CN106506459B

CN106506459B - Identity information verification method and device

Info

Publication number: CN106506459B
Application number: CN201610901831.5A
Authority: CN
Inventors: 张军; 潘俊; 衣少君
Original assignee: Beijing Xiaomi Mobile Software Co Ltd
Current assignee: Beijing Xiaomi Mobile Software Co Ltd
Priority date: 2016-10-17
Filing date: 2016-10-17
Publication date: 2019-08-30
Anticipated expiration: 2036-10-17
Also published as: CN106506459A

Abstract

The present disclosure relates to a method and device for verifying identity information, belonging to the field of network technology. The method includes: when it is detected that an identity verification event of a user account is triggered, acquiring historical usage information of the user account, the historical usage information being the The information used by the user account for network operations before the current time. Based on the historical usage information, an identity verification request message is generated, and the identity verification request message is sent to the user terminal that currently triggers the identity verification event. When receiving the user When the terminal sends an identity verification response message based on the identity verification request message, it verifies the identity information based on the identity verification response message and the historical usage information. Therefore, the user does not need to deliberately remember the information, which avoids the situation that the user is easy to forget, and provides convenience for the user.

Description

Identity information verification method and device

技术领域technical field

本公开涉及网络技术领域，尤其涉及一种身份信息验证方法及装置。The present disclosure relates to the field of network technology, in particular to a method and device for verifying identity information.

背景技术Background technique

随着网络技术的不断发展，邮箱账号、即时通信账号、网络银行账号、社交网络账号等在人们的日常生活中担当着重要的角色，与此同时，针对该类账号，用户通常设置不同的密码。在实际使用过程中，在某些情况下，通常需要对用户的身份信息进行验证，例如，当用户需要对所设置的密码进行修改时，或者，当用户输入的密码与账号不匹配时等。With the continuous development of network technology, email accounts, instant messaging accounts, online bank accounts, social network accounts, etc. play an important role in people's daily life. At the same time, users usually set different passwords for such accounts. . In actual use, in some cases, it is usually necessary to verify the user's identity information, for example, when the user needs to modify the set password, or when the password entered by the user does not match the account number, etc.

相关技术中，身份信息验证的过程通常包括：在设置初始密码时，账号管理服务器为用户提供多个问题，用户从该多个问题中选择至少一个问题，填写该至少一个问题的答案，并通过终端发送至该账号管理服务器，账号管理服务器将该至少一个问题和答案进行对应存储。当需要对身份信息进行验证时，该账号管理服务器再次为用户提供上述至少一个问题，用户需要填写该至少一个问题的答案，之后，通过终端将所填写的答案发送至该账号管理服务器，该账号管理服务器对用户所填写的答案进行验证，即判断用户所填写的答案与该用户设置最初密码时设置的答案是否相同，如果相同，则确定身份信息验证通过。In related technologies, the process of identity information verification usually includes: when setting the initial password, the account management server provides the user with multiple questions, the user selects at least one question from the multiple questions, fills in the answer to the at least one question, and passes The terminal sends the message to the account management server, and the account management server stores the at least one question and the answer correspondingly. When the identity information needs to be verified, the account management server provides the user with at least one of the above questions again, and the user needs to fill in the answer to the at least one question, and then sends the filled answer to the account management server through the terminal. The management server verifies the answer filled in by the user, that is, judges whether the answer filled in by the user is the same as the answer set when the user sets the initial password, and if they are the same, then it is determined that the identity information verification is passed.

发明内容Contents of the invention

为克服相关技术中存在的问题，本公开提供一种身份信息验证方法及装置。In order to overcome the problems existing in related technologies, the present disclosure provides a method and device for verifying identity information.

第一方面，提供一种身份信息验证方法，所述方法包括：In a first aspect, a method for verifying identity information is provided, the method comprising:

当检测到用户账号的身份验证事件被触发时，获取所述用户账号的历史使用信息，所述历史使用信息为所述用户账号在当前时间之前进行网络操作时所使用的信息；When it is detected that the identity verification event of the user account is triggered, the historical usage information of the user account is obtained, the historical usage information is the information used by the user account to perform network operations before the current time;

基于所述历史使用信息，生成身份验证请求消息；Generate an identity verification request message based on the historical usage information;

将所述身份验证请求消息发送至当前触发所述身份验证事件的用户终端；sending the identity verification request message to the user terminal currently triggering the identity verification event;

当接收到所述用户终端基于所述身份验证请求消息发送的身份验证响应消息时，基于所述身份验证响应消息和所述历史使用信息，对身份信息进行验证。When receiving the identity verification response message sent by the user terminal based on the identity verification request message, verify the identity information based on the identity verification response message and the historical use information.

可选地，所述获取所述用户账号的历史使用信息，包括：Optionally, the obtaining historical usage information of the user account includes:

向数据服务器发送信息获取请求，所述信息获取请求携带所述用户账号，所述信息获取请求用于指示所述数据服务器获取并返回所述用户账号的历史使用信息；sending an information acquisition request to the data server, where the information acquisition request carries the user account, and the information acquisition request is used to instruct the data server to acquire and return historical usage information of the user account;

接收所述数据服务器发送的所述历史使用信息。receiving the historical usage information sent by the data server.

可选地，所述基于所述历史使用信息，生成身份验证请求消息，包括：Optionally, the generating an identity verification request message based on the historical usage information includes:

按照指定策略，获取所述历史使用信息中的部分信息；Obtain part of the historical usage information according to the specified policy;

基于所述部分信息，生成第一验证请求消息，所述第一验证请求消息用于指示基于所述部分信息对所述历史使用信息中除了所述部分信息之外的其它信息进行补充；Based on the partial information, generate a first verification request message, where the first verification request message is used to indicate that information other than the partial information in the historical usage information should be supplemented based on the partial information;

将所述第一验证请求消息确定为所述身份验证请求消息。Determine the first verification request message as the identity verification request message.

当所述历史使用信息为电话号码时，在所述历史使用信息中随机添加多个电话号码；When the historical usage information is a phone number, randomly add a plurality of phone numbers to the historical usage information;

基于添加后的历史使用信息，生成第二验证请求消息，所述第二验证请求消息用于指示从添加后的历史使用信息中选出所述历史使用信息；Based on the added historical usage information, generate a second verification request message, where the second verification request message is used to indicate to select the historical usage information from the added historical usage information;

将所述第二验证请求消息确定为所述身份验证请求消息。determining the second verification request message as the identity verification request message.

当所述历史使用信息中包括图片和所述图片的图片信息时，基于所述图片生成第三验证请求消息，所述第三验证请求消息用于指示填写所述图片的图片信息；When the historical usage information includes a picture and picture information of the picture, generating a third verification request message based on the picture, the third verification request message is used to indicate to fill in the picture information of the picture;

将所述第三验证请求消息确定为所述身份验证请求消息。Determine the third verification request message as the identity verification request message.

当所述历史使用信息还包括安全等级标识时，从所述历史使用信息中选择与所述安全等级标识对应的目标使用信息，所述安全等级标识用于指示所需验证的历史使用信息；When the historical usage information further includes a security level identifier, selecting target usage information corresponding to the security level identifier from the historical usage information, the security level identifier being used to indicate historical usage information that needs to be verified;

基于所述目标使用信息，生成所述身份验证请求消息。The identity verification request message is generated based on the target usage information.

可选地，所述基于所述身份验证响应消息和所述历史使用信息，对身份信息进行验证，包括：Optionally, the verifying identity information based on the identity verification response message and the historical usage information includes:

获取所述身份验证响应消息中携带的第一验证信息，所述第一验证信息至少包括所述部分信息；Acquire first verification information carried in the identity verification response message, where the first verification information includes at least the partial information;

当所述第一验证信息与所述历史使用信息相同时，确定所述身份信息验证通过；When the first verification information is the same as the historical use information, determine that the identity information has been verified;

当所述第一验证信息与所述历史使用信息不相同时，确定所述身份信息验证未通过。When the first verification information is different from the historical usage information, it is determined that the verification of the identity information fails.

获取所述身份验证响应消息中携带的第二验证信息；Obtain the second verification information carried in the identity verification response message;

当所述第二验证信息与所述电话号码相同时，确定所述身份信息验证通过；When the second verification information is the same as the phone number, determine that the identity information has been verified;

当所述第二验证信息与所述电话号码不相同时，确定所述身份信息验证未通过。When the second verification information is different from the phone number, it is determined that the verification of the identity information fails.

获取所述身份验证响应消息中携带的第三验证信息；Obtain the third verification information carried in the identity verification response message;

当所述第三验证信息与所述图片信息相同时，确定所述身份信息验证通过；When the third verification information is the same as the picture information, it is determined that the verification of the identity information is passed;

当所述第三验证信息与所述图片信息不相同时，确定所述身份信息验证未通过。When the third verification information is different from the picture information, it is determined that the verification of the identity information fails.

可选地，所述确定所述身份信息验证未通过之后，还包括：Optionally, after determining that the authentication of the identity information fails, the method further includes:

重新发送所述身份验证请求消息，并对重新发送所述身份验证请求消息的次数进行统计；Resending the identity verification request message, and counting the number of times the identity verification request message is resent;

当重新发送所述身份验证请求消息的次数大于或等于预设阈值时，停止重新发送所述身份验证请求消息。When the number of times of resending the identity verification request message is greater than or equal to a preset threshold, stop resending the identity verification request message.

