WO2019047880A1 - Appareil et procédé d'authentification de personne réelle - Google Patents

Appareil et procédé d'authentification de personne réelle Download PDF

Info

Publication number
WO2019047880A1
WO2019047880A1 PCT/CN2018/104273 CN2018104273W WO2019047880A1 WO 2019047880 A1 WO2019047880 A1 WO 2019047880A1 CN 2018104273 W CN2018104273 W CN 2018104273W WO 2019047880 A1 WO2019047880 A1 WO 2019047880A1
Authority
WO
WIPO (PCT)
Prior art keywords
account
information
user
real person
real
Prior art date
Application number
PCT/CN2018/104273
Other languages
English (en)
Chinese (zh)
Inventor
厉科嘉
Original Assignee
阿里巴巴集团控股有限公司
厉科嘉
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司, 厉科嘉 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2019047880A1 publication Critical patent/WO2019047880A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the embodiments disclosed in the present specification relate to the field of Internet technologies, and in particular, to a method and apparatus for constructing an account map for real-time authentication, and a real-person authentication method and apparatus.
  • the authentication information in the real-name authentication process mainly includes the user's item information and the user's biometric information.
  • the user's item information includes the user's ID card, mobile phone and mailbox, as well as the user's pre-set password and security issues.
  • the biometric information of the user includes fingerprint information, face information, iris information, and sound information.
  • the user's item information is leaky, and the user's biometrics are at risk of copying and misappropriation during the collection process, it is necessary to provide a more reliable scheme for authenticating the user's identity.
  • This specification describes a method and apparatus for constructing an account map for real person authentication, and a real person authentication method and apparatus.
  • constructing an account map and using a account map to authenticate the user the user identity is improved. Credibility of certification.
  • a method of constructing an account map for real-person authentication includes:
  • the real person information including the certificate information and/or the biometric identification information
  • the account information is an intermediate layer
  • the behavior data is an outer layer
  • the first association and the second association are used as an inter-layer association
  • an account map is constructed for real-person authentication.
  • a method of authenticating a person includes:
  • the account map When detecting an operation request for performing an account operation on the first account by the user, searching for an account map corresponding to the real person information according to the real person information included in the registration information of the first account; the account map includes Information of the second account associated with the real person information, and behavior data associated with the second account;
  • an apparatus for constructing an account map for real-time authentication includes:
  • a first acquiring unit configured to acquire real user information of the user, where the real person information includes the certificate information and/or the biometric identification information;
  • a second obtaining unit configured to acquire account information of the user, where the account information includes an account
  • a third obtaining unit configured to acquire behavior data of the user operating the account
  • An association unit configured to establish a first association between the real person information and the account information, and establish a second association between the account information and the behavior data
  • a building unit configured to use the real person information as a core layer, the account information is an intermediate layer, the behavior data is an outer layer, and the first association and the second association are used as an inter-layer association to construct an account map. Really certified.
  • a real authentication device in a fourth aspect, includes:
  • a search unit configured to search for an account map corresponding to the real person information according to the real person information included in the registration information of the first account when detecting an operation request of the user to perform an account operation on the first account;
  • the account map includes information of a second account associated with the real person information, and behavior data associated with the second account;
  • a processing unit configured to provide a verification content of the real person authentication to the user according to the behavior data
  • the determining unit receives the verification operation result of the verification content by the user, and determines whether the user passes the real person authentication according to the verification operation result.
  • the present invention provides a method and a device for constructing an account map for real-time authentication, by using relevant information about the user (eg, certificate information, biometric identification information, an account issuing authority, an account number, and an account behavior data). Etc.) to collect, and create the association of these information, build an account map including the core layer, the middle layer and the outer layer, and update the account of the middle layer by real authentication, and associate the middle layer account with the created information. The value is updated and the account map can be used for real-life authentication.
  • relevant information about the user eg, certificate information, biometric identification information, an account issuing authority, an account number, and an account behavior data.
  • Etc. to collect, and create the association of these information, build an account map including the core layer, the middle layer and the outer layer, and update the account of the middle layer by real authentication, and associate the middle layer account with the created information.
  • the value is updated and the account map can be used for real-life authentication.
  • the manual authentication method and device provided by the manual obtains the account information and the behavior data by searching the account map corresponding to the real person information in the account registration information, and according to the real person information and the account information in the account map. And the behavior data generates the verification content, and the real account authentication is performed on the first account being operated by the user, thereby improving the credibility of authenticating the user identity.
  • FIG. 1 is a schematic diagram of an application scenario of a real person authentication method according to an embodiment of the present disclosure
  • FIG. 2 is a structural diagram of an account map provided by an embodiment of the present disclosure
  • FIG. 3 is a flowchart of a method for constructing an account map for real person authentication according to an embodiment of the present disclosure
  • FIG. 5 is a flowchart of a real person authentication method provided by an embodiment of the present disclosure.
  • FIG. 6 is a schematic diagram of real authentication content provided by an embodiment of the present disclosure.
  • FIG. 7 is a flowchart of a real person authentication method provided by another embodiment disclosed in the present specification.
  • FIG. 8 is a schematic diagram of real authentication content provided by another embodiment disclosed in the present specification.
  • FIG. 9 is a flowchart of an account adding method in an account map provided by an embodiment of the present disclosure.
  • FIG. 10 is a schematic diagram of an apparatus for constructing an account map for real-life authentication according to an embodiment of the disclosure.
  • FIG. 11 is a schematic structural diagram of a real person authentication apparatus according to an embodiment of the present disclosure.
  • FIG. 1 is a schematic diagram of an application scenario of a real person authentication method according to an embodiment of the present disclosure.
  • the server for example, the server can be the server of the Alipay application
  • the terminal for example, the terminal can be a mobile phone, a tablet, a wearable smart device, etc.
  • the first account eg, the first account can
  • an account operation is performed for an Alipay account (for example, the account operation may be for registering the first account or using the funds in the first account)
  • the real person authentication provided by the multiple embodiments disclosed in the present specification may be used.
  • the method performs real-person authentication on the first account to check whether the user who performs the operation request of the account operation on the first account and the real person information in the registration information of the first account (for example, the real person information may be a name and an ID card) No.) matches.
  • the real person authentication methods provided by the various embodiments disclosed in the present specification are all executed based on the constructed account map.
  • the following is an introduction to the method of constructing an account map for real-life authentication.
  • FIG. 2 is a structural diagram of an account map provided by an embodiment of the present disclosure. As shown in FIG. 2, the account map includes a core layer, an intermediate layer, and an outer layer from the inside to the outside.
  • FIG. 3 is a flowchart of a method for constructing an account map for real person authentication according to an embodiment of the present disclosure.
  • the execution body of the method may be a device with processing capability: a server or a system or device, and the method includes:
  • Step S310 acquiring real user information of the user, the real person information including the certificate information and/or the biometric identification information.
  • the real person information of the user is obtained, and the real person information can uniquely identify an entity in the real world.
  • the entity may be a natural person or an organization
  • the real person information may include a natural person's ID (eg, the ID may be an ID card, a driver's license, a real estate license) information, and biometrics (eg, biometrics may be faces, fingerprints, irises) Identification information, etc.
  • the real person information may include the unified social credit code of the organization, the name of the organization, the registration number of the institution, and the like.
  • Step S320 obtaining account information of the user, where the account information includes an account.
  • the account information of the user is obtained, and the account information may include an account.
  • Each account is generated and issued by the issuing authority of the account according to the user's real person information, and each account is unique within the issuing authority of the account.
  • the account number issued by different issuing organizations may be the same. Therefore, for the account number in the account map, the expression can be: authority + account number, for example, account number 12345678 issued by Alipay, its expression in the account map The form is: Alipay 12345678. Therefore, the expression of each account in the account information is unique.
  • Step S330 Obtain behavior data of the user operating the account.
  • the behavior data of the user operating on the account is obtained, and the data is generated by the account.
  • the behavior data may include: establishing an friend relationship with another account, changing the account password, and performing fund transaction behavior of the account. For example, a user purchased a shirt through a Taobao account.
  • Step S340 establishing a first association between the real person information and the account information, and establishing a second association between the account information and the behavior data.
  • An association includes a direct association or an indirect association.
  • the plurality of accounts of the middle layer include a direct account directly associated with the real person information, and an indirect account that is indirectly associated with the real person information through the direct account.
  • the customer number generated and issued by Alipay based on the user's real person information is 12345678
  • the user number associated with the customer number eg, the user name may include the user name and password
  • the user can register the Alipay user account with two mobile phone numbers.
  • Each user number can be associated with multiple fund accounts (for example, the fund account can be the balance account, the ant fund account, and the health insurance account).
  • the customer number is directly related to the real person information, and the user number is indirectly related to the real person information through the customer number, and the fund account is indirectly associated with the real person information through the user number and the customer number. Only the case where the intermediate account is divided into two layers is shown in FIG. 2, which is not limited thereto.
  • step S350 the real person information is used as the core layer, the account information is used as the middle layer, the behavior data is used as the outer layer, and the first association and the second association are used as the interlayer association, and the account map is constructed for real person authentication.
  • the account information in step S320 may further include the value of the account, and the value of the account includes the real relationship and the business value.
  • the actual relevance of the account may be determined according to the issuing authority of the account. The more authoritative the authority is, the higher the relevance of the account. For example, for an account of a government agency (government department, such as China Railway Customer Service Center, Social Insurance Agency, National Bank), the actual relevance of the account can be rated as 5. For companies with an authority of the world's top 500 (companies, such as Facebook), the real relevance of the account can be rated as 4.
  • the business value of the account can be evaluated based on the behavior data of the account. Behavioral data can include establishing friendships, fund transactions, and the like. For example, for a plurality of bank card accounts bound in Alipay, the business value can be determined according to the transaction type, the number of transactions, and the transaction amount. For example, an Alipay personal account is bound to a number of bank cards on January 1, including China Merchants Bank, China Construction Bank and Industrial and Commercial Bank. The transaction status of these bank card accounts in January is as shown in Table 1. Correspondingly, Determine the business value of these bank accounts based on the transaction.
  • the association structure between accounts may also change, and the behavior data of the account usually increases. Therefore, the value of the account needs to be updated.
  • FIG. 4 is a flow chart of updating the value of an account provided by an embodiment disclosed in the present specification.
  • the method periodically updates the value of the account in an iterative manner.
  • the new behavior data in the outer layer of the map and the change of the account association structure in the middle layer drive the iteration of the account value.
  • the method includes the following steps:
  • Step S410 Starting from the outermost account in the account of the middle layer, calculating the value of the outermost account.
  • the account of the middle layer includes a total of N-level accounts, and N ⁇ 1.
  • the first layer account is an account directly associated with the real person information, and the Nth layer account is the outermost account.
  • step S420 it is determined whether the current account is the innermost account. If it is not the innermost account, step S430 is performed, and if it is the innermost account, the iterative update is completed.
  • N it is determined whether N is equal to 1. If N is equal to 1, it indicates that the current account is the innermost account, and the iteration update is completed, and the process can be ended. If N is not equal to 1, it indicates that the current account is not the innermost account, and step S430 is performed.
  • step S430 a layer is pushed inward.
  • the server can determine the value of the account based on the behavior data of the outer layer of an account and the value of other accounts associated with it. For example, when the account of the middle layer includes multiple accounts, and the plurality of accounts includes a direct account directly associated with the real person information, and an indirect account that is indirectly associated with the real person information through the direct account, the value of the direct account includes the direct The sum of the values of the indirect accounts whose second account is indirectly associated with the real person information.
  • the method for updating the value of the account starts from the outermost account, performs value calculation and update, and advances to the inner layer in turn, according to the outer behavior data of the account and the account.
  • the value of the other account of the affiliate determines the value of the account and updates the account value.
  • This specification provides a method for constructing an account map for real-time authentication, by using relevant information about the user (eg, certificate information, biometric identification information, account issuing authority, account number of the account, behavior data of the account, etc.) Collecting and creating associations of these information, constructing an account map including the core layer, the middle layer, and the outer layer, and updating the value of the middle layer account by the association of the created information, and the account map can be used for real people. Certification.
  • relevant information about the user eg, certificate information, biometric identification information, account issuing authority, account number of the account, behavior data of the account, etc.
  • the real person authentication methods provided by the various embodiments disclosed in the present specification are all executed based on the constructed account map.
  • the basis for authenticating an account is: if the user who performs the operation request of the account operation for the account that needs to perform the real person authentication is the same user as the user corresponding to the real person information in the account registration information, the user should know Relevant information of all accounts in the account map corresponding to the real person information, for example, the account name that the user has registered to use and recent behavior data. Otherwise, the user who performs the operation request of the account operation on the account that needs to perform the real person authentication is using the real person information in the account registration information.
  • the real person authentication method obtained by the multiple embodiments disclosed in the present specification obtains account information and behavior data by searching for an account map corresponding to the real person information in the account registration information, and generates verification according to the account information and the behavior data.
  • the content is authenticated to the first account being operated by the user, thereby improving the credibility of authenticating the user identity.
  • FIG. 5 is a flowchart of a real person authentication method provided by an embodiment of the present disclosure.
  • the execution subject of the method may be a device having processing capabilities: a server or a system or device, such as the server in FIG. As shown in FIG. 5, the method specifically includes:
  • Step S510 when detecting an operation request for performing an account operation on the first account by the user, searching for an account map corresponding to the real person information according to the real person information included in the registration information of the first account.
  • the account map includes a core layer, an intermediate layer and an outer layer
  • the core layer includes real person information
  • the middle layer includes information of a second account associated with the real person information
  • the outer layer includes behavior data associated with the second account.
  • the first account may be an account in the account map.
  • the user may perform the fund transaction through the first account in the account map; or the first account may not be the account in the account map, for example, the user registers the first account for the first time.
  • the registration body of the first account may be a natural person or an organization.
  • the first account may be a user account in Alipay, including a personal account and a business account.
  • the execution entity of this step takes the server of the Alipay application as an example.
  • the first account is not the account number in the account map, and the Alipay personal account is taken as an example, and the user can register the Alipay personal account.
  • the server when registering an Alipay account, the user first needs to fill in the real person information.
  • the server detects an operation request for registering the Alipay account, the server searches for the account map corresponding to the information according to the real person information.
  • the server searches for the account map corresponding to the information according to the real person information, and may include: verifying whether the real person information is legal, and if the real person information is legal, searching for an account map corresponding to the real person information.
  • the user opens the Alipay application on the phone and enters the phone number.
  • the phone number will be used as the personal account that the user uses to log in to the Alipay application.
  • enter the phone verification code to pass the verification of the phone number.
  • the user enters the real person information, which may include the real name, the document type, and the ID number.
  • the name entered by the user is “Zhang San”, the ID of the ID is “ID Card”, and the ID number is “123456200011071234”.
  • the server verifies the real person information input by the user, and the verification result is that the real person information is legal information.
  • the server searches for the account map corresponding to the real person information.
  • Step S520 providing the user with the verification content of the real person authentication according to the behavior data in the account map.
  • the number of the second account in the middle layer of the account map may be one or multiple.
  • the server may provide the user with the verification content of the real person authentication according to the behavior data of the second account.
  • the server may randomly provide the verification content of the real person authentication according to the behavior data of the at least one second account in the second account.
  • the middle layer of the account map includes a Taobao account
  • the server provides the user with the verification content of the real person authentication according to the transaction data of the Taobao account, such as the last month, as shown in FIG. The item purchased by the user in the last month using the Taobao account.
  • Step S530 receiving a verification operation result of the verification content by the user, and determining, according to the operation result, whether the user passes the real person authentication.
  • the user performs a verification operation result on the verification content, and compares the operation result with the behavior data, and determines whether the user passes the real person authentication according to the preset real person authentication determination condition.
  • the verification content is as shown in FIG. 6, and the result of the operation received by the server is that the user clicks on "shirt”, “milk” and “watch”.
  • the actual behavior data includes: the user bought “shirts”, “milk” and “watches” on Taobao in the last month.
  • the server presupposes the real person authentication condition: if the user correctly selects all the purchased products, the user passes the real person authentication, and if the user misselects or misses the purchased product, the user does not pass the real person authentication. It can be seen from this that the judgment result of the server is that the user passes the real person authentication.
  • the verification content is as shown in FIG. 6, and the result of the operation received by the server is that the user clicks on "hairy crab", "shirt” and “soda”.
  • the actual behavior data includes: the user bought “shirts”, “milk” and “watches” on Taobao in the last month.
  • the server presupposes the real person authentication condition: if the user correctly selects all the purchased products, the user passes the real person authentication, and if the user misselects or misses the purchased product, the user does not pass the real person authentication. It can be seen from this that the judgment result of the server is that the user has not passed the real person authentication.
  • the method may further include: presenting prompt information if the user does not pass the real person authentication, and the prompt information is used to prompt the user to continue or re-establish the real person authentication.
  • the prompt information is presented, and the information of the first account is added to the account map.
  • the prompt information is presented, and the content of the prompt information may be that the user has passed the real person authentication.
  • the user registers the first account, and when the server detects that the user performs the registration operation on the first account, initiates a real person authentication for the user. If the user passes the real person authentication, the user is prompted to have passed the real person authentication. And the first account is successfully registered.
  • the information of the first account is added to the account map associated with the real person information in the registration information of the first account. Moreover, the association relationship between the first account and the other second account can be established, and the behavior data associated with the first account is recorded.
  • the real person authentication method when detecting an operation request for performing an account operation on the first account by the user, searching and realizing the information according to the real person information included in the registration information in the first account.
  • the corresponding account map according to the behavior data in the account map, provides the user with the verification content of the real person authentication, so as to authenticate the user, thereby improving the credibility of authenticating the user identity.
  • FIG. 7 is a flowchart of a real person authentication method provided by another embodiment disclosed in the present specification.
  • the execution subject of the method may be a device having processing capabilities: a server or a system or device, such as the server in FIG.
  • the second account is a plurality of second accounts. As shown in FIG. 7, the method specifically includes:
  • Step S710 When detecting an operation request for performing an account operation on the first account by the user, searching for an account map corresponding to the real person information according to the real person information included in the registration information of the first account.
  • the execution entity of this step takes the server of the Alipay application as an example.
  • the first account is an account in the account map, and the Alipay personal account is taken as an example, and the user can conduct the fund transaction through the Alipay personal account.
  • the user logs in to the Alipay application using the registered personal account, and performs a fund transaction.
  • the server detects an operation request for performing a fund transaction operation on the Alipay account
  • the user searches for an account map corresponding to the information according to the real person information.
  • the server searches for the account map corresponding to the information according to the real person information, and the method may include: the server performs real person information authentication on the user according to the real person information in the registration information, and if the user passes the real person information authentication, the real person is The information finds an account map corresponding to the information.
  • the user logs in to the Alipay application using the personal account number 13811111111, and initiates an operation of transferring all the funds in the Alipay balance to 10,000 yuan to an unfamiliar account (the unfamiliar account can be a non-friend account).
  • the server detects a large transaction operation on the account, and determines that the operation has a high risk.
  • the user is authenticated according to the real person information in the account registration information.
  • the real person information authentication may include: requiring the user to input the user's name and ID number, or the system sends the transaction verification code to the mobile phone number in the personal account, and the user is required to input the verification code. If the user authenticates through the real person information, the account map corresponding to the information is searched according to the real person information.
  • Step S720 the server selects at least two second accounts from the plurality of second accounts.
  • the server may randomly select at least two second accounts from the plurality of second accounts.
  • the middle layer of the account map includes a plurality of second accounts, such as an intermediate layer including an Alipay account, a Taobao account, a China Railway Customer Service Center account, a flying pig travel account, and a bank card account.
  • the server can randomly select the Taobao account and the Qunar network account from the second account.
  • the server may select at least two second accounts according to the value of the plurality of second accounts, the value including the business value and the real relevance.
  • the first account is an Alipay account
  • the Alipay account is a high value account
  • the server may select two accounts with lower values according to the value of each of the plurality of second accounts.
  • Table 1 the business value of the China Merchants Bank account number, the construction bank and the ICBC account number are 2, 10 and 4, respectively, and the three have the same real relevance. It is possible to select the China Merchants Bank account number and the ICBC account number for presentation to the user.
  • Step S730 presenting information of the selected at least two second accounts to the user, and receiving the second account selected by the user.
  • the server presents the information of the selected at least two second accounts to the user, and the information of the second account may include the information of the issuing authority of the second account, the account name, and the like, and determines the second account selected by the user.
  • At least two second accounts selected by the server include a flying pig travel account: 11111@qq.com and a Taobao account number: 22222@126.com, and the server presents the icon of the flying pig travel and the icon of the Taobao network to the user, such as As shown in FIG. 8, the second account selected by the user is received as a Taobao account.
  • the server presents the information of the selected at least two second accounts to the user, where the server may: the server desensitizes the information of the selected at least two accounts, and presents the user with desensitization processing. Information of at least two second accounts.
  • the desensitization process refers to the deformation of some sensitive information through desensitization rules to achieve reliable protection of sensitive private data, for example, hiding certain bits of the account.
  • the terminal desensitizes the information of the selected China Merchants Bank account number: 1234567890987654321 and ICBC account number: 987653210123456789, hides some of the China Merchants Bank account number and the ICBC account number, and desensitizes the China Merchants Bank account number and business
  • the bank account number can be:**********4321,***************6789.
  • Step S740 searching for the behavior data associated with the account in the account map according to the second account selected by the user, and providing the user with the verification content of the real person authentication according to the behavior data.
  • the server searches for the behavior data associated with the account in the account map according to the second account selected by the user, and generates verification content of the real person authentication according to the behavior data, and the verification content of the real person authentication may include whether the user uses the second account. Make certain behaviors, such as establishing a friend relationship, conducting a transaction, etc., collecting certain data information, and so on.
  • the server receives the second account selected by the user as an ICBC account, and the first account is an Alipay account that has been registered for use.
  • the verification content generated by the server for real-life authentication includes: making a payment to the ICBC account number, the amount of the payment can be 0.01-0.99, and letting the user input the specific amount of the payment on the authentication page of the Alipay application.
  • Step S750 receiving a verification operation result of the verification content by the user, and determining whether the user passes the real person authentication according to the operation result.
  • the user performs a verification operation result on the verification content, and compares the operation result with the behavior data, and determines whether the user passes the real person authentication according to the preset real person authentication determination condition.
  • the preset real-person authentication criterion is: if the user inputs the correct amount of the payment on the Alipay authentication page of the Alipay, the user passes the real person authentication. Otherwise, the user does not pass the real person certification. For example, if the correct amount of payment in a verification process is 0.07 yuan, and the server receives the amount of the user input, the amount of the payment is 0.07 yuan, the server determines that the user passes the real person authentication. For another example, if the correct amount of the payment is 0.06 yuan in a verification process, and the server receives the amount of the payment input by the user as 0.02 yuan, the server determines that the user has not passed the real person authentication.
  • the method may further include: if the user passes the real person authentication, presenting the prompt information, prompting the user to pass the real person authentication, and continuing to perform the original operation. For example, the user initiates a large transaction to transfer to an unfamiliar account by using the Alipay account, and the server detects the operation of the user on the Alipay account, and the operation is a high-risk operation, and initiates a real person authentication for the user, if the user passes the real If the person is authenticated, the transfer operation continues.
  • the real person authentication method when detecting an operation request for performing an account operation on the first account by the user, searching and realizing the information according to the real person information included in the registration information in the first account.
  • Corresponding account map when the account map includes multiple second accounts, randomly select or select at least two second accounts according to the value of the second account, for further selection by the user, and according to the account map and the user selection
  • the behavior data associated with the second account generates a verification content of the real person authentication to authenticate the user, thereby improving the credibility of authenticating the user identity.
  • FIG. 9 is a flowchart of an account adding method in an account map provided by an embodiment of the present disclosure.
  • the execution subject of the method may be a device having processing capabilities: a server or a system or device, such as the server in FIG.
  • the server performs the operation of adding the first account to the account map, usually under the premise that the account has passed the pre-authentication or the system authorizes the account.
  • the pre-authentication includes verifying the legality of the real information in the registration information of the account, and the system authorizing the account includes allowing the system to join the account map or delete from the account map.
  • the method specifically includes:
  • Step S910 determining whether the operation of the first account is a system operation or a user operation. If it is a system operation, step S920 is performed. If it is a user operation, step S930 is performed.
  • the system detects that the newly issued first account has not been added to the account map, and initiates an operation of adding the account to the account map. Or, when a user registers an account, the usage platform of the account requires the user to perform real person authentication.
  • step S920 the system authority is verified.
  • the authority of the system for performing the operation request of the account operation on the first account is verified. If the authority of the system is high enough, for example, the system is a government system, the first account can be directly added to the account map by directly responding to the operation of the first account. If the authority of the system is not high enough, for example, the system is a system of a company with a lower credit rating, the first account fails to be associated with the account map.
  • the user opens a bank account to the bank
  • the identity authentication method used by the bank can determine that the real information provided by the user is consistent with the identity of the user himself.
  • the banking system can initiate the operation of adding the bank account to the account map.
  • the server verifies the authority of the banking system, determines that it has sufficient authority, and adds the bank account to The account map associated with the user's real person information.
  • Step S930 determining the challenge range of the real person authentication according to the data in the account map.
  • the account map associated with the real person information is searched. Based on the data in the account map, determine the scope of the challenge for real-life authentication.
  • the challenge scope may include real-life information of the core layer in the account map, such as address information, and a second account of the middle layer, such as information of a Taobao account.
  • Step S940 determining a challenge range selected by the user.
  • the user can further select the challenge range from the range of challenges determined by the server. For example, the user chooses to verify the Taobao account example****@taobao.com.
  • step S950 the challenge task of the real person authentication is determined according to the challenge range selected by the user.
  • a challenge task is generated from the behavior data based on the account, for example, the challenge task is to select the latest shopping record.
  • Step S960 receiving an operation result of the user on the challenge task, and determining whether the user passes the challenge.
  • the server judges the operation result of the challenge task. If the server determines that the user has passed the challenge, the first account is associated with the account map.
  • step S970 is performed.
  • step S970 it is determined whether to continue the challenge.
  • step S930 is performed to proceed to the next cycle. If the server determines that the user is not allowed to continue the challenge or the user abandons the challenge, step S980 is performed.
  • step S980 it is determined whether the association is forced.
  • the association between the first account and the account map fails. If the first account can be forced to associate the account map, the first account is successfully associated with the account map, and the first account is marked.
  • some services may not rely on the actual authentication results of the account.
  • the account can still enter the account map, the account is added to the account map, and fraud or other markup is set.
  • These tags can be used in certain scenarios.
  • the server determines the challenge range based on the tags with the tags in step S830, and alerts the business users of the account that there is a risk of fraud.
  • the account with the mark is converted according to the original calculated value according to a certain ratio.
  • step S930 the method further includes: determining, according to the value of the first account, that the user needs to perform multiple rounds of challenges.
  • the server determines, according to the value of the first account, that the user needs to perform multiple rounds of challenges, and the challenge range in the multiple rounds of challenges may be selected according to the value of the second account. For example, select a second account with a higher value, or select a second account with a lower value, or a second account with a higher value and a value.
  • the server may freeze the low-value second account according to the result of the user completing the challenge task.
  • the server detects that a high value account is performing a high risk operation. If the server detects that the Alipay account is transferring the entire balance to an unfamiliar account, the server initiates a real person authentication for the account. Real-life certification includes multiple rounds of challenges, such as three rounds of challenges based on the same high-value account, and one round of challenges based on low-value accounts. If the user successfully passes the 3 rounds of challenges based on the same high value account, but does not pass the challenge based on the low value account, at this time, it can be judged that the low value account may be fraudulent, so the low value account can be frozen.
  • step S960 the method may further include: if the user passes the current challenge, proceeding to step S930 until the user successfully passes all the challenges, adding the account to the account map.
  • the method for adding an account in the account map provided by one embodiment disclosed in the present specification can directly add the first account to the account according to the high authority of the system when the subject of the operation request for performing the account operation on the first account is determined. Map.
  • the subject is a user
  • the real person authentication may be initiated, and according to the result of the real person authentication, whether the first account is added to the account map is added, thereby increasing the reliability of the account information in the account map and ensuring the security of the user information.
  • the embodiments disclosed in the present specification further provide a device for constructing an account map for real person authentication.
  • the device includes:
  • the first obtaining unit 1010 is configured to acquire real person information of the user, and the real person information includes the certificate information and/or the biometric identification information;
  • the second obtaining unit 1020 is configured to acquire account information of the user, where the account information includes an account.
  • the third obtaining unit 1030 is configured to obtain behavior data that the user operates on the account.
  • the associating unit 1040 is configured to establish a first association between the real person information and the account information, and establish a second association between the account information and the behavior data.
  • the building unit 1050 is configured to use the real person information as the core layer, the account information as the middle layer, the behavior data as the outer layer, and the first association and the second association as the inter-layer association, and the account map is constructed for real person authentication.
  • the account information acquired by the second obtaining unit 1020 further includes the value of the account, the value includes the business value and the real person relevance, the business value is determined by the behavior data of the account, and the real relevance is determined by the issuing authority of the account. determine.
  • the account acquired by the second obtaining unit 1020 includes a plurality of accounts, and the plurality of accounts include a direct account directly associated with the real person information, and an indirect account directly associated with the real person information through the direct account, directly
  • the value of the account number includes the sum of the values of the indirect accounts that are indirectly associated with the real person information through the direct second account.
  • the building unit 1050 is further configured to: when detecting an account operation request for adding an account to the account map, perform real-client authentication on the account, and when the account passes the real-person authentication, the account is Join the account map.
  • the embodiments disclosed in the present specification further provide a real person authentication device.
  • the device includes:
  • the searching unit 1110 is configured to: when detecting an operation request for performing an account operation on the first account by the user, searching for an account map corresponding to the real person information according to the real person information included in the registration information of the first account; the account map includes Information of the second account associated with the real person information, and behavior data associated with the second account;
  • the processing unit 1120 is configured to provide the user with the verification content of the real person authentication according to the behavior data
  • the determining unit 1130 receives the verification operation result of the verification content by the user, and determines whether the user passes the real person authentication according to the verification operation result.
  • the second account that is found by the searching unit 1110 is a plurality of second accounts
  • the processing unit 1120 specifically includes:
  • the selecting subunit 1121 is configured to select at least two second account accounts from the plurality of second account accounts;
  • a presentation subunit 1122 configured to present information of at least two second accounts to a user, and receive a second account selected by the user;
  • the generating subunit 1123 is configured to search for behavior data associated with the second account selected by the user, and generate verification content of the real person authentication according to the behavior data.
  • the selection subunit 1121 included in the processing unit 1120 is specifically configured to:
  • the value of the plurality of second accounts at least two second accounts are selected, the value includes the business value and the real person relevance, the business value is determined by the behavior data of the account, and the real relevance is determined by the issuing authority of the account.
  • the plurality of second accounts found by the searching unit 1110 include a direct second account directly associated with the real person information, and an indirect second account indirectly associated with the real person information through the direct second account.
  • the value of the direct second account includes the sum of the values of the indirect second accounts indirectly associated with the real person information through the direct second account.
  • the presentation sub-unit 1122 is further configured to desensitize the information of the at least two second accounts, and present the information of the at least two second accounts after the desensitization process to the user.
  • the lookup unit 1110 includes:
  • the verification subunit 1111 is configured to verify whether the real person information included in the registration information of the first account is legal;
  • the searching subunit 1110 is configured to search for an account map corresponding to the real person information if the real person information is legal.
  • the account operation detected by the searching unit 1110 is an operation of adding a first account
  • the device further includes:
  • the adding unit 1140 is configured to add the information of the first account to the account map if the user passes the real person authentication.
  • the real person information found by the searching unit 1110 includes the certificate information and the biometric identification information; the information of the second account includes the issuing authority and the user number of the second account; and the behavior data includes the friend of the second account. Relationship and consumption data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Les modes de réalisation de la présente invention concernent un procédé d'authentification de personne réelle, comprenant les étapes suivantes : lorsqu'un serveur détecte une demande d'opération de l'utilisateur pour mettre en œuvre une opération de compte sur un premier compte, sur la base d'informations de personne réelle comprises dans les informations d'enregistrement du premier compte, rechercher un modèle de compte correspondant aux informations de personne réelle ; et, sur la base des données comportementales dans le modèle de compte, fournir un contenu de vérification de l'authentification de personne réelle à l'utilisateur. Un serveur reçoit un résultat d'opération de l'utilisateur sur le contenu de vérification et, sur la base du résultat d'opération, détermine si l'utilisateur réussit l'authentification de personne réelle.
PCT/CN2018/104273 2017-09-11 2018-09-06 Appareil et procédé d'authentification de personne réelle WO2019047880A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710814013.6A CN107846393B (zh) 2017-09-11 2017-09-11 实人认证方法及装置
CN201710814013.6 2017-09-11

Publications (1)

Publication Number Publication Date
WO2019047880A1 true WO2019047880A1 (fr) 2019-03-14

Family

ID=61682999

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/104273 WO2019047880A1 (fr) 2017-09-11 2018-09-06 Appareil et procédé d'authentification de personne réelle

Country Status (3)

Country Link
CN (1) CN107846393B (fr)
TW (1) TWI695288B (fr)
WO (1) WO2019047880A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107846393B (zh) * 2017-09-11 2020-01-14 阿里巴巴集团控股有限公司 实人认证方法及装置
CN109347787B (zh) * 2018-08-15 2020-08-04 阿里巴巴集团控股有限公司 一种身份信息的识别方法及装置
CN113412608B (zh) * 2019-06-24 2022-11-15 深圳市欢太科技有限公司 内容推送方法、装置、服务端及存储介质

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103944722A (zh) * 2014-04-17 2014-07-23 华北科技学院 一种互联网环境下用户可信行为的识别方法
CN104159225A (zh) * 2014-09-02 2014-11-19 解芳 一种基于无线网络的实名制管理方法及系统
CN105100029A (zh) * 2014-05-22 2015-11-25 阿里巴巴集团控股有限公司 对用户进行身份验证的方法和装置
CN106453209A (zh) * 2015-08-07 2017-02-22 阿里巴巴集团控股有限公司 一种身份验证方法和装置
CN106549902A (zh) * 2015-09-16 2017-03-29 阿里巴巴集团控股有限公司 一种可疑用户的识别方法及设备
CN107846393A (zh) * 2017-09-11 2018-03-27 阿里巴巴集团控股有限公司 实人认证方法及装置

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060074798A1 (en) * 2004-09-27 2006-04-06 Din Khaja M Financial instrument, system, and method for electronic commerce transactions
US20150089007A1 (en) * 2008-12-12 2015-03-26 At&T Intellectual Property I, L.P. E-mail handling based on a behavioral history
CN102647430A (zh) * 2012-05-09 2012-08-22 司文 一种隐藏身份信息的实名制认证系统和方法
CN105099675B (zh) * 2014-04-17 2019-06-07 阿里巴巴集团控股有限公司 生成用于身份验证的验证数据和身份验证的方法和装置
TWI539323B (zh) * 2014-10-06 2016-06-21 Chunghwa Telecom Co Ltd Personal data inventory system and method
CN106850624A (zh) * 2017-02-07 2017-06-13 四川研宝科技有限公司 一种基于用户账户余额的社交方法及服务器

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103944722A (zh) * 2014-04-17 2014-07-23 华北科技学院 一种互联网环境下用户可信行为的识别方法
CN105100029A (zh) * 2014-05-22 2015-11-25 阿里巴巴集团控股有限公司 对用户进行身份验证的方法和装置
CN104159225A (zh) * 2014-09-02 2014-11-19 解芳 一种基于无线网络的实名制管理方法及系统
CN106453209A (zh) * 2015-08-07 2017-02-22 阿里巴巴集团控股有限公司 一种身份验证方法和装置
CN106549902A (zh) * 2015-09-16 2017-03-29 阿里巴巴集团控股有限公司 一种可疑用户的识别方法及设备
CN107846393A (zh) * 2017-09-11 2018-03-27 阿里巴巴集团控股有限公司 实人认证方法及装置

Also Published As

Publication number Publication date
CN107846393A (zh) 2018-03-27
TW201913433A (zh) 2019-04-01
CN107846393B (zh) 2020-01-14
TWI695288B (zh) 2020-06-01

Similar Documents

Publication Publication Date Title
CA2945703C (fr) Systemes, appareil et procedes pour une authentification amelioree
US11461760B2 (en) Authentication using application authentication element
US20210287225A1 (en) Method, device and system for information verification
US20240135383A1 (en) Fraud detection system, method, and device
US9235695B2 (en) Alias-based social media identity verification
US20180060868A1 (en) Systems and methods for remote verification of users
US8914645B2 (en) Systems and methods for identifying biometric information as trusted and authenticating persons using trusted biometric information
US9143506B2 (en) Systems and methods for identifying biometric information as trusted and authenticating persons using trusted biometric information
US20120150748A1 (en) System and method for authenticating transactions through a mobile device
US8572398B1 (en) Systems and methods for identifying biometric information as trusted and authenticating persons using trusted biometric information
WO2015062236A1 (fr) Procédé, dispositif et système de validation d'informations
US10489565B2 (en) Compromise alert and reissuance
AU2011342282A1 (en) Authenticating transactions using a mobile device identifier
US20150006399A1 (en) Social Media Based Identity Verification
US20110087591A1 (en) Personalization Data Creation or Modification Systems and Methods
JP6707607B2 (ja) 個人クラウドプラットフォームを用いてオンラインユーザ認証を強化するシステム及び方法
US20150206147A1 (en) Dynamic Security Code
WO2019047880A1 (fr) Appareil et procédé d'authentification de personne réelle
WO2015138976A2 (fr) Code de sécurité dynamique
Dostálek et al. Omnifactor authentication
JP5688127B2 (ja) 行動パターン認証による振込処理システムおよび方法
CN116976891A (zh) 一种金融数据安全管理系统、装置及其方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18855016

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18855016

Country of ref document: EP

Kind code of ref document: A1