CN111582876A - Operation authentication method, device, storage medium and electronic device - Google Patents
Operation authentication method, device, storage medium and electronic device Download PDFInfo
- Publication number
- CN111582876A CN111582876A CN202010388894.1A CN202010388894A CN111582876A CN 111582876 A CN111582876 A CN 111582876A CN 202010388894 A CN202010388894 A CN 202010388894A CN 111582876 A CN111582876 A CN 111582876A
- Authority
- CN
- China
- Prior art keywords
- target
- password
- resource operation
- resource
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses an operation authentication method, an operation authentication device, a storage medium and an electronic device. The method comprises the following steps: the method comprises the steps of obtaining a resource operation request sent by target equipment, wherein the resource operation request is used for indicating an application client running by using a target account in the target equipment to request to execute resource operation; under the condition that the target equipment is determined to be the binding equipment of the target account according to the resource operation request, acquiring a first target password input by the target equipment; under the condition that the first target password is matched with the verification password of the target account stored in the server, acquiring a first dynamic password dynamically generated for resource processing operation by a token development kit in the target equipment; and in the case that the first dynamic password is matched with a second dynamic password generated by the server, setting the authority of the target device to execute the resource operation to be allowed to execute, wherein the second dynamic password is used for verifying the resource operation. The invention can improve the reliability and portability of operation authentication.
Description
Technical Field
The present invention relates to the field of computers, and in particular, to an operation authentication method, an operation authentication device, a storage medium, and an electronic device.
Background
At present, operation authentication is often needed under the condition of online fund transaction, and risk operations such as transfer and the like are executed under the condition that the operation authentication is passed.
The following three methods are mainly used for operation authentication: the first way of performing operation authentication is to perform password authentication and short message authentication code authentication, the second way of performing operation authentication is to perform password authentication and security token authentication, and the third way of performing operation authentication is to perform multi-password authentication by inputting various passwords such as a login password and a payment password. In practice, the situation that the operation authentication is unreliable due to the fact that the short message verification code is stolen is found in the first operation authentication mode; aiming at the second mode of operation authentication, the problem of inconvenient carrying of the security token exists; for the third mode of performing operation authentication, the user forgets due to too many passwords, so that the operation authentication is not reliable. In summary, the existing method for performing operation authentication has the problems of low reliability and poor portability.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
Embodiments of the present invention provide an operation authentication method, an operation authentication device, a storage medium, and an electronic device, so as to at least improve reliability and portability of operation authentication.
According to an aspect of an embodiment of the present invention, there is provided an operation authentication method including: acquiring a resource operation request sent by target equipment, wherein the resource operation request is used for indicating an application client running by using a target account in the target equipment to request to execute resource operation; under the condition that the target equipment is determined to be the binding equipment of the target account according to the resource operation request, acquiring a first target password input by the target equipment; under the condition that the first target password is matched with the verification password of the target account stored in the server, acquiring a first dynamic password dynamically generated for the resource processing operation by a token development kit in the target equipment; and setting the authority of the target device for executing the resource operation to be allowed to execute under the condition that the first dynamic password is matched with a second dynamic password generated by the server, wherein the second dynamic password is used for verifying the resource operation.
According to another aspect of the embodiments of the present invention, there is provided an operation authentication method including: receiving a resource operation instruction triggered by executing a first touch operation on a target device, wherein the resource operation instruction is used for instructing an application client running by using a target account number in the target device to execute a resource operation; responding to the resource operation instruction, and sending a resource operation request to a server, wherein the resource operation request is used for indicating the application client running by using the target account in the target device to request to execute resource operation; acquiring a first target password input by executing a second touch operation on the target device and sending the first target password to the server when the target device is a bound device of the target account; generating a first dynamic password by utilizing a token development kit in the target equipment; and executing the resource handling operation when the first dynamic password matches a second dynamic password generated by the server, wherein the second dynamic password is used for verifying the resource handling operation.
According to another aspect of the embodiments of the present invention, there is also provided an operation authentication apparatus including: a first obtaining unit, configured to obtain a resource operation request sent by a target device, where the resource operation request is used to instruct an application client running using a target account in the target device to request to perform a resource operation; a second obtaining unit, configured to obtain a first target password input by the target device when it is determined that the target device is a bound device of the target account according to the resource operation request; a third obtaining unit, configured to obtain, when the first target password matches a verification password of the target account stored in a server, a first dynamic password dynamically generated for the resource processing operation by a token development kit in the target device; and a setting unit, configured to set, when the first dynamic password matches a second dynamic password generated by the server, a permission of the target device to perform the resource operation to be allowed to be performed, where the second dynamic password is used to verify the resource operation.
According to another aspect of the embodiments of the present invention, there is also provided an operation authentication apparatus including: a receiving unit, configured to receive a resource operation instruction triggered by a first touch operation performed on a target device, where the resource operation instruction is used to instruct an application client running in the target device using a target account to perform a resource operation; a sending unit, configured to send a resource operation request to a server in response to the resource operation instruction, where the resource operation request is used to instruct the application client running using the target account in the target device to request to perform a resource operation; a sixth obtaining unit, configured to, if the target device is a bound device of the target account, obtain a first target password input by performing a second touch operation on the target device, and send the first target password to the server; a generating unit, configured to generate a first dynamic password using a token development kit in the target device; a first executing unit, configured to execute the resource processing operation when the first dynamic password matches a second dynamic password generated by the server, where the second dynamic password is used to verify the resource processing operation.
According to still another aspect of the embodiments of the present invention, there is also provided a storage medium having a computer program stored therein, wherein the computer program is configured to execute the above-mentioned operation authentication method when running.
According to another aspect of the embodiments of the present invention, there is also provided an electronic apparatus, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the operation authentication method through the computer program.
In the embodiment of the invention, a resource operation request sent by target equipment is obtained, wherein the resource operation request is used for indicating an application client running by using a target account in the target equipment to request to execute resource operation; under the condition that the target equipment is determined to be the binding equipment of the target account according to the resource operation request, acquiring a first target password input by the target equipment; under the condition that the first target password is matched with the verification password of the target account stored in the server, acquiring a first dynamic password dynamically generated for resource processing operation by a token development kit in the target equipment; and in the case that the first dynamic password is matched with a second dynamic password generated by the server, setting the authority of the target device to execute the resource operation to be allowed to execute, wherein the second dynamic password is used for verifying the resource operation. The process can verify whether the target device is the bound device or not and verify the password input by the target device under the condition that the target device sends the resource operation request, so that the permission of the target device for executing the resource operation is set to be allowed to be executed under the conditions that the target device is the bound device, the first target password input by the target device is matched with the verification password and the background dynamic password is successfully verified. By adopting the operation authentication mode, the dynamic password authentication can be automatically realized in the background without carrying a security token of hardware, the portability of the operation authentication is improved, and the operation authentication mode reduces the probability of the situation that a user forgets due to the fact that a short message verification code is stolen or the password is too much, so that the reliability of the operation authentication is improved. Therefore, the reliability and the portability of the authentication can be improved by adopting the operation authentication mode.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a schematic diagram of a network environment in which an alternative method of operating authentication is provided according to embodiments of the present invention;
FIG. 2 is a flow diagram of an alternative operational authentication method according to an embodiment of the present invention;
FIG. 3 is a flow diagram of another alternative method of operating authentication in accordance with an embodiment of the present invention;
FIG. 4 is a diagram illustrating an alternative bind command triggered at a bind interface according to an embodiment of the invention;
FIG. 5 is a diagram illustrating an alternative authentication of operations on a bound device, according to an embodiment of the invention;
FIG. 6 is a diagram illustrating an alternative authentication of operations on an unbound device, in accordance with an embodiment of the present invention;
FIG. 7 is a software architecture diagram of an alternative operational authentication according to an embodiment of the invention;
FIG. 8 is a hardware architecture diagram of an alternative operational authentication according to an embodiment of the invention;
FIG. 9 is a flow diagram illustrating an alternative process for device binding on a binding device, according to an embodiment of the invention;
FIG. 10 is a flow diagram illustrating an alternative operational authentication according to an embodiment of the present invention;
FIG. 11 is a schematic diagram of an alternative operational authentication device according to an embodiment of the present invention;
FIG. 12 is a schematic diagram of an alternate operational authentication device in accordance with an embodiment of the present invention;
FIG. 13 is a schematic diagram of an alternative electronic device according to an embodiment of the invention;
fig. 14 is a schematic structural diagram of another alternative electronic device according to an embodiment of the invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to an aspect of the embodiments of the present invention, an operation authentication method is provided, and optionally, as an optional implementation manner, the operation authentication method may be applied, but not limited, to an operation authentication system in a network environment as shown in fig. 1, where the operation authentication system includes a user equipment 102, a network 110, and a server 112. The user device 102 may be a target device described in the embodiments of the present invention, and the user device 102 includes a human-computer interaction screen 104, a processor 106, and a memory 108. The human-computer interaction screen 104 is configured to display a client interface of an application client that operates using a target account, and a user may perform a touch operation or a press operation on the human-computer interaction screen 104 to trigger a corresponding resource operation instruction, where the resource operation instruction may include, but is not limited to, a resource transfer operation, a resource viewing operation, a login operation for logging in an operation interface of the application client, and the like. Further, the processor may receive a resource operation instruction triggered by a first touch operation performed on the human-computer interaction screen 104 by a user, and generate a resource operation request in response to the resource operation instruction, where the resource operation request is used to instruct an application client running using a target account in a target device to request to perform a resource operation, and send the resource operation request to the server 112 through the network 110. The memory 108 may be used to store the resource operation instruction and the resource operation request.
Further, the processor 106 sends the resource operation request to the server 112 via the network 110. Server 112 includes a database 114 and a processing engine 116. The database 114 may be configured to store each target account, a check password corresponding to each target account, and a binding device corresponding to each target account. After receiving a resource operation request sent by the user device 102, where the resource operation request carries identification information of a target device and a target account, the processing engine 116 may obtain, in the database 114, identification information of a binding device corresponding to the target account, and may obtain, in a case that the identification information of the binding device matches the identification information of the target device, a first target password input by the target device, and match the first target password with a verification password of the target account stored in the server 112. In the event that the first target password matches a verification password stored in the server 112, a first dynamic password dynamically generated by a token development kit in the user device 102 may be obtained, and in the event that the first dynamic password matches a second dynamic password generated by the server 112, the server 112 may set the authority of the user device 102 to perform the resource operation to be allowed. Specifically, the following steps may be performed:
s101, receiving a resource operation instruction triggered by executing a first touch operation on user equipment by the user equipment 102, wherein the resource operation instruction is used for indicating that a resource operation is executed in an application client running by using a target account in the target equipment;
s102, the user equipment 102 responds to a resource operation instruction and sends a resource operation request to the network 110, wherein the resource operation request is used for indicating an application client operated by using a target account number in the target equipment to request to execute resource operation;
s103, the network 110 sends a resource operation request to the server 112;
s104, the server 112 sends an acquisition request to the network 110 under the condition that the target device is determined to be the binding device of the target account according to the resource operation request;
s105, the network 110 sends the obtaining request to the user equipment 102;
s106, the user device 102, in response to the obtaining request, obtains a first target password input by performing a second touch operation on the target device, and sends the first target password to the server 112 through the network 110;
s107, the server 112 acquires a first dynamic password dynamically generated for resource processing operation by a token development kit in the user equipment under the condition that the first target password is matched with a verification password of a target account stored in the server;
s108, the server 112 sets the authority of the target device to execute the resource operation to be allowed to execute under the condition that the first dynamic password is matched with a second dynamic password generated by the server, wherein the second dynamic password is used for verifying the resource operation.
In the embodiment of the present invention, the user equipment 102 may be an electronic device such as a mobile phone and a tablet computer, and the user equipment 102 may have an application client, and a user may execute a resource operation matched with a target account in the application client. The resource operation may include, but is not limited to, a resource transfer operation, a login operation of a target account, and the like, which is not limited in the embodiment of the present invention. The user may trigger a resource operation instruction by performing a touch operation on the user device 102, where the touch operation may include, but is not limited to, a click operation, a press operation, and the like, and the resource operation instruction is an instruction for instructing to perform a resource operation in an application client running using the target account. Optionally, the user equipment 102 may send the resource operation instruction to the server 112 through the network 110, so that the server 112 responds to the resource operation instruction to determine whether the target device is a bound device of the target account. And when the target device is a bound device of the target account, an acquisition request for acquiring a first target password is sent to the user device 102 through the network 110, when the first target password is matched with a verification password of the target account stored in the server, a token development kit in the user device 102 generates a first dynamic password, the server 112 generates a second dynamic password, and when the first dynamic password is matched with the second dynamic password, the permission of the target device for executing the resource operation can be set to be allowed to be executed. The process can verify whether the target device is the bound device or not and verify the password input by the target device under the condition that the target device sends the resource operation request, so that the permission of the target device for executing the resource operation is set to be allowed to be executed under the conditions that the target device is the bound device, the first target password input by the target device is matched with the verification password and the background dynamic password is successfully verified. By adopting the operation authentication mode, the dynamic password authentication can be automatically realized in the background without carrying a security token of hardware, the portability of the operation authentication is improved, and the operation authentication mode reduces the probability of the situation that a user forgets due to the fact that a short message verification code is stolen or the password is too much, so that the reliability of the operation authentication is improved. Therefore, the reliability and the portability of the authentication can be improved by adopting the operation authentication mode.
Further optionally, the operation authentication system adopted in the embodiment of the present invention may be implemented by using a blockchain technology, and each electronic device capable of performing a transaction is used as each node in the blockchain. Each node may conduct transactions that request resource operations, etc. Specifically, the blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, and an encryption algorithm. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer.
The block chain underlying platform can comprise processing modules such as user management, basic service, intelligent contract and operation monitoring. The user management module is responsible for identity information management of all blockchain participants, and comprises public and private key generation maintenance (account management), key management, user real identity and blockchain address corresponding relation maintenance (authority management) and the like, and under the authorization condition, the user management module supervises and audits the transaction condition of certain real identities and provides rule configuration (wind control audit) of risk control; the basic service module is deployed on all block chain node equipment and used for verifying the validity of the service request, recording the service request to storage after consensus on the valid request is completed, for a new service request, the basic service firstly performs interface adaptation analysis and authentication processing (interface adaptation), then encrypts service information (consensus management) through a consensus algorithm, transmits the service information to a shared account (network communication) completely and consistently after encryption, and performs recording and storage; the intelligent contract module is responsible for registering and issuing contracts, triggering the contracts and executing the contracts, developers can define contract logics through a certain programming language, issue the contract logics to a block chain (contract registration), call keys or other event triggering and executing according to the logics of contract clauses, complete the contract logics and simultaneously provide the function of upgrading and canceling the contracts; the operation monitoring module is mainly responsible for deployment, configuration modification, contract setting, cloud adaptation in the product release process and visual output of real-time states in product operation, such as: alarm, monitoring network conditions, monitoring node equipment health status, and the like.
The platform product service layer provides basic capability and an implementation framework of typical application, and developers can complete block chain implementation of business logic based on the basic capability and the characteristics of the superposed business. The application service layer provides the application service based on the block chain scheme for the business participants to use.
Optionally, in this embodiment, the user equipment may be, but is not limited to, a mobile phone, a tablet computer, a notebook computer, a PC, and other computer equipment that supports running an application client. The server and the user equipment may implement data interaction through a network, which may include but is not limited to a wireless network or a wired network. Wherein, this wireless network includes: bluetooth, WIFI, and other networks that enable wireless communication. Such wired networks may include, but are not limited to: wide area networks, metropolitan area networks, and local area networks. The above is merely an example, and this is not limited in this embodiment.
Optionally, as an optional implementation manner, as shown in fig. 2, the operation authentication method includes:
s201, acquiring a resource operation request sent by target equipment, wherein the resource operation request is used for indicating an application client running by using a target account in the target equipment to request to execute resource operation;
s202, under the condition that the target device is determined to be the binding device of the target account according to the resource operation request, a first target password input by the target device is obtained;
s203, under the condition that the first target password is matched with the verification password of the target account stored in the server, acquiring a first dynamic password dynamically generated for resource processing operation by a token development kit in the target equipment;
s204, under the condition that the first dynamic password is matched with a second dynamic password generated by the server, the authority of the target device for executing the resource operation is set to be allowed to be executed, wherein the second dynamic password is used for verifying the resource operation.
In the embodiment of the invention, the target device can be loaded with the application client, and the user can use the target account to operate the application client. In the case where a user runs an application client using a target account, the user may need to perform a resource operation in the application client running using the target account. The resource operation may include, but is not limited to, a resource transfer operation, an account login operation. Under the condition that a resource operation request triggered by a user through touch operation on target equipment is detected, the target equipment sends the resource operation request to a server so that the server can acquire the resource operation request sent by the target equipment. In addition, the resource operation request may carry identification information corresponding to the target device, and different identification information may be provided for different devices. After the server acquires the resource operation request, the server may acquire identification information corresponding to the target device, and store identification information corresponding to the binding device of the target account in a database of the server, and determine that the target device is the binding device of the target account when the identification information corresponding to the target device matches the identification information of the binding device. At this time, the server may obtain a first target password input by the target device and a verification password of the target account stored in the database of the server, and may obtain a first dynamic password dynamically generated for the resource processing operation by a token development kit in the target device when the first target password is matched with the verification password, where the token development kit is a software development kit for token verification that is built in the target device. In the event that the first target password matches the verification password, a token development kit in the target device may generate a first dynamic password, the server may generate a second dynamic password, and in the event that the first dynamic password and the second dynamic password match, the target device may be set to permit execution of the resource operation.
As an optional implementation, after obtaining the first dynamic password dynamically generated by the token development kit in the target device for the resource operation, the following steps may be further performed:
s1, acquiring a time interval of dynamically generating a first dynamic password by a token development kit in the target equipment;
and S2, acquiring the second dynamic password corresponding to the resource operation request in the server according to the time interval.
In the embodiment of the invention, the token development kit can dynamically generate the first dynamic password in the time interval, and the server can acquire the second dynamic password matched with the time interval. For example, in the case where the time interval is three-point-zero-minute-second afternoon to 1-minute-30 afternoon, the token development kit may generate the first dynamic password in three-point-zero-minute-second afternoon, and the server may generate the second dynamic password in 1-minute-30 afternoon. Further optionally, the manner of obtaining the second dynamic password corresponding to the resource operation request in the server according to the time interval may specifically be: and the server generates a second dynamic password corresponding to the resource operation request in the time interval and acquires the second dynamic password corresponding to the time interval. Still alternatively, optionally, the manner of obtaining the second dynamic password corresponding to the resource operation request in the server according to the time interval may specifically be: and acquiring a time interval corresponding to the time interval, and acquiring a second dynamic password which is generated by the server in the time interval corresponding to the time interval and corresponds to the resource operation request. The process can utilize the second dynamic password generated by the server in the corresponding time interval to check the first dynamic password generated by the token development kit, so that the synchronism between the server and the target equipment is ensured, and the verification reliability is improved.
As an optional implementation manner, after acquiring the resource operation request sent by the target device, the following steps may also be performed:
s1, sending a verification message to the binding device when the target device is not the binding device of the target account, wherein the verification message is used for notifying the binding device that the target account requests to execute the resource operation;
and S2, acquiring the second target password input by the binding device under the condition of receiving a confirmation instruction returned by the binding device, wherein the confirmation instruction is used for confirming that the target account is allowed to execute resource operation in the target device.
In the embodiment of the invention, under the condition that the target device is not the binding device of the target account, the server sends a verification message to the binding device to inform the binding device of the target account requesting to execute the resource operation. After the binding device receives the verification message sent by the server, a verification interface is displayed in the binding device, where the verification interface includes specific information that the target account requests to execute the resource operation, and for example, when the resource operation is a resource transfer operation, information such as the number of resources requested to be transferred may be displayed in the verification interface. The user using the binding device may trigger the confirmation instruction according to the specific information displayed on the verification interface, and specifically, the manner of triggering the confirmation instruction according to the specific information displayed on the verification interface may specifically be: receiving voice information triggered according to specific information displayed on a verification interface; performing semantic analysis on the voice information to obtain a voice recognition result; and under the condition that the voice recognition result indicates that the resource transfer operation is confirmed, confirming that the binding equipment triggers a confirmation instruction. Or, the manner of triggering the confirmation instruction according to the specific information displayed on the verification interface may specifically be: acquiring touch operation triggered according to specific information displayed on a verification interface; and under the condition that the touch operation triggers a confirmation instruction, confirming that the binding equipment triggers the confirmation instruction. And after the binding device triggers the confirmation instruction, a second target password input by the binding device can be acquired, and under the condition that the second target password passes verification, the binding device is confirmed to allow the target device to execute the resource operation.
As an optional implementation manner, before acquiring the resource operation request sent by the target device, the following steps may also be performed:
s1, controlling the binding device to display a binding interface under the condition that the target account is registered in the binding device;
and S2, confirming that the resource operation executed in the target account is verified by using the second target password acquired in the binding device under the condition that the binding instruction triggered by the binding interface is received.
In the embodiment of the invention, when the application client of the binding device registers the target account for the first time, the binding interface is displayed in the binding device. Optionally, after the binding interface is displayed in the binding device, the voice input by the user may be detected, and when it is detected that the voice input by the user indicates that the binding is confirmed, it is confirmed that the binding instruction triggered by the binding interface is received. Optionally, after the binding interface is displayed in the binding device, a binding instruction triggered by the touch operation of the user may also be acquired, and the reception of the binding instruction triggered for the binding interface is confirmed when the binding instruction triggered by the touch operation of the user is acquired. After receiving the binding instruction, it is confirmed that in the case where the unbound device performs the resource operation, verification needs to be performed with confirmation at the bound device and input of the second target password in the bound device.
As an optional implementation manner, after acquiring the first target password input by the target device, the following steps may be further performed:
decrypting the first target password by using an encryption machine to obtain a decrypted first target password;
in the case that the first target password matches a verification password of the target account stored in the server, acquiring a first dynamic password dynamically generated for the resource processing operation by the token development kit in the target device may include:
and under the condition that the decrypted first target password is matched with the verification password of the target account stored in the server, acquiring a first dynamic password dynamically generated for resource operation by a token development kit in the target equipment.
In the embodiment of the invention, the encryption and decryption of the password can be realized by utilizing the encryption machine, and the encrypted password can be used for transmission in the password transmission process. For example, after the target device inputs the first target password, the encryption machine may be used to encrypt the first target password, and transmit the encrypted first target password to the server, after the server obtains the encrypted first target password, the encryption machine may be used to decrypt the first target password, so as to obtain the decrypted first target password, and then the decrypted first target password is used to match the verification password. This process may improve the security of the password transmission.
Optionally, as an optional implementation manner, as shown in fig. 3, the operation authentication method may further include:
s301, receiving a resource operation instruction triggered by executing a first touch operation on a target device, wherein the resource operation instruction is used for indicating that a resource operation is executed in an application client running by using a target account in the target device;
s302, responding to a resource operation instruction, and sending a resource operation request to a server, wherein the resource operation request is used for indicating an application client operated by using a target account in target equipment to request to execute resource operation;
s303, under the condition that the target device is a binding device of the target account, acquiring a first target password input by executing a second touch operation on the target device, and sending the first target password to the server;
s304, generating a first dynamic password by using a token development kit in the target equipment;
s305, executing the resource processing operation under the condition that the first dynamic password is matched with a second dynamic password generated by the server, wherein the second dynamic password is used for verifying the resource processing operation.
In this embodiment of the present invention, the first touch operation may be a touch operation for triggering a resource operation instruction, and may include, but is not limited to, a click operation, a press operation, and the like. Under the condition that the target device executes a resource operation instruction triggered by the first touch operation, the target device needs to respond to the resource operation instruction and send a resource operation request to the server. When the target device is a binding device of the target account, a first target password input by performing a second touch operation on the target device may be acquired, and the first target password may be sent to the server. Further, the first dynamic password may also be generated using a token development kit in the target device, wherein the process of dynamic password authentication may be completed using the binding device. In the event that the first dynamic password matches the server-generated second dynamic password, a resource processing operation may be performed.
As an optional implementation manner, in a case that the target device is not a binding device of the target account, the following steps may be further performed:
and executing the resource operation under the condition that a confirmation instruction returned by the binding device is received and the second target password input by the binding device is matched with the verification password of the target account stored in the server, wherein the confirmation instruction is used for confirming that the target account is allowed to execute the resource operation in the target device.
As an optional implementation manner, before receiving a resource operation instruction triggered by the execution of the first touch operation on the target device, the following steps may also be performed:
s1, displaying a binding interface under the condition that the target account is registered in the target equipment;
and S2, under the condition that a binding instruction triggered by the binding interface is received, confirming that the target device is the binding device of the target account, and verifying the resource operation executed in the target account by using the second target password acquired in the binding device.
As an optional implementation manner, after acquiring the first target password input by performing the second touch operation on the target device, the following steps may be further performed:
encrypting the first target password by using an encryption machine to obtain the encrypted first target password;
sending the first target password to the server may include:
and sending the encrypted first target password to the server.
Referring to fig. 4, fig. 4 is a schematic diagram of an optional instruction for triggering a binding at a binding interface according to an embodiment of the present invention, as shown in fig. 4, in a leftmost diagram of fig. 4, binding information 401 is displayed in the binding interface, and the binding information 401 is used to describe a situation of the binding information, for example, the binding 401 in fig. 4 describes that the binding mode is started to enable binding with a device. Further, there is a virtual binding button 402 in the binding interface, and the user can trigger a confirmation instruction for the binding interface by clicking the virtual binding button 402. After the user clicks the virtual binding button 402, a password may be further input in the binding interface 403 shown in the middle of fig. 4, where the password is used to indicate that the current device is bound, and if the password matches with the verification password corresponding to the target account, it is confirmed that the device is successfully bound in the binding interface, and the binding device displays a binding success prompt interface 404.
Referring to fig. 5, fig. 5 is a schematic diagram of an optional operation authentication performed on a binding device disclosed in the embodiment of the present invention, as shown in fig. 5, when a user performs a transfer operation on the binding device, the user is first required to input basic transfer information, where the transfer information may include, but is not limited to, a transfer object, a transfer amount, and the like, as shown in a left side transfer interface diagram 501 of fig. 5, the user is required to input the transfer amount after selecting the transfer object, and click on a bottom right turn-out virtual key, and the user can trigger a resource operation instruction and send the resource operation instruction to a server by clicking on the bottom right turn-out virtual key, and when the server verifies that a device currently performing the resource operation is the binding device, the binding device can be controlled to display a password input interface 502, so that the user inputs a first target password on the password input interface 502, so that the server matches the first target password with the verification password corresponding to the target account, and if the matching is successful, the binding device is controlled to display a resource operation execution success interface 503 to prompt that the permission of the binding device for executing the resource operation is set to be allowed to be executed, and the corresponding virtual resource is transferred to the transfer object according to the transfer amount.
Referring to fig. 6, fig. 6 is a schematic diagram of an optional operation authentication performed on an unbound device according to an embodiment of the disclosure, as shown in fig. 6, in the case where the target device is not a binding device and the transfer operation is performed on the target device, the user is first required to input basic transfer information, which may include but is not limited to a transfer object, a transfer amount, and the like, as shown in the left transfer interface diagram 601 of fig. 6, the user needs to, after selecting the transfer object, input the transfer amount, and clicking the roll-out virtual key at the lower right corner, and the user can trigger the resource operation instruction and send the resource operation instruction to the server by clicking the roll-out virtual key at the lower right corner, when the server checks that the target device currently to execute the resource operation is not the bound device, the target device is controlled to display a prompt interface 602 for prompting that the execution of the resource operation needs to be verified by the bound device. After the server controls the target device to display the prompt interface 602, the binding device may be controlled to display the verification interface 604, where the verification interface 604 includes device information of the target device and operation information of the resource operation, for example, identification information of the target device, resource amount information of the resource operation, transferred account information, and the like, and the user may click a confirmation virtual key in the verification interface, for example, the user may click a virtual key below the verification interface 604 to confirm the user, and input a second target password in the password input interface 605, so that the server verifies whether the second target password matches the verified password corresponding to the target account, and if so, the verification success prompt interface 606 is displayed in the binding device for prompting that the binding device has completed verification, and then the target device is controlled to display the verification success prompt interface 603, for prompting the bound device to verify, at which point resource operations, such as transfer operations, are allowed to be performed in the target device.
Referring to fig. 7, fig. 7 is a software architecture diagram of an optional operation authentication disclosed in the embodiment of the present invention, and as shown in fig. 7, in a case that a target device is a bound device, the device in the software architecture diagram may include the target device, a network 703, a server, and an internet bank, where the target device may include an application client 701 and a token development kit 702, the application client 701 is configured to perform a resource operation, and the token development kit 702 is configured to verify a device identity. The target device can obtain information of a target account in the internet bank, and the internet bank comprises the encryption machine 710, so that encryption processing and decryption processing of data information can be realized. When receiving the resource operation request in the target device, the target device needs to send the resource operation request to the server through the network 703, so that the server performs device identity verification. Specifically, the resource operation request reaches the gateway 704 after being transmitted through the network 703, and further, the gateway 704 sends the resource operation request to the processing module, which may include a service-side processing module 705, a client connection module 706, and a trust service 707. The server processing module 705 is configured to generate a dynamic verification code, implement a verification operation of the dynamic verification code, generate the dynamic verification code in an offline environment, and connect to the encryptor 708 to implement an encryption/decryption processing operation. The client connection module 706 is configured to apply the client 701 to perform functions of binding and unbinding the target account and the target device, and may also be configured to implement an identity verification function of whether the target device is a bound device. And the server processing module 705 and the client connection module 706 both have a trust service 707, and the trust service 707 is used for implementing security of message transmission, identity verification and the like. The encryptor 708 is configured to encrypt and decrypt the received data such as the password, and the database 709 is configured to store identification information of the binding device corresponding to each target account.
Referring to fig. 8, fig. 8 is a hardware architecture diagram of an optional operation authentication disclosed in an embodiment of the present invention, and as shown in fig. 8, the hardware architecture diagram may include a target device 801, a gateway device 802, an application server 803, a database server 804, and an encryption engine 805, where the target device 801 is configured to receive a resource operation request triggered by a user, and send the resource operation request to the application server 803 through the gateway device 802, so that the application server 803 performs device verification, and specifically, the application server 803 may obtain a device identifier of a binding device corresponding to a target account from the database server 804 to verify whether the target device is the binding device corresponding to the target account. The application server 803 may perform operations such as decryption processing on the encrypted password by using the encryptor 805, and compare the decrypted password with the verification password.
Referring to fig. 9, fig. 9 is a schematic flowchart illustrating a process of device binding on a binding device according to an embodiment of the present invention, and as shown in fig. 9, the following steps may be performed:
s901, receiving a password input by a user by an application client, and calculating a pinhash value corresponding to the password input by the user;
s902, the application client sends a registration request for indicating a target identifier for requesting to register the token to the token development kit;
s903, the token development tool package sends the registration request to a server;
s904, the server responds to the registration request and generates a target identifier of the soft token;
s905, the server matches a first dynamic password generated by target equipment loaded with an application client by using a token development kit with a second dynamic password generated by the server;
s906, under the condition that the first dynamic password and the second dynamic password are successfully matched, the server sends a storage instruction for storing the target identifier of the soft token to the online bank gateway;
s907, the internet bank gateway responds to the storage instruction and stores the target identifier of the soft token;
s908, the internet bank gateway returns a prompt message for indicating successful binding of the target device to the server;
s909, the server returns a prompt message to the application client;
s910, the application client returns the interface successfully bound.
In the embodiment of the invention, under the condition that the target account number binds the target device, the password input by the user can be received in the application client, and the pinhash calculation is carried out on the password input by the user to obtain the pinhash value corresponding to the password input by the user. Under the condition that the password input by the user is verified and the verification is passed, the application client may send a registration request for indicating a target identifier for requesting registration of the token to the token development kit, and the token development kit may send the registration request to the server, so that the server responds to the registration request to generate the target identifier of the soft token, where the target identifier may be a unique identifier generated according to a device identifier of a target device on which the application client is loaded, the password input by the user, and the like, so as to bind the target account and the target device by using the target identifier of the soft token. After the target identification of the soft token is generated, a first dynamic password generated by the soft token corresponding to the target identification can be obtained, and the first dynamic password is matched with a second dynamic password generated by the server. And in the case that the first dynamic password and the second dynamic password are successfully matched, sending a storage instruction for storing the target identification of the soft token to the internet bank gateway. And the internet bank gateway responds to the storage instruction, stores the target identifier of the soft token and returns a prompt message of successful binding to the application client.
Referring to fig. 10, fig. 10 is a schematic flow chart of an operation authentication disclosed in the embodiment of the present invention, and as shown in fig. 10, the following steps may be performed:
s1001, the internet bank gateway sends a transaction request to a server;
s1002, the server returns transaction data to the online banking gateway;
s1003, the internet bank gateway returns transaction data to the application client;
s1004, the application client sends an acquisition request for requesting to acquire a target identifier corresponding to a target account in the application client to the server;
s1005, the server returns a target identifier corresponding to the target account to the application client;
s1006, when the target identifier is used to detect that the target device loading the application client is not the binding device of the target account, the application client controls to display an authentication interface in the application client of the binding device;
s1007, under the condition of receiving a confirmation instruction for the authentication interface, the application client acquires a target password input by the user;
s1008, calculating a pinhash value of the target password by the application client;
s1009, the application client sends the target password to the internet bank gateway;
s1010, the internet bank gateway returns a password verification result to the application client;
s1011, the application client sends a dynamic password verification request to the token development kit;
s1012, the token development kit generates a first dynamic password;
s1013, the token development kit sends the first dynamic password to the server;
s1014, the server generates a second dynamic password and matches the first dynamic password with the second dynamic password;
s1015, the server returns the verification passing prompt information to the application client under the condition that the first dynamic password is matched with the second dynamic password;
and S1016, displaying an operation authentication passing interface by the application client.
In the embodiment of the invention, under the condition of resource operation, the internet bank gateway can firstly send a transaction request to the server, and the server returns transaction data according to the transaction request, wherein the transaction data can include but is not limited to information such as a transaction account, transaction amount and the like. And after receiving the transaction data, the internet bank gateway sends the transaction data to the application client. After acquiring the transaction data, the application client sends an acquisition request to the server to acquire the unique soft token identifier corresponding to the target account, that is, the target identifier. Under the condition that the target device loading the application client is detected not to be the binding device of the target account by using the target identifier, the authentication interface can be controlled to be displayed in the application client of the binding device, and a user can trigger a confirmation instruction aiming at the authentication interface by performing touch operation in the binding device. Further, after the binding device triggers a confirmation instruction for the authentication interface, a target password input by a user in the binding device can be obtained, a pinhash value corresponding to the target password is calculated, the target password is sent to the online bank gateway by the application client, and a password verification result returned by the online bank gateway is obtained. And under the condition that the password verification result indicates that the password verification passes, sending a dynamic password verification request to the token development kit so that the token development kit generates a first dynamic password, sending the first dynamic password to the server so that the server generates a second dynamic password, and matching the first dynamic password with the second dynamic password. And under the condition that the first dynamic password is matched with the second dynamic password, returning verification passing prompt information to the application client so that the application client displays an operation authentication passing interface.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
According to another aspect of the embodiment of the present invention, there is also provided an operation authentication apparatus for implementing the above operation authentication method. As shown in fig. 11, the apparatus includes:
a first obtaining unit 1101, configured to obtain a resource operation request sent by a target device, where the resource operation request is used to instruct an application client running using a target account in the target device to request to perform a resource operation;
a second obtaining unit 1102, configured to obtain a first target password input by a target device when it is determined that the target device is a binding device of a target account according to the resource operation request;
a third obtaining unit 1103, configured to, in a case that the first target password matches a verification password of the target account stored in the server, obtain a first dynamic password that is dynamically generated for the resource processing operation by a token development kit in the target device;
a setting unit 1104, configured to set the authority of the target device to perform the resource operation to allow execution if the first dynamic password matches a second dynamic password generated by the server, where the second dynamic password is used to verify the resource operation.
As an optional implementation, the apparatus may further include:
the fourth obtaining unit is used for obtaining a time interval of the first dynamic password dynamically generated by the token development kit in the target equipment after obtaining the first dynamic password dynamically generated by the token development kit in the target equipment for resource operation;
and a fifth acquiring unit, configured to acquire, in the server, the second dynamic password corresponding to the resource operation request according to the time interval.
As an optional implementation, the apparatus may further include:
the verification unit is used for sending a verification message to the binding device after the resource operation request sent by the target device is obtained and under the condition that the target device is not the binding device of the target account, wherein the verification message is used for informing the binding device that the target account requests to execute the resource operation;
and under the condition that a confirmation instruction returned by the binding device is received, acquiring a second target password input by the binding device, wherein the confirmation instruction is used for confirming that the target account is allowed to execute resource operation in the target device.
As an optional implementation, the apparatus may further include:
the control unit is used for controlling the binding equipment to display a binding interface under the condition that a target account is registered in the binding equipment before a resource operation request sent by the target equipment is acquired; and under the condition that a binding instruction triggered by the binding interface is received, verifying resource operation executed in the target account by using the second target password acquired in the binding equipment.
As an optional implementation, the apparatus may further include:
the decryption unit is used for decrypting the first target password by using the encryption machine after the first target password input by the target equipment is obtained, and obtaining the decrypted first target password;
as an optional implementation manner, when the first target password is matched with the check password of the target account stored in the server, the manner of acquiring the first dynamic password dynamically generated by the token development kit in the target device for the resource processing operation may specifically be:
and the third acquiring unit is used for acquiring a first dynamic password dynamically generated for resource operation by a token development kit in the target equipment under the condition that the decrypted first target password is matched with the verification password of the target account stored in the server.
According to another aspect of the embodiment of the present invention, there is also provided an operation authentication apparatus for implementing the above operation authentication method. As shown in fig. 12, the apparatus includes:
a receiving unit 1201, configured to receive a resource operation instruction triggered by executing a first touch operation on a target device, where the resource operation instruction is used to instruct an application client running in the target device using a target account to execute a resource operation;
a sending unit 1202, configured to send a resource operation request to a server in response to a resource operation instruction, where the resource operation request is used to instruct an application client running using a target account in a target device to request to execute a resource operation;
a sixth obtaining unit 1203, configured to, in a case that the target device is a bound device of the target account, obtain a first target password input by performing a second touch operation on the target device, and send the first target password to the server;
a generating unit 1204, configured to generate a first dynamic password using a token development kit in the target device;
a first execution unit 1205 for executing the resource handling operation if the first dynamic password matches a second dynamic password generated by the server, the second dynamic password being used to verify the resource handling operation.
As an optional implementation, the apparatus may further include:
and the second execution unit is used for executing the resource operation when a confirmation instruction returned by the binding device is received and a second target password input by the binding device is matched with the check password of the target account stored in the server under the condition that the target device is not the binding device of the target account, wherein the confirmation instruction is used for confirming that the target account is allowed to execute the resource operation in the target device.
As an optional implementation, the apparatus may further include:
the display unit is used for displaying a binding interface under the condition that a target account is registered in the target equipment before a resource operation instruction triggered by the execution of a first touch operation on the target equipment is received;
and the confirming unit is used for confirming that the target equipment is the binding equipment of the target account under the condition of receiving the binding instruction triggered by the binding interface, and verifying the resource operation executed in the target account by using the second target password acquired in the binding equipment.
As an optional implementation, the apparatus may further include:
the encryption unit is used for encrypting a first target password input by executing a second touch operation on the target equipment by using the encryption machine after the first target password is obtained, and obtaining the encrypted first target password;
the manner of the sixth obtaining unit for sending the first target password to the server may specifically be:
and the sixth acquisition unit is used for sending the encrypted first target password to the server.
According to yet another aspect of the embodiments of the present invention, there is also provided an electronic device for implementing the operation authentication method, as shown in fig. 13, the electronic device includes a memory 1302 and a processor 1304, the memory 1302 stores a computer program, and the processor 1304 is configured to execute the steps in any one of the method embodiments by the computer program.
Optionally, in this embodiment, the electronic apparatus may be located in at least one network device of a plurality of network devices of a computer network.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, acquiring a resource operation request sent by the target device, wherein the resource operation request is used for indicating an application client running by using a target account in the target device to request to execute a resource operation;
s2, acquiring a first target password input by the target device under the condition that the target device is determined to be the binding device of the target account according to the resource operation request;
s3, under the condition that the first target password is matched with the verification password of the target account stored in the server, acquiring a first dynamic password dynamically generated for resource processing operation by a token development kit in the target equipment;
s4, in the case that the first dynamic password matches with the second dynamic password generated by the server, the authority of the target device to execute the resource operation is set to be allowed to execute, wherein, the second dynamic password is used for verifying the resource operation.
Alternatively, it can be understood by those skilled in the art that the structure shown in fig. 13 is only an illustration, and the electronic device may also be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palmtop computer, and a Mobile Internet Device (MID), a PAD, and the like. Fig. 13 is a diagram illustrating a structure of the electronic device. For example, the electronic device may also include more or fewer components (e.g., network interfaces, etc.) than shown in FIG. 13, or have a different configuration than shown in FIG. 13.
The memory 1302 may be configured to store software programs and modules, such as program instructions/modules corresponding to the operation authentication method and apparatus in the embodiment of the present invention, and the processor 1304 executes various functional applications and data processing by running the software programs and modules stored in the memory 1302, that is, implementing the operation authentication method described above. The memory 1302 may include high speed random access memory and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 1302 may further include memory located remotely from the processor 1304, which may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The memory 1302 may be used for storing information such as operation instructions, but is not limited thereto. As an example, as shown in fig. 13, the memory 1302 may include, but is not limited to, a first acquiring unit 1101, a second acquiring unit 1102, a third acquiring unit 1103, and a setting unit 1104 in the operation authentication apparatus. In addition, other module units in the operation authentication apparatus may also be included, but are not limited to these, and are not described in detail in this example.
Optionally, the transmitting device 1306 is used for receiving or sending data via a network. Examples of the network may include a wired network and a wireless network. In one example, the transmission device 1306 includes a Network adapter (NIC) that can be connected to a router via a Network cable and other Network devices to communicate with the internet or a local area Network. In one example, the transmitting device 1306 is a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
In addition, the electronic device further includes: a connection bus 1308 for connecting the respective module components in the electronic apparatus.
According to yet another aspect of the embodiments of the present invention, there is also provided an electronic device for implementing the operation authentication method, as shown in fig. 14, the electronic device includes a memory 1402 and a processor 1404, the memory 1402 stores therein a computer program, and the processor 1404 is configured to execute the steps in any one of the method embodiments by the computer program.
Optionally, in this embodiment, the electronic apparatus may be located in at least one network device of a plurality of network devices of a computer network.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, receiving a resource operation instruction triggered by the execution of a first touch operation on the target device, wherein the resource operation instruction is used for instructing the execution of a resource operation in an application client running in the target device by using a target account;
s2, responding to the resource operation instruction, sending a resource operation request to the server, wherein the resource operation request is used for indicating an application client operated by using a target account in the target equipment to request to execute resource operation;
s3, when the target device is a binding device of the target account, acquiring a first target password input by executing a second touch operation on the target device, and sending the first target password to the server;
s4, generating a first dynamic password by using a token development kit in the target device;
s5, executing the resource handling operation if the first dynamic password matches a second dynamic password generated by the server, the second dynamic password being used to verify the resource handling operation.
Alternatively, it can be understood by those skilled in the art that the structure shown in fig. 14 is only an illustration, and the electronic device may also be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palm computer, a Mobile Internet Device (MID), a PAD, and the like. Fig. 14 is a diagram illustrating a structure of the electronic device. For example, the electronic device may also include more or fewer components (e.g., network interfaces, etc.) than shown in FIG. 14, or have a different configuration than shown in FIG. 14.
The memory 1402 may be configured to store software programs and modules, such as program instructions/modules corresponding to the operation authentication method and apparatus in the embodiment of the present invention, and the processor 1404 executes various functional applications and data processing by running the software programs and modules stored in the memory 1402, that is, implementing the operation authentication method described above. Memory 1402 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 1402 may further include memory located remotely from the processor 1404, which may be connected to a terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The memory 1402 may be used for storing information such as operation instructions, but is not limited thereto. As an example, as shown in fig. 14, the memory 1402 may include, but is not limited to, a receiving unit 1201, a transmitting unit 1202, a sixth acquiring unit 1203, a generating unit 1204, and a first executing unit 1205 of the operation authentication apparatus. In addition, other module units in the operation authentication apparatus may also be included, but are not limited to these, and are not described in detail in this example.
Optionally, the transmitting device 1406 is used for receiving or sending data via a network. Examples of the network may include a wired network and a wireless network. In one example, the transmission device 1406 includes a Network adapter (NIC) that can be connected to a router via a Network cable and other Network devices to communicate with the internet or a local area Network. In one example, the transmitting device 1406 is a Radio Frequency (RF) module, which is used to communicate with the internet by wireless means.
In addition, the electronic device further includes: a display 1408 for displaying a binding interface, etc.; and a connection bus 1410 for connecting the respective module parts in the above-described electronic apparatus.
According to a further aspect of embodiments of the present invention, there is also provided a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above-mentioned method embodiments when executed.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s1, acquiring a first operation instruction in the process of executing acceleration operation on a first virtual object controlled by a client, wherein the first operation instruction is used for indicating and controlling the first virtual object to execute a first target action, and the execution duration of the first target action is smaller than a first threshold;
s2, acquiring a second operation instruction within a first target time period after the first target action is completed, wherein the second operation instruction is used for instructing and controlling the first virtual object to execute a second target action;
s3, controlling the moving state of the first virtual object to be adjusted from the first state to the second state within a second target time period when the first virtual object starts to execute the second target action, wherein a first energy value collected by the first virtual object for the energy sink in the first state per unit time is smaller than a second energy value collected by the first virtual object for the energy sink in the second state per unit time;
and S4, controlling the first virtual object to collect energy according to the second energy value, and adjusting the key state of the acceleration control key corresponding to the acceleration operation to be in a touch-enabled state when the energy accumulation value collected in the energy slot reaches the trigger threshold value. S1, acquiring a resource operation request sent by the target device, wherein the resource operation request is used for indicating an application client running by using a target account in the target device to request to execute a resource operation;
s2, acquiring a first target password input by the target device under the condition that the target device is determined to be the binding device of the target account according to the resource operation request;
s3, under the condition that the first target password is matched with the verification password of the target account stored in the server, acquiring a first dynamic password dynamically generated for resource processing operation by a token development kit in the target equipment;
s4, in the case that the first dynamic password matches with the second dynamic password generated by the server, the authority of the target device to execute the resource operation is set to be allowed to execute, wherein, the second dynamic password is used for verifying the resource operation.
According to a further aspect of embodiments of the present invention, there is also provided a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above-mentioned method embodiments when executed.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s1, receiving a resource operation instruction triggered by the execution of a first touch operation on the target device, wherein the resource operation instruction is used for instructing the execution of a resource operation in an application client running in the target device by using a target account;
s2, responding to the resource operation instruction, sending a resource operation request to the server, wherein the resource operation request is used for indicating an application client operated by using a target account in the target equipment to request to execute resource operation;
s3, when the target device is a binding device of the target account, acquiring a first target password input by executing a second touch operation on the target device, and sending the first target password to the server;
s4, generating a first dynamic password by using a token development kit in the target device;
s5, executing the resource handling operation if the first dynamic password matches a second dynamic password generated by the server, the second dynamic password being used to verify the resource handling operation.
Alternatively, in this embodiment, a person skilled in the art may understand that all or part of the steps in the methods of the foregoing embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
The integrated unit in the above embodiments, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in the above computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing one or more computer devices (which may be personal computers, servers, network devices, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (15)
1. An operation authentication method, comprising:
the method comprises the steps of obtaining a resource operation request sent by target equipment, wherein the resource operation request is used for indicating an application client running by using a target account in the target equipment to request to execute resource operation;
under the condition that the target equipment is determined to be the binding equipment of the target account according to the resource operation request, acquiring a first target password input by the target equipment;
under the condition that the first target password is matched with the verification password of the target account stored in the server, acquiring a first dynamic password dynamically generated for the resource processing operation by a token development kit in the target equipment;
and setting the authority of the target device to execute the resource operation to be allowed to execute under the condition that the first dynamic password is matched with a second dynamic password generated by the server, wherein the second dynamic password is used for verifying the resource operation.
2. The method of claim 1, further comprising, after the obtaining a first dynamic password dynamically generated by a token development kit in the target device for the resource operation:
acquiring a time interval of the token development kit in the target equipment for dynamically generating the first dynamic password;
and acquiring the second dynamic password corresponding to the resource operation request in the server according to the time interval.
3. The method of claim 1, after obtaining the resource operation request sent by the target device, further comprising:
sending a verification message to the binding device when the target device is not the binding device of the target account, wherein the verification message is used for informing the binding device that the target account requests to execute resource operation;
and under the condition that a confirmation instruction returned by the binding device is received, acquiring a second target password input by the binding device, wherein the confirmation instruction is used for confirming that the target account is allowed to execute the resource operation in the target device.
4. The method of claim 3, before obtaining the resource operation request sent by the target device, further comprising:
controlling the binding device to display a binding interface under the condition that the target account is registered in the binding device;
and under the condition that a binding instruction triggered by the binding interface is received, verifying the resource operation executed in the target account by using the second target password acquired in the binding equipment.
5. The method according to any one of claims 1 to 4, further comprising, after the obtaining of the first target password input by the target device:
decrypting the first target password by using an encryption machine to obtain the decrypted first target password;
the obtaining the first dynamic password dynamically generated for the resource processing operation by the token development kit in the target device under the condition that the first target password is matched with the verification password of the target account stored in the server includes:
and under the condition that the decrypted first target password is matched with the verification password of the target account stored in the server, acquiring the first dynamic password dynamically generated for the resource operation by the token development kit in the target device.
6. An operation authentication method, comprising:
receiving a resource operation instruction triggered by executing a first touch operation on a target device, wherein the resource operation instruction is used for instructing an application client running by using a target account number in the target device to execute a resource operation;
responding to the resource operation instruction, and sending a resource operation request to a server, wherein the resource operation request is used for indicating the application client operated by using the target account in the target equipment to request to execute resource operation;
under the condition that the target equipment is the binding equipment of the target account, acquiring a first target password input by executing second touch operation on the target equipment, and sending the first target password to the server;
generating a first dynamic password using a token development kit in the target device;
executing the resource processing operation if the first dynamic password matches a second dynamic password generated by the server, the second dynamic password being used to verify the resource processing operation.
7. The method of claim 6, further comprising, in the case that the target device is not a bound device of the target account:
and executing the resource operation under the condition that a confirmation instruction returned by the binding device is received and a second target password input by the binding device is matched with a verification password of the target account stored in the server, wherein the confirmation instruction is used for confirming that the target account is allowed to execute the resource operation in the target device.
8. The method of claim 6, wherein prior to the receiving the resource operation instruction triggered by the first touch operation performed on a target device, further comprising:
displaying a binding interface under the condition that the target account is registered in the target equipment;
and under the condition that a binding instruction triggered by the binding interface is received, confirming that the target equipment is the binding equipment of the target account, and verifying the resource operation executed in the target account by using the second target password acquired in the binding equipment.
9. The method according to any one of claims 6 to 8, wherein after the obtaining the first target password input by performing the second touch operation on the target device, the method further comprises:
encrypting the first target password by using an encryption machine to obtain the encrypted first target password;
the sending the first target password to the server includes:
and sending the encrypted first target password to the server.
10. An operation authentication apparatus, comprising:
a first obtaining unit, configured to obtain a resource operation request sent by a target device, where the resource operation request is used to instruct an application client running using a target account in the target device to request to perform a resource operation;
a second obtaining unit, configured to obtain a first target password input by the target device when it is determined that the target device is a binding device of the target account according to the resource operation request;
a third obtaining unit, configured to obtain, when the first target password matches a verification password of the target account stored in a server, a first dynamic password dynamically generated for the resource processing operation by a token development kit in the target device;
and the setting unit is used for setting the authority of the target equipment for executing the resource operation to be allowed to execute under the condition that the first dynamic password is matched with a second dynamic password generated by the server, wherein the second dynamic password is used for verifying the resource operation.
11. The apparatus of claim 10, further comprising:
a fourth obtaining unit, configured to obtain, after the obtaining of the first dynamic password dynamically generated by the token development kit in the target device for the resource operation, a time interval in which the first dynamic password is dynamically generated by the token development kit in the target device;
and a fifth obtaining unit, configured to obtain, in the server, the second dynamic password corresponding to the resource operation request according to the time interval.
12. An operation authentication apparatus, comprising:
the device comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving a resource operation instruction triggered by executing a first touch operation on a target device, and the resource operation instruction is used for indicating that a resource operation is executed in an application client running by using a target account in the target device;
a sending unit, configured to send a resource operation request to a server in response to the resource operation instruction, where the resource operation request is used to instruct the application client running using the target account in the target device to request to perform a resource operation;
a sixth obtaining unit, configured to, if the target device is a binding device of the target account, obtain a first target password input by performing a second touch operation on the target device, and send the first target password to the server;
a generating unit, configured to generate a first dynamic password using a token development kit in the target device;
a first execution unit, configured to execute the resource processing operation if the first dynamic password matches a second dynamic password generated by the server, where the second dynamic password is used to verify the resource processing operation.
13. The apparatus of claim 12, further comprising:
and a second execution unit, configured to, if the target device is not a binding device of the target account, execute the resource operation when a confirmation instruction returned by the binding device is received and a second target password input by the binding device matches a verification password of the target account stored in the server, where the confirmation instruction is used to confirm that the target account is allowed to execute the resource operation in the target device.
14. A computer-readable storage medium comprising a stored program, wherein the program when executed performs the method of any of claims 1 to 5 or any of claims 6 to 9.
15. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor is arranged to execute the method of any of claims 1 to 5 or any of claims 6 to 9 by means of the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010388894.1A CN111582876A (en) | 2020-05-09 | 2020-05-09 | Operation authentication method, device, storage medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010388894.1A CN111582876A (en) | 2020-05-09 | 2020-05-09 | Operation authentication method, device, storage medium and electronic device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111582876A true CN111582876A (en) | 2020-08-25 |
Family
ID=72125365
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010388894.1A Pending CN111582876A (en) | 2020-05-09 | 2020-05-09 | Operation authentication method, device, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111582876A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112995332A (en) * | 2021-03-26 | 2021-06-18 | 成都海地云信息技术有限公司 | Enterprise resource cloud management method and system based on cloud computing and big data technology |
| CN113191754A (en) * | 2021-04-26 | 2021-07-30 | 飞呗科技有限公司 | Game equipment transaction method, device, equipment and system based on block chain |
| CN114499964A (en) * | 2021-12-24 | 2022-05-13 | 青岛海尔科技有限公司 | Device control method and apparatus, storage medium, and electronic apparatus |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105656948A (en) * | 2016-03-30 | 2016-06-08 | 北京小米移动软件有限公司 | Account login method and device |
| CN106034123A (en) * | 2015-03-17 | 2016-10-19 | 中国移动通信集团湖北有限公司 | Authentication method, application system server and client |
| CN106204003A (en) * | 2015-04-29 | 2016-12-07 | 阿里巴巴集团控股有限公司 | The safe transfer method of virtual resource, Apparatus and system |
| CN110830471A (en) * | 2019-11-06 | 2020-02-21 | 北京一砂信息技术有限公司 | OTP (one time password) verification method, server, client and computer-readable storage medium |
-
2020
- 2020-05-09 CN CN202010388894.1A patent/CN111582876A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106034123A (en) * | 2015-03-17 | 2016-10-19 | 中国移动通信集团湖北有限公司 | Authentication method, application system server and client |
| CN106204003A (en) * | 2015-04-29 | 2016-12-07 | 阿里巴巴集团控股有限公司 | The safe transfer method of virtual resource, Apparatus and system |
| CN105656948A (en) * | 2016-03-30 | 2016-06-08 | 北京小米移动软件有限公司 | Account login method and device |
| CN110830471A (en) * | 2019-11-06 | 2020-02-21 | 北京一砂信息技术有限公司 | OTP (one time password) verification method, server, client and computer-readable storage medium |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112995332A (en) * | 2021-03-26 | 2021-06-18 | 成都海地云信息技术有限公司 | Enterprise resource cloud management method and system based on cloud computing and big data technology |
| CN112995332B (en) * | 2021-03-26 | 2021-09-17 | 成都海地云信息技术有限公司 | Enterprise resource cloud management method and system based on cloud computing and big data technology |
| CN113191754A (en) * | 2021-04-26 | 2021-07-30 | 飞呗科技有限公司 | Game equipment transaction method, device, equipment and system based on block chain |
| CN114499964A (en) * | 2021-12-24 | 2022-05-13 | 青岛海尔科技有限公司 | Device control method and apparatus, storage medium, and electronic apparatus |
| CN114499964B (en) * | 2021-12-24 | 2023-12-19 | 青岛海尔科技有限公司 | Equipment control method and device, storage medium and electronic device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111213171B (en) | Method and apparatus for secure offline payment | |
| CN100593166C (en) | Portable computing environment | |
| CN101427510B (en) | Digipass for the web-functional description | |
| EP2999189B1 (en) | Network authentication method for secure electronic transactions | |
| CN109992949B (en) | Equipment authentication method, over-the-air card writing method and equipment authentication device | |
| CN110601853A (en) | Block chain private key generation method and equipment | |
| CN110689332B (en) | Resource account binding method, storage medium and electronic device | |
| JP2018532301A (en) | User authentication method and apparatus | |
| CN110324276A (en) | A kind of method, system, terminal and electronic equipment logging in application | |
| CN112559993B (en) | Identity authentication method, device and system and electronic equipment | |
| JP2022549395A (en) | AUTHENTICATION METHOD, DEVICE, DEVICE AND COMPUTER-READABLE STORAGE MEDIUM | |
| CN102111271B (en) | Network security certification method and device thereof | |
| CN103714635A (en) | POS terminal and terminal master key downloading mode configuration method thereof | |
| CN104969201A (en) | Secure interface for invoking privileged operations | |
| TWI679556B (en) | Transaction method, device and system for virtual reality environment | |
| CN110458559B (en) | Transaction data processing method, device, server and storage medium | |
| CN110535807B (en) | Service authentication method, device and medium | |
| CN107493291A (en) | A kind of identity identifying method and device based on safety element SE | |
| CN112953970A (en) | Identity authentication method and identity authentication system | |
| CN111582876A (en) | Operation authentication method, device, storage medium and electronic device | |
| CN107506635B (en) | Online function opening method for identity card, mobile phone, trusted terminal and verification server | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| CN104978144A (en) | Gesture password input device and system and method for transaction based on system | |
| CA3214734A1 (en) | Secure sensor data distribution | |
| KR101792220B1 (en) | Method, mobile terminal, device and program for providing user authentication service of combining biometric authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200825 |