CN109063430A

CN109063430A - A kind of method, device and equipment of data storage and authentication

Info

Publication number: CN109063430A
Application number: CN201810600337.4A
Authority: CN
Inventors: 陈博
Original assignee: Alibaba Group Holding Ltd
Current assignee: Advanced New Technologies Co Ltd; Advantageous New Technologies Co Ltd
Priority date: 2018-06-12
Filing date: 2018-06-12
Publication date: 2018-12-21

Abstract

This application discloses the method, apparatus and equipment of a kind of storage of data and authentication, first, the first action data and determination account identification corresponding with the first action data are received, with the incidence relation established between the first action data and account identification and storage.Later, when carrying out authentication, the second action data and determination account identification corresponding with the second action data be can receive.To determine that there are the first action datas of incidence relation for account mark corresponding with the second action data.Finally, the matching result of the first action data and the second action data is determined, to carry out authentication.

Description

A kind of method, device and equipment of data storage and authentication

Technical field

This application involves information technology field more particularly to a kind of storage of data and auth method, device and set It is standby.

Background technique

Currently, in order to guarantee service security, before execution business, it usually needs first determine Business Initiator identity into Row verifying, and business is executed again after determining be verified.Especially under to the higher business scenario of safety requirements (for example, Payment transaction, authorization business etc.), authentication process itself is generally indispensable.

In the prior art, common auth method is the verification information inputted according to user, to the identity of user It is verified, and after determining be verified, then executes business.For example, carrying out identity according to the account of user's input and password Verifying, or authentication etc. is carried out according to the interim token of user's input.

And as the function of mobile terminal is stronger and stronger, many business can be executed by mobile terminal.But by Environment when user uses mobile terminal complex (for example, using mobile phone in public transport, may make at the restaurant With mobile phone) so that user when carrying out authentication by mobile terminal, (e.g., believe by the verifying for authentication of input Breath), there is the risk of leakage in verification information.

Then, this specification is based on the prior art, the method for proposing the new data storage of one kind and authentication.

Summary of the invention

The embodiment of the present application provides a kind of storage of data and auth method, device and equipment, existing for solving Auth method, verification information have a risk of leakage in input, and leading to authentication, there are security hidden troubles.

The embodiment of the present application adopts the following technical solutions:

A kind of auth method, comprising:

The first action data is received, and determines account identification corresponding with first action data；

Establish the incidence relation between first action data and the account identification and storage；

The second action data is obtained, and determines account identification corresponding with second action data；

According to the incidence relation of storage, account identification associated first corresponding with second action data is determined Action data；

According to the matching result of the first action data and second action data determined, authentication is carried out.

A kind of date storage method, comprising:

Terminal acquires the first action data of user, and determines account identification corresponding with first action data；

Establish the incidence relation between first action data and the account identification and storage.

A kind of date storage method, comprising:

The first action data that server receiving terminal is sent, and account mark corresponding with first action data Know；

A kind of auth method, comprising:

Terminal acquires the second action data of user, and determines account identification corresponding with second action data；

Incidence relation between first action data according to the pre-stored data and account identification, it is determining to be acted with described second Associated first action data of the corresponding account identification of data；

A kind of auth method, comprising:

Receive the second action data that terminal is sent, and account identification corresponding with second action data；

A kind of data storage device, comprising:

Acquisition module acquires the first action data of user, and determines account mark corresponding with first action data Know；

Memory module establishes the incidence relation between first action data and the account identification and storage.

A kind of data storage device, comprising:

Receiving module receives the first action data that terminal is sent, and account corresponding with first action data Mark；

A kind of authentication means, comprising:

Acquisition module acquires the second action data of user, and determines account mark corresponding with second action data Know；

Determining module, the incidence relation between the first action data according to the pre-stored data and account identification, determining and institute State associated first action data of the corresponding account identification of the second action data；

Authentication module, according to the matching result of the first action data for determining and second action data, into Row authentication.

A kind of authentication means, comprising:

Receiving module receives the second action data that terminal is sent, and account corresponding with second action data Mark；

A kind of terminal, comprising: one or more processors and memory, the memory is stored with program, and is matched It is set to and executes following steps by one or more of processors:

The first action data of user is acquired, and determines account identification corresponding with first action data；

A kind of server, comprising: one or more processors and memory, the memory are stored with program, and by It is configured to execute following steps by one or more of processors:

Receive the first action data that terminal is sent, and account identification corresponding with first action data；

The second action data of user is acquired, and determines account identification corresponding with second action data；

The embodiment of the present application use at least one above-mentioned technical solution can reach it is following the utility model has the advantages that

Firstly, the first action data and determination account identification corresponding with the first action data are received, to establish first Incidence relation and storage between action data and account identification.Later, when carrying out authentication, it can receive the second movement number Accordingly and determine corresponding with the second action data account identification.To determine account mark corresponding with the second action data There are the first action datas of incidence relation for knowledge.Finally, determining the matching result of the first action data and the second action data, come Carry out authentication.As it can be seen that the method provided by this specification, by establishing being associated with for the first action data and account identification Relationship, so that user no longer needs to validation information, and only needs to make and the first action data pair when carrying out authentication The identical movement of the movement answered.So that the method choice of authentication is more, it is more flexible, while input can also be reduced and tested Demonstrate,prove information bring security risk.

Detailed description of the invention

The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:

Fig. 1 is a kind of authentication process itself provided by the embodiments of the present application；

Fig. 2 is the schematic diagram of the equipment provided by the embodiments of the present application for executing authentication process itself；

Fig. 3 is a kind of process of data storage provided by the embodiments of the present application；

Fig. 4 is the process of another data storage provided by the embodiments of the present application；

Fig. 5 is a kind of process of authentication provided by the embodiments of the present application；

The schematic diagram of corresponding relationship of the Fig. 6 between account identification provided by the embodiments of the present application and the first action data；

Fig. 7 is display reminding information schematic diagram provided by the embodiments of the present application；

Fig. 8 is the process of another authentication provided by the embodiments of the present application；

Fig. 9 and Figure 10 is a kind of structural schematic diagram for data storage device that this specification embodiment provides；

Figure 11 and Figure 12 is a kind of structural schematic diagram for authentication means that this specification embodiment provides；

Figure 13 is the structural schematic diagram of terminal provided by the embodiments of the present application；

Figure 14 is the structural schematic diagram of server provided by the embodiments of the present application.

Specific embodiment

To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with the application specific embodiment and Technical scheme is clearly and completely described in corresponding attached drawing.Obviously, described embodiment is only the application one Section Example, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing Every other embodiment obtained under the premise of creative work out, shall fall in the protection scope of this application.

Below in conjunction with attached drawing, the technical scheme provided by various embodiments of the present application will be described in detail.

Fig. 1 is a kind of authentication process itself that this specification embodiment provides, and specifically be can comprise the following steps that

S100: the first action data is obtained, and determines account identification corresponding with first action data.

Usual authentication is the process verify to the account logged in equipment, therefore at this specification one Or in multiple embodiments, the process of the authentication can be executed by the equipment of logon account.In addition, due in the present specification, Authentication is that the action data based on collected user is verified, therefore the equipment can also obtain the movement number of user According to (that is, first exercise data).

Based on foregoing description, in this specification one or more embodiment, the mobile terminal that can specifically be used by user The process of the authentication is executed, and by first action data of acquisition for mobile terminal, and determining and the first action data pair The account identification answered.Wherein, the account is identified as the subsequent account identification for needing to carry out authentication, which is Matched verification information is needed when being verified.The mobile terminal specifically can be the equipment such as mobile phone, and this specification is to mobile whole End specially which kind of equipment is without limitation.

Specifically, in the present specification, mobile terminal can determine the mobile terminal when obtaining first action data The account identification of upper logon account.And first action data, the sensor that specifically can be in the mobile terminal are collected Exercise data when user movement, or when being also possible to the collected user movement of intelligent wearable device worn by user Exercise data, and it is sent to the mobile terminal, this specification does not limit this.Certainly, it is adopted when by intelligent wearable device When collecting the first action data, then the terminal itself is not necessarily to acquire the action data of user, that is to say, that the terminal can not be just In the mobile terminal of carrying, therefore subsequent step operation can also be executed by terminal, which can be PC, work station Etc. equipment.

In addition, on software view, which can be by the application execution installed in mobile terminal, for example, having Carry out the client etc. of authentication demand.By taking client as an example, then the client can be by passing disclosed in mobile terminal The interface (Application Programming Interface, API) of sensor obtains the first action data, and determines client The account identification of logon account in end.Certainly, if the mobile terminal is to create carrying device by intelligence to obtain the first action data , then the client can obtain the first action data by corresponding communication interface.For example, it is assumed that Intelligent bracelet and mobile phone are logical Bluetooth connection is crossed, then client can obtain collected first action data of the Intelligent bracelet by the API of bluetooth module.When So, the action data of user is acquired by intelligent wearable device, and passes through the dynamic of the sensor ability user of mobile terminal itself Make data, be more mature technology, this specification repeats no more this.

In addition, the authentication process itself can also be executed by server in one or more embodiments of this specification.In It is that the server can obtain first action data and determine account identification from the equipment for collecting the first action data. Wherein, which can be an individual equipment, be also possible to the system being made of multiple devices, this specification does not limit It is fixed.

It, can be by intelligent wearable device, mobile terminal, end based on the authentication process itself that foregoing description, this specification provide The combination of at least one of end and server equipment or plurality of devices is completed.For example, can be by intelligent wearable device or shifting Dynamic terminal complete independently authentication process itself, perhaps by intelligent wearable device and mobile terminal or by intelligent wearable device And terminal perhaps intelligent wearable device and the different equipment of mobile terminal and server or mobile terminal and server etc. Authentication Guo Cheng journey is completed in combination, as shown in Figure 2.Fig. 2 is the portion for executing the authentication process itself that this specification provides The schematic diagram of relationship between subset.As it can be seen that authentication process itself can be executed jointly by communicating with each other between multiple equipment, Or authentication process itself can also be individually performed by individual equipment.

This specification is for specifically completing the authentication process itself without limitation by those equipment.Certainly, it retouches for convenience It states, it is subsequent in this specification that the first action data is acquired with mobile terminal, determine account identification, and execute subsequent authentication It is illustrated for process.

S102: the incidence relation between first action data and the account identification and storage are established.

In this specification one or more embodiment, mobile terminal is obtaining the first action data and is determining corresponding be somebody's turn to do After the account identification of first action data, can establish the first action data and the account mark between incidence relation and deposit Storage, so that it is subsequent when receiving the authentication request to account mark, it can be carried out according to first action data Authentication.

In addition, in the present specification, in order to guarantee the correctness of the above-mentioned incidence relation stored, mobile terminal should in storage Before first action data, account identification and its incidence relation, it can also first determine that the account identifies corresponding account authentication Pass through.That is, believing after the authentication for determining the account passes through using first action data as a kind of verifying Breath is established the corresponding relationship with account mark, and is stored, to use when subsequent authentication.Wherein, it is deposited in determination The method of the authentication used before storage can be the existing auth method such as password authentification or fingerprint authentication.This Specification for the auth method that uses at this time without limitation, and since the prior art can be used, to the process Also it repeats no more.

S104: the second action data is obtained, and determines account identification corresponding with second action data.

In this specification one or more embodiment, which it is dynamic can to obtain second when carrying out authentication Make data, and determines account identification corresponding with second action data.Wherein, the corresponding account mark of the second action data Know, as the object of authentication, and the second action data is when verifying to account mark, user " input " is tested Demonstrate,prove information.It is different from the prior art in the present specification, user only needs without really passing through mobile terminal " input " information Movement is made, the second action data of acquisition for mobile terminal is made.

Specifically, the mobile terminal can be when determination needs to carry out authentication, display reminding information, to prompt user to hold Row verifying movement, and the action data that user executes verifying movement is acquired, as the second action data.Wherein, verifying, which acts, is It is user when being set to the first action data of account binding, makes the corresponding movement of the first action data.

Even being typically due to the equipment that the same user uses, different accounts can also be logged in, therefore in this specification In, which may further determine that the account identification of logon account on mobile terminal at this time when getting the second action data, And determine that authentication object is account identification corresponding with second action data.

In addition, in the present specification, not limiting the initiation time point of step S104, can specifically being set as needed It sets.For example, it is desired to carry out authentication before business execution, then step S104 and subsequent step can be performed in mobile terminal Suddenly.

It should be noted that the implementation procedure of step S104 can be with the execution of step S100 and S102 in this specification Process is mutually indepedent.That is, mobile terminal can first carry out the data storage procedure of step S100 to S102, later rear When continuous any point-in-time determines progress authentication, then authentication process itself is executed, i.e. step S104 to S108.

Further, in the present specification, since which of storage mobile terminal can determine according to the incidence relation of storage A little related first action datas of account identification, therefore mobile terminal is after determining and needing to carry out authentication, it can also be true The account identification logged in the mobile terminal before settled, if related first action data, if so, after continuing to execute Continuous step, if not, it is determined that authentication can not be carried out by action data, then other authentication sides can be used in mobile terminal Formula carries out authentication, such as password authentification or fingerprint authentication etc..Certainly, for identity can not be carried out by action data After verifying, which kind of subsequent this specification mobile terminal specifically executes without limitation.For example, processing uses existing other modes It carries out other than authentication, mobile terminal can also directly report an error, and prompt user that can not carry out authentication.

S106: according to the incidence relation of storage, account identification association corresponding with second action data is determined The first action data.

In this specification one or more embodiment, mobile terminal is determining account mark corresponding with the second action data After knowledge, it can determine that account identification corresponding with two action data is closed according to the incidence relation stored by step S102 First movement number of connection carries out authentication so that subsequent step is by matching action data.

Specifically, mobile terminal is can determine first in stored incidence relation, exist corresponding with two action data The consistent account identification of account identification determines first later further according to the incidence relation of the account identification and storage determined Action data.

Certainly, it is not identified with the account if mobile terminal determines there are the first action data of incidence relation, it can also be such as Described in abovementioned steps S104, authentication is carried out by other auth methods, or directly report an error, this specification is not It limits.

S108: it according to the matching result of the first action data and second action data determined, carries out identity and tests Card.

In this specification one or more embodiment, mobile terminal determine for the account mark it is associated go out first It, can be by the first action data and second after action data, and acquisition the second action data corresponding with account mark Action data is matched, and carries out authentication according to matching result.

Specifically, when matching result is matching, mobile terminal can determine that authentication passes through, when matching result is not Timing, then mobile terminal can determine that authentication does not pass through.Also, the mobile terminal can use other spare authentications Method carries out authentication again, or directly reports an error.Certainly, after the mobile terminal determines that authentication passes through, according to Which kind of operation is the result of the authentication continue to execute, and this specification is without limitation.For example, when the authentication is to be propped up Pay business before authentication when, then after determining that authentication passes through, which can be performed the payment transaction.

For example, it is assumed that user s needs to be arranged verification information, then the user s can make movement, make acquisition for mobile terminal first Action data, and establish and store the incidence relation of the first action data and account identification.It is needed later when mobile terminal determines When carrying out authentication, user s can be prompted to execute verifying movement, and obtain the second action data when user s makes movement, Determine that there are the first action datas of incidence relation for account identification corresponding with second action data later, finally by matching The matching result of first and second action data carries out authentication.

Through the above steps, user need to only make and matched second action data of the first action data, so that it may pass through Authentication simplifies the process of authentication so that the method for authentication is more abundant.Also, on the one hand in addition to setting the Other than the user of one action data, for authentication when other users can not determine which movement of user, verifying is reduced The risk of information exposure.There is the difference on individual between another aspect different user, similarly acts different users and execute When obtain action data have differences, also improve the safety of authentication.

For example, using this specification provide auth method, come complete execute payment transaction when authentication when, Mobile terminal can acquire user and execute corresponding first action data when verifying movement first, and determine the account that user logs at this time The incidence relation of the first action data and the account are established after determining that account authentication passes through in family.Later as the user It (e.g., after user's dining, being paid the bill by client) when needing to be implemented payment transaction, verifying movement can be performed in user, Then mobile terminal can obtain the account identification that the verifying of user's execution acts corresponding second action data and currently logs in, and lead to It crosses stored incidence relation and determines matching result, and further determine that whether authentication passes through.If it is determined that authentication is logical It crosses, then can further determine that subsequent can be performed the payment transaction.Come from the point of view of user, is bound before need to only executing with account Verifying movement, payment can be completed.While time saving and energy saving, the risk of verification information leakage is also reduced.

Detailed procedure declaration is continued to above-mentioned data storage procedure and authentication process itself below.

Wherein, it is based on data storage procedure shown in FIG. 1, this specification embodiment is corresponding to be provided a kind of data and stored Journey, as shown in Figure 3.

Fig. 3 is the data storage procedure that this specification embodiment provides, and specifically be can comprise the following steps that

S200: terminal acquires the first action data of user, and determines account mark corresponding with first action data Know.

The problem of in order to reduce the disclosure risk of verification information in the prior art.As described in the step s 100 in this theory In bright book one or more embodiment, terminal can acquire the first action data of user, and determine corresponding first action data Account identification.And the incidence relation between mark and the first action data is created an account, so that the user is in subsequent carry out identity As long as made when verifying with the matched movement of the first action data, authentication can be passed through.

Specifically, still with mobile terminal execution, the authentication process itself is this specification based on the description in step S100 Example is illustrated, which can be when user holds the mobile terminal, the corresponding data of the movement made.It should Action data can include: the direction of motion, acceleration of motion, angular velocity of satellite motion etc. data.This specification does not limit the movement Terminal acquires action data by which sensor, also, since motion capture method in the prior art have been relatively mature, and And the movement that user makes can be precisely determined, therefore this explanation is to the part acquired for action data by the data of acquisition No longer repeated.

Certainly, for convenience of explanation, user is acquired as mobile terminal using first action data in the present specification to do Corresponding data include: and are illustrated for acceleration information and angular velocity data when making.

For example, it is assumed that acceleration information and angular velocity data that acquisition for mobile terminal is recorded according to chronological order, As the first action data, as shown in table 1.

Table 1

By the acceleration information and angular velocity data recorded in table 1 according to chronological order, the shifting can be determined The motion profile of dynamic terminal can determine the movement that user makes by the motion profile of the mobile terminal.

In addition, because there is certain difference (e.g., height is fat or thin) in the body of different people, so different user does identical one Group movement, mobile terminal also can determine the first not exactly the same action data.Therefore, it in first action data, is equivalent to The posture data of user are contained indirectly, therefore the first action data is also considered as a kind of biological characteristic, for carrying out identity Verifying.

Further, in this specification embodiment, mobile terminal may further determine that needs are established with the first action data and close The account identification of connection relationship.As described in the step s 100, mobile terminal can determine the account identification at the family that enters an item in an account book.For specific How to determine that account identification, this specification repeat no more this.

Further in the present specification, mobile terminal can obtain the first action data depending on the user's operation.Due to During storing data shown in Fig. 3, storage is to act in subsequent authentication process itself for the first of authentication The incidence relation of data and account identification, therefore the process can be and execute depending on the user's operation.

For example, when being used for authentication, can be started by mobile terminal when user needs to be arranged account corresponding movement Act the process of typing.Then mobile terminal starts to acquire action data after determining the process for starting typing movement, and in determination After typing acts, stop acquisition action data.And in data collected in typing action process as the first movement Data.

Wherein, mobile terminal can determine the start and end time of typing movement in several ways.For example, when terminal is supervised It measures and starts to acquire action data when user executes long press operation, stop acquisition action data when user stops long press operation, And using collected action data as the first action data.Alternatively, starting to adopt when the sign on of terminal monitoring to user Collection, terminates to acquire when monitoring the halt instruction of user.Specifically, this specification pair and how to acquire the first action data sheet Specification is without limitation.

S202: the incidence relation between first action data and the account identification and storage are established.

In this specification one or more embodiment, when the first action data of acquisition for mobile terminal and account has been determined After the mark of family, the incidence relation between the first action data and account identification can be established, and store.So that subsequent identity is tested The card stage can determine that the first action data corresponding with account mark is used for authentication according to above-mentioned incidence relation.

Specifically, mobile terminal can be established directly between the first action data determined in step s 200 and account identification Incidence relation, and store first action data, the account mark and the incidence relation.

In addition, when there is server to execute subsequent authentication Guo into teacher, then the mobile terminal first can also act this Data and account identification are sent to server.Server is set to store first action data, account mark and the association Relationship.Also, it is specifically storable in the hard disk of the server, or is stored in database corresponding with the server, this Specification is not specifically limited.

And it in the present specification, can be independent from each other between data storage procedure and authentication process itself.

By data storage procedure as shown in Figure 3, mobile terminal can receive the first action data of acquisition and account mark Know, the incidence relation between the first action data and account identification and storage is established, for use when subsequent progress authentication.

It should be noted that the executing subject of each step of this specification embodiment institute providing method may each be same and set It is standby, alternatively, this method is also by distinct device as executing subject.For example, the executing subject of step S200 can be equipment 1, step The executing subject of rapid S202 can be equipment 2；For another example, the executing subject of step S200 can be equipment 2, and step S202's holds Row main body can be equipment 1；Etc..

Based on date storage method shown in FIG. 1, this specification embodiment also correspondence provides a kind of auth method, such as Shown in Fig. 4.

Fig. 4 is a kind of process for data storage that this specification embodiment provides, and specifically be can comprise the following steps that

S300: the first action data that server receiving terminal is sent, and account corresponding with first action data Family mark.

In this bright book one or more embodiment, it is illustrated so that server executes the data storage procedure as an example, it should Server can receive the first action data that terminal is sent, and determine the corresponding account identification of the first action data.Wherein, the end End specifically can be the equipment such as mobile phone, tablet computer, PC, work station, intelligent wearable device, and server can be individually An equipment or the system that is made of multiple devices, this specification is without limitation.

Specifically, server can receive the first action data that terminal is sent, and determine the account of logon account in the terminal Family mark.Wherein, in received first action data of the server, account mark or the server can be carried The account identification that can determine the last logon account in the terminal, as account identification corresponding with first action data. And the method for determining the account identification of logon account in terminal since a variety of servers exist in the prior art, this specification For specifically how to determine account mark without limitation.For example, server can also after receiving the first action data, Inquiry request is sent to terminal, so that the terminal returns to account mark.Certainly, it is tampered to reduce in data transmission procedure Risk, account mark can be by terminal when acquiring first action data, determine logon account on the terminal Account identification, and carry and be sent to the server in first action data.

S302: the incidence relation between first action data and the account identification and storage are established.

In this specification one or more embodiment, when server have received terminal transmission the first action data, And it after determining account identification corresponding with the first action data, can establish between the first action data and account identification Incidence relation, and store.So as to subsequent authenticating phase, the account verified with needs can be determined according to above-mentioned incidence relation There are the first action datas of incidence relation for family mark, and carry out authentication based on the matching result between action data.

Specifically, server can be established directly between the first action data and account identification number determined in step S300 Incidence relation, and store first action data, the account mark and the incidence relation.Alternatively, server should in storage Before first action data, account mark and the incidence relation, the identity that a step identifies the account can be carried out and tested Card, the method that can specifically use other existing authentications, and after determining that authentication passes through, then store this first Action data, account mark and the incidence relation.

For example, server receive terminal transmission the first action data and account identification after, can be to the terminal Authentication request is sent, the terminal is made to return to the password of verifying, and pair of account identification according to the pre-stored data and password It should be related to, after determining that the authentication of account mark passes through, then store that first action data and the account identify be associated with Relationship.

Certainly, service implement body carries out authentication using which kind of other auth method, and this specification does not limit It is fixed, for example, can be using password authentification described in upper example, or the methods of fingerprint authentication, voice print verification etc. can also be used.

In addition, in the present specification, which can be by first action data, account mark and the incidence relation It is stored in the server local, or is stored in the database, this specification is not specifically limited.

Based on date storage method shown in FIG. 1, this specification embodiment also correspondence provides a kind of auth method, such as Shown in Fig. 5.

S400: terminal acquires the second action data of user, and determines account mark corresponding with second action data Know.

In one or more embodiment of this specification, based on data storage procedure as shown in Figure 1, continue with movement For terminal executes data storage procedure, by the process of mobile terminal execution authentication.

The mobile terminal stores the corresponding relationship between account identification and the first action data, as shown in Figure 6.Fig. 6 is The schematic diagram of the incidence relation of the first action data and account identification that this specification provides, left side are corresponding for the first action data User action schematic diagram, right side be associated account identification.

Authentication process itself in the present specification, the mobile terminal can prompt user to execute movement, pass through later Corresponding action data when user's execution movement is acquired, as the second action data (that is, verification information).Also, mobile terminal It also can determine account identification corresponding with second action data simultaneously, as the object for needing to carry out authentication.

Specifically, the process that the mobile terminal acquires the second action data can be with the mistake in abovementioned steps S100 Journey is consistent, and the display reminding information before the action data of acquisition user.Such as, in schematic diagram described in Fig. 7, mobile terminal The prompt information of " the verifying movement that binding please be make " can be shown in interface.To acquire action data when user makes movement, And as the second action data.

Also, with it is consistent in abovementioned steps S100, which can determine the shifting when acquiring second action data The account identification of logon account, the account identification as pending authentication in dynamic terminal.

In addition, with reference to description in the step s 100, if the authentication process itself is in the mobile terminal in the present specification Upper progress, and in data storage procedure, it is only deposited for the first action data of authentication and associated account identification Storage is in the mobile terminal, then the mobile terminal can determine that first determining on the mobile terminal is when needing to carry out authentication It is no be stored with the account identification of logon account associated first action data, if so, can be in display reminding, acquisition user Second action data, if it is not, then can determine can not carry out authentication by acquiring the second action data of user, therefore can be with It converts the methods of other authentications, (e.g., password authentification, fingerprint authentication etc.).

Further, in the present specification, do not limit the authentication process itself is why to start to carry out.For example, working as If desired authentication when user's logon account then can determine the account identification to logon account, and acquire the second of user Action data, alternatively, needing to carry out authentication when user executes payment transaction, then mobile terminal, which also can determine, starts to execute The step of authentication needed after step S400, and execution.

S402: the incidence relation between the first action data according to the pre-stored data and account identification, it is determining with described the Associated first action data of the corresponding account identification of two action datas.

In this specification one or more embodiment, mobile terminal can the first action data according to the pre-stored data and account The incidence relation of family mark determines first movement number of the account identification corresponding with second action data there are incidence relation According to being matched convenient for subsequent step to the first and second action data.

Specifically, in the present specification, mobile terminal can first incidence relation according to the pre-stored data, judge in association pass Account identification in system, and if the account identification corresponding with the second action data determined in step S400 is consistent, if so, Determination can carry out authentication according to action data, and the determining and account identifies associated first action data, if it is not, then really Surely authentication cannot be carried out by action data.

In addition, in the present specification, it, can be into one when mobile terminal determination cannot carry out authentication by action data Other auth methods of step conversion carry out authentication, and this specification does not limit this.

It should be noted that the second action data of mobile terminal acquisition, can also be form shown in table 1, this specification pair This is repeated no more.

S404: it according to the matching result of the first action data and second action data determined, carries out identity and tests Card.

In this specification one or more embodiment, mobile terminal, can be true after determining the first action data The matching result of fixed first and second action data, and according to matching result, carry out authentication.

Specifically, mobile terminal can carry out similarity calculation to first action data and second action data, Judge whether similarity is greater than preset threshold value, if so, determine that first action data is matched with second action data, If not, it is determined that first action data and second action data mismatch.Wherein, matching or unmatched result are The matching result determined for mobile terminal.

When determining matching result to match, it may be determined that authentication passes through, can when determining matching result to mismatch Further continue authentication using other auth methods, when other auth methods also verify it is obstructed out-of-date, Again determine authentication do not pass through, and if other auth methods are verified, it is determined that authentication passes through.

Based on auth method shown in fig. 5, when carrying out authentication, by the second movement number for acquiring user According to, and the account identification of corresponding second action data, when determining in the presence of associated first action data is identified with the account, It determines the matching result of the first action data and the second action data, and determines whether authentication passes through according to matching result. User is when carrying out authentication, without in validation information, and only need to make with the matched movement of the first action data, So that the second action data of mobile terminal acquisition is matched with the first action data, authentication can be passed through.Also, due to Individual difference between family (e.g., height fat or thin etc.), so that even if other users execute the movement for verifying, it is also possible to cause the Two action datas and the first action data mismatch.While reducing the risk of verification information leakage, improves identity and test The safety of card.

In addition, in the present specification, the incidence relation of first action data and account identification, can be merely stored in acquisition should In the mobile terminal of first action data, to avoid the leakage of the first action data, privacy of user disclosure risk is reduced.

Alternatively, in order to which aspect user can carry out authentication by doing movement in different terminals, first movement The incidence relation of data and account identification may also be stored in server, then in step S402, mobile terminal can also will be acquired To the second action data and its corresponding account identification be sent to server, carry out authentication.And the root in step S406 According to the matching result that server returns, authentication is carried out.

It should be noted that the executing subject of each step of this specification embodiment institute providing method may each be same and set It is standby, alternatively, this method is also by distinct device as executing subject.For example, the executing subject of step S400 and step S402 can be with For equipment 1, the executing subject of step S404 can be equipment 2；For another example, the executing subject of step S400 can be equipment 1, step The executing subject of rapid S402 and step S404 can be equipment 2；Etc..

Date storage method based on shown in Fig. 4, this specification embodiment also correspondence provide a kind of auth method, such as scheme Shown in 8.

Fig. 8 is the schematic diagram for the authentication process itself that this specification embodiment provides, comprising:

S500: the second action data that terminal is sent, and account identification corresponding with second action data are received.

In this specification one or more embodiment, subsequent retouch is carried out so that server executes authentication process itself as an example It states.The server can receive the second action data that terminal is sent, and determine account identification corresponding with the second action data. Wherein, server receives the second action data and determines that the process of account identification can be similar with the description in step S300, This specification repeats no more this.

S502: the incidence relation between the first action data according to the pre-stored data and account identification, it is determining with described the Associated first action data of the corresponding account identification of two action datas.

In this specification one or more embodiment, since server is in data storage procedure, it can receive multiple ends Hold the first action data sent and account identification, if therefore the server be previously stored with several the first action data with Incidence relation between dry account identification.

Then, which being associated between each first action data according to the pre-stored data and each account identification System, determining associated first action data of account identification determined with step S500.Certainly, if the server determine there is no with The account identifies associated first action data, then server can return to the information of authentication failed, and the terminal is made to carry out subsequent behaviour Make and (e.g., determines that authentication does not pass through, or continue authentication using other auth methods).

S504: it according to the matching result of the first action data and second action data determined, carries out identity and tests Card.

In this specification one or more embodiment, server executes the process of step S504 and mobile terminal execution walks The process of rapid S404 is similar, the first action data determined can be calculated and the second action data for receiving between it is similar Degree, and when similarity is higher than preset threshold, matching result is determined as matching, and authentication passes through, when similarity is not higher than pre- If when threshold value, determining matching result to mismatch, authentication does not pass through.

Certainly, which can be by the terminal in authentication result return step S500.

In addition, after terminal can pass through authentication, the service request needed to be implemented is sent to together in step S500 The server when server determines that authentication passes through, executes corresponding industry according to service request then in step S504 Business.It is obstructed out-of-date in authentication, prompt information is returned to, and do not execute the corresponding business of service request.

Based on date storage method shown in Fig. 1, this specification embodiment also correspondence provides a kind of knot of data storage device Structure schematic diagram, as shown in Figure 9.

Fig. 9 is a kind of structural schematic diagram for data storage device that this specification embodiment provides, and described device includes:

Acquisition module 600 acquires the first action data of user, and determines account corresponding with first action data Mark；

Memory module 602 establishes the incidence relation between first action data and the account identification and storage.

The acquisition module 600, determine the acquisition module acquire user first action data when, the dress Set the account identification of logon account.

The memory module 602 sends first action data and the account identification to server, so that described Server establishes the incidence relation between first action data and the account identification and storage；Alternatively, establishing described Incidence relation between one action data and the account identification is simultaneously stored in described device local.

The memory module 602 establishes incidence relation between first action data and the account identification simultaneously Before storage, determine that the authentication of logon account passes through in described device.

Specifically, the data storage device, can be located in terminal.The terminal can be mobile phone, tablet computer, intelligence and wear Wear equipment etc..

Date storage method based on shown in Fig. 4, this specification embodiment is also corresponding to provide a kind of data storage device Structural schematic diagram, as shown in Figure 10.

Figure 10 is a kind of structural schematic diagram for data storage device that this specification embodiment provides, and described device includes:

Receiving module 700 receives the first action data that terminal is sent, and account corresponding with first action data Family mark；

Memory module 702 establishes the incidence relation between first action data and the account identification and storage.

Specifically, the data storage device, can be located in server.The server can be an independent equipment, or The system that person is made of multiple devices.

Based on auth method shown in Fig. 5, this specification embodiment also correspondence provides a kind of knot of authentication means Structure schematic diagram, as shown in figure 11.

Figure 11 is a kind of structural schematic diagram for authentication means that this specification embodiment provides, and described device includes:

Acquisition module 800 acquires the second action data of user, and determines account corresponding with second action data Mark；

Determining module 802, the incidence relation between the first action data according to the pre-stored data and account identification, determine with Corresponding associated first action data of account identification of second action data；

Authentication module 804, according to the matching result of the first action data for determining and second action data, Carry out authentication.

The acquisition module 800 determines the terminal when acquiring second action data of user, in the terminal The account identification of logon account.

The authentication module 804 carries out described first action data and second action data similar Degree calculates, and judges whether similarity is greater than preset threshold value, if so, determining first action data and the second movement number According to matching result be matching, if not, it is determined that the matching result of first action data and second action data is not Matching.

The determining module 802, when determining that there is no account identifications corresponding with second action data associated the When one action data, matching result is determined to mismatch.

The authentication module 804 determines that authentication passes through when determining matching result to match, when determining It is authentication to be carried out by spare auth method, wherein the spare authentication side when mismatching with result Method includes at least: one of password authentification, fingerprint authentication.

The determining module 802, by second action data and account mark corresponding with second action data Knowledge is sent to server, so that being associated between the server the first action data according to the pre-stored data and account identification System determines that account identification corresponding with second action data has the first action data of incidence relation.

The authentication module 804 receives the server to the first action data and second action data The matching result determined after similarity calculation is carried out, when the matching result received is matching, determines that authentication passes through； When the matching result received is to mismatch, authentication is carried out by spare auth method, wherein described spare Auth method include at least: one of password authentification, fingerprint authentication.

Specifically, the authentication means, can be located in terminal.The terminal can be mobile phone, tablet computer, personal electricity Brain, intelligent wearable device etc..

Based on auth method shown in Fig. 8, this specification embodiment also correspondence provides a kind of knot of authentication means Structure schematic diagram, as shown in figure 12.

Figure 12 is a kind of structural schematic diagram for authentication means that this specification embodiment provides, and described device includes:

Receiving module 900 receives the second action data that terminal is sent, and account corresponding with second action data Family mark；

Determining module 902, the incidence relation between the first action data according to the pre-stored data and account identification, determine with Corresponding associated first action data of account identification of second action data；

Authentication module 904, according to the matching result of the first action data for determining and second action data, Carry out authentication.

The authentication module 904 determines that authentication passes through when determining matching result to match, when determining It is the matching result to be returned into the terminal, so that the terminal passes through spare authentication side when mismatching with result Method carries out authentication, wherein the spare auth method includes at least: one of password authentification, fingerprint authentication.

Specifically, the authentication means, can be located in server.The server can be an independent equipment, or The system that person is made of multiple devices.

Auth method based on data shown in FIG. 1 storage and Fig. 5, this specification embodiment is also corresponding to provide one Kind terminal, as shown in figure 13.It include: one or more processors and memory in the terminal, the memory is stored with program, And it is configured to execute following steps by one or more of processors:

And

Based on shown in Fig. 4 data storage and Fig. 8 described in the serious method of identity, this specification embodiment also correspondence mentions For the first server, as shown in figure 14.The server includes: one or more processors and memory.Wherein, memory is deposited Program is contained, and is configured to be performed by one or more processors following steps:

And；

It should be noted that all the embodiments in this specification are described in a progressive manner, each embodiment it Between same and similar part may refer to each other, each embodiment focuses on the differences from other embodiments. For mobile terminal provided by the embodiments of the present application and server, since it is substantially similar to the method embodiment, So being described relatively simple, the relevent part can refer to the partial explaination of embodiments of method.

In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example, Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).So And with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit. Designer nearly all obtains corresponding hardware circuit by the way that improved method flow to be programmed into hardware circuit.Cause This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device (Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate Array, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designer Voluntarily programming comes a digital display circuit " integrated " on a piece of PLD, designs and makes without asking chip maker Dedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " is patrolled Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development, And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language (Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL (Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL (Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language) etc., VHDL (Very-High-Speed is most generally used at present Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also answer This understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages, The hardware circuit for realizing the logical method process can be readily available.

Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing The computer for the computer readable program code (such as software or firmware) that device and storage can be executed by (micro-) processor can Read medium, logic gate, switch, specific integrated circuit (Application Specific Integrated Circuit, ASIC), the form of programmable logic controller (PLC) and insertion microcontroller, the example of controller includes but is not limited to following microcontroller Device: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320 are deposited Memory controller is also implemented as a part of the control logic of memory.It is also known in the art that in addition to Pure computer readable program code mode is realized other than controller, can be made completely by the way that method and step is carried out programming in logic Controller is obtained to come in fact in the form of logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion microcontroller etc. Existing identical function.Therefore this controller is considered a kind of hardware component, and to including for realizing various in it The device of function can also be considered as the structure in hardware component.Or even, it can will be regarded for realizing the device of various functions For either the software module of implementation method can be the structure in hardware component again.

System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment The combination of equipment.

For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this The function of each unit can be realized in the same or multiple software and or hardware when application.

It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.

The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.

These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.

In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net Network interface and memory.

Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.

Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.

It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want There is also other identical elements in the process, method of element, commodity or equipment.

It will be understood by those skilled in the art that embodiments herein can provide as method, system or computer program product. Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application Form.It is deposited moreover, the application can be used to can be used in the computer that one or more wherein includes computer usable program code The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) Formula.

The application can describe in the general context of computer-executable instructions executed by a computer, such as program Module.Generally, program module includes routines performing specific tasks or implementing specific abstract data types, programs, objects, group Part, data structure etc..The application can also be practiced in a distributed computing environment, in these distributed computing environments, by Task is executed by the connected remote processing devices of communication network.In a distributed computing environment, program module can be with In the local and remote computer storage media including storage equipment.

All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method Part explanation.

The above description is only an example of the present application, is not intended to limit this application.For those skilled in the art For, various changes and changes are possible in this application.All any modifications made within the spirit and principles of the present application are equal Replacement, improvement etc., should be included within the scope of the claims of this application.

Claims

1. a kind of auth method, comprising:

The first action data is obtained, and determines account identification corresponding with first action data；

According to the incidence relation of storage, associated first movement of account identification corresponding with second action data is determined Data；

2. a kind of date storage method, comprising:

3. method according to claim 2 determines account identification corresponding with first action data, specifically includes:

The terminal is determined when acquiring first action data of user, the account identification of logon account in the terminal.

4. method according to claim 2, the association established between first action data and the first identifier is closed It is and stores, specifically includes:

First action data and the account identification are sent to server, is moved so that the server establishes described first Make the incidence relation and storage between data and the account identification；Alternatively,

Incidence relation that the terminal is established between first action data and the account identification is simultaneously stored in the terminal It is local.

5. method according to claim 2, the association established between first action data and the account identification is closed Before being and storing, the method also includes:

Determine that the authentication of logon account in the terminal passes through.

6. a kind of date storage method, comprising:

The first action data that server receiving terminal is sent, and account identification corresponding with first action data；

7. a kind of auth method, comprising:

Incidence relation between first action data according to the pre-stored data and account identification, determining and second action data Corresponding associated first action data of account identification；

8. the method for claim 7, determining account identification corresponding with second action data, specifically include:

The terminal is determined when acquiring second action data of user, the account identification of logon account in the terminal.

9. the method for claim 7, according to the matching of the first action data and second action data determined As a result, specifically including:

Similarity calculation is carried out to described first action data and second action data, judges whether similarity is greater than Preset threshold value；

If so, determining first action data is to match with the matching result of second action data；

If not, it is determined that the matching result of first action data and second action data is to mismatch.

10. it is the method for claim 7, the method also includes:

When determining the first action data associated there is no account identification corresponding with second action data, matching is determined It as a result is mismatch.

11. the method as described in claim 9 or 10 carries out authentication, specifically includes:

When determining matching result to match, determine that authentication passes through；

When determining matching result to mismatch, authentication is carried out by spare auth method；

Wherein, the spare auth method includes at least: one of password authentification, fingerprint authentication.

12. the method for claim 7, being associated between the first action data according to the pre-stored data and account identification System determines associated first action data of account identification corresponding with second action data, specifically includes:

Second action data and account identification corresponding with second action data are sent to server, so that institute The incidence relation between server the first action data according to the pre-stored data and account identification is stated, it is determining to be acted with described second The corresponding account identification of data has the first action data of incidence relation.

13. method as claimed in claim 12, according to of the first action data and second action data determined With as a result, progress authentication, specifically includes:

Receive what the server was determined after carrying out similarity calculation to the first action data and second action data Matching result；

When the matching result received is matching, determine that authentication passes through；When the matching result received is to mismatch, Authentication is carried out by spare auth method；

14. a kind of auth method, comprising:

15. method as claimed in claim 14 carries out authentication, specifically includes:

When determining matching result to mismatch, the matching result is returned into the terminal so that the terminal pass through it is spare Auth method carry out authentication；

16. a kind of data storage device, comprising:

Acquisition module acquires the first action data of user, and determines account identification corresponding with first action data；

17. device as claimed in claim 16, the acquisition module, determine the acquisition module described the of acquisition user When one action data, the account identification of logon account in described device.

18. device as claimed in claim 16, the memory module send first action data and institute to server Account identification is stated, so as to the incidence relation that the server is established between first action data and the account identification and deposit Storage；Alternatively, the incidence relation established between first action data and the account identification and being stored in described device local.

19. device as claimed in claim 16, the memory module establish first action data and the account mark Before incidence relation and storage between knowledge, determine that the authentication of logon account passes through in described device.

20. a kind of data storage device, comprising:

Receiving module receives the first action data that terminal is sent, and account identification corresponding with first action data；

21. a kind of authentication means, comprising:

Acquisition module acquires the second action data of user, and determines account identification corresponding with second action data；

Determining module, the incidence relation between the first action data according to the pre-stored data and account identification are determining with described the Associated first action data of the corresponding account identification of two action datas；

Authentication module carries out body according to the matching result of the first action data and second action data determined Part verifying.

22. device as claimed in claim 21, the acquisition module determine that the terminal is moved described the second of acquisition user When making data, the account identification of logon account in the terminal.

23. device as claimed in claim 21, the authentication module, to described first action data and described Two action datas carry out similarity calculation, judge whether similarity is greater than preset threshold value, if so, determining the first movement number According to being to match with the matching result of second action data, if not, it is determined that first action data and second movement The matching result of data is to mismatch.

24. device as claimed in claim 21, the determining module, when there is no corresponding with second action data for determination Account identification associated first action data when, determine matching result to mismatch.

25. the device as described in claim 23 or 24, the authentication module, when determining matching result to match, really Determine authentication to pass through, when determining matching result to mismatch, authentication carried out by spare auth method, In, the spare auth method includes at least: one of password authentification, fingerprint authentication.

26. device as claimed in claim 21, the determining module are moved by second action data and with described second Make the corresponding account identification of data and be sent to server, so that the server the first action data according to the pre-stored data and account Incidence relation between the mark of family determines that account identification corresponding with second action data has the first of incidence relation to move Make data.

27. device as claimed in claim 26, the authentication module receive the server to the first action data The matching result determined after similarity calculation is carried out with second action data, when the matching result received is matching When, determine that authentication passes through；When the matching result received is to mismatch, body is carried out by spare auth method Part verifying, wherein the spare auth method includes at least: one of password authentification, fingerprint authentication.

28. a kind of authentication means, comprising:

Receiving module receives the second action data that terminal is sent, and account identification corresponding with second action data；

29. device as claimed in claim 28, the authentication module determines body when determining matching result to match Part is verified, and when determining matching result to mismatch, the matching result is returned to the terminal, so that the terminal is logical It crosses spare auth method and carries out authentication, wherein the spare auth method includes at least: password is tested One of card, fingerprint authentication.

30. a kind of terminal, comprising: one or more processors and memory, the memory is stored with program, and is configured Following steps are executed at by one or more of processors:

31. a kind of server, comprising: one or more processors and memory, the memory is stored with program, and is matched It is set to and executes following steps by one or more of processors:

32. a kind of terminal, comprising: one or more processors and memory, the memory is stored with program, and is configured Following steps are executed at by one or more of processors:

33. a kind of server, comprising: one or more processors and memory, the memory is stored with program, and is matched It is set to and executes following steps by one or more of processors: