CN111552932A - Authentication method, apparatus, electronic device, and readable storage medium - Google Patents

Abstract

The embodiment of the invention provides an identity authentication method, an identity authentication device, electronic equipment and a readable storage medium, aiming at improving the flexibility of identity authentication. The identity authentication method is applied to a server side, and comprises the following steps: receiving an identity authentication request sent by terminal equipment, wherein the identity authentication request carries account information; judging whether the terminal equipment is history login equipment corresponding to the account information or not; acquiring the intimacy between the historical login equipment corresponding to the account information and the terminal equipment under the condition that the terminal is not one historical login equipment corresponding to the account information; and performing identity verification based on a verification mode corresponding to the intimacy degree.

Description

Authentication method, apparatus, electronic device, and readable storage medium

technical field

The present invention relates to the field of Internet technologies, and in particular, to an identity verification method, an apparatus, an electronic device and a readable storage medium.

Background technique

With the development of Internet technology, more and more offline service providers provide online services to users through the Internet, such as video playback services, live TV services, e-commerce services, takeaway services, news services, reading services, Instant messaging services, wealth management services, taxi-hailing services, etc. Usually, service providers will develop clients and/or web pages related to their service types, and promote the clients and/or web pages to users, so that users can interact with the server through the clients and/or web pages, and then enjoy corresponding online services.

In the related art, in order for the server to distinguish each user, each user registers an account, and the server may regard each account as a user. When a user logs in to an account, an identity verification is required. At present, the conventional identity verification methods include but are not limited to: password verification, SMS verification, biometric verification, etc. For example, when a user uses the mobile phone of another person (such as the user's family member, friend, colleague, etc.) to log in to his account, or when someone logs in to another user's account on his mobile phone, usually not only does he need to enter the login password, but the server does not It may prevent account theft, and users will also be required to perform SMS verification.

It can be seen that in the case of the above example, in order to prevent account theft and ensure account security, the server usually uses a double authentication method of password verification + SMS verification for identity verification. However, the flexibility of this verification method is low, and in some cases, the authentication process may be too cumbersome.

SUMMARY OF THE INVENTION

The purpose of the embodiments of the present invention is to provide an identity verification method, apparatus, electronic device, and readable storage medium, so as to improve the flexibility of identity verification. The specific technical solutions are as follows:

In the first aspect of the embodiments of the present invention, an identity verification method is first provided, which is applied to a server, and the method includes:

receiving an identity verification request sent by the terminal device, where the identity verification request carries account information;

Determine whether the terminal device is a historical login device corresponding to the account information;

In the case that the terminal is not a historical login device corresponding to the account information, acquiring the intimacy between the historical login device corresponding to the account information and the terminal device;

Based on the verification method corresponding to the intimacy, the identity verification is performed.

In the second aspect of the embodiment of the present invention, another authentication method is also provided, which is applied to the server, and the method includes:

receiving an identity verification request sent by the terminal device, where the identity verification request carries account information;

determining an intimate terminal device corresponding to the terminal device, wherein the intimacy between the intimate terminal device and the terminal device satisfies a preset condition;

In the case that the intimate terminal device is a historical login device corresponding to the account information, perform identity verification based on a preset verification method

In a third aspect of the embodiments of the present invention, an identity verification device is also provided, which is arranged on a server, and the device includes:

a request receiving module, configured to receive an identity verification request sent by the terminal device, where the identity verification request carries account information;

a historical login device judgment module, configured to determine whether the terminal device is a historical login device corresponding to the account information;

an intimacy acquisition module, configured to acquire the intimacy between the historical login device corresponding to the account information and the terminal device when the terminal is not a historical login device corresponding to the account information;

The identity verification module is used for performing identity verification based on the verification method corresponding to the intimacy.

In a fourth aspect of the embodiments of the present invention, another identity verification device is also provided, which is set at the server, and the device includes:

a request receiving module, configured to receive an identity verification request sent by the terminal device, where the identity verification request carries account information;

an intimacy terminal device determining module, configured to determine an intimacy terminal device corresponding to the terminal device, wherein the intimacy between the intimacy terminal device and the terminal device satisfies a preset condition;

An identity verification module, configured to perform identity verification based on a preset verification method when the intimate terminal device is a historical login device corresponding to the account information.

In a fifth aspect of the embodiments of the present invention, an electronic device is also provided, including a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory communicate with each other through the communication bus;

memory for storing computer programs;

The processor is configured to implement the method steps described in the first aspect or the second aspect of the embodiment of the present invention when executing the program stored in the memory.

In yet another aspect of the implementation of the present invention, there is also provided a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, when the computer-readable storage medium is run on a computer, the computer is made to execute any one of the above-mentioned identities Authentication method.

In yet another aspect of the implementation of the present invention, there is also provided a computer program product containing instructions, which, when running on a computer, cause the computer to execute any one of the authentication methods described above.

By implementing the identity verification method provided by the embodiment of the present invention, when a user uses his terminal device to log in to another person's account, or when a user uses another person's mobile phone to log in to his own account, after receiving the identity verification request sent by the terminal device, the server: If the terminal device is not a historical login device corresponding to the account to be logged in, the intimacy between the historical login device corresponding to the account and the terminal device is obtained, and a corresponding verification method is selected according to the intimacy for identity verification, so that different The authentication methods corresponding to intimacy are different, thereby improving the flexibility of authentication.

Description of drawings

In order to illustrate the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that are required in the description of the embodiments or the prior art.

1 is a flowchart of an identity verification method proposed by an embodiment of the present invention;

2 is a flowchart of establishing an association relationship map proposed by an embodiment of the present invention;

3 is a schematic diagram of an association relationship map proposed by an embodiment of the present invention;

4 is a flowchart of determining intimacy proposed by an embodiment of the present invention;

5 is a flowchart of an identity verification method proposed by another embodiment of the present invention;

6(a) is a schematic diagram of an identity verification device proposed by an embodiment of the present invention;

FIG. 6(b) is a schematic diagram of an identity verification device proposed by another embodiment of the present invention

7 is a schematic diagram of an identity verification device proposed by another embodiment of the present invention;

FIG. 8 is a schematic diagram of an electronic device according to an embodiment of the present invention.

Detailed ways

The technical solutions in the embodiments of the present invention will be described below with reference to the accompanying drawings in the embodiments of the present invention.

In the field of Internet technology, online service providers usually develop clients and/or web pages related to their service types, and promote the clients and/or web pages to users, so that users can use the clients and/or web pages to Interact with the server to enjoy the corresponding online services.

Since there are many users on the server side, in order to make the server side distinguish each user, each user will register an account, and the server side can treat each account as a user. When a user logs in to an account, an identity verification is required. At present, the conventional identity verification methods include but are not limited to: password verification, SMS verification, biometric verification, etc. Example 1, for example, when a user logs in to his account using his own terminal device, he usually needs to enter a login password. Example 2, for example, when a user logs in to his account using the mobile phone of someone else (such as the user's family member, friend, colleague, etc.), or when someone logs in to another user's account on his mobile phone, usually not only needs to enter the login password, but the server To prevent account theft as much as possible, users will also be required to perform SMS verification.

However, in most cases, the operation of using one's own terminal device to log in to another person's account is generally performed with the offline permission of the account owner, or the login operation is performed by the account owner himself. For example, user A's family member B uses his own mobile phone to log in to user A's account; or user A uses his family member B's mobile phone to log in to his own account; or user A borrows his account to his family member B's colleague C, and the colleague C uses his own mobile phone to log in to user A's account. It can be seen that in these scenarios, the login operation of user A's account is performed with the permission of user A, which is a safe login operation. However, in related technologies, the server will still use the double password verification + SMS verification. Authentication method to authenticate.

It can be seen that the flexibility of the current verification method is low, and in some cases, the authentication process is too cumbersome, the verification efficiency is low, and the user experience is affected.

Therefore, based on the same inventive concept, the present invention provides various authentication methods, apparatuses, electronic devices and readable storage media through the following embodiments, aiming to improve the flexibility of authentication and improve user experience.

Referring to FIG. 1, FIG. 1 is a flowchart of an identity verification method proposed by an embodiment of the present invention, and the identity verification method is applied to a server. As shown in Figure 1, the authentication method includes the following steps:

Step S11: Receive an identity verification request sent by the terminal device, where the identity verification request carries account information.

The type of the terminal device may be: a mobile phone, a tablet computer, a notebook computer or a desktop computer. It should be noted that the present invention does not limit the type of the terminal device.

Among them, the account information is the information used by the server to distinguish different accounts, and the type of account information can be: account name, character string, number, mobile phone number or email address, etc. It should be noted that the specific details of the account information in the present invention The form is not limited. Wherein, considering that account information and account entities are usually in a one-to-one correspondence, in the following embodiments of the present invention, account information is simply referred to as an account.

The present invention can be applied to the link of identity verification performed by the server in the Internet field, and the present invention does not limit specific application scenarios. For example, the identity verification request received by the server in the above step S51 may be: a request sent by the terminal device to the server when the first user logs in to the account of the second user using its terminal device. It may also be a request sent by the second user's terminal device to the server when the first user uses the second user's terminal device to log in to the first user's own account. It may also be a request sent by the terminal device to the server when the first user logs in to his account using his terminal device. The server performs the identity verification process for the identity verification requests received in the above-mentioned various application scenarios (ie, the following steps S12 to S14), so as to select the corresponding verification method for the terminal device that sends the identity verification request, so as to obtain the corresponding verification method. End devices are authenticated.

In some embodiments of the present invention, in addition to account information, the identity verification request may also include a device identification of the terminal device that sends the identity verification request, and may also include a login password input by the user. The purpose of the terminal device sending the identity verification request to the server is to make the server perform identity verification, and to grant credit to the terminal device when the identity verification is passed.

Step S12: Determine whether the terminal device is a historical login device corresponding to the account information.

During the specific implementation of the present application, if the terminal device is a historical login device corresponding to the account information, an identity verification method with a simpler process may be selected, such as the following second verification method. For example, password authentication may be used for authentication. As mentioned above, in some embodiments, the authentication request sent by the terminal device may include the login password input by the user. If the terminal device is a historical login device corresponding to the account to be logged in, the server may The login password is used for identity verification, and if the verification is passed, the terminal device is trusted, that is, the server is sure that the terminal device has the right to log in to the account to be logged in.

If the terminal device is not a historical login device corresponding to the account information, the following steps S13 and S14 are performed to select an appropriate authentication method for the terminal device (for example, an authentication method with a simple process, or a process more complex authentication methods).

During the specific implementation of the present application, the server stores the information of the historical login device corresponding to each account, for example, stores the device identifier of the historical login device of each account. When the server receives an authentication request sent by a terminal device, it can determine whether the terminal device corresponds to the account by querying whether the information of the terminal device is included in the historical login device information corresponding to the account to be logged into the terminal. A history of logging in to the device.

Wherein, the historical login device corresponding to an account refers to a terminal device that has logged into the account once. For example, the account of user A's video playback software has been logged in not only by user A's own mobile phone a, but also by user A's own tablet computer b, user A's family mobile phone c, and user A's colleague's mobile phone d. The historical login devices corresponding to the account of user A include: mobile phone a, tablet computer b, mobile phone c, and mobile phone d.

Or, considering that an account may be logged in by multiple terminal devices successively after the registration is completed. The terminal device with a long login time usually has lost the intimate relationship with the account holder. For example, user A lent his account to his colleague B one year ago, and the colleague B used his mobile phone e to log into the account for a short time. However, within this year, colleague B has resigned from the original company, because user A has lost the close relationship with colleague B and colleague B's mobile phone e, that is, the relationship with the same office area. In this way, in the present invention, the terminal device whose last login time exceeds the preset time limit may not be regarded as the historical login device corresponding to the account. In other words, in the present invention, a historical login device corresponding to an account may also refer to a terminal device that has logged into the account within a preset time range (for example, within 3 months).

Alternatively, the historical login device corresponding to an account may also refer to: the terminal device that has logged in the account the most times, or the terminal device that has logged in the account the longest cumulative time. For ease of understanding, for example, the account of user A's video playback software has been logged in not only by user A's own mobile phone a, but also by user A's own tablet computer b, user A's family's mobile phone c, and user A's colleague's mobile phone d. The number of times that the mobile phone a, the tablet computer b, the mobile phone c, and the mobile phone d log into the account of the user A are: 72 times, 29 times, 6 times, and 1 time, respectively. It can be seen that the account of user A is logged in the most times by mobile phone a, so the historical login device corresponding to the account of user A is mobile phone a. Alternatively, the accumulated durations of the mobile phone a, the tablet computer b, the mobile phone c, and the mobile phone d logging into the account of the user A are: 2761 hours, 904 hours, 17 hours, and 2 hours, respectively. It can be seen that the account of user A has been logged in by mobile phone a with the longest accumulated time, so the historical login device corresponding to the account of user A is mobile phone a.

Step S13: In the case that the terminal is not a historical login device corresponding to the account information, acquire the intimacy between the historical login device corresponding to the account information and the terminal device.

As mentioned above, the historical login device corresponding to the account may refer to a terminal device that has logged in the account once. It may also refer to: a terminal device that has logged into the account within a preset time range. It may also refer to: the terminal device that has logged into the account the most times, or the terminal device that has logged into the account with the longest cumulative duration (hereinafter referred to as the most frequently logged-in device).

Among them, the intimacy between devices is represented: the degree of direct proximity and/or the degree of indirect proximity between devices in geographic location. Among them, the two devices are directly adjacent means: the two devices are located in the same spatial geographic location (such as the same cell, the same office area, etc.), or share the same network device (using a common connection to the same WiFi router, sharing the same WiFi signal), Or share the same public IP address (Internet Protocol Address). Wherein, the two devices are indirectly adjacent to each other means that the two devices are not directly adjacent to each other, but both the two devices are directly adjacent to the third device. In other words, the first device and the second device are not directly adjacent, but a third device is not only directly adjacent to the first device, but also directly adjacent to the second device, then the first device and the second device are directly adjacent to each other. Devices are indirectly adjacent.

For ease of understanding, for example, mobile phone a of user A and mobile phone c of user A's family are often located in the same spatial area (eg, the same cell) and share the same wifi signal. Therefore, mobile phone a and mobile phone c are geographically adjacent to each other. And because mobile phone a and mobile phone c appear in the same spatial area at the same time many times and/or for a long time, the direct adjacent degree of mobile phone a and mobile phone c is very high, so the intimacy between mobile phone a and mobile phone c is very high. high. For another example, the mobile phone c of user A's family member and the mobile phone f of the family member's colleague are often in the same area (for example, in an office), and may also share the same wifi signal. Therefore, the geographical location of mobile phone c and mobile phone f are directly adjacent. And because mobile phone c and mobile phone f appear in the same spatial area at the same time many times and/or for a long time, the direct adjacent degree of mobile phone c and mobile phone f is very high, so the intimacy between mobile phone c and mobile phone f is very high. high. For another example, as described in the previous example, since the direct adjacent degree of geographic location between mobile phone a and mobile phone c is very high, and the direct adjacent degree of geographical location between mobile phone c and mobile phone f is very high, so the distance between mobile phone a and mobile phone f is very high. The geographical location between the two is indirectly adjacent, and the degree of indirect adjacent is relatively high, so the intimacy between mobile phone a and mobile phone e is relatively high.

During the implementation of the present invention, if there are multiple historical login devices corresponding to an account, the intimacy between the terminal device and each historical login device can be sequentially determined, and multiple intimacy can be determined. The following step S14 is then performed based on the largest intimacy among the plurality of intimacy. Or if the most frequently logged-in device is used as the historically logged-in device, it is only necessary to determine the affinity between the terminal device and the most frequently logged-in device, and perform the following step S14 based on the affinity.

During the implementation of the present invention, in order to determine the intimacy between the historical log-in device and the terminal device, any one of a variety of determination methods can be used. The present invention will introduce several optional determination methods in detail below through some specific embodiments. , the present invention will not be repeated here for the time being.

Step S14: Perform identity verification based on the verification method corresponding to the intimacy.

In some embodiments of the present invention, the data type of intimacy may be a numerical value, and the magnitude of the numerical value represents the degree of intimacy between devices. For example, in some embodiments, the larger the value of intimacy is, the more intimate the device is. Or in some embodiments, the smaller the value of intimacy is, the more intimate the device is. Still or in some embodiments, the closer the value is to the target value (eg, 0), the closer the device is to the device.

In these embodiments where the data type of intimacy is a numeric value, the numeric value of intimacy can be divided into different grades. For example, the larger the value, the closer the device and the device are. For example, the value of intimacy can be divided into two grades, the value greater than or equal to the preset threshold is the first grade, and the value smaller than the preset threshold value is the second grade. Different levels of intimacy correspond to different verification methods.

In the specific implementation, it is considered that the two devices whose intimacy is the first gear are relatively close, so the respective holders of the two devices usually also have an intimate relationship, and one of the two holders is in their own device. The act of logging into another party's account on the Internet is usually a secure login act. Therefore, in order to simplify the login process and improve the login efficiency, the complexity of the verification method corresponding to the first file is relatively low, for example, the verification method may be: password verification. Considering that the two devices with the second level of intimacy are not very intimate, the respective holders of the two devices usually do not have an intimate relationship, and one of the two holders is in their own device. The act of logging in to another party's account on the Internet is not necessarily a secure login act. Therefore, in order to improve the security of the account and prevent the account from being stolen, the verification method corresponding to the second level is more complicated. For example, the verification method can be: double verification of password verification + SMS verification.

In still other embodiments of the present invention, the data type of intimacy may also be a code, and different codes represent different degrees of intimacy. For example, the code 1 represents a high degree of intimacy between devices, and a code 0 represents a low degree of intimacy between devices.

In these embodiments, the intimacy of different codes corresponds to different verification methods. For example, the verification method corresponding to the code number 0 has high complexity. For example, the verification method may be a double verification method of password verification + SMS verification. The verification method corresponding to the code 1 has a relatively low complexity, for example, the verification method may be: password verification.

It should be noted that the present invention does not limit the data type of intimacy.

During the implementation of the present invention, if the server determines to perform identity verification by means of password verification after performing the above steps S11 to S14, the server can directly verify the password carried in the identity verification request, and if the verification passes Under the circumstance, granting credit to the terminal device means that the terminal device has the authority to log in to the above-mentioned account (that is, the account corresponding to the account information carried in the identity verification request), thereby realizing the rapid credit granting to the terminal device and improving the efficiency of identity verification. In order to improve the user experience. If the server determines to perform identity verification in the form of password verification + SMS verification after performing the above steps S11 to S14, the server can first verify the password carried in the identity verification request, and if the verification is passed , and then perform SMS verification, and grant credit to the terminal device if the SMS verification is passed.

By executing the above-mentioned identity verification method including steps S11 to S13, when someone else uses his terminal device to log in to a certain user's account, or when a certain user uses another person's mobile phone to log in to his own account, the server receives the identity sent by the terminal device. After verifying the request, if the terminal device is not a historical login device corresponding to the account to be logged in, the intimacy between the historical login device corresponding to the account and the terminal device is obtained, and a corresponding verification method is selected according to the intimacy. Authentication makes the authentication methods corresponding to different intimacy different, thereby improving the flexibility of authentication.

In some embodiments of the present invention, when performing the above step S14, that is, when performing identity verification based on the verification method corresponding to the degree of intimacy, specifically, the first verification method may be used when the degree of intimacy satisfies a preset condition. Perform identity verification; in the case that the degree of intimacy does not meet the preset condition, perform identity verification in a second verification method; wherein, the complexity of the first verification method is lower than that of the second verification method sex.

In the above-mentioned embodiments, if the data type of the intimacy is a numerical value, the preset condition may be: the intimacy is greater than or equal to the preset threshold. When the intimacy between the terminal device and the historical login device reaches the preset threshold, the first verification method with lower complexity is used for authentication, and the intimacy between the terminal device and the historical login device does not reach the preset threshold In the case of the threshold, the authentication is performed in the second authentication method with higher complexity.

In the above-mentioned embodiments, the complexity of the verification method can be reflected in the number of verification steps. For example, the more verification steps that need to be performed, the higher the complexity of the verification method. As mentioned above, for example, some verification methods include two verification steps, such as password verification and SMS verification, and this verification method has high complexity. For another example, some verification methods only include a password verification step, and the complexity of the verification methods is low. In the specific implementation of the present invention, the complexity of the above-mentioned first verification method is relatively low, and the first verification method includes at least one of the following verification steps: password verification, biometric verification, grid pattern sliding verification, gesture verification, Body posture verification. The complexity of the above-mentioned second verification method is relatively high, and the second verification method includes the following verification steps: a verification step included in the first verification method, and a short message verification step.

It should be noted that the present invention does not limit the specific content of the preset conditions.

It should also be noted that the above-mentioned embodiments are equivalent to dividing the intimacy into two grades, wherein one grade is that the intimacy meets the preset condition, and the other grade is that the intimacy does not meet the preset condition. However, the present invention can also divide the level of intimacy into three, four or more different levels, and different levels of intimacy correspond to different verification methods. Among them, the higher the level of intimacy corresponds to the lower the complexity of the verification method.

Since there is usually a high degree of direct/indirect adjacency between the two devices when the intimacy between the two devices is high, there is usually a direct or indirect interpersonal relationship between the respective holders of the two devices. For example, two holders are family members who often live together, or two holders are colleagues who often work together. Another example is that both holders often get along with another terminal holder. For example, holder A and terminal holder B are family members, and the two are often in the family, and terminal holder B Holder C is a colleague, and the two are often in the company, so there is an indirect interpersonal relationship between holder A and holder C.

Therefore, in the above case, the behavior of one of the two holders logging into the other party's account on its own device is usually a secure login behavior, not an account theft behavior. In other words, the logged in account is safe. . However, the server determines the verification method through the above-mentioned embodiments of the present invention, just can determine a relatively simple verification method, and then performs identity verification based on the verification method. It can be seen that under the condition of ensuring account security, the server chooses a simple verification method for identity verification, which is conducive to improving the verification efficiency and thus improving the user experience.

In other cases, if a network attacker wants to use his terminal device to log in to the accounts of other normal users, since there is usually no direct or indirect interpersonal relationship between the network attacker and normal users, the network attacker’s device and normal users usually do not have direct or indirect relationships. The intimacy between the terminal devices (that is, the historical login devices corresponding to the accounts of normal users) is relatively low. However, when the server determines the verification method by means of the above-mentioned embodiments of the present invention, since the intimacy between the network attacker's device and the normal user's terminal device is low, the server can just determine a more complex authentication method. Authentication method, and then perform identity authentication based on the authentication method, which is beneficial to ensure account security and prevent user accounts from being attacked by network.

As mentioned above, during the implementation of the present invention, in order to determine the intimacy between the history logging device and the terminal device in the above step S13, any determination method among various determination methods may be adopted. Hereinafter, the present invention introduces several optional determination manners through some specific implementation manners.

The first specific implementation manner of performing the above step S13: determining the intimacy between the terminal device and the historical login device based on the pre-established association relationship graph.

Referring to FIG. 2 , FIG. 2 is a flowchart of establishing an association relationship graph according to an embodiment of the present invention. The establishment process is performed before the above-mentioned steps S11 to S14, and can be regarded as a preparation stage before the server performs identity verification on each terminal device. As shown in Figure 4, the establishment process includes the following steps:

Step S01: Pre-receive and store device information reported by multiple devices, wherein each group of device information reported by each device is used to represent: the spatial geographic location and/or virtual geographic location of the device when reporting the group of device information Location.

In some embodiments of the present invention, any terminal device that interacts with the server can/need to report multiple sets of device information to the server. Or after the terminal device owner grants the terminal device authority, the terminal device can/need to report multiple sets of device information to the server. Alternatively, the server can delineate that the clients of some users can/need to report multiple sets of device information to the server.

In some embodiments of the present invention, the server may collect multiple sets of device information reported by various devices within a specific period of time. For example, each device continuously reports multiple sets of device information to the server within a month. For example, within a month, a device reports a set of device information to the server every 5 minutes. In this way, the server collects multiple sets of device information reported by multiple devices within this month.

The set of device information reported by the device includes at least one of the following: longitude and latitude information, geographic location name, wifi identifier, and ip address. Among them, the latitude and longitude information and geographic location information belong to the category of spatial geographic location, and the wifi identifier and IP address belong to the category of virtual geographic location.

For example, in the multiple sets of device information successively reported by the respective terminal devices of multiple family members, when two or more family members are at home at the same time, and their respective terminal devices report device information to the server during this period, then Among the multiple sets of device information reported by each terminal device during this period, it has the same or close latitude and longitude information, has the same wifi identifier, and has the same external network ip address.

Step S02: According to the device information respectively reported by the multiple devices, determine the devices that are geographically adjacent from the multiple devices.

Step S03: For every two devices in the plurality of devices that are geographically adjacent, obtain the degree of association between the two devices according to respective device information of the two devices.

In some or all embodiments of the present invention, in order to determine the degree of association between two devices, after acquiring the multiple sets of device information reported by the multiple devices, the server may, for each of the multiple devices, Determine the top n groups of device information with the highest frequency among the multiple groups of device information reported by the device successively. For every two devices, the server determines the degree of association between the two devices according to the information of the top n groups of devices with the highest occurrence frequency of the two devices.

For example, a work place of a certain user (ie company) is located in an office building in Haidian District, Beijing, and the residence of the user (ie home) is located in a community in Xicheng District, Beijing. The user's mobile phone has successively reported multiple sets of device information to the server within one month, including: multiple sets of device information reported at home, multiple sets of device information reported at the company, and multiple sets of device information reported during shopping in the mall Group device information, group device information reported during commute, and more. The server performs clustering on multiple sets of device information reported by the user's mobile phone, and determines the first two sets of device information with the highest frequency. For example, the first two groups of device information with the highest frequency are: device information reported during home and device information reported during company. In this way, the server can determine the degree of association between the mobile phone and other devices according to the device information reported by the mobile phone at home and the device information reported in the company.

In some embodiments of the present invention, in order to determine the degree of association between two devices, the server may first determine multiple devices located in the same For every two devices in the multiple devices, combine the first n sets of device information of the two devices in pairs to obtain multiple device information combinations, and then calculate the similarity of each device information combination, and calculate the similarity with the largest value. as the degree of association between the two devices.

For example, according to the first two sets of device information of each device, the server determines that the devices that often appear at the geographic location X include: device 2 , device 4 , and device 5 . Then, for every two of the three devices, the degree of association between the two devices is determined. Taking device 2 and device 4 as an example, the first two groups of device information of device 2 and the first two groups of device information of device 4 are combined in pairs to obtain four device information combinations. Then, for each combination of device information, the similarity is calculated, and a total of 4 similarities are obtained. Finally, the maximum similarity is determined as the degree of association between device 2 and device 4.

Among them, when calculating the similarity of the device information combination, it can be calculated according to the following formula:

In the formula, S represents the similarity between the device information group i and the device information group j, L is the vectorized representation of the geographic location, W is the vectorized representation of the wifi identifier, and P is the vectorized representation of the ip address.

Alternatively, when calculating the similarity of the combination of device information, in addition to calculating according to the above formula, it is also possible to first calculate the respective vectors of the two sets of device information, then input the two vectors into the similarity prediction model, and finally predict the similarity. The value output by the model is used as the similarity of the device information combination.

It should be noted that the present invention does not limit the calculation method when calculating the similarity of the combination of device information.

In the present invention, in addition to determining the maximum similarity among the multiple degrees of similarity corresponding to the combination of multiple device information between two devices as the correlation degree before the two devices, in other embodiments of the present invention, in order to To determine the degree of association between two devices, the server can also, for every two devices in multiple devices that often appear in the same geographic location area, according to the respective sets of device information of the two devices (or the first n sets of device information). device information), calculate the similarity between each two groups of device information; compare a plurality of similarities with a preset threshold respectively, and determine the number of similarities greater than the preset threshold in the plurality of similarities, and determining the duration of each similarity greater than the preset threshold; according to the duration of each similarity greater than the preset threshold, the duration of each similarity greater than the preset threshold, and the Set the number of similarities of thresholds, and calculate the degree of association between the two devices. To facilitate understanding of the scheme, the following example is given:

For example, according to the first two sets of device information of each device, the server determines that the devices that often appear at the geographic location X (for example, the residential area X) include: device 2 , device 4 , and device 5 . Then, for every two of the three devices, the degree of association between the two devices is determined. Taking device 2 and device 4 as an example, the first two groups of device information of device 2 and the first two groups of device information of device 4 are combined in pairs to obtain four device information combinations. Referring to Table 1, Table 1 is a schematic table of device information combinations.

Table 1 Device information combination diagram

Device Information Combination 1 The first set of device information for device 2 The first set of device information for device 4 Device Information Portfolio 2 The first set of device information for device 2 The second set of device information for device 4 Device Information Portfolio 3 The second set of device information for device 2 The first set of device information for device 4 Device Information Portfolio 4 The second set of device information for device 2 The second set of device information for device 4

The first group of device information of device 2 is the device information frequently reported by device 2 in residential area X, and the second group of device information of device 2 is device information frequently reported by device 2 in company A. The first group of device information of the device 4 is the device information that the device 4 often reports in the residential area X, and the second group of device information of the device 4 is the device information that the device 2 often reports in the company B.

Then the server calculates the similarity for each combination of device information, and obtains a total of 4 similarities. It is assumed that the respective similarities of the device information combinations 1 to 4 are 0.81, 0.13, 0.06, and 0.11, respectively.

Next, since the similarity of the device information combination 1 is greater than the preset threshold (assuming that the preset threshold is 0.5), the server inquires that it receives the first group of device information reported by device 2 and the first group of device information reported by device 4 at the same time. number of times. For example, within a month, device 2 and device 4 are located in residential area X at the same time and the number of times that the device information has been continuously reported to the server is 30 times. In other words, device 2 and device 4 appear simultaneously in residential area X within a month. If the number of times is 30, the number of times the server receives the first group of device information reported by device 2 and the first group of device information reported by device 4 at the same time is 30 times.

In addition, the server also determines the duration that it simultaneously receives the first group of device information reported by device 2 and the first group of device information reported by device 4 . For example, in one month, the total time that device 2 and device 4 are located in residential area X at the same time and continuously report the device information to the server is 393.6 hours. In other words, device 2 and device 4 appear in residential area X at the same time within one month. The duration of the first set of device information reported by the device 2 and the first set of device information reported by the device 4 at the same time is 393.6 hours. The duration is 393.6 hours.

Finally, the server can calculate the degree of association between device 2 and device 4 according to the following formula:

In the formula, D represents the degree of association between the two devices, n represents the number of similarities greater than the preset threshold among the multiple similarities of the two devices, S represents the similarity greater than the preset threshold, T represents the duration, and M represents frequency. In addition, after the correlation degree D between the two devices is determined according to the above formula, a normalization operation may be performed on the correlation degree D to obtain the normalized correlation degree D'.

Through any one of the various embodiments of the foregoing step S02, the degree of association between two devices among the multiple devices is finally determined.

Step S04: Establish the association relationship graph according to the determined multiple association degrees.

In some embodiments of the present invention, the degree of association between two devices may be used as a weight to establish an undirected weighted graph between multiple devices, and the undirected weighted graph may be used as an association relationship graph of multiple devices .

By executing any one of the multiple embodiments involving the above steps S01 to S04, an association relationship graph of multiple devices is finally established. The server end may persist the association relationship graph, so that the server end may call the association relationship graph when performing the above step S13 to determine the intimacy between the terminal device and the historical login device.

Referring to FIG. 3 , FIG. 3 is a schematic diagram of an association relationship graph proposed by an embodiment of the present invention. In Fig. 3, an elliptical circle represents a device, and the relationship graph shown in Fig. 3 includes device 1 to device 10. In FIG. 3 , the connection line between two devices represents the connection path between the devices, and the numerical value on the connection path represents the intimacy between the two devices connected by the connection path.

When performing the above step S13, that is, when determining the intimacy between the terminal device and the historical logging device, reference may be made to FIG. 4, which is a flowchart of determining intimacy according to an embodiment of the present invention. As shown in Figure 4, the process includes the following sub-steps:

Sub-step S13-1: Determine the shortest relationship path between the terminal device and the historical login device according to a pre-established relationship map.

Wherein, the association relationship graph includes a plurality of devices and a connection path between two devices that are geographically adjacent. As shown in FIG. 3 , each connection path corresponds to an association degree value, and the association degree value is used to represent the intimacy between the two devices connected by the connection path. The shortest relationship path is composed of one or more A path formed by connecting paths in series.

Sub-step S13-2: Determine the intimacy between the terminal device and the historical login device according to the respective association degrees of each connection path included in the shortest relationship path.

Wherein, the shortest relationship path between two devices (for example, the first device and the second device) refers to: in the association relationship graph, the multiple paths from the first device to the second device include the least number of connection paths path of. In other words, among the multiple paths from the first device to the second device, the path that requires the least number of intermediate devices to go through.

As shown in FIG. 3 , assuming that the intimacy between device 2 and device 6 needs to be determined at present, according to the pre-established relationship graph, the path between device 2 and device 6 includes but is not limited to:

Path 1: Device 2 - Device 3 - Device 7 - Device 6;

Path 2: Device 2 - Device 4 - Device 5 - Device 6;

Path 3: Device 2 - Device 5 - Device 6.

Among them, path 3 only includes two connection paths, namely: the connection path between device 2 and device 5, and the connection path between device 5 and device 6. Path 3 includes the least number of connection paths, so path 3 is determined as The shortest relationship path between device 2 and device 6. Or from another perspective, path 3 only passes through one intermediate device, that is, device 5 , and the number of intermediate devices passed through this path is the least, then path 3 is determined to be the shortest relationship path between device 2 and device 6 .

During the implementation of the present invention, if the holder of the device 2 uses the device 2 to log in the account of the holder of the device 6, the server determines the shortest relationship path between the device 2 and the device 6 according to the map shown in FIG. 3 For: Device 2 - Device 5 - Device 6. Among them, the relationship between device 2 and device 5 is intimate, for example, the respective holders of device 2 and device 5 may be family members, and the relationship between device 5 and device 6 is intimate, for example, the relationship between device 5 and device 6 may be Colleague relationship. It can be seen that the significance of determining the shortest relationship path between device 2 and device 6 is to connect device 2 and device 6 with as few intermediate devices as possible, that is, to connect the holder of device 2 and device 6 with as few intermediate users as possible. the holder of the . Then, according to the degree of association between the device 2 and the device 5, and the degree of association between the device 5 and the device 6, the intimacy between the device 2 and the device 6 can be finally determined.

In some embodiments of the present invention, the numerical magnitude of the degree of association between adjacent devices in FIG. 3 is proportional to the intimacy between the two devices. In other words, the higher the value, the higher the degree of intimacy between the devices.

When determining the degree of intimacy between the terminal device and the historically logged-in device according to the degree of association included in the shortest relationship path, it is considered that the larger the value of each degree of association in the shortest relationship path, the closer the terminal device and the historically logged-in device may be. . In addition, considering that the length of the shortest relationship path is longer (that is, the more association degree values are included, or the more intermediate devices along the path are), the less intimacy between the terminal device and the historical logging device may be. In this way, the intimacy between the terminal device and the historical logging device can be determined according to the numerical value and quantity of the association degree included in the shortest relationship path.

For example, the intimacy between the terminal device and the historical login device can be calculated according to the following formula:

In the formula, c represents the intimacy between the terminal device and the historical login device, n represents the number of connection paths included in the shortest relationship path between the terminal device and the historical login device, that is, the number of association degrees, and r represents the shortest relationship. The value of the correlation degree corresponding to the ith connection path in the path. In the above formula, the intimacy c is positively correlated with the value r of the association degree, and the intimacy c is negatively correlated with the number n of the association degree. Calculate the intimacy c between device 2 and device 6 in FIG. 3 based on the above formula:

Or for example, the intimacy between the terminal device and the historical login device can be calculated according to the following formula:

In the formula, c represents the intimacy between the terminal device and the historical login device, n represents the number of connection paths included in the shortest relationship path between the terminal device and the historical login device, that is, the number of association degrees, and r represents the shortest relationship. The value of the correlation degree corresponding to the ith connection path in the path. In the above formula, the intimacy c is positively correlated with the value r of the association degree, and the intimacy c is negatively correlated with the number n of the association degree. Calculate the intimacy c between device 2 and device 6 in FIG. 3 based on the above formula:

In still other embodiments of the present invention, the numerical value of the degree of association between adjacent devices in FIG. 3 may also be inversely proportional to the intimacy between the two devices. In other words, the larger the value, the lower the intimacy between the devices. For example, when determining the intimacy between the terminal device and the historical logging device according to the degree of association included in the shortest relationship path, the sum of multiple association degree values can be calculated first, and then the reciprocal of the sum is determined as the terminal device and the history log. Log in to intimacy between devices. Wherein, the larger the value of the intimacy is, the closer the terminal device and the historical login device are.

It should be noted that, when the present invention determines the intimacy between the terminal device and the historical login device according to the degree of association included in the shortest relationship path, the calculation formula that can be used is not limited to the calculation formula recorded in the above examples. The calculation formulas in the above examples do not limit the present invention.

If during the implementation of the present invention, the server adopts the above-mentioned specific embodiment one to determine the intimacy between the terminal device and the historical login device, the server can establish an association relationship map for multiple terminal devices in advance, and persist the association relationship Atlas.

The specific embodiment 2 of performing the above step S13: In order to determine the intimacy between the terminal device and the historical login device, the server can read the multiple sets of device information reported in advance by the terminal device and the multiple groups of device information reported in advance by the historical login device. Group device information, wherein the device information is used to characterize the spatial geographic location and/or virtual geographic location of the device; and then determine the terminal device according to the respective sets of device information corresponding to the terminal device and the historical login device Intimacy with the historical logging device.

For example, the server may read multiple sets of device information reported in advance by the terminal device from the device information database, and then determine the top n sets of device information with the highest frequency among the multiple sets of device information. Similarly, the server can read multiple sets of device information pre-reported by the historical login device from the device information database, and then determine the top n sets of device information with the highest frequency among the multiple sets of device information. Next, the server combines the first n groups of device information of the terminal device with the first n groups of device information of the historically logged-in device in pairs to obtain multiple information combinations. Finally, the server calculates the similarity of each device information combination, and uses the maximum similarity as the intimacy between the two devices.

For ease of understanding, for example, for example, the account of user A's video playback software has been logged in by user A's own mobile phone a, and has also been logged in by user A's own tablet computer b, user A's family's mobile phone c, and user A's colleague's mobile phone d. Pass. Then the mobile phone a, the tablet computer b, the mobile phone c, and the mobile phone d are the historical login devices corresponding to the account of the user A's video playback software. If mobile phone x is going to log in to user A's account and sends an authentication request with account information to the server, since mobile phone x is not the historical login device of the account, you need to determine the intimacy between mobile phone x and the historical login device .

Or if mobile phone c is ready to log in to user A's account, and sends an authentication request with account information to the server, since mobile phone c is the historical login device of the account, you can directly choose a simple verification method for authentication. , there is no need to perform the above steps S13 and S14 again, so the verification efficiency can be further improved and the calculation amount of the server can be reduced.

Referring to FIG. 5 , FIG. 5 is a flowchart of an identity verification method proposed by another embodiment of the present invention. As shown in Figure 5, the method includes the following steps:

Step S51: Receive an identity verification request sent by the terminal device, where the identity verification request carries account information.

Step S52: Determine an intimate terminal device corresponding to the terminal device, wherein the intimacy between the intimate terminal device and the terminal device satisfies a preset condition.

Step S53: In the case that the intimate terminal device is a historical login device corresponding to the account information, perform identity verification based on a preset verification method.

In some embodiments of the present invention, after receiving the identity verification request sent by the terminal device, the server can determine the intimate terminal device corresponding to the terminal device according to an association relationship map established for multiple devices in advance. Specifically, the server may first determine the neighboring devices of the terminal device from the association relationship graph. Then, the intimacy between the terminal device and each adjacent device is calculated in turn, and the adjacent device whose intimacy is greater than the preset threshold is determined as an intimate terminal device of the terminal device.

For the specific method of calculating the intimacy, reference may be made to the above-mentioned embodiments, which will not be repeated in the present invention.

Wherein, the specific method of determining the neighboring device for the terminal device may be: in the case that the number of intermediate devices spaced between a device and the terminal device does not exceed a preset number, determine the device as the neighboring device of the terminal device. .

Taking the preset number equal to 0 as an example, in FIG. 3 , the neighboring devices of device 4 include: device 2 , device 5 , and device 7 . Taking the preset number equal to 1 as an example, in FIG. 3, the neighboring devices of device 4 include: device 1, device 2, device 3, device 5, device 6, device 7, device 8, and device 9, but does not include device 10, Because the intermediate devices between the device 10 and the device 4 are the device 5 and the device 6, or the device 7 and the device 6, the number of the intermediate devices is equal to 2, that is, the preset number of 1 is exceeded.

In other embodiments of the present invention, after receiving the identity verification request sent by the terminal device, the server may query a pre-stored correspondence relationship of intimate devices, and determine the intimate terminal device corresponding to the terminal device from the correspondence relationship of intimate devices.

In some embodiments of the present invention, an association relationship graph may be established and stored in advance. The establishment method includes: receiving and storing in advance device information reported by multiple devices, wherein each group of device information reported by each device is used to represent: the spatial geographic location and/or virtual location of the device when reporting the group of device information Geographical location; according to the device information reported by each of the multiple devices, determine from the multiple devices geographically adjacent devices; for every two devices in the multiple devices that are geographically adjacent The respective device information of the two devices is used to obtain the association degree between the two devices; and the association relationship graph is established according to the obtained multiple association degrees.

Wherein, according to the respective device information of the two devices, the specific manner of obtaining the association degree between the two devices includes: obtaining the relationship between each two sets of device information according to the respective sets of device information of the two devices. compare the similarity with a preset threshold, determine the number of similarities greater than the preset threshold among the multiple similarities, and determine each similarity greater than the preset threshold according to each similarity greater than the preset threshold, the duration of each similarity greater than the preset threshold, and the number of similarities greater than the preset threshold, obtain the The degree of association between two devices.

Based on the same inventive concept, an embodiment of the present invention provides an identity verification device. Referring to FIG. 6( a ), FIG. 6( a ) is a schematic diagram of an identity verification device provided by an embodiment of the present invention, and the identity verification device is set at the server. As shown in Figure 6(a), the device includes:

The request receiving module 61 is configured to receive an identity verification request sent by the terminal device, where the identity verification request carries account information;

A historical login device judgment module 62, configured to determine whether the terminal device is a historical login device corresponding to the account information;

an intimacy acquisition module 63, configured to acquire the intimacy between the historical login device corresponding to the account information and the terminal device when the terminal is not a historical login device corresponding to the account information;

The identity verification module 64 is configured to perform identity verification based on the verification method corresponding to the intimacy.

Optionally, when the identity verification module 64 performs identity verification based on the verification method corresponding to the intimacy, it is specifically configured to perform the first verification in the case that the intimacy meets the preset condition. Identity verification; in the case that the degree of intimacy does not meet the preset condition, perform identity verification in a second verification method; wherein, the complexity of the first verification method is lower than that of the second verification method .

Optionally, or the preset condition is: the intimacy is greater than or equal to a preset threshold.

Optionally, the first verification method includes at least one of the following verification steps: password verification, biometric verification, grid slide verification, gesture verification, and body posture verification;

The second verification method includes the following verification steps: a verification step included in the first verification method, and a short message verification step.

Optionally, when acquiring the intimacy between the historical login device corresponding to the account information and the terminal device, the intimacy acquiring module 63 is specifically configured to determine the terminal according to a pre-established relationship map. The shortest relationship path between the device and the historically logged-in device, wherein the association relationship graph includes multiple devices and the connection paths between two geographically adjacent devices, and each connection path corresponds to an association degree value , the correlation value is used to represent the intimacy between the two devices connected by the connection path, and the shortest relationship path is a path formed by connecting one or more connection paths in series; according to the shortest relationship path The respective correlation degrees of the included connection paths determine the intimacy between the terminal device and the historical login device.

Referring to FIG. 6( b ), FIG. 6( b ) is a schematic diagram of an identity verification apparatus provided by another embodiment of the present invention, and the identity verification apparatus is provided on the server side. As shown in Figure 6(b), the device not only includes a request receiving module 61, a history logging device judgment module 62, an intimacy acquisition module 63 and an identity verification module 64, but also includes:

The device information receiving module 601 is used to pre-receive and store the device information reported by multiple devices, wherein each group of device information reported by each device is used to represent: the spatial geographic location of the device when reporting the group of device information and/or virtual geographic locations;

A neighboring device determining module 602, configured to determine devices that are geographically adjacent from the multiple devices according to the device information reported by the multiple devices;

an association degree obtaining module 603, configured to obtain the association degree between the two devices according to the respective device information of the two devices for every two devices that are geographically adjacent in the plurality of devices;

The association relationship graph establishing module 604 is configured to establish the association relationship graph according to the obtained multiple association degrees.

Optionally, when acquiring the association degree between the two devices according to the respective device information of the two devices, the association degree acquisition module 603 is specifically configured to: according to the respective multiple groups of the two devices. device information, obtain the similarity between each two groups of device information; compare the multiple similarities with a preset threshold respectively, and determine the number of the similarity greater than the preset threshold among the multiple similarities, and determining the duration of each similarity greater than the preset threshold; according to the duration of each similarity greater than the preset threshold, the duration of each similarity greater than the preset threshold, and the The number of similarities of thresholds is used to obtain the degree of association between the two devices.

Optionally, when the intimacy acquisition module 63 acquires the intimacy between the historical login device corresponding to the account information and the terminal device, it is specifically configured to read multiple groups of devices pre-reported by the terminal device. information and multiple sets of device information pre-reported by the historical logging device, wherein the device information is used to represent the spatial geographic location and/or virtual geographic location of the device; Multiple sets of device information to determine the intimacy between the terminal device and the historical login device.

Optionally, the identity verification module 64 is further configured to perform identity verification in the second verification manner when the terminal is a historical login device corresponding to the account information.

Based on the same inventive concept, another embodiment of the present invention provides another identity verification device. Referring to FIG. 7 , FIG. 7 is a schematic diagram of an identity verification device provided by another embodiment of the present invention, and the identity verification device is disposed on a server. As shown in Figure 7, the device includes:

The request receiving module 71 is configured to receive an identity verification request sent by the terminal device, where the identity verification request carries account information;

an intimate terminal device determining module 72, configured to determine an intimate terminal device corresponding to the terminal device, wherein the intimacy between the intimate terminal device and the terminal device satisfies a preset condition;

The identity verification module 73 is configured to perform identity verification based on a preset verification method when the intimate terminal device is a historical login device corresponding to the account information.

An embodiment of the present invention further provides an electronic device, as shown in FIG. 8 , including a processor 801 , a communication interface 802 , a memory 803 and a communication bus 804 , wherein the processor 801 , the communication interface 802 , and the memory 803 pass through the communication bus 804 complete communication with each other,

a memory 803 for storing computer programs;

When the processor 801 is used to execute the program stored in the memory 803, the following steps are implemented:

receiving an identity verification request sent by the terminal device, where the identity verification request carries account information;

Determine whether the terminal device is a historical login device corresponding to the account information;

In the case that the terminal is not a historical login device corresponding to the account information, acquiring the intimacy between the historical login device corresponding to the account information and the terminal device;

Based on the verification method corresponding to the intimacy, the identity verification is performed.

Or implement the following steps:

receiving an identity verification request sent by the terminal device, where the identity verification request carries account information;

determining an intimate terminal device corresponding to the terminal device, wherein the intimacy between the intimate terminal device and the terminal device satisfies a preset condition;

In the case that the intimate terminal device is a historical login device corresponding to the account information, the identity verification is performed based on a preset verification method.

Or implement the steps in the other method embodiments of the present invention.

The communication bus mentioned by the above terminal may be a Peripheral Component Interconnect (PCI for short) bus or an Extended Industry Standard Architecture (Extended Industry Standard Architecture, EISA for short) bus or the like. The communication bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of presentation, only one thick line is used in the figure, but it does not mean that there is only one bus or one type of bus.

The communication interface is used for communication between the above-mentioned terminal and other devices.

The memory may include random access memory (Random Access Memory, RAM for short), and may also include non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one storage device located away from the aforementioned processor.

The above-mentioned processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, referred to as CPU), a network processor (Network Processor, referred to as NP), etc.; may also be a digital signal processor (Digital Signal Processing, referred to as DSP) , Application Specific Integrated Circuit (ASIC for short), Field-Programmable Gate Array (FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, and discrete hardware components.

In yet another embodiment provided by the present invention, a computer-readable storage medium is also provided, where instructions are stored in the computer-readable storage medium, when the computer-readable storage medium is run on a computer, the computer is made to execute any one of the above-mentioned embodiments. the described authentication method.

In yet another embodiment provided by the present invention, there is also provided a computer program product including instructions, which, when running on a computer, cause the computer to execute the identity verification method described in any one of the foregoing embodiments.

In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented in software, it can be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, all or part of the processes or functions described in the embodiments of the present invention are generated. The computer may be a general purpose computer, special purpose computer, computer network, or other programmable device. The computer instructions may be stored in or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server or data center Transmission to another website site, computer, server, or data center is by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that includes an integration of one or more available media. The usable media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media (eg, Solid State Disk (SSD)), among others.

It should be noted that, in this document, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply any relationship between these entities or operations. any such actual relationship or sequence exists. Moreover, the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device that includes a list of elements includes not only those elements, but also includes not explicitly listed or other elements inherent to such a process, method, article or apparatus. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in a process, method, article or apparatus that includes the element.

Each embodiment in this specification is described in a related manner, and the same and similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the system embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and for related parts, please refer to the partial descriptions of the method embodiments.

The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims (14)

1. an identity verification method, is characterized in that, is applied to server, described method comprises: receiving an identity verification request sent by the terminal device, where the identity verification request carries account information; Determine whether the terminal device is a historical login device corresponding to the account information; In the case that the terminal is not a historical login device corresponding to the account information, acquiring the intimacy between the historical login device corresponding to the account information and the terminal device; Based on the verification method corresponding to the intimacy, the identity verification is performed. 2. The method according to claim 1, wherein the performing identity verification based on the verification mode corresponding to the intimacy comprises: In the case that the intimacy satisfies a preset condition, perform identity verification in a first verification manner; In the case that the intimacy does not meet the preset condition, perform identity verification in a second verification manner; Wherein, the complexity of the first verification method is lower than that of the second verification method. 3 . The method according to claim 2 , wherein the preset condition is: the intimacy is greater than or equal to a preset threshold. 4 . 4. The method according to claim 2, wherein the first verification method comprises at least one of the following verification steps: password verification, biometric verification, grid pattern sliding verification, gesture verification, physical verification gesture verification; The second verification method includes the following verification steps: a verification step included in the first verification method, and a short message verification step. 5. The method according to any one of claims 1 to 4, wherein the acquiring the intimacy between the historical login device corresponding to the account information and the terminal device comprises: Determine the shortest relationship path between the terminal device and the historical login device according to a pre-established association relationship map, where the association relationship map includes multiple devices and two devices that are geographically adjacent to each other. Connection paths, each connection path corresponds to an association degree value, and the association degree value is used to represent the intimacy between the two devices connected by the connection path, and the shortest relationship path is determined by one or more connection paths. Paths formed in series; The intimacy between the terminal device and the historical log-in device is determined according to the degree of association corresponding to each connection path included in the shortest relationship path. 6. The method according to claim 5, characterized in that, before determining the shortest relationship path between the terminal device and the historical login device according to a pre-established relationship graph, the method further comprises: Receive and store the device information reported by multiple devices in advance, wherein each group of device information reported by each device is used to represent: the spatial geographic location and/or virtual geographic location of the device when reporting the group of device information; According to the device information reported by each of the multiple devices, determine the geographically adjacent devices from the multiple devices; For every two devices in the plurality of devices that are geographically adjacent to each other, obtain the degree of association between the two devices according to the respective device information of the two devices; According to the obtained multiple association degrees, the association relationship graph is established. 7 . The method according to claim 6 , wherein the obtaining the degree of association between the two devices according to respective device information of the two devices comprises: 8 . According to the respective multiple sets of device information of the two devices, the similarity between each two sets of device information is obtained; Comparing a plurality of similarities with a preset threshold, determining the number of similarities greater than the preset threshold among the multiple similarities, and determining the duration of each similarity greater than the preset threshold ; According to each similarity greater than the preset threshold, the duration of each similarity greater than the preset threshold, and the number of similarities greater than the preset threshold, obtain the relationship between the two devices degree of relevance. 8. The method according to claim 1 or 2, wherein the acquiring the intimacy between the historical login device corresponding to the account information and the terminal device comprises: Reading multiple sets of device information pre-reported by the terminal device and multiple sets of device information pre-reported by the historical logging device, wherein the device information is used to represent the spatial geographic location and/or virtual geographic location of the device; The intimacy between the terminal device and the history logging device is determined according to the respective sets of device information corresponding to the terminal device and the history logging device. 9. The method according to claim 2, wherein the method further comprises: In the case that the terminal is a historical login device corresponding to the account information, the identity verification is performed in the second verification manner. 10. An authentication method, characterized in that, applied to a server, the method comprising: receiving an identity verification request sent by the terminal device, where the identity verification request carries account information; determining an intimate terminal device corresponding to the terminal device, wherein the intimacy between the intimate terminal device and the terminal device satisfies a preset condition; In the case that the intimate terminal device is a historical login device corresponding to the account information, the identity verification is performed based on a preset verification method. 11. An identity verification device, characterized in that it is arranged on a server, and the device comprises: a request receiving module, configured to receive an identity verification request sent by the terminal device, where the identity verification request carries account information; a historical login device judgment module, configured to determine whether the terminal device is a historical login device corresponding to the account information; an intimacy acquisition module, configured to acquire the intimacy between the historical login device corresponding to the account information and the terminal device when the terminal is not a historical login device corresponding to the account information; The identity verification module is used for performing identity verification based on the verification method corresponding to the intimacy. 12. An identity verification device, characterized in that it is arranged on a server, and the device comprises: a request receiving module, configured to receive an identity verification request sent by the terminal device, where the identity verification request carries account information; an intimacy terminal device determining module, configured to determine an intimacy terminal device corresponding to the terminal device, wherein the intimacy between the intimacy terminal device and the terminal device satisfies a preset condition; An identity verification module, configured to perform identity verification based on a preset verification method when the intimate terminal device is a historical login device corresponding to the account information. 13. An electronic device, characterized in that it comprises a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory communicate with each other through the communication bus; memory for storing computer programs; The processor is configured to implement the method steps described in any one of claims 1-9, or the method steps described in claim 10 when executing the program stored in the memory. 14. A computer-readable storage medium on which a computer program is stored, characterized in that, when the program is executed by a processor, the method according to any one of claims 1-9 is implemented, or the method as claimed in claim 10 is implemented. method described.

Images