CN117768150B

CN117768150B - Service system access method and service system access platform based on identity authentication

Info

Publication number: CN117768150B
Application number: CN202311528860.8A
Authority: CN
Inventors: 钱堃; 焦阳; 陈浩; 王权鑫; 陈阳; 陈军; 张潮; 徐铭; 沈森
Original assignee: Anhui Traffic Control Information Industry Co ltd; Anhui Expressway Co ltd
Current assignee: Anhui Traffic Control Information Industry Co ltd; Anhui Expressway Co ltd
Priority date: 2023-11-15
Filing date: 2023-11-15
Publication date: 2024-06-07
Anticipated expiration: 2043-11-15
Also published as: CN117768150A

Abstract

The invention relates to the technical field of communication, and discloses a service system access method and a service system access platform based on identity authentication, wherein the method comprises the following steps: receiving a service access request sent by a user terminal, wherein the service access request comprises a user account, a request data type and first system information corresponding to a target service system; based on the determined identity verification mode, verifying the user account to obtain an identity verification result corresponding to the user account; when the identity verification result is used for indicating that the identity verification passes, acquiring an accessed service system corresponding to the user account and second system information corresponding to each accessed service system; determining access parameters corresponding to the service access request according to the service access request and all second system information; and accessing the user account to a target service system according to the access parameters corresponding to the service access request. Therefore, the implementation of the invention can improve the access flexibility of the service system and is beneficial to improving the access accuracy of the service system.

Description

Service system access method and service system access platform based on identity authentication

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a service system access method and a service system access platform based on identity authentication.

Background

Multiple service systems may exist in the same service platform flag, and multiple service systems may share user account information corresponding to the service platform, that is, a user does not need to register multiple accounts on the service platform, and may log in all service systems in the service platform flag through one account.

However, it is found in practice that, in the case that the user has accessed one of the service systems of the service platform, if the user needs to access another service system of the service platform, the service platform can only determine the manner in which the user accesses the target service system according to a preset procedure, for example: the user is required to input the account number and the password again to access the target service system, so that the use experience of the user is reduced. Therefore, it is important to provide a technical solution that can improve the access flexibility of the service system to improve the access accuracy of the service system.

Disclosure of Invention

The invention aims to solve the technical problem of providing a service system access method and a service system access platform based on identity authentication, which can improve the access flexibility of a service system and are beneficial to improving the access accuracy of the service system.

In order to solve the technical problem, the first aspect of the present invention discloses a service system access method based on identity authentication, which comprises the following steps:

receiving a service access request sent by a user terminal, wherein the service access request comprises a user account corresponding to the user terminal, a request data type corresponding to the user account and first system information corresponding to a target service system to be accessed, the first system information comprises a first system identifier and a first service data type, and the first service data type comprises the request data type;

based on the determined identity verification mode, verifying the user account to obtain an identity verification result corresponding to the user account;

When the identity verification result corresponding to the user account is used for indicating that the identity verification is passed, acquiring an accessed service system corresponding to the user account and second system information corresponding to each accessed service system;

determining access parameters corresponding to the service access request according to the service access request and all the second system information;

and accessing the user account to the target service system according to the access parameters corresponding to the service access request.

As an alternative embodiment, in the first aspect of the present invention, the method further includes:

for each accessed service system, judging whether the accessed service system has service conflict with the target service system according to the request data type, the first system information and the second system information corresponding to the accessed service system, and obtaining a conflict judgment result corresponding to the accessed service system;

For each accessed service system, when a conflict judgment result corresponding to the accessed service system is used for indicating that the accessed service system has service conflict with the target service system, determining the accessed service system as a conflict service system;

judging whether the number of conflict service systems corresponding to the conflict service systems in all the accessed service systems is smaller than the preset system number or not;

When the number of the conflict service systems corresponding to the conflict service systems in all the accessed service systems is smaller than the preset number of the systems, triggering and executing the operation of determining the access parameters corresponding to the service access request according to the service access request and all the second system information.

As an optional implementation manner, in the first aspect of the present invention, the second system information corresponding to each of the accessed service systems includes a second service data type corresponding to the accessed service system;

Wherein, for each accessed service system, according to the request data type, the first system information and the second system information corresponding to the accessed service system, judging whether the accessed service system has service conflict with the target service system, and obtaining a conflict judgment result corresponding to the accessed service system, including:

According to the request data type and the first system information, determining a first operation service corresponding to the request data type and a first operation priority corresponding to the first operation service of the user account in the target service system;

For each accessed service system, when detecting that a second service data type corresponding to the accessed service system contains the request data type, determining a second operation service corresponding to the request data type and a second operation priority corresponding to the second operation service of the accessed service system according to the request data type and second system information corresponding to the accessed service system;

Judging whether the first operation priority is higher than the second operation priority corresponding to the accessed service system for each accessed service system;

For each accessed service system, when judging that the first operation priority is higher than the second operation priority corresponding to the accessed service system, determining that the conflict judgment result corresponding to the accessed service system is that the accessed service system and the target service system have no service conflict;

And for each accessed service system, when judging that the first operation priority is smaller than or equal to the second operation priority corresponding to the accessed service system, determining that a conflict judgment result corresponding to the accessed service system is that the accessed service system has service conflict with the target service system.

when judging that the number of conflict service systems corresponding to the conflict service systems in all the accessed service systems is larger than or equal to the preset system number, acquiring the accessed duration of the user account corresponding to the conflict service system and the access duration threshold corresponding to the conflict service system for each conflict service system;

for each conflict service system, calculating a time length difference between the accessed time length corresponding to the conflict service system and the access time length threshold corresponding to the conflict service system;

For each conflict service system, analyzing a second operation service corresponding to the first operation service and the conflict service system to obtain a data operation association degree corresponding to the conflict service system, wherein the data operation association degree corresponding to the conflict service system is used for representing the association influence degree between the target service system and the data operation of the conflict service system about the request data type;

And for each conflict service system, updating a second operation priority corresponding to the conflict service system according to the duration difference corresponding to the conflict service system and the data operation association degree corresponding to the conflict service system, triggering and executing the operation of judging whether the service conflict exists between the accessed service system and the target service system according to the request data type, the first system information and the second system information corresponding to the accessed service system, and obtaining the operation of the conflict judgment result corresponding to the accessed service system.

In a first aspect of the present invention, the determining, according to the service access request and all the second system information, an access parameter corresponding to the service access request includes:

screening at least one candidate access interface which is not called from all the acquired system access interfaces according to the user account number and all the second system information;

screening target access interfaces matched with the service access request from all the candidate access interfaces according to the user account number and the first system information;

Determining a target access address corresponding to the service access request according to the target access interface and the first system information;

acquiring an access verification identifier corresponding to the service access request according to the user account and the first system information;

Estimating the access request duration corresponding to the service access request according to the service access request;

The access parameters comprise the target access interface, the target access address, the access verification identifier and the access request duration.

acquiring a security verification grade corresponding to the target service system and a user authority corresponding to the user account;

Determining an identity verification mode corresponding to the service access request according to the security verification level corresponding to the target service system and the user authority corresponding to the user account;

The step of verifying the user account based on the determined identity verification mode to obtain an identity verification result corresponding to the user account comprises the following steps:

When the authentication mode comprises an authorization authentication mode, acquiring an authentication identifier corresponding to the user account, wherein the authentication identifier corresponding to the user account comprises an authorization code of the user account about the target service system and a token corresponding to the authorization code;

Judging whether the identity verification identifications corresponding to the user account are legal verification identifications corresponding to the target service system;

When the identity verification identifications corresponding to the user account are all legal verification identifications corresponding to the target service system, determining that the identity verification result corresponding to the user account is passing identity verification;

And when the fact that the identity verification identifications corresponding to the user account are not uniform is judged to be legal verification identifications corresponding to the target service system, determining that the identity verification result corresponding to the user account is not passed.

As an optional implementation manner, in the first aspect of the present invention, after the accessing the user account to the target service system according to the access parameter corresponding to the service access request, the method further includes:

Determining a data sharing grade corresponding to the request data type of the target service system according to the request data type, wherein the data sharing grade comprises one of an allowable sharing grade, a conditional sharing grade and an allowable non-sharing grade;

determining the data access authority of the user account corresponding to the request data type according to the user authority corresponding to the user account;

determining a data processing scheme corresponding to the request data type according to the data access authority and the data sharing level;

Acquiring request data corresponding to the request data type from a target database corresponding to the target service system;

And based on the data processing scheme, performing data sharing preprocessing on the request data to obtain target data, and sending the target data to the user terminal.

The second aspect of the present invention discloses a service system access platform, the platform comprising:

The system comprises a receiving module, a receiving module and a sending module, wherein the receiving module is used for receiving a service access request sent by a user terminal, the service access request comprises a user account corresponding to the user terminal, a request data type corresponding to the user account and first system information corresponding to a target service system to be accessed, the first system information comprises a first system identifier and a first service data type, and the first service data type comprises the request data type;

The verification module is used for verifying the user account based on the determined identity verification mode to obtain an identity verification result corresponding to the user account;

The acquisition module is used for acquiring an accessed service system corresponding to the user account and second system information corresponding to each accessed service system when the identity verification result corresponding to the user account is used for indicating that the identity verification is passed;

The determining module is used for determining access parameters corresponding to the service access request according to the service access request and all the second system information;

and the access module is used for accessing the user account to the target service system according to the access parameters corresponding to the service access request.

As an alternative embodiment, in the second aspect of the present invention, the platform further includes:

the judging module is used for judging whether the service conflict exists between the accessed service system and the target service system according to the request data type, the first system information and the second system information corresponding to the accessed service system, and obtaining a conflict judging result corresponding to the accessed service system;

The determining module is further configured to determine, for each of the accessed service systems, the accessed service system as a conflicting service system when a conflict judgment result corresponding to the accessed service system is used to indicate that a service conflict exists between the accessed service system and the target service system;

The judging module is further configured to judge whether the number of conflict service systems corresponding to the conflict service systems in all the accessed service systems is less than a preset system number; when the number of the conflict service systems corresponding to the conflict service systems in all the accessed service systems is smaller than the preset number of the systems, triggering the determining module to execute the operation of determining the access parameters corresponding to the service access request according to the service access request and all the second system information.

As an optional implementation manner, in the second aspect of the present invention, the second system information corresponding to each of the accessed service systems includes a second service data type corresponding to the accessed service system;

The specific way for each accessed service system to determine whether the accessed service system has a service conflict with the target service system according to the request data type, the first system information and the second system information corresponding to the accessed service system, and obtaining a conflict determination result corresponding to the accessed service system includes:

As an optional implementation manner, in the second aspect of the present invention, the obtaining module is further configured to obtain, for each of the conflict service systems, an accessed duration of the user account corresponding to the conflict service system and an access duration threshold corresponding to the conflict service system when the judging module judges that the number of conflict service systems corresponding to the conflict service systems in all the accessed service systems is greater than or equal to the preset number of systems;

Wherein the platform further comprises:

The calculating module is used for calculating the time length difference between the accessed time length corresponding to the conflict service system and the access time length threshold corresponding to the conflict service system for each conflict service system;

The analysis module is used for analyzing the second operation service corresponding to the first operation service and the conflict service system for each conflict service system to obtain the data operation association degree corresponding to the conflict service system, wherein the data operation association degree corresponding to the conflict service system is used for representing the association influence degree between the target service system and the data operation of the conflict service system about the request data type;

and the updating module is used for updating the second operation priority corresponding to the conflict service system according to the time length difference corresponding to the conflict service system and the data operation association degree corresponding to the conflict service system, triggering the judging module to execute the operation of the conflict judging result corresponding to the accessed service system according to the request data type, the first system information and the second system information corresponding to the accessed service system, and judging whether the accessed service system and the target service system have service conflict or not.

In a second aspect of the present invention, as an optional implementation manner, the determining module determines, according to the service access request and all the second system information, a specific manner of an access parameter corresponding to the service access request includes:

As an optional implementation manner, in the second aspect of the present invention, the obtaining module is further configured to obtain a security verification level corresponding to the target service system and a user permission corresponding to the user account;

the determining module is further configured to determine an identity verification mode corresponding to the service access request according to a security verification level corresponding to the target service system and a user authority corresponding to the user account;

The specific mode of verifying the user account based on the determined identity verification mode to obtain the identity verification result corresponding to the user account comprises the following steps:

As an optional implementation manner, in the second aspect of the present invention, the determining module is further configured to determine, according to the request data type, a data sharing level corresponding to the request data type, where the data sharing level includes one of an allowable sharing level, a conditional sharing level, and an allowable sharing level, after the access module accesses the user account to the target service system according to an access parameter corresponding to the service access request;

The determining module is further configured to determine, according to a user right corresponding to the user account, a data access right corresponding to the user account with respect to the request data type;

the determining module is further configured to determine a data processing scheme corresponding to the requested data type according to the data access right and the data sharing level;

The acquisition module is further used for acquiring request data corresponding to the request data type from a target database corresponding to the target service system;

Wherein the platform further comprises:

the data processing module is used for executing data sharing preprocessing on the request data based on the data processing scheme to obtain target data;

And the sending module is used for sending the target data to the user terminal.

The third aspect of the present invention discloses another service system access platform, which comprises:

a memory storing executable program code;

a processor coupled to the memory;

the processor invokes the executable program code stored in the memory to execute the service system access method based on identity authentication disclosed in the first aspect of the present invention.

A fourth aspect of the present invention discloses a computer storage medium storing computer instructions for executing the identity authentication based service system access method disclosed in the first aspect of the present invention when the computer instructions are called.

Compared with the prior art, the embodiment of the invention has the following beneficial effects:

In the embodiment of the invention, a service access request sent by a user terminal is received, wherein the service access request comprises a user account corresponding to the user terminal, a request data type corresponding to the user account and first system information corresponding to a target service system to be accessed, the first system information comprises a first system identifier and a first service data type, and the first service data type comprises the request data type; based on the determined identity verification mode, verifying the user account to obtain an identity verification result corresponding to the user account; when the identity verification result corresponding to the user account is used for indicating that the identity verification passes, acquiring an accessed service system corresponding to the user account and second system information corresponding to each accessed service system; determining access parameters corresponding to the service access request according to the service access request and all second system information; and accessing the user account to a target service system according to the access parameters corresponding to the service access request. After receiving the service access request sent by the user terminal, the user account is verified based on the determined identity verification mode to obtain the identity verification result corresponding to the user account, after the user account passes the identity verification, the accessed service system corresponding to the user account and the system information corresponding to each accessed service system are obtained, then the access parameters corresponding to the service access request are determined according to the service access request and the system information corresponding to all accessed service systems, then the user account is accessed to the target service system according to the access parameters corresponding to the service access request, on the basis that the user account does not need to repeatedly log in different service systems, the intelligent control of the user account access to the target service system based on the identity verification result and the current service system access condition of the user account is realized, the flow of the user access service system can be simplified, and meanwhile, the access flexibility of the service system can be improved, so that the access accuracy of the service system is improved, the security of the service system is improved, the data processing accuracy of the request data is improved, the service conflict generated among the accessed service systems can be reduced, and the service account using experience of the user to the service system is improved is facilitated.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic flow chart of a service system access method based on identity authentication according to an embodiment of the present invention;

FIG. 2 is a schematic flow chart of another service system access method based on identity authentication according to an embodiment of the present invention;

fig. 3 is a schematic structural diagram of a service system access platform according to an embodiment of the present invention;

fig. 4 is a schematic structural diagram of another service system access platform according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of another service system access platform according to an embodiment of the present invention.

Detailed Description

In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

The terms first, second and the like in the description and in the claims and in the above-described figures are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, platform, article, or apparatus that comprises a list of steps or elements is not limited to the list of steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.

The invention discloses a service system access method and a service system access platform based on identity authentication, which can verify a user account based on a determined identity verification mode after receiving a service access request sent by a user terminal to obtain an identity verification result corresponding to the user account, acquire an accessed service system corresponding to the user account and system information corresponding to each accessed service system after the user account passes the identity verification, determine access parameters corresponding to the service access request according to the service access request and the system information corresponding to all accessed service systems, and then access the user account to a target service system according to the access parameters corresponding to the service access request. The following will describe in detail.

Example 1

Referring to fig. 1, fig. 1 is a flow chart of a service system access method based on identity authentication according to an embodiment of the present invention. The service system access method based on identity authentication described in fig. 1 may be applied to a service system access platform, where the platform may include one of an access device, an access terminal, an access system and a server, where the server may include a local server or a cloud server, where the service system access platform may be used to direct/control a user account to access one or more service systems, and optionally, multiple service systems accessible by the user account may belong to the same service platform, or may belong to different service platforms, respectively. As shown in fig. 1, the service system access method based on identity authentication may include the following operations:

101. And receiving a service access request sent by the user terminal.

In the embodiment of the invention, the service access request comprises a user account corresponding to the user terminal, a request data type corresponding to the user account and first system information corresponding to a target service system to be accessed, wherein the first system information comprises a first system identifier and a first service data type, and the first service data type comprises the request data type. The service access request is used for indicating that the user account requests to access a target service system so as to acquire data corresponding to a request data type in the target service system; optionally, when the method is applied to the service system access platform, the user account corresponding to the user terminal completes the login operation on the service system access platform.

102. And verifying the user account based on the determined identity verification mode to obtain an identity verification result corresponding to the user account.

In the embodiment of the invention, the identity verification mode is used for verifying whether the user account is a user account which can be accessed to the target service system.

103. And when the identity verification result corresponding to the user account is used for indicating that the identity verification passes, acquiring an accessed service system corresponding to the user account and second system information corresponding to each accessed service system.

In the embodiment of the present invention, the second system information corresponding to each accessed service system may include a second system identifier corresponding to the accessed service system and a second service data type corresponding to the accessed service system, which is not limited in the embodiment of the present invention.

104. And determining access parameters corresponding to the service access request according to the service access request and all the second system information.

In the embodiment of the present invention, the access parameters corresponding to the service access request may include one or more combinations of a target access interface, a target access address, an access verification identifier and an access request duration, which is not limited in the embodiment of the present invention.

105. And accessing the user account to a target service system according to the access parameters corresponding to the service access request.

In the embodiment of the invention, after the user account is accessed to the target service system, the user account can acquire the target data corresponding to the request data type in the service access request from the target service system.

It can be seen that, after receiving the service access request sent by the user terminal, the method described in the embodiment of the present invention can verify the user account based on the determined authentication mode to obtain the authentication result corresponding to the user account, after the user account passes the authentication, obtain the accessed service system corresponding to the user account and the system information corresponding to each accessed service system, determine the access parameters corresponding to the service access request according to the service access request and the system information corresponding to all accessed service systems, and then access the user account to the target service system according to the access parameters corresponding to the service access request, thereby realizing intelligent control of the user account to access to the target service system based on the authentication result and the current service system access condition of the user account without requiring the user account.

In an alternative embodiment, the method may further comprise the operations of:

For each accessed service system, judging whether the accessed service system and a target service system have service conflict according to the request data type, the first system information and the second system information corresponding to the accessed service system, and obtaining a conflict judgment result corresponding to the accessed service system;

For each accessed service system, when a conflict judgment result corresponding to the accessed service system is used for indicating that the accessed service system has service conflict with a target service system, determining the accessed service system as a conflict service system;

Judging whether the number of conflict service systems corresponding to the conflict service systems in all accessed service systems is smaller than the number of preset systems;

When the number of the conflict service systems corresponding to the conflict service systems in all the accessed service systems is smaller than the number of the preset systems, triggering and executing the operation of determining the access parameters corresponding to the service access request according to the service access request and all the second system information.

The preset number of systems may be determined based on the number of accessed service systems, may be determined based on a user right corresponding to a user account, may be determined based on a system access rule of a service platform corresponding to a target service system and a system access rule of a service platform corresponding to each accessed service system, and the embodiment of the present invention is not limited.

Optionally, when the number of conflict service systems corresponding to the conflict service systems in all the accessed service systems is greater than or equal to the preset number of systems, an access failure message may be sent to the user terminal, where the access failure message is used to prompt the user account that the target service system cannot be accessed and the reason that the target service system cannot be accessed.

It can be seen that, in this optional embodiment, for each accessed service system, whether a service conflict exists between the accessed service system and the target service system is determined according to the request data type, the first system information and the second system information corresponding to the accessed service system, if the service conflict exists, the accessed service system is determined to be the conflicting service system, then whether the number of conflicting service systems is smaller than the preset system number is determined, if the determination result is yes, an operation of determining an access parameter corresponding to the service access request is performed, and the accuracy of determining whether the service conflict exists between the service systems can be improved, so that the accuracy of performing the operation of determining the access parameter is improved, the accuracy of performing the system access operation is further improved, the occurrence possibility of the situation that the service conflict occurs between the service systems accessed by the user account number so as to cause data abnormality is facilitated to be reduced, and the data security of the service system is facilitated to be improved.

In this optional embodiment, optionally, the second system information corresponding to each accessed service system includes a second service data type corresponding to the accessed service system;

for each accessed service system, according to the request data type, the first system information and the second system information corresponding to the accessed service system, judging whether the accessed service system and the target service system have service conflict, and obtaining a conflict judgment result corresponding to the accessed service system, the method can comprise the following operations:

according to the request data type and the first system information, determining a first operation service corresponding to the request data type and a first operation priority corresponding to the first operation service of a user account in a target service system;

For each accessed service system, when the second service data type corresponding to the accessed service system is detected to contain the request data type, determining a second operation service corresponding to the request data type and a second operation priority corresponding to the second operation service of the user account currently in the accessed service system according to the request data type and the second system information corresponding to the accessed service system;

for each accessed service system, judging whether the first operation priority is higher than the second operation priority corresponding to the accessed service system;

And when judging that the first operation priority is smaller than or equal to the second operation priority corresponding to the accessed service system, determining that the conflict judgment result corresponding to the accessed service system is that the service conflict exists between the accessed service system and the target service system.

Optionally, for each accessed service system, when it is detected that the second service data type corresponding to the accessed service system does not include the request data type, it is determined that the conflict judgment result corresponding to the accessed service system is that the service conflict exists between the accessed service system and the target service system.

The first operation service may include one or more services that the user account can operate on the data corresponding to the request data type in the target service system, or may include that the user account expects to operate on the data corresponding to the request data type in the target service system; the first operation service and the second operation service are both operation services, and the operation services can comprise one or a combination of more of a data reading service, a data writing service, a data modifying service, a data synchronizing service and a data auditing service.

It can be seen that in this optional embodiment, after determining that the first operation priority corresponding to the first operation service and the first operation priority corresponding to the first operation service corresponding to the request data type of the target service system is about the first operation service of the target service system, for each accessed service system, determining that the second operation priority corresponding to the second operation service and the second operation priority corresponding to the second operation service of the user account are about the second operation service of the accessed service system, when determining that the first operation priority is higher than the second operation priority, there is no service conflict between the accessed service system and the target service system, and when determining that the first operation priority is lower than the second operation priority, there is a service conflict between the accessed service system and the target service system, so that the determination accuracy of whether there is a service conflict between the service systems can be improved, thereby improving the determination flexibility and the determination accuracy of whether there is a service conflict between the service systems, and being beneficial to improving the determination accuracy of executing access operations of the system.

In this alternative embodiment, further optionally, the method may further comprise the operations of:

When the number of conflict service systems corresponding to the conflict service systems in all accessed service systems is larger than or equal to the number of preset systems, acquiring the accessed time length corresponding to the conflict service systems and the access time length threshold corresponding to the conflict service systems of a user account for each conflict service system;

For each conflict service system, analyzing a second operation service corresponding to the first operation service and the conflict service system to obtain a data operation association degree corresponding to the conflict service system, wherein the data operation association degree corresponding to the conflict service system is used for representing the association influence degree between a target service system and data operation of the conflict service system about a request data type;

And for each conflict service system, updating a second operation priority corresponding to the conflict service system according to the duration difference corresponding to the conflict service system and the data operation association degree corresponding to the conflict service system, triggering and executing the operation of judging whether the service conflict exists between the accessed service system and the target service system according to the request data type, the first system information and the second system information corresponding to the accessed service system and obtaining a conflict judgment result corresponding to the accessed service system.

The access time threshold value corresponding to each conflict service system is used for indicating the maximum time length of the conflict service system for allowing the user account to access the conflict service system.

In an exemplary embodiment, it is assumed that two conflict service systems (for example, a system a and a system B) exist, a first operation service corresponding to a target service system is data corresponding to a read request data type, a second operation service corresponding to a system a is data corresponding to a read request data type, and a second operation service corresponding to a system B is data corresponding to a write request data type, so that when the system B executes a service of writing data corresponding to the write request data type, data read by the target service system may be affected, and therefore, the data operation association degree corresponding to the system a is lower than that corresponding to the system B.

It can be seen that when the number of conflict service systems is determined to be greater than or equal to the number of preset systems, the optional embodiment can further obtain, for each conflict service system, an accessed duration corresponding to the access of the user account to the conflict service system and an access duration threshold corresponding to the conflict service system, calculate a duration difference between the two, obtain a data operation association degree corresponding to the conflict service system by analyzing a second operation service corresponding to the first operation service and the conflict service system, update the second operation priority corresponding to the conflict service system according to the duration difference and the data operation association degree, and re-execute an operation for determining whether a service conflict exists between the accessed service system and the target service system, so that the operation priority of the accessed service system can be updated in real time, further improve the determination accuracy of the operation priority of the service systems, thereby improving the determination accuracy of service conflicts generated between the service systems, being beneficial to reducing the possibility of service conflicts generated between the service systems, and further improving the access accuracy of the service systems.

In this optional embodiment, further optionally, for each conflict service system, updating the second operation priority corresponding to the conflict service system according to the duration difference corresponding to the conflict service system and the data operation association degree corresponding to the conflict service system may include the following operations:

For each conflict service system, judging whether the duration difference corresponding to the conflict service system is smaller than a preset duration difference and whether the data operation association degree corresponding to the conflict service system is smaller than a preset operation association degree;

for each conflict service system, when judging that the time length difference corresponding to the conflict service system is smaller than the preset time length difference and the data operation association degree corresponding to the conflict service system is smaller than the preset operation association degree, lowering the second operation priority corresponding to the conflict service system so that the adjusted second operation priority is lower than the second operation priority before adjustment;

And for each conflict service system, when judging that the time length difference corresponding to the conflict service system is greater than or equal to the preset time length difference or the data operation association degree corresponding to the conflict service system is greater than or equal to the preset operation association degree, updating the second operation priority corresponding to the conflict service system so that the updated second operation priority is not lower than the second operation priority before updating.

It can be seen that, in this optional embodiment, for each conflict service system, a specific update manner of the second operation priority may be determined by determining whether the duration difference is less than the preset duration difference and whether the data operation association is less than the preset operation association: when the time length difference is smaller than the preset time length difference and the data operation association degree is smaller than the preset operation association degree, the second operation priority is adjusted downwards, otherwise, the second operation priority is adjusted upwards or the original second operation priority is kept, the determination accuracy of the updating mode of the operation priority can be improved, the accuracy of the operation priority is improved, and the judgment accuracy of business conflicts generated between business systems is improved.

Example two

Referring to fig. 2, fig. 2 is a flow chart of a service system access method based on identity authentication according to an embodiment of the present invention. The service system access method based on identity authentication described in fig. 2 may be applied to a service system access platform, where the platform may include one of an access device, an access terminal, an access system and a server, where the server may include a local server or a cloud server, where the service system access platform may be used to direct/control a user account to access one or more service systems, and optionally, multiple service systems accessible by the user account may belong to the same service platform, or may belong to different service platforms, respectively. As shown in fig. 2, the service system access method based on identity authentication may include the following operations:

201. and receiving a service access request sent by the user terminal.

202. And verifying the user account based on the determined identity verification mode to obtain an identity verification result corresponding to the user account.

203. And when the identity verification result corresponding to the user account is used for indicating that the identity verification passes, acquiring an accessed service system corresponding to the user account and second system information corresponding to each accessed service system.

204. And screening at least one candidate access interface which is not called from all the acquired system access interfaces according to the user account number and all the second system information.

In the embodiment of the present invention, optionally, all acquired system access interfaces may include all interfaces corresponding to the service system access platform and/or all interfaces corresponding to the user terminal, and the embodiment of the present invention is not limited.

205. And screening target access interfaces matched with the service access request from all candidate access interfaces according to the user account number and the first system information.

In the embodiment of the present invention, optionally, the target access interface matched with the service access request may be an interface capable of accessing the target service system, which is not limited in the embodiment of the present invention.

206. And determining a target access address corresponding to the service access request according to the target access interface and the first system information.

In the embodiment of the present invention, the target access address corresponding to the service access request is an address where the user account accesses the target service system, and the target access address may be a URL (Uniform Resource Locator ) by way of example, which is not limited by the embodiment of the present invention.

207. And acquiring an access verification identifier corresponding to the service access request according to the user account and the first system information.

In the embodiment of the present invention, the access verification identifier corresponding to the service access request may include one or more combinations of a verification code corresponding to the user account, an access authorization code of the user account about the target service system, and an access token corresponding to the access authorization code, which is not limited in the embodiment of the present invention.

208. And estimating the access request time length corresponding to the service access request according to the service access request.

In the embodiment of the invention, the access request duration corresponding to the service access request is used for indicating the duration of maintaining the access state after the user account is accessed to the target service system, which is requested by the user account.

In the embodiment of the invention, the access parameters comprise a target access interface, a target access address, an access verification identifier and an access request duration.

209. And accessing the user account to a target service system according to the access parameters corresponding to the service access request.

In the embodiment of the present invention, for other detailed descriptions of step 201 to step 203 and step 209, please refer to the detailed descriptions of step 101 to step 103 in the first embodiment, and the detailed descriptions of the embodiment of the present invention are omitted.

It can be seen that, after receiving the service access request sent by the user terminal, the method described in the embodiment of the present invention can verify the user account based on the determined authentication mode to obtain the authentication result corresponding to the user account, after the user account passes the authentication, obtain the accessed service system corresponding to the user account and the system information corresponding to each accessed service system, determine the access parameters corresponding to the service access request according to the service access request and the system information corresponding to all accessed service systems, and then access the user account to the target service system according to the access parameters corresponding to the service access request, thereby realizing intelligent control of the user account to access to the target service system based on the authentication result and the current service system access condition of the user account without requiring the user account. In addition, the target access interface matched with the service access request can be screened out according to the service access request and all the second system information, the target access address is determined according to the target access interface and the first system information, the access verification identifier is acquired, the access request duration is estimated, the determination accuracy of the access parameters can be improved, the accuracy of the access parameters is improved, and the access accuracy of the service system is improved.

In an optional embodiment, the service access request further includes a request data amount corresponding to the request data type;

the estimating the access request duration corresponding to the service access request according to the service access request may include the following operations:

Estimating the required request processing time length of the user account with respect to the request data type according to the acquired user authority, the request data type and the request data amount corresponding to the request data type corresponding to the user account;

Acquiring a data processing speed corresponding to a target service system, a data processing abnormal record corresponding to the target service system, a data transmission delay corresponding to the target service system and a current user access amount of the target service system;

According to the data processing speed corresponding to the target service system, the data processing abnormal record corresponding to the target service system and the request data quantity, predicting the data processing time length corresponding to the request data type of the target service system;

determining a speed influence coefficient corresponding to the data processing speed according to the current user access quantity of the target service system;

And estimating the access request duration corresponding to the service access request according to the request processing duration, the data transmission delay, the data processing duration and the speed influence coefficient.

It can be seen that, in this optional embodiment, the required request processing duration of the user can be estimated according to the user authority, the request data type and the request data amount, the data processing duration of the target service system corresponding to the request data type can be estimated according to the obtained data processing speed, the data processing exception record and the request data amount corresponding to the target service system, the speed influence coefficient corresponding to the data processing speed is determined according to the current user access amount of the target service system, and the access request duration corresponding to the service access request can be estimated by integrating the request processing duration, the obtained data transmission delay, the data processing duration and the data processing duration, so that the accuracy of estimating the access request duration can be improved, thereby being beneficial to improving the access accuracy of the service system.

acquiring a security verification grade corresponding to a target service system and a user authority corresponding to a user account;

and determining an identity verification mode corresponding to the service access request according to the security verification grade corresponding to the target service system and the user authority corresponding to the user account.

The higher the security verification level corresponding to the target service system is, the more/more strict the condition of the target service system for the identity verification of the user account is; the user permission corresponding to the user account may be used to determine one or more combinations of data access permission corresponding to the user account, data operation permission corresponding to the user account, data auditing permission corresponding to the user account, and business process processing permission corresponding to the user account, which is not limited in the embodiment of the present invention.

Therefore, the optional embodiment can determine the identity verification mode corresponding to the service access request according to the acquired security verification level corresponding to the target service system and the user authority corresponding to the user account, and can improve the determination flexibility and the determination accuracy of the identity verification mode, so that the accuracy of the identity verification result is improved, and the identity verification based on the identity verification mode suitable for the user is beneficial to simplifying the flow of the user accessing the service system.

In this optional embodiment, optionally, based on the determined authentication manner, the user account is authenticated, and the authentication result corresponding to the user account is obtained, which may include the following operations:

When the authentication mode comprises an authorization authentication mode, acquiring an authentication identifier corresponding to a user account, wherein the authentication identifier corresponding to the user account comprises an authorization code of the user account about a target service system and a token corresponding to the authorization code;

Judging whether the identity verification identifications corresponding to the user account numbers are legal verification identifications corresponding to the target service system;

when the identity verification identifications corresponding to the user account numbers are all legal verification identifications corresponding to the target service system, determining that the identity verification results corresponding to the user account numbers pass the identity verification;

And when the authentication identifier corresponding to the user account is judged to be the legal authentication identifier corresponding to the target service system, determining that the authentication result corresponding to the user account is that the authentication is not passed.

The authorization code is an identifier of a service system which the user account is authorized to access; optionally, after determining that the authorization code of the user account related to the target service system is the legal verification identifier corresponding to the target service system, whether the token corresponding to the authorization code is the legal verification identifier corresponding to the target service system may be determined, or whether the authorization code and the token corresponding to the authorization code are the legal verification identifier corresponding to the target service system may be determined at the same time.

It can be seen that, in this optional embodiment, when the authentication mode includes an authorization authentication mode, it is further determined whether the obtained authentication identifications corresponding to the user account are legal authentication identifications corresponding to the target service system, and when the determination result is yes, it is determined that the authentication result is passing authentication, and when the determination result is no, it is determined that the authentication result is not passing authentication, so that the accuracy and the efficiency of authentication can be improved, thereby improving the accuracy and the efficiency of determination of the user authentication result, and further being beneficial to improving the access efficiency of the service system.

In this optional embodiment, optionally, after the user account is accessed to the target service system according to the access parameter corresponding to the service access request, the method may further include the following operations:

According to the request data type, determining a data sharing grade corresponding to the request data type of the target service system, wherein the data sharing grade comprises one of an allowable sharing grade, a conditional sharing grade and an allowable sharing grade;

Determining the data access rights corresponding to the request data types of the user account according to the user rights corresponding to the user account;

Acquiring request data corresponding to the request data type from a target database corresponding to a target service system;

based on the data processing scheme, data sharing preprocessing is performed on the request data to obtain target data, and the target data is sent to the user terminal.

The condition sharing level is used for indicating that after data is processed based on preset data sharing conditions, the service system can share the processed data with the user account; the data processing scheme may include a combination of one or more of a data processing level, a data processing manner, a data processing complexity, and a data processing rule. Among other things, the data sharing preprocessing may be data desensitization processing.

The method includes the steps that if the request data type is a personal privacy data type, a data sharing level of a target service system about the personal privacy data type is determined to be a conditional sharing level, if the account type of a user account is a common account type, user permission corresponding to the user account does not allow the user account to view original data of the personal privacy data, it can be determined that data access permission corresponding to the user account about the personal privacy data type can access desensitized data after data desensitization, a data processing scheme corresponding to the personal privacy data type is determined according to the data access permission and the conditional sharing level, and data sharing preprocessing is performed on the personal privacy data based on the data processing scheme, so that the processed personal privacy data, namely target data, is obtained.

It can be seen that, in this optional embodiment, a data processing scheme corresponding to the request data type can be determined according to the determined data sharing level of the target service system corresponding to the request data type and the determined data access authority of the user account corresponding to the request data type, and the data sharing preprocessing is performed on the request data based on the data processing scheme, so as to obtain the target data sent to the user terminal, so that the accuracy of determining the data processing mode can be improved, the security of data sharing can be improved, and the security of data management of the service system can be further improved.

Example III

Referring to fig. 3, fig. 3 is a schematic structural diagram of a service system access platform according to an embodiment of the present invention. The service system access platform described in fig. 3 may include one of an access device, an access terminal, an access system, and a server, where the server may include a local server or a cloud server, and the platform may be used to direct/control access of a user account to one or more service systems, and optionally, multiple service systems accessible by the user account may belong to the same service platform, or may belong to different service platforms respectively. As shown in fig. 3, the service system access platform may include:

the receiving module 301 is configured to receive a service access request sent by a user terminal, where the service access request includes a user account corresponding to the user terminal, a request data type corresponding to the user account, and first system information corresponding to a target service system to be accessed, the first system information includes a first system identifier and a first service data type, and the first service data type includes the request data type;

the verification module 302 is configured to verify the user account based on the determined authentication mode, and obtain an authentication result corresponding to the user account;

The obtaining module 303 is configured to obtain an accessed service system corresponding to the user account and second system information corresponding to each accessed service system when the authentication result corresponding to the user account is used to indicate that authentication is passed;

A determining module 304, configured to determine an access parameter corresponding to the service access request according to the service access request and all second system information;

The access module 305 is configured to access the user account to the target service system according to the access parameter corresponding to the service access request.

It can be seen that, after receiving the service access request sent by the user terminal, the platform described in the embodiment of the present invention can verify the user account based on the determined authentication mode to obtain the authentication result corresponding to the user account, after the user account passes the authentication, obtain the accessed service system corresponding to the user account and the system information corresponding to each accessed service system, determine the access parameters corresponding to the service access request according to the service access request and the system information corresponding to all accessed service systems, and then access the user account to the target service system according to the access parameters corresponding to the service access request, thereby realizing intelligent control of the user account to access to the target service system based on the authentication result and the current service system access condition of the user account without requiring the user account.

In an alternative embodiment, as shown in fig. 4, the platform may further include:

A judging module 306, configured to judge, for each accessed service system, whether a service conflict exists between the accessed service system and a target service system according to the request data type, the first system information and the second system information corresponding to the accessed service system, and obtain a conflict judging result corresponding to the accessed service system;

The determining module 304 is further configured to determine, for each accessed service system, the accessed service system as a conflicting service system when the conflict determination result corresponding to the accessed service system is used to indicate that a service conflict exists between the accessed service system and the target service system;

The judging module 306 is further configured to judge whether the number of conflict service systems corresponding to the conflict service systems in all the accessed service systems is less than the preset number of systems; when the number of the conflict service systems corresponding to the conflict service systems in all the accessed service systems is smaller than the number of the preset systems, the trigger determining module 304 executes the operation of determining the access parameters corresponding to the service access request according to the service access request and all the second system information.

It can be seen that, the platform described in this optional embodiment is capable of determining, for each accessed service system, whether there is a service conflict between the accessed service system and the target service system according to the request data type, the first system information and the second system information corresponding to the accessed service system, if there is a service conflict, determining that the accessed service system is a conflicting service system, and then determining whether the number of conflicting service systems is smaller than the number of preset systems, if the determination result is yes, executing the operation of determining the access parameters corresponding to the service access request, so as to improve the accuracy of determining whether there is a service conflict between service systems, thereby improving the accuracy of executing the operation of determining the access parameters, further improving the accuracy of executing the operation of accessing the system, and being beneficial to reducing the occurrence possibility of the situation that the service conflict occurs between service systems accessed by the user account, thereby causing data anomaly, and improving the data security of the service systems.

The specific manner of determining whether the service conflict exists between the accessed service system and the target service system according to the request data type, the first system information and the second system information corresponding to the accessed service system by the determining module 306 for each accessed service system, and obtaining the conflict determination result corresponding to the accessed service system may include:

It can be seen that, after determining that the user account is related to the first operation service corresponding to the request data type and the first operation priority corresponding to the first operation service in the target service system, the platform described in this optional embodiment also determines, for each accessed service system, whether the user account is related to the second operation service corresponding to the request data type and the second operation priority corresponding to the second operation service in the accessed service system, and when determining that the first operation priority is higher than the second operation priority, there is no service conflict between the accessed service system and the target service system, and when determining that the first operation priority is lower than the second operation priority, there is a service conflict between the accessed service system and the target service system, so as to improve accuracy of determining whether there is a service conflict between the service systems, thereby improving flexibility and accuracy of determining whether there is a service conflict between the service systems, and being beneficial to improving accuracy of determining that the access operation of the execution system is performed.

In this optional embodiment, further optionally, the obtaining module 303 is further configured to obtain, for each conflict service system, an accessed duration of the user account corresponding to the conflict service system and an access duration threshold corresponding to the conflict service system when the judging module 306 judges that the number of conflict service systems corresponding to the conflict service systems in all accessed service systems is greater than or equal to a preset number of systems;

Wherein, as shown in fig. 4, the platform may further include:

A calculating module 307, configured to calculate, for each conflict service system, a time length difference between an accessed time length corresponding to the conflict service system and an access time length threshold corresponding to the conflict service system;

The analysis module 308 is configured to, for each conflict service system, analyze a second operation service corresponding to the first operation service and the conflict service system, and obtain a data operation association degree corresponding to the conflict service system, where the data operation association degree corresponding to the conflict service system is used to represent an association influence degree between a target service system and a data operation of the conflict service system about a request data type;

And the updating module 309 is configured to update, for each conflict service system, a second operation priority corresponding to the conflict service system according to a duration difference corresponding to the conflict service system and a data operation association degree corresponding to the conflict service system, and trigger the judging module 306 to execute an operation of judging, for each accessed service system, whether a service conflict exists between the accessed service system and the target service system according to a request data type, first system information and second system information corresponding to the accessed service system, so as to obtain a conflict judging result corresponding to the accessed service system.

It can be seen that, when the number of conflict service systems is greater than or equal to the preset number of systems, the platform described in this optional embodiment can also obtain, for each conflict service system, the accessed time length corresponding to the user account accessing the conflict service system and the access time length threshold corresponding to the conflict service system, calculate the time length difference between the two, and obtain the data operation association degree corresponding to the conflict service system by analyzing the second operation service corresponding to the first operation service and the conflict service system, update the second operation priority corresponding to the conflict service system according to the time length difference and the data operation association degree, and re-execute the operation of judging whether the service conflicts exist between the accessed service system and the target service system, so as to update the operation priority of the accessed service system in real time, further improve the accuracy of determining the operation priority of the service system, thereby improving the accuracy of judging the service conflicts generated between the service systems, being beneficial to reducing the possibility of generating service conflicts between the service systems, and further being beneficial to improving the access flexibility of the service system so as to improve the accuracy of the service system.

In another alternative embodiment, the specific manner of determining, by the determining module 304, the access parameter corresponding to the service access request according to the service access request and all the second system information may include:

Screening target access interfaces matched with the service access request from all candidate access interfaces according to the user account number and the first system information;

acquiring an access verification identifier corresponding to a service access request according to a user account and first system information;

estimating the access request duration corresponding to the service access request according to the user account, the request data type and the first system information;

the access parameters comprise a target access interface, a target access address, an access verification identifier and an access request duration.

Therefore, the platform described by implementing the alternative embodiment can screen out the target access interface matched with the service access request according to the service access request and all the second system information, determine the target access address according to the target access interface and the first system information, acquire the access verification identifier and estimate the access request duration, and improve the determination accuracy of the access parameters, thereby improving the accuracy of the access parameters and further being beneficial to improving the access accuracy of the service system.

In yet another optional embodiment, the obtaining module 303 is further configured to obtain a security verification level corresponding to the target service system and a user permission corresponding to the user account;

the determining module 304 is further configured to determine an authentication mode corresponding to the service access request according to a security authentication level corresponding to the target service system and a user permission corresponding to the user account;

The specific manner of verifying the user account to obtain the authentication result corresponding to the user account based on the determined authentication manner by the verification module 302 may include:

It can be seen that the platform described in this optional embodiment can determine the authentication mode corresponding to the service access request according to the security authentication level corresponding to the obtained target service system and the user authority corresponding to the user account, so as to improve the determination flexibility and accuracy of the authentication mode, thereby improving the accuracy of the authentication result, and performing authentication based on the authentication mode suitable for the user is beneficial to simplifying the process of accessing the service system by the user; and when the authentication mode comprises an authorization authentication mode, judging whether the acquired authentication identifications corresponding to the user account are legal authentication identifications corresponding to the target service system, when the judgment result is yes, determining that the authentication result is authentication passing, and when the judgment result is no, determining that the authentication result is authentication failing, thereby improving the authentication accuracy and the authentication efficiency, further being beneficial to improving the access efficiency of the service system.

In this optional embodiment, optionally, the determining module 304 is further configured to determine, according to the request data type, a data sharing level corresponding to the request data type, where the data sharing level includes one of an allowable sharing level, a conditional sharing level, and an allowable sharing level, after the access module 305 accesses the user account to the target service system according to an access parameter corresponding to the service access request;

the determining module 304 is further configured to determine, according to a user permission corresponding to the user account, a data access permission corresponding to the user account with respect to the request data type;

The determining module 304 is further configured to determine a data processing scheme corresponding to the requested data type according to the data access right and the data sharing level;

The obtaining module 303 is further configured to obtain, from a target database corresponding to the target service system, request data corresponding to a request data type;

Wherein, as shown in fig. 4, the platform may further include:

a data processing module 310, configured to perform data sharing preprocessing on the request data based on a data processing scheme, to obtain target data;

the sending module 311 is configured to send the target data to the user terminal.

It can be seen that the platform described in this optional embodiment may further determine, according to the determined data sharing level of the target service system corresponding to the request data type and the determined data access authority of the user account corresponding to the request data type, a data processing scheme corresponding to the request data type, and perform data sharing preprocessing on the request data based on the data processing scheme, so as to obtain the target data sent to the user terminal, so that accuracy in determining a data processing manner can be improved, thereby improving security of data sharing, and further being beneficial to improving security of data management of the service system.

Example IV

Referring to fig. 5, fig. 5 is a schematic structural diagram of another service system access platform according to an embodiment of the present invention. As shown in fig. 5, the service system access platform may include:

A memory 401 storing executable program codes;

a processor 402 coupled with the memory 401;

The processor 402 invokes executable program codes stored in the memory 401 to perform the steps in the authentication-based service system access method described in the first or second embodiment of the present invention.

Example five

The embodiment of the invention discloses a computer storage medium which stores computer instructions for executing the steps in the service system access method based on identity authentication described in the first embodiment or the second embodiment of the invention when the computer instructions are called.

Example six

An embodiment of the present invention discloses a computer program product, which includes a non-transitory computer readable storage medium storing a computer program, and the computer program is operable to cause a computer to perform the steps in the authentication-based service system access method described in the first embodiment or the second embodiment.

The platform embodiments described above are illustrative only, in that the modules illustrated as separate components may or may not be physically separate, and the components shown as modules may or may not be physical modules, i.e., may be located in one place, or may be distributed over multiple network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.

From the above detailed description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course by means of hardware. Based on such understanding, the foregoing technical solutions may be embodied essentially or in part in the form of a software product that may be stored in a computer-readable storage medium including Read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), programmable Read-Only Memory (Programmable Read-Only Memory, PROM), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), one-time programmable Read-Only Memory (OTPROM), electrically erasable programmable Read-Only Memory (EEPROM), compact disc Read-Only Memory (Compact Disc Read-Only Memory, CD-ROM) or other optical disc Memory, magnetic disc Memory, tape Memory, or any other medium that can be used for computer-readable carrying or storing data.

Finally, it should be noted that: the embodiment of the invention discloses a service system access method and a service system access platform based on identity authentication, which are disclosed as preferred embodiments of the invention, and are only used for illustrating the technical scheme of the invention, but not limiting the technical scheme; although the invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that; the technical scheme recorded in the various embodiments can be modified or part of technical features in the technical scheme can be replaced equivalently; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.

Claims

1. An identity authentication-based service system access method is characterized by comprising the following steps:

accessing the user account to the target service system according to the access parameters corresponding to the service access request;

Wherein the method further comprises:

2. The identity authentication-based service system access method according to claim 1, wherein the second system information corresponding to each of the accessed service systems includes a second service data type corresponding to the accessed service system;

3. The identity-based service system access method of claim 2, further comprising:

4. The method for accessing a service system based on identity authentication according to claim 1, wherein determining the access parameter corresponding to the service access request according to the service access request and all the second system information comprises:

5. The identity-based service system access method of claim 1, further comprising:

6. The method for accessing a service system based on identity authentication according to claim 5, wherein after the user account is accessed to the target service system according to the access parameter corresponding to the service access request, the method further comprises:

7. A business system access platform, said platform comprising:

The access module is used for accessing the user account to the target service system according to the access parameters corresponding to the service access request;

Wherein the platform further comprises:

8. A business system access platform, said platform comprising:

a memory storing executable program code;

a processor coupled to the memory;

The processor invokes the executable program code stored in the memory to perform the identity based business system access method of any one of claims 1-6.

9. A computer storage medium storing computer instructions which, when invoked, are operable to perform the identity based service system access method of any one of claims 1-6.