CN114329386A

Movatterモバイル変換

Info

Publication number: CN114329386A
Application number: CN202111628148.6A
Authority: CN
Inventors: 董洪伟
Original assignee: Secworld Information Technology Beijing Co Ltd; Qax Technology Group Inc
Current assignee: Secworld Information Technology Beijing Co Ltd; Qax Technology Group Inc
Priority date: 2021-12-28
Filing date: 2021-12-28
Publication date: 2022-04-12
Anticipated expiration: 2041-12-28
Also published as: CN114329386B

Abstract

The invention discloses a user identity authentication method, a user identity authentication device, computing equipment and a computer storage medium. The method comprises the following steps: receiving a user identity authentication request sent by a user terminal; acquiring service use data of a user terminal in a first historical time window; determining an authentication mode corresponding to the user identity authentication request according to the service use data; wherein, the authentication mode includes: at least one of local database authentication and unified identity authentication. The scheme avoids the technical defects of high load of the authentication end and slow or impossible processing of the authentication request caused by the authentication of a single authentication end, and improves the stability of the authentication service; and the scheme acquires and determines the authentication mode corresponding to the user identity authentication request according to the service use data of the request initiating end, so that the matching degree of the authentication mode and the user identity authentication request can be improved, and the authentication efficiency and the authentication precision are improved.

Description

Translated fromChinese

用户身份认证方法、装置、计算设备及计算机存储介质User identity authentication method, device, computing device and computer storage medium

技术领域technical field

本发明涉及数据安全技术领域，具体涉及一种用户身份认证方法、装置、计算设备及计算机存储介质。The present invention relates to the technical field of data security, in particular to a user identity authentication method, device, computing device and computer storage medium.

背景技术Background technique

随着科技及社会的不断发展，互联网产品提供的业务服务极大丰富了人们的工作与生活。为了保障用户数据安全以及业务服务的稳定运行，通常在用户使用业务服务之前需对用户进行身份认证。With the continuous development of technology and society, the business services provided by Internet products have greatly enriched people's work and life. In order to ensure the security of user data and the stable operation of business services, it is usually necessary to authenticate users before using business services.

然而，发明人在实施过程中发现，现有技术中存在如下缺陷：现有的用户身份认证方式是：将接收到的用户身份认证请求发送给一个身份认证系统。采用该种方式，在请求频次较高时，会导致该身份认证系统负荷较高，造成认证延迟或无法认证的弊端，认证服务稳定性差。However, the inventor found in the implementation process that the existing technology has the following defects: the existing user identity authentication method is to send the received user identity authentication request to an identity authentication system. In this way, when the request frequency is high, the load of the identity authentication system will be high, resulting in the disadvantages of delayed or unauthenticated authentication, and poor stability of the authentication service.

发明内容SUMMARY OF THE INVENTION

鉴于上述问题，提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的用户身份认证方法、装置、计算设备及计算机存储介质In view of the above problems, the present invention is proposed to provide a user identity authentication method, device, computing device and computer storage medium that overcome the above problems or at least partially solve the above problems

根据本发明的第一方面，提供了一种用户身份认证方法，包括：According to a first aspect of the present invention, a user identity authentication method is provided, comprising:

接收用户终端发送的用户身份认证请求；Receive the user identity authentication request sent by the user terminal;

获取所述用户终端在第一历史时间窗口内的业务服务使用数据；acquiring business service usage data of the user terminal within the first historical time window;

根据所述业务服务使用数据确定所述用户身份认证请求对应的认证方式；Determine the authentication mode corresponding to the user identity authentication request according to the business service usage data;

其中，所述认证方式包括：本地数据库认证和统一身份认证中的至少一种。Wherein, the authentication method includes at least one of local database authentication and unified identity authentication.

在一种可选的实施方式中，所述根据所述业务服务使用数据确定所述用户身份认证请求对应的认证方式进一步包括：In an optional implementation manner, the determining, according to the business service usage data, the authentication mode corresponding to the user identity authentication request further includes:

确定所述统一身份认证对应的目标业务服务；determining the target business service corresponding to the unified identity authentication;

判断所述业务服务使用数据中是否存在多个不同的目标业务服务的使用记录；Judging whether there are usage records of multiple different target business services in the business service usage data;

若是，则确定所述用户身份认证请求对应的认证方式为统一身份认证。If so, it is determined that the authentication method corresponding to the user identity authentication request is unified identity authentication.

若所述业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则随机从本地数据库认证和统一身份认证中选取一个认证方式作为所述用户身份认证请求对应的认证方式。If there are no usage records of multiple different target business services in the business service usage data, an authentication method is randomly selected from the local database authentication and unified identity authentication as the authentication method corresponding to the user identity authentication request.

若所述业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则统计第二历史时间窗口内认证方式为统一身份认证的用户身份认证请求的第一数量；If there are no usage records of multiple different target business services in the business service usage data, count the first number of user identity authentication requests whose authentication mode is unified identity authentication in the second historical time window;

若所述第一数量大于第一预设数量，则将所述用户身份认证请求对应的认证方式确定为本地数据库认证；若所述第一数量小于或等于第一预设数量，则将用户身份认证请求对应的认证方式确定为统一身份认证。If the first number is greater than the first preset number, the authentication method corresponding to the user identity authentication request is determined to be local database authentication; if the first number is less than or equal to the first preset number, the user identity The authentication method corresponding to the authentication request is determined as unified identity authentication.

若所述业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则统计第二历史时间窗口内认证方式为本地数据库认证的用户身份认证请求的第二数量；If there are no usage records of multiple different target business services in the business service usage data, then count the second number of user identity authentication requests whose authentication mode is the local database authentication in the second historical time window;

若所述第二数量大于第二预设数量，则将所述用户身份认证请求对应的认证方式确定为统一身份认证；若所述第二数量小于或等于第二预设数量，则将所述用户身份认证请求对应的认证方式确定为本地数据库认证。If the second number is greater than the second preset number, the authentication method corresponding to the user identity authentication request is determined to be unified identity authentication; if the second number is less than or equal to the second preset number, the The authentication method corresponding to the user identity authentication request is determined to be local database authentication.

在一种可选的实施方式中，在所述接收用户终端发送的用户身份认证请求之后，所述方法还包括：In an optional implementation manner, after receiving the user identity authentication request sent by the user terminal, the method further includes:

判断第三历史时间窗口内接收到的用户身份认证请求的第三数量是否大于或等于第三预设数量；Determine whether the third number of user identity authentication requests received within the third historical time window is greater than or equal to the third preset number;

若是，则向所述用户终端反馈当前无法认证的提示信息。If yes, then feed back to the user terminal prompt information that the authentication cannot be currently performed.

在一种可选的实施方式中，在所述根据所述业务服务使用数据确定所述用户身份认证请求对应的认证方式之后，所述方法还包括：In an optional implementation manner, after determining the authentication mode corresponding to the user identity authentication request according to the business service usage data, the method further includes:

若所述用户身份认证请求对应的认证方式为本地数据库认证，则将所述用户身份认证请求发送至本地数据库，并将所述本地数据库反馈的认证结果发送至所述用户终端。If the authentication method corresponding to the user identity authentication request is local database authentication, the user identity authentication request is sent to the local database, and the authentication result fed back by the local database is sent to the user terminal.

在一种可选的实施方式中，所述方法还包括：In an optional embodiment, the method further includes:

若所述本地数据库反馈的认证结果为认证失败，则将所述用户身份认证请求发送至统一身份认证服务器，并将统一身份认证服务器反馈的认证结果发送至所述用户终端。If the authentication result fed back by the local database is an authentication failure, the user identity authentication request is sent to the unified identity authentication server, and the authentication result fed back by the unified identity authentication server is sent to the user terminal.

若所述用户身份认证请求对应的认证方式为统一身份认证，则将所述用户身份认证请求发送至统一身份认证服务器，并将所述统一身份认证服务器反馈的认证结果发送至所述用户终端。If the authentication method corresponding to the user identity authentication request is unified identity authentication, the user identity authentication request is sent to the unified identity authentication server, and the authentication result fed back by the unified identity authentication server is sent to the user terminal.

若所述统一身份认证服务器反馈的认证结果为认证失败，则将所述用户身份认证请求发送至本地数据库，并将本地数据库反馈的认证结果发送至所述用户终端。If the authentication result fed back by the unified identity authentication server is authentication failure, the user identity authentication request is sent to the local database, and the authentication result fed back by the local database is sent to the user terminal.

在一种可选的实施方式中，所述统一身份认证为LADP认证。In an optional implementation manner, the unified identity authentication is LADP authentication.

根据本发明的第二方面，提供了一种用户身份认证装置，包括：According to a second aspect of the present invention, a user identity authentication device is provided, comprising:

接收模块，用于接收用户终端发送的用户身份认证请求；a receiving module, configured to receive a user identity authentication request sent by the user terminal;

获取模块，用于获取所述用户终端在第一历史时间窗口内的业务服务使用数据；an acquisition module, configured to acquire business service usage data of the user terminal within the first historical time window;

确定模块，用于根据所述业务服务使用数据确定所述用户身份认证请求对应的认证方式；a determining module, configured to determine the authentication mode corresponding to the user identity authentication request according to the business service usage data;

在一种可选的实施方式中，确定模块进一步用于：确定所述统一身份认证对应的目标业务服务；In an optional implementation manner, the determining module is further configured to: determine the target business service corresponding to the unified identity authentication;

在一种可选的实施方式中，确定模块进一步用于：若所述业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则随机从本地数据库认证和统一身份认证中选取一个认证方式作为所述用户身份认证请求对应的认证方式。In an optional implementation manner, the determining module is further configured to: if there are no usage records of multiple different target business services in the business service usage data, randomly select one from the local database authentication and unified identity authentication The authentication mode is used as the authentication mode corresponding to the user identity authentication request.

在一种可选的实施方式中，确定模块进一步用于：若所述业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则统计第二历史时间窗口内认证方式为统一身份认证的用户身份认证请求的第一数量；In an optional implementation manner, the determining module is further configured to: if there are no usage records of multiple different target business services in the business service usage data, count the authentication method as unified identity in the second historical time window The first number of authenticated user identity authentication requests;

在一种可选的实施方式中，确定模块进一步用于：若所述业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则统计第二历史时间窗口内认证方式为本地数据库认证的用户身份认证请求的第二数量；In an optional implementation manner, the determining module is further configured to: if there are no usage records of multiple different target business services in the business service usage data, count the authentication method in the second historical time window as the local database the second number of authenticated user identity authentication requests;

在一种可选的实施方式中，所述装置还包括：提示模块，用于在所述接收用户终端发送的用户身份认证请求之后，判断第三历史时间窗口内接收到的用户身份认证请求的第三数量是否大于或等于第三预设数量；In an optional implementation manner, the apparatus further includes: a prompting module, configured to, after receiving the user identity authentication request sent by the user terminal, determine whether the user identity authentication request received within the third historical time window is Whether the third quantity is greater than or equal to the third preset quantity;

在一种可选的实施方式中，所述装置还包括发送模块，用于若所述用户身份认证请求对应的认证方式为本地数据库认证，则将所述用户身份认证请求发送至本地数据库，并将所述本地数据库反馈的认证结果发送至所述用户终端。In an optional implementation manner, the apparatus further includes a sending module, configured to send the user identity authentication request to the local database if the authentication method corresponding to the user identity authentication request is local database authentication, and send the user identity authentication request to the local database, and The authentication result fed back by the local database is sent to the user terminal.

在一种可选的实施方式中，所述发送模块进一步用于：若所述本地数据库反馈的认证结果为认证失败，则将所述用户身份认证请求发送至统一身份认证服务器，并将统一身份认证服务器反馈的认证结果发送至所述用户终端。In an optional implementation manner, the sending module is further configured to: if the authentication result fed back by the local database is an authentication failure, send the user identity authentication request to a unified identity authentication server, and send the unified identity authentication request to the unified identity authentication server. The authentication result fed back by the authentication server is sent to the user terminal.

在一种可选的实施方式中，所述装置还包括发送模块，用于若所述用户身份认证请求对应的认证方式为统一身份认证，则将所述用户身份认证请求发送至统一身份认证服务器，并将所述统一身份认证服务器反馈的认证结果发送至所述用户终端。In an optional implementation manner, the apparatus further includes a sending module, configured to send the user identity authentication request to a unified identity authentication server if the authentication method corresponding to the user identity authentication request is unified identity authentication , and send the authentication result fed back by the unified identity authentication server to the user terminal.

在一种可选的实施方式中，所述发送模块进一步用于：若所述统一身份认证服务器反馈的认证结果为认证失败，则将所述用户身份认证请求发送至本地数据库，并将本地数据库反馈的认证结果发送至所述用户终端。In an optional implementation manner, the sending module is further configured to: if the authentication result fed back by the unified identity authentication server is an authentication failure, send the user identity authentication request to a local database, and send the local database The fed back authentication result is sent to the user terminal.