可选地，获取所述用户账号的历史使用信息之前，还包括：Optionally, before obtaining the historical usage information of the user account, it also includes:

当检测到所述用户账号与密码不匹配的次数达到预设次数时，触发所述用户账号的身份验证事件；或When it is detected that the number of times that the user account does not match the password reaches a preset number of times, an identity verification event of the user account is triggered; or

当接收到修改密码请求时，触发所述用户账号的身份验证事件。When receiving a password modification request, an identity verification event of the user account is triggered.

第二方面，提供一种身份信息验证装置，所述装置包括：In a second aspect, an identity information verification device is provided, the device comprising:

获取模块，用于当检测到用户账号的身份验证事件被触发时，获取所述用户账号的历史使用信息，所述历史使用信息为所述用户账号在当前时间之前进行网络操作时所使用的信息；An acquisition module, configured to acquire historical usage information of the user account when it is detected that the identity verification event of the user account is triggered, the historical usage information being the information used by the user account for network operations before the current time ;

生成模块，用于基于所述获取模块获取的所述历史使用信息，生成身份验证请求消息；A generating module, configured to generate an identity verification request message based on the historical usage information acquired by the acquiring module;

发送模块，用于将所述生成模块生成的所述身份验证请求消息发送至当前触发所述身份验证事件的用户终端；a sending module, configured to send the identity verification request message generated by the generation module to the user terminal currently triggering the identity verification event;

验证模块，用于当接收到所述用户终端基于所述身份验证请求消息发送的身份验证响应消息时，基于所述身份验证响应消息和所述历史使用信息，对身份信息进行验证。A verification module, configured to verify identity information based on the identity verification response message and the historical usage information when receiving the identity verification response message sent by the user terminal based on the identity verification request message.

可选地，所述获取模块用于：Optionally, the acquisition module is used for:

可选地，所述生成模块用于：Optionally, the generating module is used for:

可选地，所述生成模块还用于：Optionally, the generating module is also used for:

可选地，所述验证模块用于：Optionally, the verification module is used for:

可选地，所述验证模块还用于：Optionally, the verification module is also used for:

可选地，所述装置还包括：Optionally, the device also includes:

统计模块，用于重新发送所述身份验证请求消息，并对重新发送所述身份验证请求消息的次数进行统计；A statistics module, configured to resend the identity verification request message, and count the number of times the identity verification request message is resent;

停止模块，用于当重新发送所述身份验证请求消息的次数大于或等于预设阈值时，停止重新发送所述身份验证请求消息。A stop module, configured to stop resending the identity verification request message when the number of times the identity verification request message is resent is greater than or equal to a preset threshold.

可选地，所述装置还包括触发模块，所述触发模块用于：Optionally, the device further includes a trigger module, and the trigger module is used for:

第三方面，提供了一种身份信息验证装置，所述装置包括：In a third aspect, an identity information verification device is provided, the device comprising:

处理器；processor;

用于存储处理器可执行指令的存储器；memory for storing processor-executable instructions;

其中，所述处理器被配置为：Wherein, the processor is configured as:

本公开的实施例提供的技术方案可以包括以下有益效果：The technical solutions provided by the embodiments of the present disclosure may include the following beneficial effects:

在本公开实施例中，当服务器检测到用户账号的身份验证事件被触发时，说明需要对该用户的身份信息进行验证，该服务器获取该用户账号在当前时间之前进行网络操作时所使用的历史使用信息，也即是，该历史使用信息是该用户日常进行网络操作时所使用的信息，例如，该历史使用信息可以为收货地址信息等，该服务器基于该历史使用信息，生成身份验证请求消息，之后，将该身份验证请求消息发送至用户终端，当该服务器基于该身份验证请求消息接收到该用户终端发送的身份验证响应消息时，该服务器基于该身份验证响应消息，对该用户的身份信息进行验证，由于该历史使用信息是用户日常进行网络操作时所使用的信息，因此，不需要用户刻意地记住，避免了用户容易忘记的情况，为用户提供了方便。In the embodiment of the present disclosure, when the server detects that the identity verification event of the user account is triggered, it indicates that the identity information of the user needs to be verified, and the server obtains the history used by the user account for network operations before the current time. Usage information, that is, the historical usage information is the information used by the user in daily network operations, for example, the historical usage information can be delivery address information, etc., and the server generates an identity verification request based on the historical usage information message, and then send the identity verification request message to the user terminal, when the server receives the identity verification response message sent by the user terminal based on the identity verification request message, the server based on the identity verification response message, the user's Identity information is verified. Since the historical usage information is the information used by the user in daily network operations, the user does not need to remember it deliberately, avoiding the situation that the user is easy to forget, and providing convenience for the user.

应当理解的是，以上的一般描述和后文的细节描述仅是示例性和解释性的，并不能限制本公开。It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the present disclosure.

附图说明Description of drawings

此处的附图被并入说明书中并构成本说明书的一部分，示出了符合本公开的实施例，并与说明书一起用于解释本公开的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description serve to explain the principles of the disclosure.

图1A是根据一示例性实施例示出的一种实施环境示意图。Fig. 1A is a schematic diagram showing an implementation environment according to an exemplary embodiment.

图1B是根据一示例性实施例示出的一种身份信息验证方法的流程图。Fig. 1B is a flowchart showing a method for verifying identity information according to an exemplary embodiment.

图2A是根据另一示例性实施例示出的一种身份信息验证方法的流程图。Fig. 2A is a flow chart showing a method for verifying identity information according to another exemplary embodiment.

图2B是图2A实施例所涉及的一种登录界面的显示示意图。Fig. 2B is a schematic display of a login interface involved in the embodiment of Fig. 2A.

图2C(1)是图2A实施例所涉及的一种身份验证请求消息的显示示意图。Fig. 2C(1) is a schematic display of an identity verification request message involved in the embodiment of Fig. 2A.

图2C(2)是图2A实施例所涉及的另一种身份验证请求消息的显示示意图。Fig. 2C(2) is a schematic display of another identity verification request message involved in the embodiment of Fig. 2A.

图2D是图2A实施例所涉及的另一种身份验证请求消息的显示示意图。Fig. 2D is a schematic display diagram of another identity verification request message involved in the embodiment of Fig. 2A.

图3A是根据一示例性实施例示出的一种身份信息验证装置的框图。Fig. 3A is a block diagram of an identity information verification device according to an exemplary embodiment.

图3B是根据另一示例性实施例示出的一种身份信息验证装置的框图。Fig. 3B is a block diagram of an identity information verification device according to another exemplary embodiment.

图3C是根据另一示例性实施例示出的一种身份信息验证装置的框图。Fig. 3C is a block diagram of an identity information verification device according to another exemplary embodiment.

图4是根据一示例性实施例示出的一种身份信息验证装置400的框图。Fig. 4 is a block diagram of an identity information verification device 400 according to an exemplary embodiment.

具体实施方式Detailed ways

这里将详细地对示例性实施例进行说明，其示例表示在附图中。下面的描述涉及附图时，除非另有表示，不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本公开相一致的所有实施方式。相反，它们仅是与如所附权利要求书中所详述的、本公开的一些方面相一致的装置和方法的例子。Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatuses and methods consistent with aspects of the present disclosure as recited in the appended claims.

图1A是根据一示例性实施例示出的一种实施环境示意图，该实施环境中主要包括用户终端110、账号管理服务器120和数据服务器130。其中，该数据服务器130分别与该用户终端110和该账号管理服务器120之间通过有线网络或者无线网络建立通信连接。Fig. 1A is a schematic diagram showing an implementation environment according to an exemplary embodiment, the implementation environment mainly includes a user terminal 110, an account management server 120 and a data server 130. Wherein, the data server 130 establishes communication connections with the user terminal 110 and the account management server 120 through a wired network or a wireless network.

其中，该用户终端110中可以运行有应用或浏览器，用户可以通过该应用或浏览器进行账号登录等操作。该用户终端110可以为诸如手机、平板电脑、计算机等之类的设备。Wherein, the user terminal 110 may run an application or a browser, and the user may perform operations such as account login through the application or the browser. The user terminal 110 may be a device such as a mobile phone, a tablet computer, a computer, and the like.

其中，该账号管理服务器120主要用于对用户的身份信息进行验证，此外，该账号管理服务器120还可以用于管理用户账号和密码，其中，在一种可能的实现方式中，该账号管理服务器120和上述数据服务器130可以为同一服务器。Wherein, the account management server 120 is mainly used to verify the user's identity information. In addition, the account management server 120 can also be used to manage user accounts and passwords, wherein, in a possible implementation manner, the account management server 120 and the aforementioned data server 130 may be the same server.

其中，该数据服务器130至少可以用于存储该用户账号的历史使用信息，例如，该数据服务器130可以为云端服务器、运营商后台服务器等，例如，该运营商后台服务器可以为小米商店的后台服务器等。Wherein, the data server 130 can at least be used to store the historical use information of the user account, for example, the data server 130 can be a cloud server, an operator's background server, etc., for example, the operator's background server can be a Xiaomi store's background server Wait.

图1B是根据一示例性实施例示出的一种身份信息验证方法的流程图，如图1所示，该身份信息验证方法包括以下步骤。Fig. 1B is a flowchart showing a method for verifying identity information according to an exemplary embodiment. As shown in Fig. 1 , the method for verifying identity information includes the following steps.

在步骤101中，当检测到用户账号的身份验证事件被触发时，获取该用户账号的历史使用信息，该历史使用信息为该用户账号在当前时间之前进行网络操作时所使用的信息。In step 101, when it is detected that the identity verification event of the user account is triggered, the historical usage information of the user account is obtained, and the historical usage information is the information used by the user account for network operations before the current time.

在步骤102中，基于该历史使用信息，生成身份验证请求消息。In step 102, an identity verification request message is generated based on the historical usage information.

在步骤103中，将该身份验证请求消息发送至当前触发该身份验证事件的用户终端。In step 103, the identity verification request message is sent to the user terminal currently triggering the identity verification event.

在步骤104中，当接收到该用户终端基于该身份验证请求消息发送的身份验证响应消息时，基于该身份验证响应消息和该历史使用信息，对身份信息进行验证。In step 104, when an identity verification response message sent by the user terminal based on the identity verification request message is received, identity information is verified based on the identity verification response message and the historical usage information.

在本公开实施例中，当服务器检测到用户账号的身份验证事件被触发时，说明需要对该用户的身份信息进行验证，该服务器获取该用户账号在当前时间之前进行网络操作时所使用的历史使用信息，也即是，该历史使用信息是该用户日常进行网络操作时所使用的信息，例如，该历史使用信息可以为收货地址等，该服务器基于该历史使用信息，生成身份验证请求消息，之后，将该身份验证请求消息发送至用户终端，当该服务器基于该身份验证请求消息接收到该用户终端发送的身份验证响应消息时，该服务器基于该身份验证响应消息，对该用户的身份信息进行验证，由于该历史使用信息是用户日常进行网络操作时所使用的信息，因此，不需要用户刻意地记住，避免了用户容易忘记的情况，为用户提供了方便。In the embodiment of the present disclosure, when the server detects that the identity verification event of the user account is triggered, it indicates that the identity information of the user needs to be verified, and the server obtains the history used by the user account for network operations before the current time. Usage information, that is, the historical usage information is the information used by the user in daily network operations, for example, the historical usage information can be the delivery address, etc., and the server generates an identity verification request message based on the historical usage information , after that, the identity verification request message is sent to the user terminal, and when the server receives the identity verification response message sent by the user terminal based on the identity verification request message, the server determines the identity of the user based on the identity verification response message Since the historical usage information is the information used by the user in daily network operations, the user does not need to remember it deliberately, avoiding the situation that the user is easy to forget, and providing convenience for the user.

可选地，该获取该用户账号的历史使用信息，包括：Optionally, the acquisition of historical usage information of the user account includes:

向数据服务器发送信息获取请求，该信息获取请求携带该用户账号，该信息获取请求用于指示该数据服务器获取并返回该用户账号的历史使用信息；Send an information acquisition request to the data server, the information acquisition request carries the user account, and the information acquisition request is used to instruct the data server to acquire and return the historical use information of the user account;

接收该数据服务器发送的该历史使用信息。The historical usage information sent by the data server is received.

可选地，该基于该历史使用信息，生成身份验证请求消息，包括：Optionally, based on the historical usage information, an identity verification request message is generated, including:

按照指定策略，获取该历史使用信息中的部分信息；Obtain part of the historical usage information according to the specified policy;

基于该部分信息，生成第一验证请求消息，该第一验证请求消息用于指示基于该部分信息对该历史使用信息中除了该部分信息之外的其它信息进行补充；Based on the partial information, generate a first verification request message, where the first verification request message is used to indicate that information other than the partial information in the historical usage information should be supplemented based on the partial information;

将该第一验证请求消息确定为该身份验证请求消息。The first verification request message is determined as the identity verification request message.

当该历史使用信息为电话号码时，在该历史使用信息中随机添加多个电话号码；When the historical usage information is a phone number, randomly add multiple phone numbers to the historical usage information;

基于添加后的历史使用信息，生成第二验证请求消息，该第二验证请求消息用于指示从添加后的历史使用信息中选出该历史使用信息；Based on the added historical usage information, generate a second verification request message, where the second verification request message is used to indicate to select the historical usage information from the added historical usage information;

将该第二验证请求消息确定为该身份验证请求消息。The second verification request message is determined as the identity verification request message.

当该历史使用信息中包括图片和该图片的图片信息时，基于该图片生成第三验证请求消息，该第三验证请求消息用于指示填写该图片的图片信息；When the historical usage information includes a picture and the picture information of the picture, a third verification request message is generated based on the picture, and the third verification request message is used to indicate to fill in the picture information of the picture;

将该第三验证请求消息确定为该身份验证请求消息。The third verification request message is determined as the identity verification request message.

当该历史使用信息还包括安全等级标识时，从该历史使用信息中选择与该安全等级标识对应的目标使用信息，该安全等级标识用于指示所需验证的历史使用信息；When the historical usage information also includes a security level identifier, select the target usage information corresponding to the security level identifier from the historical usage information, and the security level identifier is used to indicate the historical usage information that needs to be verified;

基于该目标使用信息，生成该身份验证请求消息。Based on the target usage information, the authentication request message is generated.

可选地，该基于该身份验证响应消息和该历史使用信息，对身份信息进行验证，包括：Optionally, the identity information is verified based on the identity verification response message and the historical usage information, including:

获取该身份验证响应消息中携带的第一验证信息，该第一验证信息至少包括该部分信息；Obtain the first verification information carried in the identity verification response message, where the first verification information includes at least the part of the information;

当该第一验证信息与该历史使用信息相同时，确定该身份信息验证通过；When the first verification information is the same as the historical usage information, it is determined that the identity information has been verified;

当该第一验证信息与该历史使用信息不相同时，确定该身份信息验证未通过。When the first verification information is different from the historical usage information, it is determined that the identity information verification fails.

获取该身份验证响应消息中携带的第二验证信息；Obtain the second verification information carried in the identity verification response message;

当该第二验证信息与该电话号码相同时，确定该身份信息验证通过；When the second verification information is the same as the phone number, it is determined that the identity information has been verified;

当该第二验证信息与该电话号码不相同时，确定该身份信息验证未通过。When the second verification information is different from the phone number, it is determined that the identity information verification fails.

获取该身份验证响应消息中携带的第三验证信息；Obtain the third verification information carried in the identity verification response message;

当该第三验证信息与该图片信息相同时，确定该身份信息验证通过；When the third verification information is the same as the picture information, it is determined that the identity information has been verified;

当该第三验证信息与该图片信息不相同时，确定该身份信息验证未通过。When the third verification information is different from the picture information, it is determined that the verification of the identity information fails.

可选地，该确定该身份信息验证未通过之后，还包括：Optionally, after determining that the authentication of the identity information fails, it also includes:

重新发送该身份验证请求消息，并对重新发送该身份验证请求消息的次数进行统计；Resend the identity verification request message, and count the number of times the identity verification request message is resent;

当重新发送该身份验证请求消息的次数大于或等于预设阈值时，停止重新发送该身份验证请求消息。When the number of times of resending the identity verification request message is greater than or equal to the preset threshold, stop resending the identity verification request message.

可选地，获取该用户账号的历史使用信息之前，还包括：Optionally, before obtaining the historical usage information of the user account, it also includes:

当检测到该用户账号与密码不匹配的次数达到预设次数时，触发该用户账号的身份验证事件；或When it is detected that the number of times that the user account does not match the password reaches a preset number of times, an authentication event of the user account is triggered; or

当接收到修改密码请求时，触发该用户账号的身份验证事件。When a password change request is received, an authentication event of the user account is triggered.

上述所有可选技术方案，均可按照任意结合形成本公开的可选实施例，本公开实施例对此不再一一赘述。All the above optional technical solutions may be combined in any way to form optional embodiments of the present disclosure, which will not be described in detail in the embodiments of the present disclosure.

图2A是根据一示例性实施例示出的一种身份信息验证方法的流程图，如图2A所示，本公开实施例以多方交互方式实现该身份信息验证方法为例进行说明，该身份信息验证方法包括以下步骤：Fig. 2A is a flow chart of a method for verifying identity information according to an exemplary embodiment. The method includes the following steps:

在步骤201中，当账号管理服务器检测到用户账号的身份验证事件被触发时，获取该用户账号的历史使用信息，该历史使用信息为该用户账号在当前时间之前进行网络操作时所使用的信息。In step 201, when the account management server detects that the identity verification event of the user account is triggered, it obtains the historical use information of the user account, and the historical use information is the information used by the user account for network operations before the current time .

在使用用户账号和密码的过程中，在某些情况下，难免需要对用户的身份信息进行验证。目前，相关技术所提供的身份信息验证方法中，由于用户通常容易忘记设置初始密码时所设置的答案，因此，导致用户无法通过身份信息的验证，如此，给用户带来了不便。为此，在本公开实施例中，提供了一种身份信息验证方法，该身份信息验证方法可以避免上述问题，具体如下文所述。In the process of using the user account and password, in some cases, it is inevitable to verify the user's identity information. At present, in the identity information verification method provided by the related technology, since the user usually easily forgets the answer set when setting the initial password, the user cannot pass the identity information verification, which brings inconvenience to the user. Therefore, in an embodiment of the present disclosure, a method for verifying identity information is provided, which can avoid the above-mentioned problems, specifically as described below.

其中，在对用户的身份信息进行验证之前，需要触发该用户账号的身份验证事件，也即是，在获取该用户账号的历史使用信息之前，该账号管理服务器需要在指定条件下，触发该用户账号的身份验证事件。其中，该指定条件可以包括如下任一种可能的实现方式：Among them, before verifying the identity information of the user, the identity verification event of the user account needs to be triggered, that is, before obtaining the historical use information of the user account, the account management server needs to trigger the user account under specified conditions. Account authentication events. Wherein, the specified condition may include any of the following possible implementation methods:

第一种方式：当检测到该用户账号与密码不匹配的次数达到预设次数时，触发该用户账号的身份验证事件。The first way: when it is detected that the number of times that the user account does not match the password reaches a preset number of times, an authentication event of the user account is triggered.

其中，该预设次数可以由用户根据实际需求自定义设置，也可以由该账号管理服务器默认设置，本公开实施例对此不做限定。Wherein, the preset number of times can be customized by the user according to actual needs, or can be set by default by the account management server, which is not limited in this embodiment of the present disclosure.

在该种实现方式中，当检测到该用户账号与密码不匹配的次数达到预设次数时，说明该用户可能不是该用户账号的所有者，因此，需要对该用户的身份进行验证，即在该种情况下，触发该用户账号的身份验证事件。In this implementation, when it is detected that the number of times that the user account does not match the password reaches the preset number of times, it means that the user may not be the owner of the user account. Therefore, the identity of the user needs to be verified. In this case, the authentication event of the user account is triggered.

第二种方式：当接收到修改密码请求时，触发该用户账号的身份验证事件。The second way: when a password modification request is received, an authentication event of the user account is triggered.

在该种实现方式中，当接收到修改密码请求时，为了保证账号的安全，需要对想要修改密码的用户的身份信息进行验证，即该账号管理服务器触发该用户账号的身份验证事件。In this implementation, when a password change request is received, in order to ensure the security of the account, it is necessary to verify the identity information of the user who wants to change the password, that is, the account management server triggers an identity verification event for the user account.

其中，在一种可能的实现方式中，该修改密码请求由用户终端发送，且该用户终端在接收到修改密码指令时，发送该修改密码请求。其中，该修改密码指令可以由用户触发，该用户可以通过指定操作触发，该指定操作可以包括点击操作、滑动操作等等，本公开实施例对此不做限定。Wherein, in a possible implementation manner, the password modification request is sent by the user terminal, and the user terminal sends the password modification request when receiving the password modification instruction. Wherein, the password modification instruction may be triggered by a user, and the user may trigger it through a specified operation, and the specified operation may include a click operation, a slide operation, etc., which is not limited in this embodiment of the present disclosure.

例如，请参考图2B，该用户终端的当前显示界面中包括有登录账号选项21、登录密码选项22以及该修改密码选项23，当用户想要修改密码时，可以点击该修改密码选项23，该用户终端即确定接收到修改密码指令，之后，该用户终端向该账号管理服务器发送该修改密码请求。For example, referring to FIG. 2B, the current display interface of the user terminal includes a login account option 21, a login password option 22, and the password modification option 23. When the user wants to modify the password, he can click the password modification option 23. The user terminal confirms that the password modification instruction has been received, and then, the user terminal sends the password modification request to the account management server.

需要说明的是，在本公开实施例中，仅是以在上述两种情况下，该账号管理服务器触发该用户账号的身份验证事件为例进行说明，在另一实施例中，还可以是在其它情况下，该账号管理服务器触发该用户账号的身份验证事件，本公开实施例对此不作限定。It should be noted that, in the embodiment of the present disclosure, the account management server triggers the identity verification event of the user account in the above two cases as an example for illustration. In another embodiment, it may also be In other cases, the account management server triggers an identity verification event of the user account, which is not limited in this embodiment of the present disclosure.

当该账号管理服务器检测到用户账号的身份验证事件被触发时，获取该用户账号的历史使用信息，该历史使用信息为该用户日常进行网络操作时所使用的信息。其中，该网络操作可以为对用户终端上的数据信息进行同步的操作，例如，该用户终端上的数据信息可以包括：所有好友的电话号码、相册中的图片、短信等等。或者，该网络操作也可以为网上交易操作，其中，该网上交易操作又可以包括网上购物操作、网上转账操作等。当然，该网络操作还可以为其它操作，本公开实施例对此不做限定。When the account management server detects that the authentication event of the user account is triggered, it obtains the historical usage information of the user account, and the historical usage information is the information used by the user for daily network operations. Wherein, the network operation may be an operation of synchronizing data information on the user terminal, for example, the data information on the user terminal may include: phone numbers of all friends, pictures in albums, short messages, and so on. Alternatively, the network operation may also be an online transaction operation, wherein the online transaction operation may include online shopping operations, online money transfer operations, and the like. Certainly, the network operation may also be other operations, which are not limited in this embodiment of the present disclosure.

也即是，当用户基于该用户账号进行该类网络操作时，会在服务器中存留有该历史使用信息，例如，当用户基于该用户账号进行网上购物时，通常会在服务器中存有收货地址信息等。其中，该服务器可以为该账号管理服务器，当然，该服务器也可以为用于存储网络数据的数据服务器，根据该服务器所指代的种类不同，上述获取该用户账号的历史使用信息的实现过程可以包括如下任一种可能的实现方式：That is to say, when the user performs this type of network operation based on the user account, the historical usage information will be stored in the server. address information, etc. Wherein, the server may be the account management server. Of course, the server may also be a data server for storing network data. According to different types of the server, the above-mentioned realization process of obtaining the historical usage information of the user account may be Including any of the following possible implementations:

第一种方式：向数据服务器发送信息获取请求，该信息获取请求携带该用户账号，该信息获取请求用于指示该数据服务器获取并返回该用户账号的历史使用信息，接收该数据服务器发送的该历史使用信息。The first method: send an information acquisition request to the data server, the information acquisition request carries the user account, and the information acquisition request is used to instruct the data server to acquire and return the historical usage information of the user account, and receive the information sent by the data server Historical usage information.

其中，该数据服务器至少用于存储该用户账号的历史使用信息，例如，该数据服务器可以为云端服务器，该云端服务器中存储有该用户账号对应的用户终端上的数据信息，在这种情况下，该历史使用信息可以为该用户终端上的部分或者全部数据信息。Wherein, the data server is at least used to store the historical use information of the user account, for example, the data server may be a cloud server, and the cloud server stores data information on the user terminal corresponding to the user account, in this case , the historical usage information may be part or all of the data information on the user terminal.

在该种实现方式中，该账号管理服务器在检测到用户账号的身份验证事件被触发时，向该数据服务器发送信息获取请求，该数据服务器接收到该信息获取请求后，从自身存储的多个使用信息中，获取该用户账号对应的历史使用信息，并将该历史使用信息发送至该账号管理服务器，如此，该账号管理服务器即获取到该用户账号的历史使用信息。In this implementation, when the account management server detects that the user account authentication event is triggered, it sends an information acquisition request to the data server. In the usage information, the historical usage information corresponding to the user account is obtained, and the historical usage information is sent to the account management server, so that the account management server obtains the historical usage information of the user account.

另外，在该种实现方式中，该数据服务器还可能具有验证信息的安全等级要求，也就是说，对于不同数据服务器，可能对验证信息具有不同的安全等级要求，例如，对于云端服务器来说，通常需要验证电话号码，该电话号码可以为用户自己的电话号码，也可以为该用户的好友的电话号码，而对于一些购物网站来说，可能不需要验证电话号码，只要验证收货地址信息即可。当该数据服务器还具有验证信息的安全等级要求时，该数据服务器接收到信息获取请求后，还可以包括如下(1)-(2)实现方式中任一种：In addition, in this implementation, the data server may also have security level requirements for verification information, that is, different data servers may have different security level requirements for verification information, for example, for cloud servers, Usually it is necessary to verify the phone number, which can be the user's own phone number or the phone number of the user's friend. For some shopping websites, it may not be necessary to verify the phone number, as long as the delivery address information is verified. Can. When the data server also has security level requirements for verifying information, after the data server receives the information acquisition request, it may also include any of the following (1)-(2) implementations:

(1)、该数据服务器根据自身的安全等级需求，获取需要验证的该用户账号的历史使用信息，并将该历史使用信息发送至该账号管理服务器。(1) The data server obtains the historical use information of the user account that needs to be verified according to its own security level requirements, and sends the historical use information to the account management server.

在该种实现方式中，对于该账号管理服务器来说，不需要对该数据服务器发送的历史使用信息进行筛选，也就是说，该数据服务器在向该账号管理服务器发送该历史使用信息前，已经根据自身的安全等级需求，从该用户账号对应的多个历史使用信息中选择需要验证的历史使用信息。In this implementation, for the account management server, there is no need to filter the historical use information sent by the data server, that is, the data server has already Select the historical usage information that needs to be verified from the multiple historical usage information corresponding to the user account according to its own security level requirements.

(2)、该数据服务器获取自身的安全等级标识和该用户账号的所有历史使用信息，并将该安全等级标识和该用户账号的所有历史使用信息发送至该账号管理服务器。(2) The data server obtains its own security level identification and all historical usage information of the user account, and sends the security level identification and all historical usage information of the user account to the account management server.

其中，该安全等级标识用于指示所需验证的历史使用信息。与上述实现方式(1)不同的是，在该种实现方式中，该数据服务器将该安全等级标识和该用户账号的所有历史使用信息发送给该账号管理服务器后，需要该账号管理服务器基于该安全等级标识，从该用户账号的所有历史使用信息中选出需要进行验证的历史使用信息。Wherein, the security level identifier is used to indicate historical usage information that needs to be verified. The difference from the above implementation (1) is that in this implementation, after the data server sends the security level identifier and all historical usage information of the user account to the account management server, the account management server needs to Security level identification, select the historical usage information that needs to be verified from all the historical usage information of the user account.

其中，上述安全等级的划分可以由技术人员根据实际需求设置，例如，该安全等级的划分可以为：电话号码的验证等级高于该收货地址信息的验证等级，等等，本公开实施例对此不做限定。另外，该安全等级标识可以为级别1、级别2、级别3等，随着数字的增大，安全等级变小，以上述为例，该电话号码的验证等级对应的安全等级标识为级别1，该收货地址信息的验证等级对应的安全等级标识可以为级别2或级别3等。当然，该安全等级标识还可以以其它形式存在，本公开实施例对此不做限定。Wherein, the division of the above-mentioned security levels can be set by technicians according to actual needs. For example, the division of the security levels can be: the verification level of the phone number is higher than the verification level of the delivery address information, etc. This is not limited. In addition, the security level identification can be level 1, level 2, level 3, etc. As the number increases, the security level becomes smaller. Taking the above as an example, the security level identification corresponding to the verification level of the phone number is level 1. The security level identifier corresponding to the verification level of the delivery address information may be level 2 or level 3, etc. Of course, the security level identifier may also exist in other forms, which is not limited in this embodiment of the present disclosure.

第二种方式：该账号管理服务器从预先存储的多个使用信息中，获取该用户账号的历史使用信息。The second way: the account management server obtains the historical usage information of the user account from a plurality of pre-stored usage information.

如上文所述，在一种可能的实现方式中，由于该账号管理服务器和数据服务器可以为同一设备，因此，当该账号管理服务器和该数据服务器为同一设备时，该历史使用信息可以由该账号管理服务器自身预先存储。As mentioned above, in a possible implementation manner, since the account management server and the data server may be the same device, when the account management server and the data server are the same device, the historical usage information may be obtained from the The account management server itself stores in advance.

在步骤202中，该账号管理服务器基于该历史使用信息，生成身份验证请求消息。In step 202, the account management server generates an identity verification request message based on the historical use information.

其中，该账号管理服务器基于该历史使用信息，生成身份验证请求消息的实现过程可以包括如下至少一种可能的实现方式：Wherein, the implementation process of the account management server generating the identity verification request message based on the historical usage information may include at least one of the following possible implementation methods:

第一种方式：按照指定策略，获取该历史使用信息中的部分信息，基于该部分信息，生成第一验证请求消息，该第一验证请求消息用于指示基于该部分信息对该历史使用信息中除了该部分信息之外的其它信息进行补充，将该第一验证请求消息确定为该身份验证请求消息。The first way: According to the specified strategy, obtain part of the information in the historical usage information, and generate a first verification request message based on the part of information, and the first verification request message is used to indicate that the part of the information in the historical usage information Other information except the part of information is supplemented, and the first verification request message is determined as the identity verification request message.

其中，该指定策略可以在该账号管理服务器中事先设置。例如，该指定策略可以为：获取该历史使用信息中的除了数字和字母之外的其它信息，并将该其它信息确定该部分信息。或者，该指定策略还可以为：确定该历史使用信息中包括的字符个数i，获取该历史使用信息中前i/2个字符对应的历史使用信息，并将所获取的历史使用信息确定为上述部分信息，等等，其中，该字符个数i大于等于1。Wherein, the specified policy may be set in advance in the account management server. For example, the designated policy may be: obtain other information in the historical usage information except numbers and letters, and determine the other information as the part of information. Alternatively, the specified strategy may also be: determine the number i of characters included in the historical usage information, obtain the historical usage information corresponding to the first i/2 characters in the historical usage information, and determine the acquired historical usage information as The above partial information, etc., wherein the number i of characters is greater than or equal to 1.

例如，以上述该指定策略为获取该历史使用信息中的除了数字和字母之外的其它信息，并将该其它信息确定该部分信息为例，当该历史使用信息包括收货地址信息，且该收货地址信息为纽约华尔街16号纽约银行大楼A座，则该部分信息可以为纽约华尔街xx号纽约银行大楼x座。也即是，需要用户填写该收货地址信息中的“16”以及“A”。For example, taking the above-mentioned specified policy as obtaining information other than numbers and letters in the historical usage information and determining the other information as this part of the information, when the historical usage information includes delivery address information, and the The delivery address information is Block A, Bank of New York Building, No. 16 Wall Street, New York, and this part of information may be Block X, Bank of New York Building, No. xx, Wall Street, New York. That is, the user is required to fill in "16" and "A" in the delivery address information.

第二种方式：当该历史使用信息为电话号码时，在该历史使用信息中随机添加多个电话号码，基于添加后的历史使用信息，生成第二验证请求消息，该第二验证请求消息用于指示从添加后的历史使用信息中选出该历史使用信息，将该第二验证请求消息确定为该身份验证请求消息。The second method: when the historical usage information is a phone number, randomly add a plurality of phone numbers to the historical usage information, and generate a second verification request message based on the added historical usage information, the second verification request message uses In order to select the historical usage information from the added historical usage information, the second verification request message is determined as the identity verification request message.

在该种实现方式中，随机添加该多个电话号码，其目的在于让该用户在基于添加了混淆号码的情况下，从该添加后的历史使用信息中选择出属于自己好友的电话号码，即当该用户从该添加了混淆号码的历史使用信息中，选择出该用户的好友电话号码时，可以确定该用户不是该用户账号的所有者。In this implementation, the purpose of adding the multiple phone numbers randomly is to allow the user to select a phone number belonging to his friend from the added historical usage information based on the added confusing number, that is, When the user selects the user's friend's phone number from the historical usage information added with the confusing number, it can be determined that the user is not the owner of the user account.

第三种方式：当该历史使用信息中包括图片和该图片的图片信息时，基于该图片生成第三验证请求消息，该第三验证请求消息用于指示填写该图片的图片信息，将该第三验证请求消息确定为该身份验证请求消息。The third way: when the historical use information includes a picture and the picture information of the picture, a third verification request message is generated based on the picture, and the third verification request message is used to indicate to fill in the picture information of the picture, and the third verification request message is The third verification request message is determined as the identity verification request message.

例如，在一种可能的实现方式中，该图片信息可以用于指示该图片中的人物是谁，也即是，基于该图片生成该第三验证请求消息后，以使得用户终端接收到该第三验证请求消息，显示该图片后，用户对该图片中的人物进行辨认，并将所确定的人物信息发送至该账号管理服务器，便于该账号管理服务器判断用户确定的人物信息与该图片信息是否相同。For example, in a possible implementation manner, the picture information may be used to indicate who the person in the picture is, that is, after the third verification request message is generated based on the picture, so that the user terminal receives the third verification request message. 3. Verification request message. After displaying the picture, the user identifies the person in the picture, and sends the determined person information to the account management server, so that the account management server can judge whether the person information determined by the user is consistent with the picture information. same.

需要说明的是，在本公开实施例中，仅是以上述三种方式，基于该历史使用信息，生成身份验证请求消息为例进行说明，在另一实施例中，还可能通过其它形式，基于该历史使用信息，生成身份验证请求消息，本公开实施例对此不做限定。It should be noted that, in the embodiment of the present disclosure, the above-mentioned three ways are used as an example to generate an identity verification request message based on the historical usage information. In another embodiment, it is also possible to use other forms based on The historical use information generates an identity verification request message, which is not limited in this embodiment of the present disclosure.

上述提供的三种实现方式均与步骤201中实现方式(1)相对应，也即是，在上述提供的三种实现方式，可以是由该数据服务器根据自身的安全等级需求，从该用户账号对应的多个历史使用信息中，选择出需要进行验证的历史使用信息，并将所选的历史使用信息发送至该账号管理服务器，也就是说，对于该账号管理服务器来说，不需要对该历史使用信息进行选择，该数据服务器发送给该账号管理服务器哪些历史使用信息，该账号管理服务器即基于哪些历史使用信息，生成身份验证请求消息。The three implementations provided above all correspond to the implementation (1) in step 201, that is, in the three implementations provided above, the data server can use the user account according to its own security level requirements. Among the multiple corresponding historical usage information, select the historical usage information that needs to be verified, and send the selected historical usage information to the account management server, that is to say, for the account management server, there is no need for the account management server to The historical use information is selected, which historical use information is sent by the data server to the account management server, and the account management server generates an identity verification request message based on the historical use information.

另外，在另一种可能的实现方式中，如步骤201中实现方式(2)所述，当该历史使用信息还包括安全等级标识时，该账号管理服务器从该历史使用信息中选择与该安全等级标识对应的目标使用信息，该安全等级标识用于指示所需验证的历史使用信息，基于该目标使用信息，生成该身份验证请求消息。In addition, in another possible implementation manner, as described in the implementation manner (2) in step 201, when the historical usage information also includes a security level identifier, the account management server selects the security level identifier from the historical usage information. The target usage information corresponding to the level identifier is used to indicate the historical usage information to be verified, and the identity verification request message is generated based on the target usage information.

其中，基于该目标使用信息，生成身份验证请求消息的实现方式与上述基于历史使用信息，生成身份验证请求消息的实现方式同理，这里不再详细描述。Wherein, the implementation manner of generating the identity verification request message based on the target usage information is the same as the above-mentioned realization manner of generating the identity verification request message based on the historical use information, and will not be described in detail here.

在步骤203中，该账号管理服务器将该身份验证请求消息发送至当前触发该身份验证事件的用户终端。In step 203, the account management server sends the identity verification request message to the user terminal currently triggering the identity verification event.

在步骤204中，该用户终端接收身份验证请求消息，在当前显示界面中显示该身份验证请求消息。In step 204, the user terminal receives an identity verification request message, and displays the identity verification request message in a current display interface.

该账号管理服务器将该身份验证请求消息发送至该用户终端，相应地，该用户终端接收到该身份验证请求消息后，在当前显示界面中显示该身份验证请求消息，以使用户可以基于所显示的身份验证请求消息，填写或选择与历史使用信息相关的信息。The account management server sends the identity verification request message to the user terminal. Correspondingly, after receiving the identity verification request message, the user terminal displays the identity verification request message in the current display interface, so that the user can , fill in or select information related to historical usage information.

例如，在一种可能的实现方式中，该身份验证请求消息可以显示为如图2C(1)所示，当该身份验证请求消息是由该账号管理服务器基于上述部分信息生成时，该显示界面中显示该身份验证请求消息中携带的部分信息24，且该显示界面中还包括有输入提示项25，该输入提示项25对应有输入框26，用户可以在该输入框26中输入该历史使用信息中除了上述部分信息之外的其它信息，之后，该用户可以点击该确认选项27。For example, in a possible implementation, the identity verification request message may be displayed as shown in Figure 2C(1). When the identity verification request message is generated by the account management server based on the above part of the information, the display interface Part of the information 24 carried in the identity verification request message is displayed in the display interface, and the display interface also includes an input prompt item 25. The input prompt item 25 corresponds to an input box 26, and the user can input the historical usage in the input box 26. Other information in the information except the above-mentioned partial information, after that, the user can click the confirmation option 27 .

又如，在另一种可能的实现方式中，该身份验证请求消息可以显示为如图2C(2)所示，当该身份验证请求消息是由该账号管理服务器基于上述电话号码生成时，该显示界面中显示该身份验证请求消息中携带的所有电话号码，并显示有如图中281所示的提示：请选择好友的电话号码，且该所有电话号码中每个电话号码均对应有一个选项282，用户可以从所显示的多个电话号码中，选择自己的好友的电话号码，即点击自己好友的电话号码对应的选项282，之后，该用户可以点击该确认选项27。As another example, in another possible implementation, the identity verification request message may be displayed as shown in Figure 2C(2), when the identity verification request message is generated by the account management server based on the above phone number, the The display interface displays all the phone numbers carried in the identity verification request message, and displays a prompt as shown in Figure 281: Please select a friend's phone number, and each phone number in all the phone numbers corresponds to an option 282 , the user can select the phone number of his friend from the displayed multiple phone numbers, that is, click the option 282 corresponding to the phone number of his friend, and then the user can click the confirmation option 27.

再如，在又一种可能的实现方式中，该身份验证请求消息可以显示为如图2D所示，当该身份验证请求消息是由该账号管理服务器基于上述图片生成时，该显示界面中显示该身份验证请求消息中携带的图片29，并提示用户输入图片的人物名称，即该显示界面提供了输入框30，用户可以在该输入框30中输入该图片中人物的名称，之后，该用户可以点击该确认选项27。For another example, in yet another possible implementation, the identity verification request message may be displayed as shown in Figure 2D. When the identity verification request message is generated by the account management server based on the above picture, the display interface displays The picture 29 carried in the identity verification request message prompts the user to input the name of the person in the picture, that is, the display interface provides an input box 30, and the user can input the name of the person in the picture in the input box 30. After that, the user This confirmation option 27 may be clicked.

在步骤205中，当该用户终端基于该身份验证请求消息接收到身份验证响应指令时，基于该验证信息，生成身份验证响应消息，并将该身份验证响应消息发送至该账号管理服务器。In step 205, when the user terminal receives an identity verification response instruction based on the identity verification request message, an identity verification response message is generated based on the verification information, and the identity verification response message is sent to the account management server.

其中，该身份验证响应指令可以由用户触发，该用户可以通过上述指定操作触发。例如，如图2C所示，当该用户点击该确认选项27后，该用户终端确认接收到该身份验证响应指令，该用户终端基于该用户所输入的信息以及该部分信息，生成该身份验证响应消息。Wherein, the identity verification response instruction may be triggered by a user, and the user may trigger the above-mentioned specified operation. For example, as shown in Figure 2C, when the user clicks the confirmation option 27, the user terminal confirms receipt of the identity verification response instruction, and the user terminal generates the identity verification response based on the information entered by the user and the part of information information.

在步骤206中，账号管理服务器当接收到该用户终端基于该身份验证请求消息发送的身份验证响应消息时，基于该身份验证响应消息和该历史使用信息，对身份信息进行验证。In step 206, when the account management server receives the identity verification response message sent by the user terminal based on the identity verification request message, it verifies the identity information based on the identity verification response message and the historical usage information.

其中，根据该历史使用信息包括的内容不同，基于该身份验证响应消息和该历史使用信息，对身份信息进行验证的实现过程可以包括如下任一种：Wherein, according to the content included in the historical usage information, based on the identity verification response message and the historical usage information, the implementation process of verifying the identity information may include any of the following:

第一种方式：获取该身份验证响应消息中携带的第一验证信息，该第一验证信息至少包括该部分信息，当该第一验证信息与该历史使用信息相同时，确定该身份信息验证通过，当该第一验证信息与该历史使用信息不相同时，确定该身份信息验证未通过。The first method: obtain the first verification information carried in the identity verification response message, the first verification information includes at least this part of the information, and when the first verification information is the same as the historical usage information, it is determined that the identity information has passed the verification , when the first verification information is different from the historical usage information, it is determined that the identity information verification fails.

该第一种实现方式与上述步骤202中是实现方式(1)相对应，例如，如果该历史使用信息为收货地址信息，且该收货地址信息为纽约华尔街16号纽约银行大楼A座，该部分信息为纽约华尔街xx号纽约银行大楼x座，则当该第一验证信息为纽约华尔街16号纽约银行大楼A座时，确定该身份信息验证通过，而当该第一验证信息为纽约华尔街23号纽约银行大楼B座时，确定该身份信息验证未通过。The first implementation mode corresponds to the implementation mode (1) in the above step 202. For example, if the historical usage information is the delivery address information, and the delivery address information is Block A, Bank of New York Building, 16 Wall Street, New York, This part of the information is Building X, Bank of New York Building, No. xx, Wall Street, New York. When the first verification information is Building A, Bank of New York, No. 16, Wall Street, New York, it is determined that the identity information has passed the verification, and when the first verification information is Wall Street, New York 23, Block B of the Bank of New York Building, it was determined that the verification of the identity information failed.

需要说明的是，上述第一验证信息至少包括该部分信息仅是示例性，在另一实施例中，该第一验证信息还可以仅包括该历史使用信息中除了该部分信息之外的其它信息，在这种情况下，该账号管理服务器接收到该第一验证信息之后，判断该第一验证信息与该历史使用信息中除了该部分信息之外的其它信息是否相同，如果该第一验证信息与该历史使用信息中除了该部分信息之外的其它信息相同，则确定该用户的身份信息验证通过，否则，则确定该用户的身份信息验证未通过，本公开实施例对此不做限定。It should be noted that it is only exemplary that the above-mentioned first verification information includes at least this part of information. In another embodiment, the first verification information may only include other information in the historical usage information except this part of information. , in this case, after receiving the first verification information, the account management server judges whether the first verification information is the same as other information in the historical usage information except for this part of information, if the first verification information If it is the same as other information except this part of information in the historical usage information, it is determined that the user's identity information has passed the verification; otherwise, it is determined that the user's identity information has not passed the verification, which is not limited in this embodiment of the present disclosure.

第二种方式：获取该身份验证响应消息中携带的第二验证信息，当该第二验证信息与该电话号码相同时，确定该身份信息验证通过，当该第二验证信息与该电话号码不相同时，确定该身份信息验证未通过。The second method: obtain the second verification information carried in the identity verification response message, and when the second verification information is the same as the phone number, determine that the identity information has been verified; when the second verification information is different from the phone number If they are the same, it is determined that the authentication of the identity information fails.

该第二种方式与上述步骤202中实现方式(2)相对应，当该第二验证信息与该电话号码相同，说明该用户可以从该添加了混淆的多个电话号码中，选择出属于自己好友的电话号码，也即是，可以确定该用户的身份信息为该账号信息对应的身份信息，该账号管理服务器确定该用户的身份信息验证通过。The second method corresponds to the implementation method (2) in the above-mentioned step 202. When the second verification information is the same as the phone number, it means that the user can choose his/her own phone number from the multiple phone numbers added with confusion. The friend's phone number, that is, it can be determined that the user's identity information is the identity information corresponding to the account information, and the account management server determines that the user's identity information has been verified.

以上述举例为例，该历史使用信息包括电话号码138xxxx5608，136xxxx3507以及184xxxx9561，当该第二验证信息包括138xxxx5608，136xxxx3507以及184xxxx9561时，确定该用户的身份信息验证通过，当该第二验证信息包括138xxxx75608，135xxxx3507以及184xxxx3561时，确定该用户的身份信息验证未通过。Taking the above example as an example, the historical usage information includes phone numbers 138xxxx5608, 136xxxx3507 and 184xxxx9561. When the second verification information includes 138xxxx5608, 136xxxx3507 and 184xxxx9561, it is determined that the user’s identity information has passed the verification. When the second verification information includes 138xxxx75608 , 135xxxx3507 and 184xxxx3561, it is determined that the user's identity information verification has failed.

第三种方式：获取该身份验证响应消息中携带的第三验证信息，当该第三验证信息与该图片信息相同时，确定该身份信息验证通过，当该第三验证信息与该图片信息不相同时，确定该身份信息验证未通过。The third method: obtain the third verification information carried in the identity verification response message, and when the third verification information is the same as the picture information, determine that the identity information has passed the verification; when the third verification information is different from the picture information If they are the same, it is determined that the authentication of the identity information fails.

以上述举例为例，该历史使用信息中的图片信息为“jony”，当该第三验证信息为“jony”时，确定该用户的身份信息验证通过，当该第三验证信息为“honiey”时，确定该用户的身份信息验证未通过。Taking the above example as an example, the picture information in the historical usage information is "jony", when the third verification information is "jony", it is determined that the user's identity information has been verified, and when the third verification information is "honiey" , it is determined that the user's identity information verification has failed.

需要说明的是，本公开实施例仅是以上述三种方式，基于该身份验证响应消息和该历史使用信息，对身份信息进行验证为例进行说明，在另一实施例中，还可以通过其它方式，基于该身份验证响应消息和该历史使用信息，对身份信息进行验证，本公开实施例对此不做限定。It should be noted that the embodiments of the present disclosure are only described by using the above three ways to verify the identity information based on the identity verification response message and the historical usage information as an example. In another embodiment, other methods can also be used. In a manner, the identity information is verified based on the identity verification response message and the historical usage information, which is not limited in this embodiment of the present disclosure.

至此，本公开实施例实现了该身份信息验证方法，另外，在实际应用过程中，可能由于输入失误等原因，该用户第一次输入的信息可能有错误，这种情况下，如果确定该用户的身份信息验证失败，可能会给用户带来不便。因此，针对该种情况，本公开实施例还提供了如下步骤207和步骤208。So far, this embodiment of the present disclosure has implemented the identity information verification method. In addition, in the actual application process, the information entered by the user for the first time may be wrong due to reasons such as input errors. In this case, if it is determined that the user Failed to verify the identity information of , which may cause inconvenience to the user. Therefore, for this situation, the embodiment of the present disclosure also provides the following steps 207 and 208 .

在步骤207中，该账号管理服务器重新发送该身份验证请求消息，并对重新发送该身份验证请求消息的次数进行统计。In step 207, the account management server resends the identity verification request message, and counts the times of resending the identity verification request message.

当确定该用户的身份信息验证未通过后，为了避免由于该用户的失误导致的验证未通过，该账号管理服务器重新向该终端发送身份验证请求消息，以使该用户可以重新填写或选择对应的信息。When it is determined that the user's identity information verification has not passed, in order to avoid the verification failure caused by the user's mistake, the account management server resends the identity verification request message to the terminal, so that the user can refill or select the corresponding information.

另外，当用户输入的信息始终不正确时，说明该用户可能不是该用户账号的所有者，因此，为了该用户账号的安全性，该服务器还对重新发送该身份验证请求消息的次数进行统计。In addition, when the information entered by the user is always incorrect, it means that the user may not be the owner of the user account. Therefore, for the security of the user account, the server also counts the number of times the identity verification request message is resent.

在步骤208中，该账号管理服务器当重新发送该身份验证请求消息的次数大于或等于预设阈值时，停止重新发送该身份验证请求消息。In step 208, the account management server stops resending the identity verification request message when the number of resends of the identity verification request message is greater than or equal to a preset threshold.

其中，该预设阈值可以由用户根据实际需求自定义设置，也可以由该账号管理服务器默认设置，本公开实施例对此不做限定。Wherein, the preset threshold can be customized and set by the user according to actual needs, or can be set by default by the account management server, which is not limited in this embodiment of the present disclosure.

当重新发送该身份验证请求消息的次数大于或等于预设阈值时，即可以确定该用户不是该用户账号的所有者，即该用户不具有使用该用户账号的权限，或者，该用户也不具有修改该用户账号密码的权限，因此，该账号管理服务器停止重新发送该身份验证请求消息，即确定该用户的身份信息验证失败。When the number of times the identity verification request message is resent is greater than or equal to the preset threshold, it can be determined that the user is not the owner of the user account, that is, the user does not have the authority to use the user account, or the user does not have The authority to modify the password of the user account, therefore, the account management server stops resending the identity verification request message, that is, it determines that the verification of the user's identity information fails.

在本公开实施例中，当服务器检测到用户账号的身份验证事件被触发时，说明需要对该用户的身份信息进行验证，该服务器获取该用户账号在当前时间之前进行网络操作时所使用的历史使用信息，也即是，该历史使用信息是该用户日常进行网络操作时所使用的信息，例如，该历史使用信息可以为收货地址等，该服务器基于该历史使用信息，生成身份验证请求消息，之后，将该身份验证请求消息发送至用户终端，以使该用户可以基于该身份验证请求消息，填写或选择与该历史用户信息相关的信息，之后，该用户通过该用户终端将所填写或选择的信息发送至该服务器，即该用户终端向该服务器发送身份验证响应消息，该身份验证响应消息携带该用户填写或选择的信息，该服务器基于该用户填写或选择的信息，对该用户的身份信息进行验证，由于该历史使用信息是用户日常进行网络操作时所使用的信息，因此，不需要用户刻意地记住，避免了用户容易忘记的情况，为用户提供了方便。In the embodiment of the present disclosure, when the server detects that the identity verification event of the user account is triggered, it indicates that the identity information of the user needs to be verified, and the server obtains the history used by the user account for network operations before the current time. Usage information, that is, the historical usage information is the information used by the user in daily network operations, for example, the historical usage information can be the delivery address, etc., and the server generates an identity verification request message based on the historical usage information , after that, sending the identity verification request message to the user terminal, so that the user can fill in or select information related to the historical user information based on the identity verification request message, and then, the user fills in or selects information related to the historical user information through the user terminal The selected information is sent to the server, that is, the user terminal sends an identity verification response message to the server, and the identity verification response message carries the information filled in or selected by the user. Identity information is verified. Since the historical usage information is the information used by the user in daily network operations, the user does not need to remember it deliberately, avoiding the situation that the user is easy to forget, and providing convenience for the user.

图3A是根据一示例性实施例示出的一种身份信息验证装置。该身份信息验证装置可以由软件、硬件或者两者的结合实现，该身份信息验证装置包括：Fig. 3A is a device for verifying identity information according to an exemplary embodiment. The identity information verification device can be realized by software, hardware or a combination of the two, and the identity information verification device includes:

获取模块310，用于当检测到用户账号的身份验证事件被触发时，获取该用户账号的历史使用信息，该历史使用信息为该用户账号在当前时间之前进行网络操作时所使用的信息；The acquiring module 310 is configured to acquire historical usage information of the user account when it is detected that the identity verification event of the user account is triggered, the historical usage information being the information used by the user account for network operations before the current time;

生成模块320，用于基于该获取模块310获取的该历史使用信息，生成身份验证请求消息；A generating module 320, configured to generate an identity verification request message based on the historical usage information acquired by the acquiring module 310;

发送模块330，用于将该生成模块320生成的该身份验证请求消息发送至当前触发该身份验证事件的用户终端；A sending module 330, configured to send the identity verification request message generated by the generation module 320 to the user terminal currently triggering the identity verification event;

验证模块340，用于当接收到该用户终端基于该身份验证请求消息发送的身份验证响应消息时，基于该身份验证响应消息和该历史使用信息，对身份信息进行验证。The verification module 340 is configured to verify identity information based on the identity verification response message and the historical usage information when receiving the identity verification response message sent by the user terminal based on the identity verification request message.

可选地，请参考图3B至图3C，该获取模块310用于：Optionally, please refer to FIG. 3B to FIG. 3C, the acquiring module 310 is used for:

可选地，该生成模块320用于：Optionally, the generating module 320 is used for:

可选地，该生成模块320还用于：Optionally, the generating module 320 is also used for:

可选地，该验证模块340用于：Optionally, the verification module 340 is used for:

可选地，该验证模块340还用于：Optionally, the verification module 340 is also used for:

可选地，该装置还包括：Optionally, the device also includes:

统计模块350，用于重新发送该身份验证请求消息，并对重新发送该身份验证请求消息的次数进行统计；A statistics module 350, configured to resend the identity verification request message, and count the number of times the identity verification request message is resent;

停止模块360，用于当重新发送该身份验证请求消息的次数大于或等于预设阈值时，停止重新发送该身份验证请求消息。The stop module 360 is configured to stop resending the identity verification request message when the number of times the identity verification request message is resent is greater than or equal to a preset threshold.

可选地，该装置还包括触发模块370，该触发模块370用于：Optionally, the device further includes a trigger module 370, which is used for:

关于上述实施例中的装置，其中各个模块执行操作的具体方式已经在有关该方法的实施例中进行了详细描述，此处将不做详细阐述说明。Regarding the apparatus in the foregoing embodiments, the specific manner in which each module executes operations has been described in detail in the embodiments related to the method, and will not be described in detail here.

图4是根据一示例性实施例示出的一种身份信息验证装置400的框图。例如，装置400可以被提供为一账号管理服务器。参照图4，装置400包括处理组件422，其进一步包括一个或多个处理器，以及由存储器432所代表的存储器资源，用于存储可由处理组件422的执行的指令，例如应用程序。存储器432中存储的应用程序可以包括一个或一个以上的每一个对应于一组指令的模块。此外，处理组件422被配置为执行指令，以执行上述身份信息验证方法。Fig. 4 is a block diagram of an identity information verification device 400 according to an exemplary embodiment. For example, the device 400 may be provided as an account management server. Referring to FIG. 4 , apparatus 400 includes processing component 422 , which further includes one or more processors, and a memory resource represented by memory 432 for storing instructions executable by processing component 422 , such as application programs. The application program stored in memory 432 may include one or more modules each corresponding to a set of instructions. In addition, the processing component 422 is configured to execute instructions to perform the above identity information verification method.

装置400还可以包括一个电源组件426被配置为执行装置400的电源管理，一个有线或无线网络接口450被配置为将装置400连接到网络，和一个输入输出(I/O)接口458。装置400可以操作基于存储在存储器432的操作系统，例如Windows Server^TM，Mac OS X^TM，Unix^TM,Linux^TM，FreeBSD^TM或类似。Device 400 may also include a power component 426 configured to perform power management of device 400 , a wired or wireless network interface 450 configured to connect device 400 to a network, and an input-output (I/O) interface 458 . The apparatus 400 may operate based on an operating system stored in the memory 432, such as Windows Server ^™ , Mac OS X ^™ , Unix ^™ , Linux ^™ , FreeBSD ^™ or the like.

本领域技术人员在考虑说明书及实践这里公开的发明后，将容易想到本公开的其它实施方案。本申请旨在涵盖本公开的任何变型、用途或者适应性变化，这些变型、用途或者适应性变化遵循本公开的一般性原理并包括本公开未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的，本公开的真正范围和精神由下面的权利要求指出。Other embodiments of the present disclosure will be readily apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any modification, use or adaptation of the present disclosure, and these modifications, uses or adaptations follow the general principles of the present disclosure and include common knowledge or conventional technical means in the technical field not disclosed in the present disclosure . The specification and examples are to be considered exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

应当理解的是，本公开并不局限于上面已经描述并在附图中示出的精确结构，并且可以在不脱离其范围进行各种修改和改变。本公开的范围仅由所附的权利要求来限制。It should be understood that the present disclosure is not limited to the precise constructions which have been described above and shown in the drawings, and various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims

1. a kind of identity information verification method, which is characterized in that the described method includes:

When the Authentication Events for detecting user account are triggered, the history of the user account is obtained from data server Use information, the history use information are that the user account carries out used letter when network operation before current time Breath；

When the history use information further includes safe class mark, selection and the safety from the history use information The corresponding target use information of class letter, the history use information that the safe class mark is verified needed for being used to indicate, institute The safe class mark that safe class mark is the data server itself is stated, for different data server, verifying is believed Ceasing has different security level requirements；

Based on the target use information, the authentication request message is generated；

The authentication request message is sent to the user terminal for currently triggering the Authentication Events；

When receiving the authentication response message that the user terminal is sent based on the authentication request message, it is based on The authentication response message and the history use information, verify identity information；

Wherein, the verifying grade of telephone number is higher than the verifying grade of shipping address information.

2. the method as described in claim 1, which is characterized in that the history use information for obtaining the user account, packet It includes:

Information acquisition request is sent to the data server, the information acquisition request carries the user account, the letter Breath acquisition request is used to indicate the history use information that the data server obtains and returns to the user account；

Receive the history use information that the data server is sent.

3. method according to claim 1 or 2, which is characterized in that the method also includes:

According to specified strategy, the partial information in the history use information is obtained；

Based on the partial information, the first checking request message is generated, the first checking request message is used to indicate based on institute Partial information is stated to supplement the other information in the history use information other than the partial information；

The first checking request message is determined as the authentication request message.

4. method according to claim 1 or 2, which is characterized in that the method also includes:

When the history use information is telephone number, multiple telephone numbers are added at random in the history use information；

Based on the history use information after addition, the second checking request message is generated, the second checking request message is for referring to Show and selects the history use information from the history use information after addition；

The second checking request message is determined as the authentication request message.

5. method according to claim 1 or 2, which is characterized in that the method also includes:

When in the history use information including the pictorial information of picture and the picture, third is generated based on the picture and is tested Request message is demonstrate,proved, the third checking request message is used to indicate the pictorial information for filling in the picture；

The third checking request message is determined as the authentication request message.

6. method as claimed in claim 3, which is characterized in that described to be based on the authentication response message and the history Use information verifies identity information, comprising:

The first verification information carried in the authentication response message is obtained, first verification information includes at least described Partial information；

When first verification information is identical as the history use information, determine that the identity information is verified；

When first verification information and the history use information be not identical, determine that the identity information verifying does not pass through.

7. method as claimed in claim 4, which is characterized in that described to be based on the authentication response message and the history Use information verifies identity information, comprising:

Obtain the second verification information carried in the authentication response message；

When second verification information is identical as the telephone number, determine that the identity information is verified；

When second verification information and the telephone number be not identical, determine that the identity information verifying does not pass through.

8. method as claimed in claim 5, which is characterized in that described to be based on the authentication response message and the history Use information verifies identity information, comprising:

Obtain the third verification information carried in the authentication response message；

When the third verification information is identical as the pictorial information, determine that the identity information is verified；

When the third verification information and the pictorial information be not identical, determine that the identity information verifying does not pass through.

9. such as method as claimed in claim 6 to 8, which is characterized in that the determination identity information verifying does not pass through it Afterwards, further includes:

The authentication request message is retransmitted, and is united to the number for retransmitting the authentication request message Meter；

When the number for retransmitting the authentication request message is greater than or equal to preset threshold, stop described in retransmission Authentication request message.

10. the method as described in claim 1, which is characterized in that before the history use information for obtaining the user account, also Include:

When detecting that the user account and the unmatched number of password reach preset times, the body of the user account is triggered Part verifying event；Or

When receiving Modify password request, the Authentication Events of the user account are triggered.

11. a kind of identity information verifies device, which is characterized in that described device includes:

Obtain module, for when the Authentication Events for detecting user account are triggered, obtain from data server described in The history use information of user account, the history use information are that the user account carries out network behaviour before current time Used information when making；

Generation module, for when the history use information further includes safe class mark, from the history use information That verifies needed for selecting target use information corresponding with the safe class mark, the safe class mark to be used to indicate goes through History use information, the safe class mark are the safe class marks of the data server itself, and different data is taken Business device has different security level requirements to verification information；

Sending module, the authentication request message for generating the generation module, which is sent to, currently triggers the body The user terminal of part verifying event；

Authentication module, for working as the authentication sound for receiving the user terminal and sending based on the authentication request message When answering message, it is based on the authentication response message and the history use information, identity information is verified；

12. device as claimed in claim 11, which is characterized in that the acquisition module is used for:

Receive the history use information that the data server is sent.

13. the device as described in claim 11 or 12, which is characterized in that the generation module is also used to:

14. the device as described in claim 11 or 12, which is characterized in that the generation module is also used to:

Based on the history use information after the addition, the second checking request message is generated, the second checking request message is used The history use information is selected from the history use information after addition in instruction；

15. the device as described in claim 11 or 12, which is characterized in that the generation module is also used to:

16. device as claimed in claim 13, which is characterized in that the authentication module is used for:

17. device as claimed in claim 14, which is characterized in that the authentication module is also used to:

18. device as claimed in claim 15, which is characterized in that the authentication module is also used to:

19. the device as described in claim 16-18 is any, which is characterized in that described device further include:

Statistical module disappears for retransmitting the authentication request message, and to the authentication request is retransmitted The number of breath is counted；

Stopping modular, for stopping when the number for retransmitting the authentication request message is greater than or equal to preset threshold Only retransmit the authentication request message.

20. device as claimed in claim 11, which is characterized in that described device further includes trigger module, the trigger module For:

21. a kind of identity information verifies device, which is characterized in that described device includes:

Processor；

Memory for storage processor executable instruction；

Wherein, the processor is configured to: