagram of a two-factor authentication device according to Embodiment 10 of the present invention.
  • the device is used to perform the two-factor authentication method provided by the embodiment of the present invention.
  • the method is applied to the authentication in the login process, and the device includes:
  • the processor 1102 The processor 1102;
  • the memory 1101 is configured to store program instructions
  • the processor 1102 is configured to perform the following operations according to the program instructions stored in the memory 1101:
  • the updated interference picture information is displayed
  • the password input when the user logs in and the picture factor selected from the updated interference picture information when the user logs in are received.
  • the processor 1102 performs the operation of receiving the password and the picture factor input when the user registers, including:
  • the user uploaded images are tailored according to uniform specifications
  • processor 1102 is further configured to perform the following operations according to the program instructions stored in the memory 1101:
  • the picture uploaded by the user is a signature picture drawn by the user
  • the processor 1102 performs the operation of performing user login authentication according to the account, the password, and the picture factor, including:
  • User login authentication is performed by verifying the account number, whether the password is correct, and by comparing the similarity between the picture factor and the signature picture.
  • processor 1102 is further configured to perform the following operations according to the program instructions stored in the memory 1101:
  • processor 1102 is further configured to perform the following operations according to the program instructions stored in the memory 1101:
  • the picture factor authentication function is enabled on the account according to the user's instruction
  • processor 1102 is further configured to perform the following operations according to the program instructions stored in the memory 1101:
  • the user After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
  • processor 1102 is further configured to perform the following operations according to the program instructions stored in the memory 1101:
  • the authentication failure is confirmed, and the login authentication result of the authentication failure is displayed.
  • FIG. 12 is a structural diagram of a two-factor authentication device according to Embodiment 11 of the present invention, where the device is used to perform the two-factor authentication method provided by the embodiment of the present invention, and the method is applied to the process of retrieving a password.
  • the card includes:
  • the processor 1202 The processor 1202;
  • the user retrieves the password authentication according to the account number, the verification code, and the picture factor.
  • the processor 1202 is further configured to perform the following operations according to the program instructions stored in the memory 1201:
  • the processor 1202 performs the operation of receiving the verification code and the picture factor input when the user retrieves the password, including:
  • the processor 1202 is further configured to perform the following operations according to the program instructions stored in the memory 1201:
  • the processor 1202 performs the operation of receiving the password and the picture factor input when the user registers, including:
  • the performing, by the processor 1202, the performing, by using the user-uploaded picture as a picture factor includes:
  • the user uploaded images are tailored according to uniform specifications
  • the processor 1202 is further configured to perform the following operations according to the program instructions stored in the memory 1201:

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Facsimiles In General (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The present invention relates to a two-factor authentication method, device and apparatus. The method comprises: acquiring an account inputted by a user when logging in; checking whether the account enables a picture factor authentication function; if the check result shows that the account enables the picture factor authentication function, displaying a prompt message for inputting a picture factor; receiving a password and the picture factor inputted by the user when logging in; and performing user login authentication according to the account, the password and the picture factor. As can be seen, the two-factor authentication method provided by the present invention uses the password as a first authentication factor and the picture as a second authentication factor, and is advantageous in that the picture is easy for the user to remember and can be stored at an account server end without requiring to be carried by the user, thus enabling an easy authentication process and convenient operation for the user.

Description

双因子认证方法、装置和设备Two-factor authentication method, device and device 技术领域Technical field
本发明涉及身份认证领域,尤其涉及双因子认证方法、装置和设备。The present invention relates to the field of identity authentication, and in particular, to a two-factor authentication method, apparatus, and device.
背景技术Background technique
双因子认证(Two-factor authentication,TFA or 2FA)是指使用两种独立不相干的证据来证明身份。Two-factor authentication (TFA or 2FA) refers to the use of two independent and irrelevant evidence to prove identity.
现有技术中在进行双因子认证时,采用的独立证据有:In the prior art, the independent evidence used in the two-factor authentication is:
1.被认证的人所知道的某个秘密,例如,密码(Passwords)或者个人识别密码(Personal Identification Number,PIN);1. A secret known to the person being authenticated, for example, a password or a Personal Identification Number (PIN);
2.被认证的人所拥有的某个东西,例如,护照,优盾(USB KEY),或者磁条卡;2. Something owned by the person being certified, for example, a passport, a USB KEY, or a magnetic stripe card;
3.被认证的人身上所固有的特性,例如,指纹,相貌,声音等等。3. Characteristics inherent in the person being certified, such as fingerprints, looks, sounds, etc.
依靠上述任意两种独立证据的组合完成的认证,都属于双因子认证。目前网络应用最常用的单因子认证都是用户名和密码验证,因此网络应用要求的双因子验证都是配合用户名和密码验证方式的增强方式,也就是上述1+2或1+3模式。Certifications that rely on a combination of any of the above two independent evidences are two-factor authentication. At present, the most commonly used single-factor authentication for network applications is user name and password authentication. Therefore, the two-factor authentication required by the network application is an enhanced way of matching the user name and password authentication mode, that is, the above 1+2 or 1+3 mode.
由上可见,现有技术的双因子认证方法中,当采用上述1+2模式进行双因子认证时,由于需要用户携带某个东西,若用户未携带则无法进行身份认证;当采用上述1+3模式进行双因子认证时,由于需要提供生物特征读取和识别专门设备,并且人体的生物特征可能会发生变化,导致无法进行身份认证。也就是说,现有技术的双因子认证方法,认证过程繁琐,用户操作不便。 It can be seen from the above that in the two-factor authentication method of the prior art, when the above-mentioned 1+2 mode is used for two-factor authentication, since the user is required to carry something, if the user does not carry the identity, the identity authentication cannot be performed; In the two-mode two-factor authentication, the biometric feature reading and identification special equipment is required, and the biological characteristics of the human body may change, resulting in the inability to perform identity authentication. That is to say, in the prior art two-factor authentication method, the authentication process is cumbersome and the user operation is inconvenient.
发明内容Summary of the invention
本发明实施例提供了双因子认证方法、装置和设备,认证过程简单,用户操作方便。The embodiment of the invention provides a two-factor authentication method, device and device, and the authentication process is simple and the user is convenient to operate.
第一方面,提供了一种双因子认证方法,所述方法包括:In a first aspect, a two-factor authentication method is provided, the method comprising:
获取用户登录时输入的账号;Obtain the account entered when the user logs in;
查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
接收用户登录时输入的密码和图片因子;Receiving the password and picture factor entered when the user logs in;
根据所述账号、所述密码和所述图片因子进行用户登录认证。User login authentication is performed according to the account number, the password, and the picture factor.
结合第一方面,在第一方面的第一种可能的实现方式中,所述接收用户登录时输入的密码和图片因子之前,所述方法还包括:In conjunction with the first aspect, in a first possible implementation manner of the first aspect, before the receiving a password and a picture factor that are input when the user logs in, the method further includes:
判断干扰图片信息是否发生更新;Determine whether the interference picture information is updated;
当判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;When the judgment result is that the interference picture information is updated, the updated interference picture information is displayed;
所述接收用户登录时输入的密码和图片因子,包括:The receiving the password and picture factor input when the user logs in, including:
接收用户登录时输入的密码和用户登录时从所述更新后的干扰图片信息中选择的图片因子。The password input when the user logs in and the picture factor selected from the updated interference picture information when the user logs in are received.
结合第一方面或第一方面的第一种可能的实现方式,在第一方面的第二种可能的实现方式中,所述获取用户登录时输入的账号之前,所述方法还包括:In conjunction with the first aspect, or the first possible implementation manner of the first aspect, in the second possible implementation manner of the first aspect, before the acquiring an account that is input when the user logs in, the method further includes:
获取用户注册时输入的账号;Obtain the account entered when the user registered;
当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;When an instruction for enabling the picture factor authentication function for the account is obtained, prompt information for inputting a picture factor is displayed;
接收用户注册时输入的密码和图片因子;Receiving the password and picture factor entered when the user registers;
根据所述账号、所述密码和所述图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。 Performing user registration according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
结合第一方面的第二种可能的实现方式,在第一方面的第三种可能的实现方式中,所述接收用户注册时输入的密码和图片因子,包括:In conjunction with the second possible implementation of the first aspect, in a third possible implementation manner of the first aspect, the receiving a password and a picture factor that are input when the user is registered include:
接收用户注册时输入的密码;Receive the password entered when the user registers;
随机生成图片列表,显示所述图片列表;Randomly generating a picture list to display the picture list;
接收用户注册时从所述图片列表中选择图片的指令;Receiving an instruction to select a picture from the picture list when the user registers;
将用户选择的图片作为图片因子。The picture selected by the user is taken as the picture factor.
结合第一方面的第二种可能的实现方式,在第一方面的第四种可能的实现方式中,所述接收用户注册时输入的密码和图片因子,包括:In conjunction with the second possible implementation of the first aspect, in a fourth possible implementation manner of the first aspect, the receiving a password and a picture factor that are input when the user registers, include:
接收用户注册时输入的密码;Receive the password entered when the user registers;
接收用户上传图片的指令;Receiving an instruction for a user to upload a picture;
将用户上传的图片作为图片因子。Use the user-uploaded image as a picture factor.
结合第一方面的第四种可能的实现方式,在第一方面的第五种可能的实现方式中,所述将用户上传的图片作为图片因子,包括:In conjunction with the fourth possible implementation of the first aspect, in a fifth possible implementation manner of the first aspect, the user uploading the image as a picture factor includes:
对用户上传的图片按统一规格进行剪裁;The user uploaded images are tailored according to uniform specifications;
将剪裁后的图片作为图片因子。Use the cropped image as the image factor.
结合第一方面的第四种或第五种可能的实现方式,在第一方面的第六种可能的实现方式中,所述方法还包括:In conjunction with the fourth or fifth possible implementation of the first aspect, in a sixth possible implementation of the first aspect, the method further includes:
显示共享用户上传的图片的提示信息;Display prompt information for sharing pictures uploaded by users;
接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。Receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to generate interference picture information for other accounts according to the picture uploaded by the user.
结合第一方面的第四种可能的实现方式,在第一方面的第七种可能的实现方式中,所述用户上传的图片为用户绘制的签名图片;With reference to the fourth possible implementation of the first aspect, in a seventh possible implementation manner of the first aspect, the user uploaded the image is a signature picture drawn by the user;
所述接收用户登录时输入的密码和图片因子,包括:The receiving the password and picture factor input when the user logs in, including:
接收用户登录时输入的密码和用户绘制的图片因子;Receiving the password entered by the user when logging in and the picture factor drawn by the user;
所述根据所述账号、所述密码和所述图片因子进行用户登录认证,包括:Performing user login authentication according to the account number, the password, and the picture factor, including:
通过核实所述账号、所述密码是否正确,以及,通过比对所述图片因子 与所述签名图片的相似度,进行用户登录认证。By verifying the account number, whether the password is correct, and by comparing the picture factors User login authentication is performed similar to the signature picture.
结合第一方面,在第一方面的第八种可能的实现方式中,所述获取用户登录时输入的账号,查询所述账号是否启用了图片因子认证功能之后,所述方法还包括:With reference to the first aspect, in an eighth possible implementation manner of the first aspect, after the acquiring an account that is input when the user logs in, and querying whether the account is enabled with the picture factor authentication function, the method further includes:
当查询结果为所述账号未启用图片因子认证功能时,接收用户输入的密码;When the query result is that the account factor authentication function is not enabled in the account, the password input by the user is received;
根据所述账号和所述密码进行用户登录认证。User login authentication is performed according to the account number and the password.
结合第一方面的第八种可能的实现方式,在第一方面的第九种可能的实现方式中,所述方法还包括:In conjunction with the eighth possible implementation of the first aspect, in a ninth possible implementation manner of the first aspect, the method further includes:
用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
当查询结果为所述账号未启用图片因子认证功能时,根据用户的指令对所述账号启用图片因子认证功能;When the result of the query is that the picture factor authentication function is not enabled on the account, the picture factor authentication function is enabled on the account according to the user's instruction;
显示输入图片因子的提示信息;Display prompt information for input picture factor;
接收用户输入的图片因子;Receiving a picture factor input by the user;
根据所述账号、所述密码和所述图片因子重新进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。Re-registering the user according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
结合第一方面或第一方面的第一种至第九种中任意一种可能的实现方式,在第一方面的第十种可能的实现方式中,所述方法还包括:With reference to the first aspect, or any one of the first to the ninth possible implementation manners of the first aspect, in the tenth possible implementation manner of the first aspect, the method further includes:
用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
当查询结果为所述账号启用了图片因子认证功能时,根据用户的指令对所述账号取消图片因子认证功能;When the result of the query is that the picture factor authentication function is enabled for the account, the picture factor authentication function is cancelled according to the user's instruction;
根据所述账号和所述密码重新进行用户注册。Re-registering the user according to the account number and the password.
结合第一方面或第一方面的第一种至第十种中任意一种可能的实现方式,在第一方面的第十一种可能的实现方式中,所述方法还包括: With reference to the first aspect, or any one of the first to the tenth possible implementation manners of the first aspect, in the eleventh possible implementation manner of the first aspect, the method further includes:
获取用户找回密码时输入的账号;Obtain the account entered when the user retrieves the password;
查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
接收用户输入的验证码和图片因子;Receiving a verification code and a picture factor input by the user;
根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。The user retrieves the password authentication according to the account number, the verification code, and the picture factor.
结合第一方面,在第一方面的第十二种可能的实现方式中,所述根据所述账号、所述密码和所述图片因子进行用户登录认证,包括:With reference to the first aspect, in a twelfth possible implementation manner of the first aspect, the performing user login authentication according to the account, the password, and the picture factor includes:
当所述账号、所述密码和所述图片因子都正确时,确认认证成功,显示认证成功的登陆认证结果;When the account number, the password, and the picture factor are all correct, confirm that the authentication is successful, and display the login authentication result that the authentication is successful;
当所述账号、所述密码和所述图片因子中至少一个不正确时,确认认证失败,显示认证失败的登陆认证结果。When at least one of the account number, the password, and the picture factor is incorrect, the authentication failure is confirmed, and the login authentication result of the authentication failure is displayed.
结合第一方面或第一方面的第一种至第十二种中任意一种可能的实现方式,在第一方面的第十三种可能的实现方式中,所述方法还包括:With reference to the first aspect, or any one of the first to the twelfth possible implementation manners of the first aspect, in the thirteenth possible implementation manner of the first aspect, the method further includes:
当连续认证失败的次数超过预设次数时,锁定所述账号。When the number of consecutive authentication failures exceeds a preset number of times, the account is locked.
第二方面,提供了一种双因子认证方法,所述方法包括:In a second aspect, a two-factor authentication method is provided, the method comprising:
获取用户找回密码时输入的账号;Obtain the account entered when the user retrieves the password;
查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
接收用户找回密码时输入的验证码和图片因子;Receiving the verification code and picture factor input when the user retrieves the password;
根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。The user retrieves the password authentication according to the account number, the verification code, and the picture factor.
结合第二方面,在第二方面的第一种可能的实现方式中,所述接收用户找回密码时输入的验证码和图片因子之前,所述方法还包括:With reference to the second aspect, in a first possible implementation manner of the second aspect, before the receiving the verification code and the picture factor that are input when the user retrieves the password, the method further includes:
判断干扰图片信息是否发生更新;Determine whether the interference picture information is updated;
当判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息; When the judgment result is that the interference picture information is updated, the updated interference picture information is displayed;
所述接收用户找回密码时输入的验证码和图片因子,包括:The verification code and the picture factor input when the user receives the password, including:
接收用户找回密码时输入的验证码和用户找回密码时从所述更新后的干扰图片信息中选择的图片因子。The verification code input when the user retrieves the password and the picture factor selected from the updated interference picture information when the user retrieves the password.
结合第二方面或第二方面的第一种可能的实现方式,在第二方面的第二种可能的实现方式中,所述获取用户找回密码时输入的账号之前,所述方法还包括:With reference to the second aspect, or the first possible implementation manner of the second aspect, in the second possible implementation manner of the second aspect, before the acquiring the account that is input when the user retrieves the password, the method further includes:
获取用户注册时输入的账号;Obtain the account entered when the user registered;
当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;When an instruction for enabling the picture factor authentication function for the account is obtained, prompt information for inputting a picture factor is displayed;
接收用户注册时输入的密码和图片因子;Receiving the password and picture factor entered when the user registers;
根据所述账号、所述密码和所述图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。Performing user registration according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
结合第二方面的第二种可能的实现方式,在第二方面的第三种可能的实现方式中,所述接收用户注册时输入的密码和图片因子,包括:With reference to the second possible implementation of the second aspect, in a third possible implementation manner of the second aspect, the receiving a password and a picture factor that are input when the user is registered include:
接收用户注册时输入的密码;Receive the password entered when the user registers;
接收用户上传图片的指令;Receiving an instruction for a user to upload a picture;
将用户上传的图片作为图片因子。Use the user-uploaded image as a picture factor.
结合第二方面的第三种可能的实现方式,在第二方面的第四种可能的实现方式中,所述将用户上传的图片作为图片因子,包括:With the third possible implementation of the second aspect, in a fourth possible implementation manner of the second aspect, the user uploading the image as a picture factor includes:
对用户上传的图片按统一规格进行剪裁;The user uploaded images are tailored according to uniform specifications;
将剪裁后的图片作为图片因子。Use the cropped image as the image factor.
结合第二方面的第三种或第四种可能的实现方式,在第二方面的第五种可能的实现方式中,所述方法还包括:In conjunction with the third or fourth possible implementation of the second aspect, in a fifth possible implementation of the second aspect, the method further includes:
显示共享用户上传的图片的提示信息;Display prompt information for sharing pictures uploaded by users;
接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。 Receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to generate interference picture information for other accounts according to the picture uploaded by the user.
结合第二方面的第三种可能的实现方式,在第二方面的第六种可能的实现方式中,所述用户上传的图片为用户绘制的签名图片;With reference to the third possible implementation manner of the second aspect, in a sixth possible implementation manner of the second aspect, the user uploaded the image is a signature picture drawn by the user;
所述接收用户找回密码时输入的验证码和图片因子,包括:The verification code and the picture factor input when the user receives the password, including:
接收用户找回密码时输入的验证码和用户绘制的图片因子;Receiving the verification code input by the user when the password is retrieved and the picture factor drawn by the user;
所述根据所述账号、所述验证码和所述图片因子进行用户找回密码认证,包括:Performing user password recovery authentication according to the account number, the verification code, and the picture factor, including:
通过核实所述账号、所述验证码是否正确,以及,通过比对所述图片因子与所述签名图片的相似度,进行用户找回密码认证。The user retrieves the password authentication by verifying the account number, whether the verification code is correct, and by comparing the similarity between the picture factor and the signature picture.
第三方面,提供了一种双因子认证装置,所述装置包括:In a third aspect, a two-factor authentication apparatus is provided, the apparatus comprising:
获取单元,用于获取用户登录时输入的账号;The obtaining unit is configured to obtain an account entered when the user logs in;
查询单元,用于查询所述获取单元获取的账号是否启用了图片因子认证功能;a query unit, configured to query whether an account factor obtained by the obtaining unit is enabled with a picture factor authentication function;
显示单元,用于当所述查询单元的查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;a display unit, configured to display prompt information of the input picture factor when the query result of the query unit is that the picture factor authentication function is enabled for the account;
接收单元,用于接收用户登录时输入的密码和图片因子;a receiving unit, configured to receive a password and a picture factor input when the user logs in;
认证单元,用于根据所述获取单元获取的账号、所述接收单元接收的密码和图片因子进行用户登录认证。The authentication unit is configured to perform user login authentication according to the account acquired by the acquiring unit, the password received by the receiving unit, and a picture factor.
结合第三方面,在第三方面的第一种可能的实现方式中,所述装置还包括:In conjunction with the third aspect, in a first possible implementation manner of the third aspect, the device further includes:
判断单元,用于在所述接收单元接收用户登录时输入的密码和图片因子之前,判断干扰图片信息是否发生更新;a determining unit, configured to determine whether the interference picture information is updated before the receiving unit receives the password and the picture factor input when the user logs in;
所述显示单元,还用于当所述判断单元的判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;The display unit is further configured to display the updated interference picture information when the judgment result of the determining unit is that the interference picture information is updated;
所述接收单元,具体用于接收用户登录时输入的密码和用户登录时从所述更新后的干扰图片信息中选择的图片因子。The receiving unit is specifically configured to receive a password input when the user logs in and a picture factor selected from the updated interference picture information when the user logs in.
结合第三方面或第三方面的第一种可能的实现方式,在第三方面的第二 种可能的实现方式中:In combination with the third aspect or the first possible implementation of the third aspect, the second in the third aspect Possible implementations:
所述获取单元,还用于在获取用户登录时输入的账号之前,获取用户注册时输入的账号;The obtaining unit is further configured to acquire an account that is input when the user registers, before acquiring an account that is input when the user logs in;
所述显示单元,还用于当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;The display unit is further configured to display prompt information of the input picture factor when an instruction for enabling the picture factor authentication function for the account is obtained;
所述接收单元,还用于接收用户注册时输入的密码和图片因子;The receiving unit is further configured to receive a password and a picture factor input when the user registers;
所述装置还包括:The device also includes:
注册单元,用于根据所述获取单元获取的账号、所述接收单元接收的密码和图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。a registration unit, configured to perform user registration according to the account acquired by the acquiring unit, the password received by the receiving unit, and a picture factor, and generate interference picture information including the picture factor for the account.
结合第三方面的第二种可能的实现方式,在第三方面的第三种可能的实现方式中,所述接收单元包括:In conjunction with the second possible implementation of the third aspect, in a third possible implementation manner of the third aspect, the receiving unit includes:
接收子单元,用于接收用户注册时输入的密码;a receiving subunit, configured to receive a password input when the user registers;
显示子单元,用于随机生成图片列表,显示所述图片列表;a display subunit, configured to randomly generate a picture list, and display the picture list;
所述接收子单元,还用于接收用户注册时从所述图片列表中选择图片的指令;The receiving subunit is further configured to receive an instruction for selecting a picture from the picture list when the user registers;
图片因子确认子单元,用于将所述接收子单元接收的用户选择的图片作为图片因子。A picture factor confirmation subunit is configured to use a picture selected by the user by the receiving subunit as a picture factor.
结合第三方面的第二种可能的实现方式,在第三方面的第四种可能的实现方式中,所述接收单元包括:With reference to the second possible implementation of the third aspect, in a fourth possible implementation manner of the third aspect, the receiving unit includes:
接收子单元,用于接收用户注册时输入的密码;a receiving subunit, configured to receive a password input when the user registers;
所述接收子单元,还用于接收用户上传图片的指令;The receiving subunit is further configured to receive an instruction that a user uploads a picture;
图片因子确认子单元,用于将所述接收子单元接收的用户上传的图片作为图片因子。The picture factor confirmation subunit is configured to use the user uploaded picture received by the receiving subunit as a picture factor.
结合第三方面的第四种可能的实现方式,在第三方面的第五种可能的实现方式中,所述图片因子确认子单元,具体用于对用户上传的图片按统一规 格进行剪裁;将剪裁后的图片作为图片因子。With reference to the fourth possible implementation manner of the third aspect, in a fifth possible implementation manner of the third aspect, the picture factor confirmation subunit is specifically configured to The grid is cropped; the cropped image is used as the image factor.
结合第三方面的第四种或第五种可能的实现方式,在第三方面的第六种可能的实现方式中:In conjunction with the fourth or fifth possible implementation of the third aspect, in a sixth possible implementation of the third aspect:
所述显示单元,还用于显示共享用户上传的图片的提示信息;The display unit is further configured to display prompt information for sharing a picture uploaded by a user;
所述接收单元,还用于接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。The receiving unit is further configured to receive an instruction of the user, and share the uploaded image of the user according to the instruction, so that the interference picture information can be generated for the other account according to the picture uploaded by the user.
结合第三方面的第四种可能的实现方式,在第三方面的第七种可能的实现方式中,所述接收子单元接收的用户上传的图片为用户绘制的签名图片;With reference to the fourth possible implementation manner of the third aspect, in a seventh possible implementation manner of the third aspect, the user-uploaded picture received by the receiving sub-unit is a signature picture drawn by the user;
所述接收单元,具体用于接收用户登录时输入的密码和用户绘制的图片因子;The receiving unit is specifically configured to receive a password input by the user when logging in and a picture factor drawn by the user;
所述认证单元,具体用于通过核实所述获取单元获取的账号、所述接收单元接收的密码是否正确,以及通过比对所述接收单元接收的图片因子与所述接收子单元接收的签名图片的相似度,进行用户登录认证。The authentication unit is specifically configured to verify, by using the account acquired by the acquiring unit, whether the password received by the receiving unit is correct, and by comparing the picture factor received by the receiving unit with the signature picture received by the receiving subunit. Similarity, user login authentication.
结合第三方面,在第三方面的第八种可能的实现方式中:In conjunction with the third aspect, in an eighth possible implementation of the third aspect:
所述接收单元,还用于在所述获取单元获取用户登录时输入的账号,所述查询单元查询所述账号是否启用了图片因子认证功能之后,当所述查询单元的查询结果为所述账号未启用图片因子认证功能时,接收用户输入的密码;The receiving unit is further configured to: when the obtaining unit acquires an account that is input when the user logs in, the query unit queries whether the image factor authentication function is enabled in the account, and the query result of the query unit is the account When the picture factor authentication function is not enabled, the password input by the user is received;
所述认证单元,还用于根据所述获取单元获取的账号和所述接收单元接收的密码进行用户登录认证。The authentication unit is further configured to perform user login authentication according to the account acquired by the acquiring unit and the password received by the receiving unit.
结合第三方面的第八种可能的实现方式,在第三方面的第九种可能的实现方式中:In conjunction with the eighth possible implementation of the third aspect, in a ninth possible implementation of the third aspect:
所述查询单元,还用于用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;The query unit is further configured to: after the user logs in, query whether the account factor authentication function is enabled by the account according to an instruction of the user;
所述装置还包括:The device also includes:
启用单元,用于当所述查询单元的查询结果为所述账号未启用图片因子 认证功能时,根据用户的指令对所述账号启用图片因子认证功能;An enabling unit, configured to: when the query result of the query unit is that the account factor is not enabled When the authentication function is performed, the picture factor authentication function is enabled for the account according to the user's instruction;
所述显示单元,还用于显示输入图片因子的提示信息;The display unit is further configured to display prompt information of an input picture factor;
所述接收单元,还用于接收用户输入的图片因子;The receiving unit is further configured to receive a picture factor input by the user;
所述注册单元,还用于根据所述账号、所述密码和所述图片因子重新进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。The registration unit is further configured to re-register the user according to the account, the password, and the picture factor, and generate interference picture information including the picture factor for the account.
结合第三方面或第三方面的第一种至第九种中任意一种可能的实现方式,在第三方面的第十种可能的实现方式中:With reference to the third aspect or any one of the first to the ninth possible implementation manners of the third aspect, in the tenth possible implementation manner of the third aspect:
所述查询单元,还用于用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;The query unit is further configured to: after the user logs in, query whether the account factor authentication function is enabled by the account according to an instruction of the user;
所述装置还包括:The device also includes:
取消单元,用于当所述查询单元的查询结果为所述账号启用了图片因子认证功能时,根据用户的指令对所述账号取消图片因子认证功能;a canceling unit, configured to cancel a picture factor authentication function on the account according to a user instruction when the query result of the query unit is that the picture factor authentication function is enabled on the account;
所述注册单元,还用于根据所述账号和所述密码重新进行用户注册。The registration unit is further configured to perform user registration again according to the account number and the password.
结合第三方面或第三方面的第一种至第十种中任意一种可能的实现方式,在第三方面的第十一种可能的实现方式中:With reference to the third aspect, or any one of the first to the tenth possible implementation manners of the third aspect, in an eleventh possible implementation manner of the third aspect:
所述获取单元,还用于获取用户找回密码时输入的账号;The obtaining unit is further configured to acquire an account that is input when the user retrieves the password;
所述查询单元,还用于查询所述获取单元获取的账号是否启用了图片因子认证功能;The query unit is further configured to query whether an account factor obtained by the obtaining unit is enabled with a picture factor authentication function;
所述显示单元,还用于当所述查询单元的查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;The display unit is further configured to: when the query result of the query unit is that the image factor authentication function is enabled for the account, display prompt information of the input picture factor;
所述接收单元,还用于接收用户输入的验证码和图片因子;The receiving unit is further configured to receive a verification code and a picture factor input by the user;
所述认证单元,还用于根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。The authentication unit is further configured to perform user recovery password authentication according to the account number, the verification code, and the picture factor.
结合第三方面,在第三方面的第十二种可能的实现方式中,所述认证单元具体用于:In conjunction with the third aspect, in a twelfth possible implementation manner of the third aspect, the authenticating unit is specifically configured to:
当所述账号、所述密码和所述图片因子都正确时,确认认证成功,显示 认证成功的登陆认证结果;When the account number, the password, and the picture factor are all correct, confirm that the authentication is successful, and display Successful login verification results;
当所述账号、所述密码和所述图片因子中至少一个不正确时,确认认证失败,显示认证失败的登陆认证结果。When at least one of the account number, the password, and the picture factor is incorrect, the authentication failure is confirmed, and the login authentication result of the authentication failure is displayed.
结合第三方面或第三方面的第一种至第十二种中任意一种可能的实现方式,在第三方面的第十三种可能的实现方式中,所述装置还包括:With reference to the third aspect, or any one of the first to the twelfth possible implementation manners of the third aspect, in the thirteenth possible implementation manner of the third aspect, the device further includes:
锁定单元,用于当所述认证单元连续认证失败的次数超过预设次数时,锁定所述账号。The locking unit is configured to lock the account when the number of consecutive authentication failures of the authentication unit exceeds a preset number of times.
第四方面,提供了一种双因子认证装置,所述装置包括:In a fourth aspect, a two-factor authentication apparatus is provided, the apparatus comprising:
获取单元,用于获取用户找回密码时输入的账号;The obtaining unit is configured to obtain an account entered when the user retrieves the password;
查询单元,用于查询所述获取单元获取的账号是否启用了图片因子认证功能;a query unit, configured to query whether an account factor obtained by the obtaining unit is enabled with a picture factor authentication function;
显示单元,用于当所述查询单元的查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;a display unit, configured to display prompt information of the input picture factor when the query result of the query unit is that the picture factor authentication function is enabled for the account;
接收单元,用于接收用户找回密码时输入的验证码和图片因子;a receiving unit, configured to receive a verification code and a picture factor input when the user retrieves the password;
认证单元,用于根据所述获取单元获取的账号、所述接收单元接收的验证码和图片因子进行用户找回密码认证。The authentication unit is configured to perform user recovery password authentication according to the account acquired by the acquiring unit, the verification code received by the receiving unit, and the picture factor.
结合第四方面,在第四方面的第一种可能的实现方式中,所述装置还包括:In conjunction with the fourth aspect, in a first possible implementation manner of the fourth aspect, the device further includes:
判断单元,用于在所述接收单元接收用户找回密码时输入的验证码和图片因子之前,判断干扰图片信息是否发生更新;a determining unit, configured to determine whether the interference picture information is updated before the receiving unit receives the verification code and the picture factor input when the user retrieves the password;
所述显示单元,还用于当所述判断单元的判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;The display unit is further configured to display the updated interference picture information when the judgment result of the determining unit is that the interference picture information is updated;
所述接收单元,具体用于接收用户找回密码时输入的验证码和用户找回密码时从所述更新后的干扰图片信息中选择的图片因子。The receiving unit is specifically configured to receive a verification code input when the user retrieves the password and a picture factor selected from the updated interference picture information when the user retrieves the password.
结合第四方面或第四方面的第一种可能的实现方式,在第四方面的第二种可能的实现方式中,所述获取单元,还用于在获取用户找回密码时输入的 账号之前,获取用户注册时输入的账号;With reference to the fourth aspect, or the first possible implementation manner of the fourth aspect, in the second possible implementation manner of the fourth aspect, the acquiring unit is further configured to input when acquiring a password for the user to retrieve Before the account number, obtain the account number entered when the user registers;
所述显示单元,还用于当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;The display unit is further configured to display prompt information of the input picture factor when an instruction for enabling the picture factor authentication function for the account is obtained;
所述接收单元,还用于接收用户注册时输入的密码和图片因子;The receiving unit is further configured to receive a password and a picture factor input when the user registers;
所述装置还包括:The device also includes:
注册单元,用于根据所述获取单元获取的账号、所述接收单元接收的密码和图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。a registration unit, configured to perform user registration according to the account acquired by the acquiring unit, the password received by the receiving unit, and a picture factor, and generate interference picture information including the picture factor for the account.
结合第四方面的第二种可能的实现方式,在第四方面的第三种可能的实现方式中,所述接收单元包括:In conjunction with the second possible implementation of the fourth aspect, in a third possible implementation manner of the fourth aspect, the receiving unit includes:
接收子单元,用于接收用户注册时输入的密码;a receiving subunit, configured to receive a password input when the user registers;
所述接收子单元,还用于接收用户上传图片的指令;The receiving subunit is further configured to receive an instruction that a user uploads a picture;
图片因子确认子单元,用于将用户上传的图片作为图片因子。The picture factor confirmation sub-unit is used to use the picture uploaded by the user as a picture factor.
结合第四方面的第三种可能的实现方式,在第四方面的第四种可能的实现方式中,所述图片因子确认子单元,具体用于对用户上传的图片按统一规格进行剪裁;将剪裁后的图片作为图片因子。With reference to the third possible implementation manner of the fourth aspect, in a fourth possible implementation manner of the fourth aspect, the picture factor confirmation sub-unit is specifically configured to perform, according to a unified specification, a user-uploaded picture; The cropped image acts as a picture factor.
结合第四方面的第三种或第四种可能的实现方式,在第四方面的第五种可能的实现方式中,所述显示单元,还用于显示共享用户上传的图片的提示信息;With reference to the third or fourth possible implementation manner of the fourth aspect, in a fifth possible implementation manner of the fourth aspect, the display unit is further configured to display prompt information for sharing a user-uploaded picture;
所述接收单元,还用于接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。The receiving unit is further configured to receive an instruction of the user, and share the uploaded image of the user according to the instruction, so that the interference picture information can be generated for the other account according to the picture uploaded by the user.
结合第四方面的第三种可能的实现方式,在第四方面的第六种可能的实现方式中,所述接收子单元接收的用户上传的图片为用户绘制的签名图片;With reference to the third possible implementation manner of the fourth aspect, in a sixth possible implementation manner of the fourth aspect, the user-uploaded picture received by the receiving sub-unit is a signature picture drawn by the user;
所述接收单元,具体用于接收用户找回密码时输入的验证码和用户绘制的图片因子; The receiving unit is specifically configured to receive a verification code input by the user when the password is retrieved and a picture factor drawn by the user;
所述认证单元,具体用于通过核实所述获取单元获取的账号、所述接收单元接收的验证码是否正确,以及,通过比对所述接收单元接收的图片因子与所述接收子单元接收的签名图片的相似度,进行用户找回密码认证。The authentication unit is specifically configured to verify, by using the account acquired by the acquiring unit, whether the verification code received by the receiving unit is correct, and by comparing the picture factor received by the receiving unit with the receiving subunit. The similarity of the signature image is used to retrieve the password for the user.
第五方面,提供了一种双因子认证设备,所述设备包括:In a fifth aspect, a two-factor authentication device is provided, the device comprising:
存储器;Memory
处理器;processor;
所述存储器用于存储程序指令;The memory is configured to store program instructions;
所述处理器用于根据所述存储器中存储的程序指令执行以下操作:The processor is configured to perform the following operations according to program instructions stored in the memory:
获取用户登录时输入的账号;Obtain the account entered when the user logs in;
查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
接收用户登录时输入的密码和图片因子;Receiving the password and picture factor entered when the user logs in;
根据所述账号、所述密码和所述图片因子进行用户登录认证。User login authentication is performed according to the account number, the password, and the picture factor.
结合第五方面,在第五方面的第一种可能的实现方式中,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:In conjunction with the fifth aspect, in a first possible implementation manner of the fifth aspect, the processor is further configured to perform the following operations according to the program instructions stored in the memory:
在所述接收用户登录时输入的密码和图片因子之前,判断干扰图片信息是否发生更新;Determining whether the interference picture information is updated before receiving the password and the picture factor input when the user logs in;
当判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;When the judgment result is that the interference picture information is updated, the updated interference picture information is displayed;
所述处理器执行接收用户登录时输入的密码和图片因子的操作,包括:The processor performs an operation of receiving a password and a picture factor input when the user logs in, including:
接收用户登录时输入的密码和用户登录时从所述更新后的干扰图片信息中选择的图片因子。The password input when the user logs in and the picture factor selected from the updated interference picture information when the user logs in are received.
结合第五方面或第五方面的第一种可能的实现方式,在第五方面的第二种可能的实现方式中,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:With reference to the fifth aspect, or the first possible implementation manner of the fifth aspect, in a second possible implementation manner of the fifth aspect, the processor is further configured to perform the following operations according to the program instructions stored in the memory :
在所述获取用户登录时输入的账号之前,获取用户注册时输入的账号; Obtaining an account entered when the user registers, before obtaining the account entered when the user logs in;
当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;When an instruction for enabling the picture factor authentication function for the account is obtained, prompt information for inputting a picture factor is displayed;
接收用户注册时输入的密码和图片因子;Receiving the password and picture factor entered when the user registers;
根据所述账号、所述密码和所述图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。Performing user registration according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
结合第五方面的第二种可能的实现方式,在第五方面的第三种可能的实现方式中,所述处理器执行所述接收用户注册时输入的密码和图片因子的操作,包括:With reference to the second possible implementation manner of the fifth aspect, in a third possible implementation manner of the fifth aspect, the performing, by the processor, the operation of receiving the password and the picture factor input when the user registers, includes:
接收用户注册时输入的密码;Receive the password entered when the user registers;
随机生成图片列表,显示所述图片列表;Randomly generating a picture list to display the picture list;
接收用户注册时从所述图片列表中选择图片的指令;Receiving an instruction to select a picture from the picture list when the user registers;
将用户选择的图片作为图片因子。The picture selected by the user is taken as the picture factor.
结合第五方面的第二种可能的实现方式,在第五方面的第四种可能的实现方式中,所述处理器执行所述接收用户注册时输入的密码和图片因子的操作,包括:With reference to the second possible implementation manner of the fifth aspect, in a fourth possible implementation manner of the fifth aspect, the performing, by the processor, the operation of receiving the password and the picture factor input when the user registers, includes:
接收用户注册时输入的密码;Receive the password entered when the user registers;
接收用户上传图片的指令;Receiving an instruction for a user to upload a picture;
将用户上传的图片作为图片因子。Use the user-uploaded image as a picture factor.
结合第五方面的第四种可能的实现方式,在第五方面的第五种可能的实现方式中,所述处理器执行所述将用户上传的图片作为图片因子的操作,包括:With reference to the fourth possible implementation manner of the fifth aspect, in a fifth possible implementation manner of the fifth aspect, the performing, by the processor, the performing a user-uploaded picture as a picture factor includes:
对用户上传的图片按统一规格进行剪裁;The user uploaded images are tailored according to uniform specifications;
将剪裁后的图片作为图片因子。Use the cropped image as the image factor.
结合第五方面的第四种或第五种可能的实现方式,在第五方面的第六种可能的实现方式中,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作: In conjunction with the fourth or fifth possible implementation of the fifth aspect, in a sixth possible implementation manner of the fifth aspect, the processor is further configured to perform the following operations according to the program instructions stored in the memory :
显示共享用户上传的图片的提示信息;Display prompt information for sharing pictures uploaded by users;
接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。Receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to generate interference picture information for other accounts according to the picture uploaded by the user.
结合第五方面的第四种可能的实现方式,在第五方面的第七种可能的实现方式中,所述用户上传的图片为用户绘制的签名图片;With reference to the fourth possible implementation manner of the fifth aspect, in a seventh possible implementation manner of the fifth aspect, the user uploaded the image is a signature picture drawn by the user;
所述处理器执行所述接收用户登录时输入的密码和图片因子的操作,包括:The processor performs the operation of receiving the password and the picture factor input when the user logs in, including:
接收用户登录时输入的密码和用户绘制的图片因子;Receiving the password entered by the user when logging in and the picture factor drawn by the user;
所述处理器执行所述根据所述账号、所述密码和所述图片因子进行用户登录认证的操作,包括:The processor performs the operation of performing user login authentication according to the account, the password, and the picture factor, including:
通过核实所述账号、所述密码是否正确,以及,通过比对所述图片因子与所述签名图片的相似度,进行用户登录认证。User login authentication is performed by verifying the account number, whether the password is correct, and by comparing the similarity between the picture factor and the signature picture.
结合第五方面,在第五方面的第八种可能的实现方式中,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:In conjunction with the fifth aspect, in an eighth possible implementation manner of the fifth aspect, the processor is further configured to perform the following operations according to the program instructions stored in the memory:
在所述获取用户登录时输入的账号,查询所述账号是否启用了图片因子认证功能之后,当查询结果为所述账号未启用图片因子认证功能时,接收用户输入的密码;After the user account is logged in to obtain the image factor authentication function, when the query result is that the account factor authentication function is not enabled, the password input by the user is received;
根据所述账号和所述密码进行用户登录认证。User login authentication is performed according to the account number and the password.
结合第五方面的第八种可能的实现方式,在第五方面的第九种可能的实现方式中,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:In conjunction with the eighth possible implementation of the fifth aspect, in a ninth possible implementation manner of the fifth aspect, the processor is further configured to perform the following operations according to the program instructions stored in the memory:
用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
当查询结果为所述账号未启用图片因子认证功能时,根据用户的指令对所述账号启用图片因子认证功能;When the result of the query is that the picture factor authentication function is not enabled on the account, the picture factor authentication function is enabled on the account according to the user's instruction;
显示输入图片因子的提示信息; Display prompt information for input picture factor;
接收用户输入的图片因子;Receiving a picture factor input by the user;
根据所述账号、所述密码和所述图片因子重新进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。Re-registering the user according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
结合第五方面或第五方面的第一种至第九种中任意一种可能的实现方式,在第五方面的第十种可能的实现方式中,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:With reference to the fifth aspect, or any one of the first to the ninth possible implementation manners of the fifth aspect, in a tenth possible implementation manner of the fifth aspect, the processor is further configured to use the memory The program instructions stored in it do the following:
用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
当查询结果为所述账号启用了图片因子认证功能时,根据用户的指令对所述账号取消图片因子认证功能;When the result of the query is that the picture factor authentication function is enabled for the account, the picture factor authentication function is cancelled according to the user's instruction;
根据所述账号和所述密码重新进行用户注册。Re-registering the user according to the account number and the password.
结合第五方面或第五方面的第一种至第十种中任意一种可能的实现方式,在第五方面的第十一种可能的实现方式中,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:With reference to the fifth aspect, or any one of the first to the tenth possible implementation manners of the fifth aspect, in the eleventh possible implementation manner of the fifth aspect, the processor is further configured to Program instructions stored in memory perform the following operations:
获取用户找回密码时输入的账号;Obtain the account entered when the user retrieves the password;
查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
接收用户输入的验证码和图片因子;Receiving a verification code and a picture factor input by the user;
根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。The user retrieves the password authentication according to the account number, the verification code, and the picture factor.
结合第五方面,在第五方面的第十二种可能的实现方式中,所述处理器执行所述根据所述账号、所述密码和所述图片因子进行用户登录认证的操作,包括:With reference to the fifth aspect, in a twelfth possible implementation manner of the fifth aspect, the performing, by the processor, the performing user login authentication according to the account, the password, and the picture factor, including:
当所述账号、所述密码和所述图片因子都正确时,确认认证成功,显示认证成功的登陆认证结果;When the account number, the password, and the picture factor are all correct, confirm that the authentication is successful, and display the login authentication result that the authentication is successful;
当所述账号、所述密码和所述图片因子中至少一个不正确时,确认认证 失败,显示认证失败的登陆认证结果。Confirming authentication when at least one of the account number, the password, and the picture factor is incorrect Failure, showing the login authentication result of the authentication failure.
结合第五方面或第五方面的第一种至第十二种中任意一种可能的实现方式,在第五方面的第十三种可能的实现方式中,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:With reference to the fifth aspect, or any one of the first to the twelfth possible implementation manners of the fifth aspect, in the thirteenth possible implementation manner of the fifth aspect, the processor is further configured to perform The program instructions stored in the memory perform the following operations:
当连续认证失败的次数超过预设次数时,锁定所述账号。When the number of consecutive authentication failures exceeds a preset number of times, the account is locked.
第六方面,提供了一种双因子认证设备,所述设备包括:In a sixth aspect, a two-factor authentication device is provided, the device comprising:
存储器;Memory
处理器;processor;
所述存储器用于存储程序指令;The memory is configured to store program instructions;
所述处理器用于根据所述存储器中存储的程序指令执行以下操作:The processor is configured to perform the following operations according to program instructions stored in the memory:
获取用户找回密码时输入的账号;Obtain the account entered when the user retrieves the password;
查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
接收用户找回密码时输入的验证码和图片因子;Receiving the verification code and picture factor input when the user retrieves the password;
根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。The user retrieves the password authentication according to the account number, the verification code, and the picture factor.
结合第六方面,在第六方面的第一种可能的实现方式中,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:In conjunction with the sixth aspect, in a first possible implementation manner of the sixth aspect, the processor is further configured to perform the following operations according to the program instructions stored in the memory:
在所述接收用户找回密码时输入的验证码和图片因子之前,判断干扰图片信息是否发生更新;Determining whether the interference picture information is updated before the verification code and the picture factor input when the user retrieves the password is received;
当判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;When the judgment result is that the interference picture information is updated, the updated interference picture information is displayed;
所述处理器执行所述接收用户找回密码时输入的验证码和图片因子的操作,包括:The processor performs the operation of receiving the verification code and the picture factor input when the user retrieves the password, including:
接收用户找回密码时输入的验证码和用户找回密码时从所述更新后的干扰图片信息中选择的图片因子。The verification code input when the user retrieves the password and the picture factor selected from the updated interference picture information when the user retrieves the password.
结合第六方面或第六方面的第一种可能的实现方式,在第六方面的第二 种可能的实现方式中,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:In combination with the sixth aspect or the first possible implementation of the sixth aspect, the second aspect of the sixth aspect In a possible implementation manner, the processor is further configured to perform the following operations according to the program instructions stored in the memory:
在所述获取用户找回密码时输入的账号之前,获取用户注册时输入的账号;Obtaining an account entered when the user registers, before obtaining the account entered when the user retrieves the password;
当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;When an instruction for enabling the picture factor authentication function for the account is obtained, prompt information for inputting a picture factor is displayed;
接收用户注册时输入的密码和图片因子;Receiving the password and picture factor entered when the user registers;
根据所述账号、所述密码和所述图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。Performing user registration according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
结合第六方面的第二种可能的实现方式,在第六方面的第三种可能的实现方式中,所述处理器执行所述接收用户注册时输入的密码和图片因子的操作,包括:With reference to the second possible implementation manner of the sixth aspect, in a third possible implementation manner of the sixth aspect, the performing, by the processor, the operation of receiving the password and the picture factor input when the user registers, includes:
接收用户注册时输入的密码;Receive the password entered when the user registers;
接收用户上传图片的指令;Receiving an instruction for a user to upload a picture;
将用户上传的图片作为图片因子。Use the user-uploaded image as a picture factor.
结合第六方面的第三种可能的实现方式,在第六方面的四种可能的实现方式中,所述处理器执行所述将用户上传的图片作为图片因子的操作,包括:With reference to the third possible implementation manner of the sixth aspect, in the four possible implementation manners of the sixth aspect, the performing, by the processor, the performing a user-uploaded picture as a picture factor includes:
对用户上传的图片按统一规格进行剪裁;The user uploaded images are tailored according to uniform specifications;
将剪裁后的图片作为图片因子。Use the cropped image as the image factor.
结合第六方面的第三种或第四种可能的实现方式,在第六方面的第五种可能的实现方式中,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:In conjunction with the third or fourth possible implementation of the sixth aspect, in a fifth possible implementation manner of the sixth aspect, the processor is further configured to perform the following operations according to the program instructions stored in the memory :
显示共享用户上传的图片的提示信息;Display prompt information for sharing pictures uploaded by users;
接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。Receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to generate interference picture information for other accounts according to the picture uploaded by the user.
结合第六方面的第三种可能的实现方式,在第六方面的第六种可能的实 现方式中,所述用户上传的图片为用户绘制的签名图片;In conjunction with the third possible implementation of the sixth aspect, the sixth possible implementation in the sixth aspect In the current mode, the picture uploaded by the user is a signature picture drawn by the user;
所述处理器执行所述接收用户找回密码时输入的验证码和图片因子的操作,包括:The processor performs the operation of receiving the verification code and the picture factor input when the user retrieves the password, including:
接收用户找回密码时输入的验证码和用户绘制的图片因子;Receiving the verification code input by the user when the password is retrieved and the picture factor drawn by the user;
所述根据所述账号、所述验证码和所述图片因子进行用户找回密码认证,包括:Performing user password recovery authentication according to the account number, the verification code, and the picture factor, including:
通过核实所述账号、所述验证码是否正确,以及,通过比对所述图片因子与所述签名图片的相似度,进行用户找回密码认证。The user retrieves the password authentication by verifying the account number, whether the verification code is correct, and by comparing the similarity between the picture factor and the signature picture.
本发明实施例提供了一种双因子认证方法,先获取用户登录时输入的账号,然后查询该账号是否启用了图片因子认证功能,当查询结果为该账号启用了图片因子认证功能时,向用户显示输入图片因子的提示信息,接收用户登录时输入的密码和图片因子,根据账号、密码和图片因子进行用户登录认证。由上可见,本发明实施例提供的双因子认证方法中,将密码作为第一认证因子,将图片作为第二认证因子,由于图片具有用户容易记住的特点,并且可以在账号服务端中进行存储无需用户携带,因此认证过程简单,用户操作方便。The embodiment of the invention provides a two-factor authentication method, first obtaining an account input when a user logs in, and then querying whether the account factor authentication function is enabled for the account, and when the query result is that the image factor authentication function is enabled for the account, the user is Display the prompt information of the input picture factor, receive the password and picture factor input when the user logs in, and perform user login authentication according to the account number, password and picture factor. It can be seen that, in the two-factor authentication method provided by the embodiment of the present invention, the password is used as the first authentication factor, and the picture is used as the second authentication factor, because the picture has the characteristics that the user can easily remember, and can be performed in the account server. The storage does not need to be carried by the user, so the authentication process is simple and the user operates conveniently.
附图说明DRAWINGS
图1为本发明实施例提供的双因子认证方法所基于的系统架构图;1 is a system architecture diagram on which a two-factor authentication method according to an embodiment of the present invention is based;
图2为本发明实施例一提供的双因子认证方法流程图;2 is a flowchart of a two-factor authentication method according to Embodiment 1 of the present invention;
图3为本发明实施例二提供的双因子认证方法中的注册方法信号流图;3 is a signal flow diagram of a registration method in a two-factor authentication method according to Embodiment 2 of the present invention;
图4为本发明实施例三提供的双因子认证方法中的登录方法信号流图;4 is a signal flow diagram of a login method in a two-factor authentication method according to Embodiment 3 of the present invention;
图5为本发明实施例四提供的双因子认证方法中图片因子的设置方法信号流图;5 is a signal flow diagram of a method for setting a picture factor in a two-factor authentication method according to Embodiment 4 of the present invention;
图6为本发明实施例五提供的双因子认证方法中图片因子的取消方法信号流图; 6 is a signal flow diagram of a method for canceling a picture factor in a two-factor authentication method according to Embodiment 5 of the present invention;
图7为本发明实施例六提供的双因子认证方法流程图;7 is a flowchart of a two-factor authentication method according to Embodiment 6 of the present invention;
图8为本发明实施例七提供的双因子认证方法中找回密码的认证方法信号流图;8 is a signal flow diagram of an authentication method for retrieving a password in a two-factor authentication method according to Embodiment 7 of the present invention;
图9为本发明实施例八提供的双因子认证装置结构图;9 is a structural diagram of a two-factor authentication apparatus according to Embodiment 8 of the present invention;
图10为本发明实施例九提供的双因子认证装置结构图;10 is a structural diagram of a two-factor authentication apparatus according to Embodiment 9 of the present invention;
图11为本发明实施例十提供的双因子认证设备结构图;11 is a structural diagram of a two-factor authentication device according to Embodiment 10 of the present invention;
图12为本发明实施例十一提供的双因子认证设备结构图。FIG. 12 is a structural diagram of a two-factor authentication device according to Embodiment 11 of the present invention.
具体实施方式detailed description
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be described in conjunction with the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are part of the present invention. Embodiments, but not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明实施例提供的双因子认证方法,可以应用于本地系统帐号或互联网帐号的认证,其中,将密码作为账号的第一认证因子,将图片作为账号的第二认证因子,通过两个认证因子相结合的方式提升账号认证的安全性,由于图片具有用户容易记住的特点,并且可以在账号服务端中进行存储无需用户携带,因此认证过程简单,用户操作方便。该双因子认证方法可以应用于任意需要对账号进行认证的认证流程,具体地,可以应用于帐号登录和找回密码的认证流程。The two-factor authentication method provided by the embodiment of the present invention can be applied to the authentication of a local system account or an Internet account. The password is used as the first authentication factor of the account, and the image is used as the second authentication factor of the account, and the two authentication factors are adopted. The combination method improves the security of account authentication. Since the picture has the characteristics that the user can easily remember, and can be stored in the account server without the user carrying, the authentication process is simple and the user is convenient to operate. The two-factor authentication method can be applied to any authentication process that requires authentication of an account. Specifically, it can be applied to an authentication process of an account login and a password recovery.
图1为本发明实施例提供的双因子认证方法所基于的系统架构图,该系统中包括帐号服务端模块和帐号客户端模块,具体地,参照图1(a),当双因子认证方法应用于本地系统帐号的认证时,帐号服务端模块和帐号客户端模块可以是同一个物理设备内的两个模块;参照图1(b),当双因子认证方法应用于互联网帐号的认证时,帐号服务端模块和帐号客户端模块还可以是 分别设置于通过互联网远程链接的两个物理设备内的两个模块。FIG. 1 is a system architecture diagram of a two-factor authentication method according to an embodiment of the present invention. The system includes an account server module and an account client module. Specifically, referring to FIG. 1( a ), when a two-factor authentication method is applied When the local system account is authenticated, the account server module and the account client module may be two modules in the same physical device; referring to FIG. 1(b), when the two-factor authentication method is applied to the authentication of the Internet account, the account is used. The server module and the account client module can also be Two modules are set in two physical devices that are remotely linked via the Internet.
其中,帐号客户端模块负责生成人机交互界面,以便用户通过人机交互界面进行帐号、密码、图片因子的输入,以及进行认证结果展示,帐号客户端模块通常是一个客户端应用系统中的子模块。帐号服务端模块负责帐号、密码、图片因子的存储、验证,干扰图片的生成,帐号、密码和图片因子的输入正确性认证。其中,正确性认证即核实帐号、密码和图片因子是否输入正确,可以在用户输入的图片因子与存储的图片因子完全一致时,确认图片因子输入正确;也可以在用户输入的图片因子与存储的图片因子的相似度大于预设阈值时,确认图片因子输入正确。例如,当图片因子为签名图片时,帐号服务端模块还可以通过笔迹比对或图片相似度比对,来判断图片因子的输入正确性。The account client module is responsible for generating a human-computer interaction interface, so that the user inputs the account, password, and picture factor through the human-computer interaction interface, and displays the authentication result. The account client module is usually a child in the client application system. Module. The account server module is responsible for the account, password, picture factor storage, verification, interference picture generation, account, password and picture factor input correctness authentication. Among them, the correctness verification verifies whether the account number, password and picture factor are input correctly, and can confirm that the picture factor input is correct when the picture factor input by the user is completely consistent with the stored picture factor; also can input the picture factor and storage in the user When the similarity of the picture factor is greater than the preset threshold, confirm that the picture factor input is correct. For example, when the picture factor is a signature picture, the account server module can also determine the correctness of the input of the picture factor by handwriting comparison or picture similarity comparison.
本发明实施例中,用户设置图片因子时,可以从帐号服务端随机生成的图片列表中选择一张图片作为帐号的图片因子,也可以上传一张图片作为帐号的图片因子,采用上传图片的方式更便于用户记忆。用户上传的图片,可在客户端或服务端按统一规格进行剪裁,避免黑客通过图片尺寸判断出用户自己上传的图片。可提示用户,将自己上传的图片共享,以便能够根据该用户上传的图片为其他账号生成干扰图片信息,在该干扰图片信息中该用户上传的图片可以作为图片因子或干扰图片。可在注册时设置图片因子,也可在注册完成后,在帐号管理中设置、变更、取消图片因子。帐号客户端也可以是采用绘图软件绘制签名图片作为图片因子,此时,帐号服务端可采用比对签名图片笔迹或相似度的方式来判断签名图片的正确性。In the embodiment of the present invention, when the user sets the picture factor, a picture may be selected from the picture list randomly generated by the account server as the picture factor of the account, or an image may be uploaded as the picture factor of the account, and the picture is uploaded. More user-friendly. User-uploaded images can be tailored to the client or server according to uniform specifications to prevent hackers from judging the images uploaded by users themselves. The user may be prompted to share the uploaded image, so as to generate interference image information for other accounts according to the uploaded image of the user, and the uploaded image of the user may be used as a picture factor or an interference picture in the interference picture information. The picture factor can be set at the time of registration, or the picture factor can be set, changed, or cancelled in the account management after the registration is completed. The account client can also use the drawing software to draw the signature picture as the picture factor. At this time, the account server can determine the correctness of the signature picture by comparing the signature picture handwriting or similarity.
图2为本发明实施例一提供的双因子认证方法流程图,该方法基于图1所示的系统架构,当应用于图1(a)所示的系统架构时,该方法的执行主体可以为同时包含账号服务端模块和账号客户端模块的一个物理设备,或者,当应用于图1(b)所示的系统架构时,该方法的执行主体可以为仅包含账号客户端模块的一个物理设备,其具体应用于登录过程中的认证,该方法包括: 2 is a flowchart of a two-factor authentication method according to Embodiment 1 of the present invention. The method is based on the system architecture shown in FIG. 1. When applied to the system architecture shown in FIG. 1(a), the execution body of the method may be A physical device including an account server module and an account client module, or when applied to the system architecture shown in FIG. 1(b), the execution body of the method may be a physical device including only the account client module. Specifically, it is applied to authentication during the login process, and the method includes:
步骤201,获取用户登录时输入的账号。Step 201: Acquire an account entered when the user logs in.
步骤202,查询所述账号是否启用了图片因子认证功能。Step 202: Query whether the account factor authentication function is enabled on the account.
其中,具体可以在本地查询所述账号是否启用了图片因子认证功能,也可以向另一个设备查询所述账号是否启用了图片因子认证功能。Specifically, the image factor authentication function may be locally queried in the account, and the other device may be queried whether the image factor authentication function is enabled.
本发明实施例提供的双因子认证方法中,采用了两种认证因子相结合的方式来进行用户认证,在应用于用户登录过程中的认证时,可以采用密码作为第一认证因子,采用图片作为第二认证因子,为了描述方便,将用户登录过程中的认证称为登录认证,将图片形式的第二认证因子称为图片因子。本发明实施例提供的双因子认证方法可以兼容传统的单因子认证方法,由用户选择是否启用图片因子认证功能,当启用图片因子认证功能时,采用密码+图片的双因子认证方式,当不启用图片因子认证功能时,采用密码的单因子认证方式。本发明实施例中,在用户注册时,可以由用户选择启用或不启用图片因子认证功能。In the two-factor authentication method provided by the embodiment of the present invention, a combination of two authentication factors is used for user authentication, and when applied to authentication in the user login process, a password may be used as the first authentication factor, and the image is used as the first authentication factor. For the convenience of description, the second authentication factor is called login authentication in the user login process, and the second authentication factor in the form of a picture is called a picture factor. The two-factor authentication method provided by the embodiment of the present invention can be compatible with the traditional one-factor authentication method, and the user selects whether to enable the picture factor authentication function. When the picture factor authentication function is enabled, the two-factor authentication mode of the password + picture is adopted, when not enabled. When the picture factor authentication function is used, the one-factor authentication method of the password is adopted. In the embodiment of the present invention, when the user registers, the picture factor authentication function may be enabled or disabled by the user.
当在用户注册时,用户选择了启用图片因子认证功能时,注册流程可以包括:获取用户注册时输入的账号;当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;接收用户注册时输入的密码和图片因子;根据所述账号、所述密码和所述图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。上述干扰图片信息具体可以以列表的形式向用户呈现,供用户从该列表中选择出图片因子。When the user selects the enable picture factor authentication function when the user registers, the registration process may include: obtaining an account input when the user is registered; and when obtaining an instruction to enable the picture factor authentication function for the account, displaying the input picture factor a prompt information; receiving a password and a picture factor input when the user registers; performing user registration according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account. The interference picture information may be specifically presented to the user in the form of a list for the user to select a picture factor from the list.
其中,在用户注册时,接收用户输入的图片因子可以但不限于采用下述两种方式:第一种方式,接收用户输入的密码;随机生成图片列表,显示所述图片列表;接收用户从所述图片列表中选择图片的指令,将用户选择的图片作为图片因子。第二种方式,接收用户输入的密码;接收用户上传图片的指令,将用户上传的图片作为图片因子。所述将用户上传的图片作为图片因子,可以包括:对用户上传的图片按统一规格进行剪裁;将剪裁后的图片作为图片因子。 The user receives the picture factor input by the user, but is not limited to the following two methods: the first way, receiving the password input by the user; randomly generating the picture list, displaying the picture list; receiving the user from the The instruction for selecting a picture in the picture list is used as a picture factor for the picture selected by the user. In the second method, the password input by the user is received; the instruction for uploading the image by the user is received, and the image uploaded by the user is used as the picture factor. The using the image uploaded by the user as a picture factor may include: cutting a picture uploaded by the user according to a unified specification; and using the cut picture as a picture factor.
本发明实施例中,可以将用户注册时设置的图片因子进行存储,以便在对用户进行登录认证时,将用户登录时输入的图片因子与用户注册时设置的图片因子进行比较,两者一致时,确认用户登录时输入的图片因子为正确的图片因子。In the embodiment of the present invention, the picture factor set when the user is registered may be stored, so that when the user performs login authentication, the picture factor input when the user logs in is compared with the picture factor set when the user registers, when the two are consistent. To confirm that the picture factor entered when the user logs in is the correct picture factor.
可选地,在用户注册时,所述方法还可以包括:显示共享用户上传的图片的提示信息;接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。Optionally, when the user registers, the method may further include: displaying prompt information for sharing a picture uploaded by the user; receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to be according to the user The uploaded image generates interference image information for other accounts.
当在用户注册时,用户选择了不启用图片因子认证功能时,注册流程可以包括:获取用户注册时输入的账号;当获取到对所述账号不启用图片因子认证功能的指令时,接收用户输入的密码;根据所述账号和所述密码进行用户注册。When the user selects not to enable the picture factor authentication function when the user registers, the registration process may include: obtaining an account entered when the user registers; receiving an input when receiving an instruction that does not enable the picture factor authentication function for the account. Password; user registration based on the account number and the password.
本发明实施例中,还可以在用户登录后,通过账号管理启用图片因子认证功能或取消图片因子认证功能,以及设置、变更或取消图片因子。In the embodiment of the present invention, after the user logs in, the picture factor authentication function or the picture factor authentication function can be enabled through the account management, and the picture factor can be set, changed, or cancelled.
启用图片因子认证功能的处理流程可以包括:用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;当查询结果为所述账号未启用图片因子认证功能时,根据用户的指令对所述账号启用图片因子认证功能;显示输入图片因子的提示信息;接收用户输入的图片因子;根据所述账号、所述密码和所述图片因子重新进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。The process of enabling the picture factor authentication function may include: after the user logs in, querying whether the account is enabled with the picture factor authentication function according to the user's instruction; when the query result is that the picture factor authentication function is not enabled for the account, according to the user's instruction Enabling a picture factor authentication function for the account; displaying prompt information for inputting a picture factor; receiving a picture factor input by the user; re-registering the user according to the account number, the password, and the picture factor, and generating an inclusion for the account Interference picture information of the picture factor.
取消图片因子认证功能的处理流程可以包括:用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;当查询结果为所述账号启用了图片因子认证功能时,根据用户的指令对所述账号取消图片因子认证功能;根据所述账号和所述密码重新进行用户注册。The process of canceling the picture factor authentication function may include: after the user logs in, querying whether the account is enabled with the picture factor authentication function according to the user's instruction; when the query result is that the picture factor authentication function is enabled for the account, according to the user's instruction Deactivating the picture factor authentication function for the account; re-registering the user according to the account number and the password.
步骤203,当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息。Step 203: When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed.
步骤204,接收用户登录时输入的密码和图片因子。 Step 204: Receive a password and a picture factor input when the user logs in.
本发明实施例中,可以通过用户界面显示干扰图片信息,接收用户从该干扰图片信息中选择的图片因子。In the embodiment of the present invention, the interference picture information may be displayed through the user interface, and the picture factor selected by the user from the interference picture information is received.
可选地,所述方法还包括:判断干扰图片信息是否发生更新;当判断结果为干扰图片信息发生更新时,向用户显示更新后的干扰图片信息;所述接收用户输入的密码和图片因子,包括:接收用户输入的密码和用户从所述更新后的干扰图片信息中选择的图片因子。Optionally, the method further includes: determining whether the interference picture information is updated; and when the judgment result is that the interference picture information is updated, displaying the updated interference picture information to the user; and receiving the password and picture factor input by the user, The method includes: receiving a password input by the user and a picture factor selected by the user from the updated interference picture information.
步骤205,根据所述账号、所述密码和所述图片因子进行用户登录认证。Step 205: Perform user login authentication according to the account number, the password, and the picture factor.
具体地,当所述账号、所述密码和所述图片因子都正确时,确认认证成功,显示认证成功的登陆认证结果;当所述账号、所述密码和所述图片因子中至少一个不正确时,确认认证失败,显示认证失败的登陆认证结果。Specifically, when the account number, the password, and the picture factor are all correct, confirming that the authentication is successful, displaying a successful login authentication result; when at least one of the account number, the password, and the picture factor is incorrect When the authentication fails, the login authentication result of the authentication failure is displayed.
可选地,当连续认证失败的次数超过预设次数时,锁定所述账号。Optionally, when the number of consecutive authentication failures exceeds a preset number of times, the account is locked.
其中,可以配置锁定账号的时间,还可根据与该帐号绑定的手机号码,向用户发送短信告警通知,或根据与该帐号绑定的邮箱地址,向用户发送邮件告警通知。The time for locking the account can be configured, and the short message alarm notification can be sent to the user according to the mobile phone number bound to the account, or the email alert notification can be sent to the user according to the email address bound to the account.
本发明实施例中,当用户注册时设置的图片因子为用户绘制的签名图片时,相应地,接收用户登录时输入的密码和用户绘制的图片因子,所述根据所述账号、所述密码和所述图片因子进行用户登录认证,可以包括:通过核实所述账号、所述密码是否正确,以及,通过比对所述图片因子与所述签名图片的相似度,进行用户登录认证。例如,当账号、密码均正确,以及,图片因子与签名图片的相似度大于预设阈值时,确认认证成功。In the embodiment of the present invention, when the picture factor set when the user registers is the signature picture drawn by the user, correspondingly, the password input by the user when logging in and the picture factor drawn by the user are received, according to the account number, the password, and The performing the user login authentication may include: verifying the account, whether the password is correct, and performing user login authentication by comparing the similarity between the picture factor and the signature picture. For example, when the account number and the password are correct, and the similarity between the picture factor and the signature picture is greater than a preset threshold, the authentication is confirmed to be successful.
当步骤202的查询结果为所述账号未启用图片因子认证功能时,对所述账号采用单因子认证方法进行用户登录认证,具体地,接收用户输入的密码;根据所述账号和所述密码进行用户登录认证。When the result of the query in step 202 is that the account factor authentication function is not enabled on the account, the account is authenticated by the single factor authentication method, and specifically, the password input by the user is received; and the account and the password are used according to the account and the password. User login authentication.
通过上述方式可以实现双因子认证方法与单因子认证方法的兼容。Through the above manner, the compatibility between the two-factor authentication method and the single-factor authentication method can be realized.
本发明实施例的双因子认证方法还可以应用于用户找回密码的认证流程,具体的处理流程可以包括:获取用户找回密码时输入的账号;查询所述 账号是否启用了图片因子认证功能;当查询结果为所述账号启用了图片因子认证功能时,向用户显示输入图片因子的提示信息;接收用户输入的验证码和图片因子;根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。The two-factor authentication method of the embodiment of the present invention can also be applied to the authentication process of the user to retrieve the password. The specific processing procedure may include: obtaining an account input when the user retrieves the password; Whether the account factor authentication function is enabled for the account; when the query result is that the image factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed to the user; the verification code and the picture factor input by the user are received; according to the account number and the The verification code and the picture factor are used to perform user recovery password authentication.
可选地,当连续认证失败的次数超过预设次数时,锁定所述账号。Optionally, when the number of consecutive authentication failures exceeds a preset number of times, the account is locked.
本发明实施例提供了一种双因子认证方法,先获取用户登录时输入的账号,然后查询该账号是否启用了图片因子认证功能,当查询结果为该账号启用了图片因子认证功能时,向用户显示输入图片因子的提示信息,接收用户输入的密码和图片因子,根据账号、密码和图片因子进行用户登录认证。由上可见,本发明实施例提供的双因子认证方法中,将密码作为第一认证因子,将图片作为第二认证因子,由于图片具有用户容易记住的特点,并且可以在账号服务端中进行存储无需用户携带,因此认证过程简单,用户操作方便。The embodiment of the invention provides a two-factor authentication method, first obtaining an account input when a user logs in, and then querying whether the account factor authentication function is enabled for the account, and when the query result is that the image factor authentication function is enabled for the account, the user is Display the prompt information of the input picture factor, receive the password and picture factor input by the user, and perform user login authentication according to the account number, password and picture factor. It can be seen that, in the two-factor authentication method provided by the embodiment of the present invention, the password is used as the first authentication factor, and the picture is used as the second authentication factor, because the picture has the characteristics that the user can easily remember, and can be performed in the account server. The storage does not need to be carried by the user, so the authentication process is simple and the user operates conveniently.
图3为本发明实施例二提供的双因子认证方法中的注册方法信号流图,该注册方法中包括要求用户设置图片因子的消息交互流程,该方法包括:3 is a signal flow diagram of a registration method in a two-factor authentication method according to Embodiment 2 of the present invention. The registration method includes a message interaction process that requires a user to set a picture factor, and the method includes:
步骤301,账号客户端获取用户的注册请求。In step 301, the account client obtains a registration request of the user.
步骤302,账号客户端通过用户界面显示要求用户输入账号、密码、选择一张图片或新上传一张图片的提示信息。Step 302: The account client displays a prompt message requesting the user to input an account, a password, selecting a picture, or newly uploading a picture through the user interface.
步骤303,账号客户端向账号服务端提交注册请求,注册请求中携带账号、密码、选择的图片信息或用户自己上传的图片。Step 303: The account client submits a registration request to the account server, where the registration request carries an account, a password, a selected picture information, or a picture uploaded by the user.
步骤304,账号服务端对账号进行注册,保存输入的图片信息,并为该账号生成一个带多张其他图片的干扰图片列表。Step 304: The account server registers the account, saves the input picture information, and generates a list of interference pictures with multiple other pictures for the account.
步骤305,账号服务端向账号客户端返回注册结果。In step 305, the account server returns the registration result to the account client.
其中,注册时,也可以不启用图片因子认证功能,不要求选择或加载图片,只完成帐号和密码的注册;图片因子后续由用户选择设置,没设置时,帐号只做密码单因子认证。In addition, when registering, the picture factor authentication function may not be enabled, and the image or password registration is not required to be selected or loaded. The image factor is subsequently selected by the user. When not set, the account only performs password single factor authentication.
用户选择注册时启用图片双因子认证,则用户从系统提供的N张图片中 选择一张图片作为图片因子,或自己上传一张图片(可以是设备本地图片或相机拍照图片或软件绘制图片)作为图片因子。也可以要求用户通过绘图软件绘制签名图片。When the user selects to enable the image two-factor authentication when registering, the user is from the N pictures provided by the system. Select a picture as the picture factor, or upload a picture yourself (either a device local picture or a camera photo or software to draw a picture) as a picture factor. You can also ask the user to draw a signature image through the drawing software.
用户上传的图片,可在账号客户端或账号服务端按统一规格进行剪裁或缩放,避免黑客通过图片尺寸判断出用户自己上传的图片;并可提示用户,将自己上传的图片共享作为其他用户选择的图片因子。The uploaded image of the user can be tailored or scaled according to the unified specifications on the account client or the account server, so as to prevent the hacker from judging the image uploaded by the user through the image size; and prompting the user to share the uploaded image as another user selection. Picture factor.
如果采用的是签名图片方式,则帐号服务端可只保存签名图片,不用生成一个带多张其他图片的干扰图片列表。If the signature picture mode is adopted, the account server can only save the signature picture without generating a list of interference pictures with multiple other pictures.
图4为本发明实施例三提供的双因子认证方法中的登录方法信号流图,该登录方法中包括要求用户选择图片因子的消息交互流程,该方法包括:4 is a signal flow diagram of a login method in a two-factor authentication method according to Embodiment 3 of the present invention. The login method includes a message interaction process that requires a user to select a picture factor, and the method includes:
步骤401,账号客户端获取针对账号的登录请求。In step 401, the account client obtains a login request for the account.
步骤402,账号客户端向账号服务端发送查询信息,该查询信息中携带账号。Step 402: The account client sends the query information to the account server, where the query information carries the account.
步骤403,账号服务端查询账号是否启用了图片因子认证功能,并生成查询结果。Step 403: The account server queries whether the account factor authentication function is enabled in the account, and generates a query result.
其中,在步骤402中,账号客户端发送的查询信息中还可携带本地缓存的之前已获取的干扰图片列表;在步骤403中,账号服务端还需查询当前的干扰图片列表与接收到的干扰图片列表是否一致。若一致,则在查询结果中携带干扰图片列表无更新的标识信息;若不一致,则在查询结果中携带当前的干扰图片列表。In step 402, the query information sent by the account client may also carry the previously cached interference picture list that is locally cached. In step 403, the account server needs to query the current interference picture list and the received interference. Whether the picture list is consistent. If they are consistent, the query result carries the identifier information of the interference picture list without updating; if not, the current interference picture list is carried in the query result.
上述干扰图片列表中包含用户设置的图片因子,干扰图片列表具体可以是图片标识或数字摘要或完整图片信息等。The interference picture list includes a picture factor set by the user, and the interference picture list may specifically be a picture identifier or a digital abstract or a complete picture information.
本发明实施例中,账号服务端通过检查帐号的干扰图片列表与请求接口上报的是否一致,如果一致,则返回干扰图片列表无更新,否则返回新的干扰图片列表,可以实现在干扰图片列表无更新时,账号服务端不必向账号客户端发送干扰图片列表,从而有效节约了系统传输带宽。 In the embodiment of the present invention, the account server checks whether the interference picture list of the account is consistent with the requesting interface. If they are consistent, the returned interference picture list is not updated. Otherwise, the new interference picture list is returned, and the interference picture list can be implemented. When updating, the account server does not need to send an interference picture list to the account client, thereby effectively saving the system transmission bandwidth.
步骤404,账号服务端将步骤403的查询结果返回给账号客户端。In step 404, the account server returns the query result of step 403 to the account client.
步骤405,账号客户端接收用户输入的密码。In step 405, the account client receives the password input by the user.
步骤406,账号客户端显示干扰图片列表,要求用户选择自己设置的图片。In step 406, the account client displays a list of interference pictures, and asks the user to select a picture set by himself.
步骤407,账号客户端向账号服务端发送登录认证请求,登录认证请求中携带账号、密码和选择的图片信息。Step 407: The account client sends a login authentication request to the account server, where the login authentication request carries the account, the password, and the selected picture information.
步骤408,账号服务端认证账号、密码和选择的图片信息的正确性,三者都正确,确认登录认证结果为认证成功,否则,确认登录认证结果为认证失败。Step 408: The correctness of the account server authentication account, the password, and the selected picture information is correct. The login authentication result is confirmed as successful. Otherwise, the login authentication result is confirmed as the authentication failure.
通过选择图片因子的方式,帐号服务端认证图片因子时,比对输入图片信息的标识(ID)或数字摘要或完整图片信息,判断图片因子是否选择输入正确。By selecting the picture factor, when the account server authenticates the picture factor, it compares the identifier (ID) or the digital digest or the complete picture information of the input picture information to determine whether the picture factor is selected and input correctly.
本发明实施例中,还可做密码和图片防暴力破解防护,即连续错误N次后,锁定账号,锁定时间可配置。In the embodiment of the present invention, password and picture anti-brute defense protection can also be performed, that is, after consecutive errors N times, the account is locked, and the lock time can be configured.
步骤409,账号服务端向账号客户端返回登录认证结果。In step 409, the account server returns the login authentication result to the account client.
步骤410,账号客户端显示登录认证结果。In step 410, the account client displays the login authentication result.
上述过程中主要描述了采用选择图片因子的方式,如果采用签名图片的方式,则具体的流程有所不同:账号客户端向账号服务端发送查询信息后,账号服务端只向账号客户端返回图片因子认证功能是否开启的查询结果;帐号客户端要求用户重新用绘图软件绘制签名图片;帐号服务端通过对比签名图片与用户注册时存储的图片因子的相似度来判断图片因子是否输入正确。In the above process, the method of selecting a picture factor is mainly described. If the method of signing pictures is adopted, the specific process is different: after the account client sends the query information to the account server, the account server only returns the picture to the account client. Whether the factor authentication function is enabled or not; the account client requires the user to re-use the drawing software to draw the signature picture; the account server determines whether the picture factor is input correctly by comparing the similarity between the signature picture and the picture factor stored in the user registration.
图5为本发明实施例四提供的双因子认证方法中图片因子的设置方法信号流图,该设置方法中包括未设置图片因子的账号登录后,设置图片因子的消息交互流程,该方法包括:FIG. 5 is a signal flow diagram of a method for setting a picture factor in a two-factor authentication method according to Embodiment 4 of the present invention. The setting method includes a message interaction process for setting a picture factor after an account with no picture factor is set, and the method includes:
步骤501,账号客户端获取用户的账号管理请求。In step 501, the account client obtains the account management request of the user.
具体地,用户登录后,进入账号管理界面。Specifically, after the user logs in, the account management interface is entered.
步骤502,账号客户端根据所述账号管理请求向账号服务端发送查询请 求。Step 502: The account client sends an inquiry to the account server according to the account management request. begging.
步骤503,账号服务端根据查询请求查询账号是否启用了图片因子认证功能,并得到查询结果为账号未启用图片因子认证功能。Step 503: The account server queries whether the account factor authentication function is enabled according to the query request, and obtains the query result that the account factor authentication function is not enabled for the account.
步骤504,账号服务端返回查询结果给账号客户端。In step 504, the account server returns the query result to the account client.
步骤505,账号客户端根据用户的指令对该账号启用图片因子认证功能。Step 505: The account client enables the picture factor authentication function according to the user's instruction.
步骤506,账号客户端向账号服务端请求获取干扰图片列表。Step 506: The account client requests the account server to obtain the interference picture list.
步骤507,账号服务端向账号客户端返回干扰图片列表。In step 507, the account server returns an interference picture list to the account client.
账号服务端可以随机生成干扰图片列表,然后向账号客户端返回干扰图片列表。The account server can randomly generate an interference picture list and then return an interference picture list to the account client.
步骤508,账号客户端显示干扰图片列表,提示用户可选择一张图片或自己上传一张图片,提交设置图片因子。Step 508: The account client displays an interference picture list, prompting the user to select a picture or upload a picture by itself, and submit a set picture factor.
在接收用户设置的图片因子时,还可要求用户输入密码,以增强安全性。When receiving the picture factor set by the user, the user may also be required to enter a password to enhance security.
步骤509,账号客户端向账号服务端发送设置图片因子的请求。In step 509, the account client sends a request for setting a picture factor to the account server.
该请求中可携带账号、选择的图片或新上传的图片;也可携带密码,以增强安全。The request can carry an account, selected pictures or newly uploaded pictures; it can also carry a password to enhance security.
步骤510,账号服务端为账号设置图片因子,并为该账号生成一个带多张其他图片的干扰图片列表。In step 510, the account server sets a picture factor for the account, and generates a list of interference pictures with multiple other pictures for the account.
该步骤中还可验证密码,以增强安全。Passwords can also be verified in this step to enhance security.
步骤511,账号服务端向账号客户端返回图片因子设置成功的结果。In step 511, the account server returns a result of successfully setting the picture factor to the account client.
步骤512,账号客户端对图片因子设置成功的结果进行显示。In step 512, the account client displays the result of the successful setting of the picture factor.
上述图片因子的设置方法中,仅以用户在干扰图片列表中选择图片因子为例,也可采用签名图片方式设置图片因子。In the above method for setting the picture factor, only the picture factor is selected by the user in the interference picture list, and the picture factor can also be set by using the signature picture mode.
图6为本发明实施例五提供的双因子认证方法中图片因子的取消方法信号流图,该取消方法中包括已设置图片因子的账号登录后,取消图片因子的消息交互流程,该方法包括:FIG. 6 is a signal flow diagram of a method for canceling a picture factor in a two-factor authentication method according to Embodiment 5 of the present invention. The method includes the message exchange process of canceling the picture factor after the account with the picture factor is set to be registered, and the method includes:
步骤601,账号客户端获取用户的账号管理请求。 In step 601, the account client obtains the account management request of the user.
具体地,用户登录后,进入账号管理界面。Specifically, after the user logs in, the account management interface is entered.
步骤602,账号客户端根据账号管理请求向账号服务端发送查询请求。Step 602: The account client sends a query request to the account server according to the account management request.
步骤603,账号服务端根据查询请求查询账号是否启用了图片因子认证功能,并得到查询结果为账号已启用图片因子认证功能。Step 603: The account server queries whether the account factor authentication function is enabled according to the query request, and obtains the query result that the account factor authentication function is enabled for the account.
步骤604,账号服务端将查询结果发送给账号客户端。In step 604, the account server sends the query result to the account client.
步骤605,账号客户端根据用户的指令对该账号取消图片因子认证功能。Step 605: The account client cancels the picture factor authentication function for the account according to the user's instruction.
还可要求用户输入密码,以增强安全性。Users can also be required to enter a password to enhance security.
步骤606,账号客户端向账号服务端发送取消图片因子的请求。Step 606: The account client sends a request for canceling the picture factor to the account server.
该请求中可携带账号;也可携带密码,以增强安全。The request can carry an account; it can also carry a password to enhance security.
步骤607,账号服务端为账号取消图片因子。In step 607, the account server cancels the picture factor for the account.
该步骤中还可验证密码,以增强安全。Passwords can also be verified in this step to enhance security.
步骤608,账号服务端向账号客户端返回图片因子取消成功的结果。In step 608, the account server returns a result of the successful cancellation of the picture factor to the account client.
步骤609,账号客户端对图片因子取消成功的结果进行显示。In step 609, the account client displays the result of the successful cancellation of the picture factor.
图7为本发明实施例六提供的双因子认证方法流程图,该方法基于图1所示的系统架构,其具体应用于找回密码过程中的认证,该方法包括:FIG. 7 is a flowchart of a two-factor authentication method according to Embodiment 6 of the present invention. The method is based on the system architecture shown in FIG. 1 and is specifically applied to the authentication in the process of retrieving a password. The method includes:
步骤701,获取用户找回密码时输入的账号。Step 701: Acquire an account entered when the user retrieves the password.
本发明实施例采用的双因子认证方法,需要预先设置图片因子,因此在步骤701之前,先要进行用户注册,在注册过程中设置图片因子,具体地,获取用户注册时输入的账号;当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;接收用户注册时输入的密码和图片因子;根据所述账号、所述密码和所述图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。The two-factor authentication method used in the embodiment of the present invention needs to set a picture factor in advance. Therefore, before step 701, user registration is first performed, and a picture factor is set in the registration process, specifically, an account input when the user is registered; When the instruction for enabling the picture factor authentication function is enabled on the account, displaying prompt information of the input picture factor; receiving a password and a picture factor input when the user registers; performing user registration according to the account number, the password, and the picture factor, And generating interference picture information including the picture factor for the account.
其中,接收用户注册时输入的密码和图片因子,具体可以包括:接收用户注册时输入的密码;接收用户上传图片的指令;将用户上传的图片作为图片因子。可选地,对用户上传的图片按统一规格进行剪裁;将剪裁后的图片作为图片因子。 The password and the picture factor that are input when the user is registered may include: receiving a password input by the user when registering; receiving an instruction for uploading a picture by the user; and using the picture uploaded by the user as a picture factor. Optionally, the user-uploaded image is clipped according to a uniform specification; the clipped image is used as a picture factor.
可选地,在用户注册过程中,还可以包含下述处理过程:显示共享用户上传的图片的提示信息;接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。Optionally, during the user registration process, the following process may be further included: displaying prompt information for sharing a picture uploaded by the user; receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to The picture uploaded by the user generates interference picture information for other accounts.
可选地,在用户注册过程中,所述用户上传的图片为用户绘制的签名图片;相应地,在用户找回密码的认证过程中,接收用户找回密码时输入的验证码和用户绘制的图片因子;通过核实所述账号、所述验证码的是否正确,以及,通过比对所述图片因子与所述签名图片的相似度,进行用户找回密码认证。Optionally, in the user registration process, the uploaded picture of the user is a signature picture drawn by the user; correspondingly, in the authentication process of the user retrieving the password, the verification code input by the user when the password is retrieved and the user-drawn a picture factor; performing user recovery password authentication by verifying whether the account number, the verification code is correct, and by comparing the similarity between the picture factor and the signature picture.
步骤702,查询所述账号是否启用了图片因子认证功能。Step 702: Query whether the picture factor authentication function is enabled in the account.
步骤703,当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息。Step 703: When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed.
步骤704,接收用户找回密码时输入的验证码和图片因子。Step 704: Receive a verification code and a picture factor input when the user retrieves the password.
本发明实施例中,在步骤704之前,可以先判断干扰图片信息是否发生更新;当判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;接收用户找回密码时输入的验证码和用户找回密码时从所述更新后的干扰图片信息中选择的图片因子。In the embodiment of the present invention, before step 704, it may first determine whether the interference picture information is updated; when the judgment result is that the interference picture information is updated, the updated interference picture information is displayed; and the verification code input when the user retrieves the password is received. And a picture factor selected from the updated interference picture information when the user retrieves the password.
接收用户输入的图片因子的方式可以有多种,具体参考前面登录过程中的双因子认证方法实施例。There are various ways to receive the picture factor input by the user, and specifically refer to the two-factor authentication method embodiment in the previous login process.
步骤705,根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。Step 705: Perform user recovery password authentication according to the account number, the verification code, and the picture factor.
图8为本发明实施例七提供的双因子认证方法中找回密码的认证方法信号流图,该认证方法中包括已设置图片因子,找回密码时,要求用户选择图片因子的消息交互流程,该方法包括:8 is a signal flow diagram of an authentication method for retrieving a password in a two-factor authentication method according to Embodiment 7 of the present invention. The authentication method includes a picture factor that is set, and a message interaction process that requires a user to select a picture factor when the password is retrieved. The method includes:
步骤801,账号客户端接收用户的找回密码请求和用户输入的账号。In step 801, the account client receives the user's password recovery request and the account entered by the user.
步骤802,账号客户端向账号服务端发送查询信息,该查询信息中携带账号。 Step 802: The account client sends the query information to the account server, where the query information carries the account.
步骤803,账号服务端查询账号是否启用了图片因子认证功能,并生成查询结果。In step 803, the account server queries whether the account factor authentication function is enabled in the account, and generates a query result.
步骤804,账号服务端将步骤703的查询结果返回给账号客户端。In step 804, the account server returns the query result of step 703 to the account client.
步骤805,账号客户端接收用户请求获取验证码的指令。Step 805: The account client receives an instruction that the user requests to obtain the verification code.
步骤806,账号客户端向账号服务端发送获取验证码的请求。Step 806: The account client sends a request for obtaining a verification code to the account server.
步骤807,账号服务端根据与账号绑定的邮箱地址或手机号码向用户设备发送验证码。Step 807: The account server sends a verification code to the user equipment according to the email address or mobile phone number bound to the account.
步骤808,账号服务端向账号客户端返回验证码发送成功的结果。Step 808: The account server returns a result of successfully sending the verification code to the account client.
步骤809,账号客户端要求用户输入验证码和新密码,并显示干扰图片列表,要求用户选择自己设置的图片。In step 809, the account client asks the user to input a verification code and a new password, and displays a list of interference pictures, and asks the user to select a picture set by himself.
步骤810,账号客户端向账号服务端发送重置账号密码请求,重置账号密码请求中携带账号、新密码、验证码和选择的图片信息。Step 810: The account client sends a reset account password request to the account server, and the reset account password request carries the account, the new password, the verification code, and the selected picture information.
步骤811,账号服务端认证账号、验证码和选择的图片信息的正确性,三者都正确,确认认证结果为认证成功,重置密码,否则,确认认证结果为认证失败。In step 811, the correctness of the account server authentication account, the verification code, and the selected picture information is correct. The authentication result is that the authentication is successful, and the password is reset. Otherwise, the authentication result is confirmed as the authentication failure.
本发明实施例中,还可做密码、验证码和图片因子防暴力破解防护,即连续错误N次后,锁定账号,锁定时间可配置。In the embodiment of the present invention, the password, the verification code, and the picture factor can also be used to prevent brute force cracking, that is, after consecutive errors N times, the account is locked, and the lock time can be configured.
步骤812,账号服务端向账号客户端返回认证结果。In step 812, the account server returns the authentication result to the account client.
步骤813,账号客户端显示认证结果。In step 813, the account client displays the authentication result.
通过根据与帐号绑定的邮箱地址或手机号码获取验证码,录入验证码,以及帐号服务端验证验证码,是常用的互联网单因子帐号系统的找回密码流程。本发明实施例中,还可以采用录入密码提示问题等其他替代方式。By obtaining the verification code according to the email address or mobile phone number bound to the account, entering the verification code, and verifying the verification code of the account server, it is a common password recovery process for the Internet single factor account system. In the embodiment of the present invention, other alternative methods such as entering a password prompt question may also be adopted.
本发明实施例中,还可以采用签名图片的方式,来替代选择图片因子的方式。此时,查询图片因子信息只返回图片因子认证功能是否开启;帐号客户端要求用户重新用绘图软件绘制签名图片;帐号服务端对比签名图片与用户注册时存储的图片因子的相似度来判断图片因子是否输入正确。 In the embodiment of the present invention, a method of signing a picture may be adopted instead of selecting a picture factor. At this time, the query picture factor information only returns whether the picture factor authentication function is enabled; the account client requires the user to re-use the drawing software to draw the signature picture; the account server compares the signature picture with the picture factor stored in the user registration to determine the picture factor. Is it entered correctly?
图9为本发明实施例八提供的双因子认证装置结构图,该装置用于执行本发明实施例提供的双因子认证方法,该方法应用于登录过程中的认证,该装置包括:FIG. 9 is a structural diagram of a two-factor authentication apparatus according to Embodiment 8 of the present invention. The apparatus is used to perform the two-factor authentication method provided by the embodiment of the present invention. The method is applied to authentication in a login process, and the apparatus includes:
获取单元901,用于获取用户登录时输入的账号;The obtaining unit 901 is configured to acquire an account that is input when the user logs in;
查询单元902,用于查询所述获取单元901获取的账号是否启用了图片因子认证功能;The query unit 902 is configured to query whether the account factor acquired by the obtaining unit 901 is enabled with the picture factor authentication function;
显示单元903,用于当所述查询单元902的查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;The display unit 903 is configured to display prompt information of the input picture factor when the query result of the query unit 902 is that the picture factor authentication function is enabled on the account;
接收单元904,用于接收用户登录时输入的密码和图片因子;The receiving unit 904 is configured to receive a password and a picture factor that are input when the user logs in;
认证单元905,用于根据所述获取单元901获取的账号、所述接收单元904接收的密码和图片因子进行用户登录认证。The authentication unit 905 is configured to perform user login authentication according to the account acquired by the acquiring unit 901, the password received by the receiving unit 904, and a picture factor.
可选地,所述装置还包括:Optionally, the device further includes:
判断单元906,用于在所述接收单元904接收用户登录时输入的密码和图片因子之前,判断干扰图片信息是否发生更新;The determining unit 906 is configured to determine whether the interference picture information is updated before the receiving unit 904 receives the password and the picture factor input when the user logs in;
所述显示单元903,还用于当所述判断单元906的判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;The display unit 903 is further configured to: when the determination result of the determining unit 906 is that the interference picture information is updated, display the updated interference picture information;
所述接收单元904,具体用于接收用户登录时输入的密码和用户登录时从所述更新后的干扰图片信息中选择的图片因子。The receiving unit 904 is specifically configured to receive a password input when the user logs in and a picture factor selected from the updated interference picture information when the user logs in.
可选地,所述获取单元901,还用于在获取用户登录时输入的账号之前,获取用户注册时输入的账号;Optionally, the obtaining unit 901 is further configured to: obtain an account that is input when the user registers, before acquiring an account that is input when the user logs in;
所述显示单元903,还用于当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;The display unit 903 is further configured to: when the instruction for enabling the picture factor authentication function on the account is acquired, displaying prompt information of the input picture factor;
所述接收单元904,还用于接收用户注册时输入的密码和图片因子;The receiving unit 904 is further configured to receive a password and a picture factor input when the user registers;
所述装置还包括:The device also includes:
注册单元907,用于根据所述获取单元901获取的账号、所述接收单元904接收的密码和图片因子进行用户注册,并为所述账号生成包含所述图片因 子的干扰图片信息。The registration unit 907 is configured to perform user registration according to the account acquired by the obtaining unit 901, the password and the picture factor received by the receiving unit 904, and generate the picture due to the account Sub-interference picture information.
可选地,所述接收单元904包括:Optionally, the receiving unit 904 includes:
接收子单元,用于接收用户注册时输入的密码;a receiving subunit, configured to receive a password input when the user registers;
显示子单元,用于随机生成图片列表,显示所述图片列表;a display subunit, configured to randomly generate a picture list, and display the picture list;
所述接收子单元,还用于接收用户注册时从所述图片列表中选择图片的指令;The receiving subunit is further configured to receive an instruction for selecting a picture from the picture list when the user registers;
图片因子确认子单元,用于将所述接收子单元接收的用户选择的图片作为图片因子。A picture factor confirmation subunit is configured to use a picture selected by the user by the receiving subunit as a picture factor.
可选地,所述接收单元904包括:Optionally, the receiving unit 904 includes:
接收子单元,用于接收用户注册时输入的密码;a receiving subunit, configured to receive a password input when the user registers;
所述接收子单元,还用于接收用户上传图片的指令;The receiving subunit is further configured to receive an instruction that a user uploads a picture;
图片因子确认子单元,用于将所述接收子单元接收的用户上传的图片作为图片因子。The picture factor confirmation subunit is configured to use the user uploaded picture received by the receiving subunit as a picture factor.
可选地,所述图片因子确认子单元,具体用于对用户上传的图片按统一规格进行剪裁;将剪裁后的图片作为图片因子。Optionally, the picture factor confirmation subunit is specifically configured to cut a picture uploaded by the user according to a unified specification; and the cut picture is used as a picture factor.
可选地,所述显示单元903,还用于显示共享用户上传的图片的提示信息;Optionally, the display unit 903 is further configured to display prompt information for sharing a picture uploaded by the user;
所述接收单元904,还用于接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。The receiving unit 904 is further configured to receive an instruction of the user, and share the uploaded image of the user according to the instruction, so that the interference picture information can be generated for the other account according to the picture uploaded by the user.
可选地,所述接收子单元接收的用户上传的图片为用户绘制的签名图片;Optionally, the user-uploaded picture received by the receiving sub-unit is a signature picture drawn by the user;
所述接收单元904,具体用于接收用户登录时输入的密码和用户绘制的图片因子;The receiving unit 904 is specifically configured to receive a password input by the user when logging in and a picture factor drawn by the user;
所述认证单元905,具体用于通过核实所述获取单元901获取的账号、所述接收单元904接收的密码是否正确性,以及通过比对所述接收单元904接收的图片因子与所述接收子单元接收的签名图片的相似度,进行用户登录认证。 The authentication unit 905 is specifically configured to verify whether the account number acquired by the acquiring unit 901, the password received by the receiving unit 904 is correct, and the picture factor received by the receiving unit 904 and the receiver. The similarity of the signature pictures received by the unit, and the user login authentication is performed.
可选地,所述接收单元904,还用于在所述获取单元901获取用户登录时输入的账号,所述查询单元902查询所述账号是否启用了图片因子认证功能之后,当所述查询单元902的查询结果为所述账号未启用图片因子认证功能时,接收用户输入的密码;Optionally, the receiving unit 904 is further configured to: when the acquiring unit 901 acquires an account that is input when the user logs in, the query unit 902 queries whether the account is enabled with the picture factor authentication function, and when the query unit The query result of 902 is that when the account factor authentication function is not enabled for the account, the password input by the user is received;
所述认证单元905,还用于根据所述获取单元901获取的账号和所述接收单元904接收的密码进行用户登录认证。The authentication unit 905 is further configured to perform user login authentication according to the account acquired by the acquiring unit 901 and the password received by the receiving unit 904.
可选地,所述查询单元902,还用于用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;Optionally, the querying unit 902 is further configured to: after the user logs in, query whether the account factor is enabled by the account according to an instruction of the user;
所述装置还包括:The device also includes:
启用单元908,用于当所述查询单元902的查询结果为所述账号未启用图片因子认证功能时,根据用户的指令对所述账号启用图片因子认证功能;The enabling unit 908 is configured to enable the picture factor authentication function on the account according to an instruction of the user when the query result of the query unit 902 is that the account factor is not enabled by the account;
所述显示单元903,还用于显示输入图片因子的提示信息;The display unit 903 is further configured to display prompt information of the input picture factor;
所述接收单元904,还用于接收用户输入的图片因子;The receiving unit 904 is further configured to receive a picture factor input by the user;
所述注册单元907,还用于根据所述账号、所述密码和所述图片因子重新进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。The registration unit 907 is further configured to re-register the user according to the account, the password, and the picture factor, and generate interference picture information including the picture factor for the account.
可选地,所述查询单元902,还用于用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;Optionally, the querying unit 902 is further configured to: after the user logs in, query whether the account factor is enabled by the account according to an instruction of the user;
所述装置还包括:The device also includes:
取消单元909,用于当所述查询单元902的查询结果为所述账号启用了图片因子认证功能时,根据用户的指令对所述账号取消图片因子认证功能;The canceling unit 909 is configured to cancel the picture factor authentication function on the account according to the instruction of the user when the query result of the query unit 902 is that the picture factor authentication function is enabled on the account;
所述注册单元907,还用于根据所述账号和所述密码重新进行用户注册。The registration unit 907 is further configured to perform user registration again according to the account number and the password.
可选地,所述获取单元901,还用于获取用户找回密码时输入的账号;Optionally, the obtaining unit 901 is further configured to acquire an account that is input when the user retrieves the password;
所述查询单元902,还用于查询所述获取单元901获取的账号是否启用了图片因子认证功能;The query unit 902 is further configured to query whether the account factor acquired by the obtaining unit 901 is enabled with the picture factor authentication function;
所述显示单元903,还用于当所述查询单元902的查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息; The display unit 903 is further configured to: when the query result of the query unit 902 is that the image factor authentication function is enabled for the account, display prompt information of the input picture factor;
所述接收单元904,还用于接收用户输入的验证码和图片因子;The receiving unit 904 is further configured to receive a verification code and a picture factor input by the user;
所述认证单元905,还用于根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。The authentication unit 905 is further configured to perform user recovery password authentication according to the account number, the verification code, and the picture factor.
可选地,所述认证单元905具体用于:Optionally, the authentication unit 905 is specifically configured to:
当所述账号、所述密码和所述图片因子都正确时,确认认证成功,显示认证成功的登陆认证结果;When the account number, the password, and the picture factor are all correct, confirm that the authentication is successful, and display the login authentication result that the authentication is successful;
当所述账号、所述密码和所述图片因子中至少一个不正确时,确认认证失败,显示认证失败的登陆认证结果。When at least one of the account number, the password, and the picture factor is incorrect, the authentication failure is confirmed, and the login authentication result of the authentication failure is displayed.
可选地,所述装置还包括:Optionally, the device further includes:
锁定单元910,用于当所述认证单元905连续认证失败的次数超过预设次数时,锁定所述账号。The locking unit 910 is configured to lock the account when the number of consecutive authentication failures of the authentication unit 905 exceeds a preset number of times.
图10为本发明实施例九提供的双因子认证装置结构图,该装置用于执行本发明实施例提供的双因子认证方法,该方法应用于找回密码过程中的认证,该装置包括:10 is a structural diagram of a two-factor authentication apparatus according to Embodiment 9 of the present invention. The apparatus is used to perform the two-factor authentication method provided by the embodiment of the present invention. The method is applied to the authentication in the process of retrieving a password, and the apparatus includes:
获取单元1001,用于获取用户找回密码时输入的账号;The obtaining unit 1001 is configured to obtain an account that is input when the user retrieves the password;
查询单元1002,用于查询所述获取单元1001获取的账号是否启用了图片因子认证功能;The query unit 1002 is configured to query whether the account obtained by the obtaining unit 1001 enables the picture factor authentication function;
显示单元1003,用于当所述查询单元1002的查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;The display unit 1003 is configured to display prompt information of the input picture factor when the query result of the query unit 1002 is that the picture factor authentication function is enabled for the account;
接收单元1004,用于接收用户找回密码时输入的验证码和图片因子;The receiving unit 1004 is configured to receive a verification code and a picture factor that are input when the user retrieves the password;
认证单元1005,用于根据所述获取单元1001获取的账号、所述接收单元1004接收的验证码和图片因子进行用户找回密码认证。The authentication unit 1005 is configured to perform user recovery password authentication according to the account acquired by the acquiring unit 1001, the verification code received by the receiving unit 1004, and the picture factor.
可选地,所述装置还包括:Optionally, the device further includes:
判断单元1006,用于在所述接收单元1004接收用户找回密码时输入的验证码和图片因子之前,判断干扰图片信息是否发生更新;The determining unit 1006 is configured to determine whether the interference picture information is updated before the receiving unit 1004 receives the verification code and the picture factor input when the user retrieves the password;
所述显示单元1003,还用于当所述判断单元1006的判断结果为干扰图片 信息发生更新时,显示更新后的干扰图片信息;The display unit 1003 is further configured to: when the determining unit 1006 determines that the interference result is an interference picture When the information is updated, the updated interference picture information is displayed;
所述接收单元1004,具体用于接收用户找回密码时输入的验证码和用户找回密码时从所述更新后的干扰图片信息中选择的图片因子。The receiving unit 1004 is specifically configured to receive a verification code input when the user retrieves the password and a picture factor selected from the updated interference picture information when the user retrieves the password.
可选地,所述获取单元1001,还用于在获取用户找回密码时输入的账号之前,获取用户注册时输入的账号;Optionally, the obtaining unit 1001 is further configured to acquire an account that is input when the user registers, before acquiring an account that is input when the user retrieves the password;
所述显示单元1003,还用于当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;The display unit 1003 is further configured to: when the instruction for enabling the picture factor authentication function on the account is acquired, displaying prompt information of the input picture factor;
所述接收单元1004,还用于接收用户注册时输入的密码和图片因子;The receiving unit 1004 is further configured to receive a password and a picture factor input when the user registers;
所述装置还包括:The device also includes:
注册单元1007,用于根据所述获取单元1001获取的账号、所述接收单元1004接收的密码和图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。The registration unit 1007 is configured to perform user registration according to the account acquired by the obtaining unit 1001, the password and the picture factor received by the receiving unit 1004, and generate interference picture information including the picture factor for the account.
可选地,所述接收单元1004包括:Optionally, the receiving unit 1004 includes:
接收子单元,用于接收用户注册时输入的密码;a receiving subunit, configured to receive a password input when the user registers;
所述接收子单元,还用于接收用户上传图片的指令;The receiving subunit is further configured to receive an instruction that a user uploads a picture;
图片因子确认子单元,用于将用户上传的图片作为图片因子。The picture factor confirmation sub-unit is used to use the picture uploaded by the user as a picture factor.
可选地,所述图片因子确认子单元,具体用于对用户上传的图片按统一规格进行剪裁;将剪裁后的图片作为图片因子。Optionally, the picture factor confirmation subunit is specifically configured to cut a picture uploaded by the user according to a unified specification; and the cut picture is used as a picture factor.
可选地,所述显示单元1003,还用于显示共享用户上传的图片的提示信息;Optionally, the display unit 1003 is further configured to display prompt information for sharing a picture uploaded by the user;
所述接收单元1004,还用于接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。The receiving unit 1004 is further configured to receive an instruction of the user, and share the uploaded image of the user according to the instruction, so that the interference picture information can be generated for the other account according to the picture uploaded by the user.
可选地,所述接收子单元接收的用户上传的图片为用户绘制的签名图片;Optionally, the user-uploaded picture received by the receiving sub-unit is a signature picture drawn by the user;
所述接收单元1004,具体用于接收用户找回密码时输入的验证码和用户绘制的图片因子; The receiving unit 1004 is specifically configured to receive a verification code input by the user when the password is retrieved and a picture factor drawn by the user;
所述认证单元1005,具体用于通过核实所述获取单元1001获取的账号、所述接收单元1004接收的验证码是否正确,以及,通过比对所述接收单元1004接收的图片因子与所述接收子单元接收的签名图片的相似度,进行用户找回密码认证。The authentication unit 1005 is specifically configured to verify whether the account number acquired by the acquiring unit 1001, the verification code received by the receiving unit 1004 is correct, and the ratio of the picture factor received by the receiving unit 1004 to the receiving. The similarity of the signature pictures received by the subunits is performed by the user to retrieve the password authentication.
图11为本发明实施例十提供的双因子认证设备结构图,该设备用于执行本发明实施例提供的双因子认证方法,该方法应用于登录过程中的认证,该设备包括:FIG. 11 is a structural diagram of a two-factor authentication device according to Embodiment 10 of the present invention. The device is used to perform the two-factor authentication method provided by the embodiment of the present invention. The method is applied to the authentication in the login process, and the device includes:
存储器1101; Memory 1101;
处理器1102;The processor 1102;
所述存储器1101用于存储程序指令;The memory 1101 is configured to store program instructions;
所述处理器1102用于根据所述存储器1101中存储的程序指令执行以下操作:The processor 1102 is configured to perform the following operations according to the program instructions stored in the memory 1101:
获取用户登录时输入的账号;Obtain the account entered when the user logs in;
查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
接收用户登录时输入的密码和图片因子;Receiving the password and picture factor entered when the user logs in;
根据所述账号、所述密码和所述图片因子进行用户登录认证。User login authentication is performed according to the account number, the password, and the picture factor.
可选地,所述处理器1102还用于根据所述存储器1101中存储的程序指令执行以下操作:Optionally, the processor 1102 is further configured to perform the following operations according to the program instructions stored in the memory 1101:
在所述接收用户登录时输入的密码和图片因子之前,判断干扰图片信息是否发生更新;Determining whether the interference picture information is updated before receiving the password and the picture factor input when the user logs in;
当判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;When the judgment result is that the interference picture information is updated, the updated interference picture information is displayed;
所述处理器执行接收用户登录时输入的密码和图片因子的操作,包括:The processor performs an operation of receiving a password and a picture factor input when the user logs in, including:
接收用户登录时输入的密码和用户登录时从所述更新后的干扰图片信息中选择的图片因子。 The password input when the user logs in and the picture factor selected from the updated interference picture information when the user logs in are received.
可选地,所述处理器1102还用于根据所述存储器1101中存储的程序指令执行以下操作:Optionally, the processor 1102 is further configured to perform the following operations according to the program instructions stored in the memory 1101:
在所述获取用户登录时输入的账号之前,获取用户注册时输入的账号;Obtaining an account entered when the user registers, before obtaining the account entered when the user logs in;
当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;When an instruction for enabling the picture factor authentication function for the account is obtained, prompt information for inputting a picture factor is displayed;
接收用户注册时输入的密码和图片因子;Receiving the password and picture factor entered when the user registers;
根据所述账号、所述密码和所述图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。Performing user registration according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
可选地,所述处理器1102执行所述接收用户注册时输入的密码和图片因子的操作,包括:Optionally, the processor 1102 performs the operation of receiving the password and the picture factor input when the user registers, including:
接收用户注册时输入的密码;Receive the password entered when the user registers;
随机生成图片列表,显示所述图片列表;Randomly generating a picture list to display the picture list;
接收用户注册时从所述图片列表中选择图片的指令;Receiving an instruction to select a picture from the picture list when the user registers;
将用户选择的图片作为图片因子。The picture selected by the user is taken as the picture factor.
可选地,所述处理器1102执行所述接收用户注册时输入的密码和图片因子的操作,包括:Optionally, the processor 1102 performs the operation of receiving the password and the picture factor input when the user registers, including:
接收用户注册时输入的密码;Receive the password entered when the user registers;
接收用户上传图片的指令;Receiving an instruction for a user to upload a picture;
将用户上传的图片作为图片因子。Use the user-uploaded image as a picture factor.
可选地,所述处理器1102执行所述将用户上传的图片作为图片因子的操作,包括:Optionally, the performing, by the processor 1102, the performing, by using the user-uploaded picture as a picture factor, includes:
对用户上传的图片按统一规格进行剪裁;The user uploaded images are tailored according to uniform specifications;
将剪裁后的图片作为图片因子。Use the cropped image as the image factor.
可选地,所述处理器1102还用于根据所述存储器1101中存储的程序指令执行以下操作:Optionally, the processor 1102 is further configured to perform the following operations according to the program instructions stored in the memory 1101:
显示共享用户上传的图片的提示信息; Display prompt information for sharing pictures uploaded by users;
接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。Receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to generate interference picture information for other accounts according to the picture uploaded by the user.
可选地,所述用户上传的图片为用户绘制的签名图片;Optionally, the picture uploaded by the user is a signature picture drawn by the user;
所述处理器1102执行所述接收用户登录时输入的密码和图片因子的操作,包括:The processor 1102 performs the operation of receiving the password and the picture factor input when the user logs in, including:
接收用户登录时输入的密码和用户绘制的图片因子;Receiving the password entered by the user when logging in and the picture factor drawn by the user;
所述处理器1102执行所述根据所述账号、所述密码和所述图片因子进行用户登录认证的操作,包括:The processor 1102 performs the operation of performing user login authentication according to the account, the password, and the picture factor, including:
通过核实所述账号、所述密码是否正确,以及,通过比对所述图片因子与所述签名图片的相似度,进行用户登录认证。User login authentication is performed by verifying the account number, whether the password is correct, and by comparing the similarity between the picture factor and the signature picture.
可选地,所述处理器1102还用于根据所述存储器1101中存储的程序指令执行以下操作:Optionally, the processor 1102 is further configured to perform the following operations according to the program instructions stored in the memory 1101:
在所述获取用户登录时输入的账号,查询所述账号是否启用了图片因子认证功能之后,当查询结果为所述账号未启用图片因子认证功能时,接收用户输入的密码;After the user account is logged in to obtain the image factor authentication function, when the query result is that the account factor authentication function is not enabled, the password input by the user is received;
根据所述账号和所述密码进行用户登录认证。User login authentication is performed according to the account number and the password.
可选地,所述处理器1102还用于根据所述存储器1101中存储的程序指令执行以下操作:Optionally, the processor 1102 is further configured to perform the following operations according to the program instructions stored in the memory 1101:
用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
当查询结果为所述账号未启用图片因子认证功能时,根据用户的指令对所述账号启用图片因子认证功能;When the result of the query is that the picture factor authentication function is not enabled on the account, the picture factor authentication function is enabled on the account according to the user's instruction;
显示输入图片因子的提示信息;Display prompt information for input picture factor;
接收用户输入的图片因子;Receiving a picture factor input by the user;
根据所述账号、所述密码和所述图片因子重新进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。 Re-registering the user according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
可选地,所述处理器1102还用于根据所述存储器1101中存储的程序指令执行以下操作:Optionally, the processor 1102 is further configured to perform the following operations according to the program instructions stored in the memory 1101:
用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
当查询结果为所述账号启用了图片因子认证功能时,根据用户的指令对所述账号取消图片因子认证功能;When the result of the query is that the picture factor authentication function is enabled for the account, the picture factor authentication function is cancelled according to the user's instruction;
根据所述账号和所述密码重新进行用户注册。Re-registering the user according to the account number and the password.
可选地,所述处理器1102还用于根据所述存储器1101中存储的程序指令执行以下操作:Optionally, the processor 1102 is further configured to perform the following operations according to the program instructions stored in the memory 1101:
获取用户找回密码时输入的账号;Obtain the account entered when the user retrieves the password;
查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
接收用户输入的验证码和图片因子;Receiving a verification code and a picture factor input by the user;
根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。The user retrieves the password authentication according to the account number, the verification code, and the picture factor.
可选地,所述处理器1102执行所述根据所述账号、所述密码和所述图片因子进行用户登录认证的操作,包括:Optionally, the processor 1102 performs the operation of performing user login authentication according to the account, the password, and the picture factor, including:
当所述账号、所述密码和所述图片因子都正确时,确认认证成功,显示认证成功的登陆认证结果;When the account number, the password, and the picture factor are all correct, confirm that the authentication is successful, and display the login authentication result that the authentication is successful;
当所述账号、所述密码和所述图片因子中至少一个不正确时,确认认证失败,显示认证失败的登陆认证结果。When at least one of the account number, the password, and the picture factor is incorrect, the authentication failure is confirmed, and the login authentication result of the authentication failure is displayed.
可选地,所述处理器1102还用于根据所述存储器1101中存储的程序指令执行以下操作:Optionally, the processor 1102 is further configured to perform the following operations according to the program instructions stored in the memory 1101:
当连续认证失败的次数超过预设次数时,锁定所述账号。When the number of consecutive authentication failures exceeds a preset number of times, the account is locked.
图12为本发明实施例十一提供的双因子认证设备结构图,该设备用于执行本发明实施例提供的双因子认证方法,该方法应用于找回密码过程中的认 证,该设备包括:FIG. 12 is a structural diagram of a two-factor authentication device according to Embodiment 11 of the present invention, where the device is used to perform the two-factor authentication method provided by the embodiment of the present invention, and the method is applied to the process of retrieving a password. The card includes:
存储器1201; Memory 1201;
处理器1202;The processor 1202;
所述存储器1201用于存储程序指令;The memory 1201 is configured to store program instructions;
所述处理器1202用于根据所述存储器1201中存储的程序指令执行以下操作:The processor 1202 is configured to perform the following operations according to the program instructions stored in the memory 1201:
获取用户找回密码时输入的账号;Obtain the account entered when the user retrieves the password;
查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
接收用户找回密码时输入的验证码和图片因子;Receiving the verification code and picture factor input when the user retrieves the password;
根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。The user retrieves the password authentication according to the account number, the verification code, and the picture factor.
可选地,所述处理器1202还用于根据所述存储器1201中存储的程序指令执行以下操作:Optionally, the processor 1202 is further configured to perform the following operations according to the program instructions stored in the memory 1201:
在所述接收用户找回密码时输入的验证码和图片因子之前,判断干扰图片信息是否发生更新;Determining whether the interference picture information is updated before the verification code and the picture factor input when the user retrieves the password is received;
当判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;When the judgment result is that the interference picture information is updated, the updated interference picture information is displayed;
所述处理器1202执行所述接收用户找回密码时输入的验证码和图片因子的操作,包括:The processor 1202 performs the operation of receiving the verification code and the picture factor input when the user retrieves the password, including:
接收用户找回密码时输入的验证码和用户找回密码时从所述更新后的干扰图片信息中选择的图片因子。The verification code input when the user retrieves the password and the picture factor selected from the updated interference picture information when the user retrieves the password.
可选地,所述处理器1202还用于根据所述存储器1201中存储的程序指令执行以下操作:Optionally, the processor 1202 is further configured to perform the following operations according to the program instructions stored in the memory 1201:
在所述获取用户找回密码时输入的账号之前,获取用户注册时输入的账号;Obtaining an account entered when the user registers, before obtaining the account entered when the user retrieves the password;
当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因 子的提示信息;When an instruction to enable the picture factor authentication function for the account is obtained, the input picture is displayed due to Sub-information information;
接收用户注册时输入的密码和图片因子;Receiving the password and picture factor entered when the user registers;
根据所述账号、所述密码和所述图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。Performing user registration according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
可选地,所述处理器1202执行所述接收用户注册时输入的密码和图片因子的操作,包括:Optionally, the processor 1202 performs the operation of receiving the password and the picture factor input when the user registers, including:
接收用户注册时输入的密码;Receive the password entered when the user registers;
接收用户上传图片的指令;Receiving an instruction for a user to upload a picture;
将用户上传的图片作为图片因子。Use the user-uploaded image as a picture factor.
可选地,所述处理器1202执行所述将用户上传的图片作为图片因子的操作,包括:Optionally, the performing, by the processor 1202, the performing, by using the user-uploaded picture as a picture factor, includes:
对用户上传的图片按统一规格进行剪裁;The user uploaded images are tailored according to uniform specifications;
将剪裁后的图片作为图片因子。Use the cropped image as the image factor.
可选地,所述处理器1202还用于根据所述存储器1201中存储的程序指令执行以下操作:Optionally, the processor 1202 is further configured to perform the following operations according to the program instructions stored in the memory 1201:
显示共享用户上传的图片的提示信息;Display prompt information for sharing pictures uploaded by users;
接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。Receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to generate interference picture information for other accounts according to the picture uploaded by the user.
可选地,所述用户上传的图片为用户绘制的签名图片;Optionally, the picture uploaded by the user is a signature picture drawn by the user;
所述处理器1202执行所述接收用户找回密码时输入的验证码和图片因子的操作,包括:The processor 1202 performs the operation of receiving the verification code and the picture factor input when the user retrieves the password, including:
接收用户找回密码时输入的验证码和用户绘制的图片因子;Receiving the verification code input by the user when the password is retrieved and the picture factor drawn by the user;
所述根据所述账号、所述验证码和所述图片因子进行用户找回密码认证,包括:Performing user password recovery authentication according to the account number, the verification code, and the picture factor, including:
通过核实所述账号、所述验证码是否正确,以及,通过比对所述图片因子与所述签名图片的相似度,进行用户找回密码认证。 The user retrieves the password authentication by verifying the account number, whether the verification code is correct, and by comparing the similarity between the picture factor and the signature picture.
专业人员应该还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。A person skilled in the art should further appreciate that the elements and algorithm steps of the various examples described in connection with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both, in order to clearly illustrate hardware and software. Interchangeability, the composition and steps of the various examples have been generally described in terms of function in the above description. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来指令处理器完成,所述的程序可以存储于计算机可读存储介质中,所述存储介质是非短暂性(英文:non-transitory)介质,例如随机存取存储器,只读存储器,快闪存储器,硬盘,固态硬盘,磁带(英文:magnetic tape),软盘(英文:floppy disk),光盘(英文:optical disc)及其任意组合。It will be understood by those skilled in the art that all or part of the steps of implementing the above embodiments may be performed by a program, and the program may be stored in a computer readable storage medium, which is non-transitory ( English: non-transitory) media, such as random access memory, read-only memory, flash memory, hard disk, solid state disk, magnetic tape (English: magnetic tape), floppy disk (English: floppy disk), CD (English: optical disc) And any combination thereof.
以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求的保护范围为准。 The above is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or within the technical scope disclosed by the present invention. Alternatives are intended to be covered by the scope of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims (63)

  1. 一种双因子认证方法,其特征在于,所述方法包括:A two-factor authentication method, the method comprising:
    获取用户登录时输入的账号;Obtain the account entered when the user logs in;
    查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
    当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
    接收用户登录时输入的密码和图片因子;Receiving the password and picture factor entered when the user logs in;
    根据所述账号、所述密码和所述图片因子进行用户登录认证。User login authentication is performed according to the account number, the password, and the picture factor.
  2. 如权利要求1所述的方法,其特征在于,所述接收用户登录时输入的密码和图片因子之前,所述方法还包括:The method of claim 1, wherein the method further comprises: before receiving the password and the picture factor input by the user when logging in, the method further comprising:
    判断干扰图片信息是否发生更新;Determine whether the interference picture information is updated;
    当判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;When the judgment result is that the interference picture information is updated, the updated interference picture information is displayed;
    所述接收用户登录时输入的密码和图片因子,包括:The receiving the password and picture factor input when the user logs in, including:
    接收用户登录时输入的密码和用户登录时从所述更新后的干扰图片信息中选择的图片因子。The password input when the user logs in and the picture factor selected from the updated interference picture information when the user logs in are received.
  3. 如权利要求1或2所述的方法,其特征在于,所述获取用户登录时输入的账号之前,所述方法还包括:The method according to claim 1 or 2, wherein before the obtaining an account entered by the user when logging in, the method further comprises:
    获取用户注册时输入的账号;Obtain the account entered when the user registered;
    当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;When an instruction for enabling the picture factor authentication function for the account is obtained, prompt information for inputting a picture factor is displayed;
    接收用户注册时输入的密码和图片因子;Receiving the password and picture factor entered when the user registers;
    根据所述账号、所述密码和所述图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。Performing user registration according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
  4. 如权利要求3所述的方法,其特征在于,所述接收用户注册时输入的密码和图片因子,包括:The method according to claim 3, wherein said receiving a password and a picture factor input when the user registers, comprising:
    接收用户注册时输入的密码; Receive the password entered when the user registers;
    随机生成图片列表,显示所述图片列表;Randomly generating a picture list to display the picture list;
    接收用户注册时从所述图片列表中选择图片的指令;Receiving an instruction to select a picture from the picture list when the user registers;
    将用户选择的图片作为图片因子。The picture selected by the user is taken as the picture factor.
  5. 如权利要求3所述的方法,其特征在于,所述接收用户注册时输入的密码和图片因子,包括:The method according to claim 3, wherein said receiving a password and a picture factor input when the user registers, comprising:
    接收用户注册时输入的密码;Receive the password entered when the user registers;
    接收用户上传图片的指令;Receiving an instruction for a user to upload a picture;
    将用户上传的图片作为图片因子。Use the user-uploaded image as a picture factor.
  6. 如权利要求5所述的方法,其特征在于,所述将用户上传的图片作为图片因子,包括:The method according to claim 5, wherein said using the image uploaded by the user as a picture factor comprises:
    对用户上传的图片按统一规格进行剪裁;The user uploaded images are tailored according to uniform specifications;
    将剪裁后的图片作为图片因子。Use the cropped image as the image factor.
  7. 如权利要求5或6所述的方法,其特征在于,所述方法还包括:The method of claim 5 or claim 6, wherein the method further comprises:
    显示共享用户上传的图片的提示信息;Display prompt information for sharing pictures uploaded by users;
    接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。Receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to generate interference picture information for other accounts according to the picture uploaded by the user.
  8. 如权利要求5所述的方法,其特征在于,所述用户上传的图片为用户绘制的签名图片;The method according to claim 5, wherein the picture uploaded by the user is a signature picture drawn by the user;
    所述接收用户登录时输入的密码和图片因子,包括:The receiving the password and picture factor input when the user logs in, including:
    接收用户登录时输入的密码和用户绘制的图片因子;Receiving the password entered by the user when logging in and the picture factor drawn by the user;
    所述根据所述账号、所述密码和所述图片因子进行用户登录认证,包括:Performing user login authentication according to the account number, the password, and the picture factor, including:
    通过核实所述账号、所述密码是否正确,以及,通过比对所述图片因子与所述签名图片的相似度,进行用户登录认证。User login authentication is performed by verifying the account number, whether the password is correct, and by comparing the similarity between the picture factor and the signature picture.
  9. 如权利要求1所述的方法,其特征在于,所述获取用户登录时输入的账号,查询所述账号是否启用了图片因子认证功能之后,所述方法还包括:The method according to claim 1, wherein the method further comprises: after obtaining an account entered by the user to log in, and querying whether the account factor is enabled by the account, the method further comprises:
    当查询结果为所述账号未启用图片因子认证功能时,接收用户输入的密 码;When the result of the query is that the account factor authentication function is not enabled for the account, the user receives the password. code;
    根据所述账号和所述密码进行用户登录认证。User login authentication is performed according to the account number and the password.
  10. 如权利要求9所述的方法,其特征在于,所述方法还包括:The method of claim 9 wherein the method further comprises:
    用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
    当查询结果为所述账号未启用图片因子认证功能时,根据用户的指令对所述账号启用图片因子认证功能;When the result of the query is that the picture factor authentication function is not enabled on the account, the picture factor authentication function is enabled on the account according to the user's instruction;
    显示输入图片因子的提示信息;Display prompt information for input picture factor;
    接收用户输入的图片因子;Receiving a picture factor input by the user;
    根据所述账号、所述密码和所述图片因子重新进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。Re-registering the user according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
  11. 如权利要求1至10中任一权利要求所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 10, wherein the method further comprises:
    用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
    当查询结果为所述账号启用了图片因子认证功能时,根据用户的指令对所述账号取消图片因子认证功能;When the result of the query is that the picture factor authentication function is enabled for the account, the picture factor authentication function is cancelled according to the user's instruction;
    根据所述账号和所述密码重新进行用户注册。Re-registering the user according to the account number and the password.
  12. 如权利要求1至11中任一权利要求所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 11, wherein the method further comprises:
    获取用户找回密码时输入的账号;Obtain the account entered when the user retrieves the password;
    查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
    当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
    接收用户输入的验证码和图片因子;Receiving a verification code and a picture factor input by the user;
    根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。 The user retrieves the password authentication according to the account number, the verification code, and the picture factor.
  13. 如权利要求1所述的方法,其特征在于,所述根据所述账号、所述密码和所述图片因子进行用户登录认证,包括:The method of claim 1, wherein the performing user login authentication according to the account number, the password, and the picture factor comprises:
    当所述账号、所述密码和所述图片因子都正确时,确认认证成功,显示认证成功的登陆认证结果;When the account number, the password, and the picture factor are all correct, confirm that the authentication is successful, and display the login authentication result that the authentication is successful;
    当所述账号、所述密码和所述图片因子中至少一个不正确时,确认认证失败,显示认证失败的登陆认证结果。When at least one of the account number, the password, and the picture factor is incorrect, the authentication failure is confirmed, and the login authentication result of the authentication failure is displayed.
  14. 如权利要求1至13中任一权利要求所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 13, wherein the method further comprises:
    当连续认证失败的次数超过预设次数时,锁定所述账号。When the number of consecutive authentication failures exceeds a preset number of times, the account is locked.
  15. 一种双因子认证方法,其特征在于,所述方法包括:A two-factor authentication method, the method comprising:
    获取用户找回密码时输入的账号;Obtain the account entered when the user retrieves the password;
    查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
    当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
    接收用户找回密码时输入的验证码和图片因子;Receiving the verification code and picture factor input when the user retrieves the password;
    根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。The user retrieves the password authentication according to the account number, the verification code, and the picture factor.
  16. 如权利要求15所述的方法,其特征在于,所述接收用户找回密码时输入的验证码和图片因子之前,所述方法还包括:The method according to claim 15, wherein before the receiving the verification code and the picture factor input by the user when the password is retrieved, the method further includes:
    判断干扰图片信息是否发生更新;Determine whether the interference picture information is updated;
    当判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;When the judgment result is that the interference picture information is updated, the updated interference picture information is displayed;
    所述接收用户找回密码时输入的验证码和图片因子,包括:The verification code and the picture factor input when the user receives the password, including:
    接收用户找回密码时输入的验证码和用户找回密码时从所述更新后的干扰图片信息中选择的图片因子。The verification code input when the user retrieves the password and the picture factor selected from the updated interference picture information when the user retrieves the password.
  17. 如权利要求15或16所述的方法,其特征在于,所述获取用户找回密码时输入的账号之前,所述方法还包括:The method according to claim 15 or 16, wherein the method further comprises: before the obtaining an account entered by the user when the password is retrieved, the method further comprises:
    获取用户注册时输入的账号; Obtain the account entered when the user registered;
    当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;When an instruction for enabling the picture factor authentication function for the account is obtained, prompt information for inputting a picture factor is displayed;
    接收用户注册时输入的密码和图片因子;Receiving the password and picture factor entered when the user registers;
    根据所述账号、所述密码和所述图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。Performing user registration according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
  18. 如权利要求17所述的方法,其特征在于,所述接收用户注册时输入的密码和图片因子,包括:The method according to claim 17, wherein said receiving a password and a picture factor input when the user registers, comprising:
    接收用户注册时输入的密码;Receive the password entered when the user registers;
    接收用户上传图片的指令;Receiving an instruction for a user to upload a picture;
    将用户上传的图片作为图片因子。Use the user-uploaded image as a picture factor.
  19. 如权利要求18所述的方法,其特征在于,所述将用户上传的图片作为图片因子,包括:The method according to claim 18, wherein said using the image uploaded by the user as a picture factor comprises:
    对用户上传的图片按统一规格进行剪裁;The user uploaded images are tailored according to uniform specifications;
    将剪裁后的图片作为图片因子。Use the cropped image as the image factor.
  20. 如权利要求18或19所述的方法,其特征在于,所述方法还包括:The method of claim 18 or 19, wherein the method further comprises:
    显示共享用户上传的图片的提示信息;Display prompt information for sharing pictures uploaded by users;
    接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。Receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to generate interference picture information for other accounts according to the picture uploaded by the user.
  21. 如权利要求18所述的方法,其特征在于,所述用户上传的图片为用户绘制的签名图片;The method according to claim 18, wherein the user-uploaded picture is a signature picture drawn by a user;
    所述接收用户找回密码时输入的验证码和图片因子,包括:The verification code and the picture factor input when the user receives the password, including:
    接收用户找回密码时输入的验证码和用户绘制的图片因子;Receiving the verification code input by the user when the password is retrieved and the picture factor drawn by the user;
    所述根据所述账号、所述验证码和所述图片因子进行用户找回密码认证,包括:Performing user password recovery authentication according to the account number, the verification code, and the picture factor, including:
    通过核实所述账号、所述验证码是否正确,以及,通过比对所述图片因子与所述签名图片的相似度,进行用户找回密码认证。 The user retrieves the password authentication by verifying the account number, whether the verification code is correct, and by comparing the similarity between the picture factor and the signature picture.
  22. 一种双因子认证装置,其特征在于,所述装置包括:A two-factor authentication device, characterized in that the device comprises:
    获取单元,用于获取用户登录时输入的账号;The obtaining unit is configured to obtain an account entered when the user logs in;
    查询单元,用于查询所述获取单元获取的账号是否启用了图片因子认证功能;a query unit, configured to query whether an account factor obtained by the obtaining unit is enabled with a picture factor authentication function;
    显示单元,用于当所述查询单元的查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;a display unit, configured to display prompt information of the input picture factor when the query result of the query unit is that the picture factor authentication function is enabled for the account;
    接收单元,用于接收用户登录时输入的密码和图片因子;a receiving unit, configured to receive a password and a picture factor input when the user logs in;
    认证单元,用于根据所述获取单元获取的账号、所述接收单元接收的密码和图片因子进行用户登录认证。The authentication unit is configured to perform user login authentication according to the account acquired by the acquiring unit, the password received by the receiving unit, and a picture factor.
  23. 如权利要求22所述的装置,其特征在于,所述装置还包括:The device of claim 22, wherein the device further comprises:
    判断单元,用于在所述接收单元接收用户登录时输入的密码和图片因子之前,判断干扰图片信息是否发生更新;a determining unit, configured to determine whether the interference picture information is updated before the receiving unit receives the password and the picture factor input when the user logs in;
    所述显示单元,还用于当所述判断单元的判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;The display unit is further configured to display the updated interference picture information when the judgment result of the determining unit is that the interference picture information is updated;
    所述接收单元,具体用于接收用户登录时输入的密码和用户登录时从所述更新后的干扰图片信息中选择的图片因子。The receiving unit is specifically configured to receive a password input when the user logs in and a picture factor selected from the updated interference picture information when the user logs in.
  24. 如权利要求22或23所述的装置,其特征在于:A device according to claim 22 or 23, wherein:
    所述获取单元,还用于在获取用户登录时输入的账号之前,获取用户注册时输入的账号;The obtaining unit is further configured to acquire an account that is input when the user registers, before acquiring an account that is input when the user logs in;
    所述显示单元,还用于当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;The display unit is further configured to display prompt information of the input picture factor when an instruction for enabling the picture factor authentication function for the account is obtained;
    所述接收单元,还用于接收用户注册时输入的密码和图片因子;The receiving unit is further configured to receive a password and a picture factor input when the user registers;
    所述装置还包括:The device also includes:
    注册单元,用于根据所述获取单元获取的账号、所述接收单元接收的密码和图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。 a registration unit, configured to perform user registration according to the account acquired by the acquiring unit, the password received by the receiving unit, and a picture factor, and generate interference picture information including the picture factor for the account.
  25. 如权利要求24所述的装置,其特征在于,所述接收单元包括:The apparatus according to claim 24, wherein said receiving unit comprises:
    接收子单元,用于接收用户注册时输入的密码;a receiving subunit, configured to receive a password input when the user registers;
    显示子单元,用于随机生成图片列表,显示所述图片列表;a display subunit, configured to randomly generate a picture list, and display the picture list;
    所述接收子单元,还用于接收用户注册时从所述图片列表中选择图片的指令;The receiving subunit is further configured to receive an instruction for selecting a picture from the picture list when the user registers;
    图片因子确认子单元,用于将所述接收子单元接收的用户选择的图片作为图片因子。A picture factor confirmation subunit is configured to use a picture selected by the user by the receiving subunit as a picture factor.
  26. 如权利要求24所述的装置,其特征在于,所述接收单元包括:The apparatus according to claim 24, wherein said receiving unit comprises:
    接收子单元,用于接收用户注册时输入的密码;a receiving subunit, configured to receive a password input when the user registers;
    所述接收子单元,还用于接收用户上传图片的指令;The receiving subunit is further configured to receive an instruction that a user uploads a picture;
    图片因子确认子单元,用于将所述接收子单元接收的用户上传的图片作为图片因子。The picture factor confirmation subunit is configured to use the user uploaded picture received by the receiving subunit as a picture factor.
  27. 如权利要求26所述的装置,其特征在于,所述图片因子确认子单元,具体用于对用户上传的图片按统一规格进行剪裁;将剪裁后的图片作为图片因子。The device according to claim 26, wherein the picture factor confirmation sub-unit is specifically configured to trim the picture uploaded by the user according to a unified specification; and the clipped picture is used as a picture factor.
  28. 如权利要求26或27所述的装置,其特征在于:The device of claim 26 or 27, wherein:
    所述显示单元,还用于显示共享用户上传的图片的提示信息;The display unit is further configured to display prompt information for sharing a picture uploaded by a user;
    所述接收单元,还用于接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。The receiving unit is further configured to receive an instruction of the user, and share the uploaded image of the user according to the instruction, so that the interference picture information can be generated for the other account according to the picture uploaded by the user.
  29. 如权利要求26所述的装置,其特征在于,所述接收子单元接收的用户上传的图片为用户绘制的签名图片;The device according to claim 26, wherein the user-uploaded picture received by the receiving sub-unit is a signature picture drawn by a user;
    所述接收单元,具体用于接收用户登录时输入的密码和用户绘制的图片因子;The receiving unit is specifically configured to receive a password input by the user when logging in and a picture factor drawn by the user;
    所述认证单元,具体用于通过核实所述获取单元获取的账号、所述接收单元接收的密码是否正确,以及通过比对所述接收单元接收的图片因子与所 述接收子单元接收的签名图片的相似度,进行用户登录认证。The authentication unit is specifically configured to verify, by using the account acquired by the acquiring unit, whether the password received by the receiving unit is correct, and by comparing the picture factor and the received by the receiving unit. The similarity of the signature pictures received by the receiving subunit is described, and user login authentication is performed.
  30. 如权利要求22所述的装置,其特征在于:The device of claim 22 wherein:
    所述接收单元,还用于在所述获取单元获取用户登录时输入的账号,所述查询单元查询所述账号是否启用了图片因子认证功能之后,当所述查询单元的查询结果为所述账号未启用图片因子认证功能时,接收用户输入的密码;The receiving unit is further configured to: when the obtaining unit acquires an account that is input when the user logs in, the query unit queries whether the image factor authentication function is enabled in the account, and the query result of the query unit is the account When the picture factor authentication function is not enabled, the password input by the user is received;
    所述认证单元,还用于根据所述获取单元获取的账号和所述接收单元接收的密码进行用户登录认证。The authentication unit is further configured to perform user login authentication according to the account acquired by the acquiring unit and the password received by the receiving unit.
  31. 如权利要求30所述的装置,其特征在于:The device of claim 30 wherein:
    所述查询单元,还用于用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;The query unit is further configured to: after the user logs in, query whether the account factor authentication function is enabled by the account according to an instruction of the user;
    所述装置还包括:The device also includes:
    启用单元,用于当所述查询单元的查询结果为所述账号未启用图片因子认证功能时,根据用户的指令对所述账号启用图片因子认证功能;An enabling unit, configured to enable a picture factor authentication function on the account according to a user instruction when the query result of the query unit is that the account factor is not enabled by the account;
    所述显示单元,还用于显示输入图片因子的提示信息;The display unit is further configured to display prompt information of an input picture factor;
    所述接收单元,还用于接收用户输入的图片因子;The receiving unit is further configured to receive a picture factor input by the user;
    所述注册单元,还用于根据所述账号、所述密码和所述图片因子重新进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。The registration unit is further configured to re-register the user according to the account, the password, and the picture factor, and generate interference picture information including the picture factor for the account.
  32. 如权利要求22至31中任一权利要求所述的装置,其特征在于:A device according to any one of claims 22 to 31, wherein:
    所述查询单元,还用于用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;The query unit is further configured to: after the user logs in, query whether the account factor authentication function is enabled by the account according to an instruction of the user;
    所述装置还包括:The device also includes:
    取消单元,用于当所述查询单元的查询结果为所述账号启用了图片因子认证功能时,根据用户的指令对所述账号取消图片因子认证功能;a canceling unit, configured to cancel a picture factor authentication function on the account according to a user instruction when the query result of the query unit is that the picture factor authentication function is enabled on the account;
    所述注册单元,还用于根据所述账号和所述密码重新进行用户注册。The registration unit is further configured to perform user registration again according to the account number and the password.
  33. 如权利要求22至32中任一权利要求所述的装置,其特征在于:A device according to any one of claims 22 to 32, wherein:
    所述获取单元,还用于获取用户找回密码时输入的账号; The obtaining unit is further configured to acquire an account that is input when the user retrieves the password;
    所述查询单元,还用于查询所述获取单元获取的账号是否启用了图片因子认证功能;The query unit is further configured to query whether an account factor obtained by the obtaining unit is enabled with a picture factor authentication function;
    所述显示单元,还用于当所述查询单元的查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;The display unit is further configured to: when the query result of the query unit is that the image factor authentication function is enabled for the account, display prompt information of the input picture factor;
    所述接收单元,还用于接收用户输入的验证码和图片因子;The receiving unit is further configured to receive a verification code and a picture factor input by the user;
    所述认证单元,还用于根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。The authentication unit is further configured to perform user recovery password authentication according to the account number, the verification code, and the picture factor.
  34. 如权利要求22所述的装置,其特征在于,所述认证单元具体用于:The device according to claim 22, wherein the authentication unit is specifically configured to:
    当所述账号、所述密码和所述图片因子都正确时,确认认证成功,显示认证成功的登陆认证结果;When the account number, the password, and the picture factor are all correct, confirm that the authentication is successful, and display the login authentication result that the authentication is successful;
    当所述账号、所述密码和所述图片因子中至少一个不正确时,确认认证失败,显示认证失败的登陆认证结果。When at least one of the account number, the password, and the picture factor is incorrect, the authentication failure is confirmed, and the login authentication result of the authentication failure is displayed.
  35. 如权利要求22至34中任一权利要求所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 22 to 34, wherein the device further comprises:
    锁定单元,用于当所述认证单元连续认证失败的次数超过预设次数时,锁定所述账号。The locking unit is configured to lock the account when the number of consecutive authentication failures of the authentication unit exceeds a preset number of times.
  36. 一种双因子认证装置,其特征在于,所述装置包括:A two-factor authentication device, characterized in that the device comprises:
    获取单元,用于获取用户找回密码时输入的账号;The obtaining unit is configured to obtain an account entered when the user retrieves the password;
    查询单元,用于查询所述获取单元获取的账号是否启用了图片因子认证功能;a query unit, configured to query whether an account factor obtained by the obtaining unit is enabled with a picture factor authentication function;
    显示单元,用于当所述查询单元的查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;a display unit, configured to display prompt information of the input picture factor when the query result of the query unit is that the picture factor authentication function is enabled for the account;
    接收单元,用于接收用户找回密码时输入的验证码和图片因子;a receiving unit, configured to receive a verification code and a picture factor input when the user retrieves the password;
    认证单元,用于根据所述获取单元获取的账号、所述接收单元接收的验证码和图片因子进行用户找回密码认证。The authentication unit is configured to perform user recovery password authentication according to the account acquired by the acquiring unit, the verification code received by the receiving unit, and the picture factor.
  37. 如权利要求36所述的装置,其特征在于,所述装置还包括: The device of claim 36, wherein the device further comprises:
    判断单元,用于在所述接收单元接收用户找回密码时输入的验证码和图片因子之前,判断干扰图片信息是否发生更新;a determining unit, configured to determine whether the interference picture information is updated before the receiving unit receives the verification code and the picture factor input when the user retrieves the password;
    所述显示单元,还用于当所述判断单元的判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;The display unit is further configured to display the updated interference picture information when the judgment result of the determining unit is that the interference picture information is updated;
    所述接收单元,具体用于接收用户找回密码时输入的验证码和用户找回密码时从所述更新后的干扰图片信息中选择的图片因子。The receiving unit is specifically configured to receive a verification code input when the user retrieves the password and a picture factor selected from the updated interference picture information when the user retrieves the password.
  38. 如权利要求36或37所述的装置,其特征在于:The device of claim 36 or 37, wherein:
    所述获取单元,还用于在获取用户找回密码时输入的账号之前,获取用户注册时输入的账号;The obtaining unit is further configured to acquire an account that is input when the user registers, before acquiring an account that is input when the user retrieves the password;
    所述显示单元,还用于当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;The display unit is further configured to display prompt information of the input picture factor when an instruction for enabling the picture factor authentication function for the account is obtained;
    所述接收单元,还用于接收用户注册时输入的密码和图片因子;The receiving unit is further configured to receive a password and a picture factor input when the user registers;
    所述装置还包括:The device also includes:
    注册单元,用于根据所述获取单元获取的账号、所述接收单元接收的密码和图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。a registration unit, configured to perform user registration according to the account acquired by the acquiring unit, the password received by the receiving unit, and a picture factor, and generate interference picture information including the picture factor for the account.
  39. 如权利要求38所述的装置,其特征在于,所述接收单元包括:The apparatus according to claim 38, wherein said receiving unit comprises:
    接收子单元,用于接收用户注册时输入的密码;a receiving subunit, configured to receive a password input when the user registers;
    所述接收子单元,还用于接收用户上传图片的指令;The receiving subunit is further configured to receive an instruction that a user uploads a picture;
    图片因子确认子单元,用于将用户上传的图片作为图片因子。The picture factor confirmation sub-unit is used to use the picture uploaded by the user as a picture factor.
  40. 如权利要求39所述的装置,其特征在于,所述图片因子确认子单元,具体用于对用户上传的图片按统一规格进行剪裁;将剪裁后的图片作为图片因子。The device according to claim 39, wherein the picture factor confirmation sub-unit is specifically configured to trim the picture uploaded by the user according to a unified specification; and the clipped picture is used as a picture factor.
  41. 如权利要求39或40所述的装置,其特征在于:A device according to claim 39 or 40, wherein:
    所述显示单元,还用于显示共享用户上传的图片的提示信息;The display unit is further configured to display prompt information for sharing a picture uploaded by a user;
    所述接收单元,还用于接收用户的指令,根据所述指令将所述用户上传 的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。The receiving unit is further configured to receive an instruction of a user, and upload the user according to the instruction The picture is shared, so that the interference picture information can be generated for other accounts according to the picture uploaded by the user.
  42. 如权利要求39所述的装置,其特征在于,所述接收子单元接收的用户上传的图片为用户绘制的签名图片;The device according to claim 39, wherein the user-uploaded picture received by the receiving sub-unit is a signature picture drawn by a user;
    所述接收单元,具体用于接收用户找回密码时输入的验证码和用户绘制的图片因子;The receiving unit is specifically configured to receive a verification code input by the user when the password is retrieved and a picture factor drawn by the user;
    所述认证单元,具体用于通过核实所述获取单元获取的账号、所述接收单元接收的验证码是否正确,以及,通过比对所述接收单元接收的图片因子与所述接收子单元接收的签名图片的相似度,进行用户找回密码认证。The authentication unit is specifically configured to verify, by using the account acquired by the acquiring unit, whether the verification code received by the receiving unit is correct, and by comparing the picture factor received by the receiving unit with the receiving subunit. The similarity of the signature image is used to retrieve the password for the user.
  43. 一种双因子认证设备,其特征在于,所述设备包括:A two-factor authentication device, the device comprising:
    存储器;Memory
    处理器;processor;
    所述存储器用于存储程序指令;The memory is configured to store program instructions;
    所述处理器用于根据所述存储器中存储的程序指令执行以下操作:The processor is configured to perform the following operations according to program instructions stored in the memory:
    获取用户登录时输入的账号;Obtain the account entered when the user logs in;
    查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
    当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
    接收用户登录时输入的密码和图片因子;Receiving the password and picture factor entered when the user logs in;
    根据所述账号、所述密码和所述图片因子进行用户登录认证。User login authentication is performed according to the account number, the password, and the picture factor.
  44. 如权利要求43所述的设备,其特征在于,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:The device according to claim 43, wherein said processor is further configured to perform the following operations according to program instructions stored in said memory:
    在所述接收用户登录时输入的密码和图片因子之前,判断干扰图片信息是否发生更新;Determining whether the interference picture information is updated before receiving the password and the picture factor input when the user logs in;
    当判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;When the judgment result is that the interference picture information is updated, the updated interference picture information is displayed;
    所述处理器执行接收用户登录时输入的密码和图片因子的操作,包括: The processor performs an operation of receiving a password and a picture factor input when the user logs in, including:
    接收用户登录时输入的密码和用户登录时从所述更新后的干扰图片信息中选择的图片因子。The password input when the user logs in and the picture factor selected from the updated interference picture information when the user logs in are received.
  45. 如权利要求43或44所述的设备,其特征在于,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:The device according to claim 43 or 44, wherein the processor is further configured to perform the following operations according to program instructions stored in the memory:
    在所述获取用户登录时输入的账号之前,获取用户注册时输入的账号;Obtaining an account entered when the user registers, before obtaining the account entered when the user logs in;
    当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因子的提示信息;When an instruction for enabling the picture factor authentication function for the account is obtained, prompt information for inputting a picture factor is displayed;
    接收用户注册时输入的密码和图片因子;Receiving the password and picture factor entered when the user registers;
    根据所述账号、所述密码和所述图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。Performing user registration according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
  46. 如权利要求45所述的设备,其特征在于,所述处理器执行所述接收用户注册时输入的密码和图片因子的操作,包括:The device according to claim 45, wherein the processor performs the operation of receiving a password and a picture factor input when the user registers, including:
    接收用户注册时输入的密码;Receive the password entered when the user registers;
    随机生成图片列表,显示所述图片列表;Randomly generating a picture list to display the picture list;
    接收用户注册时从所述图片列表中选择图片的指令;Receiving an instruction to select a picture from the picture list when the user registers;
    将用户选择的图片作为图片因子。The picture selected by the user is taken as the picture factor.
  47. 如权利要求45所述的设备,其特征在于,所述处理器执行所述接收用户注册时输入的密码和图片因子的操作,包括:The device according to claim 45, wherein the processor performs the operation of receiving a password and a picture factor input when the user registers, including:
    接收用户注册时输入的密码;Receive the password entered when the user registers;
    接收用户上传图片的指令;Receiving an instruction for a user to upload a picture;
    将用户上传的图片作为图片因子。Use the user-uploaded image as a picture factor.
  48. 如权利要求47所述的设备,其特征在于,所述处理器执行所述将用户上传的图片作为图片因子的操作,包括:The device according to claim 47, wherein the processor performs the operation of using the image uploaded by the user as a picture factor, comprising:
    对用户上传的图片按统一规格进行剪裁;The user uploaded images are tailored according to uniform specifications;
    将剪裁后的图片作为图片因子。Use the cropped image as the image factor.
  49. 如权利要求47或48所述的设备,其特征在于,所述处理器还用于 根据所述存储器中存储的程序指令执行以下操作:A device according to claim 47 or 48, wherein said processor is further The following operations are performed according to the program instructions stored in the memory:
    显示共享用户上传的图片的提示信息;Display prompt information for sharing pictures uploaded by users;
    接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。Receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to generate interference picture information for other accounts according to the picture uploaded by the user.
  50. 如权利要求47所述的设备,其特征在于,所述用户上传的图片为用户绘制的签名图片;The device according to claim 47, wherein the picture uploaded by the user is a signature picture drawn by the user;
    所述处理器执行所述接收用户登录时输入的密码和图片因子的操作,包括:The processor performs the operation of receiving the password and the picture factor input when the user logs in, including:
    接收用户登录时输入的密码和用户绘制的图片因子;Receiving the password entered by the user when logging in and the picture factor drawn by the user;
    所述处理器执行所述根据所述账号、所述密码和所述图片因子进行用户登录认证的操作,包括:The processor performs the operation of performing user login authentication according to the account, the password, and the picture factor, including:
    通过核实所述账号、所述密码是否正确,以及,通过比对所述图片因子与所述签名图片的相似度,进行用户登录认证。User login authentication is performed by verifying the account number, whether the password is correct, and by comparing the similarity between the picture factor and the signature picture.
  51. 如权利要求43所述的设备,其特征在于,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:The device according to claim 43, wherein said processor is further configured to perform the following operations according to program instructions stored in said memory:
    在所述获取用户登录时输入的账号,查询所述账号是否启用了图片因子认证功能之后,当查询结果为所述账号未启用图片因子认证功能时,接收用户输入的密码;After the user account is logged in to obtain the image factor authentication function, when the query result is that the account factor authentication function is not enabled, the password input by the user is received;
    根据所述账号和所述密码进行用户登录认证。User login authentication is performed according to the account number and the password.
  52. 如权利要求51所述的设备,其特征在于,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:The device according to claim 51, wherein said processor is further configured to perform the following operations according to program instructions stored in said memory:
    用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
    当查询结果为所述账号未启用图片因子认证功能时,根据用户的指令对所述账号启用图片因子认证功能;When the result of the query is that the picture factor authentication function is not enabled on the account, the picture factor authentication function is enabled on the account according to the user's instruction;
    显示输入图片因子的提示信息; Display prompt information for input picture factor;
    接收用户输入的图片因子;Receiving a picture factor input by the user;
    根据所述账号、所述密码和所述图片因子重新进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。Re-registering the user according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
  53. 如权利要求43至52中任一权利要求所述的设备,其特征在于,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:The device according to any one of claims 43 to 52, wherein the processor is further configured to perform the following operations according to program instructions stored in the memory:
    用户登录后,根据用户的指令查询所述账号是否启用了图片因子认证功能;After the user logs in, the user is queried according to the user's instruction whether the picture factor authentication function is enabled.
    当查询结果为所述账号启用了图片因子认证功能时,根据用户的指令对所述账号取消图片因子认证功能;When the result of the query is that the picture factor authentication function is enabled for the account, the picture factor authentication function is cancelled according to the user's instruction;
    根据所述账号和所述密码重新进行用户注册。Re-registering the user according to the account number and the password.
  54. 如权利要求43至53中任一权利要求所述的设备,其特征在于,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:The device according to any one of claims 43 to 53, wherein the processor is further configured to perform the following operations according to program instructions stored in the memory:
    获取用户找回密码时输入的账号;Obtain the account entered when the user retrieves the password;
    查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
    当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
    接收用户输入的验证码和图片因子;Receiving a verification code and a picture factor input by the user;
    根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。The user retrieves the password authentication according to the account number, the verification code, and the picture factor.
  55. 如权利要求43所述的设备,其特征在于,所述处理器执行所述根据所述账号、所述密码和所述图片因子进行用户登录认证的操作,包括:The device according to claim 43, wherein the processor performs the operation of performing user login authentication according to the account, the password, and the picture factor, including:
    当所述账号、所述密码和所述图片因子都正确时,确认认证成功,显示认证成功的登陆认证结果;When the account number, the password, and the picture factor are all correct, confirm that the authentication is successful, and display the login authentication result that the authentication is successful;
    当所述账号、所述密码和所述图片因子中至少一个不正确时,确认认证失败,显示认证失败的登陆认证结果。When at least one of the account number, the password, and the picture factor is incorrect, the authentication failure is confirmed, and the login authentication result of the authentication failure is displayed.
  56. 如权利要求43至55中任一权利要求所述的设备,其特征在于,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作: The device according to any one of claims 43 to 55, wherein the processor is further configured to perform the following operations according to program instructions stored in the memory:
    当连续认证失败的次数超过预设次数时,锁定所述账号。When the number of consecutive authentication failures exceeds a preset number of times, the account is locked.
  57. 一种双因子认证设备,其特征在于,所述设备包括:A two-factor authentication device, the device comprising:
    存储器;Memory
    处理器;processor;
    所述存储器用于存储程序指令;The memory is configured to store program instructions;
    所述处理器用于根据所述存储器中存储的程序指令执行以下操作:The processor is configured to perform the following operations according to program instructions stored in the memory:
    获取用户找回密码时输入的账号;Obtain the account entered when the user retrieves the password;
    查询所述账号是否启用了图片因子认证功能;Query whether the picture factor authentication function is enabled in the account;
    当查询结果为所述账号启用了图片因子认证功能时,显示输入图片因子的提示信息;When the query result is that the picture factor authentication function is enabled for the account, the prompt information of the input picture factor is displayed;
    接收用户找回密码时输入的验证码和图片因子;Receiving the verification code and picture factor input when the user retrieves the password;
    根据所述账号、所述验证码和所述图片因子进行用户找回密码认证。The user retrieves the password authentication according to the account number, the verification code, and the picture factor.
  58. 如权利要求57所述的设备,其特征在于,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:The device according to claim 57, wherein said processor is further configured to perform the following operations according to program instructions stored in said memory:
    在所述接收用户找回密码时输入的验证码和图片因子之前,判断干扰图片信息是否发生更新;Determining whether the interference picture information is updated before the verification code and the picture factor input when the user retrieves the password is received;
    当判断结果为干扰图片信息发生更新时,显示更新后的干扰图片信息;When the judgment result is that the interference picture information is updated, the updated interference picture information is displayed;
    所述处理器执行所述接收用户找回密码时输入的验证码和图片因子的操作,包括:The processor performs the operation of receiving the verification code and the picture factor input when the user retrieves the password, including:
    接收用户找回密码时输入的验证码和用户找回密码时从所述更新后的干扰图片信息中选择的图片因子。The verification code input when the user retrieves the password and the picture factor selected from the updated interference picture information when the user retrieves the password.
  59. 如权利要求57或58所述的设备,其特征在于,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:The device according to claim 57 or 58, wherein the processor is further configured to perform the following operations according to the program instructions stored in the memory:
    在所述获取用户找回密码时输入的账号之前,获取用户注册时输入的账号;Obtaining an account entered when the user registers, before obtaining the account entered when the user retrieves the password;
    当获取到对所述账号启用图片因子认证功能的指令时,显示输入图片因 子的提示信息;When an instruction to enable the picture factor authentication function for the account is obtained, the input picture is displayed due to Sub-information information;
    接收用户注册时输入的密码和图片因子;Receiving the password and picture factor entered when the user registers;
    根据所述账号、所述密码和所述图片因子进行用户注册,并为所述账号生成包含所述图片因子的干扰图片信息。Performing user registration according to the account number, the password, and the picture factor, and generating interference picture information including the picture factor for the account.
  60. 如权利要求59所述的设备,其特征在于,所述处理器执行所述接收用户注册时输入的密码和图片因子的操作,包括:The device according to claim 59, wherein the processor performs the operation of receiving a password and a picture factor input when the user registers, including:
    接收用户注册时输入的密码;Receive the password entered when the user registers;
    接收用户上传图片的指令;Receiving an instruction for a user to upload a picture;
    将用户上传的图片作为图片因子。Use the user-uploaded image as a picture factor.
  61. 如权利要求60所述的设备,其特征在于,所述处理器执行所述将用户上传的图片作为图片因子的操作,包括:The device according to claim 60, wherein the processor performs the operation of using the image uploaded by the user as a picture factor, including:
    对用户上传的图片按统一规格进行剪裁;The user uploaded images are tailored according to uniform specifications;
    将剪裁后的图片作为图片因子。Use the cropped image as the image factor.
  62. 如权利要求60或61所述的设备,其特征在于,所述处理器还用于根据所述存储器中存储的程序指令执行以下操作:The device according to claim 60 or claim 61, wherein the processor is further configured to perform the following operations according to program instructions stored in the memory:
    显示共享用户上传的图片的提示信息;Display prompt information for sharing pictures uploaded by users;
    接收用户的指令,根据所述指令将所述用户上传的图片共享,以便能够根据所述用户上传的图片为其他账号生成干扰图片信息。Receiving an instruction of the user, sharing the picture uploaded by the user according to the instruction, so as to be able to generate interference picture information for other accounts according to the picture uploaded by the user.
  63. 如权利要求60所述的设备,其特征在于,所述用户上传的图片为用户绘制的签名图片;The device according to claim 60, wherein the picture uploaded by the user is a signature picture drawn by a user;
    所述处理器执行所述接收用户找回密码时输入的验证码和图片因子的操作,包括:The processor performs the operation of receiving the verification code and the picture factor input when the user retrieves the password, including:
    接收用户找回密码时输入的验证码和用户绘制的图片因子;Receiving the verification code input by the user when the password is retrieved and the picture factor drawn by the user;
    所述根据所述账号、所述验证码和所述图片因子进行用户找回密码认证,包括:Performing user password recovery authentication according to the account number, the verification code, and the picture factor, including:
    通过核实所述账号、所述验证码是否正确,以及,通过比对所述图片因 子与所述签名图片的相似度,进行用户找回密码认证。 By verifying the account number, whether the verification code is correct, and by comparing the pictures due to The similarity between the child and the signature picture is performed, and the user retrieves the password authentication.
PCT/CN2015/082495 2015-06-26 2015-06-26 Two-factor authentication method, device and apparatus WO2016206090A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201580029554.7A CN106489155A (en) 2015-06-26 2015-06-26 Double factor authentication method, device and equipment
PCT/CN2015/082495 WO2016206090A1 (en) 2015-06-26 2015-06-26 Two-factor authentication method, device and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/082495 WO2016206090A1 (en) 2015-06-26 2015-06-26 Two-factor authentication method, device and apparatus

Publications (1)

Publication Number Publication Date
WO2016206090A1 true WO2016206090A1 (en) 2016-12-29

Family

ID=57584481

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/082495 WO2016206090A1 (en) 2015-06-26 2015-06-26 Two-factor authentication method, device and apparatus

Country Status (2)

Country Link
CN (1) CN106489155A (en)
WO (1) WO2016206090A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111359221A (en) * 2020-03-08 2020-07-03 北京智明星通科技股份有限公司 Anti-theft method, system and server for mobile phone game account
CN111611565A (en) * 2020-05-11 2020-09-01 叶春林 Autonomous reaching type safety verification system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107818504A (en) * 2017-09-27 2018-03-20 上海维信荟智金融科技有限公司 The automation signature method and system of contract
CN111695910B (en) * 2020-06-12 2023-11-21 中国银行股份有限公司 Security authentication method and device, storage medium and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070074119A1 (en) * 2005-09-27 2007-03-29 Nec Nexsolutions, Ltd. Image array authentication system
CN101309147A (en) * 2008-06-13 2008-11-19 兰州大学 Identity authentication method based on image password
CN101663672A (en) * 2007-02-21 2010-03-03 维杜普有限责任公司 The method and system that is used for graphical image authentication
CN102354354A (en) * 2011-09-28 2012-02-15 辽宁国兴科技有限公司 Information fingerprint technique based picture password generation and authentication method
CN103548031A (en) * 2011-05-24 2014-01-29 微软公司 Picture gesture authentication

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067371A (en) * 2012-12-24 2013-04-24 广州杰赛科技股份有限公司 Cloud terminal identity authentication method and system
CN103313246B (en) * 2013-06-05 2016-02-03 中国科学院计算技术研究所 A kind of wireless sense network double factor authentication method and device and network thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070074119A1 (en) * 2005-09-27 2007-03-29 Nec Nexsolutions, Ltd. Image array authentication system
CN101663672A (en) * 2007-02-21 2010-03-03 维杜普有限责任公司 The method and system that is used for graphical image authentication
CN101309147A (en) * 2008-06-13 2008-11-19 兰州大学 Identity authentication method based on image password
CN103548031A (en) * 2011-05-24 2014-01-29 微软公司 Picture gesture authentication
CN102354354A (en) * 2011-09-28 2012-02-15 辽宁国兴科技有限公司 Information fingerprint technique based picture password generation and authentication method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111359221A (en) * 2020-03-08 2020-07-03 北京智明星通科技股份有限公司 Anti-theft method, system and server for mobile phone game account
CN111611565A (en) * 2020-05-11 2020-09-01 叶春林 Autonomous reaching type safety verification system

Also Published As

Publication number Publication date
CN106489155A (en) 2017-03-08

Similar Documents

Publication Publication Date Title
US10735182B2 (en) Apparatus, system, and methods for a blockchain identity translator
US10735196B2 (en) Password-less authentication for access management
US20230231718A1 (en) Method of using one device to unlock another device
JP6517359B2 (en) Account restoration protocol
US8955076B1 (en) Controlling access to a protected resource using multiple user devices
US8752145B1 (en) Biometric authentication with smart mobile device
US11184353B2 (en) Trusted status transfer between associated devices
US7571473B1 (en) Identity management system and method
US10225283B2 (en) Protection against end user account locking denial of service (DOS)
KR101451359B1 (en) User account recovery
US11729158B2 (en) Systems and methods for identity verification via third party accounts
WO2019134234A1 (en) Rooting-prevention log-in method, device, terminal apparatus, and storage medium
CN111567013A (en) Method and apparatus for managing user authentication in a blockchain network
EP3206329A1 (en) Security check method, device, terminal and server
CN105141427A (en) Login authentication method, device and system based on voiceprint recognition
WO2016206090A1 (en) Two-factor authentication method, device and apparatus
US20220182388A1 (en) Transfer of trust between authentication devices
US11943366B2 (en) Efficient transfer of authentication credentials between client devices
JP2003099404A (en) Identification server device, client device, user identification system using them, and user identification method, its computer program and recording medium having the program recorded thereon
JP3974070B2 (en) User authentication device, terminal device, program, and computer system
US20240154956A1 (en) Authentication System and Method for Windows Systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15895989

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15895989

Country of ref document: EP

Kind code of ref document: A1