根据本发明的第三方面，提供了一种计算设备，包括：处理器、存储器、通信接口和通信总线，所述处理器、所述存储器和所述通信接口通过所述通信总线完成相互间的通信；According to a third aspect of the present invention, a computing device is provided, comprising: a processor, a memory, a communication interface, and a communication bus, and the processor, the memory, and the communication interface complete mutual communication through the communication bus. communication;

所述存储器用于存放至少一可执行指令，所述可执行指令使所述处理器执行上述用户身份认证方法对应的操作。The memory is used for storing at least one executable instruction, and the executable instruction enables the processor to perform operations corresponding to the above-mentioned user identity authentication method.

根据本发明的第四方面，提供了一种计算机存储介质，所述存储介质中存储有至少一可执行指令，所述可执行指令使处理器执行如上述用户身份认证方法对应的操作。According to a fourth aspect of the present invention, a computer storage medium is provided, wherein the storage medium stores at least one executable instruction, and the executable instruction causes the processor to perform operations corresponding to the above-mentioned user identity authentication method.

本发明实施例公开的用户身份认证方法、装置、计算设备及计算机存储介质：接收用户终端发送的用户身份认证请求；获取用户终端在第一历史时间窗口内的业务服务使用数据；根据业务服务使用数据确定用户身份认证请求对应的认证方式；其中，认证方式包括：本地数据库认证和统一身份认证中的至少一种。本方案避免了由单一认证端进行认证而引起的认证端负荷高，认证请求处理慢或无法处理的技术弊端，提高认证服务的稳定性；并且本方案获取并根据请求发起端的业务服务使用数据确定用户身份认证请求对应的认证方式，从而能够提高认证方式与用户身份认证请求的匹配度，提高认证效率以及认证精度。The user identity authentication method, device, computing device, and computer storage medium disclosed in the embodiments of the present invention: receive a user identity authentication request sent by a user terminal; acquire business service usage data of the user terminal within a first historical time window; The data determines the authentication mode corresponding to the user identity authentication request; wherein, the authentication mode includes at least one of local database authentication and unified identity authentication. This solution avoids the technical drawbacks of high authentication end load, slow or unprocessable authentication request processing caused by authentication by a single authentication end, and improves the stability of authentication services; and this solution obtains and determines according to the business service usage data of the request originating end The authentication method corresponding to the user identity authentication request can improve the matching degree between the authentication method and the user identity authentication request, and improve the authentication efficiency and authentication accuracy.

上述说明仅是本发明技术方案的概述，为了能够更清楚了解本发明的技术手段，而可依照说明书的内容予以实施，并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂，以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, in order to be able to understand the technical means of the present invention more clearly, it can be implemented according to the content of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and easy to understand , the following specific embodiments of the present invention are given.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述，各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的，而并不认为是对本发明的限制。而且在整个附图中，用相同的参考符号表示相同的部件。在附图中：Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are for the purpose of illustrating preferred embodiments only and are not to be considered limiting of the invention. Also, the same components are denoted by the same reference numerals throughout the drawings. In the attached image:

图1示出了本发明实施例一提供的一种用户身份认证方法的流程示意图；1 shows a schematic flowchart of a user identity authentication method provided in Embodiment 1 of the present invention;

图2示出了本发明实施例二提供的一种用户身份认证方法的流程示意图；2 shows a schematic flowchart of a user identity authentication method according to Embodiment 2 of the present invention;

图3示出了本发明实施例三提供的一种用户身份认证方法的流程示意图；3 shows a schematic flowchart of a user identity authentication method according to Embodiment 3 of the present invention;

图4示出了本发明实施例三提供的一种用户身份认证请求的流转示意图；4 shows a schematic diagram of the flow of a user identity authentication request provided in Embodiment 3 of the present invention;

图5示出了本发明实施例四提供的一种用户身份认证装置的结构示意图；5 shows a schematic structural diagram of a user identity authentication device according to Embodiment 4 of the present invention;

图6示出了本发明实施例六提供的一种计算设备的结构示意图。FIG. 6 shows a schematic structural diagram of a computing device according to Embodiment 6 of the present invention.

具体实施方式Detailed ways

下面将参照附图更详细地描述本发明的示例性实施例。虽然附图中显示了本发明的示例性实施例，然而应当理解，可以以各种形式实现本发明而不应被这里阐述的实施例所限制。相反，提供这些实施例是为了能够更透彻地理解本发明，并且能够将本发明的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that the present invention will be more thoroughly understood, and will fully convey the scope of the present invention to those skilled in the art.

实施例一Example 1

图1示出了本发明实施例一提供的一种用户身份认证方法的流程示意图。如图1所示，该方法包括如下步骤：FIG. 1 shows a schematic flowchart of a user identity authentication method according to Embodiment 1 of the present invention. As shown in Figure 1, the method includes the following steps:

步骤S110，接收用户终端发送的用户身份认证请求。Step S110: Receive a user identity authentication request sent by the user terminal.

用户在使用用户终端中的某项业务服务之前，需先发起用户身份认证请求。例如，用户欲使用邮箱应用A的业务服务时，需先发起使用邮箱应用A业务服务的用户身份认证请求。其中，该用户身份认证请求可以为实名认证请求，也可以为非实名认证请求，在此不作限定。Before using a business service in the user terminal, a user needs to initiate a user identity authentication request. For example, when a user wants to use the business service of the mailbox application A, he needs to first initiate a user identity authentication request for using the business service of the mailbox application A. The user identity authentication request may be a real-name authentication request or a non-real-name authentication request, which is not limited herein.

步骤S120，获取用户终端在第一历史时间窗口内的业务服务使用数据。Step S120: Acquire business service usage data of the user terminal within the first historical time window.

与现有技术不同的是，本发明实施例在接收到用户身份认证请求之后，并未直接由认证端对用户身份认证请求进行认证。而是进一步获取用户终端在第一历史时间窗口内的业务服务使用数据，以供后续根据该业务服务使用数据确定出当前的用户身份认证请求最匹配的认证方式。Different from the prior art, in this embodiment of the present invention, after receiving the user identity authentication request, the authentication end does not directly authenticate the user identity authentication request. Instead, the business service usage data of the user terminal within the first historical time window is further acquired, so as to subsequently determine the most matching authentication method for the current user identity authentication request according to the business service usage data.

其中，第一历史时间窗口具体为某个历史时段。例如，第一历史时间窗口可以为最近一天，或最近一周等等。业务服务使用数据具体为用户终端记录的各个业务服务的使用时间等等。在此应当理解的是，本发明实施例中与用户相关的业务服务使用数据仅在用户授权的情况下获取，并且仅用于对用户自身的身份认证。The first historical time window is specifically a certain historical period. For example, the first historical time window may be the most recent day, or the most recent week, and so on. The business service usage data is specifically the usage time of each business service recorded by the user terminal, and the like. It should be understood here that, in this embodiment of the present invention, the business service usage data related to the user is only obtained under the authorization of the user, and is only used for the user's own identity authentication.

步骤S130，根据业务服务使用数据确定用户身份认证请求对应的认证方式；其中，认证方式包括：本地数据库认证和统一身份认证中的至少一种。Step S130: Determine an authentication mode corresponding to the user identity authentication request according to the business service usage data, wherein the authentication mode includes at least one of local database authentication and unified identity authentication.

本地数据库认证具体是指，利用用户身份认证请求对应的业务服务的服务端侧的本地数据库来进行认证。例如，用户欲使用邮箱应用A的业务服务时，需先发起使用邮箱应用A业务服务的用户身份认证请求，则本地数据库认证便是由邮箱应用A业务服务的服务端侧的本地数据库对用户身份认证请求进行处理，以进行认证。The local database authentication specifically refers to using the local database on the server side of the business service corresponding to the user identity authentication request to perform authentication. For example, when a user wants to use the business service of mailbox application A, he needs to first initiate a user identity authentication request to use the business service of mailbox application A, then the local database authentication is the authentication of the user's identity by the local database on the server side of the business service of mailbox application A. The authentication request is processed for authentication.

统一身份认证具体是指，利用统一身份认证服务器来对用户身份认证请求进行处理，以进行认证。其中，统一身份认证服务器可以负责多个不同业务服务的身份认证，例如，统一身份认证服务器可以为邮箱应用A业务服务、社交软件B业务服务等提供用户身份认证等等。The unified identity authentication specifically refers to using the unified identity authentication server to process the user identity authentication request for authentication. The unified identity authentication server may be responsible for the identity authentication of multiple different business services. For example, the unified identity authentication server may provide user identity authentication for the mailbox application A business service, the social software B business service, and so on.

由此可见，本发明实施例为用户提供了本地数据库认证和统一身份认证两种身份认证方式，避免了由单一认证端进行认证而引起的认证端负荷高，认证请求处理慢或无法处理的技术弊端，提高认证服务的稳定性；并且本发明实施例获取并根据请求发起端的业务服务使用数据确定用户身份认证请求对应的认证方式，从而能够提高认证方式与用户身份认证请求的匹配度，提高认证效率以及认证精度。It can be seen that the embodiments of the present invention provide users with two identity authentication methods: local database authentication and unified identity authentication, which avoids the high load of the authentication terminal caused by the authentication performed by a single authentication terminal, and the processing of authentication requests is slow or cannot be processed. In addition, the embodiment of the present invention obtains and determines the authentication method corresponding to the user identity authentication request according to the business service usage data of the request initiator, thereby improving the matching degree between the authentication method and the user identity authentication request and improving the authentication method. Efficiency and certified accuracy.

实施例二Embodiment 2

图2示出了本发明实施例二提供的一种用户身份认证方法的流程示意图。如图2所示，该方法包括如下步骤：FIG. 2 shows a schematic flowchart of a user identity authentication method according to Embodiment 2 of the present invention. As shown in Figure 2, the method includes the following steps:

步骤S210，接收用户终端发送的用户身份认证请求。Step S210: Receive a user identity authentication request sent by the user terminal.

在一种可选的实施方式中，在接收用户终端发送的用户身份认证请求之后，可以判断当前第三历史时间窗口内接收到的用户身份认证请求的数量是否大于或等于第三预设数量；若是，则向用户终端反馈当前认证不可用的提示信息(该提示信息可以为“请稍后重试”)。若否，则执行后续步骤。In an optional embodiment, after receiving the user identity authentication request sent by the user terminal, it can be determined whether the number of user identity authentication requests received within the current third historical time window is greater than or equal to a third preset number; If so, the prompt information that the current authentication is unavailable is fed back to the user terminal (the prompt information may be "please try again later"). If not, proceed to the next steps.

步骤S220，获取用户终端在第一历史时间窗口内的业务服务使用数据。Step S220: Acquire business service usage data of the user terminal within the first historical time window.

步骤S230，确定统一身份认证对应的目标业务服务。Step S230, determining the target business service corresponding to the unified identity authentication.

统一身份认证服务器可以负责多个不同业务服务的身份认证，则该多个不同业务服务为目标业务服务。例如，统一身份认证服务器可以为邮箱应用A业务服务、社交软件B业务服务等提供用户身份认证，则邮箱应用A业务服务、社交软件B业务服务为目标业务服务。The unified identity authentication server can be responsible for the identity authentication of multiple different business services, and the multiple different business services are the target business services. For example, the unified identity authentication server can provide user identity authentication for the mailbox application A business service, the social software B business service, etc., then the mailbox application A business service and the social software B business service are the target business services.

步骤S240，判断业务服务使用数据中是否存在多个不同的目标业务服务的使用记录；若是，则执行步骤S250；若否，则执行步骤S260或者步骤S270或者步骤S280。Step S240, judging whether there are multiple usage records of different target business services in the business service usage data; if yes, go to step S250; if not, go to step S260 or step S270 or step S280.

业务服务使用数据中记录有用户终端中业务服务的使用情况，通过对业务服务使用数据的处理，可以确定出在第一历史时间窗口内用户使用过的业务服务。当用户在第一历史时间窗口内用户使用过多个不同的目标业务服务(即业务服务使用数据中存在多个不同的目标业务服务的使用记录)，则执行步骤S250；若业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则可通过步骤S260、S270、S280中的任意一种方法来确定用户身份认证请求对应的认证方式。The business service usage data records the usage of the business service in the user terminal, and by processing the business service usage data, the business service used by the user within the first historical time window can be determined. When the user has used multiple different target business services within the first historical time window (that is, there are usage records of multiple different target business services in the business service usage data), step S250 is executed; If there are no usage records of multiple different target business services, the authentication mode corresponding to the user identity authentication request may be determined by any one of the methods in steps S260, S270, and S280.

步骤S250，确定用户身份认证请求对应的认证方式为统一身份认证。Step S250, it is determined that the authentication mode corresponding to the user identity authentication request is unified identity authentication.

当用户在第一历史时间窗口内用户使用过多个不同的目标业务服务，则表明用户在未来一段时间内具有该多个目标业务服务的使用需求，则确定用户身份认证请求对应的认证方式为统一身份认证，从而通过该统一身份认证能够实现通过一次认证，使用多个不同目标业务服务的目的，提升用户使用体验。When the user has used multiple different target business services within the first historical time window, it indicates that the user has the use requirements of the multiple target business services in the future, and the authentication method corresponding to the user identity authentication request is determined as follows: Unified identity authentication, so that through the unified identity authentication, the purpose of using multiple different target business services through one-time authentication can be achieved, and the user experience can be improved.

步骤S260，随机从本地数据库认证和统一身份认证中选取一个认证方式作为用户身份认证请求对应的认证方式。Step S260, randomly select an authentication mode from the local database authentication and the unified identity authentication as the authentication mode corresponding to the user identity authentication request.

若业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则可以生成随机数，根据随机数随机选取对应的认证方式。例如，若随机数为0，则选取本地数据库认证；若随机数为1，则选取统一身份认证。If there are no usage records of multiple different target business services in the business service usage data, a random number can be generated, and a corresponding authentication method can be randomly selected according to the random number. For example, if the random number is 0, the local database authentication is selected; if the random number is 1, the unified identity authentication is selected.

步骤S270，统计第二历史时间窗口内认证方式为统一身份认证的用户身份认证请求的第一数量，根据第一数量确定用户身份认证请求对应的认证方式。Step S270: Count the first number of user identity authentication requests whose authentication method is unified identity authentication in the second historical time window, and determine the authentication method corresponding to the user identity authentication request according to the first number.

具体地，若第二历史时间窗口内认证方式为统一身份认证的第一数量大于第一预设数量，则表明当前统一身份认证服务端认证压力较高，则将用户身份认证请求对应的认证方式确定为本地数据库认证，以减小统一身份认证服务端负荷。若第二历史时间窗口内认证方式为统一身份认证的第一数量小于或等于第一预设数量，则将用户身份认证请求对应的认证方式确定为统一身份认证。Specifically, if the first number of authentication methods in the second historical time window is unified identity authentication is greater than the first preset number, it indicates that the current unified identity authentication server authentication pressure is high, and the user identity authentication request corresponding authentication method Determined to be local database authentication to reduce the load on the unified identity authentication server. If the first number of authentication methods in the second historical time window is unified identity authentication is less than or equal to the first preset number, the authentication method corresponding to the user identity authentication request is determined to be unified identity authentication.

步骤S280，统计第二历史时间窗口内认证方式为本地数据库认证的用户身份认证请求的第二数量，根据第二数量确定用户身份认证请求对应的认证方式。Step S280: Count the second quantity of user identity authentication requests whose authentication method is local database authentication within the second historical time window, and determine the authentication method corresponding to the user identity authentication request according to the second quantity.

具体地，若第二历史时间窗口内认证方式为本地数据库认证的数量大于第二预设数量，则表明当前本地数据库端认证负荷较高，则将用户身份认证请求对应的认证方式确定为统一身份认证，以降低本地数据库端认证负荷；若第二历史时间窗口内认证方式为本地数据库的第二数量小于或等于第二预设数量，则将用户身份认证请求对应的认证方式确定为本地数据库认证。Specifically, if the number of authentication methods in the second historical time window is local database authentication is greater than the second preset number, it indicates that the current local database authentication load is relatively high, and the authentication method corresponding to the user identity authentication request is determined to be a unified identity Authentication, to reduce the authentication load of the local database; if the authentication method in the second historical time window is that the second number of the local database is less than or equal to the second preset number, the authentication method corresponding to the user identity authentication request is determined as the local database authentication. .

由此可见，本发明实施例在确定出业务服务使用数据中存在多个不同的目标业务服务的使用记录下，确定用户身份认证请求对应的认证方式为统一身份认证，从而能够在用户具有多个目标业务服务的使用需求时，通过该统一身份认证实现通过一次认证，使用多个不同目标业务服务的目的，提升用户使用体验以及认证效率；并在确定不存在多个不同的目标业务服务的使用记录的情况下，通过随机确定的方式确定用户身份认证请求对应的认证方式，从而提升认证方式的确定效率；又或者，在确定不存在多个不同的目标业务服务的使用记录的情况下，根据第二历史时间窗口内统一身份认证或本地数据库认证对应的认证请求的数量，确定用户身份认证请求对应的认证方式，避免统一身份认证服务器或本地数据库过载。It can be seen that the embodiment of the present invention determines that the authentication method corresponding to the user identity authentication request is unified identity authentication after it is determined that there are multiple use records of different target service services in the service service usage data, so that the user has multiple When the target business service needs to be used, the unified identity authentication is used to achieve the purpose of using multiple different target business services through one authentication, improving user experience and authentication efficiency; and determining that there are no use of multiple different target business services. In the case of records, the authentication method corresponding to the user identity authentication request is determined by random determination, thereby improving the efficiency of determining the authentication method; or, in the case of determining that there are no usage records of multiple different target business services, according to The number of authentication requests corresponding to unified identity authentication or local database authentication within the second historical time window, to determine the authentication method corresponding to the user identity authentication request, to avoid overloading the unified identity authentication server or local database.

实施例三Embodiment 3

图3示出了本发明实施例三提供的一种用户身份认证方法的流程示意图。如图3所示，该方法包括如下步骤：FIG. 3 shows a schematic flowchart of a user identity authentication method according to Embodiment 3 of the present invention. As shown in Figure 3, the method includes the following steps:

步骤S310，接收用户终端发送的用户身份认证请求。Step S310: Receive a user identity authentication request sent by the user terminal.

其中，本发明实施例可以由预设的中间件执行。The embodiments of the present invention may be executed by preset middleware.

步骤S320，获取用户终端在第一历史时间窗口内的业务服务使用数据。Step S320: Acquire business service usage data of the user terminal within the first historical time window.

步骤S330，根据业务服务使用数据确定用户身份认证请求对应的认证方式；若认证方式为本地数据库认证，则执行步骤S340；若认证方式为统一身份认证，则执行步骤S350。Step S330: Determine the authentication mode corresponding to the user identity authentication request according to the business service usage data; if the authentication mode is local database authentication, execute step S340; if the authentication mode is unified identity authentication, execute step S350.

步骤S340，将用户身份认证请求发送至本地数据库，并将本地数据库反馈的认证结果发送至用户终端。Step S340, sending the user identity authentication request to the local database, and sending the authentication result fed back by the local database to the user terminal.

若用户身份认证请求对应的认证方式为本地数据库认证，则将用户身份认证请求发送至本地数据库。本地数据库将存储的数据信息与该用户身份认证请求中携带的信息进行匹配，根据匹配结果确定是否认证通过。并将认证结果经由中间件反馈给用户终端。If the authentication method corresponding to the user identity authentication request is local database authentication, the user identity authentication request is sent to the local database. The local database matches the stored data information with the information carried in the user identity authentication request, and determines whether the authentication is passed according to the matching result. And the authentication result is fed back to the user terminal via the middleware.

在一种可选的实施方式中，若接收到本地数据库反馈的认证失败消息，则将用户身份认证请求发送至统一身份认证服务器进行再次认证，并将统一身份认证服务器反馈的认证结果发送至所述用户终端，继而提升认证精度。其中，若统一身份认证服务器的再次认证结果为失败，则向用户终端反馈相应的认证失败消息；若统一身份认证服务器的再次认证结果为成功，则向用户终端反馈相应的认证成功消息。In an optional implementation manner, if an authentication failure message fed back by the local database is received, the user identity authentication request is sent to the unified identity authentication server for re-authentication, and the authentication result fed back by the unified identity authentication server is sent to the The user terminal is described above, and then the authentication accuracy is improved. Wherein, if the re-authentication result of the unified identity authentication server is failure, a corresponding authentication failure message is fed back to the user terminal; if the re-authentication result of the unified identity authentication server is successful, a corresponding authentication success message is fed back to the user terminal.

步骤S350，将用户身份认证请求发送至统一身份认证服务器，并将统一身份认证服务器反馈的认证结果发送至用户终端。In step S350, the user identity authentication request is sent to the unified identity authentication server, and the authentication result fed back by the unified identity authentication server is sent to the user terminal.

若用户身份认证请求对应的认证方式为统一身份认证，则将用户身份认证请求发送至统一身份认证服务器，由统一身份认证服务器对请求进行处理以进行用户身份认证。其中，本发明实施例中的统一身份认证可以为LADP认证，则统一身份认证服务器为LADP认证服务器，LADP认证服务器是一种轻量级统一认证服务器。进一步将统一身份认证服务器反馈的认证结果发送至用户终端。If the authentication method corresponding to the user identity authentication request is unified identity authentication, the user identity authentication request is sent to the unified identity authentication server, and the unified identity authentication server processes the request for user identity authentication. Wherein, the unified identity authentication in the embodiment of the present invention may be LADP authentication, the unified identity authentication server is an LADP authentication server, and the LADP authentication server is a lightweight unified authentication server. Further, the authentication result fed back by the unified identity authentication server is sent to the user terminal.

在一种可选的实施方式中，若接收到统一身份认证服务器反馈的认证失败消息，则将用户身份认证请求发送至本地数据库，由本地数据库进行再次认证，并将所述本地数据库反馈的认证结果发送至用户终端。若再次认证结果为失败，则向用户终端反馈认证失败的消息，若再次认证结果为成功，则向用户终端反馈认证成功的消息。In an optional implementation manner, if an authentication failure message fed back by the unified identity authentication server is received, the user identity authentication request is sent to the local database, the local database performs re-authentication, and the authentication returned by the local database is authenticated. The result is sent to the user terminal. If the re-authentication result is failure, the authentication failure message is fed back to the user terminal, and if the re-authentication result is successful, the authentication success message is fed back to the user terminal.

以图4为例，用户终端发起的用户身份认证请求先发送至中间件，中间件判断当前用户身份认证请求的认证方式。若确定用户身份认证请求的认证方式为本地数据库认证，则将用户身份认证请求发送至本地数据库；若用户身份认证请求的认证方式为统一身份认证，则将用户身份认证请求发送至统一身份认证服务器。中间件还会将本地数据库和统一身份认证服务器反馈的认证结果反馈给用户终端。Taking FIG. 4 as an example, the user identity authentication request initiated by the user terminal is first sent to the middleware, and the middleware determines the authentication mode of the current user identity authentication request. If it is determined that the authentication method of the user identity authentication request is local database authentication, the user identity authentication request is sent to the local database; if the authentication method of the user identity authentication request is unified identity authentication, the user identity authentication request is sent to the unified identity authentication server. . The middleware also feeds back the authentication results from the local database and the unified identity authentication server to the user terminal.

由此可见，本发明实施例由中间件来接收用户身份认证请求，并在确定出相应的认证方式后，将请求发送给对应的认证端进行认证，避免了由单一认证端进行认证而引起的认证端负荷高，认证请求处理慢或无法处理的技术弊端，提高认证服务的稳定性。It can be seen that, in the embodiment of the present invention, the middleware receives the user identity authentication request, and after determining the corresponding authentication method, the request is sent to the corresponding authentication terminal for authentication, thereby avoiding the authentication caused by a single authentication terminal. The technical drawbacks of the high load on the authentication end and the slow or inability to process the authentication request improve the stability of the authentication service.

实施例四Embodiment 4

图5示出了本发明实施例四提供的一种用户身份认证装置的结构示意图。如图5所示，该装置500包括：接收模块510、获取模块520以及确定模块530。FIG. 5 shows a schematic structural diagram of a user identity authentication apparatus according to Embodiment 4 of the present invention. As shown in FIG. 5 , theapparatus 500 includes: a receiving module 510 , an acquiring module 520 and a determiningmodule 530 .

接收模块510，用于接收用户终端发送的用户身份认证请求；A receiving module 510, configured to receive a user identity authentication request sent by the user terminal;

获取模块520，用于获取所述用户终端在第一历史时间窗口内的业务服务使用数据；an acquisition module 520, configured to acquire business service usage data of the user terminal within the first historical time window;

确定模块530，用于根据所述业务服务使用数据确定所述用户身份认证请求对应的认证方式；Adetermination module 530, configured to determine the authentication mode corresponding to the user identity authentication request according to the business service usage data;

在一种可选的实施方式中，确定模块530进一步用于：确定所述统一身份认证对应的目标业务服务；In an optional implementation manner, the determiningmodule 530 is further configured to: determine the target business service corresponding to the unified identity authentication;

在一种可选的实施方式中，确定模块530进一步用于：若所述业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则随机从本地数据库认证和统一身份认证中选取一个认证方式作为所述用户身份认证请求对应的认证方式。In an optional implementation manner, the determiningmodule 530 is further configured to: randomly select from the local database authentication and unified identity authentication if there are no usage records of multiple different target business services in the business service usage data An authentication method is used as the authentication method corresponding to the user identity authentication request.

在一种可选的实施方式中，确定模块530进一步用于：若所述业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则统计第二历史时间窗口内认证方式为统一身份认证的用户身份认证请求的第一数量；In an optional implementation manner, the determiningmodule 530 is further configured to: if there are no usage records of multiple different target business services in the business service usage data, count the authentication method as unified in the second historical time window The first number of user authentication requests for identity authentication;

在一种可选的实施方式中，确定模块530进一步用于：若所述业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则统计第二历史时间窗口内认证方式为本地数据库认证的用户身份认证请求的第二数量；In an optional implementation manner, the determiningmodule 530 is further configured to: if there are no usage records of multiple different target business services in the business service usage data, count the authentication mode as local in the second historical time window the second number of user authentication requests authenticated by the database;

在一种可选的实施方式中，所述装置还包括：提示模块(图中未示出)，用于在所述接收用户终端发送的用户身份认证请求之后，判断第三历史时间窗口内接收到的用户身份认证请求的第三数量是否大于或等于第三预设数量；In an optional implementation manner, the apparatus further includes: a prompting module (not shown in the figure), configured to, after receiving the user identity authentication request sent by the user terminal, determine that the request is received within the third historical time window. Whether the third quantity of received user identity authentication requests is greater than or equal to the third preset quantity;

在一种可选的实施方式中，所述装置还包括发送模块(图中未示出)，用于若所述用户身份认证请求对应的认证方式为本地数据库认证，则将所述用户身份认证请求发送至本地数据库，并将所述本地数据库反馈的认证结果发送至所述用户终端。In an optional implementation manner, the apparatus further includes a sending module (not shown in the figure), configured to authenticate the user identity if the authentication method corresponding to the user identity authentication request is local database authentication The request is sent to the local database, and the authentication result fed back by the local database is sent to the user terminal.

本装置中各模块的具体实施过程可参照方法实施例中的相应描述，在此不作赘述。For the specific implementation process of each module in the apparatus, reference may be made to the corresponding description in the method embodiment, which is not repeated here.

由此可见，本方案避免了由单一认证端进行认证而引起的认证端负荷高，认证请求处理慢或无法处理的技术弊端，提高认证服务的稳定性；并且本方案获取并根据请求发起端的业务服务使用数据确定用户身份认证请求对应的认证方式，从而能够提高认证方式与用户身份认证请求的匹配度，提高认证效率以及认证精度。It can be seen that this solution avoids the technical drawbacks of high authentication end load, slow or unprocessable authentication request processing caused by authentication by a single authentication end, and improves the stability of authentication services; and this solution obtains and initiates the service of the end according to the request. The service uses the data to determine the authentication method corresponding to the user identity authentication request, thereby improving the matching degree between the authentication method and the user identity authentication request, and improving the authentication efficiency and authentication accuracy.

实施例五Embodiment 5

本发明实施例五提供了一种非易失性计算机存储介质，所述计算机存储介质存储有至少一可执行指令，该计算机可执行指令可执行上述任意方法实施例中的用户身份认证方法。Embodiment 5 of the present invention provides a non-volatile computer storage medium, where the computer storage medium stores at least one executable instruction, and the computer executable instruction can execute the user identity authentication method in any of the above method embodiments.

实施例六Embodiment 6

图6示出了本发明实施例六提供的一种计算设备的结构示意图。本发明具体实施例并不对计算设备的具体实现做限定。FIG. 6 shows a schematic structural diagram of a computing device according to Embodiment 6 of the present invention. The specific embodiments of the present invention do not limit the specific implementation of the computing device.

如图6所示，该计算设备可以包括：处理器(processor)602、通信接口(Communications Interface)604、存储器(memory)606、以及通信总线608。As shown in FIG. 6 , the computing device may include: a processor (processor) 602 , a communications interface (Communications Interface) 604 , a memory (memory) 606 , and acommunication bus 608 .

其中：处理器602、通信接口604、以及存储器606通过通信总线608完成相互间的通信。通信接口604，用于与其它设备比如客户端或其它服务器等的网元通信。处理器602，用于执行程序610，具体可以执行上述用户身份认证方法实施例中的相关步骤。The processor 602 , thecommunication interface 604 , and the memory 606 communicate with each other through thecommunication bus 608 . Thecommunication interface 604 is used to communicate with network elements of other devices such as clients or other servers. The processor 602 is configured to execute the program 610, and specifically may execute the relevant steps in the above-mentioned embodiments of the user identity authentication method.

具体地，程序610可以包括程序代码，该程序代码包括计算机操作指令。Specifically, the program 610 may include program code including computer operation instructions.

处理器602可能是中央处理器CPU，或者是特定集成电路ASIC(ApplicationSpecific Integrated Circuit)，或者是被配置成实施本发明实施例的一个或多个集成电路。计算设备包括的一个或多个处理器，可以是同一类型的处理器，如一个或多个CPU；也可以是不同类型的处理器，如一个或多个CPU以及一个或多个ASIC。The processor 602 may be a central processing unit (CPU), or an application specific integrated circuit (ASIC), or one or more integrated circuits configured to implement embodiments of the present invention. The one or more processors included in the computing device may be the same type of processors, such as one or more CPUs; or may be different types of processors, such as one or more CPUs and one or more ASICs.

存储器606，用于存放程序610。存储器606可能包含高速RAM存储器，也可能还包括非易失性存储器(non-volatile memory)，例如至少一个磁盘存储器。程序610具体可以用于使得处理器602执行上述任意方法实施例中的户身份认证方法。The memory 606 is used to store the program 610 . Memory 606 may include high-speed RAM memory, and may also include non-volatile memory, such as at least one disk memory. The program 610 may be specifically configured to cause the processor 602 to execute the user identity authentication method in any of the above method embodiments.

在此提供的算法或显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述，构造这类系统所要求的结构是显而易见的。此外，本发明实施例也不针对任何特定编程语言。应当明白，可以利用各种编程语言实现在此描述的本发明的内容，并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms or displays provided herein are not inherently related to any particular computer, virtual system, or other device. Various general-purpose systems can also be used with teaching based on this. The structure required to construct such a system is apparent from the above description. Furthermore, embodiments of the present invention are not directed to any particular programming language. It is to be understood that various programming languages may be used to implement the inventions described herein, and that the descriptions of specific languages above are intended to disclose the best mode for carrying out the invention.

在此处所提供的说明书中，说明了大量具体细节。然而，能够理解，本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中，并未详细示出公知的方法、结构和技术，以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. It will be understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

类似地，应当理解，为了精简本发明并帮助理解各个发明方面中的一个或多个，在上面对本发明的示例性实施例的描述中，本发明实施例的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而，并不应将该公开的方法解释成反映如下意图：即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说，如下面的权利要求书所反映的那样，发明方面在于少于前面公开的单个实施例的所有特征。因此，遵循具体实施方式的权利要求书由此明确地并入该具体实施方式，其中每个权利要求本身都作为本发明的单独实施例。Similarly, it is to be understood that, in the above description of exemplary embodiments of the invention, various features of the embodiments of the invention are sometimes grouped together into a single implementation in order to simplify the invention and to aid in the understanding of one or more of the various aspects of the invention. examples, figures, or descriptions thereof. This disclosure, however, should not be construed as reflecting an intention that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解，可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件，以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外，可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述，本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. The modules or units or components in the embodiments may be combined into one module or unit or component, and further they may be divided into multiple sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method so disclosed may be employed in any combination, unless at least some of such features and/or procedures or elements are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外，本领域的技术人员能够理解，尽管在此的一些实施例包括其它实施例中所包括的某些特征而不是其它特征，但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如，在下面的权利要求书中，所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, it will be understood by those skilled in the art that although some of the embodiments herein include certain features, but not others, included in other embodiments, that combinations of features of the different embodiments are intended to be within the scope of the present invention And form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现，或者以在一个或者多个处理器上运行的软件模块实现，或者以它们的组合实现。本领域的技术人员应当理解，可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如，计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上，或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到，或者在载体信号上提供，或者以任何其他形式提供。Various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components according to the embodiments of the present invention. The present invention can also be implemented as apparatus or apparatus programs (eg, computer programs and computer program products) for performing part or all of the methods described herein. Such a program implementing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such signals may be downloaded from Internet sites, or provided on carrier signals, or in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制，并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中，不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中，这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。上述实施例中的步骤，除有特殊说明外，不应理解为对执行顺序的限定。It should be noted that the above-described embodiments illustrate rather than limit the invention, and that alternative embodiments may be devised by those skilled in the art without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several different elements and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. do not denote any order. These words can be interpreted as names. The steps in the above embodiments should not be construed as limitations on the execution order unless otherwise specified.

Claims

Translated fromChinese

1.一种用户身份认证方法，其特征在于，所述方法包括：1. a user identity authentication method, is characterized in that, described method comprises:

2.根据权利要求1所述的方法，其特征在于，所述根据所述业务服务使用数据确定所述用户身份认证请求对应的认证方式进一步包括：2. The method according to claim 1, wherein the determining the authentication mode corresponding to the user identity authentication request according to the business service usage data further comprises:

3.根据权利要求2所述的方法，其特征在于，所述根据所述业务服务使用数据确定所述用户身份认证请求对应的认证方式进一步包括：3. The method according to claim 2, wherein the determining the authentication mode corresponding to the user identity authentication request according to the business service usage data further comprises:

若所述业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则随机从本地数据库认证和统一身份认证中选取一个认证方式作为所述用户身份认证请求对应的认证方式；和/或，If there are no usage records of a plurality of different target business services in the business service usage data, then randomly select an authentication method from the local database authentication and unified identity authentication as the authentication method corresponding to the user identity authentication request; and/ or,

若所述业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则统计第二历史时间窗口内认证方式为统一身份认证的用户身份认证请求的第一数量；若所述第一数量大于第一预设数量，则将所述用户身份认证请求对应的认证方式确定为本地数据库认证；若所述第一数量小于或等于第一预设数量，则将用户身份认证请求对应的认证方式确定为统一身份认证；和/或，If there are no usage records of multiple different target business services in the business service usage data, count the first number of user identity authentication requests whose authentication method is unified identity authentication in the second historical time window; If the number is greater than the first preset number, the authentication method corresponding to the user identity authentication request is determined as local database authentication; if the first number is less than or equal to the first preset number, the authentication method corresponding to the user identity authentication request is determined. The method is determined to be unified authentication; and/or,

若所述业务服务使用数据中不存在多个不同的目标业务服务的使用记录，则统计第二历史时间窗口内认证方式为本地数据库认证的用户身份认证请求的第二数量；若所述第二数量大于第二预设数量，则将所述用户身份认证请求对应的认证方式确定为统一身份认证；若所述第二数量小于或等于第二预设数量，则将所述用户身份认证请求对应的认证方式确定为本地数据库认证。If there are no usage records of multiple different target business services in the business service usage data, count the second number of user identity authentication requests whose authentication mode is local database authentication within the second historical time window; If the number is greater than the second preset number, the authentication method corresponding to the user identity authentication request is determined as unified identity authentication; if the second number is less than or equal to the second preset number, the user identity authentication request corresponds to The authentication method is determined as local database authentication.

4.根据权利要求1所述的方法，其特征在于，在所述接收用户终端发送的用户身份认证请求之后，所述方法还包括：4. The method according to claim 1, wherein after receiving the user identity authentication request sent by the user terminal, the method further comprises:

5.根据权利要求1-4中任一项所述的方法，其特征在于，在所述根据所述业务服务使用数据确定所述用户身份认证请求对应的认证方式之后，所述方法还包括：若所述用户身份认证请求对应的认证方式为本地数据库认证，则将所述用户身份认证请求发送至本地数据库，并将所述本地数据库反馈的认证结果发送至所述用户终端；和/或，5. The method according to any one of claims 1-4, wherein after determining the authentication mode corresponding to the user identity authentication request according to the business service usage data, the method further comprises: If the authentication method corresponding to the user identity authentication request is local database authentication, send the user identity authentication request to the local database, and send the authentication result fed back by the local database to the user terminal; and/or,

6.根据权利要求1-4中任一项所述的方法，其特征在于，在所述根据所述业务服务使用数据确定所述用户身份认证请求对应的认证方式之后，所述方法还包括：6. The method according to any one of claims 1-4, wherein after the authentication mode corresponding to the user identity authentication request is determined according to the business service usage data, the method further comprises:

若所述用户身份认证请求对应的认证方式为统一身份认证，则将所述用户身份认证请求发送至统一身份认证服务器，并将所述统一身份认证服务器反馈的认证结果发送至所述用户终端；和/或，If the authentication method corresponding to the user identity authentication request is unified identity authentication, sending the user identity authentication request to a unified identity authentication server, and sending the authentication result fed back by the unified identity authentication server to the user terminal; and / or,

7.根据权利要求1-4中任一项所述的方法，其特征在于，所述统一身份认证为LADP认证。7. The method according to any one of claims 1-4, wherein the unified identity authentication is LADP authentication.

8.一种用户身份认证装置，其特征在于，包括：8. A user identity authentication device, comprising:

9.一种计算设备，其特征在于，包括：处理器、存储器、通信接口和通信总线，所述处理器、所述存储器和所述通信接口通过所述通信总线完成相互间的通信；9. A computing device, comprising: a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface communicate with each other through the communication bus;

所述存储器用于存放至少一可执行指令，所述可执行指令使所述处理器执行如权利要求1-7中任一项所述的用户身份认证方法对应的操作。The memory is used for storing at least one executable instruction, and the executable instruction causes the processor to perform an operation corresponding to the user identity authentication method according to any one of claims 1-7.

10.一种计算机存储介质，其特征在于，所述存储介质中存储有至少一可执行指令，所述可执行指令使处理器执行如权利要求1-7中任一项所述的用户身份认证方法对应的操作。10. A computer storage medium, wherein the storage medium stores at least one executable instruction, the executable instruction enables a processor to perform the user identity authentication according to any one of claims 1-7 The corresponding operation of the method.