CN107370603B - Identity authentication method, server and computer readable storage medium - Google Patents
Identity authentication method, server and computer readable storage medium Download PDFInfo
- Publication number
- CN107370603B CN107370603B CN201610322308.7A CN201610322308A CN107370603B CN 107370603 B CN107370603 B CN 107370603B CN 201610322308 A CN201610322308 A CN 201610322308A CN 107370603 B CN107370603 B CN 107370603B
- Authority
- CN
- China
- Prior art keywords
- information
- answer
- terminal
- user
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 82
- 238000012795 verification Methods 0.000 claims abstract description 127
- 238000010200 validation analysis Methods 0.000 claims 1
- 230000008569 process Effects 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 4
- 239000000284 extract Substances 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 239000004576 sand Substances 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
The embodiment of the invention discloses an identity authentication method, which is used for improving the security of identity authentication. The method comprises the following steps: the server acquires abbreviated information and corresponding meaning information in an input method database of the first terminal, wherein the abbreviated information and the corresponding meaning information are recorded by the first terminal according to input habits of a user, and generates a verification question according to the abbreviated information and a first answer of the verification question according to the corresponding meaning information. And the server carries out identity authentication on the second terminal according to the authentication question and the first answer. Therefore, in the generation process of the verification question and the answer, the user himself does not know what the specific verification question and the specific answer are, and when the identity verification is carried out, the verification question and the specific answer are set according to the input habit of the user, so that the user can know the answer according to the personal input habit, and the input habit is personal to the user and is difficult to know by other people. Therefore, the safety of the identity authentication is greatly improved.
Description
Technical Field
The invention relates to the field of servers, in particular to an identity authentication method and a server
Background
In network communication, network security is particularly important, and if privacy information stored in a terminal by a user is stolen by others, serious loss can be caused. Therefore, in the current network environment, whether a user accesses a network or logs in an application, the user generally needs to be authenticated, the user needs to input a user name and a password, after the server side receives the user name and the password, whether the user name is stored or not is judged, whether the password is correct or not is judged, and when the user name is stored on the server side and the password input by the user is consistent with the password corresponding to the stored user name, the server side authorizes the identity of the user.
In a general terminal authentication method, authentication is generally performed by acquiring a user name and a password input by a user through a terminal, and in order to improve the security of authentication, it is generally required that the password input by the user needs to have a combination of english letters and numbers and the total number of words is not less than 6 or 8, which results in that the user often forgets the password due to the limitation.
Generally, in order to remember a password for a long time, a user usually uses a character commonly used by the user, such as a birthday number or a mobile phone number, but because the password is not an absolutely private character and is frequently used, the password is easily stolen, and therefore, the security of the existing authentication method is low.
Disclosure of Invention
The embodiment of the invention provides an identity authentication method and a server, which are used for improving the security of identity authentication.
A first aspect of an embodiment of the present invention provides an identity authentication method, including:
acquiring abbreviated information and corresponding meaning information in an input method database of a first terminal, wherein the abbreviated information and the corresponding meaning information are recorded by the first terminal according to the input habit of a user;
generating a verification problem according to the abbreviated information;
generating a first answer to the verification question according to the corresponding meaning information;
receiving an identity authentication request sent by a second terminal;
and performing identity authentication on the second terminal according to the authentication question and the first answer.
In one possible implementation, the abbreviation information is a pinyin acronym, and the corresponding meaning information is a preferred chinese corresponding to the pinyin acronym; or,
the abbreviation information is five acronyms, and the corresponding meaning information is the preferred Chinese corresponding to the five acronyms.
In another possible implementation, the verification problem includes: and prompting the user to input meaning information corresponding to the abbreviated information.
In another possible implementation manner, the method further includes:
acquiring category information to which the corresponding meaning information belongs from the input method database;
generating a verification question according to the abbreviated information includes:
and generating a verification question according to the abbreviated information and the category information, wherein the verification question is a prompt for prompting a user to input meaning information corresponding to the abbreviated information according to the category information.
In another possible implementation manner, the performing, according to the verification question and the first answer, identity verification on the second terminal specifically includes:
sending the verification problem to a second terminal;
receiving a second answer sent by the second terminal;
judging whether the first answer is consistent with the second answer or not, and if so, determining that the second terminal identity authentication is passed; and if the identity authentication is not consistent, determining that the second terminal identity authentication is not passed.
A second aspect of an embodiment of the present invention provides a server, including:
the acquisition unit is used for acquiring abbreviated information and corresponding meaning information in an input method database of a first terminal, wherein the abbreviated information and the corresponding meaning information are recorded by the first terminal according to the input habit of a user;
the generating unit is used for generating a verification problem according to the abbreviation information;
the generating unit is further used for generating a first answer of the verification question according to the corresponding meaning information;
the first receiving unit is used for receiving an authentication request sent by the second terminal;
and the verification unit is used for verifying the identity of the second terminal by the verification question and the first answer.
In one possible implementation, the abbreviation information is a pinyin acronym, and the corresponding meaning information is a preferred chinese corresponding to the pinyin acronym; or,
the abbreviation information is five acronyms, and the corresponding meaning information is the preferred Chinese corresponding to the five acronyms.
In another possible implementation, the verification problem includes: and prompting the user to input meaning information corresponding to the abbreviated information.
In another possible implementation manner, the obtaining unit is further configured to:
acquiring category information to which the corresponding meaning information belongs from the input method database;
the generating unit is specifically configured to:
and generating a verification question according to the abbreviated information and the category information, wherein the verification question is a prompt for prompting a user to input meaning information corresponding to the abbreviated information according to the category information.
In another possible implementation manner, the verification unit specifically includes:
the sending unit is used for sending the verification problem to a second terminal;
a second receiving unit, configured to receive a second answer sent by the second terminal;
the judging unit is used for judging whether the first answer is consistent with the second answer;
the determining unit is used for determining that the second terminal passes the authentication when the judging unit judges that the first answer is consistent with the second answer;
the determining unit is further configured to determine that the second terminal identity authentication is not passed when the determining unit determines that the first answer is inconsistent with the second answer.
According to the technical scheme, the embodiment of the invention has the following advantages: in the embodiment of the invention, firstly, a server acquires abbreviated information and corresponding meaning information in an input method database of a first terminal, wherein the abbreviated information and the corresponding meaning information are recorded by the first terminal according to input habits of a user, then a verification question is generated according to the abbreviated information, and a first answer of the verification question is generated according to the corresponding meaning information. Thus, the server is equivalent to automatically generating a user name and a password for identity authentication for the user. And when the server receives an authentication request of the second terminal, the server authenticates the second terminal according to the authentication question and the first answer. Therefore, the server autonomously acquires the input habits of the user and generates the verification questions and answers for identity verification according to the input habits of the user, so that the user himself does not know what the specific verification questions and answers are in the generation process of the verification questions and answers, and the server firstly informs the user of the verification questions because the verification questions and answers are set according to the input habits of the user during identity verification, so that the user does not worry about a user name, and the user himself can know the corresponding answers according to the personal input habits when knowing the verification questions, and the input habits are personal to the user and are difficult to know by others. Therefore, the embodiment of the invention greatly improves the safety of the identity authentication.
Drawings
FIG. 1 is a schematic diagram of a method of identity verification in an embodiment of the invention;
FIG. 2 is another schematic diagram of a method of identity verification according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of selecting a verification problem in an actual application scenario in an embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating a verification problem determination in an actual application scenario according to an embodiment of the present invention;
FIG. 5 is a schematic diagram illustrating a gap-filling verification problem in an actual application scenario according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of a server in an embodiment of the invention;
FIG. 7 is another diagram of a server in an embodiment of the invention;
fig. 8 is another schematic diagram of a server in an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The embodiment of the invention provides an identity authentication method and a server, which are used for improving the security of identity authentication.
Referring to fig. 1, an embodiment of a method for identity authentication in an embodiment of the present invention includes:
101. the server acquires abbreviation information and corresponding meaning information from an input method database of a first terminal, wherein the abbreviation information and the corresponding meaning information are recorded by the first terminal according to input habits of a user;
the input method is a tool necessary for a user to input information to the terminal, and thus the terminal is generally installed with the input method. The existing input method is more and more intelligent, and the input habit of a user can be recorded. For example, in the pinyin input method, if a user firstly presses two zs letters through an input method, then finds three Zs through the word group and confirms the three Zs, the three Zs is displayed on the terminal, when the user continuously inputs three Zs through the zs letters for multiple times, the terminal records the input habit of the user, and the three Zs form a mapping relation and are stored in an input method database, so that when the user presses two sz letters next time, the preferred Chinese in the input method prompt box is three Zs, and the user can conveniently and directly input the Chinese. In the mapping relation stored in the input method database, "zs" is used as the abbreviation information, and "zhang san" is used as the meaning information corresponding to the abbreviation information of "zs".
In the embodiment of the invention, the characteristic that the terminal can store the input habit of the user is utilized, so that the server automatically generates the verification question and the verification answer according to the input habit of the user, and the identity of the terminal is verified. The habit of the user is mainly embodied in that the user uses some abbreviated information to input corresponding meaning information, and therefore, the server needs to first acquire the abbreviated information and the corresponding meaning information from the input method database of the first terminal.
Optionally, the server may obtain multiple sets of abbreviation information and multiple corresponding meaning information from an input method database of the first terminal. The server retrieves all abbreviation information and corresponding meaning information in the input method database in the first terminal, for example, the abbreviation information and corresponding meaning information retrieved by the server include: the server can acquire all the retrieved abbreviated information and the corresponding meaning information and serve as a basis for generating the verification question and the first answer; or acquiring a preset number of abbreviated information and corresponding meaning information from the retrieval result, and using the abbreviated information and the corresponding meaning information as a basis for generating the verification question and the first answer. For example, the search result has three groups of abbreviated information and corresponding meaning information, and the server obtains two groups of abbreviated information as a basis for generating the verification question and the first answer. In this way, the abbreviated information and the corresponding meaning information acquired by the server include multiple sets, and the generated verification question and the first answer also include multiple sets, so that user selection can be provided or multiple verifications can be performed on the user. The method and the device avoid the unique verification problem generated subsequently, possibly cause that the user can not guess successfully, and cause the verification failure, improve the reliability of the user verification problem, and also improve the safety of the user identity verification.
It should be noted that the terminal may include a Personal Computer (PC), a handheld terminal, and the like.
102. The server generates a verification problem according to the abbreviated information;
in the embodiment of the present invention, after the server acquires the abbreviation information and the corresponding meaning information from the input method database of the first terminal, a verification problem may be generated according to the abbreviation information, and the verification problem may be generated by using the abbreviation information as a part of a question stem, and a specific way of generating the verification problem is not limited herein.
The verification problem may be in the form of a selection problem, a judgment problem, or a gap filling problem, and the specific form is not limited herein.
103. The server generates a first answer of the verification question according to the corresponding meaning information;
when the server acquires the abbreviated information and the corresponding meaning information from the input method database in the first terminal, the server autonomously generates a verification question according to the abbreviated information and generates a first answer of the verification question according to the corresponding meaning information, so that the generation of the verification question and the answer is autonomously generated by the server and the user himself or herself is not aware of the verification, and when the user performs authentication, the user can only guess the correct answer through the personal input habit, thereby improving the security of the authentication.
After generating the verification question and the first answer, the server may perform binding storage with an identifier provided by the first terminal, where the identifier may be a login account, a user identifier, a user name, and the like, and is not limited herein. For example, when a user generates a security of a QQ through a computer, the user needs to input a QQ number and a QQ password to log in the QQ, the user inputs an instruction for requesting a server to automatically generate the security, for example, a security generation button is clicked, and after the server receives the instruction, the server acquires abbreviation information and corresponding meaning information in an input method database of the computer and binds the abbreviation information and the corresponding meaning information with the QQ number of the user.
104. The server receives an identity authentication request sent by a second terminal;
when the second terminal requests to log in an account, or retrieve a password, or request to post, and authentication is needed, the server receives an authentication request sent by the second terminal. For example, in some social websites, when a user registers an account, the website server automatically generates an authentication question and a first answer according to a terminal used by the user, and when the user needs to log in the website, the user needs to input not only an originally registered user name and a password, but also answer the authentication question generated by the website server, so that the authentication request may include the user name, the password, and the answer to the authentication question input by the user. For another example, in a scenario of retrieving a password, the user forgets the login password, and therefore sends a request for retrieving the password to the server according to the user name, and the server sends an authentication question according to the user name to authenticate the user, and therefore the authentication request sent by the user through the second terminal may only include an answer to the authentication question. For another example, in a scenario of requesting to post, the user has successfully logged in through a user name and a password, but since the existing browsers all have a function of remembering the password, in order to ensure that the user is the user himself when posting, the server restricts that the user must perform authentication when posting, when the user posts, an authentication question is sent to a terminal used by the user, and the user can post after needing to answer the authentication question, so that the authentication request sent by the user through the second terminal may only include an answer to the authentication question.
