CN116702108A - Authentication method, device and system - Google Patents
Authentication method, device and system Download PDFInfo
- Publication number
- CN116702108A CN116702108A CN202310672769.7A CN202310672769A CN116702108A CN 116702108 A CN116702108 A CN 116702108A CN 202310672769 A CN202310672769 A CN 202310672769A CN 116702108 A CN116702108 A CN 116702108A
- Authority
- CN
- China
- Prior art keywords
- authentication
- client
- component
- authentication component
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000004590 computer program Methods 0.000 claims description 9
- 230000004044 response Effects 0.000 claims description 4
- 239000000306 component Substances 0.000 description 182
- 238000010586 diagram Methods 0.000 description 12
- 238000007726 management method Methods 0.000 description 10
- 238000003032 molecular docking Methods 0.000 description 9
- 238000012795 verification Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 239000008358 core component Substances 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004806 packaging method and process Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 210000001503 joint Anatomy 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the disclosure discloses an authentication method, an authentication device and an authentication system. One embodiment of the method comprises the following steps: receiving an authentication request sent by a client; according to the authentication request, determining an authentication component matched with the client from a preset authentication component set as a target authentication component, wherein the authentication components in the authentication component set are respectively used for realizing different authentication modes; and issuing a target authentication component to the client to authenticate according to a corresponding authentication mode. The embodiment is helpful for improving the convenience of authentication.
Description
Technical Field
The embodiment of the disclosure relates to the technical field of computers, in particular to an authentication method, an authentication device and an authentication system.
Background
With the rapid development of internet transaction and financial services, etc., the transaction and financial services provided by various e-commerce, finance, credit and other types of platforms or business departments of enterprises generally require authentication, i.e. effective identification and/or authority authentication, of participants, enterprises, etc.
The existing authentication mode requires that technicians of each platform or enterprise develop different authentication modes according to different service correspondence, so that research of various authentication technologies, docking of different authentication technologies with various services and the like are required, and meanwhile, whether various equipment terminals support the corresponding authentication modes is also concerned. The service docking cost is higher, the technology development period is longer, and the reusability of the same type of authentication mode is weaker.
Disclosure of Invention
The embodiment of the disclosure provides an authentication method, an authentication device and an authentication system.
In a first aspect, embodiments of the present disclosure provide an authentication method, the method comprising: receiving an authentication request sent by a client; according to the authentication request, determining an authentication component matched with the client from a preset authentication component set as a target authentication component, wherein the authentication components in the authentication component set are respectively used for realizing different authentication modes; and issuing a target authentication component to the client to authenticate according to a corresponding authentication mode.
In a second aspect, embodiments of the present disclosure provide an authentication system, including a client and a server; the client is used for sending an authentication request; the server side is used for determining an authentication component matched with the client side from a preset authentication component set as a target authentication component according to the authentication request, wherein the authentication components in the authentication component set are respectively used for realizing different authentication modes; and issuing a target authentication component to the client to authenticate according to a corresponding authentication mode.
In a third aspect, embodiments of the present disclosure provide an authentication apparatus, the apparatus comprising: a receiving unit configured to receive an authentication request sent by a client; a determining unit configured to determine, from a preset authentication component set, an authentication component matched with the client as a target authentication component according to the authentication request, wherein the authentication components in the authentication component set are respectively used for implementing different authentication modes; and the authentication unit is configured to issue a target authentication component to the client to authenticate according to a corresponding authentication mode.
In a fourth aspect, embodiments of the present disclosure provide an electronic device comprising: one or more processors; a storage means for storing one or more programs; the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method as described in any of the implementations of the first aspect.
In a fifth aspect, embodiments of the present disclosure provide a computer readable medium having stored thereon a computer program which, when executed by a processor, implements a method as described in any of the implementations of the first aspect.
According to the authentication method, the device and the system provided by the embodiment of the disclosure, various authentication components are configured in advance to form the authentication component set, and different authentication modes are respectively realized by the authentication components, after an authentication request of a client is received, the authentication components matched with the client are selected from the authentication component set to carry out authentication, so that the corresponding authentication components can be formed by packaging the various authentication modes, the authentication is carried out in the authentication modes required by rapid butt joint of various businesses, the difficulty of authentication butt joint is reduced, and the convenience of authentication is improved.
Drawings
Other features, objects and advantages of the present disclosure will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the following drawings:
FIG. 1 is an exemplary system architecture diagram in which an embodiment of the present disclosure may be applied;
FIG. 2 is a flow chart of one embodiment of an authentication method according to the present disclosure;
FIG. 3 is a timing diagram of one embodiment of an authentication system according to the present disclosure;
fig. 4a is a timing diagram of yet another embodiment of an authentication system according to the present disclosure;
fig. 4b is a functional design diagram of one embodiment of an authentication system according to the present disclosure;
fig. 5 is a schematic structural view of one embodiment of an authentication device according to the present disclosure;
fig. 6 is a schematic structural diagram of an electronic device suitable for use in implementing embodiments of the present disclosure.
Detailed Description
The present disclosure is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings.
In the technical scheme of the invention, the related aspects of acquisition/collection, updating, analysis, use, transmission, storage and the like of the personal information of the user accord with the regulations of related laws and regulations, are used for legal and reasonable purposes, are not shared, leaked or sold outside the legal use aspects and the like, and are subjected to supervision and management of the national supervision and management department. Necessary measures should be taken for the personal information of the user, the use or access of the personal information data should be selectively prevented to prevent illegal access to such personal information data, to ensure that personnel having access to the personal information data comply with the regulations of the relevant laws and regulations, and to ensure the personal information security of the user. Furthermore, once such user personal information data is no longer needed, the risk should be minimized by limiting or even prohibiting the data collection and/or deletion.
It should be noted that, without conflict, the embodiments of the present disclosure and features of the embodiments may be combined with each other. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 illustrates an exemplary architecture 100 in which embodiments of the authentication method or apparatus of the present disclosure may be applied.
As shown in fig. 1, a system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The terminal devices 101, 102, 103 interact with the server 105 via the network 104 to receive or send messages or the like. Various client applications can be installed on the terminal devices 101, 102, 103. Such as browser-class applications, search-class applications, instant messaging tools, security service-class applications, and the like.
The terminal devices 101, 102, 103 may be hardware or software. When the terminal devices 101, 102, 103 are hardware, they may be various electronic devices including, but not limited to, smartphones, tablet computers, electronic book readers, laptop and desktop computers, and the like. When the terminal devices 101, 102, 103 are software, they can be installed in the above-listed electronic devices. Which may be implemented as multiple software or software modules (e.g., multiple software or software modules for providing distributed services) or as a single software or software module. The present invention is not particularly limited herein.
The server 105 may be a server providing various services, such as a server providing authentication services for the terminal devices 101, 102, 103. The server 105 may receive the authentication request sent by the terminal device 101, 102, 103, determine an authentication component matching with the terminal device from a preset authentication component set according to the authentication request, and issue a corresponding matching authentication component to the client to perform authentication according to an authentication mode corresponding to the authentication component.
It should be noted that the authentication method provided by the embodiments of the present disclosure is generally performed by the server 105, and accordingly, the authentication device is generally disposed in the server 105.
The server 105 may be hardware or software. When the server 105 is hardware, it may be implemented as a distributed server cluster formed by a plurality of servers, or as a single server. When server 105 is software, it may be implemented as multiple software or software modules (e.g., multiple software or software modules for providing distributed services), or as a single software or software module. The present invention is not particularly limited herein.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continued reference to fig. 2, a flow 200 of one embodiment of an authentication method according to the present disclosure is shown. The authentication method comprises the following steps:
step 201, receiving an authentication request sent by a client.
In this embodiment, authentication is a security measure commonly used in various scenarios such as information systems, networks, or applications. Generally, authentication may include identity authentication and/or rights verification. Wherein, identity authentication (also called as a kernel) is used for authenticating the identity of a user. Rights verification is used to verify the rights that a user has.
It should be noted that authentication in this disclosure includes rights verification and authentication. Authentication may also be referred to as authentication kernel.
The authentication request may be used to request authentication. A client may refer to an authenticated object or a terminal device used by an authenticated object. An executing body of the authentication method (e.g., the server 105 shown in fig. 1, etc.) may receive an authentication request sent by the client.
Specifically, under different application scenarios, the client can flexibly initiate the authentication request in various ways. For example, when a monetary transaction or the like is triggered during use of the client, an authentication request may be automatically initiated. For another example, an authentication request may be initiated when a client accesses data or content having a rights setting.
Step 202, determining an authentication component matched with the client from a preset authentication component set as a target authentication component according to the authentication request.
In this embodiment, the set of authentication components may consist of several different authentication components. Each authentication component in the set of authentication components may be used to implement a different authentication scheme, respectively. Generally, various authentication modes can be implemented according to different requirements and different technologies. For example, authentication means may include, but are not limited to: password authentication, biometric authentication (e.g., fingerprint authentication, voiceprint authentication, face authentication, etc.), certificate authentication, etc.
The authentication component may be preconfigured by a technician to implement standardized interaction and authentication logic, and provide standard component calls (e.g., component internal packaging, external provision of standardized docking parameters, etc.) to facilitate docking of the authentication component with the outside.
After receiving the authentication request sent by the client, various methods can be adopted to determine an authentication component matched with the client from the authentication component set as a target authentication component. For example, the authentication request may include an authentication method required by the client. At this time, the authentication components corresponding to the authentication modes can be queried from the authentication component set as the authentication component matched with the client, so as to obtain the target authentication component.
Step 203, the target authentication component is issued to the client to authenticate according to the corresponding authentication mode.
In this embodiment, after determining the target authentication component, the target authentication component may be issued to the client, so as to complete authentication required by the client according to an authentication manner corresponding to the target authentication component. In general, a docking portal of the target authentication component may be issued to the client to enable the client to invoke the target authentication component through the portal to complete authentication.
Specifically, the executing body may first issue a preset authentication page address to the client, and then call the target authentication component to complete authentication according to a component call mode supported by the client by the authentication page corresponding to the authentication page address.
For example, the authentication page can directly jump to the target authentication component for authentication by means of H5 page jump. For another example, the authentication page may invoke the target authentication component to authenticate by invoking Javascript bridge script or the like, using SDK (Software Development Kit) pre-installed at the client.
By pre-configuring the authentication component to realize standardized interaction and authentication logic and providing for the standard component to call, the external various services can be conveniently docked to complete corresponding authentication, and for a service party, the authentication technology, docking and the like do not need to be researched, the authentication cost is saved, and the authentication difficulty is reduced.
In some optional implementations of this embodiment, after receiving the authentication request sent by the client, wind control identification may be performed on the client to obtain an identification result. The identification result may be used to indicate whether the client belongs to a security authentication object. The secure authentication object refers to a secure authentication object. For example, clients used by some illegitimate users may be considered as not belonging to a secure authentication object.
Specifically, wind control recognition can be performed on the client according to an actual application scene, and a recognition result is obtained. For example, a client blacklist may be preset, where an identification of a client that does not belong to the security authentication object may be stored in the client blacklist. At this time, clients with higher security risks may be filtered through the client blacklist.
After the identification result is obtained, in response to determining that the identification result indicates that the client does not belong to the secure authentication object, the subsequent authentication operation on the client may be refused.
In response to determining that the identification result indicates that the client belongs to a secure authentication object, steps 202-203 described above may be performed to authenticate the client.
After receiving the authentication request, the risk judgment is carried out on the client through wind control identification, so that the resource waste of further authentication operation on the risk client can be avoided, and the convenient combination of authentication and wind control can be realized.
In some optional implementations of the present embodiment, the authentication component that matches the client may be determined as the target authentication component from the pre-configured authentication components by:
step one, obtaining attribute information of a client according to an authentication request.
In this step, the attribute information of the client may refer to various information related to the client. In general, the attribute information of the client may include attribute information affecting an authentication manner supported by the client. For example, the attribute information of the client includes, but is not limited to: the operating system used, version information of the application, and UA (User Agent) identification of the client, etc.
The attribute information of the client may be acquired in various ways. For example, the authentication request may carry attribute information of the client. At this time, the attribute information of the client may be directly obtained from the received authentication request.
For another example, the execution body may collect and report the attribute information of the client using an SDK installed in advance in the client.
And secondly, determining an authentication component matched with the client from a preset authentication component set as a target authentication component according to the attribute information of the client.
In this step, after obtaining the attribute information of the client, an authentication component matching the attribute information of the client may be screened from the authentication component set as a target authentication component. In general, for each authentication component in the authentication component set, attribute information of a client to which the authentication component is applicable may be set, so that an authentication component matched with the authentication component may be queried according to the acquired attribute information of the client.
By acquiring the attribute information of the client to match the authentication component supported by the client, an authentication mode suitable for the environment of different clients can be provided, and the stability of the authentication process is ensured.
In this case, the target authentication component may also be determined by:
step one, acquiring an authentication mode identifier corresponding to an authentication request.
The authentication mode identifier may be used to identify an authentication mode corresponding to the authentication request, and the authentication mode corresponding to the authentication request may be preset by a related technician according to an actual application scenario. In general, the manner in which authentication is required for different services may be different. For example, some services require a user name and password for authentication. Some services require authentication of the certificate number. In addition, the authentication strength required for different services may also be different. For example, businesses related to money or personal privacy typically require a higher authentication strength. Therefore, the service personnel can set correspondingly matched authentication modes for different service personnel in advance.
At this time, after the client initiates the authentication request, the corresponding authentication mode identifier can be obtained in various modes according to the authentication request. For example, the authentication request may carry a service identifier, and a correspondence between the service identifier and the authentication mode identifier is preset. At this time, the service identifier may be used to query the corresponding relationship to obtain the corresponding authentication mode identifier. For another example, the authentication request may directly carry the corresponding authentication mode identifier.
And step two, determining the authentication component indicated by the authentication mode identification as a first authentication component.
In this step, the identified authentication mode may be first obtained, so as to obtain an authentication component corresponding to the authentication mode as a first authentication component. It should be noted that the number of authentication components corresponding to the first authentication component is arbitrary. I.e. the first authentication component may comprise one authentication component or more than two authentication components.
And thirdly, determining an authentication component corresponding to the attribute information of the client from the authentication component set as a second authentication component.
It should be noted that the number of authentication components corresponding to the second authentication component is arbitrary. I.e. the second authentication component may comprise one authentication component or may comprise more than two authentication components.
And step four, determining an intersection of the first authentication component and the second authentication component as a target authentication component.
In this step, an intersection of the first authentication component and the second authentication component may be determined, and the authentication component in the resulting intersection can be taken as the target authentication component. For example, the first authentication component includes an authentication component "a" and an authentication component "B". The second authentication component includes an authentication component "B". At this time, the intersection of the first authentication component and the second authentication component (i.e., authentication component "B") may be determined as the target authentication component.
It should be noted that the number of authentication components corresponding to the target authentication component may also be arbitrary. I.e. the target authentication component may comprise one authentication component or more than two authentication components.
On one hand, service personnel and the like can preset an authentication mode corresponding to an authentication request according to actual service arrangement and the like, so that an authentication component corresponding to the authentication request is obtained, and on the other hand, the authentication component matched with the environment of the client is determined according to the attribute information of the client, and then the target authentication component is obtained through intersection of the authentication components determined in the two modes so as to finish authentication, so that the stability of the authentication process can be further ensured, and the situations that the client cannot support the issued authentication mode or the authentication mode required by the client is absent are avoided.
In some optional implementations of this embodiment, after the target authentication component is obtained, the target authentication component may be sequentially issued to the client in a specified order, so as to sequentially perform authentication in a corresponding authentication manner.
In this case, if the obtained target authentication component includes more than two authentication components, each authentication component may be sequentially issued to the client according to the specified order. The designated sequence can be flexibly set by related technicians according to actual requirements. Correspondingly, the corresponding authentication modes can be sequentially executed according to the issuing sequence of each authentication component so as to finish authentication.
Optionally, after an authentication component is issued, authentication may be performed first according to a corresponding authentication manner, so as to obtain an authentication result. If the authentication result passes, the next authentication component is issued according to the appointed sequence, and so on. If the authentication result is not passed, the subsequent authentication operation can be stopped to avoid unnecessary resource waste.
When the target authentication component comprises a plurality of authentication components, flexible issuing of various authentication components can be realized by freely arranging the issuing sequence of each authentication component, and the flexibility of sequence arrangement of various authentication modes is improved.
With further reference to fig. 3, a timing diagram 300 of one embodiment of an authentication system is shown. The authentication system may include a client and a server.
In step 301, the client may send an authentication request.
In step 302, the server may determine, from the set of pre-configured authentication components, an authentication component matching the client as a target authentication component according to the authentication request.
In this step, the authentication components in the authentication component set are respectively used to implement different authentication modes.
In step 303, the server issues a target authentication component to the client to authenticate according to the corresponding authentication method.
Optionally, the service end may include a business service end and an authentication service end. The service server may be a back-end server that provides various service support for the client. The authentication server may be a server providing an authentication service.
At this time, the client may send an authentication request to the service server, and then the service server forwards the authentication request to the authentication server. Generally, when a client has a service request, a corresponding service request may be sent to a service server, and when a service corresponding to the service request has an authentication requirement, the service request may include an authentication request. The service server may send an authentication request to the authentication server to complete authentication of the client using an authentication component pre-configured by the authentication server.
With continued reference to fig. 4a, a timing diagram of yet another embodiment of an authentication system is shown.
In step 401, the client may initiate a service request to the service server according to an actual requirement. The service server can judge whether the service corresponding to the service request needs to authenticate the client.
For example, when the client needs to open the online wallet, a service request for requesting to open the online wallet may be initiated to the service server. The service server may determine that the service request requires authentication of the client.
In step 402, when determining that the service corresponding to the service request needs to authenticate the client, the service server may send an authentication request to the authentication server according to the service request.
In step 403, the authentication server performs wind control recognition on the client to obtain a recognition result.
In step 404, the authentication server returns the identification result to the service server.
In step 405, the service server returns the identification result to the client.
In step 406, the SDK pre-installed on the client may report the attribute information of the client to the authentication server.
In step 407, the authentication server determines, from the preset set of authentication components, an authentication component corresponding to the attribute information of the client as a target authentication component.
In step 408, the authentication server issues a preset authentication page address to the client.
In step 409, the SDK pre-installed on the client calls the target authentication component to authenticate the client through the authentication page corresponding to the authentication page address.
In step 410, the authentication server notifies the service server of the completion of authentication after the authentication is completed.
In step 411, the service server provides the service required by the client to the client after determining that the client is authenticated.
It should be noted that, in this embodiment, details not described in detail may refer to the related description in the embodiment of fig. 2, and will not be described herein.
With continued reference to fig. 4b, a functional design of an authentication system is shown. As shown in fig. 4b, the authentication server may be used to implement a componentized authentication core system. The modular authentication core system can design an access layer, a service layer and an authentication core monitoring service. The access layer can provide a unified device identification method to the outside to identify clients accessed in various modes.
External services (e.g., foreign platforms, collaborative services, content services, etc.) may access the modular home security kernel system through clients for authentication. Access means include, but are not limited to: h5 pages, mobile native SDKs, PC side and API interfaces, etc. Meanwhile, the access layer can also provide a unified access management platform to the outside so as to realize specific service access management, component routing arrangement management (namely authentication component issuing management) and authentication core component management (namely authentication component set management).
The service layer may provide authentication routing services, i.e. component delivery in combination with client devices, specific policies (e.g. order of delivery, etc.), traffic scenarios, etc. The authentication core component may refer to various components that are respectively used to implement different authentication modes. Such as authentication based on name and certificate number, authentication based on living face swipe, authentication based on certificate photograph, authentication based on payment password, authentication based on mobile phone authentication code, fingerprint authentication, questionnaire authentication, gesture password authentication, authentication based on bank card information, voice recognition authentication, unlocking pattern authentication, and other various authentication tools, etc.
The authentication core monitoring service can provide a buried point module (such as SDK management and the like), a monitoring queue (such as the authentication result of the authentication core component and the like) and early warning (such as abnormal condition reminding and the like). The underlying authentication core channel may refer to various third party services required to enable authentication, including but not limited to: public security network or operator identity inquiry (such as inquiry center, public security institute, middle-business etc.), banking channel (such as banking, networking etc.), short message channel, micro message channel etc.
The beneficial effects that can be achieved by the authentication system of the present disclosure include, but are not limited to: the various authentication modes are respectively packaged into the corresponding authentication components, and the standardized component call is provided, so that the docking difficulty of the various authentication modes can be reduced, the expansion is easy, and the higher expansion cost is not required. Meanwhile, by acquiring and matching the attribute information of the client, the authentication components matched with the environment of the client can be conveniently and uniformly issued, and the convenience of the authentication process is improved. In addition, the issuing sequence of various authentication components can be freely arranged, and the verification sequence of various verification modes can be flexibly controlled. Finally, the method can also provide wind control identification for the client, and realize combined security verification of wind control management and authentication verification.
With further reference to fig. 5, as an implementation of the method shown in the foregoing figures, the present disclosure provides an embodiment of an authentication apparatus, where an embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 5, the authentication apparatus 500 provided in this embodiment includes a receiving unit 501, a determining unit 502, and an authentication unit 503. Wherein the receiving unit 501 is configured to receive an authentication request sent by a client; the determining unit 502 is configured to determine, according to the authentication request, an authentication component matching with the client from a preset authentication component set as a target authentication component, where the authentication components in the authentication component set are respectively used to implement different authentication modes; the authentication unit 503 is configured to issue a target authentication component to the client for authentication in a corresponding authentication manner.
In this embodiment, in the authentication apparatus 500: the specific processes of the receiving unit 501, the determining unit 502 and the authenticating unit 503 and the technical effects thereof may refer to the descriptions related to step 201, step 202 and step 203 in the corresponding embodiment of fig. 2, and are not repeated herein.
In some optional implementations of this embodiment, the authentication apparatus 500 further includes: the identification unit (not shown in the figure) is configured to perform wind control identification on the client to obtain an identification result, wherein the identification result is used for indicating whether the client belongs to a security authentication object; and the above-mentioned determining unit 502 is further configured to: and determining an authentication component matched with the client from a preset authentication component set as a target authentication component according to the authentication request in response to determining that the identification result indicates that the client belongs to the security authentication object.
In some optional implementations of this embodiment, the determining unit 502 is further configured to: acquiring attribute information of a client according to the authentication request; and determining an authentication component matched with the client from the preset authentication component set as a target authentication component according to the attribute information.
In some optional implementations of this embodiment, the determining unit 502 is further configured to: acquiring an authentication mode identifier corresponding to the authentication request, wherein the authentication mode identifier is used for identifying a preset authentication mode corresponding to the authentication request; determining an authentication component corresponding to the authentication mode identifier as a first authentication component; determining an authentication component corresponding to the attribute information from the authentication component set as a second authentication component; an intersection of the first authentication component and the second authentication component is determined as a target authentication component.
In some optional implementations of this embodiment, the authentication unit 503 is further configured to: and sequentially issuing target authentication components to the client according to the appointed sequence so as to sequentially authenticate according to the corresponding authentication mode.
The device provided by the embodiment of the disclosure receives the authentication request sent by the client through the receiving unit; the determining unit determines an authentication component matched with the client from a preset authentication component set as a target authentication component according to the authentication request, wherein the authentication components in the authentication component set are respectively used for realizing different authentication modes; the authentication unit issues the target authentication component to the client to authenticate according to the corresponding authentication mode, and the corresponding authentication component can be formed by packaging various authentication modes, so that various services can be authenticated in the authentication mode required by rapid docking, the difficulty of authentication docking is reduced, and the convenience of authentication is improved.
Referring now to fig. 6, a schematic diagram of an electronic device (e.g., server in fig. 1) 600 suitable for use in implementing embodiments of the present disclosure is shown. The server illustrated in fig. 6 is merely an example, and should not be construed as limiting the functionality and scope of use of the embodiments of the present disclosure in any way.
As shown in fig. 6, the electronic device 600 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 601, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage means 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data required for the operation of the electronic apparatus 600 are also stored. The processing device 601, the ROM 602, and the RAM 603 are connected to each other through a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
In general, the following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, and the like; an output device 607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 608 including, for example, magnetic tape, hard disk, etc.; and a communication device 609. The communication means 609 may allow the electronic device 600 to communicate with other devices wirelessly or by wire to exchange data. While fig. 6 shows an electronic device 600 having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead. Each block shown in fig. 6 may represent one device or a plurality of devices as needed.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via communication means 609, or from storage means 608, or from ROM 602. The above-described functions defined in the methods of the embodiments of the present disclosure are performed when the computer program is executed by the processing means 601.
It should be noted that, the computer readable medium according to the embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In an embodiment of the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. Whereas in embodiments of the present disclosure, the computer-readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave, with computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: receiving an authentication request sent by a client; according to the authentication request, determining an authentication component matched with the client from a preset authentication component set as a target authentication component, wherein the authentication components in the authentication component set are respectively used for realizing different authentication modes; and issuing the target authentication component to the client to authenticate according to a corresponding authentication mode.
Computer program code for carrying out operations of embodiments of the present disclosure may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments described in the present disclosure may be implemented by means of software, or may be implemented by means of hardware. The described units may also be provided in a processor, for example, described as: a processor includes a receiving unit, a determining unit, and an authenticating unit. The names of these units do not in some way constitute a limitation of the unit itself, for example, a receiving unit may also be described as "receiving a unit sent by a client".
The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of the above technical features, but encompasses other technical features formed by any combination of the above technical features or their equivalents without departing from the spirit of the invention. Such as the above-described features, are mutually substituted with (but not limited to) the features having similar functions disclosed in the embodiments of the present disclosure.
Claims (10)
1. An authentication method comprising:
receiving an authentication request sent by a client;
according to the authentication request, determining an authentication component matched with the client from a preset authentication component set as a target authentication component, wherein the authentication components in the authentication component set are respectively used for realizing different authentication modes;
and issuing the target authentication component to the client to authenticate according to a corresponding authentication mode.
2. The method of claim 1, wherein after the receiving the authentication request sent by the client, the method further comprises:
performing wind control identification on the client to obtain an identification result, wherein the identification result is used for indicating whether the client belongs to a security authentication object; and
the step of determining the authentication component matched with the client from the preset authentication component set as a target authentication component according to the authentication request comprises the following steps:
and in response to determining that the identification result indicates that the client belongs to a secure authentication object, determining an authentication component matched with the client from a preset authentication component set as a target authentication component according to the authentication request.
3. The method of claim 1, wherein the determining, from the set of pre-configured authentication components, an authentication component matching the client as a target authentication component according to the authentication request, comprises:
acquiring attribute information of the client according to the authentication request;
and determining an authentication component matched with the client from a preset authentication component set as a target authentication component according to the attribute information.
4. A method according to claim 3, wherein the method further comprises:
acquiring an authentication mode identifier corresponding to the authentication request, wherein the authentication mode identifier is used for identifying a preset authentication mode corresponding to the authentication request;
determining an authentication component corresponding to the authentication mode identifier as a first authentication component; and
the determining, according to the attribute information, an authentication component matched with the client from a preset authentication component set as a target authentication component, including:
determining an authentication component corresponding to the attribute information from the authentication component set as a second authentication component;
and determining an intersection of the first authentication component and the second authentication component as a target authentication component.
5. The method according to one of claims 1-4, wherein said issuing the target authentication component to the client for authentication in a corresponding authentication manner comprises:
and sequentially issuing the target authentication components to the client according to the appointed sequence so as to sequentially authenticate according to the corresponding authentication mode.
6. An authentication system comprises a client and a server;
the client is used for sending an authentication request;
the server side is used for determining an authentication component matched with the client side from a preset authentication component set as a target authentication component according to the authentication request, wherein the authentication components in the authentication component set are respectively used for realizing different authentication modes; and issuing the target authentication component to the client to authenticate according to a corresponding authentication mode.
7. The system of claim 6, wherein the service end comprises a business service end and an authentication service end; and
the client is also used for sending an authentication request to the business server;
the business server side is used for sending the received authentication request to the authentication server side;
the authentication server is used for transmitting the target authentication component to the business server.
8. An authentication apparatus comprising:
a receiving unit configured to receive an authentication request sent by a client;
a determining unit configured to determine, according to the authentication request, an authentication component matching with the client from a preset authentication component set as a target authentication component, where the authentication components in the authentication component set are respectively used to implement different authentication modes;
and the authentication unit is configured to issue the target authentication component to the client to authenticate according to a corresponding authentication mode.
9. A server, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
when executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-5.
10. A computer readable medium having stored thereon a computer program, wherein the program when executed by a processor implements the method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310672769.7A CN116702108A (en) | 2023-06-07 | 2023-06-07 | Authentication method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310672769.7A CN116702108A (en) | 2023-06-07 | 2023-06-07 | Authentication method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116702108A true CN116702108A (en) | 2023-09-05 |
Family
ID=87836859
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310672769.7A Pending CN116702108A (en) | 2023-06-07 | 2023-06-07 | Authentication method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116702108A (en) |
-
2023
- 2023-06-07 CN CN202310672769.7A patent/CN116702108A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9407622B2 (en) | Methods and apparatus for delegated authentication token retrieval | |
| CN111160845B (en) | Service processing method and device | |
| CN110515678B (en) | Information processing method, equipment and computer storage medium | |
| EP3073671A1 (en) | System and method enabling multiparty and multi level authorizations for accessing confidential information | |
| JP6979966B2 (en) | Account linking and service processing Providing methods and devices | |
| CN108965250B (en) | Digital certificate installation method and system | |
| US11818282B2 (en) | Non-verbal sensitive data authentication | |
| US20180293580A1 (en) | Systems and methods for processing an access request | |
| US20220164789A1 (en) | Location based wallets | |
| WO2023241060A1 (en) | Data access method and apparatus | |
| US10218700B2 (en) | Authorizations for computing devices to access a protected resource | |
| CN113572763B (en) | Data processing method and device, electronic equipment and storage medium | |
| WO2017076202A1 (en) | Smart card, mobile terminal, and method for using smart card to implement network identity authentication | |
| CN114462989A (en) | Method, device and system for starting digital currency hardware wallet application | |
| CN117172786A (en) | Identity authentication method, device, equipment, medium and program product | |
| CN116702108A (en) | Authentication method, device and system | |
| US9258417B2 (en) | Interconnected voice response units | |
| CN111598544A (en) | Method and apparatus for processing information | |
| CN112270424A (en) | Order processing method and device, electronic equipment and storage medium | |
| CN115085997B (en) | Open authorization method and device | |
| CN113641966B (en) | Application integration method, system, equipment and medium | |
| CN111131438B (en) | Method and apparatus for accessing block chains | |
| CN114240437A (en) | Service processing method, service processing device, electronic equipment and readable storage medium | |
| CN117220924A (en) | System authority control method, device and system | |
| WO2023069505A1 (en) | Non-transferable token |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |