Disclosure of Invention
      The embodiment of the application provides an identity authentication method, an identity authentication device, identity authentication equipment and a storage medium, and aims to solve the problems that password resetting fails or user information safety cannot be guaranteed in the conventional password resetting method.
      In a first aspect, an embodiment of the present application provides an identity authentication method, which is applied to a mobile device, and the method includes:
      when the service terminal is detected, entering a password resetting mode and opening an electronic certificate of a user to which the mobile equipment belongs;
      sending the user electronic certificate information borne by the electronic certificate to the service terminal;
      receiving an identity verification result pushed by the service terminal, wherein the identity verification result is used for representing whether the identity of the user passes verification;
      and executing a password resetting function when the authentication of the user is determined to be passed.
      In the embodiment of the application, when the user identity authentication is determined to pass based on the electronic certificate information of the user borne by the electronic certificate, the password resetting function is executed, and on the basis of ensuring the information security of equipment, the problem of secret protection does not need to be set, so that the problem of resetting failure is avoided, and the user viscosity is improved.
      In one possible design of the first aspect, before the performing the password reset function, the method further includes:
      sending prompt information for requesting to input biological characteristics;
      collecting user biological characteristic information input by the user based on the prompt information;
      verifying the collected user biological characteristic information according to the biological characteristic information which is input in the mobile equipment to obtain a biological characteristic verification result;
      when the authentication of the user is determined to be passed, executing a password resetting function, comprising:
      and executing a password resetting function when the authentication of the user is determined to be passed and the biometric information of the user is determined to be passed.
      In the embodiment of the application, a more credible identity verification result can be provided based on a double-factor scheme of user electronic certificate information and biological characteristic information identification, and the safety of user information during password resetting is ensured.
      Optionally, the method further includes:
      acquiring a password resetting function starting request sent by the user after setting a screen locking password for the mobile equipment;
      detecting whether the user has opened the function of the electronic certificate according to the password resetting function opening request;
      and guiding the user to open the function of the electronic certificate when the user is determined not to open the function of the electronic certificate.
      In this embodiment, when the user sets a screen locking password for the mobile device and activates the password resetting function, it is determined that the user has activated the function of the electronic certificate, which provides a possibility for subsequently authenticating the user based on the certificate.
      Illustratively, the function of guiding the user to open the electronic certificate comprises:
      sending a certificate acquisition request to a service terminal, wherein the certificate acquisition request comprises: an identity of the user;
      and receiving the user electronic certificate information borne by the electronic certificate sent by the service terminal, wherein the user electronic certificate information is the user identity information which is received from an authentication server and verified by the service terminal.
      The electronic certificate of the user is acquired from the authentication server, so that the reliability of the electronic certificate information borne on the electronic certificate in the mobile equipment is ensured.
      Optionally, when it is determined that the user does not activate the function of the electronic certificate, after the user is guided to activate the function of the electronic certificate, the method further includes:
      detecting whether the biological characteristic information of the user is input into the mobile equipment or not according to the password resetting function starting request;
      upon determining that the biometric information of the user is not entered in the mobile device, directing the user to enter the biometric information.
      Optionally, when the user sets a screen locking password for the mobile device and activates the password resetting function, the user is determined to have activated the function of the electronic certificate, and meanwhile, the biological feature information of the user is also entered into the mobile device, so that the security of the information in the mobile device can be further ensured.
      Optionally, the method further includes:
      associating the biometric information with the electronic certificate;
      and storing the biological characteristic information and the user electronic certificate information carried by the electronic certificate.
      In this embodiment, when it is determined that the user has the function of opening the electronic certificate and the biometric information of the user is entered into the mobile device, the mobile device may associate and store the electronic certificate and the biometric information, so as to bind the mobile device and the true identity of the user to which the device belongs, thereby ensuring the authenticity and reliability of the associated information.
      In another possible design of the embodiment of the present application, the sending, to the service terminal, the user electronic certificate information carried by the electronic certificate includes:
      and sending the user electronic certificate information borne by the electronic certificate to the service terminal based on a built-in near field communication module of the mobile equipment.
      The information transmission is carried out through the near field communication module, so that the transmission efficiency can be improved, and the information safety is ensured.
      In yet another possible design of the embodiment of the present application, before the sending, to the service terminal, the user electronic certificate information carried by the electronic certificate, the method further includes:
      determining that the service terminal and the mobile device pass two-way authentication;
      establishing a secure connection between the mobile device and the service terminal.
      In this embodiment, the service terminal and the mobile device pass through mutual authentication, and establishing a secure connection is a prerequisite for performing authentication and is also a basis for performing password resetting.
      In a second aspect, an embodiment of the present application provides an identity authentication method, which is applied to a service terminal, and the method includes:
      when mobile equipment of a password to be reset is detected, a password reset request sent by a user is acquired;
      acquiring user electronic certificate information set in the mobile equipment according to the password resetting request;
      verifying the identity of the user based on the electronic certificate information of the user to obtain an identity verification result;
      and pushing the identity authentication result to the mobile equipment.
      In this embodiment, the service terminal performs authentication on the user based on the user electronic certificate information acquired based on the mobile device, and sends an authentication result to the mobile device, so that the mobile device does not need to set a secret protection problem on the basis of ensuring the information security of the device, the problem of failure in resetting is avoided, and the user stickiness is improved.
      In a possible design of the second aspect, the acquiring, according to the password reset request, user electronic certificate information set in the mobile device includes:
      determining the identity of the mobile device according to the password resetting request;
      and receiving user electronic certificate information from the mobile equipment based on a built-in near field communication module of the service terminal.
      Optionally, the verifying the identity of the user based on the electronic certificate information of the user to obtain an identity verification result includes:
      sending an equipment identity verification request to an authentication server, wherein the equipment identity verification request comprises: the user electronic certificate information;
      receiving a face image acquisition instruction sent by the authentication server;
      acquiring the face image information of the user by utilizing a camera shooting component on the service terminal based on the face image acquisition instruction;
      and sending the face image information to the authentication server, and receiving an identity verification result sent by the authentication server, wherein the identity verification result is a result of verifying the user electronic certificate information and the face image information by the authentication server.
      In the scheme, the service terminal is combined with the authentication server to carry out identity verification, the authentication server can be a government identity authentication server, the authentication of the electronic certificate information of the user is endorsed by the state, the credibility is high, and the accuracy of identity authentication is improved. In addition, the authentication server can also send the certification file of the identity verification result to the service terminal so as to be stored by the service terminal, thereby facilitating the subsequent inquiry of the user and improving the user experience.
      Optionally, the method further includes:
      receiving an attestation file of the authentication result from the authentication server;
      and storing the identity verification result and the certification document.
      In this embodiment, the authentication server sends the certificate of the authentication result to the service terminal, so that the service terminal can store the certificate, thereby facilitating the subsequent query of the user and improving the user experience.
      In another possible design of the second aspect, the method further includes:
      when the mobile device starts a password resetting function, receiving a certificate acquisition request from the mobile device, wherein the certificate acquisition request comprises: an identity of the user;
      receiving the electronic certificate information of the user from an authentication server according to the identification of the user;
      and sending the user electronic certificate information to the mobile equipment.
      In yet another possible design of the second aspect, before the obtaining of the user electronic certificate information set in the mobile device according to the password reset request, the method further includes:
      determining that the service terminal and the mobile device pass two-way authentication;
      establishing a secure connection between the mobile device and the service terminal.
      In a third aspect, an embodiment of the present application provides an identity authentication apparatus, which is applied to a mobile device, and the apparatus includes: the device comprises a processing module, a sending module and a receiving module;
      the processing module is used for entering a password resetting mode and opening the electronic certificate of the user to which the mobile equipment belongs when the service terminal is detected;
      the sending module is used for sending the user electronic certificate information borne by the electronic certificate to the service terminal;
      the receiving module is configured to receive an authentication result pushed by the service terminal, where the authentication result is used to represent whether the identity of the user passes authentication;
      the processing module is further configured to execute a password resetting function when it is determined that the authentication of the user passes.
      In a possible design of the third aspect, the sending module is further configured to send a prompt requesting to input a biometric feature before the processing module executes the password resetting function;
      the processing module is further configured to collect user biometric information input by the user based on the prompt information, and verify the collected user biometric information according to the biometric information entered in the mobile device to obtain a biometric verification result;
      the processing module is configured to execute a password resetting function when it is determined that the authentication of the user passes, and specifically includes:
      the processing module is specifically configured to execute a password resetting function when it is determined that the user passes the authentication and the user passes the biometric information authentication.
      Optionally, the processing module is further configured to:
      acquiring a password resetting function starting request sent by the user after setting a screen locking password for the mobile equipment;
      detecting whether the user has opened the function of the electronic certificate according to the password resetting function opening request;
      and guiding the user to open the function of the electronic certificate when the user is determined not to open the function of the electronic certificate.
      Optionally, the processing module is configured to guide the user to activate a function of the electronic certificate, and specifically includes:
      the processing module is specifically configured to send a certificate acquisition request to a service terminal through the sending module, where the certificate acquisition request includes: the identification of the user and the user electronic certificate information borne by the electronic certificate sent by the service terminal are received through the receiving module, wherein the user electronic certificate information is the user identity information which is received and verified by the service terminal from an authentication server.
      In another possible design of the third aspect, the processing module is further configured to, after guiding the user to activate the function of the electronic certificate when it is determined that the user does not activate the function of the electronic certificate, detect whether biometric information of the user is already entered in the mobile device according to the password reset function activation request, and guide the user to enter the biometric information when it is determined that biometric information of the user is not entered in the mobile device.
      Optionally, the processing module is further configured to associate the biometric information with the electronic certificate, and store the biometric information and the user electronic certificate information carried by the electronic certificate.
      In still another possible design of the third aspect, the sending module is configured to send, to the service terminal, user electronic certificate information carried by the electronic certificate, and specifically:
      the sending module is specifically configured to send, to the service terminal, user electronic certificate information borne by the electronic certificate based on a near field communication module built in the mobile device.
      In yet another possible design of the third aspect, the processing module is further configured to determine that the service terminal and the mobile device are authenticated bidirectionally and establish a secure connection between the mobile device and the service terminal before the sending module sends the user electronic certificate information carried by the electronic certificate to the service terminal.
      In a fourth aspect, an embodiment of the present application provides an identity authentication apparatus, which is applied to a service terminal, and the apparatus includes: the device comprises a processing module, a receiving module and a sending module;
      the processing module is used for acquiring a password resetting request sent by a user when the mobile equipment of the password to be reset is detected;
      the receiving module is used for acquiring the user electronic certificate information set in the mobile equipment according to the password resetting request;
      the processing module is further used for verifying the identity of the user based on the electronic certificate information of the user to obtain an identity verification result;
      the sending module is used for pushing the identity authentication result to the mobile equipment.
      In a possible design of the fourth aspect, the processing module is configured to acquire, according to the password resetting request, user electronic certificate information set in the mobile device, and specifically:
      the processing module is specifically configured to determine an identifier of the mobile device according to the password resetting request, and receive user electronic certificate information from the mobile device based on a near field communication module built in the service terminal.
      Optionally, the processing module is configured to verify the identity of the user based on the electronic certificate information of the user to obtain an identity verification result, and specifically includes:
      the processing module is specifically configured to:
      sending an equipment identity verification request to an authentication server through the sending module, wherein the equipment identity verification request comprises: the user electronic certificate information;
      receiving a human face image acquisition instruction sent by the authentication server through the receiving module;
      acquiring the face image information of the user by utilizing a camera shooting component on the service terminal based on the face image acquisition instruction;
      the face image information is sent to the authentication server through the sending module, and the identity verification result sent by the authentication server is received through the receiving module, wherein the identity verification result is the result of the authentication server verifying the user electronic certificate information and the face image information.
      Optionally, the receiving module is further configured to receive an attestation file of the authentication result from the authentication server;
      the processing module is further used for storing the identity verification result and the certification document.
      In another possible design of the fourth aspect, the receiving module is further configured to receive a certificate acquisition request from the mobile device when the mobile device starts a password resetting function, where the certificate acquisition request includes: the user identification receives the user electronic certificate information from an authentication server according to the user identification;
      the sending module is further used for sending the user electronic certificate information to the mobile device.
      In yet another possible design of the fourth aspect, the processing module is further configured to determine that the service terminal and the mobile device pass through bidirectional authentication and establish a secure connection between the mobile device and the service terminal before the receiving module obtains the user electronic certificate information set in the mobile device according to the password resetting request.
      In a fifth aspect, the present application provides a mobile device comprising: a processor, a memory, a transceiver and a system bus, wherein the memory and the transceiver are connected to the processor for mutual communication via the system bus, the memory is used for storing computer program instructions, the transceiver is used for communicating with other devices, and the processor implements the method provided by the first aspect and each possible design when executing the computer program instructions stored in the memory.
      In a sixth aspect, the present application provides a service terminal, including: the system comprises a processor, a memory, a transceiver and a system bus, wherein the memory and the transceiver are connected with the processor through the system bus to communicate with each other, the memory is used for storing computer program instructions, the transceiver is used for communicating with other devices, and the processor realizes the method provided by the second aspect when executing the computer program instructions stored by the memory.
      Optionally, in a specific implementation of the fifth aspect or the sixth aspect, the processor may be a chip.
      In a seventh aspect, the present application provides a computer readable storage medium having stored thereon computer program instructions for implementing the method of the first aspect and various possible designs when executed by a processor.
      In an eighth aspect, the present application provides a computer-readable storage medium having stored therein computer program instructions for implementing the method provided by the second aspect when executed by a processor.
      According to the identity authentication method, the device, the equipment and the storage medium, when the mobile equipment detects the service terminal, the mobile equipment enters the password resetting mode and opens the electronic certificate of the user to which the mobile equipment belongs, so that when the service terminal detects the mobile equipment of which the password is to be reset, the password resetting request sent by the user is obtained, further, according to the password resetting request, the user electronic certificate information set in the mobile equipment is obtained, the identity of the user is authenticated based on the user electronic certificate information, the identity authentication result is obtained and fed back to the mobile equipment, and when the mobile equipment determines that the identity authentication of the user passes, the password resetting function is executed. In the technical scheme, the reset of the screen locking password can be realized on the premise of ensuring the information security of the mobile equipment, the problem of secret protection setting by a user is not needed, and the problem of password reset failure is avoided.
    
    
      Detailed Description
      The identity authentication method provided by the embodiment of the application is applied to an identity authentication system, and fig. 1 is a schematic structural diagram of the identity authentication system provided by the embodiment of the application. As shown in fig. 1, the authentication system may include: a service terminal 11, at least one mobile device and an authentication server 13. Fig. 1 illustrates a mobile device 12.
      Referring to fig. 1, the mobile device 12 may include a Near Field Communication (NFC) module 121, a device authentication unit 122, and a password resetting unit 123. The NFC module 121 mainly sends the electronic identification card information in the mobile device 12 to the service terminal 123, the device authentication unit 122 is configured to authenticate the validity of the service terminal 11 (verify whether the service terminal is a device authorized by a device manufacturer), the password resetting unit 123 is configured to set a lock screen password, verify the identity of the user based on the information of the biometric feature identification and the electronic certificate of the authority, and finally realize resetting of the lock screen password.
      The service terminal 11 is installed with an electronic identity card client 110, and the service terminal 11 may further include an NFC module 111, a device authentication unit 112, a password resetting unit 113, and a log recording unit 114. The NFC module 111 is configured to read electronic identification card information from the mobile device. The device authentication unit 112 is used to authenticate the validity of the mobile device (verify whether the mobile device is a manufacturer-produced mobile device). The password resetting unit 113 is responsible for providing an adaptive function of resetting a password, such as completing reading of electronic identification card information and issuing an identification result to return to the mobile device. The electronic identity card client 110 is mainly in butt joint with an authentication server 13 (an authority (such as a public security bureau) server), establishes connection with the authentication server based on authentication service connection, provides a function of user electronic identity card information, and acquires face image information of a user based on a camera component. The logging unit 114 is configured to log the reset password-like sensitive operation records, and the user may query the sensitive operation records of the legitimate purchase device through the purchase voucher.
      The authentication server 13 is an authentication server (an authentication service issued by an authority (such as a public security bureau)), and includes an electronic identity database, which is mainly used to perform operations such as authentication service connection, electronic identity management, and electronic identity authentication. The authentication service connection interacts with the authentication service connection in the electronic identity client 110 in the service terminal 11, obtains the electronic identity card information from the service terminal, then performs electronic identity verification by combining the information in the electronic identity database, and returns the authentication result.
      Referring to fig. 1, when the service terminal 11 performs information interaction with the authentication server 13 to verify the validity of the electronic identity card information, the authentication service connection in the authentication server 13 mainly receives an identity verification request sent by the electronic identity card client 110 on the service terminal through the authentication service connection, and then verifies the electronic identity information based on electronic identity management. Optionally, in the process of performing electronic identity verification, the authentication server 13 may collect face information of the initiating user based on a camera of the service terminal 11, verify the face information, and store the authentication result in the electronic identity database.
      Optionally, when the mobile device 12 and the service terminal 11 satisfy a certain positional relationship, the mobile device 12 may perform information interaction with the service terminal 11, and the service terminal 11 may also perform communication with the authentication server 13.
      For example, when the user needs to reset the screen locking password of the mobile device 12, the user needs to carry the mobile device 12 to the area where the service terminal 11 is located, so that the distance between the mobile device 12 and the service terminal 11 meets a certain requirement, and the mobile device 12 and the service terminal 11 can communicate based on a preset mode.
      Specifically, when the mobile device 12 detects the service terminal 11, the mobile device 12 enters a password resetting mode and opens the electronic certificate of the user to which the mobile device 12 belongs, and when the service terminal 11 detects the mobile device 12 to which the password is to be reset, the service terminal detects a password resetting request sent by the user, performs information interaction with the mobile device based on the password resetting request, obtains electronic certificate information of the user to which the mobile device 12 belongs, and invokes the authentication server 13 to perform authentication on the user who initiates the password resetting request, so as to obtain an authentication result and feed the authentication result back to the mobile device.
      It can be understood that, in the embodiment of the present application, when the user starts the password resetting function of the mobile device 12, the function of the electronic certificate is started, that is, the electronic certificate information of the user is already stored in the mobile device and the authentication server 13, so that when the user subsequently requests to perform password resetting on the mobile device 12, the service terminal 11 may interact with the mobile device 12 and the authentication server 13 respectively so as to perform identity verification on the user who initiated the password resetting.
      Further, when the user starts the password resetting function of the mobile device 12, the biometric information of the user, such as fingerprint information, face information, and the like, may be first entered into the mobile device 12, so that when the user resets the password of the mobile device 12, the mobile device needs to verify the identity of the user based on the collected biometric information of the user and the biometric information of the user entered into the mobile device 12.
      For specific implementation of the above scheme, reference may be made to the descriptions in the following specific embodiments, which are not described herein again.
      In the embodiment of the present application, the mobile device may be a portable device (e.g., a smart phone, a smart watch, a tablet computer, a notebook computer, etc.), and the specific form of the mobile device is not limited in the present application, and may be determined according to an actual scene, which is not described herein again.
      Optionally, in this embodiment of the application, the service terminal may refer to a self-service terminal issued and authorized by a manufacturer of the mobile device, which can provide high-quality service for a user and improve a service processing speed.
      Alternatively, the authentication server is an authentication server, which may be an authentication service issued by an authority (e.g., a police office). Illustratively, the authentication server is, for example, a public security server, on which a large amount of user electronic certificate information is stored, and is mainly used for authenticating identity information in the mobile device and a user initiating a reset request to ensure the security of the device.
      First, a brief description is given of an application scenario of the embodiment of the present application.
      The cryptographic technology is a basic and core means for protecting information security, has been moved to the public from the field of outing and military affairs, and is a cross subject integrating multiple subjects of mathematics, computer science, electronics, communication and the like. The cryptographic technology not only has the function of information encryption, but also has the functions of digital signature, identity authentication, secret sharing, system security and the like. The password technology can not only ensure the confidentiality of the information, but also ensure the integrity and the usability of the information, and prevent the information from being falsified, forged and counterfeited, thereby ensuring the safety of the information.
      At the present stage, with the rapid development of the internet technology, setting a password for a device is an important means for ensuring the information security of a user in order to continuously improve the security performance of a product and improve the information security awareness of the user. However, in practical applications, a scenario may occur in which the user forgets the password set for the device by himself/herself, and for this problem, the user may restore the device by resetting the entire device or by means of a secret problem or the like.
      Specifically, when setting up the lock screen password of equipment, the user can set up the mode of retrieving the password through secret password problem simultaneously, promptly, the user can set up at least one secret password problem when setting up the lock screen password to forget the password, and when the lock screen interface of mobile device was locked, dial the number entering through emergency dial page and retrieve the password page that the system predetermines, retrieve the password or carry out password resetting at this retrieval password page through the password problem of setting up.
      The method for resetting the device can cause that the data of the user is completely emptied, so that certain problems are brought to the use of the user, and the method for recovering the device through the secret protection problem can also cause the situation that the user forgets the answer of the secret protection problem and the like, so that the problem that the device cannot be unlocked still exists.
      Aiming at the problems, the conception process of the technical scheme of the application is as follows: in actual life, a new certificate representing the identity of a user, namely an electronic identity card, appears, and the electronic identity card is a hardware carrier based on an intelligent security chip issued by the ministry of public security, and adopts a cryptography technology to realize identity authentication on the internet. To a certain extent, the electronic identity card can be equal to the entity identity card of the user, so that when the user sets the screen locking password, the user can be prompted to open the electronic identity card on the mobile equipment so as to store the electronic identity card of the user to which the mobile equipment belongs into the mobile equipment, and the password is reset by combining with a service terminal authorized by an equipment manufacturer, so that the problem of secret protection setting by the user is avoided under the condition of ensuring the safety, and the problem of failure in resetting is avoided.
      Based on the conception process of the technical scheme, the embodiment of the application provides an identity authentication method, when a mobile device detects a service terminal, the mobile device enters a password resetting mode and opens an electronic certificate of a user to which the mobile device belongs, so that when the service terminal detects the mobile device to be subjected to password resetting, a password resetting request sent by the user is obtained, further, according to the password resetting request, user electronic certificate information set in the mobile device is obtained, the identity of the user is authenticated based on the user electronic certificate information, an identity authentication result is obtained and fed back to the mobile device, and when the mobile device determines that the identity authentication of the user passes, the mobile device executes a password resetting function. In the technical scheme, the reset of the screen locking password can be realized on the premise of ensuring the information security of the mobile equipment, the problem of secret protection setting by a user is not needed, and the problem of password reset failure is avoided.
      The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
      Fig. 2 is an interaction diagram of a first embodiment of an identity authentication method according to the present application. The method is explained in terms of information interaction between a mobile device and a serving device in the system described in fig. 1. As shown in fig. 2, the method may include the steps of:
      s201, when the mobile device detects a service terminal, the mobile device enters a password resetting mode and opens an electronic certificate of a user to which the mobile device belongs.
      In the embodiment of the application, when the user forgets the password of the mobile device, the user can firstly carry the mobile device to the area where the service terminal is located, and the device screen locking password is reset in a self-service mode. Specifically, when the distance between the mobile device and the service terminal is smaller than the preset distance, the mobile device can automatically detect the service terminal, actively enter a password resetting mode, and open the electronic certificate of the user added to the mobile device.
      For example, the password reset mode refers to a mode in which the mobile device is controlled when the user forgets a password (screen locking password) of the mobile device after the mobile device is set to the password reset function. In the password resetting mode, the user can sequentially execute the password resetting operation based on the operation flow prompted by the mobile device.
      In practical application, after the electronic certificate of the user to which the mobile device belongs is stored in the mobile device, when the mobile device detects the service terminal, the mobile device can automatically open the electronic certificate of the user to which the mobile device belongs, so that the service terminal can acquire the electronic certificate information of the user borne on the electronic certificate.
      S202, when the service terminal detects the mobile equipment of the password to be reset, the service terminal acquires a password reset request sent by a user.
      In practical applications, the service terminal may maintain the state of the service. Illustratively, the service terminal has a user operation interface, and when the service terminal detects that there is at least one mobile device with a password to be reset, the service terminal may obtain a password reset request sent by a user through the user operation interface, so as to determine a target mobile device to be reset.
      And S203, the service terminal acquires the user electronic certificate information set in the mobile equipment according to the password resetting request.
      In the embodiment of the application, when a user sends a password resetting request to a service terminal by operating the service terminal, the password resetting request carries an identifier of a mobile device, and therefore, after the service terminal obtains the password resetting request of the user, the service terminal can obtain electronic certificate information set in the mobile device by communicating with the mobile device based on the password resetting request, that is, when the mobile device sends the user electronic certificate information carried by the electronic certificate to the service terminal, the service terminal can correspondingly receive the user electronic certificate information carried by the electronic certificate.
      Illustratively, the mobile device and the service terminal are both provided with NFC modules, when a connection is established between the mobile device and the service terminal, the mobile device may send user electronic certificate information carried by an electronic certificate to the service terminal based on the built-in NFC module, and correspondingly, the service terminal may determine the identifier of the mobile device to be reset according to a password reset request (i.e., the identifier of the mobile device carried by the password reset request), so that the user electronic certificate information may be received from the mobile device based on the built-in NFC module of the service terminal.
      It will be appreciated that the secure connection may be established first before the mobile device communicates with the service terminal. Before the mobile device sends the user electronic certificate information carried by the electronic certificate to the service terminal, the service terminal and the mobile device are determined to pass the two-way authentication, and the secure connection is established between the mobile device and the service terminal. Similarly, before the service terminal acquires the user electronic certificate information set in the mobile device according to the password resetting request, it is also required to first determine that the service terminal and the mobile device pass the mutual authentication, and establish a secure connection between the mobile device and the service terminal.
      For example, the mobile device verifies the identity of the service terminal through a device authentication unit in the device to determine whether the service terminal is a device authorized by a device manufacturer, and the service terminal verifies the identity of the mobile device through the device authentication unit in the device to determine whether the mobile device is a device generated by the device manufacturer.
      In this embodiment, when the mobile device determines that the service terminal is a device authorized by a device manufacturer and the service terminal determines that the mobile device is a device generated by the device manufacturer, it indicates that the service terminal and the mobile device pass the bidirectional authentication, otherwise, the service terminal and the mobile device do not pass the bidirectional authentication.
      It will be appreciated that when the service terminal and the mobile device are authenticated, the mobile device may establish a secure connection with the service terminal so that the two can communicate with each other.
      S204, the service terminal verifies the identity of the user based on the electronic certificate information of the user to obtain an identity verification result.
      Optionally, in an embodiment of the application, when the service terminal acquires the user electronic certificate information from the mobile device, the identity of the user corresponding to the user electronic certificate information may be verified by invoking the authentication server based on the user electronic certificate information, so as to obtain an identity verification result.
      Optionally, when the service terminal calls the authentication server to verify the identity of the user, the service terminal may further obtain the real-time identity information of the user based on the request of the authentication server, and further determine the identity verification information of the user based on the verification result of the electronic certificate information of the user and the verification result of the identity information.
      For example, the real-time identity information of the user may be video information, face image information, and iris feature information of the user who issued the password reset request. The concrete representation form of the real-time identity information can be determined according to the actual scene, and is not limited herein.
      For specific implementation of this step, reference may be made to the following description in the embodiment shown in fig. 3, which is not described herein again.
      S205, the service terminal pushes the authentication result to the mobile equipment.
      Optionally, in an embodiment of the present application, after determining the authentication result for the user, the service terminal may send the authentication result to the mobile device, so that after receiving the authentication result pushed by the service terminal, the mobile device may determine whether the identity of the user passes the authentication based on the authentication result.
      S206, the mobile equipment executes the password resetting function when the authentication of the user is confirmed to pass.
      As an example, if the mobile device determines that the user passes the authentication according to the received authentication result, it indicates that the user requesting the password resetting is the owner of the mobile device, and therefore, the mobile device may jump to the interface for password resetting and execute the password resetting function according to the preset password resetting process.
      For example, when the mobile device executes the password resetting function, the mobile device may request the user to input a contact information (e.g., a mobile phone number, a mailbox, etc.) reserved by the mobile device to the interface of the password resetting, and request the user to input a new password and verify the operation of re-inputting the new password when it is determined that the user inputs correct dynamic information at the corresponding position of the interface, so as to ensure the correctness of the new password.
      It can be understood that, the embodiment of the present application does not limit the specific implementation of the password resetting function performed by the mobile device, and the implementation may be determined according to an actual scenario, which is not described herein again.
      As another example, if the mobile device determines that the user fails to perform authentication according to the received authentication result, it indicates that the user requesting password resetting may not be the owner of the mobile device, at this time, the mobile device refuses to perform the password resetting function, and optionally, a prompt message indicating that authentication has failed may be sent on an interface of the mobile device.
      According to the identity authentication method provided by the embodiment of the application, when the mobile equipment detects the service terminal, the mobile equipment enters the password resetting mode and opens the electronic certificate of the user to which the mobile equipment belongs, so that when the service terminal detects the mobile equipment with the password to be reset, the password resetting request sent by the user is acquired, further, the user electronic certificate information set in the mobile equipment is acquired according to the password resetting request, the identity of the user is authenticated based on the user electronic certificate information, the identity authentication result is obtained and fed back to the mobile equipment, and the mobile equipment executes the password resetting function when the identity authentication of the user is determined to be passed. In the technical scheme, the reset of the screen locking password can be realized on the premise of ensuring the information security of the mobile equipment, the problem of secret protection setting by a user is not needed, and the problem of password reset failure is avoided.
      Exemplarily, on the basis of the above embodiments, fig. 3 is a schematic flow chart of a second embodiment of an identity authentication method provided in the embodiment of the present application. As shown in fig. 3, in the embodiment of the present application, the above S204 may be implemented by the following steps:
      s301, the service terminal sends an equipment identity verification request to the authentication server, wherein the equipment identity verification request comprises: the user electronic certificate information.
      Illustratively, when the service terminal acquires the user electronic certificate information on the mobile device, the service terminal can perform identity verification on the user initiating the password resetting by calling the authentication server.
      Specifically, the service terminal sends the user electronic certificate information to the authentication server through the equipment identity verification request, so that the authentication server firstly judges whether the user electronic certificate information is stored in an electronic identity database of the authentication server, namely judges whether a user to which the user electronic certificate information belongs is legal or not, and then judges whether a user initiating the password resetting request is the owner or not.
      S302, the service terminal receives a face image acquisition instruction sent by the authentication server.
      For example, when the authentication server determines whether the user initiating the password resetting request is the owner, the authentication server may send a face image acquisition instruction to the service terminal, so that the service terminal acquires the face image information of the user through cooperation with the user when receiving the face image acquisition instruction.
      And S303, the service terminal acquires the face image information of the user by utilizing the camera shooting component on the service terminal based on the face image acquisition instruction.
      Optionally, a camera shooting assembly is arranged on the service terminal, and face image information of the user can be collected. Therefore, when the service terminal receives the face image acquisition instruction sent by the authentication server, the service terminal starts the camera shooting assembly arranged on the service terminal and sends the acquisition instruction to remind the user to execute the target action according to the acquisition prompt, so that the service terminal can acquire the face image information which meets the quality requirement and aims at the user.
      And S304, the service terminal sends the face image information to an authentication server.
      S305, the authentication server verifies the electronic certificate information and the face image information of the user to obtain an identity verification result.
      For example, the service terminal may send the acquired face image information of the user to the authentication server, so that when verifying whether the user to which the electronic certificate information of the user belongs is legal, the authentication server may simultaneously determine whether the face in the face image information is the face of the user corresponding to the electronic certificate information of the user, that is, determine whether the user who sends the password resetting request is the owner of the mobile device, and finally obtain an identity verification result.
      S306, the authentication server sends the identity verification result to the service terminal.
      Optionally, the authentication server may send the authentication result to the service terminal when determining the authentication result for the user based on the received electronic certificate information and the face image information of the user, so that the service terminal sends the received authentication result to the mobile device.
      Further, as shown in fig. 3, in an embodiment of the present application, the method may further include:
      s307, the authentication server sends the certification document of the identity verification result to the service terminal.
      S308, the service terminal stores the received identity authentication result and the certification document.
      In this embodiment, when the authentication server verifies the identity of the user by using the acquired electronic identity information and the acquired face image information of the user, the authentication server not only can obtain an identity verification result, but also records a process of performing identity verification, thereby generating a certification file of the identity verification result.
      For example, in order to facilitate a specific process of querying the identity verification by the user, the authentication server may send the certificate of the identity verification result and the identity verification result to the service terminal, so that the service terminal stores the certificate of the identity verification result to the local of the service terminal after receiving the certificate.
      According to the identity verification method provided by the embodiment of the application, the service terminal sends an equipment identity verification request comprising user electronic certificate information to the authentication server, receives a face image acquisition instruction sent by the authentication server, acquires the face image information of a user by using a camera shooting assembly on the service terminal based on the face image acquisition instruction, and sends the face image information to the authentication server, and the authentication server verifies the user electronic certificate information and the face image information to send an identity verification result to the service terminal. In the scheme, the service terminal is combined with the authentication server to carry out identity verification, the authentication server can be a government identity authentication server, the authentication of the electronic certificate information of the user is endorsed by the state, the credibility is high, and the accuracy of identity authentication is improved. In addition, the authentication server can also send the certification file of the identity verification result to the service terminal so as to be stored by the service terminal, thereby facilitating the subsequent inquiry of the user and improving the user experience.
      Exemplarily, on the basis of the above embodiments, fig. 4 is a schematic flow chart of a third embodiment of an identity authentication method provided in the embodiment of the present application. Optionally, before performing the step of S206, the mobile device may first perform further verification on the identity of the user by combining the biometric information of the user. As shown in fig. 4, before the mobile device performs the password reset function, the method may further include the steps of:
      s401, the mobile device sends prompt information requesting to input the biological characteristics.
      In the embodiment of the application, a mobile device is provided with a biometric identification component, for example, a fingerprint identification component for collecting user fingerprint information, a camera component for shooting, and the like. Optionally, the fingerprint identification component may be a fingerprint sensor, which may acquire a fingerprint image of a user, and the camera component may be a camera or the like carried by the mobile device, which may capture a video image or a face image of a face of the user.
      It is understood that the biometric features of the user may include, but are not limited to, a human face, a fingerprint, a voice, an iris, and the like, and the biometric information set on the mobile device by the user may be determined according to functions supported by the mobile device, which will not be described herein.
      Optionally, in order to further improve the information security of the mobile device, the mobile device may further start a biometric information verification mode when the password resetting function is started. Therefore, after the mobile device determines that the user electronic certificate information passes the verification according to the identity verification result received from the service terminal, a process of biometric verification needs to be executed.
      Specifically, the mobile device may emit the prompt requesting the input of the biometric information by voice or present the prompt on a user interaction interface of the mobile device, so that the user can perform a verification process of the biometric information based on the prompt.
      S402, the mobile device collects the user biological feature information input by the user based on the prompt information.
      For example, if the user performs a corresponding operation based on the prompt message sent by the mobile device, the collection component on the mobile device may collect the user biometric information.
      In practical application, the user biometric information may be fingerprint image information of the user or face image information of the user.
      And S403, the mobile device verifies the collected user biological characteristic information according to the biological characteristic information recorded in the mobile device to obtain a biological characteristic verification result.
      Optionally, when the mobile device obtains the user biometric information input by the user based on the prompt information, the user biometric information may be compared with the biometric information already entered in the mobile device, so as to obtain a biometric verification result.
      As an example, if the collected biometric information of the user is consistent with the biometric information already entered in the mobile device, it is determined that the biometric information of the user is verified. As another example, if the collected biometric information of the user is inconsistent with the biometric information already entered in the mobile device, it is determined that the biometric information of the user is not verified.
      Accordingly, S206 can be implemented by the following steps:
      s404, the mobile device executes the password resetting function when the identity authentication of the user is confirmed to be passed and the biometric information of the user is verified to be passed.
      Optionally, if the mobile device simultaneously starts the user electronic certificate information verification and enters the biometric information when setting the screen locking password, the user needs to simultaneously satisfy the user authentication pass and the user biometric information authentication pass when requesting to execute password resetting. Thus, the mobile device performs the password reset function upon determining that the user's authentication is successful and that the user biometric information is successful.
      It is to be understood that the present embodiment does not limit the execution sequence of the user authentication and the user biometric information authentication, and the present embodiment is exemplified by the sequence of first performing the user authentication and then performing the user biometric information, and may also perform the user biometric information and then performing the user authentication, which is not explained herein.
      According to the identity authentication method provided by the embodiment of the application, when the identity authentication of the user is confirmed to pass, the mobile equipment can also send prompt information for requesting to input biological characteristics, the biological characteristic information of the user input based on the prompt information is collected, then the collected biological characteristic information of the user is verified according to the biological characteristic information input in the mobile equipment, a biological characteristic authentication result is obtained, and finally, when the identity authentication of the user is confirmed to pass and the biological characteristic information of the user is verified to pass, a password resetting function is executed. The technical scheme is based on a double-factor scheme of user electronic certificate information and biological characteristic information identification, a more credible identity authentication result can be provided, and the safety of user information during password resetting is ensured.
      On the basis of the foregoing embodiments, fig. 5 is an interaction schematic diagram of a fourth embodiment of an identity authentication method provided in the embodiment of the present application. The embodiment mainly explains that when a user sets a screen locking password, the password resetting function needs to be started firstly, namely the function of opening the electronic certificate needs to be started by the user. Alternatively, the user is required to activate the functions of the electronic certificate and the biometric function. Illustratively, as shown in fig. 5, the method may further include the steps of:
      s501, the mobile device obtains a password resetting function starting request sent by a user after the user sets a screen locking password for the mobile device.
      For example, when a user of the mobile device sets a screen locking password for the mobile device, the password resetting function may be correspondingly turned on, so that when the user forgets the screen locking password of the mobile device and cannot unlock the mobile device, the password resetting operation may be performed based on a preconfigured password resetting process. Therefore, after the user sets the screen locking password for the mobile device, the user can also send out a password resetting function starting request, so that the mobile device can judge whether the mobile device meets the starting condition according to the password resetting function starting request.
      S502, the mobile device detects whether the user has opened the function of the electronic certificate according to the password resetting function opening request; if not, S503 is executed, and if yes, S505 is executed.
      In the embodiment of the application, only when the password resetting function is turned on, the user can initiate the operation of performing the password resetting on the mobile device when the user forgets to lock the screen password, and in order to ensure the security of the device information, the mobile device can authenticate the user initiating the password resetting request based on the functions supported by the mobile device, such as the electronic certificate. Therefore, when acquiring the password reset function opening request, the mobile device first detects whether the user has opened the function of the electronic certificate, so as to perform subsequent operations based on the opening result.
      S503, the mobile device guides the user to open the function of the electronic certificate.
      As an example, the mobile device can direct the user to activate a function of the electronic credential upon determining that the user does not activate the function of the electronic credential.
      Illustratively, this step may be achieved by:
      a1, the mobile device sends a certificate acquisition request to the service terminal, wherein the certificate acquisition request comprises: an identification of the user.
      In this embodiment, the fact that the function of the electronic certificate is not activated by the user indicates that the electronic certificate information of the user to which the mobile device belongs is not stored in the mobile device, if the mobile device wants to obtain the electronic certificate information of the user, a certificate acquisition request carrying an identifier of the user is first sent to the service terminal, and correspondingly, the service terminal can receive the certificate acquisition request carrying the identifier of the user from the mobile device.
      A2, the service terminal receives the user electronic certificate information from the authentication server according to the user identification carried in the certificate acquisition request.
      In the embodiment of the application, the authentication server is an identity authentication service issued by an authority (such as a public security bureau), and an electronic identity database of the authentication server stores electronic certificate information of a user, so that after the service terminal and the authentication server are authenticated, the service terminal can call the authentication server and obtain the electronic certificate information of the user from the electronic identity database of the authentication server.
      A3, the service terminal sends the user electronic certificate information to the mobile device.
      Illustratively, the service terminal can also verify the user electronic certificate information after acquiring the user electronic certificate information, and when determining that the user electronic certificate information is legal user identity information, the service terminal sends the user electronic certificate information to the mobile device, and the mobile device can store the received electronic certificate information to a newly-built electronic certificate on the mobile device, at this time, the electronic certificate function of the user is successfully started.
      S504, judging whether the function of the electronic certificate is successfully started; if so, go to step S505, otherwise, go to step S506.
      And S505, the mobile equipment determines that the password resetting function is successfully started.
      As an example, the mobile device can determine that the password reset function was successfully enabled upon determining that the user enabled the function of the electronic credential and/or determining that the function of the electronic credential was successfully enabled.
      S506, the mobile device determines that the password resetting function fails to be started.
      As another example, the mobile device can determine that the password reset function failed to open upon determining that the function of the electronic certificate failed to open.
      Optionally, in an embodiment of the application, in order to further ensure information security of the mobile device, after the mobile device guides the user to activate the function of the electronic certificate, it may be further detected whether biometric information is entered in the mobile device. Specifically, as shown in fig. 5, before the step S505, the method may further include the following steps:
      s507, the mobile equipment detects whether the biological characteristic information of the user is input into the mobile equipment or not according to the password resetting function starting request; if not, execution 508 is performed, and if yes, execution S505 is performed.
      Optionally, in an embodiment of the present application, when the mobile device obtains the password resetting function opening request, if the user wants to perform password resetting after forgetting to lock the screen password request, and performs identity authentication based on the biometric information of the user, it is further required to detect whether the biometric information of the user is already input into the mobile device, so as to perform subsequent operations based on the opening result.
      And S508, guiding the user to enter the biological characteristic information by the mobile equipment.
      Optionally, when it is determined that the biometric information of the user is not entered in the mobile device, the mobile device may send a biometric information entry instruction, so that the user performs a biometric information entry operation according to the biometric information entry instruction.
      S509, the mobile device judges whether the user successfully inputs the biological characteristic information; if so, go to step S505, otherwise, go to step S506.
      In this embodiment, it may be determined in conjunction with the operations of S501 to S509 above that the mobile device may determine that the password resetting function is successfully turned on when it is determined that the user turns on the function of the electronic certificate, and/or it is determined that the function of the electronic certificate is successfully turned on, and/or biometric information of the user is already entered in the mobile device, and/or the user successfully enters the biometric information. Accordingly, the mobile device can determine that the password reset function fails to be opened when determining that the function of the electronic certificate fails to be opened and/or when the biometric information is not entered into the mobile device.
      Further, on the basis of the above S501 to S509, the method may further include the following steps:
      and S510, the mobile device associates the biological characteristic information with the electronic certificate, and stores the biological characteristic information and the user electronic certificate information carried by the electronic certificate.
      Optionally, in an embodiment of the present application, when determining that the user has activated the function of the electronic certificate and the biometric information of the user is already recorded in the mobile device, the mobile device may associate and store the electronic certificate and the biometric information, so as to bind the mobile device and the true identity of the user to which the device belongs, and ensure authenticity and reliability of the associated information.
      According to the identity authentication method provided by the embodiment of the application, the mobile equipment acquires the password resetting function starting request sent by the user after the user sets the screen locking password for the mobile equipment, and ensures that the function of the electronic certificate which is started by the user and the biological characteristic information of the user which is input into the mobile equipment are associated according to the password resetting function starting request, so that when the user carries out sensitive operations such as password resetting, the identity authentication can be completed through the electronic certificate stored in the mobile equipment and the input biological characteristic information, the authentication process is greatly simplified, and the authentication efficiency is improved.
      Based on the solutions described in the above embodiments, a specific implementation of resetting a password based on the authentication method provided in the embodiments of the present application is explained below with reference to a specific application scenario. Fig. 6 is an interaction diagram illustrating password resetting performed based on the authentication method according to the embodiment of the present disclosure. As shown in fig. 6, the interaction process between the user, the locking device, the service terminal and the authentication server is as follows:
      when the user sends the operation of resetting the screen locking password, a prompt of asking a service shop of the equipment manufacturer to complete the operation is sent out on the interactive interface of the locking equipment.
      When the user carries the locking device to a service shop of a device manufacturer, the user sends out the operation of resetting the screen locking password, and at the moment, the service terminal prompts that the user wants to place the device to be reset. Correspondingly, when a user places the locking device at a position designated by the service terminal, namely when the user places the locking device, the locking device scans the self-service terminal, enters a password resetting mode and opens the electronic certificate, and correspondingly, the service terminal scans the locking device and identifies the electronic certificate in the locking device.
      The service terminal uploads the user electronic certificate information borne by the electronic certificate to the authentication server, the authentication server sends a prompt of 'needing to verify a face', the service terminal sends a prompt of 'please align to the camera', and the user matches with the prompt of the service terminal to enable the face to align to the camera of the service terminal, so that the camera of the service terminal executes 'shooting a face image and uploading the face image to the authentication server'.
      When the authentication server determines that the electronic certificate passes the authentication based on the acquired photo and the electronic certificate information of the user, the electronic certificate passes the authentication and is transmitted to the service terminal, the service terminal transmits the information of passing the electronic certificate to the locking device, the locking device sends out the biological characteristic information which is input by the device, the user inputs the biological characteristic information, the locking device determines that the fingerprint passes the authentication and feeds back the password which is allowed to be reset, the new password which is input and the like to the user.
      Based on the basic flow, the user does not need to remember any information, the password resetting operation of the locking device can be realized, and the user experience and the user viscosity are improved.
      The following are embodiments of the apparatus of the present application that may be used to perform embodiments of the method of the present application. For details which are not disclosed in the device embodiments of the present application, reference is made to the method embodiments of the present application.
      Fig. 7 is a schematic structural diagram of a first embodiment of an identity authentication device provided in the present application. The apparatus may be integrated in a mobile device or may be implemented by a mobile device. As shown in fig. 7, the apparatus of the present embodiment may include: a processing module 701, a sending module 702 and a receiving module 703.
      The processing module 701 is configured to, when a service terminal is detected, enter a password resetting mode and open an electronic certificate of a user to which the mobile device belongs;
      a sending module 702, configured to send user electronic certificate information carried by the electronic certificate to the service terminal;
      a receiving module 703, configured to receive an authentication result pushed by the service terminal, where the authentication result is used to represent whether the identity of the user passes authentication;
      the processing module 702 is further configured to perform a password resetting function when it is determined that the authentication of the user passes.
      In a possible design of this embodiment, the sending module 702 is further configured to send a prompt message requesting to input the biometric feature before the processing module 701 executes the password resetting function;
      the processing module 701 is further configured to collect user biometric information input by the user based on the prompt information, and verify the collected user biometric information according to the biometric information entered in the mobile device to obtain a biometric verification result;
      the processing module 701 is configured to execute a password resetting function when it is determined that the authentication of the user passes, specifically:
      the processing module 701 is specifically configured to execute a password resetting function when it is determined that the identity of the user passes the authentication and the biometric information of the user passes the authentication.
      Optionally, the processing module 701 is further configured to:
      acquiring a password resetting function starting request sent by the user after setting a screen locking password for the mobile equipment;
      detecting whether the user has opened the function of the electronic certificate according to the password resetting function opening request;
      and guiding the user to open the function of the electronic certificate when the user is determined not to open the function of the electronic certificate.
      Optionally, the processing module 701 is configured to guide the user to activate the function of the electronic certificate, and specifically includes:
      the processing module 701 is specifically configured to send a certificate acquisition request to a service terminal through the sending module 702, where the certificate acquisition request includes: the user identification and the user electronic certificate information carried by the electronic certificate sent by the service terminal are received through the receiving module 703, and the user electronic certificate information is the user identity information which is received and verified by the service terminal from an authentication server.
      In another possible design of this embodiment, the processing module 701 is further configured to, after guiding the user to activate the function of the electronic certificate when it is determined that the user does not activate the function of the electronic certificate, detect whether the biometric information of the user is already entered in the mobile device according to the password reset function activation request, and guide the user to enter the biometric information when it is determined that the biometric information of the user is not entered in the mobile device.
      Optionally, the processing module 701 is further configured to associate the biometric information with the electronic certificate, and store the biometric information and the user electronic certificate information carried by the electronic certificate.
      In another possible design of this embodiment, the sending module 702 is configured to send, to the service terminal, user electronic certificate information carried by the electronic certificate, specifically:
      a sending module 702, specifically configured to send, to the service terminal, user electronic certificate information carried by the electronic certificate based on a near field communication module built in the mobile device.
      In yet another possible design of this embodiment, the processing module 701 is further configured to determine that the service terminal and the mobile device are authenticated bidirectionally and establish a secure connection between the mobile device and the service terminal before the sending module 702 sends the user electronic certificate information carried by the electronic certificate to the service terminal.
      The apparatus provided in the embodiment of the present application may be configured to execute the technical solution of the mobile device in the foregoing method embodiment, and a specific implementation manner and a technical effect are similar and will not be described herein again.
      Fig. 8 is a schematic structural diagram of a second embodiment of an identity authentication device provided in the present application. The device can be integrated in a service terminal and can also be realized by the service terminal. As shown in fig. 8, the apparatus of the present embodiment may include: a processing module 801, a receiving module 802 and a sending module 803.
      The processing module 801 is configured to, when a mobile device to be reset is detected, obtain a password reset request sent by a user;
      a receiving module 802, configured to obtain user electronic certificate information set in the mobile device according to the password resetting request;
      the processing module 801 is further configured to verify the identity of the user based on the user electronic certificate information to obtain an identity verification result;
      a sending module 803, configured to push the authentication result to the mobile device.
      In a possible design of this embodiment, the processing module 801 is configured to obtain, according to the password resetting request, user electronic certificate information set in the mobile device, specifically:
      the processing module 801 is specifically configured to determine an identifier of the mobile device according to the password resetting request, and receive user electronic certificate information from the mobile device based on a near field communication module built in the service terminal.
      In another possible design of this embodiment, the processing module 801 is configured to verify the identity of the user based on the electronic certificate information of the user, and obtain an identity verification result, specifically:
      the processing module 801 is specifically configured to:
      sending, by the sending module 803, a device authentication request to the authentication server, where the device authentication request includes: the user electronic certificate information;
      receiving a face image acquisition instruction sent by the authentication server through a receiving module 802;
      acquiring the face image information of the user by utilizing a camera shooting component on the service terminal based on the face image acquisition instruction;
      the face image information is sent to the authentication server through the sending module 803, and the identity verification result sent by the authentication server is received through the receiving module 802, wherein the identity verification result is the result of the authentication server verifying the user electronic certificate information and the face image information.
      Optionally, the receiving module 802 is further configured to receive an attestation file of the identity verification result from the authentication server;
      the processing module 801 is further configured to store the authentication result and the certification document.
      In yet another possible design of this embodiment, the receiving module 802 is further configured to receive a certificate acquisition request from the mobile device when the mobile device starts the password resetting function, where the certificate acquisition request includes: the user identification receives the user electronic certificate information from an authentication server according to the user identification;
      a sending module 803, configured to send the user electronic certificate information to the mobile device.
      In yet another possible design of this embodiment, the processing module 801 is further configured to determine that the service terminal and the mobile device pass through bidirectional authentication and establish a secure connection between the mobile device and the service terminal before the receiving module 802 obtains the electronic user certificate information set in the mobile device according to the password resetting request.
      The apparatus provided in the embodiment of the present application may be configured to execute the technical solution of the service terminal in the foregoing method embodiment, and the specific implementation manner and the technical effect are similar and will not be described herein again.
      It should be noted that the division of the modules of the above apparatus is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the processing module may be a processing element separately set up, or may be implemented by being integrated in a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and a function of the processing module may be called and executed by a processing element of the apparatus. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.
      For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when some of the above modules are implemented in the form of a processing element scheduler code, the processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor that can call program code. As another example, these modules may be integrated together, implemented in the form of a system-on-a-chip (SOC).
      In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a readable storage medium or transmitted from one readable storage medium to another readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The readable storage medium may be any available medium that can be accessed by a computer or a data storage device including one or more available media integrated servers, data centers, and the like. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
      Fig. 9 is a simplified schematic diagram of a possible design structure of a mobile device according to an embodiment of the present disclosure. As shown in fig. 9, the mobile device may include: the mobile device comprises a processor 901, a memory 902, a transceiver 903 and a system bus 904, wherein the memory 902 and the transceiver 903 are connected with the processor 901 through the system bus 904 and complete mutual communication, the memory 902 is used for storing computer program instructions, the transceiver 903 is used for communicating with other devices, and the processor 901 implements the implementation scheme of the mobile device in the above method embodiments when executing the computer program instructions stored in the memory 902.
      Optionally, in an embodiment of the present application, the mobile device may further include a user interaction interface 905, and the user interaction interface 905 may be configured to receive an indication of a user and perform information presentation.
      Optionally, in terms of hardware implementation, the sending module 702 and the receiving module 703 in the embodiment shown in fig. 7 correspond to the transceiver 903 in this embodiment, and the transceiver 903 constitutes a communication interface.
      Fig. 10 is a simplified schematic diagram of a possible design structure of a service terminal according to an embodiment of the present disclosure. As shown in fig. 10, the service terminal may include: the system comprises a processor 1001, a memory 1002, a transceiver 1003 and a system bus 1004, wherein the memory 1002 and the transceiver 1003 are connected with the processor 1001 through the system bus 1004 and are used for achieving mutual communication, the memory 1002 is used for storing computer program instructions, the transceiver 1003 is used for communicating with other equipment, and the processor 1001 realizes the implementation scheme of the service terminal in the method embodiment when executing the computer program instructions stored in the memory 1002.
      Optionally, in an embodiment of the present application, the service terminal may further include a user interaction interface 1005, where the user interaction interface 1005 may be configured to receive an indication of a user and perform information display.
      Optionally, in terms of hardware implementation, the receiving module 802 and the sending module 803 in the embodiment shown in fig. 8 correspond to the transceiver 1003 in this embodiment, and the transceiver 1003 constitutes a communication interface.
      The system bus mentioned in fig. 9 and 10 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The system bus may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus. The communication interface is used for realizing communication between the database access device and other equipment (such as a client, a read-write library and a read-only library). The memory may comprise Random Access Memory (RAM) and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
      The processor may be a general-purpose processor, including a central processing unit CPU, a Network Processor (NP), and the like; but also a digital signal processor DSP, an application specific integrated circuit ASIC, a field programmable gate array FPGA or other programmable logic device, discrete gate or transistor logic, discrete hardware components.
      The embodiment of the present application provides a computer-readable storage medium, in which computer program instructions are stored, and when the computer program instructions are run on a computer, the computer is caused to execute implementation schemes of the mobile device in the above method embodiments.
      The embodiment of the present application provides a computer-readable storage medium, in which computer program instructions are stored, and when the computer program instructions are run on a computer, the computer is caused to execute an implementation scheme of the service terminal in the above method embodiment.
      The embodiment of the present application further provides a program, which is configured to, when executed by a processor, perform implementation of the mobile device in the foregoing method embodiment.
      The embodiment of the present application further provides a program, and when the program is executed by a processor, the program is configured to execute the implementation scheme of the service terminal in the foregoing method embodiment.
      An embodiment of the present application further provides a computer program product, which includes program instructions, where the program instructions are used to implement an implementation scheme of the mobile device in the foregoing method embodiment.
      The embodiment of the present application further provides a computer program product, which includes program instructions, where the program instructions are used to implement the implementation scheme of the service terminal in the foregoing method embodiment.
      An embodiment of the present application further provides a chip, including: and the processing module is connected with the communication interface, and the processing module can execute the implementation scheme of the mobile device in the method embodiment.
      Further, the chip further includes a storage module (e.g., a memory), the storage module is configured to store instructions, the processing module is configured to execute the instructions stored by the storage module, and the execution of the instructions stored in the storage module causes the processing module to execute the technical solution of the mobile device.
      An embodiment of the present application further provides a chip, including: and the processing module and the communication interface can execute the implementation scheme of the service terminal in the method embodiment.
      Further, the chip also includes a storage module (e.g., a memory) for storing instructions, a processing module for executing the instructions stored by the storage module, and execution of the instructions stored in the storage module causes the processing module to execute an implementation of the service terminal.
      In the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship; in the formula, the character "/" indicates that the preceding and following related objects are in a relationship of "division". "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items.
      It is to be understood that the various numerical references referred to in the embodiments of the present application are merely for descriptive convenience and are not intended to limit the scope of the embodiments of the present application.
      It should be understood that, in the embodiment of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiment of the present application.