The request may carry an identifier provided by the second terminal, such as a login account, a user identifier, a user name, and the like, which is not limited herein.
105. And the server carries out identity authentication on the second terminal according to the authentication question and the first answer.
The server receives an identity authentication request sent by the second terminal, can extract an identifier provided by the second terminal, and if the identifier is matched with the identifier provided by the first terminal, the server performs identity authentication on the second terminal according to the authentication problem and the first answer. It should be noted that the first terminal and the second terminal may be the same device or different devices, and perform authentication on the second terminal, that is, perform authentication on a user using the second terminal.
In the embodiment of the invention, the server autonomously acquires the input habits of the user and then generates the verification question and the answer for identity verification according to the input habits of the user, so that the user does not know what the specific verification question and the answer are in the generation process of the verification question and the answer, and when identity verification is carried out, the server informs the user of the verification question as the verification question and the answer are set according to the input habits of the user, the user can know the corresponding answer according to the personal input habits, the input habits are personal to the user, and other people can hardly know the corresponding answer. Therefore, the embodiment of the invention greatly improves the safety of the identity authentication.
Referring to fig. 2, another embodiment of the method for authenticating an identity in the embodiment of the present invention includes:
201. the server acquires abbreviation information and corresponding meaning information from an input method database of a first terminal, wherein the abbreviation information and the corresponding meaning information are recorded by the first terminal according to input habits of a user;
alternatively, the abbreviation information may be an acronym and the corresponding meaning information may be chinese. In one possible implementation, if the user commonly uses the pinyin input method, the abbreviation information is a pinyin acronym, the corresponding meaning information is a preferred chinese character corresponding to the pinyin acronym, and the first selected chinese character is a chinese character arranged in the input method selection box after the user presses the pinyin acronym from the keyboard.
In another possible implementation manner, if the user commonly uses a five-stroke input method, the abbreviation information is five initials, and the corresponding meaning information is the preferred chinese corresponding to the five initials.
It should be noted that the abbreviation information is a pinyin acronym or five initials, which are only two implementation manners in the embodiment of the present invention, and in practical applications, the abbreviation information may further include a case where the first word is a full pinyin, the second word is an abbreviation, or the first word is a full pinyin. For example, "zsan" or "zhangs" also belong to the abbreviation "zhang san". The abbreviation information may also be abbreviations of english or other languages, and the corresponding meaning information may be corresponding language content, which is not described in detail.
In the embodiment of the present invention, the triggering condition for the server to obtain the abbreviation information and the corresponding meaning information from the input method database in the first terminal may be triggered by the user, for example, the server receives a verification problem generation request sent by the first terminal; in another implementation, the server may also obtain the abbreviation information and the corresponding meaning information according to a preset period, and generate the verification question and the answer, for example, the server obtains the abbreviation information and the corresponding meaning information from the input method database of the first terminal once every seven days, and generates the verification question and the answer, so that the verification question and the answer change frequently, and the security of the identity verification is improved.
202. The server acquires the category information to which the corresponding meaning information belongs from the input method database;
in the input method database, a plurality of phrases or words are generally grouped into categories, and optionally, the groups of the categories may be stored locally in the terminal or in a remote input method server. For example, including automobiles, stars, and places, the phrase "katan" belongs to automobiles, the phrase "normal ice" belongs to stars, and the phrase "Changsha" belongs to places. Such category information has a prompting function on the abbreviation information, so after the server acquires the abbreviation information and the corresponding meaning information, the server can acquire the category of the meaning information according to the meaning information, for example, if the meaning information is "Changsha", the server can also acquire the category of the "Changsha" as a place name.
In another implementation manner, the server may also group the category information to which the corresponding meaning information belongs. For example, the server acquires that meaning information corresponding to the "cs" is "Changsha", and then searches the category information to which the "Changsha" belongs in the database of the server itself according to the "Changsha" as a place name.
It should be noted that step 202 is an optional step.
203. The server generates a verification problem according to the abbreviated information;
specifically, the server generates the verification problem according to the abbreviated information, and the verification problem may be: and the server generates a prompt according to the abbreviated information, wherein the prompt is used for prompting the user to input meaning information corresponding to the abbreviated information. For example, if the abbreviated information is "cs", the generated verification problem may be "please input the chinese corresponding to" cs ". The prompt message may be set to be more specific, such as "please enter" cs "on the keyboard, and enter preferred Chinese based on the selection box".
Optionally, if the server further obtains the category to which the meaning information belongs, the verification question generated by the server may further include the category, for example, the verification question is "please input the place name corresponding to" cs ". Therefore, corresponding prompt information is provided for the user, and the user can input answers more accurately.
204. The server generates a first answer of the verification question according to the corresponding meaning information;
the details are described with reference to step 103.
205. The server receives an identity authentication request sent by a second terminal;
the details are described with reference to step 104.
206. The server sends the verification problem to a second terminal;
since the verification question and the first answer are both stored in the server, when the second terminal needs to be authenticated, the server can retrieve the corresponding verification question and the corresponding first answer from the memory according to the second terminal identifier carried in the authentication request, and send the verification question to the second terminal.
Optionally, the server acquires the abbreviation information and the meaning information from the input method database of the terminal to autonomously generate the verification problem and the answer, so that the user himself does not know the verification problem and the answer of the user, and the user himself cannot guess the correct answer according to the verification problem, which may cause verification failure; therefore, in the embodiment of the present invention, when the server performs the identity authentication on the second terminal, the server may send a plurality of authentication questions to the second terminal, the second terminal lists the authentication questions, and the user autonomously selects one of the authentication questions for response, and the identity authentication is passed after the response. In this way, the user experience is improved.
Alternatively, when the verification problem is a general problem, such as "please input the place name corresponding to" cs ", the thief may guess the correct answer, and the verification may be passed by the imposition. Therefore, in the embodiment of the present invention, when the server performs the authentication on the second terminal, the server may send a plurality of authentication questions to the second terminal, and the server may require the user to answer all or most of the questions to determine that the user has passed the authentication. For example, the server sends five authentication questions, and the user is required to answer three of the questions to pass the authentication. Thus, the security of the identity authentication is improved.
207. The server receives a second answer sent by the second terminal;
when the second terminal receives the verification question sent by the server, the verification question is displayed, when the user sees the verification question displayed by the second terminal, the corresponding second answer is input in the input box, the second terminal sends the second user answer to the server, and the server judges whether the second answer input by the user is correct.
208. The server judges whether the first answer is consistent with the second answer or not, and if so, the server determines that the second terminal identity authentication is passed; if the identity authentication is inconsistent, determining that the second terminal identity authentication is not passed;
and when the server receives a second answer sent by the second terminal, comparing the second answer with the stored first answer corresponding to the verification question, if the second answer is consistent with the first answer, determining that the second terminal identity verification is passed, and if the second answer is not consistent with the first answer, determining that the second terminal identity verification is not passed.
For the sake of understanding, the following describes the authentication method in detail in a specific application scenario:
the user A uses the QQ input method to input characters on the computer, and after a period of time, the QQ input method can make statistics on the use habits of the user A, and the statistical result can be as follows: when the user A inputs 'cs' as a pinyin initial abbreviation, 93% of probability selects 'Changsha' in the candidate word as an input result, 5% of probability selects 'parameter' in the candidate word as an input result, 2% of probability selects 'transmission' in the candidate word as an input result, and then the QQ input method takes the 'cs' as abbreviation information and takes the corresponding Chinese meaning 'Changsha' as meaning information for binding recording.
The user A often logs in the QQ mailbox to send and receive mails, in order to improve the safety of the mailbox and facilitate the user A to find back the password or update the password in time after the mailbox is maliciously stolen, the QQ mailbox server provides secret protection service, namely, secret protection problems and secret protection answers with high privacy are set.
The secret protection question and the secret protection answer can be set by the user A or automatically set by a QQ mailbox server, when the secret protection question and the secret protection answer are set by the QQ mailbox server automatically, the QQ mailbox server can send an information acquisition request to a computer used by the user A every seven days, and the computer can extract the current abbreviated information and the binding record of the corresponding meaning information (such as 'cs' and 'Changsha') from a QQ input method and send the binding record to the QQ mailbox server.
After receiving the abbreviation information "cs" and the corresponding meaning information "Changsha", the QQ mailbox server may determine the category information "place name" to which the meaning information "Changsha" belongs from a local or remote input method database.
Subsequently, the QQ mailbox server selects a verification problem template and determines the form of the verification problem, the form of the verification problem can be a selection problem, a judgment problem and a blank filling problem, and it needs to be explained that different verification problem templates can be suitable for different security level requirements, the selection problem template can be used in a scene with a low security level requirement, the judgment problem template can be selected in a scene with a general security level requirement, and the blank filling problem template can be selected in a scene with a high security level requirement.
Please refer to fig. 3 to 5, fig. 3 is a schematic diagram of a choice question interface, fig. 4 is a schematic diagram of a judgment question interface, and fig. 5 is a schematic diagram of a gap filling question interface.
In this embodiment, the security level required by the QQ mailbox server is high, so a null-filling template is adopted, and the generated verification question is "please input the place name corresponding to cs".
The QQ mailbox server further needs to generate a standard answer corresponding to the verification question, namely "long-sand" according to the meaning information "long-sand", and at the same time, the QQ mailbox server also reads a QQ number 12345 of the user a currently logged in the QQ mailbox, and stores the QQ number, the verification question and the standard answer in an associated manner.
When a user A forgets a self QQ mailbox password, the password can be updated through secret protection, at the moment, the user A can send a password updating request to a QQ mailbox server through a computer or other terminals, the password updating request carries a QQ number 12345 of the user A, and after the QQ mailbox server receives the password updating request, the QQ mailbox server extracts an authentication problem that a place name corresponding to cs is required to be input according to the QQ number.
When the user A directly inputs the pinyin initial letter cs by using the QQ input method, phrases such as 'Changsha', 'parameters', 'transmission' and the like can be displayed according to the use habit recorded by the QQ input method, in the displayed phrase result, the user independently selects a reasonable phrase as an answer to be displayed, and after the QQ mailbox server receives the answer, the QQ mailbox server can determine that the answer is consistent with the standard answer through comparison, namely the QQ mailbox server can confirm that the identity verification is passed, and can perform subsequent operation.
And if the user B illegally acquires the QQ number of the user A and attempts to steal the QQ mailbox of the user A, the user B sends a password updating request to a QQ mailbox server through a computer or other terminals, wherein the password updating request carries the QQ number 12345 of the user A, and after receiving the password updating request, the QQ mailbox server extracts an authentication problem 'please input the place name corresponding to cs' according to the QQ number.
Although a certain prompt, namely the name of a place, exists in the verification question, the using habits of the user B and the user A using the input method are not necessarily the same, when the user B inputs the pinyin acronym cs, the user B does not know the inputting habits of the user A, so that the Chinese meanings of the user B selected as the answer on the screen can be 'rare', 'Chaoshan' and the like, and after the Chinese meanings are sent to the QQ mailbox server as the answer, the QQ mailbox server rejects the password updating request of the user B because the answer is not consistent with the standard answer.
Referring to fig. 6, an embodiment of the server in the embodiment of the present invention includes:
an obtaining unit 601, configured to obtain abbreviation information and corresponding meaning information in an input method database of a first terminal, where the abbreviation information and the corresponding meaning information are recorded by the first terminal according to an input habit of a user;
the details are described with reference to step 101.
A generating unit 602, configured to generate a verification question according to the abbreviation information;
the details are described with reference to step 102.
The generating unit 602 is further configured to generate a first answer to the verification question according to the corresponding meaning information;
the details are described with reference to step 103.
A first receiving unit 603, configured to receive an authentication request sent by a second terminal;
the details are described with reference to step 104.
An authentication unit 604, configured to authenticate the second terminal with the authentication question and the first answer;
the details are described with reference to step 105.
Referring to fig. 7, another embodiment of the server in the embodiment of the present invention includes:
an obtaining unit 701, configured to obtain abbreviated information and corresponding meaning information in an input method database of a first terminal, where the abbreviated information and the corresponding meaning information are recorded by the first terminal according to an input habit of a user;
the details are described with reference to step 201.
The obtaining unit 701 is further configured to: acquiring category information to which the corresponding meaning information belongs from the input method database;
details are described with reference to step 202.
A generating unit 702, configured to generate a verification question according to the abbreviation information;
the details are described with reference to step 203.
The generating unit 702 is further configured to generate a first answer to the verification question according to the corresponding meaning information;
the details are described with reference to step 204.
A first receiving unit 703, configured to receive an authentication request sent by a second terminal;
the details are described with reference to step 205.
The verification unit 704 specifically includes: a sending unit 7041, configured to send the verification problem to the second terminal;
the details are described with reference to step 206.
A second receiving unit 7042, configured to receive a second answer sent by the second terminal;
details are described with reference to step 207.
A determining unit 7043, configured to determine whether the first answer is consistent with the second answer;
a determining unit 7044, configured to determine that the second terminal identity verification passes when the determining unit determines that the first answer is consistent with the second answer;
the determining unit 7044 is further configured to determine that the second terminal identity authentication is not passed when the determining unit determines that the first answer is inconsistent with the second answer.
The details are described with reference to step 208.
It should be noted that, in the server in the embodiment of the present invention, the obtaining Unit, the generating Unit, the determining Unit, and the determining Unit may all be implemented by being Integrated on a processor, and the first receiving Unit, the second receiving Unit, and the sending Unit may all be implemented by being Integrated on a transceiver, where the processor includes a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), or other Programmable logic devices.
Fig. 8 is a schematic diagram of a server structure provided by an embodiment of the present invention, where the server 800 may have a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 822 (e.g., one or more processors) and a memory 832, one or more storage media 830 (e.g., one or more mass storage devices) for storing applications 842 or data 844. Memory 832 and storage medium 830 may be, among other things, transient or persistent storage. The program stored in the storage medium 830 may include one or more modules (not shown), each of which may include a series of instruction operations for the server. Still further, a central processor 822 may be provided in communication with the storage medium 830 for executing a series of instruction operations in the storage medium 830 on the server 800.
The server 800 may also include one or more power supplies 826, one or more wired or wireless network interfaces 850, one or more input-output interfaces 858, and/or one or more operating systems 841, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and so forth.
The steps performed by the server in the above embodiments may be based on the server structure shown in fig. 8.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for identity verification, which is applied to a server, the method comprising:
acquiring abbreviated information and corresponding meaning information in an input method database of a first terminal, wherein the abbreviated information and the corresponding meaning information are recorded by the first terminal according to the input habit of a user;
generating a verification problem according to the abbreviated information;
generating a first answer to the verification question according to the corresponding meaning information;
receiving an identity authentication request sent by a second terminal;
sending the verification problem to a second terminal;
receiving a second answer sent by the second terminal;
judging whether the first answer is consistent with the second answer or not, and if so, determining that the second terminal identity authentication is passed; and if the identity authentication is not consistent, determining that the second terminal identity authentication is not passed.
2. The method of claim 1, wherein the abbreviation information is a pinyin acronym and the corresponding meaning information is a preferred chinese language to which the pinyin acronym corresponds; or,
the abbreviation information is five acronyms, and the corresponding meaning information is the preferred Chinese corresponding to the five acronyms.
3. The method of claim 1, wherein the verification problem comprises: and prompting the user to input meaning information corresponding to the abbreviated information.
4. The method of claim 1, further comprising:
acquiring category information to which the corresponding meaning information belongs from the input method database;
generating a verification question according to the abbreviated information includes:
and generating a verification question according to the abbreviated information and the category information, wherein the verification question is a prompt for prompting a user to input meaning information corresponding to the abbreviated information according to the category information.
5. A server, characterized in that the server comprises:
the acquisition unit is used for acquiring abbreviated information and corresponding meaning information in an input method database of a first terminal, wherein the abbreviated information and the corresponding meaning information are recorded by the first terminal according to the input habit of a user;
the generating unit is used for generating a verification problem according to the abbreviation information;
the generating unit is further used for generating a first answer of the verification question according to the corresponding meaning information;
the first receiving unit is used for receiving an authentication request sent by the second terminal;
the sending unit is used for sending the verification problem to a second terminal;
a second receiving unit, configured to receive a second answer sent by the second terminal;
the judging unit is used for judging whether the first answer is consistent with the second answer;
the determining unit is used for determining that the second terminal passes the authentication when the judging unit judges that the first answer is consistent with the second answer;
the determining unit is further configured to determine that the second terminal identity authentication is not passed when the determining unit determines that the first answer is inconsistent with the second answer.
6. The server according to claim 5, wherein the abbreviation information is a pinyin acronym and the corresponding meaning information is a preferred chinese language corresponding to the pinyin acronym; or,
the abbreviation information is five acronyms, and the corresponding meaning information is the preferred Chinese corresponding to the five acronyms.
7. The server of claim 5, wherein the validation problem comprises: and prompting the user to input meaning information corresponding to the abbreviated information.
8. The server according to claim 5, wherein the obtaining unit is further configured to:
acquiring category information to which the corresponding meaning information belongs from the input method database;
the generating unit is specifically configured to:
and generating a verification question according to the abbreviated information and the category information, wherein the verification question is a prompt for prompting a user to input meaning information corresponding to the abbreviated information according to the category information.
9. A server, comprising: a processor and a storage medium;
the storage medium is used for storing instructions;
the server is used for executing the instructions in the storage medium to realize the identity verification method according to any one of claims 1-4.
10. A computer-readable storage medium having stored therein instructions for causing a computer device to perform the steps of the method of identity verification according to any one of claims 1 to 4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610322308.7A CN107370603B (en) | 2016-05-13 | 2016-05-13 | Identity authentication method, server and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610322308.7A CN107370603B (en) | 2016-05-13 | 2016-05-13 | Identity authentication method, server and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107370603A CN107370603A (en) | 2017-11-21 |
CN107370603B true CN107370603B (en) | 2020-05-05 |
Family
ID=60304227
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610322308.7A Active CN107370603B (en) | 2016-05-13 | 2016-05-13 | Identity authentication method, server and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107370603B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108090373A (en) * | 2017-12-26 | 2018-05-29 | 赤脊山科技(广州)有限公司 | A kind of data processing and exploitation total management system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006107134A (en) * | 2004-10-05 | 2006-04-20 | Japan Science & Technology Agency | Health information providing system, and method thereof |
CN101414905A (en) * | 2007-10-17 | 2009-04-22 | 谢丹 | Various selectivity cipher safety authentication system and method |
CN102063452A (en) * | 2010-05-31 | 2011-05-18 | 百度在线网络技术(北京)有限公司 | Method, equipment, server and system for inputting characters by user |
CN102075507A (en) * | 2010-07-30 | 2011-05-25 | 百度在线网络技术(北京)有限公司 | User verification method and equipment based on word-sentence verification diagram |
CN104917612A (en) * | 2014-03-14 | 2015-09-16 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
-
2016
- 2016-05-13 CN CN201610322308.7A patent/CN107370603B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006107134A (en) * | 2004-10-05 | 2006-04-20 | Japan Science & Technology Agency | Health information providing system, and method thereof |
CN101414905A (en) * | 2007-10-17 | 2009-04-22 | 谢丹 | Various selectivity cipher safety authentication system and method |
CN102063452A (en) * | 2010-05-31 | 2011-05-18 | 百度在线网络技术(北京)有限公司 | Method, equipment, server and system for inputting characters by user |
CN102075507A (en) * | 2010-07-30 | 2011-05-25 | 百度在线网络技术(北京)有限公司 | User verification method and equipment based on word-sentence verification diagram |
CN104917612A (en) * | 2014-03-14 | 2015-09-16 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
Also Published As
Publication number | Publication date |
---|---|
CN107370603A (en) | 2017-11-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103546877B (en) | A kind of method, system and mobile terminal obtaining simultaneously input content code | |
US9602484B2 (en) | Online user account login method and a server system implementing the method | |
US8213583B2 (en) | Secure access to restricted resource | |
CN104468531B (en) | The authorization method of sensitive data, device and system | |
CN104917716B (en) | Page security management method and device | |
US9369468B2 (en) | Generation of a visually obfuscated representation of an alphanumeric message that indicates availability of a proposed identifier | |
US20050039056A1 (en) | Method and apparatus for authenticating a user using three party question protocol | |
US10523665B2 (en) | Authentication on thin clients using independent devices | |
US20160014120A1 (en) | Method, server, client and system for verifying verification codes | |
US10594685B2 (en) | User selected key authentication | |
CN108809895B (en) | Method and device for detecting weak password | |
CN103368928A (en) | System and method for resetting account password | |
CN105376287A (en) | Identification data processing method and system, and server | |
CN107517180B (en) | Login method and device | |
CN107580002B (en) | Double-factor authentication security manager login system and method | |
CN105790945B (en) | A kind of authentication method, device and system realizing user's unique identities and authenticating | |
CN108111533A (en) | The registration login method and system of APP | |
US20050033993A1 (en) | Method of authorising a user | |
CN111651749A (en) | Method and device for finding account based on password, computer equipment and storage medium | |
CN107370603B (en) | Identity authentication method, server and computer readable storage medium | |
CN104601532B (en) | A kind of method and device of logon account | |
CN111666543A (en) | Identity authentication code generation system and method based on user input habit | |
CN113268780B (en) | Identity authentication method and device, computer equipment and storage medium | |
JP2018028759A (en) | Program and information processing apparatus | |
US20220253511A1 (en) | Systems and Methods for Using Typing Characteristics for Authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |