[go: up one dir, main page]

CN107742067A - An identity verification method, device and system - Google Patents

An identity verification method, device and system Download PDF

Info

Publication number
CN107742067A
CN107742067A CN201610934283.6A CN201610934283A CN107742067A CN 107742067 A CN107742067 A CN 107742067A CN 201610934283 A CN201610934283 A CN 201610934283A CN 107742067 A CN107742067 A CN 107742067A
Authority
CN
China
Prior art keywords
information
user
verification
network environment
verification code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610934283.6A
Other languages
Chinese (zh)
Inventor
陈云云
郭计伟
张小龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201610934283.6A priority Critical patent/CN107742067A/en
Publication of CN107742067A publication Critical patent/CN107742067A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Social Psychology (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本发明实施例公开了一种身份验证方法、装置和系统;本发明实施例在接收到用户发起的验证码获取请求之后,可以根据该验证码获取请求获取该用户的用户历史信息,并根据该用户历史信息生成验证码,然后,基于生成的验证码对该用户进行身份验证;该方案可以提高身份验证的可靠性,以及信息的安全性。

The embodiment of the present invention discloses an identity verification method, device, and system; after receiving a verification code acquisition request initiated by a user, the embodiment of the present invention can obtain the user's user history information according to the verification code acquisition request, and according to the A verification code is generated from the user's historical information, and then the user is authenticated based on the generated verification code; this scheme can improve the reliability of identity verification and the security of information.

Description

一种身份验证方法、装置和系统An identity verification method, device and system

技术领域technical field

本发明涉及通信技术领域,具体涉及一种身份验证方法、装置和系统。The present invention relates to the field of communication technology, in particular to an identity verification method, device and system.

背景技术Background technique

现如今,各种各样的信息充斥着人们的生活,比如网络购物、网上转账、以及会话等等,无不涉及到信息的处理,而信息安全,更是牵涉到人们的生命财产安全。Nowadays, all kinds of information are flooding people's lives, such as online shopping, online transfers, and conversations, etc., all of which involve the processing of information, and information security involves the safety of people's lives and property.

为了提高信息处理的安全性,在对信息进行处理时,除了需要对用户的用户名和密码进行验证之外,还需要进行“验证码”验证;所谓验证码,指的是由系统随机生成一字符串或图片,并要求用户按照显示的字符串或图片进行相应的输入,该技术的提出主要是为了防止某个黑客对某一个特定注册用户,采用特定程序暴力破解方式进行不断的登录尝试(即验证尝试)的情况发生。In order to improve the security of information processing, in addition to verifying the user name and password of the user, a "verification code" verification is also required when processing information; the so-called verification code refers to a character randomly generated by the system Strings or pictures, and require users to input correspondingly according to the displayed strings or pictures. This technology is mainly proposed to prevent a hacker from making continuous login attempts to a specific registered user by means of brute force cracking of a specific program (ie authentication attempt) occurs.

在对现有技术的研究和实践过程中,本发明的发明人发现,由于传统的验证码都是随机生成一个字符小图,加一个输入框,因此,非法侵入者可以很容易直接拉取验证码的图片,再通过自动机或机器学习的方式进行破解,所以,其安全性并不高。During the research and practice of the prior art, the inventors of the present invention found that, since traditional verification codes randomly generate a small character image and add an input box, illegal intruders can easily pull the verification code directly. The picture of the code is then cracked by automaton or machine learning, so its security is not high.

发明内容Contents of the invention

本发明实施例提供一种身份验证方法、装置和系统,可以提高身份验证的可靠性,以及信息的安全性。Embodiments of the present invention provide an identity verification method, device and system, which can improve the reliability of identity verification and the security of information.

一种身份验证方法,包括:A method of authentication comprising:

接收用户发起的验证码获取请求;Receive the verification code acquisition request initiated by the user;

根据所述验证码获取请求获取所述用户的用户历史信息;Acquiring user history information of the user according to the verification code acquisition request;

根据所述用户历史信息生成验证码;Generate a verification code according to the user history information;

基于生成的验证码对所述用户进行身份验证。The user is authenticated based on the generated captcha.

相应的,本发明实施例还提供一种身份验证装置,包括:Correspondingly, the embodiment of the present invention also provides an identity verification device, including:

接收单元,用于接收用户发起的验证码获取请求;a receiving unit, configured to receive a verification code acquisition request initiated by a user;

获取单元,用于根据所述验证码获取请求获取所述用户的用户历史信息;An acquisition unit, configured to acquire the user history information of the user according to the verification code acquisition request;

生成单元,用于根据所述用户历史信息生成验证码;A generating unit, configured to generate a verification code according to the user history information;

验证单元,用于基于生成的验证码对所述用户进行身份验证。A verification unit, configured to authenticate the user based on the generated verification code.

此外,本发明实施例还提供一种身份验证系统,包括本发明实施例提供的任一种身份验证装置。In addition, an embodiment of the present invention also provides an identity verification system, including any identity verification device provided in the embodiment of the present invention.

本发明实施例在接收到用户发起的验证码获取请求之后,可以根据该验证码获取请求获取该用户的用户历史信息,并根据该用户历史信息生成验证码,然后,基于生成的验证码对该用户进行身份验证;由于在该方案中,生成验证码的素材主要来源于用户自己的行为,因此,私密性较高,大大提高了非法入侵者破解的难度,所以,相对于现有方案而已,该方案可以大大提高身份验证的可靠性,有利于提高信息的安全性。In the embodiment of the present invention, after receiving the verification code acquisition request initiated by the user, the user history information of the user can be obtained according to the verification code acquisition request, and a verification code can be generated according to the user history information, and then based on the generated verification code. The user performs identity verification; because in this scheme, the material for generating the verification code mainly comes from the user's own behavior, so the privacy is high, which greatly increases the difficulty for illegal intruders to crack. Therefore, compared with the existing scheme, This scheme can greatly improve the reliability of identity verification and is beneficial to improve the security of information.

附图说明Description of drawings

为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present invention. For those skilled in the art, other drawings can also be obtained based on these drawings without any creative effort.

图1a是本发明实施例提供的身份验证方法的场景示意图;Fig. 1a is a schematic diagram of a scenario of an identity verification method provided by an embodiment of the present invention;

图1b是本发明实施例提供的身份验证方法的流程图;Fig. 1b is a flowchart of an identity verification method provided by an embodiment of the present invention;

图2是本发明实施例提供的身份验证方法的另一流程图;Fig. 2 is another flowchart of the identity verification method provided by the embodiment of the present invention;

图3a是本发明实施例提供的身份验证装置的结构示意图;Fig. 3a is a schematic structural diagram of an identity verification device provided by an embodiment of the present invention;

图3b是本发明实施例提供的身份验证装置的另一结构示意图;Fig. 3b is another schematic structural diagram of the identity verification device provided by the embodiment of the present invention;

图4是本发明实施例提供的网络设备的结构示意图。Fig. 4 is a schematic structural diagram of a network device provided by an embodiment of the present invention.

具体实施方式detailed description

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative efforts fall within the protection scope of the present invention.

本发明实施例提供一种身份验证方法、装置和系统。Embodiments of the present invention provide an identity verification method, device and system.

其中,该身份验证装置可以包括本发明实施例所提供的任一种身份验证装置,该身份验证装置可以集成在网络设备,比如终端或服务器等设备中。Wherein, the identity verification device may include any identity verification device provided in the embodiments of the present invention, and the identity verification device may be integrated in a network device, such as a terminal or a server.

例如,以该身份验证装置集成在网络设备中为例,参见图1a,当用户需要进行身份验证时,可以向网络设备发起验证码获取请求,网络设备在接收到该验证码获取请求后,可以根据该验证码获取请求获取该用户的用户历史信息,比如,某年某月某日买了什么东西、某年某月某日和某位朋友的聊天记录、书籍阅读记录、和/或评论记录等,然后,根据该用户历史信息生成验证码,比如,可以按照预设策略从该用户历史信息中筛选出相应的信息后,加入混淆信息以生成验证码,此后,便可以基于该生成的验证码对该用户进行身份验证,比如可以将生成的验证码发送给该用户,以便用户根据该验证码输入相应的验证信息,以进行身份验证,等等。For example, taking the identity verification device integrated in a network device as an example, referring to Figure 1a, when a user needs to perform identity verification, a verification code acquisition request can be initiated to the network device, and after the network device receives the verification code acquisition request, it can Obtain the user's user history information according to the verification code acquisition request, for example, what was purchased on a certain day of a certain year, chat records with a friend on a certain day of a certain year, book reading records, and/or comment records etc., and then generate a verification code based on the user's historical information. For example, after filtering out the corresponding information from the user's historical information according to a preset strategy, add obfuscated information to generate a verification code. After that, you can verify based on the generated For example, the generated verification code can be sent to the user so that the user can enter corresponding verification information according to the verification code for identity verification, and so on.

以下分别进行详细说明。需说明的是,以下实施例的序号不作为对实施例优选顺序的限定。Each will be described in detail below. It should be noted that the serial numbers of the following embodiments are not intended to limit the preferred order of the embodiments.

实施例一、Embodiment one,

本实施例将从身份验证装置的角度进行描述,该身份验证装置具体可以集成在网络设备,比如终端或服务器中,该终端可以包括手机、平板电脑、笔记本电脑或个人计算机(PC,Personal Computer)等设备。This embodiment will be described from the perspective of an identity verification device. The identity verification device may be integrated into a network device, such as a terminal or a server. The terminal may include a mobile phone, a tablet computer, a notebook computer or a personal computer (PC, Personal Computer) and other equipment.

一种身份验证方法,包括:接收用户发起的验证码获取请求,根据该验证码获取请求获取该用户的用户历史信息,根据该用户历史信息生成验证码,基于生成的验证码对该用户进行身份验证。An identity verification method, comprising: receiving a verification code acquisition request initiated by a user, obtaining user history information of the user according to the verification code acquisition request, generating a verification code according to the user history information, and identifying the user based on the generated verification code verify.

如图1b所示,该身份验证方法的具体流程可以如下:As shown in Figure 1b, the specific process of the authentication method can be as follows:

101、接收用户发起的验证码获取请求。101. Receive a verification code acquisition request initiated by a user.

例如,可以接收用户通过点击或滑动预设触发接口而触发的验证码获取请求,或者,也可以接收用户通过其他设备发送的验证码获取请求,等等。For example, a verification code acquisition request triggered by the user clicking or sliding a preset trigger interface may be received, or a verification code acquisition request sent by the user through other devices may also be received, and so on.

102、根据该验证码获取请求获取该用户的用户历史信息。102. Acquire user history information of the user according to the verification code acquisition request.

例如,可以根据该验证码获取请求生成历史信息获取请求,并根据该历史信息获取请求获取该用户的用户历史信息。For example, a historical information acquisition request may be generated according to the verification code acquisition request, and user historical information of the user may be acquired according to the historical information acquisition request.

比如,可以将该历史信息获取请求发送给保存有该用户历史信息的设备,以获取相应的用户历史信息。For example, the historical information obtaining request may be sent to a device storing the user's historical information, so as to obtain the corresponding user's historical information.

或者,也可以根据该历史信息获取请求从本地,比如本地保存的日志文件、缓存文件夹和/或历史信息文件夹(如Cookie)中提取相应的用户历史信息,等等。Alternatively, corresponding user historical information may also be extracted from the local, such as locally stored log files, cache folders and/or historical information folders (such as cookies) according to the historical information acquisition request, and the like.

其中,用户历史信息指的是:以当前时间为基准,在当前时间之前的预设时间范围内的用户操作记录、浏览记录、和/聊天记录等信息。其中,该预设时间范围可以根据实际应用的需求进行设置,在此不再赘述。Wherein, the user history information refers to information such as user operation records, browsing records, and/or chat records within a preset time range before the current time based on the current time. Wherein, the preset time range may be set according to actual application requirements, which will not be repeated here.

103、根据该用户历史信息生成验证码;例如,具体可以如下:103. Generate a verification code according to the user's historical information; for example, the details may be as follows:

(1)对该用户当前所处的网络环境进行检测,得到网络环境信息。(1) Detecting the current network environment of the user to obtain network environment information.

比如,具体可以调用网络环境检测进程,通过该网络环境检测进程对该用户当前所处的网络环境进行检测,得到网络环境信息,等等。For example, specifically, a network environment detection process may be invoked to detect the current network environment of the user through the network environment detection process to obtain network environment information, and so on.

其中,网络环境信息可以包括终端的网际协议(IP,Internet Protocol)地址、端口、和/或媒体访问(MAC,Media Access Control)地址等信息。Wherein, the network environment information may include information such as an Internet Protocol (IP, Internet Protocol) address, a port, and/or a media access (MAC, Media Access Control) address of the terminal.

(2)根据该网络环境信息从该用户历史信息中选择相应的信息,得到素材信息。(2) Select corresponding information from the user history information according to the network environment information to obtain material information.

其中,选择的方式可以根据实际应用的需求而定,比如,可以设定一定的类型,然后从该用户历史信息中选择此类型的信息,作为素材信息。Wherein, the selection method may be determined according to actual application requirements, for example, a certain type may be set, and then information of this type may be selected from the user's historical information as material information.

可选的,为了提高灵活性,还可以根据当前网络环境的不同,而设定不同的信息筛选方式,比如,可以将网络环境划分为多个安全等级,按照不同的安全等级来选择素材信息,即步骤“根据该网络环境信息从该用户历史信息中选择相应的信息,得到素材信息”可以包括:Optionally, in order to improve flexibility, different information screening methods can also be set according to the current network environment. For example, the network environment can be divided into multiple security levels, and material information can be selected according to different security levels. That is, the step of "selecting corresponding information from the user's historical information according to the network environment information to obtain material information" may include:

根据该网络环境信息确定当前网络环境的安全等级,根据该安全等级从该用户历史信息中选择相应的信息,得到素材信息。Determine the security level of the current network environment according to the network environment information, select corresponding information from the user history information according to the security level, and obtain material information.

其中,可以预先设置网络环境的安全等级与信息筛选方式之间的对应关系,这样,在获知当前网络环境的安全等级之后,便可以根据该对应关系确定与该安全等级对应的信息筛选方式,进而采用该信息筛选方式对该用户历史信息进行筛选,得到素材信息;即步骤“根据该安全等级从该用户历史信息中选择相应的信息,得到素材信息”具体可以如下:Among them, the corresponding relationship between the security level of the network environment and the information screening method can be set in advance, so that after knowing the security level of the current network environment, the information screening method corresponding to the security level can be determined according to the corresponding relationship, and then Use this information screening method to filter the user's historical information to obtain material information; that is, the step "select corresponding information from the user's historical information according to the security level to obtain material information" can be as follows:

获取预设的筛选设置信息,该筛选设置信息包括网络环境的安全等级与信息筛选方式之间的对应关系;根据该筛选设置信息确定与该安全等级对应的信息筛选方式;根据确定的信息筛选方式对该用户历史信息进行筛选,得到素材信息。Acquire preset screening setting information, the screening setting information includes the corresponding relationship between the security level of the network environment and the information screening method; determine the information screening method corresponding to the security level according to the screening setting information; according to the determined information screening method The historical information of the user is filtered to obtain material information.

其中,该筛选设置信息可以预先保存在该身份验证装置中,也可以由用户进行设置而得到,即步骤“获取预设的筛选设置信息”之前,该身份验证方法还可以包括:Wherein, the screening setting information can be pre-stored in the identity verification device, or can be obtained by setting by the user, that is, before the step "obtaining preset screening setting information", the identity verification method can also include:

接收用户的设置请求,根据该设置请求建立网络环境的安全等级与信息筛选方式之间的对应关系,将该对应关系保存至筛选设置信息中。A setting request from the user is received, a corresponding relationship between the security level of the network environment and information screening methods is established according to the setting request, and the corresponding relationship is saved in the screening setting information.

(3)根据该素材信息生成验证码。(3) Generate a verification code according to the material information.

例如,具体可以在该素材信息中添加混淆信息,得到综合信息,采用预设策略对该综合信息进行处理,得到验证码。For example, specifically, confusing information may be added to the material information to obtain comprehensive information, and a preset policy is used to process the comprehensive information to obtain a verification code.

其中,该预设策略可以根据实际应用的需求而定,比如,可以根据该综合信息生成相应的问题,供用户进行选择;或者,可以根据该综合信息生成相应的图片,供用户进行点击;又或者,还可以根据该综合信息生成相应的填空题,供用户进行填充,等等,在此不再赘述。Wherein, the preset strategy can be determined according to actual application requirements, for example, corresponding questions can be generated according to the comprehensive information for users to choose; or corresponding pictures can be generated according to the comprehensive information for users to click; and Alternatively, corresponding fill-in-the-blank questions may also be generated according to the comprehensive information for the user to fill in, etc., which will not be repeated here.

此外,需说明的是,在生成验证码的同时,还需要保存相应的验证码答案样本,以便后续可以根据该验证码答案样本来确定用户输入的验证码答案是否正确。其中,该验证码答案样本可以保存在预设的校验信息中。In addition, it should be noted that while generating the verification code, a corresponding verification code answer sample also needs to be saved, so that it can be subsequently determined whether the verification code answer input by the user is correct based on the verification code answer sample. Wherein, the verification code answer sample may be stored in preset verification information.

104、基于生成的验证码对该用户进行身份验证。例如,可以如下:104. Perform identity verification on the user based on the generated verification code. For example, it could be as follows:

(1)将生成的验证码发送给该用户,并接收用户输入的验证信息。(1) Send the generated verification code to the user, and receive the verification information input by the user.

例如,可以将生成的验证码显示在相应的客户端界面或网页上,或者,也可以将生成的验证码以其他方式,比如短信、彩信、私信、邮件、语音消息、电话、推送消息、和/或其他即时消息的形式发送给用户所属的终端中,等等。For example, the generated verification code can be displayed on the corresponding client interface or webpage, or the generated verification code can also be displayed in other ways, such as SMS, MMS, private message, email, voice message, phone call, push message, and /or other forms of instant messages are sent to the terminal to which the user belongs, and so on.

此后,用户可以根据收到的验证码,输入相应的验证信息,其中,该验证信息至少包括用户输入的验证码答案,此外,该验证信息还可以包括其他的鉴权信息,比如,用户名和密码等。Thereafter, the user can input corresponding verification information according to the received verification code, wherein the verification information includes at least the answer to the verification code input by the user, and the verification information can also include other authentication information, such as user name and password Wait.

其中,验证码答案指的是用户根据验证码而输入的信息,比如用户在验证码输入框输入的信息,或者,用户根据显示的验证码问题而输入的答案,又或者,用户根据显示的验证码图片而点击的选项,等等。Among them, the verification code answer refers to the information entered by the user according to the verification code, such as the information entered by the user in the verification code input box, or the answer entered by the user according to the displayed verification code question, or the verification code displayed by the user. option to click to code a picture, and so on.

(2)将该验证信息与预设的校验信息进行匹配,若均匹配,则确定身份验证通过;若不匹配,则确定身份验证不通过。(2) Match the verification information with the preset verification information, and if they both match, it is determined that the identity verification is passed; if they do not match, it is determined that the identity verification fails.

其中,该校验信息包括该验证码对应的验证码答案样本;可选的,若验证信息中还包括了其他的鉴权信息,则该校验信息中也可以保存有相应的鉴权信息的答案样本,比如,用户名和密码,等等。Wherein, the verification information includes the verification code answer sample corresponding to the verification code; optionally, if the verification information also includes other authentication information, the verification information may also store the corresponding authentication information. Sample answers, eg, username and password, etc.

例如,以该验证信息只包括验证码答案为例,则此时,可以将该验证信息中的验证码答案与该校验信息中的验证码答案样本进行比较,若一致,则表明该验证信息与校验信息匹配,可以确定身份验证通过;否则,若不一致,则明该验证信息与校验信息不匹配,于是确定身份验证不通过。For example, taking the verification information only includes the verification code answer as an example, at this time, the verification code answer in the verification information can be compared with the verification code answer sample in the verification information, and if they are consistent, it indicates that the verification information If it matches the verification information, it can be determined that the identity verification has passed; otherwise, if they are not consistent, it means that the verification information does not match the verification information, so it is determined that the identity verification has failed.

又例如,若该验证信息除了包括验证码答案之外,还包括了其他的鉴权信息,则此时,可以将该验证信息中的验证码答案与该校验信息中的验证码答案样本进行比较,以及将该验证信息中的其他鉴权信息,比如用户名和密码分别与该校验信息中的其他鉴权信息的答案样本,比如用户名和密码进行比较,若均一致,则表明该验证信息与校验信息匹配,可以确定身份验证通过,否则,若有其中一项不一致,则表明该验证信息与校验信息不匹配,于是确定身份验证不通过,等等。For another example, if the verification information includes other authentication information besides the verification code answer, then at this time, the verification code answer in the verification information can be compared with the verification code answer sample in the verification information. Compare, and compare other authentication information in the verification information, such as user name and password, with the answer samples of other authentication information in the verification information, such as user name and password, if they are all consistent, it indicates that the verification information If it matches the verification information, it can be determined that the identity verification has passed, otherwise, if one of the items is inconsistent, it indicates that the verification information does not match the verification information, so it is determined that the identity verification has failed, and so on.

由上可知,本实施例在接收到用户发起的验证码获取请求之后,可以根据该验证码获取请求获取该用户的用户历史信息,并根据该用户历史信息生成验证码,然后,基于生成的验证码对该用户进行身份验证;由于在该方案中,生成验证码的素材主要来源于用户自己的行为,因此,私密性较高,大大提高了非法入侵者破解的难度,所以,相对于现有方案而已,该方案可以大大提高身份验证的可靠性,有利于提高信息的安全性。As can be seen from the above, after receiving the verification code acquisition request initiated by the user, this embodiment can obtain the user's user history information according to the verification code acquisition request, and generate a verification code according to the user history information, and then, based on the generated verification code code to authenticate the user; because in this scheme, the material for generating the verification code mainly comes from the user's own behavior, so the privacy is high, which greatly increases the difficulty for illegal intruders to crack. Therefore, compared with the existing It is just a solution, which can greatly improve the reliability of identity verification and help improve the security of information.

实施例二、Embodiment two,

根据实施例一所描述的方法,以下将举例作进一步详细说明。According to the method described in Embodiment 1, an example will be given below for further detailed description.

在本实施例中,将以该身份验证装置具体集成在网络设备中为例进行说明,其中,该网络设备可以是终端,也可以是服务器。In this embodiment, description will be made by taking the identity verification device integrated in a network device as an example, where the network device may be a terminal or a server.

如图2所示,一种身份验证方法,具体流程可以如下:As shown in Figure 2, an identity verification method, the specific process can be as follows:

201、网络设备接收用户发起的验证码获取请求。201. The network device receives a verification code acquisition request initiated by a user.

例如,若该网络设备为终端,则此时,终端可以接收用户用户触发的验证码获取请求。其中,触发的方式可以有多种,比如,可以包括点击、滑动、触摸和/或按压等。For example, if the network device is a terminal, at this time, the terminal may receive a verification code acquisition request triggered by a user. Wherein, there may be various ways of triggering, for example, may include clicking, sliding, touching and/or pressing and the like.

又例如,若该网络设备为服务器等网络侧设备,则此时,服务器可以接收用户通过其他设备发送的验证码获取请求,等等。For another example, if the network device is a network-side device such as a server, at this time, the server may receive a verification code acquisition request sent by the user through other devices, and so on.

202、网络设备根据该验证码获取请求获取该用户的用户历史信息。202. The network device acquires user history information of the user according to the verification code acquisition request.

其中,该用户历史信息可以包括历史上(即当前时间之前的预设时间范围内)的用户操作记录、浏览记录、和/聊天记录等信息。比如,可以是某年某月某日买了什么东西、某年某月某日和某位朋友的聊天记录、书籍阅读记录、和/或评论记录等。Wherein, the user history information may include information such as user operation records, browsing records, and/or chat records in history (that is, within a preset time range before the current time). For example, it may be what was bought on a certain day of a certain year, a record of chatting with a friend on a certain day of a certain year, a record of reading books, and/or a record of comments, etc.

该用户历史信息可以保存在本地,也可以保存在其他设备,比如云端中,具体保存方式可以根据实际应用的需求而定。The user history information can be saved locally or in other devices, such as in the cloud, and the specific saving method can be determined according to actual application requirements.

例如,以该网络设备为终端为例,则此时,终端可以根据该历史信息获取请求从本地(即终端自身),比如本地保存的日志文件、缓存文件夹和/或历史信息文件夹(如Cookie)中提取相应的用户历史信息。For example, taking the network device as a terminal as an example, at this time, the terminal can obtain the request from the local (ie, the terminal itself), such as locally saved log files, cache folders and/or historical information folders (such as Cookie) to extract the corresponding user history information.

又例如,以该网络设备为服务器为例,则此时,根据该验证码获取请求生成历史信息获取请求,将该历史信息获取请求发送给保存有该用户历史信息的设备,以获取相应的用户历史信息,等等。For another example, taking the network device as the server as an example, at this time, a historical information acquisition request is generated according to the verification code acquisition request, and the historical information acquisition request is sent to the device that stores the user's historical information to obtain the corresponding user. historical information, etc.

203、网络设备对该用户当前所处的网络环境进行检测,得到网络环境信息。例如,具体可以如下:203. The network device detects the current network environment of the user to obtain network environment information. For example, it can be as follows:

网络设备调用网络环境检测进程,通过该网络环境检测进程对该用户当前所处的网络环境进行检测,得到网络环境信息,等等。The network device invokes the network environment detection process, and through the network environment detection process, the current network environment of the user is detected to obtain network environment information, and so on.

其中,网络环境信息可以包括终端的IP地址、端口、和/或MAC地址等信息。Wherein, the network environment information may include information such as the IP address, port, and/or MAC address of the terminal.

204、网络设备根据该网络环境信息从该用户历史信息中选择相应的信息,得到素材信息。204. The network device selects corresponding information from the user history information according to the network environment information to obtain material information.

其中,选择的方式可以根据实际应用的需求而定,比如,可以设定一定的类型,然后从该用户历史信息中选择此类型的信息,作为素材信息。Wherein, the selection method may be determined according to actual application requirements, for example, a certain type may be set, and then information of this type may be selected from the user's historical information as material information.

比如,以设定的类型为“聊天记录”为例,则此时,网络设备可以从该用户历史信息中将“聊天记录”相关的信息筛选出来,作为素材信息。For example, taking the set type as "chat record" as an example, at this time, the network device may filter information related to "chat record" from the user's historical information as material information.

又比如,以设定的类型为“购物记录”和“书籍订阅记录”为例,则此时,网络设备可以从该用户历史信息中将所有与“购物记录”和“书籍订阅记录”相关的信息筛选出来,作为素材信息,以此类推,等等。For another example, taking the set types as "shopping records" and "book subscription records" as an example, at this time, the network device can collect all the related "shopping records" and "book subscription records" from the user's historical information. The information is filtered out as material information, and so on, and so on.

可选的,为了提高灵活性,还可以根据当前网络环境的不同,而设定不同的信息筛选方式,比如,可以将网络环境划分为多个安全等级,按照不同的安全等级来选择素材信息,即具体可以如下:Optionally, in order to improve flexibility, different information screening methods can also be set according to the current network environment. For example, the network environment can be divided into multiple security levels, and material information can be selected according to different security levels. That is, it can be as follows:

根据该网络环境信息确定当前网络环境的安全等级,获取预设的筛选设置信息,根据该筛选设置信息确定与该安全等级对应的信息筛选方式;根据确定的信息筛选方式对该用户历史信息进行筛选,得到素材信息。Determine the security level of the current network environment according to the network environment information, obtain preset screening setting information, determine the information screening method corresponding to the security level according to the screening setting information; filter the user's historical information according to the determined information screening method , get material information.

其中,该筛选设置信息包括网络环境的安全等级与信息筛选方式之间的对应关系;该筛选设置信息可以预先保存在该身份验证装置中,也可以由用户进行设置而得到,具体可参见实施例一,在此不再赘述。Wherein, the screening setting information includes the corresponding relationship between the security level of the network environment and the information screening method; the screening setting information can be stored in the identity verification device in advance, or can be obtained by setting by the user. For details, please refer to the embodiment One, I will not repeat them here.

此外,需说明的是,网络环境的安全等级可以根据实际应用的需求进行划分,比如,可以简单地划分“危险”和“安全”两个等级,或者,也可以按照安全系数的高低划分为多个级别,比如划分为“一级”、“二级”、“三级”和“四级”等。In addition, it should be noted that the security level of the network environment can be divided according to the needs of actual applications. For example, two levels of "dangerous" and "safe" can be simply divided, or it can be divided into multiple levels according to the level of safety factor. For example, it is divided into "Level 1", "Level 2", "Level 3" and "Level 4".

譬如,如果是在家庭网络,则表明安全系数最高,因此,安全等级可以设定为一级,如果是在其他常用的私有网络,比如公司网络,则表明安全系数较高,因此,安全等级可以设定为二级,如果是在常用的公共网络,则表明存在一定的危险系数,因此,安全等级可以设定为三级,而如果是在陌生的公共网络,则表明危险系数较高,因此,安全等级可以设定为四级,等等,在此不再列举。For example, if it is in a home network, it indicates the highest safety factor, so the security level can be set to level one; if it is in other commonly used private networks, such as corporate networks, it indicates a higher security factor, so the security level can be set to If it is set to level two, if it is in a commonly used public network, it indicates that there is a certain risk factor. Therefore, the security level can be set to level three, and if it is in an unfamiliar public network, it indicates that the risk factor is relatively high, so , the security level can be set to level four, etc., which will not be listed here.

可选的,对于安全等级较高的网络环境,一般可以选择较为简单且数量较少的用户历史信息作为素材信息,而对于安全等级越低的网络环境,则一般可以选择私密性较高且数量较多的用户历史信息作为素材信息,等等。Optionally, for a network environment with a higher security level, you can generally choose relatively simple user history information with a small amount as material information; More user history information is used as material information, and so on.

205、网络设备根据该素材信息生成验证码。205. The network device generates a verification code according to the material information.

例如,网络设备可以在该素材信息中添加混淆信息,得到综合信息,然后,采用预设策略对该综合信息进行处理,得到验证码。For example, the network device may add obfuscation information to the material information to obtain comprehensive information, and then process the comprehensive information by using a preset strategy to obtain a verification code.

其中,该预设策略可以根据实际应用的需求而定,比如,可以根据该综合信息生成相应的问题,供用户进行选择;或者,可以根据该综合信息生成相应的图片,供用户进行点击;又或者,还可以根据该综合信息生成相应的填空题,供用户进行填充,等等,在此不再赘述。Wherein, the preset strategy can be determined according to actual application requirements, for example, corresponding questions can be generated according to the comprehensive information for users to choose; or corresponding pictures can be generated according to the comprehensive information for users to click; and Alternatively, corresponding fill-in-the-blank questions may also be generated according to the comprehensive information for the user to fill in, etc., which will not be repeated here.

例如,以素材信息为“8月8日用户买了一本书,书名为《ABCD》”为例,则此时,网络设备可以在该素材信息中加入混淆信息,比如,可以加入书名《DFGHJK》和《一二三》,然后生成相应的验证码,比如生成一个问题:“8月8日用户买了一本书,书名是什么”,并提供三个选择答案:“A、《ABCD》;B、《DFGHJK》;C、《一二三》”,等等。For example, taking the material information as "A user bought a book on August 8, and the title of the book is "ABCD"" as an example, at this time, the network device can add confusing information to the material information, for example, the title of the book can be added "DFGHJK" and "One Two Three", and then generate corresponding verification codes, for example, generate a question: "A user bought a book on August 8, what is the title of the book", and provide three choices of answers: "A, "ABCD"; B, "DFGHJK"; C, "One Two Three", etc.

此外,需说明的是,在生成验证码的同时,还需要保存相应的验证码答案样本,以便后续可以根据该验证码答案样本来确定用户输入的验证码答案是否正确。其中,该验证码答案样本可以保存在预设的校验信息中,比如,以上述验证码为例,则此时,可以将正确答案“A、《ABCD》”保存在预设的校验信息中,等等。In addition, it should be noted that while generating the verification code, a corresponding verification code answer sample also needs to be saved, so that it can be subsequently determined whether the verification code answer input by the user is correct based on the verification code answer sample. Wherein, the verification code answer sample can be stored in the preset verification information, for example, taking the above verification code as an example, then at this time, the correct answer "A, "ABCD"" can be saved in the preset verification information In, wait.

206、网络设备将生成的验证码发送给该用户,并接收用户输入的验证信息。206. The network device sends the generated verification code to the user, and receives verification information input by the user.

例如,可以将生成的验证码显示在相应的客户端界面或网页上,或者,也可以将生成的验证码以其他方式,比如短信、彩信、私信、邮件、语音消息、电话、推送消息、和/或其他即时消息的形式发送给用户所属的终端中,等等。For example, the generated verification code can be displayed on the corresponding client interface or webpage, or the generated verification code can also be displayed in other ways, such as SMS, MMS, private message, email, voice message, phone call, push message, and /or other forms of instant messages are sent to the terminal to which the user belongs, and so on.

此后,用户可以根据收到的验证码,输入相应的验证信息,其中,该验证信息至少包括用户输入的验证码答案,此外,该验证信息还可以包括其他的鉴权信息,比如,用户名和密码等。Thereafter, the user can input corresponding verification information according to the received verification code, wherein the verification information includes at least the answer to the verification code input by the user, and the verification information can also include other authentication information, such as user name and password Wait.

207、网络设备将该验证信息与预设的校验信息进行匹配,若均匹配,则确定身份验证通过;若不匹配,则确定身份验证不通过。207. The network device matches the verification information with preset verification information, and if they both match, determine that the identity verification passes; if they do not match, determine that the identity verification fails.

其中,该校验信息包括该验证码对应的验证码答案样本;可选的,若验证信息中还包括了其他的鉴权信息,则该校验信息中也可以保存有相应的鉴权信息的答案样本,比如,用户名和密码,等等。Wherein, the verification information includes the verification code answer sample corresponding to the verification code; optionally, if the verification information also includes other authentication information, the verification information may also store the corresponding authentication information. Sample answers, eg, username and password, etc.

例如,以步骤205中的例子,且以该验证信息只包括验证码答案为例,则此时,可以将该验证信息中的验证码答案与该校验信息中的验证码答案样本,即“A、《ABCD》”进行比较,若一致,则表明该验证信息与校验信息匹配,可以确定身份验证通过;否则,若不一致,比如用户输入的验证码答案是“B、《DFGHJK》”,则明该验证信息与校验信息不匹配,于是确定身份验证不通过。比如,For example, taking the example in step 205, and taking the verification information only includes the verification code answer as an example, at this time, the verification code answer in the verification information can be combined with the verification code answer sample in the verification information, that is, " A. "ABCD"" for comparison, if they are consistent, it means that the verification information matches the verification information, and the identity verification can be confirmed; otherwise, if they are inconsistent, for example, the answer to the verification code entered by the user is "B, "DFGHJK"", It indicates that the verification information does not match the verification information, so it is determined that the identity verification fails. for example,

又例如,还是以步骤205中的例子为例,若该验证信息除了包括验证码答案之外,还包括了其他的鉴权信息,则此时,可以将该验证信息中的验证码答案与该校验信息中的验证码答案样本(即“A、《ABCD》”)进行比较,以及将该验证信息中的其他鉴权信息,比如用户名和密码分别与该校验信息中的其他鉴权信息的答案样本,比如用户名和密码进行比较,若均一致,则表明该验证信息与校验信息匹配,可以确定身份验证通过,否则,若有其中一项不一致,比如,用户输入的验证码答案是“C、《一二三》”,或者,用户名或密码错误,则表明该验证信息与校验信息不匹配,于是可以确定身份验证不通过。For another example, still taking the example in step 205 as an example, if the verification information includes other authentication information besides the verification code answer, then at this time, the verification code answer in the verification information can be combined with the verification code answer. Compare the verification code answer sample (ie "A, "ABCD") in the verification information, and compare other authentication information in the verification information, such as user name and password, with other authentication information in the verification information Sample answers, such as user name and password, if they are consistent, it means that the verification information matches the verification information, and it can be determined that the identity verification has passed. Otherwise, if one of the items is inconsistent, for example, the answer to the verification code entered by the user is "C, "123"", or if the user name or password is wrong, it indicates that the verification information does not match the verification information, so it can be determined that the identity verification fails.

由上可知,本实施例在接收到用户发起的验证码获取请求之后,可以根据该验证码获取请求获取该用户的用户历史信息,以及对该用户当前所处的网络环境进行检测,然后,根据检测得到的网络环境信息从该用户历史信息中筛选相应的信息作为素材信息,来生成验证码,并基于该验证码对用户进行身份验证;由于在该方案中,生成验证码的素材主要来源于用户自己的行为,因此,私密性较高,大大提高了非法入侵者破解的难度,所以,相对于现有方案而已,该方案可以大大提高身份验证的可靠性,有利于提高信息的安全性。As can be seen from the above, after receiving the verification code acquisition request initiated by the user, this embodiment can obtain the user's user history information according to the verification code acquisition request, and detect the current network environment of the user, and then, according to The detected network environment information screens the corresponding information from the user’s historical information as material information to generate a verification code, and authenticates the user based on the verification code; in this scheme, the material for generating the verification code mainly comes from The user's own behavior, therefore, has high privacy, which greatly increases the difficulty for illegal intruders to crack. Therefore, compared with the existing scheme, this scheme can greatly improve the reliability of identity verification and help improve the security of information.

实施例三、Embodiment three,

为了更好地实施以上方案,本发明实施例还提供一种身份验证装置,如图3a所示,该身份验证装置可以包括接收单元301、获取单元302、生成单元303和验证单元304,如下:In order to better implement the above solutions, an embodiment of the present invention also provides an identity verification device, as shown in Figure 3a, the identity verification device may include a receiving unit 301, an obtaining unit 302, a generating unit 303, and a verification unit 304, as follows:

(1)接收单元301;(1) receiving unit 301;

接收单元301,用于接收用户发起的验证码获取请求。The receiving unit 301 is configured to receive a verification code acquisition request initiated by a user.

例如,该接收单元301,具体可以用于接收用户通过点击或滑动预设触发接口而触发的验证码获取请求,或者,也可以接收用户通过其他设备发送的验证码获取请求,等等。For example, the receiving unit 301 may be specifically configured to receive a verification code acquisition request triggered by the user by clicking or sliding a preset trigger interface, or may also receive a verification code acquisition request sent by the user through other devices, and so on.

(2)获取单元302;(2) acquisition unit 302;

获取单元302,用于根据该验证码获取请求获取该用户的用户历史信息。The acquiring unit 302 is configured to acquire the user history information of the user according to the verification code acquisition request.

例如,获取单元302,具体可以用于根据该验证码获取请求生成历史信息获取请求,并根据该历史信息获取请求获取该用户的用户历史信息。For example, the acquiring unit 302 may be specifically configured to generate a history information acquisition request according to the verification code acquisition request, and acquire user history information of the user according to the history information acquisition request.

其中,用户历史信息可以包括在当前时间之前的预设时间范围内的用户操作记录、浏览记录、和/聊天记录等信息。其中,该预设时间范围可以根据实际应用的需求进行设置,在此不再赘述。Wherein, the user history information may include information such as user operation records, browsing records, and/or chat records within a preset time range before the current time. Wherein, the preset time range may be set according to actual application requirements, which will not be repeated here.

(3)生成单元303;(3) generating unit 303;

生成单元303,用于根据该用户历史信息生成验证码。A generating unit 303, configured to generate a verification code according to the user history information.

例如,该生成单元303可以包括检测子单元、选择子单元和生成子单元,如下:For example, the generation unit 303 may include a detection subunit, a selection subunit and a generation subunit, as follows:

A)检测子单元;A) detection subunit;

该检测子单元,用于对该用户当前所处的网络环境进行检测,得到网络环境信息。The detection subunit is used to detect the current network environment of the user to obtain network environment information.

其中,网络环境信息可以包括终端的IP地址、端口、和/或MAC地址等信息。Wherein, the network environment information may include information such as the IP address, port, and/or MAC address of the terminal.

B)选择子单元;B) select subunits;

该选择子单元,用于根据该网络环境信息从该用户历史信息中选择相应的信息,得到素材信息。The selection subunit is used to select corresponding information from the user history information according to the network environment information to obtain material information.

其中,选择的方式可以根据实际应用的需求而定,比如,可以设定一定的类型,然后从该用户历史信息中选择此类型的信息,作为素材信息。Wherein, the selection method may be determined according to actual application requirements, for example, a certain type may be set, and then information of this type may be selected from the user's historical information as material information.

可选的,为了提高灵活性,还可以根据当前网络环境的不同,而设定不同的信息筛选方式,比如,可以将网络环境划分为多个安全等级,按照不同的安全等级来选择素材信息,即:Optionally, in order to improve flexibility, different information screening methods can also be set according to the current network environment. For example, the network environment can be divided into multiple security levels, and material information can be selected according to different security levels. which is:

该选择子单元,具体可以用于根据该网络环境信息确定当前网络环境的安全等级,根据该安全等级从该用户历史信息中选择相应的信息,得到素材信息。The selecting subunit can specifically be used to determine the security level of the current network environment according to the network environment information, select corresponding information from the user history information according to the security level, and obtain material information.

其中,可以预先设置网络环境的安全等级与信息筛选方式之间的对应关系,这样,在获知当前网络环境的安全等级之后,便可以根据该对应关系确定与该安全等级对应的信息筛选方式,进而采用该信息筛选方式对该用户历史信息进行筛选,得到素材信息;即:Among them, the corresponding relationship between the security level of the network environment and the information screening method can be set in advance, so that after knowing the security level of the current network environment, the information screening method corresponding to the security level can be determined according to the corresponding relationship, and then Use this information screening method to filter the user's historical information to obtain material information; that is:

该选择子单元,具体可以用于获取预设的筛选设置信息,该筛选设置信息包括网络环境的安全等级与信息筛选方式之间的对应关系,根据该筛选设置信息确定与该安全等级对应的信息筛选方式,根据确定的信息筛选方式对该用户历史信息进行筛选,得到素材信息。The selection subunit can specifically be used to obtain preset screening setting information, the screening setting information includes the corresponding relationship between the security level of the network environment and the information screening mode, and the information corresponding to the security level is determined according to the screening setting information The screening method is to filter the historical information of the user according to the determined information screening method to obtain the material information.

其中,该筛选设置信息可以预先保存在该身份验证装置中,也可以由用户进行设置而得到,即如图3b所示,该身份验证装置还可以包括设置单元305,如下:Wherein, the screening setting information can be stored in the identity verification device in advance, or can be obtained by setting by the user, that is, as shown in Figure 3b, the identity verification device can also include a setting unit 305, as follows:

该接收单元301,还可以用于接收用户的设置请求;The receiving unit 301 may also be configured to receive a setting request from a user;

该设置单元305,可以用于根据该设置请求建立网络环境的安全等级与信息筛选方式之间的对应关系,将该对应关系保存至筛选设置信息中。The setting unit 305 may be configured to establish a corresponding relationship between the security level of the network environment and the information screening method according to the setting request, and store the corresponding relationship in the screening setting information.

C)生成子单元;C) generating subunits;

该生成子单元,用于根据该素材信息生成验证码。The generation subunit is used to generate a verification code according to the material information.

例如,该生成子单元,具体可以用于在该素材信息中添加混淆信息,得到综合信息,采用预设策略对该综合信息进行处理,得到验证码。For example, the generating subunit can specifically be used to add obfuscation information to the material information to obtain comprehensive information, and process the comprehensive information by using a preset strategy to obtain a verification code.

其中,该预设策略可以根据实际应用的需求而定,在此不再赘述。Wherein, the preset policy may be determined according to actual application requirements, which will not be repeated here.

此外,需说明的是,生成单元303在生成验证码的同时,还需要保存相应的验证码答案样本,以便后续可以根据该验证码答案样本来确定用户输入的验证码答案是否正确。其中,该验证码答案样本可以保存在预设的校验信息中。In addition, it should be noted that while generating the verification code, the generation unit 303 also needs to save the corresponding verification code answer sample, so that it can subsequently determine whether the verification code answer input by the user is correct based on the verification code answer sample. Wherein, the verification code answer sample may be stored in preset verification information.

(4)验证单元304;(4) verification unit 304;

验证单元304,用于基于生成的验证码对该用户进行身份验证,例如,可以如下:The verification unit 304 is configured to authenticate the user based on the generated verification code, for example, it may be as follows:

将生成的验证码发送给该用户,并接收用户输入的验证信息,将该验证信息与预设的校验信息进行匹配,该校验信息包括该生成的验证码,若均匹配,则确定身份验证通过;若不匹配,则确定身份验证不通过。Send the generated verification code to the user, receive the verification information entered by the user, and match the verification information with the preset verification information. The verification information includes the generated verification code. If they all match, the identity is determined The verification is passed; if they do not match, it is determined that the authentication fails.

具体实施时,以上各个单元可以分别作为独立的实体来实现,也可以进行任意组合,作为同一或若干个实体来实现,以上各个单元的具体实施可参见前面的方法实施例,在此不再赘述。During specific implementation, each of the above units can be implemented as independent entities, or can be combined arbitrarily as one or several entities. For the specific implementation of each of the above units, please refer to the previous method embodiments, and will not repeat them here. .

该身份验证装置具体可以集成在网络设备,比如终端或服务器等设备中,其中,该终端可以包括手机、平板电脑、笔记本电脑或PC等设备。Specifically, the identity verification device may be integrated into network equipment, such as a terminal or a server, wherein the terminal may include a mobile phone, a tablet computer, a notebook computer, or a PC.

由上可知,本实施例在接收到用户发起的验证码获取请求之后,可以由获取单元302根据该验证码获取请求获取该用户的用户历史信息,并由生成单元303根据该用户历史信息生成验证码,然后,由验证单元304基于生成的验证码对该用户进行身份验证;由于在该方案中,生成验证码的素材主要来源于用户自己的行为,因此,私密性较高,大大提高了非法入侵者破解的难度,所以,相对于现有方案而已,该方案可以大大提高身份验证的可靠性,有利于提高信息的安全性。As can be seen from the above, after receiving the verification code acquisition request initiated by the user in this embodiment, the acquisition unit 302 can obtain the user's user history information according to the verification code acquisition request, and the generation unit 303 can generate a verification code according to the user history information. code, and then the verification unit 304 authenticates the user based on the generated verification code; because in this scheme, the material for generating the verification code mainly comes from the user's own behavior, so the privacy is relatively high, which greatly improves the illegal Therefore, compared with the existing scheme, this scheme can greatly improve the reliability of identity verification and help to improve the security of information.

实施例四、Embodiment four,

相应的,本发明实施例还提供一种身份验证系统,包括本发明实施例所提供的任一种身份验证装置,具体可参见实施例三;例如,可以如下:Correspondingly, the embodiment of the present invention also provides an identity verification system, including any identity verification device provided in the embodiment of the present invention. For details, please refer to Embodiment 3; for example, it may be as follows:

身份验证装置,用于接收用户发起的验证码获取请求,根据该验证码获取请求获取该用户的用户历史信息,根据该用户历史信息生成验证码,基于生成的验证码对该用户进行身份验证。The identity verification device is configured to receive a verification code acquisition request initiated by a user, obtain user history information of the user according to the verification code acquisition request, generate a verification code according to the user history information, and perform identity verification on the user based on the generated verification code.

例如,该身份验证装置,具体可以用于对该用户当前所处的网络环境进行检测,得到网络环境信息,根据该网络环境信息从该用户历史信息中选择相应的信息,得到素材信息,根据该素材信息生成验证码。For example, the identity verification device can specifically be used to detect the network environment where the user is currently located to obtain network environment information, select corresponding information from the user's historical information according to the network environment information, and obtain material information. Material information generates a verification code.

可选的,该身份验证系统还可以包括其他的设备,例如,若该身份验证装置集成在服务器中,则该身份验证系统还可以包括终端,如下:Optionally, the identity verification system may also include other devices. For example, if the identity verification device is integrated in a server, the identity verification system may also include a terminal, as follows:

终端,用于向该身份验证装置(比如服务器)发送验证码获取请求,以及接收该身份验证装置(比如服务器)返回的验证码。The terminal is configured to send a verification code acquisition request to the identity verification device (such as a server), and receive a verification code returned by the identity verification device (such as a server).

又例如,若该身份验证装置集成在终端中,则该身份验证系统还可以其他的网络侧设备,比如可以包括云端设备,如下:For another example, if the identity verification device is integrated in the terminal, the identity verification system can also include other network-side devices, such as cloud devices, as follows:

云端设备,可以用于向身份验证装置(比如终端)提供用户的用户历史信息,等等。The cloud device can be used to provide user history information of the user to an identity verification device (such as a terminal), and so on.

以上各个设备的具体实施可参见前面的实施例,在此不再赘述。For the specific implementation of each of the above devices, reference may be made to the foregoing embodiments, and details are not repeated here.

由于该身份验证系统可以包括本发明实施例所提供的任一种身份验证装置,因此,可以实现本发明实施例所提供的任一种身份验证装置所能实现的有益效果,详见前面的实施例,在此不再赘述。Since the identity verification system can include any identity verification device provided by the embodiment of the present invention, it can achieve the beneficial effects that any identity verification device provided by the embodiment of the present invention can achieve. For details, see the previous implementation example, which will not be repeated here.

实施例五、Embodiment five,

本发明实施例还提供一种服务器,如图4所示,其示出了本发明实施例所涉及的服务器的结构示意图,具体来讲:The embodiment of the present invention also provides a server, as shown in FIG. 4, which shows a schematic structural diagram of the server involved in the embodiment of the present invention, specifically:

该服务器可以包括一个或者一个以上处理核心的处理器401、一个或一个以上计算机可读存储介质的存储器402、射频(Radio Frequency,RF)电路403、电源404、输入单元405、以及显示单元406等部件。本领域技术人员可以理解,图4中示出的服务器结构并不构成对服务器的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。其中:The server may include a processor 401 of one or more processing cores, a memory 402 of one or more computer-readable storage media, a radio frequency (Radio Frequency, RF) circuit 403, a power supply 404, an input unit 405, and a display unit 406, etc. part. Those skilled in the art can understand that the server structure shown in FIG. 4 is not limited to the server, and may include more or less components than shown in the figure, or combine some components, or arrange different components. in:

处理器401是该服务器的控制中心,利用各种接口和线路连接整个服务器的各个部分,通过运行或执行存储在存储器402内的软件程序和/或模块,以及调用存储在存储器402内的数据,执行服务器的各种功能和处理数据,从而对服务器进行整体监控。可选的,处理器401可包括一个或多个处理核心;优选的,处理器401可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器401中。The processor 401 is the control center of the server, and uses various interfaces and lines to connect various parts of the entire server, by running or executing software programs and/or modules stored in the memory 402, and calling data stored in the memory 402, Execute various functions of the server and process data to monitor the server as a whole. Optionally, the processor 401 may include one or more processing cores; preferably, the processor 401 may integrate an application processor and a modem processor, wherein the application processor mainly processes operating systems, user interfaces, and application programs, etc. , the modem processor mainly handles wireless communications. It can be understood that the foregoing modem processor may not be integrated into the processor 401 .

存储器402可用于存储软件程序以及模块,处理器401通过运行存储在存储器402的软件程序以及模块,从而执行各种功能应用以及数据处理。存储器402可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据服务器的使用所创建的数据等。此外,存储器402可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。相应地,存储器402还可以包括存储器控制器,以提供处理器401对存储器402的访问。The memory 402 can be used to store software programs and modules, and the processor 401 executes various functional applications and data processing by running the software programs and modules stored in the memory 402 . The memory 402 can mainly include a program storage area and a data storage area, wherein the program storage area can store an operating system, at least one application program required by a function (such as a sound playback function, an image playback function, etc.); The data created by the use of the server, etc. In addition, the memory 402 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage devices. Correspondingly, the memory 402 may further include a memory controller to provide the processor 401 with access to the memory 402 .

RF电路403可用于收发信息过程中,信号的接收和发送,特别地,将基站的下行信息接收后,交由一个或者一个以上处理器401处理;另外,将涉及上行的数据发送给基站。通常,RF电路403包括但不限于天线、至少一个放大器、调谐器、一个或多个振荡器、用户身份模块(SIM)卡、收发信机、耦合器、低噪声放大器(LNA,Low Noise Amplifier)、双工器等。此外,RF电路403还可以通过无线通信与网络和其他设备通信。所述无线通信可以使用任一通信标准或协议,包括但不限于全球移动通讯系统(GSM,Global System of Mobilecommunication)、通用分组无线服务(GPRS,General Packet Radio Service)、码分多址(CDMA,Code Division Multiple Access)、宽带码分多址(WCDMA,Wideband CodeDivision Multiple Access)、长期演进(LTE,Long Term Evolution)、电子邮件、短消息服务(SMS,Short Messaging Service)等。The RF circuit 403 can be used for receiving and sending signals in the process of sending and receiving information. In particular, after receiving the downlink information from the base station, it is processed by one or more processors 401; in addition, the uplink data is sent to the base station. Generally, the RF circuit 403 includes, but is not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, a subscriber identity module (SIM) card, a transceiver, a coupler, a low noise amplifier (LNA, Low Noise Amplifier) , duplexer, etc. In addition, the RF circuit 403 can also communicate with networks and other devices through wireless communication. The wireless communication can use any communication standard or protocol, including but not limited to Global System for Mobile Communications (GSM, Global System of Mobilecommunication), General Packet Radio Service (GPRS, General Packet Radio Service), Code Division Multiple Access (CDMA, Code Division Multiple Access), Wideband Code Division Multiple Access (WCDMA, Wideband Code Division Multiple Access), Long Term Evolution (LTE, Long Term Evolution), email, Short Message Service (SMS, Short Messaging Service), etc.

服务器还包括给各个部件供电的电源404(比如电池),优选的,电源404可以通过电源管理系统与处理器401逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。电源404还可以包括一个或一个以上的直流或交流电源、再充电系统、电源故障检测电路、电源转换器或者逆变器、电源状态指示器等任意组件。The server also includes a power supply 404 (such as a battery) for supplying power to each component. Preferably, the power supply 404 can be logically connected to the processor 401 through the power management system, so that functions such as charging, discharging, and power consumption management can be realized through the power management system. The power supply 404 may also include one or more DC or AC power supplies, recharging systems, power failure detection circuits, power converters or inverters, power status indicators, and other arbitrary components.

该服务器还可包括输入单元405,该输入单元405可用于接收输入的数字或字符信息,以及产生与用户设置以及功能控制有关的键盘、鼠标、操作杆、光学或者轨迹球信号输入。具体地,在一个具体的实施例中,输入单元405可包括触敏表面以及其他输入设备。触敏表面,也称为触摸显示屏或者触控板,可收集用户在其上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触敏表面上或在触敏表面附近的操作),并根据预先设定的程式驱动相应的连接装置。可选的,触敏表面可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器401,并能接收处理器401发来的命令并加以执行。此外,可以采用电阻式、电容式、红外线以及表面声波等多种类型实现触敏表面。除了触敏表面,输入单元405还可以包括其他输入设备。具体地,其他输入设备可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)、轨迹球、鼠标、操作杆等中的一种或多种。The server can also include an input unit 405, which can be used to receive input numbers or character information, and generate keyboard, mouse, joystick, optical or trackball signal input related to user settings and function control. Specifically, in a specific embodiment, the input unit 405 may include a touch-sensitive surface as well as other input devices. A touch-sensitive surface, also known as a touch display or trackpad, collects user touch operations on or near it (for example, the user uses a finger, stylus, etc. any suitable object or accessory on the touch-sensitive surface or on the touch-sensitive Operation near the surface), and drive the corresponding connection device according to the preset program. Optionally, the touch-sensitive surface may include two parts: a touch detection device and a touch controller. Among them, the touch detection device detects the user's touch orientation, detects the signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts it into contact coordinates, and sends it to to the processor 401, and can receive and execute commands sent by the processor 401. In addition, touch-sensitive surfaces can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic wave. In addition to touch-sensitive surfaces, the input unit 405 may also include other input devices. Specifically, other input devices may include, but are not limited to, one or more of physical keyboards, function keys (such as volume control keys, switch keys, etc.), trackballs, mice, joysticks, and the like.

该服务器还可包括显示单元406,该显示单元406可用于显示由用户输入的信息或提供给用户的信息以及服务器的各种图形用户接口,这些图形用户接口可以由图形、文本、图标、视频和其任意组合来构成。显示单元406可包括显示面板,可选的,可以采用液晶显示器(LCD,Liquid Crystal Display)、有机发光二极管(OLED,Organic Light-EmittingDiode)等形式来配置显示面板。进一步的,触敏表面可覆盖显示面板,当触敏表面检测到在其上或附近的触摸操作后,传送给处理器401以确定触摸事件的类型,随后处理器401根据触摸事件的类型在显示面板上提供相应的视觉输出。虽然在图4中,触敏表面与显示面板是作为两个独立的部件来实现输入和输入功能,但是在某些实施例中,可以将触敏表面与显示面板集成而实现输入和输出功能。The server can also include a display unit 406, which can be used to display information input by the user or information provided to the user and various graphical user interfaces of the server. These graphical user interfaces can be composed of graphics, text, icons, video and any combination of them. The display unit 406 may include a display panel, and optionally, the display panel may be configured in the form of a liquid crystal display (LCD, Liquid Crystal Display), an organic light-emitting diode (OLED, Organic Light-Emitting Diode), and the like. Further, the touch-sensitive surface may cover the display panel, and when the touch-sensitive surface detects a touch operation on or near it, the touch operation is sent to the processor 401 to determine the type of the touch event, and then the processor 401 displays on the display according to the type of the touch event. The corresponding visual output is provided on the panel. Although in FIG. 4, the touch-sensitive surface and the display panel are used as two independent components to realize the input and input functions, in some embodiments, the touch-sensitive surface and the display panel can be integrated to realize the input and output functions.

尽管未示出,服务器还可以包括摄像头、蓝牙模块等,在此不再赘述。具体在本实施例中,服务器中的处理器401会按照如下的指令,将一个或一个以上的应用程序的进程对应的可执行文件加载到存储器402中,并由处理器401来运行存储在存储器402中的应用程序,从而实现各种功能,如下:Although not shown, the server may also include a camera, a Bluetooth module, etc., which will not be repeated here. Specifically, in this embodiment, the processor 401 in the server will load the executable file corresponding to the process of one or more application programs into the memory 402 according to the following instructions, and the processor 401 will run the executable file stored in the memory. 402 in order to achieve various functions, as follows:

接收用户发起的验证码获取请求,根据该验证码获取请求获取该用户的用户历史信息,根据该用户历史信息生成验证码,基于生成的验证码对该用户进行身份验证。Receive a verification code acquisition request initiated by a user, obtain user history information of the user according to the verification code acquisition request, generate a verification code according to the user history information, and authenticate the user based on the generated verification code.

例如,具体可以对该用户当前所处的网络环境进行检测,得到网络环境信息,根据该网络环境信息从该用户历史信息中选择相应的信息,得到素材信息,根据该素材信息生成验证码。For example, it is possible to detect the current network environment of the user to obtain network environment information, select corresponding information from the user's historical information according to the network environment information, obtain material information, and generate a verification code according to the material information.

以上各个操作的具体实施可参见前面的实施例,在此不再赘述。For the specific implementation of the above operations, reference may be made to the foregoing embodiments, and details are not repeated here.

由上可知,本实施例在接收到用户发起的验证码获取请求之后,可以根据该验证码获取请求获取该用户的用户历史信息,并根据该用户历史信息生成验证码,然后,基于生成的验证码对该用户进行身份验证;由于在该方案中,生成验证码的素材主要来源于用户自己的行为,因此,私密性较高,大大提高了非法入侵者破解的难度,所以,相对于现有方案而已,该方案可以大大提高身份验证的可靠性,有利于提高信息的安全性。As can be seen from the above, after receiving the verification code acquisition request initiated by the user, this embodiment can obtain the user's user history information according to the verification code acquisition request, and generate a verification code according to the user history information, and then, based on the generated verification code code to authenticate the user; because in this scheme, the material for generating the verification code mainly comes from the user's own behavior, so the privacy is high, which greatly increases the difficulty for illegal intruders to crack. Therefore, compared with the existing It is just a solution, which can greatly improve the reliability of identity verification and help improve the security of information.

本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读存储介质中,存储介质可以包括:只读存储器(ROM,Read Only Memory)、随机存取记忆体(RAM,RandomAccess Memory)、磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps in the various methods of the above-mentioned embodiments can be completed by instructing related hardware through a program, and the program can be stored in a computer-readable storage medium, and the storage medium can include: Read Only Memory (ROM, Read Only Memory), Random Access Memory (RAM, Random Access Memory), disk or CD, etc.

以上对本发明实施例所提供的一种身份验证方法、装置和系统进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。The above is a detailed introduction to an identity verification method, device and system provided by the embodiment of the present invention. In this paper, specific examples are used to illustrate the principle and implementation of the present invention. The description of the above embodiment is only used to help understanding The method of the present invention and its core idea; at the same time, for those skilled in the art, according to the idea of the present invention, there will be changes in the specific implementation and scope of application. In summary, the content of this specification should not be understood To limit the present invention.

Claims (15)

  1. A kind of 1. auth method, it is characterised in that including:
    Receive Client-initiated identifying code and obtain request;
    The user history information of user according to the identifying code obtains acquisition request;
    Identifying code is generated according to the user history information;
    Authentication is carried out to the user based on the identifying code of generation.
  2. 2. according to the method for claim 1, it is characterised in that it is described that identifying code is generated according to the user history information, Including:
    The network environment being presently in the user detects, and obtains network environment information;
    Corresponding information is selected from the user history information according to the network environment information, obtains material information;
    Identifying code is generated according to the material information.
  3. 3. according to the method for claim 2, it is characterised in that described to be gone through according to the network environment information from the user Corresponding information is selected in history information, obtains material information, including:
    The safe class of current network conditions is determined according to the network environment information;
    Corresponding information is selected from the user history information according to the safe class, obtains material information.
  4. 4. according to the method for claim 3, it is characterised in that described to be believed according to the safe class from the user's history Corresponding information is selected in breath, obtains material information, including:
    Default screening set information is obtained, the screening set information includes safe class and the information sifting side of network environment Corresponding relation between formula;
    Information sifting mode corresponding with the safe class is determined according to the screening set information;
    The user history information is screened according to the information sifting mode of determination, obtains material information.
  5. 5. according to the method for claim 4, it is characterised in that before the default screening set information of acquisition, also wrap Include:
    Receive the setting request of user;
    According to the corresponding relation for setting request to establish between the safe class of network environment and information sifting mode;
    The corresponding relation is preserved into screening set information.
  6. 6. according to the method described in any one of claim 2 to 5, it is characterised in that described to be tested according to material information generation Code is demonstrate,proved, including:
    Scramble data is added in the material information, obtains integrated information;
    The integrated information is handled using preset strategy, is verified code.
  7. 7. according to the method described in any one of claim 1 to 5, it is characterised in that it is described based on the identifying code of generation to described User carries out authentication, including:
    The identifying code of generation is sent to the user, and receives the checking information of user's input;
    The checking information is matched with default check information;
    If match, it is determined that authentication passes through;
    If mismatch, it is determined that authentication does not pass through.
  8. A kind of 8. authentication means, it is characterised in that including:
    Receiving unit, request is obtained for receiving Client-initiated identifying code;
    Acquiring unit, the user history information for the user according to identifying code acquisition acquisition request;
    Generation unit, for generating identifying code according to the user history information;
    Authentication unit, for carrying out authentication to the user based on the identifying code of generation.
  9. 9. device according to claim 8, it is characterised in that it is single that the generation unit includes detection sub-unit, selection Member and generation subelement;
    The detection sub-unit, the network environment for being presently in the user detect, and obtain network environment information;
    The selection subelement, for selecting corresponding letter from the user history information according to the network environment information Breath, obtains material information;
    The generation subelement, for generating identifying code according to the material information.
  10. 10. device according to claim 9, it is characterised in that
    The selection subelement, the safe class specifically for determining current network conditions according to the network environment information, root Corresponding information is selected from the user history information according to the safe class, obtains material information.
  11. 11. device according to claim 10, it is characterised in that
    The selection subelement, specifically for obtaining default screening set information, the screening set information includes network rings Corresponding relation between the safe class and information sifting mode in border, according to screening set information determination and described safety etc. Information sifting mode corresponding to level, screens to the user history information according to the information sifting mode of determination, obtains element Material information.
  12. 12. device according to claim 11, it is characterised in that also including setting unit;
    The receiving unit, it is additionally operable to receive the setting request of user;
    The setting unit, for setting request to establish between the safe class of network environment and information sifting mode according to described Corresponding relation, the corresponding relation is preserved into screening set information.
  13. 13. according to the device described in any one of claim 9 to 12, it is characterised in that
    The generation subelement, specifically for adding scramble data in the material information, integrated information is obtained, using default Strategy is handled the integrated information, is verified code.
  14. 14. according to the device described in any one of claim 8 to 12, it is characterised in that the authentication unit, be specifically used for:
    The identifying code of generation is sent to the user, and receives the checking information of user's input;
    The checking information is matched with default check information;
    If match, it is determined that authentication passes through;
    If mismatch, it is determined that authentication does not pass through.
  15. 15. a kind of authentication system, it is characterised in that including the authentication means described in any one of claim 8 to 14.
CN201610934283.6A 2016-10-31 2016-10-31 An identity verification method, device and system Pending CN107742067A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610934283.6A CN107742067A (en) 2016-10-31 2016-10-31 An identity verification method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610934283.6A CN107742067A (en) 2016-10-31 2016-10-31 An identity verification method, device and system

Publications (1)

Publication Number Publication Date
CN107742067A true CN107742067A (en) 2018-02-27

Family

ID=61235145

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610934283.6A Pending CN107742067A (en) 2016-10-31 2016-10-31 An identity verification method, device and system

Country Status (1)

Country Link
CN (1) CN107742067A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108491734A (en) * 2018-03-27 2018-09-04 南京工业大学 Online debugging method for computer software
CN108600244A (en) * 2018-05-03 2018-09-28 惠龙易通国际物流股份有限公司 A kind of identity identifying method, equipment, system and computer storage media
CN110032860A (en) * 2018-12-27 2019-07-19 阿里巴巴集团控股有限公司 Push, methods of exhibiting, device and the equipment of login mode
CN110046490A (en) * 2019-03-06 2019-07-23 阿里巴巴集团控股有限公司 A kind of verification code generation method and device
CN112671738A (en) * 2020-12-16 2021-04-16 平安普惠企业管理有限公司 Login method, device, terminal and storage medium of enterprise internal system
CN113378142A (en) * 2021-06-28 2021-09-10 平安普惠企业管理有限公司 Verification method, device and equipment based on graphic verification code and storage medium
CN113965369A (en) * 2021-10-19 2022-01-21 北京顶象技术有限公司 Verification graph obtaining method and device
CN117851997A (en) * 2023-11-27 2024-04-09 北京青矩互联科技有限公司 Authentication method, device, electronic device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102957682A (en) * 2011-08-30 2013-03-06 北京百度网讯科技有限公司 Method and equipment for providing picture verification code based on verification security level
CN104184705A (en) * 2013-05-23 2014-12-03 腾讯科技(深圳)有限公司 Verification method, apparatus, server, user data center and system
CN104954131A (en) * 2014-03-31 2015-09-30 腾讯科技(深圳)有限公司 Method for verifying verification code and system thereof
CN105099675A (en) * 2014-04-17 2015-11-25 阿里巴巴集团控股有限公司 Method and device for generating authentication data for identity authentication and method and device for identity authentication
CN105827409A (en) * 2016-02-29 2016-08-03 宇龙计算机通信科技(深圳)有限公司 Identity verification method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102957682A (en) * 2011-08-30 2013-03-06 北京百度网讯科技有限公司 Method and equipment for providing picture verification code based on verification security level
CN104184705A (en) * 2013-05-23 2014-12-03 腾讯科技(深圳)有限公司 Verification method, apparatus, server, user data center and system
CN104954131A (en) * 2014-03-31 2015-09-30 腾讯科技(深圳)有限公司 Method for verifying verification code and system thereof
CN105099675A (en) * 2014-04-17 2015-11-25 阿里巴巴集团控股有限公司 Method and device for generating authentication data for identity authentication and method and device for identity authentication
CN105827409A (en) * 2016-02-29 2016-08-03 宇龙计算机通信科技(深圳)有限公司 Identity verification method and device

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108491734A (en) * 2018-03-27 2018-09-04 南京工业大学 Online debugging method for computer software
CN108600244A (en) * 2018-05-03 2018-09-28 惠龙易通国际物流股份有限公司 A kind of identity identifying method, equipment, system and computer storage media
CN110032860A (en) * 2018-12-27 2019-07-19 阿里巴巴集团控股有限公司 Push, methods of exhibiting, device and the equipment of login mode
CN110046490A (en) * 2019-03-06 2019-07-23 阿里巴巴集团控股有限公司 A kind of verification code generation method and device
CN112671738A (en) * 2020-12-16 2021-04-16 平安普惠企业管理有限公司 Login method, device, terminal and storage medium of enterprise internal system
CN113378142A (en) * 2021-06-28 2021-09-10 平安普惠企业管理有限公司 Verification method, device and equipment based on graphic verification code and storage medium
CN113965369A (en) * 2021-10-19 2022-01-21 北京顶象技术有限公司 Verification graph obtaining method and device
CN113965369B (en) * 2021-10-19 2024-05-28 北京顶象技术有限公司 Verification graph acquisition method and device
CN117851997A (en) * 2023-11-27 2024-04-09 北京青矩互联科技有限公司 Authentication method, device, electronic device and storage medium

Similar Documents

Publication Publication Date Title
EP3854049B1 (en) Nonce handler for single sign on authentication in reverse proxy solutions
CN107742067A (en) An identity verification method, device and system
US9351165B2 (en) Identity verifying method, account acquiring method, and mobile terminal
US9703971B2 (en) Sensitive operation verification method, terminal device, server, and verification system
US9635018B2 (en) User identity verification method and system, password protection apparatus and storage medium
WO2014108005A1 (en) Co-verification method, two-dimensional code generation method, and device and system therefor
US20160241589A1 (en) Method and apparatus for identifying malicious website
CN107643977A (en) The method and Related product of Anti-addiction
CN104683301B (en) Password storage method and device
CN106453402B (en) A kind of data processing method and equipment
CN108881103B (en) Network access method and device
CN107623690A (en) Login method, device and storage medium
WO2016078504A1 (en) Identity authentication method and device
CN108234124A (en) Auth method, device and system
CN107609407A (en) Method and device for protecting information security in user terminal
CN105790945B (en) An authentication method, device and system for realizing unique user identity authentication
CN106487798A (en) Data synchronization method and device
CN106650490A (en) Cloud account number login method and device
CN104573437A (en) Information authentication method, device and terminal
CN106407771A (en) Message management method and device
CN107577933B (en) Application login method and device, computer equipment and computer readable storage medium
CN106656985A (en) Backup account login method, device and system
WO2016141797A1 (en) Information processing method and apparatus, and computer-readable medium
CN102685178A (en) Remote operation system and remote operation method for terminal
CN108234409A (en) Auth method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180227

RJ01 Rejection of invention patent application after publication