CN113034154B

CN113034154B - Identity authentication method, method for realizing login-free authorization component and respective devices

Info

Publication number: CN113034154B
Application number: CN202110484602.9A
Authority: CN
Inventors: 张志浩; 宋金生
Original assignee: Advanced New Technologies Co Ltd
Current assignee: Advanced New Technologies Co Ltd
Priority date: 2019-09-17
Filing date: 2019-09-17
Publication date: 2024-10-15
Anticipated expiration: 2039-09-17
Also published as: TW202113715A; CN113034154A; TWI786404B; CN110705989A; WO2021051884A1; CN110705989B

Abstract

The embodiment of the specification provides an identity authentication method, a method for realizing a login-free authorization component and respective devices, wherein the identity authentication method is applied to a third party application provided by a third party platform and comprises the following steps: when the identity of the user needs to be confirmed, according to the fact that the user has authorized the bank card to avoid boarding, the bank card information bound by the user on the third party platform is queried from the interior of the third party platform, the bank card information is sent to a bank server for identity authentication, because the third party application can obtain the bound bank card information from the interior of the third party platform according to the authorization, the user identity authentication is sent to the bank server for user identity authentication, so that the identity authentication at the bank server and subsequent business logic processing can be completed as long as the user has no login authorization of the bank card in the third party application, the second login is performed without inputting the information of the bank card, the simplicity and the high efficiency are realized, the user operation is simplified, and the user experience is improved.

Description

Identity authentication method, method for realizing login-free authorization component and respective devices

Technical Field

The embodiment of the specification relates to the technical field of computers, in particular to an identity authentication method and a method for realizing a login-free authorization component. One or more embodiments of the present specification relate to an identity authentication apparatus, an apparatus implementing a log-free authorization component, a computing device, and a computer-readable storage medium.

Background

Under the large background of the promotion of the small program by the third party platform, more and more merchants are willing to develop a third party application belonging to the third party platform on the third party platform, and the third party application is put into the business for various banks in the financial industry.

However, as each bank has a set of user systems, when a third party platform user logs in a third party application and uses a special service of the bank, the problem of secondary identity authentication is often encountered, and the user operation is complex, so that the user experience is greatly discounted.

Disclosure of Invention

In view of this, the embodiments of the present disclosure provide an identity authentication method and a method for implementing a login-free authorization component. One or more embodiments of the present specification also relate to an identity authentication apparatus, an apparatus implementing a log-free authorization component, a computing device, and a computer-readable storage medium that address the technical deficiencies of the prior art.

According to a first aspect of embodiments of the present disclosure, there is provided an identity authentication method applied to a third party application provided by a third party platform, including: when the identity of a user needs to be confirmed, judging whether the user has authorized the bank card to avoid boarding according to the bank card registration-free authorization status information of the user; inquiring the information of the bank card bound by the user on the third party platform from the interior of the third party platform under the condition that the user has authorized the bank card to avoid boarding; and sending the bank card information to a bank server so that the bank server can perform user identity authentication according to the bank card information.

Optionally, the method further comprises: and under the condition that the user does not authorize the bank card to avoid boarding, acquiring the authorization of the user to avoid boarding the bank card.

Optionally, when the identity of the user needs to be confirmed, determining whether the user has authorized the bank card to avoid boarding according to the bank card registration-free authorization status information of the user includes: when the identity of a user needs to be confirmed, calling a bank card registration-free authorization component so that the bank card registration-free authorization component responds to the call and judges whether the user has authorized the bank card to be registered or not according to the stored bank card registration-free authorization state information of the user; and under the condition that the user has authorized the bank card to avoid boarding, inquiring the bank card information bound by the user on the third party platform from the interior of the third party platform comprises the following steps: under the condition that the user has authorized the bank card to avoid boarding, acquiring the bank card information returned by the bank card anti-boarding authorization component; the bank card information is queried from the interior of the third party platform and returned to the third party application after the bank card registration-free authorization component obtains the user authorization under the condition that the bank card registration-free authorization component is not authorized by the user, or is queried from the interior of the third party platform and returned to the third party application under the condition that the bank card registration-free authorization component is not authorized by the user.

Optionally, the obtaining the bank card information returned by the bank card login-free authorization component when the user has authorized the bank card login-free, includes: and under the condition that the user has authorized the bank card to avoid boarding, acquiring the signed and encrypted bank card information returned by the bank card anti-boarding authorization component. The step of sending the bank card information to a bank server comprises the following steps: and sending the bank card information after the encryption of the sign-up to the bank server so that the bank server can carry out sign verification and decryption on the bank card information after the encryption of the sign-up, and carrying out user identity authentication according to the bank card information after the decryption.

Optionally, the method further comprises: sending a service request to the bank server, so that the server executes service logic corresponding to the service request after user identity authentication is completed, and returns service data to the third party application; and receiving the service data returned by the bank server.

Optionally, the sending the service request to the bank server includes: and sending the payment request to the bank server.

According to a second aspect of embodiments of the present disclosure, there is provided an identity authentication device configured in a third party application provided by a third party platform, including: and the authorization judging first module is configured to judge whether the user has authorized the bank card to avoid login according to the bank card login-free authorization state information of the user when the identity of the user needs to be confirmed. And the card inquiry first module is configured to inquire the information of the bank card bound by the user on the third party platform from the interior of the third party platform under the condition that the user has authorized the bank card to avoid boarding. The card sending first module is configured to send the bank card information to a bank server so that the bank server can conduct user identity authentication according to the bank card information.

Optionally, the method further comprises: and the authorization acquisition module is configured to acquire the authorization of the user to the bank card without login under the condition that the user does not authorize the bank card without login.

Optionally, the authorization judging first module is configured to call a bank card registration-free authorization component when the identity of the user needs to be confirmed, so that the bank card registration-free authorization component responds to the call and judges whether the user has authorized the bank card to stop according to the stored bank card registration-free authorization state information of the user. The card inquiry first module is configured to obtain the bank card information returned by the bank card login-free authorization component under the condition that the user has authorized the bank card login-free; the bank card information is queried from the interior of the third party platform and returned to the third party application after the bank card registration-free authorization component obtains the user authorization under the condition that the bank card registration-free authorization component is not authorized by the user, or is queried from the interior of the third party platform and returned to the third party application under the condition that the bank card registration-free authorization component is not authorized by the user.

Optionally, the card queries a first module configured to obtain the signed and encrypted information of the bank card returned by the bank card login-free authorization component under the condition that the user has authorized the bank card login-free. The card sending first module is configured to send the bank card information after the encryption of the sign-on to the bank server, so that the bank server can carry out sign verification and decryption on the bank card information after the encryption of the sign-on, and user identity authentication is carried out according to the bank card information after the decryption.

Optionally, the method further comprises: the request sending module is configured to send a service request to the bank server, so that the server executes service logic corresponding to the service request after user identity authentication is completed, and returns service data to the third party application. And the data receiving module is configured to receive the service data returned by the bank server.

Optionally, the request sending module is configured to send a payment request to the bank server.

According to a third aspect of embodiments of the present specification, there is provided a method of implementing a log-free authorization component, comprising: responding to the call of a third party application in a third party platform, and judging whether a user has authorized a bank card to avoid boarding according to the saved bank card to avoid boarding authorization state information of the user related to the call; inquiring the information of the bank card bound by the user on the third party platform from the interior of the third party platform under the condition that the user has authorized the bank card to avoid boarding; and sending the bank card information to the third party application so that the third party application sends the bank card information to a bank server, and the bank server performs user identity authentication according to the bank card information.

Optionally, the sending the bank card information to the third party application, so that the third party application sends the bank card information to a bank server, and the enabling the bank server to perform user identity authentication according to the bank card information includes: and sending the signed and encrypted bank card information to the third party application, so that the third party application sends the signed and encrypted bank card information to a bank server, and the bank server performs signature verification and decryption on the signed and encrypted bank card information and performs user identity authentication according to the decrypted bank card information.

Optionally, the querying the bank card information from the interior of the third party platform includes: and inquiring the bank card information from the interior of the third party platform through an open gateway, wherein the open gateway is used for signing and encrypting the bank card information.

According to a fourth aspect of embodiments of the present specification, there is provided an apparatus for implementing a log-free authorization component, comprising: and the authorization judging second module is configured to respond to the call of the third party application in the third party platform, and judge whether the user has authorized the bank card to avoid boarding according to the saved bank card registration-free authorization state information of the user related to the call. And the card inquiry second module is configured to inquire the information of the bank card bound by the user on the third party platform from the interior of the third party platform under the condition that the user has authorized the bank card to avoid boarding. And the card sending second module is configured to send the bank card information to the third party application, so that the third party application sends the bank card information to a bank server, and the bank server performs user identity authentication according to the bank card information.

Optionally, the card sending second module is configured to send the signed and encrypted information of the bank card to the third party application, so that the third party application sends the signed and encrypted information of the bank card to a bank server, and the bank server performs signature verification and decryption on the signed and encrypted information of the bank card, and performs user identity authentication according to the decrypted information of the bank card.

Optionally, the card inquiry second module is configured to inquire the bank card information from the interior of the third party platform through an open gateway, wherein the open gateway is used for signing and encrypting the bank card information.

According to a fifth aspect of embodiments of the present specification, there is provided a computing device comprising: a memory and a processor; the memory is for storing computer-executable instructions, and the processor is for executing the computer-executable instructions: when the identity of a user needs to be confirmed, judging whether the user has authorized the bank card to avoid boarding according to the bank card registration-free authorization status information of the user; inquiring the information of the bank card bound by the user on the third party platform from the interior of the third party platform under the condition that the user has authorized the bank card to avoid boarding; and sending the bank card information to a bank server so that the bank server can perform user identity authentication according to the bank card information.

According to a sixth aspect of embodiments of the present description, there is provided a computer readable storage medium storing computer instructions which, when executed by a processor, implement the steps of the identity authentication method of any of the embodiments of the present description.

According to a seventh aspect of embodiments of the present specification, there is provided a computing device comprising: a memory and a processor; the memory is for storing computer-executable instructions, and the processor is for executing the computer-executable instructions: responding to the call of a third party application in a third party platform, and judging whether a user has authorized a bank card to avoid boarding according to the saved bank card to avoid boarding authorization state information of the user related to the call; inquiring the information of the bank card bound by the user on the third party platform from the interior of the third party platform under the condition that the user has authorized the bank card to avoid boarding; and sending the bank card information to the third party application so that the third party application sends the bank card information to a bank server, and the bank server performs user identity authentication according to the bank card information.

According to an eighth aspect of embodiments of the present description, there is provided a computer readable storage medium storing computer instructions which, when executed by a processor, implement the steps of a method of implementing a log-free authorization component of any embodiment of the present description.

According to one aspect of the specification, the identity authentication method in one embodiment is applied to a third party application provided by a third party platform, when the identity of a user needs to be confirmed, according to the fact that the user authorizes a bank card to avoid logging, the bank card information bound by the user on the third party platform is queried from the inside of the third party platform, and the bank card information is sent to a bank server for identity authentication.

In another aspect of the present disclosure, a method for implementing a login-free authorization component in an embodiment, in response to a call of a third party application in a third party platform, queries, from an inside of the third party platform, information of a bank card bound by the user on the third party platform, and sends the information of the bank card to the third party application, so that the third party application sends the information of the bank card to a bank server for user identity authentication, because the login-free authorization component of the bank card that can be called by the third party application is implemented, the method has the advantages that the third party application can obtain the bank card information bound in the third party platform through the bank card registration-free authorization component under the condition of user authorization and send the bank card information to the bank server for user identity authentication, so that the identity authentication flow in a business scene of the card dimension such as balance inquiry, bill inquiry and the like is simplified for the third party application, the universal bank card registration-free authorization component is provided, the identity authentication and subsequent business logic processing at the bank server can be completed as long as the user has the bank card registration-free authorization, the input of the bank card information is not needed for secondary login, the method is simple and efficient, the user operation is simplified, and the user experience is improved.

Drawings

FIG. 1 is a flow chart of an identity authentication method according to one embodiment of the present disclosure;

Fig. 2 is a schematic structural diagram of an identity authentication device according to an embodiment of the present disclosure;

FIG. 3 is a schematic diagram of an identity authentication device according to one or more embodiments of the present disclosure;

FIG. 4 is a flow chart of a method of implementing a logon-free authorization component provided by one embodiment of the present disclosure;

FIG. 5 is a schematic diagram of a solution architecture of one or more embodiments of the present description;

FIG. 6 is a message interaction diagram of one or more embodiments of the present disclosure;

FIG. 7 is a schematic diagram of an apparatus for implementing a logon-free authorization component according to one embodiment of the present disclosure;

FIG. 8 is a block diagram of a computing device in accordance with one or more embodiments of the present description.

Detailed Description

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be embodied in many other forms than described herein and similarly generalized by those skilled in the art to whom this disclosure pertains without departing from the spirit of the disclosure and, therefore, this disclosure is not limited by the specific implementations disclosed below.

The terminology used in the one or more embodiments of the specification is for the purpose of describing particular embodiments only and is not intended to be limiting of the one or more embodiments of the specification. As used in this specification, one or more embodiments and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present specification refers to and encompasses any or all possible combinations of one or more of the associated listed items.

It should be understood that, although the terms first, second, etc. may be used in one or more embodiments of this specification to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first may also be referred to as a second, and similarly, a second may also be referred to as a first, without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "in response to a determination" depending on the context.

First, terms related to one or more embodiments of the present specification will be explained.

In the present specification, an identity authentication method and a method for implementing a login-free authorization component are provided, and the present specification also relates to an identity authentication apparatus, an apparatus for implementing a login-free authorization component, a computing device, and a computer-readable storage medium, which are described in detail in the following embodiments.

Fig. 1 shows a flowchart of an identity authentication method applied to a third party application provided by a third party platform according to one embodiment of the present disclosure, including steps 102 to 106.

Step 102: when the identity of the user needs to be confirmed, judging whether the user has authorized the bank card to avoid boarding according to the bank card registration-free authorization status information of the user.

For example, the bank card login-free authorization status information may include an authorized status or an unauthorized status.

Optionally, the user's authorization to avoid boarding the bank card may also be obtained if the user does not authorize the bank card to avoid boarding. For example, a dialog box for requesting authorization may be popped up at the third party, through which certain authorization information entered by the user is received, and the bank card login-free authorization status information is updated accordingly to an authorized status. By the implementation mode, the third party application can directly obtain the authorization to the user, the user does not need to additionally search a page for entering the authorization, and the authorization is timely, and the process is simple and efficient.

Step 104: and under the condition that the user has authorized the bank card to avoid boarding, inquiring the information of the bank card bound by the user on the third party platform from the interior of the third party platform.

For example, the bank card information may include bank card private information, such as a bank card number, a password, and the like. And the third party platform is a third party payment platform such as a payment bank and the like.

Optionally, a bank card registration-free authorization component may be provided, and when the identity of the user needs to be confirmed, the bank card registration-free authorization component is called, so that the bank card registration-free authorization component responds to the call, and judges whether the user has authorized the bank card to be registered or not according to the stored bank card registration-free authorization status information of the user. By providing the universal bank card login-free authorization component for the third party application, login-free authorization related logic of the third party application is simplified, the response speed of the third party application can be improved, and the user experience is improved. Accordingly, the third party application can obtain the bank card information returned by the bank card login-free authorization component under the condition that the user has authorized the bank card login-free. The bank card information can be queried from the interior of the third party platform and returned to the third party application after the bank card registration-free authorization component obtains the user authorization under the condition that the bank card registration-free authorization component determines that the user does not authorize the bank card registration-free, or queried from the interior of the third party platform and returned to the third party application under the condition that the bank card registration-free authorization component determines that the user has authorized the bank card registration-free.

Optionally, in order to ensure the security of the private information of the user, the third party application may obtain the signed and encrypted bank card information returned by the bank card sign-up-free authorization component when the user has authorized the bank card sign-up, and send the signed and encrypted bank card information to the bank server, so that the bank server performs sign verification and decryption on the signed and encrypted bank card information, and performs user identity authentication according to the decrypted bank card information. In the embodiment, the bank card information is always in an encryption state in the transmission process from the bank card login-free authorization component to the third party application and then from the third party application to the bank server, and the plaintext information is not decrypted until the bank server, so that the security of the privacy information of the user is ensured.

Step 106: and sending the bank card information to a bank server so that the bank server can perform user identity authentication according to the bank card information.

Optionally, a service request, such as a payment request, may be further sent to the bank server, so that after the user identity authentication is completed, the server executes service logic corresponding to the service request, returns service data to the third party application, and receives the service data returned by the bank server. Therefore, in the scene of inquiring business requests such as balance, bill detail, payment and the like, the user does not need to input bank card information again, and the user can complete identity authentication and subsequent business logic processing at a bank server side by performing bank card login-free authorization once in third party applications such as a bank applet and the like, so that the method is simple and efficient, simplifies user operation and improves user experience.

Therefore, when the identity authentication method provided by the embodiment of the specification needs to confirm the identity of the user at the bank server, the third party application can obtain the bound bank card information from the inside of the third party platform according to the authorization of the user and send the bound bank card information to the bank server for user identity authentication, so that the secondary identity authentication flow in a business scene of centralizing balance inquiry, bill inquiry and the like in card dimension is simplified, the identity authentication at the bank server and subsequent business logic processing can be completed as long as the user has no login authorization of the bank card in the third party application, the input of the bank card information is not needed for secondary login, the simplicity and the high efficiency are realized, the user operation is simplified, and the user experience is improved.

Corresponding to the above embodiment of the identity authentication method, the present disclosure further provides an embodiment of an identity authentication device, and fig. 2 shows a schematic structural diagram of an identity authentication device provided in one embodiment of the present disclosure. The identity authentication device can be configured in a third party application provided by a third party platform. As shown in fig. 2, the apparatus includes: authorization determination first module 202, card inquiry first module 204, card transmission first module 206.

The authorization determination first module 202 may be configured to determine, when the identity of the user needs to be confirmed, whether the user has authorized the bank card to avoid boarding according to the bank card registration-free authorization status information of the user.

The card inquiry first module 204 may be configured to inquire the information of the bank card bound by the user on the third party platform from the interior of the third party platform in the case that the user has authorized the bank card to avoid boarding.

The card sending first module 206 may be configured to send the bank card information to a bank server, so that the bank server performs user identity authentication according to the bank card information.

Fig. 3 is a schematic structural diagram of an identity authentication device according to one or more embodiments of the present disclosure. The identity authentication device can be configured in a third party application provided by a third party platform. As shown in fig. 3, the apparatus may further include: the authorization acquisition module 208 may be configured to acquire authorization of the user for bank card registration-free in case the user does not authorize bank card registration-free.

By the implementation mode, the third party application can directly obtain the authorization to the user, the user does not need to additionally search a page for entering the authorization, and the authorization is timely, and the process is simple and efficient.

Optionally, as shown in fig. 3, the authorization determination first module 202 may be configured to invoke a bank card registration-free authorization component when the identity of the user needs to be confirmed, so that the bank card registration-free authorization component responds to the invocation to determine whether the user has authorized the bank card registration-free according to the stored bank card registration-free authorization status information of the user. The card inquiry first module 204 may be configured to obtain the bank card information returned by the bank card login-free authorization component if the user has authorized the bank card login-free; the bank card information is queried from the interior of the third party platform and returned to the third party application after the bank card registration-free authorization component obtains the user authorization under the condition that the bank card registration-free authorization component is not authorized by the user, or is queried from the interior of the third party platform and returned to the third party application under the condition that the bank card registration-free authorization component is not authorized by the user. By providing the universal bank card login-free authorization component for the third party application, login-free authorization related logic of the third party application is simplified, the response speed of the third party application can be improved, and the user experience is improved.

Optionally, the card inquiry first module 204 may be configured to obtain the signed and encrypted bank card information returned by the bank card login-free authorization component when the user has authorized the bank card login-free. The card sending first module 206 may be configured to send the signed and encrypted bank card information to the bank server, so that the bank server performs signature verification and decryption on the signed and encrypted bank card information, and performs user identity authentication according to the decrypted bank card information. In the embodiment, the bank card information is always in an encryption state in the transmission process from the bank card login-free authorization component to the third party application and then from the third party application to the bank server, and the plaintext information is not decrypted until the bank server, so that the security of the privacy information of the user is ensured.

As shown in fig. 3, the apparatus may further include: the request sending module 210 may be configured to send a service request to the bank server, so that after the user identity authentication is completed, the server executes service logic corresponding to the service request, and returns service data to the third party application. The data receiving module 212 may be configured to receive the service data returned by the bank server.

For example, the request sending module 210 may be configured to send a payment request to the bank server.

Therefore, in the scene of inquiring business requests such as balance, bill detail, payment and the like, the user does not need to input bank card information again, and the user can complete identity authentication and subsequent business logic processing at a bank server side by performing bank card login-free authorization once in third party applications such as a bank applet and the like, so that the method is simple and efficient, simplifies user operation and improves user experience.

The foregoing is a schematic scheme of an identity authentication device of this embodiment. It should be noted that, the technical solution of the identity authentication device and the technical solution of the identity authentication method belong to the same concept, and details of the technical solution of the identity authentication device, which are not described in detail, can be referred to the description of the technical solution of the identity authentication method.

Fig. 4 shows a flowchart of a method for implementing a sign-on-exempt authorization component, according to one embodiment of the present description, including steps 402 to 406.

Step 402: responding to the call of a third party application in a third party platform, and judging whether the user has authorized the bank card to avoid boarding according to the saved bank card to avoid boarding authorization state information of the user related to the call.

For example, it may be determined by the authorization center whether the user has authorized the bank card to avoid boarding. The authorization center can be used for storing the bank card login-free authorization state information of the user and deciding whether the user is required to be authorized or not.

Step 404: and under the condition that the user has authorized the bank card to avoid boarding, inquiring the information of the bank card bound by the user on the third party platform from the interior of the third party platform.

For example, the user authorization may be obtained when it is determined that the user does not authorize the bank card to avoid boarding, the bank card authorization status information of the user may be updated, and the bank card information may be queried from the inside of the third party platform. And under the condition that the user is authorized to avoid boarding a bank card, inquiring the information of the bank card from the interior of the third party platform.

Optionally, the bank card information may be queried from the interior of the third party platform through an open gateway, where the open gateway is configured to sign and encrypt the bank card information. For example, encryption algorithms such as RSA, SHA256, etc. may be employed. In the embodiment, the bank card information is encrypted through the open gateway after being inquired from the inside of the third platform, and is always in an encrypted state in the whole transmission process, so that the security of the private information of the user is ensured.

Step 406: and sending the bank card information to the third party application so that the third party application sends the bank card information to a bank server, and the bank server performs user identity authentication according to the bank card information.

For example, the encrypted bank card information is sent to the third party application, so that the third party application sends the encrypted bank card information to a bank server, the bank server performs signature verification and decryption on the encrypted bank card information, and user identity authentication is performed according to the decrypted bank card information. In the embodiment, the bank card information is always in an encryption state in the transmission process from the bank card login-free authorization component to the third party application and then from the third party application to the bank server, so that the security of the private information of the user is ensured.

Therefore, the method for realizing the login-free authorization component provided by the embodiment of the specification realizes the login-free authorization component of the bank card which can be called by the third party application, so that the third party application can obtain the bank card information bound in the third party platform under the condition of user authorization and send the bank card information to the bank server for user identity authentication, thereby providing a general bank card login-free authorization component for the third party application in the secondary identity authentication process in the business scene of simplifying balance inquiry, bill inquiry and the like and concentrating on card dimension, and completing the identity authentication and subsequent business logic processing of the bank server as long as the user has no login-free authorization of the bank card in the third party application, and the method is simple and efficient, simplifies the user operation and improves the user experience.

To facilitate an understanding of one or more embodiments of the present disclosure, a schematic diagram of a solution architecture according to one or more embodiments of the present disclosure is described below in connection with fig. 5. As shown in fig. 5, in a solution architecture according to one or more embodiments of the present description, a five-layer structure may be included: a business scenario 502, an application layer 504, a bank card login-free authorization component layer 506, a base layer 508, and a data layer 510. The service scenario 502 may include: balance inquiry, bill detail, repayment inquiry, account information inquiry and the like. The application layer 504 may include: and the banking applet and the banking server. The functions of the bank card sign-up-exempt authorization component 506 may include: user authorization is performed through an authorization center of the base layer 508, bank card information inquiry is performed through an open gateway of the base layer 508, and signature encryption is performed through the open gateway of the base layer 508 and an encryption algorithm. The base layer 508 may include: the system comprises an open gateway, an authorization center, an applet platform for realizing a banking applet and an encryption algorithm. The bank card sign-up-exempt authorization component 506 is an application layer that sits on top of the open gateway, the authorization center, the encryption algorithm. The data layer 510 may include: such as user information, e.g., real name, cell phone number, etc., bank card information, bank information, e.g., bank name, bank abbreviation, etc. The bank server can return the user information, the bank card information and the bank information to the bank applet according to the implementation scene.

Based on the scheme architecture shown in fig. 5, when a user uses a banking applet developed by a bank on a third party platform, for the scenes of balance inquiry, bill inquiry and the like, the bottom layer can rely on basic functions such as an open gateway, an authorization center, an encryption algorithm and the like, so that privacy data such as the user's bank card information is encrypted through user authorization and whole-course use of an asymmetric encryption algorithm in the whole transmission process, thereby guaranteeing the universality and the safety of the user privacy information.

The flow of one or more embodiments of the present description based on the schema architecture shown in fig. 5 is described below in conjunction with the message interaction diagram shown in fig. 6. The specific steps include steps 602 to 634.

Step 602: the banking applet invokes the bank card no-entry authorization component in response to the user using a banking function, e.g., balance inquiry, bill statement, repayment inquiry, account information inquiry, etc., in accordance with which the banking function requires the identity authentication of the bank card information.

Step 604: the bank card login-free authorization component sends an authorization judgment request to an authorization center.

Step 606: and the authorization center responds to the received authorization judgment request, and judges whether the user has authorized the bank card to avoid boarding according to the bank card registration-free authorization state information of the user.

Step 608: and the authorization center returns the user unauthorized information to the small program of the bank under the condition that the user unauthorized bank card is judged to be free from being checked.

Step 610: the bank applet presents a request authorization dialog box to authorize the user based on the user unauthorized information.

Step 612: and sending confirmation authorization information of the user to the authorization center under the condition that the user confirms authorization.

Step 614: and the authorization center updates the bank card login-free authorization state information of the user according to the confirmation authorization information.

Step 616: and the authorization center sends a bank card information inquiry request to the open gateway under the condition that the user has authorized the bank card to avoid boarding.

Step 618: and the open gateway responds to the received bank card information inquiry request and sends an inquiry request for inquiring the bank card information of the user to the data service in the third party platform.

Step 620: and the open gateway receives the returned bank card information of the user from the data service of the third party platform.

Step 622: and the open gateway performs signing encryption on the bank card information.

Step 624: and the open gateway returns the signed and encrypted information of the bank card to the bank card login-free authorization component.

Step 626: the bank card sign-on-free authorization component returns the signed and encrypted bank card information to the bank applet.

Step 628: and the bank applet transmits the business request carrying the signed and encrypted bank card information to the bank server.

Step 630: and the bank server performs signature verification and decryption on the bank card information after signature encryption, performs user identity authentication according to the decrypted bank card information, and executes the service request after authentication is passed.

Step 632: and the bank server returns the business data corresponding to the business request to the bank applet.

Step 634: the banking applet renders the service page based on the received service data.

According to the embodiment, when a user accesses functions of the bank applet, the third party platform such as a payment bank is allowed to transmit the bank card information bound by the user to the bank applet for use by user authorization, the third party platform is used for identity confirmation, information inquiry and other business scenes, and a user privacy protection mechanism such as signature adding, encryption and the like is added in the bank card information transmission process, and the bank server side carries out processes such as signature verification, decryption and the like after the bank card information of the user is taken, and identifies the user identity and carries out subsequent business processing through the bank card information, so that the operation of inputting the bank card information by the user is omitted, the user operation steps are simplified, and the user experience is improved.

Corresponding to the above embodiment of the method for implementing the login-free authorization component, the present disclosure further provides an embodiment of an apparatus for implementing the login-free authorization component, and fig. 7 is a schematic structural diagram of an apparatus for implementing the login-free authorization component according to one embodiment of the present disclosure. As shown in fig. 7, the apparatus includes: authorization determination second module 702, card inquiry second module 704, and card transmission second module 706.

The authorization determination second module 702 may be configured to respond to a call of a third party application in a third party platform, and determine, for a user involved in the call, whether the user has authorized the bank card to avoid boarding according to the saved bank card registration-free authorization status information of the user.

The card inquiry second module 704 may be configured to inquire out, from the inside of the third party platform, the information of the bank card bound by the user at the third party platform, in case the user has authorized the bank card to be free from boarding.

The card sending second module 706 may be configured to send the bank card information to the third party application, so that the third party application sends the bank card information to a bank server, and the bank server performs user identity authentication according to the bank card information.

Optionally, the card sending second module 706 may be configured to send the signed and encrypted bank card information to the third party application, so that the third party application sends the signed and encrypted bank card information to a bank server, and the bank server performs signature verification and decryption on the signed and encrypted bank card information, and performs user identity authentication according to the decrypted bank card information. In the embodiment, the bank card information is always in an encryption state in the transmission process from the bank card login-free authorization component to the third party application and then from the third party application to the bank server, so that the security of the private information of the user is ensured.

Optionally, the card inquiry second module 704 may be configured to inquire the bank card information from the interior of the third party platform through an open gateway, where the open gateway is used for signing and encrypting the bank card information. In the embodiment, the bank card information is encrypted through the open gateway after being inquired from the inside of the third platform, and is always in an encrypted state in the whole transmission process, so that the security of the private information of the user is ensured.

The foregoing is a schematic solution of an apparatus for implementing a sign-on-free authorization component of the present embodiment. It should be noted that, the technical solution of the device for implementing the login-free authorization component and the technical solution of the method for implementing the login-free authorization component belong to the same concept, and details of the technical solution of the device for implementing the login-free authorization component, which are not described in detail, can be referred to the description of the technical solution of the method for implementing the login-free authorization component.

Fig. 8 illustrates a block diagram of a computing device 800 provided in accordance with one embodiment of the present description. The components of computing device 800 include, but are not limited to, memory 810 and processor 820. Processor 820 is coupled to memory 810 through bus 830 and database 850 is used to hold data.

Computing device 800 also includes access device 840, access device 840 enabling computing device 800 to communicate via one or more networks 860. Examples of such networks include the Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), or a combination of communication networks such as the internet. Access device 840 may include one or more of any type of network interface, wired or wireless (e.g., a Network Interface Card (NIC)), such as an IEEE802.11 Wireless Local Area Network (WLAN) wireless interface, a worldwide interoperability for microwave access (Wi-MAX) interface, an ethernet interface, a Universal Serial Bus (USB) interface, a cellular network interface, a bluetooth interface, a Near Field Communication (NFC) interface, and so forth.

In one embodiment of the present description, the above-described components of computing device 800, as well as other components not shown in FIG. 8, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device illustrated in FIG. 8 is for exemplary purposes only and is not intended to limit the scope of the present description. Those skilled in the art may add or replace other components as desired.

Computing device 800 may be any type of stationary or mobile computing device including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), mobile phone (e.g., smart phone), wearable computing device (e.g., smart watch, smart glasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 800 may also be a mobile or stationary server.

In one or more embodiments of an aspect of the present description, processor 820 may be configured to execute computer-executable instructions to:

When the identity of a user needs to be confirmed, judging whether the user has authorized the bank card to avoid boarding according to the bank card registration-free authorization status information of the user;

Inquiring the information of the bank card bound by the user on the third party platform from the interior of the third party platform under the condition that the user has authorized the bank card to avoid boarding;

and sending the bank card information to a bank server so that the bank server can perform user identity authentication according to the bank card information.

Optionally, when the identity of the user needs to be confirmed, determining whether the user has authorized the bank card to avoid boarding according to the bank card registration-free authorization status information of the user includes:

When the identity of a user needs to be confirmed, calling a bank card registration-free authorization component so that the bank card registration-free authorization component responds to the call and judges whether the user has authorized the bank card to be registered or not according to the stored bank card registration-free authorization state information of the user;

and under the condition that the user has authorized the bank card to avoid boarding, inquiring the bank card information bound by the user on the third party platform from the interior of the third party platform comprises the following steps:

under the condition that the user has authorized the bank card to avoid boarding, acquiring the bank card information returned by the bank card anti-boarding authorization component;

The bank card information is queried from the interior of the third party platform and returned to the third party application after the bank card registration-free authorization component obtains the user authorization under the condition that the bank card registration-free authorization component is not authorized by the user, or is queried from the interior of the third party platform and returned to the third party application under the condition that the bank card registration-free authorization component is not authorized by the user.

Optionally, the obtaining the bank card information returned by the bank card login-free authorization component when the user has authorized the bank card login-free, includes:

under the condition that the user has authorized the bank card to avoid boarding, acquiring the signed and encrypted bank card information returned by the bank card login-free authorization component;

The step of sending the bank card information to a bank server comprises the following steps:

And sending the bank card information after the encryption of the sign-up to the bank server so that the bank server can carry out sign verification and decryption on the bank card information after the encryption of the sign-up, and carrying out user identity authentication according to the bank card information after the decryption.

Optionally, the method further comprises:

sending a service request to the bank server, so that the server executes service logic corresponding to the service request after user identity authentication is completed, and returns service data to the third party application;

and receiving the service data returned by the bank server.

Optionally, the sending the service request to the bank server includes:

And sending the payment request to the bank server.

The foregoing is a schematic illustration of a computing device of this embodiment. It should be noted that, the technical solution of the computing device and the technical solution of the identity authentication method belong to the same concept, and details of the technical solution of the computing device, which are not described in detail, can be referred to the description of the technical solution of the identity authentication method.

In one or more embodiments of another aspect of the present description, processor 820 may be configured to execute computer-executable instructions to:

Responding to the call of a third party application in a third party platform, and judging whether a user has authorized a bank card to avoid boarding according to the saved bank card to avoid boarding authorization state information of the user related to the call;

and sending the bank card information to the third party application so that the third party application sends the bank card information to a bank server, and the bank server performs user identity authentication according to the bank card information.

Optionally, the sending the bank card information to the third party application, so that the third party application sends the bank card information to a bank server, and the enabling the bank server to perform user identity authentication according to the bank card information includes:

and sending the signed and encrypted bank card information to the third party application, so that the third party application sends the signed and encrypted bank card information to a bank server, and the bank server performs signature verification and decryption on the signed and encrypted bank card information and performs user identity authentication according to the decrypted bank card information.

Optionally, the querying the bank card information from the interior of the third party platform includes:

and inquiring the bank card information from the interior of the third party platform through an open gateway, wherein the open gateway is used for signing and encrypting the bank card information.

The foregoing is a schematic illustration of a computing device of this embodiment. It should be noted that, the technical solution of the computing device and the technical solution of the method for implementing the login-free authorization component belong to the same concept, and details of the technical solution of the computing device, which are not described in detail, can be referred to the description of the technical solution of the method for implementing the login-free authorization component.

In one aspect, an embodiment of the present specification further provides a computer readable storage medium storing computer instructions that, when executed by a processor, are configured to:

Optionally, the method further comprises:

and receiving the service data returned by the bank server.

Optionally, the sending the service request to the bank server includes:

And sending the payment request to the bank server.

The above is an exemplary version of a computer-readable storage medium of the present embodiment. It should be noted that, the technical solution of the storage medium and the technical solution of the identity authentication method described above belong to the same concept, and details of the technical solution of the storage medium which are not described in detail can be referred to the description of the technical solution of the identity authentication method described above.

In another aspect, an embodiment of the present disclosure also provides a computer-readable storage medium storing computer instructions that, when executed by a processor, are configured to:

The above is an exemplary version of a computer-readable storage medium of the present embodiment. It should be noted that, the technical solution of the storage medium and the technical solution of the method for implementing the login-free authorization component belong to the same concept, and details of the technical solution of the storage medium, which are not described in detail, can be referred to the description of the technical solution of the method for implementing the login-free authorization component.

The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

The computer instructions include computer program code that may be in source code form, object code form, executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.

It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of combinations of actions, but it should be understood by those skilled in the art that the embodiments are not limited by the order of actions described, as some steps may be performed in other order or simultaneously according to the embodiments of the present disclosure. Further, those skilled in the art will appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily all required for the embodiments described in the specification.

In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.

The preferred embodiments of the present specification disclosed above are merely used to help clarify the present specification. Alternative embodiments are not intended to be exhaustive or to limit the invention to the precise form disclosed. Obviously, many modifications and variations are possible in light of the teaching of the embodiments. The embodiments were chosen and described in order to best explain the principles of the embodiments and the practical application, to thereby enable others skilled in the art to best understand and utilize the invention. This specification is to be limited only by the claims and the full scope and equivalents thereof.

Claims

1. An identity authentication method applied to an identity authentication flow under a business scene of a card dimension of a third party application provided by a third party platform comprises the following steps:

when the identity of a user needs to be confirmed, judging whether the user has login-free authorization aiming at the business scene of the card dimension according to the information of the authorized state or the unauthorized state of the business scene of the card dimension by the user;

inquiring privacy data of card dimensions bound by the user on the third party platform from the inside of the third party platform under the condition that the user is free from login authorization;

And sending the privacy data of the card dimension bound by the user on the third party platform to a server, wherein the server is a server of a business scene of the card dimension, so that the server can perform user identity authentication according to the privacy data.

2. The method of claim 1, further comprising:

and under the condition that the user is not authorized, acquiring the authorization of the user.

3. The method of claim 1, wherein the determining whether the user has been authorized for the card-dimensional business scenario without login according to the information of the authorized state or the unauthorized state of the user for the card-dimensional business scenario when the user identity needs to be confirmed comprises:

When the identity of a user needs to be confirmed, calling a login-free authorization component so that the login-free authorization component responds to the call and judges whether the user is login-free according to the stored information of the authorized state or the unauthorized state;

and under the condition that the user is free from login authorization, inquiring the privacy data of the card dimension bound by the user on the third party platform from the interior of the third party platform, wherein the privacy data comprises the following steps:

obtaining the privacy data returned by the login-free authorization component under the condition that the user is free from login authorization;

The privacy data is queried from the interior of the third party platform and returned to the third party application after the login-free authorization component obtains the user authorization under the condition that the user is not authorized, or is queried from the interior of the third party platform and returned to the third party application under the condition that the login-free authorization component determines that the user is authorized.

4. The method of claim 3, wherein the obtaining privacy data returned by the no-boarding authorization component if the user has no-boarding authorization comprises:

under the condition that the user is free from login authorization, private data after signing and encryption returned by the login-free authorization component is obtained;

The step of sending the privacy data of the card dimension bound by the user on the third party platform to the server side comprises the following steps:

and sending the privacy data after the encryption of the sign to the server so that the server can carry out sign verification and decryption on the privacy data after the encryption of the sign, and carrying out user identity authentication according to the privacy data after the decryption.

5. The method of claim 1, further comprising:

Sending a service request to the server so that the server executes service logic corresponding to the service request after user identity authentication is completed, and returning service data to the third party application;

and receiving the service data returned by the server.

6. An identity authentication device, configured in a third party application provided by a third party platform, for implementing an identity authentication procedure under a service scenario of a card dimension, includes:

The authorization judging first module is configured to judge whether the user is authorized to log on the service scene of the card dimension according to the authorized state or unauthorized state information of the service scene of the card dimension when the identity of the user needs to be confirmed;

The card inquiry first module is configured to inquire the privacy data of the card dimension bound by the user on the third party platform from the inside of the third party platform under the condition that the user is free from login authorization;

The card sending first module is configured to send the privacy data of the card dimension bound by the user on the third party platform to a server, wherein the server is a server of a business scene of the card dimension, so that the server can perform user identity authentication according to the privacy data.

7. The apparatus of claim 6, further comprising:

And the authorization acquisition module is configured to acquire the authorization of the user under the condition that the user is not authorized.

8. The apparatus of claim 6, wherein the authorization determination first module is configured to invoke a no-sign-on authorization component when the identity of the user needs to be confirmed, so that the no-sign-on authorization component determines whether the user has no sign-on authorization according to the saved information of the authorized state or the unauthorized state in response to the invocation;

The card inquires a first module which is configured to obtain privacy data returned by the login-free authorization component under the condition that the user is login-free authorized; the privacy data is queried from the interior of the third party platform and returned to the third party application after the login-free authorization component obtains the user authorization under the condition that the user is not authorized, or is queried from the interior of the third party platform and returned to the third party application under the condition that the login-free authorization component determines that the user is authorized.

9. The apparatus of claim 8, wherein the card queries a first module configured to obtain signed and encrypted privacy data returned by the sign-on-authorization-exempt component if the user has been sign-on-authorized;

The card sending first module is configured to send the encrypted privacy data to the server so that the server can perform signature verification and decryption on the encrypted privacy data, and user identity authentication is performed according to the decrypted privacy data.

10. The apparatus of claim 6, further comprising:

the request sending module is configured to send a service request to the server so that the server executes service logic corresponding to the service request after user identity authentication is completed and returns service data to the third party application;

And the data receiving module is configured to receive the service data returned by the server.

11. A method for implementing a sign-on-free authorization component for implementing an identity authentication procedure in a business scenario of a card dimension, comprising:

Responding to the call of a third party application in a third party platform, and judging whether a user is authorized to log on for the business scene of the card dimension according to the stored information of the authorized state or the unauthorized state of the business scene of the card dimension for the user involved in the call;

Inquiring privacy data of card dimensions bound by the user on a third party platform from the inside of the third party platform under the condition that the user is free from login authorization;

and sending the privacy data of the card dimension bound by the user on the third party platform to the third party application so that the third party application can send the privacy data to a server, wherein the server is a server of a business scene of the card dimension, and the server can perform user identity authentication according to the privacy data.

12. The method of claim 11, wherein the sending the privacy data of the card dimension bound by the user on the third party platform to the third party application, so that the third party application sends the privacy data to a server, where the server is a server of a business scenario of the card dimension, and the enabling the server to perform user identity authentication according to the privacy data includes:

And sending the privacy data after the encryption of the sign to the third party application so that the third party application sends the privacy data after the encryption of the sign to a server, so that the server performs sign verification and decryption on the privacy data after the encryption of the sign, and performs user identity authentication according to the privacy data after the decryption.

13. The method of claim 12, wherein the querying the privacy data of the card dimension bound by the user at the third party platform from the interior of the third party platform comprises:

And inquiring the privacy data from the interior of the third party platform through an open gateway, wherein the open gateway is used for signing and encrypting the privacy data.

14. An apparatus for implementing a log-free authorization component for implementing an identity authentication procedure in a business scenario of a card dimension, comprising:

The authorization judging second module is configured to respond to the call of the third party application in the third party platform, and judge whether the user is authorized to log on the service scene of the card dimension according to the stored information of the authorized state or the unauthorized state of the service scene of the card dimension for the user related to the call;

The card inquiry second module is configured to inquire the privacy data of the card dimension bound by the user in the third party platform from the inside of the third party platform under the condition that the user is free from login authorization;

The card sending second module is configured to send the privacy data of the card dimension bound by the user on the third party platform to the third party application, so that the third party application sends the privacy data to a server, and the server is a server of a business scene of the card dimension, so that the server performs user identity authentication according to the privacy data.

15. The apparatus of claim 14, wherein the card sends a second module configured to

16. The apparatus of claim 15, wherein the card query second module is configured to query the privacy data from inside the third party platform through an open gateway for signing encryption of the privacy data.

17. A computing device, comprising:

a memory and a processor;

The memory is for storing computer-executable instructions, and the processor is for executing the computer-executable instructions:

When a third party application provided by a third party platform needs to confirm the identity of a user, judging whether the user is authorized to log on for the business scene of the card dimension according to the information of the authorized state or the unauthorized state of the business scene of the card dimension, wherein the third party application is used for realizing the identity authentication flow under the business scene of the card dimension;

and the third party application transmits the privacy data of the card dimension bound by the user on the third party platform to a server, wherein the server is a server of a business scene of the card dimension, so that the server can perform user identity authentication according to the privacy data.

18. A computer readable storage medium storing computer instructions which, when executed by a processor, implement the steps of the identity authentication method of any one of claims 1 to 5.

19. A computing device for implementing an identity authentication procedure in a business scenario for a card dimension, comprising:

a memory and a processor;

20. A computer readable storage medium storing computer instructions which, when executed by a processor, implement the steps of the method of implementing a log-free authorization component of any one of claims 11 to 13.