CN111343168B

Movatterモバイル変換

Info

Publication number: CN111343168B
Application number: CN202010102388.1A
Authority: CN
Inventors: 李正航; 艾文敏
Original assignee: OneConnect Financial Technology Co Ltd Shanghai
Current assignee: OneConnect Financial Technology Co Ltd Shanghai
Priority date: 2020-02-19
Filing date: 2020-02-19
Publication date: 2022-01-28
Anticipated expiration: 2040-02-19
Also published as: WO2021164459A1; CN111343168A

Abstract

Translated fromChinese

本发明公开了一种身份验证的方法、装置、计算机设备及可读存储介质，该方法包括：接收由访问端发送来的访问请求；其中，所述访问请求包括：验证码、被访问端信息；判断所述验证码是否有效，并在所述验证码有效的情况下从本地数据库中查找到与所述验证码对应的访问权限级别；判断在与所述访问权限级别对应的权限列表中是否包含所述被访问端信息；当在所述权限列表中包含所述被访问端信息时，从与所述被访问端信息对应的密码数据库中获取与所述访问权限级别对应的登录密码信息；将所述登录密码信息发送至与所述访问请求对应的被访问端，以利用所述登录密码信息登录所述被访问端；本发明可以简化登录流程，提高访问安全性。

The invention discloses a method, device, computer equipment and readable storage medium for identity verification. The method includes: receiving an access request sent by an access terminal; wherein, the access request includes: verification code, information of the accessed terminal ; Judging whether the verification code is valid, and finding the access authority level corresponding to the verification code from the local database when the verification code is valid; Judging whether in the authority list corresponding to the access authority level Including the accessed terminal information; when the accessed terminal information is included in the permission list, obtain the login password information corresponding to the access authority level from the password database corresponding to the accessed terminal information; The login password information is sent to the accessed terminal corresponding to the access request, so as to use the login password information to log in to the accessed terminal; the present invention can simplify the login process and improve the access security.

Description

Identity authentication method and device, computer equipment and readable storage medium

Technical Field

The invention relates to the technical field of internet, in particular to an identity authentication method, an identity authentication device, computer equipment and a readable storage medium.

Background

With the continuous development of internet technology, enterprises generally need to interface multiple business systems to implement different business operations, for example, enterprises in the financial industry need to interface multiple business systems for product management, instruction management, wind control compliance management, financial management, and the like; however, each business system has different login entries, the user terminal in the enterprise needs to use different business systems through frequent login operations, the identity authentication modes of each business system are different, and the user terminal in the enterprise needs to acquire login account information of each business system; therefore, how to simplify the complexity of the user terminal accessing each service system and ensure the security of the user terminal accessing the service system by the enterprise becomes a technical problem which needs to be solved urgently.

Disclosure of Invention

The invention aims to provide an identity authentication method, an identity authentication device, computer equipment and a readable storage medium, which can simplify a login process and improve access security.

According to an aspect of the present invention, there is provided an identity authentication method, specifically including the steps of:

receiving an access request sent by an access terminal; wherein the access request comprises: verification code and accessed terminal information;

judging whether the verification code is valid or not, and searching the access authority level corresponding to the verification code from a local database under the condition that the verification code is valid;

judging whether the access terminal information is contained in a permission list corresponding to the access permission level;

when the access terminal information is contained in the authority list, obtaining login password information corresponding to the access authority level from a password database corresponding to the access terminal information;

and sending the login password information to an accessed terminal corresponding to the access request so as to log in the accessed terminal by utilizing the login password information.

Optionally, before the receiving the access request sent by the access terminal, the method further includes:

receiving platform registration information sent by the access terminal; wherein the platform registration information includes: login account information and user basic information;

generating the verification code according to the login account information, and determining the access authority level according to the user basic information;

and storing the verification code and the access authority level into the local database, and sending the verification code to the access terminal.

Optionally, the determining whether the verification code is valid specifically includes:

and when the verification code exists in the local database and the time interval between the first time for storing the verification code and the second time for receiving the access request is less than a preset threshold value, judging that the verification code is valid.

Optionally, the method further includes:

sending invitation information to the accessed terminal through a preset interface, and receiving connection establishment approval information fed back by the accessed terminal through the preset interface;

and configuring a database according to the connection establishment agreement information to provide an access entrance for accessing the accessed terminal.

Optionally, after the access terminal successfully logs in the access terminal, the method further includes:

obtaining event information to be handled and reminding event information from the accessed terminal; wherein the event information to be handled includes: the event reminding method comprises the following steps of obtaining information of the number of events to be handled, name information of the events to be handled and skip link information of the events to be handled, wherein the reminding event information comprises: reminding event number information, reminding event name information and reminding event skip link information;

and displaying the information of the event to be handled and the information of the reminding event through a display interface.

According to another aspect of the present invention, there is also provided an identity verification apparatus, which specifically includes the following components:

the receiving module is used for receiving the access request sent by the access terminal; wherein the access request comprises: verification code and accessed terminal information;

the searching module is used for judging whether the verification code is valid or not and searching the access authority level corresponding to the verification code from a local database under the condition that the verification code is valid;

the judging module is used for judging whether the access terminal information is contained in the authority list corresponding to the access authority level;

the acquisition module is used for acquiring login password information corresponding to the access authority level from a password database corresponding to the accessed terminal information when the authority list contains the accessed terminal information;

and the sending module is used for sending the login password information to an accessed terminal corresponding to the access request so as to log in the accessed terminal by using the login password information.

Optionally, the apparatus further comprises:

the processing module is used for receiving the platform registration information sent by the access terminal; wherein the platform registration information includes: login account information and user basic information; generating the verification code according to the login account information, and determining the access authority level according to the user basic information; and storing the verification code and the access authority level into the local database, and sending the verification code to the access terminal.

Optionally, the determining module is specifically configured to:

According to another aspect of the present invention, there is also provided a computer device, specifically including: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method of authentication described above when executing the program.

According to another aspect of the present invention, there is also provided a computer readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the steps of the method of authentication described above.

According to the identity authentication method, the identity authentication device, the computer equipment and the readable storage medium, the access terminal can access each service system through the integrated platform integrating each service system, so that unified access entries of different service systems are realized, and the tedious work of repeatedly accessing each service system is reduced; the invention provides a unified identity verification mechanism, realizes the function of repeated authentication of once login, and greatly reduces the maintenance cost of identity verification. In addition, the invention can also improve the safety of identity authentication.

Drawings

Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:

fig. 1 is a schematic flow chart of an alternative method for authentication according to an embodiment;

fig. 2 is a schematic diagram of an alternative program module of the apparatus for identity authentication according to the third embodiment;

fig. 3 is a schematic diagram of an alternative hardware architecture of the computer device according to the fourth embodiment.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Example one

The embodiment of the invention provides an identity authentication method, which is applied to a financial-industry resource management integrated platform, and as shown in figure 1, the identity authentication method specifically comprises the following steps:

step S101: receiving an access request sent by an access terminal; wherein the access request comprises: verification code, accessed terminal information.

In this embodiment, the resource management integrated platform is an integrated platform integrating a plurality of resource management service systems; the access terminal is a user terminal used for accessing each resource management service system through the resource management integrated platform; each of the asset management service systems integrated in the asset management integration platform can be regarded as a visited end. Preferably, the accessed terminal information is the IP address information or the ID information of the accessed terminal;

specifically, before the receiving the access request sent by the access terminal, the method further includes:

step A1: receiving platform registration information sent by the access terminal; wherein the platform registration information includes: login account information and user basic information;

when a user logs in the resource management integration platform for the first time through the access terminal, a registration operation is required; in the registration operation process, the user needs to log in the resource management integration platform by using the login account information and report the basic information of the user.

Preferably, the user level information includes: the system comprises user current network environment information, user affiliated department information and user position information.

Step A2: generating the verification code according to the login account information, and determining the access authority level according to the user basic information;

preferably, the access right level includes: high, medium, low; the higher the access authority level is, the more the number of the accessed terminals accessible by the access terminal is; in step a2, the access right level may be determined according to a preset algorithm based on the current network environment information of the user, the department information of the user, and the position information of the user.

Step A3: and storing the verification code and the access authority level into a local database, and sending the verification code to the access terminal.

Step S102: and judging whether the verification code is valid or not, and searching the access authority level corresponding to the verification code from the local database under the condition that the verification code is valid.

Specifically, the determining whether the verification code is valid specifically includes:

In the application, the verification code has timeliness, and after the verification code is expired, a new verification code needs to be distributed to the user again, so that the safety of the resource management integration platform is improved.

Step S103: and judging whether the access terminal information is contained in the authority list corresponding to the access authority level.

Specifically, the method further comprises:

respectively setting a corresponding authority list for each access authority level; each permission list contains accessed terminal information which can be accessed by the corresponding access permission level.

In this embodiment, different users have different access right levels, and the types of accessed terminals that can be accessed by the users are limited by setting the access right levels of the users.

Step S104: and when the access terminal information is contained in the authority list, obtaining login password information corresponding to the access authority level from a password database corresponding to the access terminal information.

Specifically, the method further comprises:

respectively setting a corresponding password database for each accessed terminal information, and respectively setting corresponding login password information for each access authority level in each password database; and the access right of the user in the accessed terminal is limited by different login password information.

Step S105: and sending the login password information to the access terminal so that the access terminal can log in the accessed terminal by using the login password information.

In this embodiment, the identity of the user is verified through the verification code, whether the user can access the accessed terminal is judged according to the access authority level, and finally the user logs in the accessed terminal through the login password information corresponding to the access authority level.

Specifically, the method further comprises:

In this embodiment, the asset management integration platform integrates access portals of various types of asset management service systems (i.e., accessed terminals), and a user can access each asset management service system through the asset management integration platform.

Further, after the access terminal successfully logs in the access terminal, the method further includes:

In this embodiment, the user can visually check the backlog and the reminder in each asset management service system, and quickly access the detailed data through the backlog link and the reminder link.

Example two

The embodiment of the invention provides an identity authentication method, which is applied to a resource management integration platform, wherein the resource management integration platform integrates various resource management service systems, and an access terminal can access the various resource management service systems through the resource management integration platform; specifically, the asset management integration platform comprises: the system comprises a user interaction module, an identity authentication module and a service module; the user interaction module is connected with the access terminal, so that the access terminal can log in the resource management integration platform through the user interaction module; the identity authentication module is used for performing identity authentication and authority authentication on the user logging in the resource management integration platform, and only the user who passes the identity authentication and has corresponding authority can access the corresponding service module through the resource management integration platform; each service module corresponds to a resource management service system, and the service module comprises: the system comprises a product management module, an instruction management module, a wind control compliance management module, a combination management module and a financial management module.

The identity authentication method specifically comprises the following steps:

step S201: the user interaction module receives a service access request from an access terminal and judges whether the service access request contains a verification code;

if yes, go to step S202; if not, a rejection request message is sent to the access terminal.

The service access request is information which is input by a user on the access terminal and is used for requesting a certain service operation; the service access request comprises: the method comprises the steps of verifying codes, service module information to be accessed by a user and service information to be executed by the user;

it should be noted that the service module information in this embodiment is equivalent to the visited end information in the first embodiment, and the service module in this embodiment is equivalent to the visited end in the first embodiment.

Specifically, before step S201, the method further includes:

step A1: the user interaction module receives platform registration information sent by the access terminal and sends the platform registration information to the identity verification module; wherein the platform registration information includes: login account information and user basic information;

step A2: the identity authentication module generates the authentication code according to the login account information and determines the access authority level according to the user basic information;

step A3: the identity authentication module stores the authentication code and the access authority level into a local database and sends the authentication code to the user interaction module;

step A4: and the user interaction module sends the verification code to the access terminal.

Specifically, the access terminal stores the authentication information into a cookie when receiving the authentication code.

In this embodiment, when an access terminal logs in the resource management integration platform for the first time, registration is required to be performed, so that the resource management integration platform generates a verification code for the access terminal.

Step S202: and the user interaction module sends the verification code and the service module information in the service access request to the identity verification module.

Step S203: the identity authentication module judges whether the authentication code is valid, if so, the step S204 is executed; if not, sending authentication failure information to the user interaction module, so that the user interaction module sends an access refusing message to the access terminal when receiving the authentication failure information.

Specifically, the method further comprises:

in step a3, the authentication module stores the first time at which the authentication information was formed in the local database.

Further, in step S203, the identity authentication module obtains a second time when the identity authentication module is received, and determines whether a time interval between the second time and the first time is smaller than a preset threshold, if so, sends a verification failure message to the user interaction module, and if not, determines that the verification code is valid.

In this embodiment, a unique verification code is generated for each user logging in the resource management integration platform, and when the user needs to access any service module through the resource management integration platform, the user interaction module sends the verification code of the user to the identity verification module to verify the identity verification information of the user; in this embodiment, when a user logs in the resource management integration platform for the first time, the identity authentication module may assign an authentication code to the user, and after obtaining the authentication code, the user may access the service module through the resource management integration platform within a set time period.

Step S204: the identity authentication module searches an access authority level corresponding to the authentication code from a local database and judges whether the service module information is contained in an authority list corresponding to the access authority level; if so, executing step S205, otherwise, sending verification failure information to the user interaction module, so that the user interaction module sends a message of denying access to the access terminal when receiving the verification failure information.

Specifically, before step S204, a corresponding permission list is set in the identity authentication module for each access permission level; each permission list contains the service module information which can be accessed by the corresponding access permission level.

In this embodiment, different users have different access right levels, and the types of service modules that can be accessed by the users are limited by setting the access right levels of the users.

Step S205: and the identity authentication module acquires login password information corresponding to the access authority level from a password database corresponding to the service module information.

Specifically, before step S205, the method further includes: the identity authentication module sets a corresponding password database for each service module respectively, and sets corresponding login password information for each access authority level in the password database of each service module respectively; and limiting the access right of the user in the service module through different login password information.

In this embodiment, the identity authentication module authenticates the identity of the user through the authentication code, determines whether the user can access the service module according to the access permission level, and finally logs in the service module through login password information corresponding to the access permission level.

Step S206: and the identity authentication module sends the login password information to a service module corresponding to the service module information so as to login the service module, thereby executing corresponding resource management service according to the service information.

Specifically, the resource management integration platform further comprises: building a connecting module; the connection module is used for establishing the connection between the resource management integration platform and each resource management service system, and therefore, the method further comprises the following steps:

step B1: the building module sends invitation information to each resource management service system which needs to be integrated in the resource management integration platform through an HTTP API (hyper text transport protocol API) interface;

step B2: the connection establishing module receives connection establishing agreement information fed back by each resource management service system through an HTTP API;

wherein the connection establishment agreement information comprises: service module name information, service module access authority information, and service module access address information.

Step B3: and the connection module performs database configuration according to the connection agreement information so as to provide an access entrance for accessing each resource management service system in the resource management integration platform.

Further, the resource management integration platform further comprises: the display module is used for acquiring the information of the event to be handled and the information of the reminding event from the service module after the access terminal successfully logs in the service module; wherein the event information to be handled includes: the event reminding method comprises the following steps of obtaining information of the number of events to be handled, name information of the events to be handled and skip link information of the events to be handled, wherein the reminding event information comprises: reminding event number information, reminding event name information and reminding event skip link information; and sending the to-do time information and the reminding event information to the access terminal so that the access terminal can display the to-do event information and the reminding event information through a display interface.

In this embodiment, the resource management integration platform provides a universal interface based on an OpenAPI for each resource management service system, so that all the resource management service systems of the B/S architecture can be accessed to the resource management integration platform; in addition, the resource management integrated platform provides access entries of all resource management service systems for users in a unified mode through the user interaction module, and displays the information of events to be handled and the information of reminding events of all the resource management service systems for the users through the user interaction module, so that the users can access all the service modules through the user interaction module and check all the events to be handled and all the reminding events.

EXAMPLE III

The embodiment of the invention provides an identity authentication device, which is applied to a resource management integrated platform, and as shown in fig. 2, the identity authentication device specifically comprises the following components:

a receiving module 301, configured to receive an access request sent by an access terminal; wherein the access request comprises: verification code, accessed terminal information.

Specifically, the apparatus further comprises:

The searching module 302 is configured to determine whether the verification code is valid, and search, in a local database, an access permission level corresponding to the verification code when the verification code is valid.

Specifically, the search module 302 is specifically configured to:

The judging module 303 is configured to judge whether the authority list corresponding to the access authority level includes the accessed terminal information.

An obtaining module 304, configured to, when the authority list includes the accessed terminal information, obtain login password information corresponding to the access authority level from a password database corresponding to the accessed terminal information.

A sending module 305, configured to send the login password information to the access end, so that the access end logs in the accessed end by using the login password information.

Specifically, the apparatus further comprises:

the integrated module is used for sending invitation information to the accessed terminal through a preset interface and receiving connection establishment approval information fed back by the accessed terminal through the preset interface; and configuring a database according to the connection establishment agreement information to provide an access entrance for accessing the accessed terminal.

Further, the apparatus further comprises:

the display module is used for acquiring information of events to be handled and information of reminding events from the accessed terminal after the accessed terminal successfully logs in the accessed terminal; wherein the event information to be handled includes: the event reminding method comprises the following steps of obtaining information of the number of events to be handled, name information of the events to be handled and skip link information of the events to be handled, wherein the reminding event information comprises: reminding event number information, reminding event name information and reminding event skip link information; and displaying the information of the event to be handled and the information of the reminding event through a display interface.

Example four

The embodiment also provides a computer device, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a rack server, a blade server, a tower server or a rack server (including an independent server or a server cluster composed of a plurality of servers) capable of executing programs, and the like. As shown in fig. 3, the computer device 40 of the present embodiment at least includes but is not limited to: amemory 401, a processor 402, which may be communicatively coupled to each other via a system bus. It is noted that FIG. 3 only shows the computer device 40 havingcomponents 401 and 402, but it is understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead.

In this embodiment, the memory 401 (i.e., a readable storage medium) includes a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, thestorage 401 may be an internal storage unit of the computer device 40, such as a hard disk or a memory of the computer device 40. In other embodiments, thememory 401 may also be an external storage device of the computer device 40, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the computer device 40. Of course, thememory 401 may also include both internal and external storage devices for the computer device 40. In the present embodiment, thememory 401 is generally used for storing an operating system installed in the computer device 40 and various types of application software, such as program codes of the apparatus for implementing authentication in the third embodiment. Further, thememory 401 may also be used to temporarily store various types of data that have been output or are to be output.

Processor 402 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 402 is generally operative to control the overall operation of the computer device 40.

Specifically, in this embodiment, the processor 402 is configured to execute the program of the method for authentication stored in the processor 402, and the program of the method for authentication implements the following steps when executed:

The specific embodiment process of the above method steps can be referred to in the first embodiment, and the detailed description of this embodiment is not repeated here.

EXAMPLE five

The present embodiments also provide a computer readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application mall, etc., having stored thereon a computer program that when executed by a processor implements the method steps of:

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.

Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner.

The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.