[go: up one dir, main page]

WO2019144738A1 - Financial service verification method, apparatus and device, and computer storage medium - Google Patents

Financial service verification method, apparatus and device, and computer storage medium Download PDF

Info

Publication number
WO2019144738A1
WO2019144738A1 PCT/CN2018/122609 CN2018122609W WO2019144738A1 WO 2019144738 A1 WO2019144738 A1 WO 2019144738A1 CN 2018122609 W CN2018122609 W CN 2018122609W WO 2019144738 A1 WO2019144738 A1 WO 2019144738A1
Authority
WO
WIPO (PCT)
Prior art keywords
verification
verified
information
security level
operation instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/122609
Other languages
French (fr)
Chinese (zh)
Inventor
罗潜锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Smart Technology Co Ltd
Original Assignee
OneConnect Smart Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Smart Technology Co Ltd filed Critical OneConnect Smart Technology Co Ltd
Publication of WO2019144738A1 publication Critical patent/WO2019144738A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3672Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes initialising or reloading thereof
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules

Definitions

  • the present application relates to the field of identity verification, and in particular, to a method, an apparatus, a device, and a computer storage medium for verifying financial services.
  • the user needs to be authenticated to ensure the security of the user's internet financial service.
  • the remote authentication can be performed (can be remotely verified, for example, the user can authenticate through two-way video) , or the user through the mobile phone (such as through the mobile phone verification code, password verification method) these verification methods, as long as other people have the account and password can be verified, the security is low, can not guarantee the authenticity of the identity of the object.
  • the main purpose of the present application is to provide a method, device, device and computer storage medium for verifying financial services, which are intended to efficiently authenticate users, determine whether a user has financial service operation rights, and ensure the security of user operations.
  • the present application provides a method for verifying a financial service, and the method for verifying the financial service includes the following steps:
  • the operation instruction is executed when it is detected that the operation authority verification is passed.
  • the present application further provides a verification apparatus for a financial service
  • the verification device of the financial service includes:
  • Receiving an acquisition module configured to receive an operation instruction of the financial service, and obtain the service information included in the operation instruction
  • a level determining module configured to determine a security level of the operation instruction according to the service information, to obtain a verification rule corresponding to the security level
  • Obtaining a display module configured to obtain a to-be-verified unit included in the verification rule, and display the to-be-verified element in the to-be-verified unit, so that the user inputs verification information corresponding to the element to be verified;
  • a rights verification module configured to compare the verification information with a preset verification library to perform operation authority verification of the operation instruction
  • the instruction execution module is configured to execute the operation instruction when detecting that the operation authority verification is passed.
  • the present application further provides a verification device for a financial service
  • the verification device of the financial service includes: a memory, a processor, and a verification readable instruction of a financial service stored on the memory and executable on the processor, wherein:
  • the step of verifying the readable instructions of the financial service when executed by the processor implements the verification method of the financial service as described above.
  • the present application further provides a computer storage medium
  • the computer storage medium stores the verification readable instructions of the financial service, and the verification readable instructions of the financial service are executed by the processor to implement the steps of the verification method of the financial service as described above.
  • a method, device, device and computer storage medium for verifying a financial service according to embodiments of the present application.
  • the user triggers an operation instruction on the terminal, the terminal receives an operation instruction of the financial service, acquires service information included in the operation instruction, determines a security level of the operation instruction according to the service information, and obtains a verification rule corresponding to the security level; and determines the verification rule.
  • the unit to be verified is included, and the element to be verified in the unit to be verified is displayed for the user to input the verification information corresponding to the element to be verified; the verification information input by the user is compared with the preset verification library, and if the user inputs the verification The information matches the preset verification library, and the operation authority verification corresponding to the operation instruction passes the verification; when the operation authority verification is detected, the operation instruction is executed.
  • the present invention improves the security of financial operation operations by performing an operation authority verification method for financial operations based on the terminal, and can accurately verify the identity information of the user without the user inputting too much information, so that the financial operation is performed. Operational verification efficiency is as important as the security of business operations.
  • FIG. 1 is a schematic structural diagram of an apparatus of a hardware operating environment involved in an embodiment of the present application
  • FIG. 2 is a schematic flowchart of a first embodiment of a method for verifying a financial service according to the present application
  • FIG. 3 is a schematic flowchart of a step S20 of the verification method of the financial service in FIG. 2;
  • step S20 of the verification method of the financial service in FIG. 2 is a schematic diagram of another refinement of step S20 of the verification method of the financial service in FIG. 2;
  • FIG. 5 is a schematic diagram of a refinement process of step S30 of the verification method of the financial service in FIG. 2;
  • FIG. 6 is a schematic flowchart of a second embodiment of a method for verifying a financial service according to the present application
  • FIG. 7 is a schematic diagram of functional modules of an embodiment of a verification apparatus for a financial service according to the present application.
  • FIG. 1 is a schematic structural diagram of a terminal in a hardware operating environment involved in an embodiment of the present application.
  • the terminal may be a fixed terminal, or may be a mobile terminal, such as an “Internet of Things device”, a smart air conditioner with networking function, a smart electric light, a smart power source, a smart speaker, an autonomous driving car, a PC, a smart phone, a tablet computer,
  • the terminal in this embodiment may also be called a verification device for a financial service.
  • the terminal may include a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, and a communication bus 1002.
  • the communication bus 1002 is used to implement connection communication between these components.
  • the user interface 1003 can include a display, an input unit such as a keyboard, and the optional user interface 1003 can also include a standard wired interface, a wireless interface.
  • the network interface 1004 can optionally include a standard wired interface, a wireless interface (such as a WI-FI interface).
  • the memory 1005 may be a high speed RAM memory or a stable memory (non-volatile) Memory), such as disk storage.
  • the memory 1005 can also optionally be a storage device independent of the aforementioned processor 1001.
  • the terminal may further include a camera, RF (Radio) Frequency, RF) circuit, sensor, audio circuit, WiFi module; input unit, display screen, touch screen; network interface optional in addition to WiFi in the wireless interface, Bluetooth, probes, etc.
  • sensors such as light sensors, motion sensors, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display according to the brightness of the ambient light, and the proximity sensor may turn off the display and/or when the mobile terminal moves to the ear. Backlighting.
  • the gravity acceleration sensor can detect the magnitude of acceleration in each direction (usually three axes), and can detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of the mobile terminal (such as horizontal and vertical screen switching, Related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; of course, the mobile terminal can also be equipped with other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor, etc. No longer.
  • terminal structure shown in FIG. 1 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements.
  • the computer software product is stored in a storage medium (storage medium: also called computer storage medium, computer medium, readable medium, readable storage medium, computer readable storage medium or directly called medium, etc.
  • a non-volatile readable storage medium such as a ROM/RAM, a magnetic disk, or an optical disk, includes instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the present
  • the memory 1005 as a computer storage medium may include an operating system, a network communication module, a user interface module, and a verification application readable instruction of a financial service.
  • the network interface 1004 is mainly used to connect to the background server and perform data communication with the background server;
  • the user interface 1003 is mainly used to connect the client (user end), and perform data communication with the client; and the processor
  • the 1001 may be used to invoke a verification application readable instruction of the financial service stored in the memory 1005, and perform the steps in the verification method of the financial service provided by the following embodiments of the present application.
  • the present embodiment provides a method for verifying a financial service. Before the step of the embodiment is performed, the user needs to perform login registration of the user on the financial application software or the financial webpage interface corresponding to the terminal, specifically:
  • Step a1 receiving an application request of a financial account input by a user, and acquiring identity information included in the application request;
  • Step a2 Establish a financial account based on the identity information, and set a verification library on the financial account to save standard information of the operation authority verification to the verification library.
  • the user triggers the application request of the financial account on the terminal, and the terminal receives the application request of the financial account input by the user, and obtains the identity information included in the application request, that is, the user needs to input the basic identity information of the user, for example, the user name.
  • User contact information (user contact information: including user mobile phone number, user mail account, etc.), user ID information (user ID information includes: copy of user ID, user ID number, etc.), user address information (user address information includes: user The home address information, the user company address information) and the user biometric information (the user biometric information include: user fingerprint data, user avatar information, user voice information) and other user related information, and the terminal establishes a financial account based on the application information input by the user, The application information input by the user is used as the standard information for the late user authentication.
  • the terminal After the terminal establishes the financial account, the terminal sets a verification library on the financial account, and the verification library is used to save the basic identity information input by the user when establishing the financial account, wherein the basic identity information user is used as the operation authority to verify the relevant standard information.
  • the user can log in to the financial account to perform financial related business operations, that is, the user triggers the financial account login instruction based on the terminal, and performs login verification on the user login information.
  • the financial account that the user logs in displays the corresponding financial service. It is necessary to add that the user needs to establish a related financial account before the embodiment of the verification method of the financial service of the present application, and the user performs login verification when logging in to the financial account.
  • the method of login verification is not the focus of this application. This application mainly focuses on triggering the financial service operation on the financial account after the user logs in to the financial account, thereby authenticating the user and finally realizing the operation authority authorization of the user financial service operation.
  • the human witness comparison that is, in the form of the cloud platform interface call, according to the user's ID information, the user self-photograph and the user's public security base map are compared in real time. Verify the identity of the user; 2. Face matching service, that is, in the form of cloud platform interface call and algorithm private deployment, verify the user identity by comparing the self-photographed by the user twice; 3.
  • OCR technology is Abbreviation for optical character recognition (Optical Character Recognition) is to convert texts of various bills, newspapers, books, manuscripts and other printed materials into image information through scanning and other optical input methods, and then use image recognition technology to convert image information into usable computer input technology
  • the certificate identification and bank card identification function provides services in the form of cloud platform interface call, converts the ID card photos and bank card photos uploaded by the user into editable texts, and confirms the user identity information.
  • voiceprint recognition that is, through the collected voiceprint information of the speaker into the database, when the speaker speaks again, the system compares the voiceprint data in the database to identify (identify/confirm) the identity of the speaker; Identification, that is, the fingerprint information pre-acquired by the user is compared with the fingerprint information for performing the operation, 6, the mobile phone dynamic verification code is recognized, and the like.
  • the verification method of the financial service includes:
  • Step S10 Receive an operation instruction of the financial service, and acquire the service information included in the operation instruction.
  • the user logs in the financial account and triggers an operation instruction of the financial service on the login financial account
  • the terminal receives the operation instruction of the financial service
  • the terminal acquires the service information included in the operation instruction
  • the service information included in the operation instruction includes: the operation instruction triggered by the user is Business type, business name, operation time, business operation amount, etc., that is, business types include: application transfer, fund purchase, stock purchase, futures purchase, insurance purchase, etc., which involve the transfer of funds, for example, the user is logged in.
  • the operation instruction for triggering the purchase of the fund product on the financial account includes the product name, the transaction time, and the transaction amount.
  • Step S20 Determine a security level of the operation instruction according to the service information, to obtain a verification rule corresponding to the security level.
  • the terminal determines the security level of the user operation instruction according to the service information carried in the user operation instruction. For example, the terminal may set the service name and the related operation amount and the preset level table according to the service information (the preset level table is set according to the specific operation scenario). The terminal determines the security level corresponding to the user operation instruction according to the information in the preset level table. If the security level corresponding to the service name and the operation amount in the service information exists in the preset level table, the terminal and the service information The security level matched by the service name and the operation amount is used as the security level of the operation instruction, and the terminal acquires the verification rule corresponding to the security level to perform verification according to the verification rule.
  • step S30 the to-be-verified unit included in the verification rule is obtained, and the to-be-verified element in the to-be-verified unit is displayed, so that the user inputs the verification information corresponding to the element to be verified.
  • the unit to be verified is included in the verification rule, and the unit to be verified refers to a type of verification information.
  • the unit to be verified is divided into: dynamic password verification, user certificate verification, and biometric verification.
  • the elements to be verified in the unit to be verified are determined, and the elements to be verified in the unit to be verified are displayed, that is, one type of verification rule includes the same type of verification unit, and one unit to be verified contains different
  • the elements to be verified (for example, the first security level corresponds to the first verification rule, and the first verification rule includes three verification units: dynamic password verification (the verification element included in the dynamic password verification is: mobile dynamic verification code, mailbox dynamic) Verification code, etc.), user ID verification (user ID verification includes: ID card, driver's license, passport or social security information, etc.) and biometric verification (biometric verification including: fingerprint verification, face verification, voice verification), the terminal is based on random Or determining the elements to be verified in the unit to be verified according to the set rules for User inputs the authentication information corresponding to the set rules
  • the name of the user financial service is transfer, and the transfer amount is 500000, which corresponds to the first security level.
  • the first security level corresponds to the first verification rule.
  • the first verification rule includes three verification units: dynamic password verification.
  • User ID verification and biometric verification the verification elements determined by the unit to be verified are: mobile phone dynamic password, user ID number, fingerprint verification;
  • b the name of the user financial service is transfer, the transfer amount is 50000, then the corresponding
  • the second security level corresponds to the second verification rule, and the second verification rule includes two verification units: dynamic password verification and user certificate verification; and the verification element determined by the unit to be verified is: a mailbox dynamic password, User driving number;
  • c the name of the user financial service is payment, the transfer amount is 500, corresponding to the third security level, the third security level corresponds to the third verification rule, and the third verification rule includes a verification unit: dynamic password Verification, the verification element corresponding to the unit to be verified is: mobile phone dynamic secret ; Name d, users of financial services for the
  • Step S40 comparing the verification information with a preset verification library to perform operation authority verification of the operation instruction.
  • the terminal compares the verification information with the preset verification library (the default verification library: set when the financial account is established, and the verification library stores the identity information provided when the user establishes the account) to perform the operation authority verification of the operation instruction. That is, the terminal compares the verification information input by the user with the identity information stored in the preset verification library, and when the verification information input by the user matches the information in the preset information base, the operation authority corresponding to the operation instruction is granted.
  • the preset verification library the default verification library: set when the financial account is established, and the verification library stores the identity information provided when the user establishes the account
  • step S40 includes:
  • Step b1 Obtain verification information input by the user, and compare the verification information with standard information in the preset verification library;
  • Step b2 if the verification information matches the standard information in the preset verification library, the operation authority corresponding to the operation instruction is verified;
  • step b3 if the verification information does not match the standard information in the preset verification library, the operation authority verification corresponding to the operation instruction fails, and the to-be-verified element in the to-be-verified unit is adjusted to perform secondary verification.
  • the terminal obtains the verification information input by the user, and compares the verification information with the standard information in the preset verification library; if the verification information matches the standard information in the preset verification library, that is, the verification information is the same as the standard information, the operation instruction If the verification information does not match the standard information in the preset verification library, that is, the verification information is different from the standard information, the operation authority verification corresponding to the operation instruction fails, and the unit to be verified is adjusted.
  • a specific processing step is determined according to the verification situation.
  • the terminal may automatically perform adjustment of the to-be-verified element in the to-be-verified unit, that is, after determining the first security level, the first security is performed.
  • the verification unit in the level includes dynamic password verification, user ID verification and biometric verification.
  • the first verified element to be verified is the mobile phone dynamic password, user ID number, fingerprint verification, verification fails, and the secondary verification terminal will be verified. Adjusted to: mailbox dynamic password verification, date verification of driving documents, user voiceprint verification, when the secondary verification still fails, adjust the elements to be verified again until the verification exceeds the threshold, and the financial function of the corresponding account is frozen.
  • Step S50 when it is detected that the operation authority verification is passed, the operation instruction is executed.
  • the terminal After the terminal obtains the user identity verification according to the verification message input by the terminal, the terminal performs a corresponding operation according to the operation instruction of the user.
  • the user triggers an operation instruction on the terminal
  • the terminal receives an operation instruction of the financial service, acquires service information included in the operation instruction, and determines a security level of the operation instruction according to the service information, to obtain the security level corresponding to the operation level.
  • a verification rule obtaining a to-be-verified unit included in the verification rule, and displaying the to-be-verified element in the to-be-verified unit for the user to input verification information corresponding to the element to be verified; and verifying information input by the user
  • the verification library is compared for comparison. If the verification information input by the user matches the preset verification library, the operation authority verification verification corresponding to the operation instruction passes; when the operation authority verification is detected, the operation instruction is executed.
  • the present application improves the security of financial business operations by performing an operation authority verification method for financial operations based on terminals for financial operations.
  • the present embodiment of the verification method for the financial service of the present application is proposed.
  • This embodiment is specific to the refinement of step S20 in the first embodiment, and is specifically implemented in this embodiment. Describes how to determine the implementation level of the operational instruction security based on the business information;
  • the verification method of the financial service includes:
  • Method 1 Referring to FIG. 3, the service information is compared with a preset level table to determine the security level.
  • step S21 the service information is compared with a preset level table to determine whether there is a security level matching the service information in the preset level table.
  • the service information and the preset level table includes setting according to the operation service information involved in the operation instruction, and determining the security corresponding to the user operation according to the service information. Level) to perform a comparison to determine whether there is a security level matching the service information in the preset level table. For example, if the operation instruction triggered by the user is transferring 50000 yuan, the preset level table is searched, and the service type is determined as a transfer, and the payment is received. If the party is a stranger and the transfer amount is 50000, it is determined that the security level corresponding to the user triggering operation instruction is one level.
  • Step S22 If there is a security level matching the service information in the preset level table, and the security level is used as the security level of the operation instruction.
  • the terminal has a security level matching the service information in the preset level table, and the security level is used as the security level of the operation instruction, and the terminal determines the security level corresponding to the operation instruction of the user according to the preset level table, to further , the verification rules are determined according to the security level.
  • Step S23 If there is no security level matching the service information in the preset level table, the operation instruction is used as the verification-free instruction.
  • the terminal uses the operation instruction as a verification-free instruction; for example If the user performs a small payment of 50 yuan on the terminal, the verification instruction is a verification-free instruction, and the user does not need to perform operation authority verification.
  • the service information in the operation instruction is compared with the preset level table, the level table is set in advance, and the service information included in the user operation instruction is accurately identified, and the security level corresponding to the operation instruction is implemented for the user. Accurate verification of operational instructions.
  • Method 2 Referring to FIG. 4, the security level is determined based on the historical operation record of the service information.
  • Step S24 Obtain a historical operation record related to the service information, and obtain operation information in the historical operation record.
  • the terminal obtains the historical operation record related to the service information, that is, the terminal acquires the operation information in the historical operation record, the time when the user triggers the operation instruction, the frequency at which the user triggers the operation instruction, and the user triggers the payment party corresponding to the operation instruction, for example,
  • the user performs the operation on the terminal at 3:00, 100 times, and transfers the unfamiliar account to 500 yuan, and the terminal acquires the financial account operation time of the preset time period.
  • step S25 the operation information is compared with a preset instruction security level, and the security level of the operation instruction is determined to obtain a verification rule corresponding to the security level.
  • the terminal compares the operation information with a preset instruction security level, and determines a security level of the operation instruction, wherein the preset level table is a level table set in advance according to operation information such as operation time and operation frequency, for example, In the rating table: the operation time is 3:00 am, the operation level corresponding to the operation frequency is greater than 30, and the security level is 3, and the terminal will operate the operation time, operation frequency, or other information corresponding to the operation command triggered by the user.
  • the level table is compared to determine the security level of the operation instruction.
  • the security level of the operation instruction is higher than the preset value, the preset value may be set according to a specific situation. For example, if the level is set to level 2, the terminal identifies the operation instruction triggered by the user as The sensitive operation, the terminal determines the security level of the operation instruction to obtain the verification rule corresponding to the security level.
  • first mode and the second mode in the embodiment may be combined, that is, in the embodiment, the user operation instruction security level verification is performed only for the user single time according to the solution described in the first mode. If the security level of the user operation command is determined to be inaccurate, the method of the second embodiment is used to determine the security level. The terminal is determined again according to the historical operation of the financial account.
  • the security level corresponding to the user operation instruction is determined, and the verification rule is determined according to security or the like, so that the financial operation is more accurate.
  • the present embodiment of the verification method for the financial service of the present application is proposed. This embodiment is directed to the refinement of step S30 in the first embodiment. Specific implementation manners for determining an element to be displayed are specifically described in the embodiment;
  • Step S30 of the verification method of the financial service includes:
  • Step S31 Query a preset verification database according to a security level of the operation instruction, and obtain a verification rule that matches a security level in the preset verification database;
  • the terminal queries the preset verification database according to the security level of the operation instruction, and obtains the verification rule that matches the security level in the preset verification database, that is, the security level of the terminal operation instruction and the preset verification database are traversed, and the terminal acquires the preset verification database.
  • the verification rule that matches the security level wherein the verification rule is preset according to the security level, and different verification rules include different verification elements, and the verification rule is associated with the verification unit.
  • the first verification rule is The most stringent verification of the user
  • the first verification rule includes the unit to be verified for user dynamic password verification, user certificate verification and biometric verification
  • the second verification rule is stricter verification for the user
  • the second verification rule includes user dynamic password verification.
  • the unit to be verified by the user ID verification the third verification rule is the most basic verification to the user, and the third verification rule includes the user dynamic password verification as the unit to be verified.
  • Step S32 Acquire a unit to be verified included in the verification rule, and obtain a history verification record of each element to be verified in the unit to be verified.
  • the terminal obtains the to-be-verified unit included in the verification rule according to the verification rule and the corresponding association relationship, and the terminal obtains the historical verification record of the unit to be verified in the financial account.
  • the unit to be verified in the financial account is the user biometric verification, and the biometric verification is performed.
  • the included unit to be verified is user voiceprint verification, fingerprint verification and facial expression collection verification;
  • the historical verification record in the preset time period is 10 times of user voiceprint verification, 50 fingerprint verification, facial expression collection and identification verification 15 times, user
  • the voiceprint verification pass rate is 95%, the fingerprint verification pass rate is 99%, and the facial expression collection and recognition verification pass rate is 85%.
  • Step S33 Determine, according to the historical verification record of each element to be verified in the unit to be verified, the element to be verified in the unit to be verified.
  • the terminal determines the to-be-verified element in the to-be-verified unit according to the historical verification record of each element to be verified in the unit to be verified, that is, the terminal obtains the verification that the verification element has fewer verification times and the verification pass rate is low according to the historical verification record.
  • the element is the element to be verified corresponding to the operation instruction.
  • Step S34 Display the to-be-verified element for the user to input verification information corresponding to the element to be verified.
  • the terminal determines the verification of the element to be verified for the user to input the verification information corresponding to the element to be verified. It is necessary to add that the method for determining the element to be verified in this embodiment is based on the historical verification situation, and may also adopt other The method of determining the feature to be verified, such as random extraction, or setting the corresponding weight to determine the feature to be verified.
  • the terminal may perform determining the element to be verified, and the user obtains the verification of the user by chance, and performs financial business operations on the user's financial account, so that the security of the terminal financial account is higher.
  • FIG. 6 based on the first embodiment of the present application, a second embodiment of the verification method of the financial service of the present application is proposed.
  • the second embodiment of the present application is directed to the processing scheme proposed by the verification failure, that is, in step S40 of the first embodiment: comparing the verification information with the preset verification library to perform the operation authority of the operation instruction. After the verification, if the verification fails, in the execution step: the operation authority corresponding to the operation instruction fails to pass, and the element to be verified in the unit to be verified is adjusted to perform the second verification, and the following steps are also performed:
  • Step S60 The verification operation frequency of the operation authority verification is not verified, and the verification frequency is compared with a preset threshold.
  • the terminal statistics operation authority verifies the verification frequency that fails, and compares the verification frequency with a preset threshold (preset threshold: according to a specific situation, for example, setting the preset threshold to 10 times) to determine whether it is needed. Freeze the corresponding operation instructions or freeze the financial account.
  • a preset threshold according to a specific situation, for example, setting the preset threshold to 10 times
  • Step S70 If the verification frequency exceeds a preset threshold, the operation service corresponding to the operation instruction is partially frozen.
  • the operation service corresponding to the operation instruction is partially frozen, that is, the terminal may freeze part of the operation instructions related to the financial operation in the financial account, and then open again when receiving the application of the user.
  • the terminal when the terminal fails to pass multiple financial operations, the terminal freezes part of the financial service in the financial account of the terminal, thereby avoiding the problem of inconvenient user operation caused by the complete freezing of the financial account, and ensuring the user financial operation. Security.
  • the embodiment of the present application further provides a verification apparatus for a financial service, where the verification apparatus of the financial service includes:
  • the receiving and acquiring module 10 is configured to receive an operation instruction of the financial service, and obtain the service information included in the operation instruction;
  • a level determining module 20 configured to determine a security level of the operation instruction according to the service information, to obtain a verification rule corresponding to the security level
  • the obtaining display module 30 is configured to obtain the to-be-verified unit included in the verification rule, and display the to-be-verified element in the to-be-verified unit, so that the user inputs the verification information corresponding to the element to be verified;
  • the authority verification module 40 is configured to compare the verification information with a preset verification library to perform operation authority verification of the operation instruction;
  • the instruction execution module 50 is configured to execute the operation instruction when detecting that the operation authority verification is passed.
  • the steps of implementing the function modules of the financial service verification device may refer to various embodiments of the verification method of the financial service of the present application, and details are not described herein again.
  • the embodiment of the present application further provides a computer storage medium.
  • the computer storage medium stores the verification readable instructions of the financial service, and the verification readable instructions of the financial service are executed by the processor to implement the operations in the verification method of the financial service provided by the foregoing embodiments.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Disclosed in the present application is a financial service verification method, comprising the following steps: receiving an operation instruction of a financial service, and obtaining service information included in the operation instruction; determining the security level of the operation instruction according to the service information to obtain a verification rule corresponding to the security level; obtaining a unit to be verified included in the verification rule, and displaying an element to be verified in said unit, so that a user inputs verification information corresponding to said element; comparing the verification information with a preset verification library to perform operation permission verification of the operation instruction; and when it is detected that the operation permission verification is passed, executing the operation instruction. Also disclosed in the present application are a financial service verification apparatus and device, and a computer storage medium. According to the present application, by means of the solution of setting corresponding operation permission verification for the operation instruction of a financial service, the financial operation verification efficiency and the security of service operation are both of equal importance.

Description

金融业务的验证方法、装置、设备和计算机存储介质 Financial business verification method, device, device and computer storage medium

本申请要求于2018年01月29日提交中国专利局、申请号为201810081998.0发明名称为“金融业务的验证方法、装置、设备和计算机存储介质”的中国专利申请的优先权,其全部内容通过引用结合在申请中。This application claims priority to Chinese Patent Application No. 201810081998.0, entitled "Verification Method, Apparatus, Device and Computer Storage Media for Financial Services", filed on January 29, 2018, the entire contents of which are hereby incorporated by reference. Combined in the application.

技术领域Technical field

本申请涉及身份验证领域,尤其涉及金融业务的验证方法、装置、设备和计算机存储介质。The present application relates to the field of identity verification, and in particular, to a method, an apparatus, a device, and a computer storage medium for verifying financial services.

背景技术Background technique

随着信息技术的发展,通过网络执行的业务越来越多,而为了提高执行业务时的安全性,通常可对用户进行身份验证。With the development of information technology, more and more services are executed through the network, and in order to improve the security when performing business, the user can usually be authenticated.

尤其在涉及互联网金融业务时,为了使用户可以在计算机协助下自助完成各种操作,如借助网络技术远程办理各种业务,比如远程遥控、远程登录等。针对用户的操作需要对用户进行身份验证,以保证的用户互联网金融业务按安全性,例如,在用户办理互联网金融业务时,可以远程验证(可以远程验证,如用户可以通过双向视频进行身份验证),或者用户通过手机(如通过手机验证码、密码验证方法)这些验证方法,只要其他人拥有该账号及密码都可以通过验证,安全性较低,无法保证验证身份的对象真实性。Especially when it comes to Internet finance business, in order to enable users to complete various operations on their own with the help of computers, such as remotely handling various services such as remote control and remote login through network technology. For the user's operation, the user needs to be authenticated to ensure the security of the user's internet financial service. For example, when the user handles the internet financial service, the remote authentication can be performed (can be remotely verified, for example, the user can authenticate through two-way video) , or the user through the mobile phone (such as through the mobile phone verification code, password verification method) these verification methods, as long as other people have the account and password can be verified, the security is low, can not guarantee the authenticity of the identity of the object.

发明内容Summary of the invention

本申请的主要目的在于提供一种金融业务的验证方法、装置、设备和计算机存储介质,旨在高效的对用户身份验证,以确定用户是否有金融业务操作权限,保证用户操作的安全性。The main purpose of the present application is to provide a method, device, device and computer storage medium for verifying financial services, which are intended to efficiently authenticate users, determine whether a user has financial service operation rights, and ensure the security of user operations.

为实现上述目的,本申请提供一种金融业务的验证方法,所述金融业务的验证方法包括以下步骤:To achieve the above objective, the present application provides a method for verifying a financial service, and the method for verifying the financial service includes the following steps:

接收金融业务的操作指令,获取所述操作指令中包含的业务信息;Receiving an operation instruction of the financial service, and acquiring service information included in the operation instruction;

根据所述业务信息确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则;Determining, according to the service information, a security level of the operation instruction, to obtain a verification rule corresponding to the security level;

获取所述验证规则中包含的待验证单元,并将所述待验证单元中的待验证要素进行显示,以供用户输入待验证要素对应的验证信息;Acquiring the to-be-verified unit included in the verification rule, and displaying the to-be-verified element in the to-be-verified unit, so that the user inputs the verification information corresponding to the element to be verified;

将所述验证信息与预设验证库进行比较,以进行所述操作指令的操作权限验证;Comparing the verification information with a preset verification library to perform operation authority verification of the operation instruction;

当检测到操作权限验证通过时,执行所述操作指令。The operation instruction is executed when it is detected that the operation authority verification is passed.

此外,为实现上述目的,本申请还提供一种金融业务的验证装置;In addition, in order to achieve the above object, the present application further provides a verification apparatus for a financial service;

所述金融业务的验证装置包括:The verification device of the financial service includes:

接收获取模块,用于接收金融业务的操作指令,获取所述操作指令中包含的业务信息;Receiving an acquisition module, configured to receive an operation instruction of the financial service, and obtain the service information included in the operation instruction;

等级确定模块,用于根据所述业务信息确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则;a level determining module, configured to determine a security level of the operation instruction according to the service information, to obtain a verification rule corresponding to the security level;

获取显示模块,用于获取所述验证规则中包含的待验证单元,并将所述待验证单元中的待验证要素进行显示,以供用户输入待验证要素对应的验证信息;Obtaining a display module, configured to obtain a to-be-verified unit included in the verification rule, and display the to-be-verified element in the to-be-verified unit, so that the user inputs verification information corresponding to the element to be verified;

权限验证模块,用于将所述验证信息与预设验证库进行比较,以进行所述操作指令的操作权限验证;a rights verification module, configured to compare the verification information with a preset verification library to perform operation authority verification of the operation instruction;

指令执行模块,用于当检测到操作权限验证通过时,执行所述操作指令。The instruction execution module is configured to execute the operation instruction when detecting that the operation authority verification is passed.

此外,为实现上述目的,本申请还提供一种金融业务的验证设备;In addition, to achieve the above object, the present application further provides a verification device for a financial service;

所述金融业务的验证设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的金融业务的验证可读指令,其中:The verification device of the financial service includes: a memory, a processor, and a verification readable instruction of a financial service stored on the memory and executable on the processor, wherein:

所述金融业务的验证可读指令被所述处理器执行时实现如上述的金融业务的验证方法的步骤。The step of verifying the readable instructions of the financial service when executed by the processor implements the verification method of the financial service as described above.

此外,为实现上述目的,本申请还提供一种计算机存储介质;In addition, to achieve the above object, the present application further provides a computer storage medium;

所述计算机存储介质上存储有金融业务的验证可读指令,所述金融业务的验证可读指令被处理器执行时实现如上述的金融业务的验证方法的步骤。The computer storage medium stores the verification readable instructions of the financial service, and the verification readable instructions of the financial service are executed by the processor to implement the steps of the verification method of the financial service as described above.

本申请实施例提出的一种金融业务的验证方法、装置、设备和计算机存储介质。用户在终端上触发操作指令,终端接收金融业务的操作指令,获取操作指令中包含的业务信息;根据业务信息确定所述操作指令的安全等级,以获取安全等级对应的验证规则;确定验证规则中包含的待验证单元,并将待验证单元中的待验证要素进行显示,以供用户输入待验证要素对应的验证信息;将用户输入的验证信息与预设验证库进行比较,若用户输入的验证信息与预设验证库匹配,则操作指令对应的操作权限验证验证通过;当检测到操作权限验证通过时,执行所述操作指令。本申请在基于终端进行金融操作通过对金融业务的操作设置的操作权限验证方式,提高金融业务操作的安全性,无需用户进行过多信息的输入就可以用户的身份信息进行准确地验证,使得金融操作验证效率与业务操作的安全性并重。A method, device, device and computer storage medium for verifying a financial service according to embodiments of the present application. The user triggers an operation instruction on the terminal, the terminal receives an operation instruction of the financial service, acquires service information included in the operation instruction, determines a security level of the operation instruction according to the service information, and obtains a verification rule corresponding to the security level; and determines the verification rule. The unit to be verified is included, and the element to be verified in the unit to be verified is displayed for the user to input the verification information corresponding to the element to be verified; the verification information input by the user is compared with the preset verification library, and if the user inputs the verification The information matches the preset verification library, and the operation authority verification corresponding to the operation instruction passes the verification; when the operation authority verification is detected, the operation instruction is executed. The present invention improves the security of financial operation operations by performing an operation authority verification method for financial operations based on the terminal, and can accurately verify the identity information of the user without the user inputting too much information, so that the financial operation is performed. Operational verification efficiency is as important as the security of business operations.

附图说明DRAWINGS

图1是本申请实施例方案涉及的硬件运行环境的装置结构示意图;1 is a schematic structural diagram of an apparatus of a hardware operating environment involved in an embodiment of the present application;

图2为本申请金融业务的验证方法第一实施例的流程示意图;2 is a schematic flowchart of a first embodiment of a method for verifying a financial service according to the present application;

图3为图2中金融业务的验证方法的步骤S20的一细化流程示意图;3 is a schematic flowchart of a step S20 of the verification method of the financial service in FIG. 2;

图4为图2中金融业务的验证方法的步骤S20的另一细化流程示意图;4 is a schematic diagram of another refinement of step S20 of the verification method of the financial service in FIG. 2;

图5为图2中金融业务的验证方法的步骤S30的细化流程示意图;FIG. 5 is a schematic diagram of a refinement process of step S30 of the verification method of the financial service in FIG. 2;

图6为本申请金融业务的验证方法第二实施例的流程示意图;6 is a schematic flowchart of a second embodiment of a method for verifying a financial service according to the present application;

图7为本申请金融业务的验证装置一实施例的功能模块示意图。FIG. 7 is a schematic diagram of functional modules of an embodiment of a verification apparatus for a financial service according to the present application.

本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The implementation, functional features and advantages of the present application will be further described with reference to the accompanying drawings.

具体实施方式Detailed ways

应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。It is understood that the specific embodiments described herein are merely illustrative of the application and are not intended to be limiting.

如图1所示,图1是本申请实施例方案涉及的硬件运行环境的终端结构示意图。本申请实施例终端可以固定终端,也可以是移动终端,如“物联网设备”、带联网功能的智能空调、智能电灯、智能电源、智能音箱、自动驾驶汽车、PC,智能手机、平板电脑、电子书阅读器、便携计算机等具有显示功能的终端设备,需要补充说明的是,本实施例中的终端也可以叫做金融业务的验证设备。As shown in FIG. 1 , FIG. 1 is a schematic structural diagram of a terminal in a hardware operating environment involved in an embodiment of the present application. In the embodiment of the present application, the terminal may be a fixed terminal, or may be a mobile terminal, such as an “Internet of Things device”, a smart air conditioner with networking function, a smart electric light, a smart power source, a smart speaker, an autonomous driving car, a PC, a smart phone, a tablet computer, A terminal device having a display function, such as an e-book reader or a portable computer, needs to be additionally explained. The terminal in this embodiment may also be called a verification device for a financial service.

如图1所示,该终端可以包括:处理器1001,例如CPU,网络接口1004,用户接口1003,存储器1005,通信总线1002。其中,通信总线1002用于实现这些组件之间的连接通信。用户接口1003可以包括显示屏(Display)、输入单元比如键盘(Keyboard),可选用户接口1003还可以包括标准的有线接口、无线接口。网络接口1004可选的可以包括标准的有线接口、无线接口(如WI-FI接口)。存储器1005可以是高速RAM存储器,也可以是稳定的存储器(non-volatile memory),例如磁盘存储器。存储器1005可选的还可以是独立于前述处理器1001的存储装置。As shown in FIG. 1, the terminal may include a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, and a communication bus 1002. Among them, the communication bus 1002 is used to implement connection communication between these components. The user interface 1003 can include a display, an input unit such as a keyboard, and the optional user interface 1003 can also include a standard wired interface, a wireless interface. The network interface 1004 can optionally include a standard wired interface, a wireless interface (such as a WI-FI interface). The memory 1005 may be a high speed RAM memory or a stable memory (non-volatile) Memory), such as disk storage. The memory 1005 can also optionally be a storage device independent of the aforementioned processor 1001.

可选地,终端还可以包括摄像头、RF(Radio Frequency,射频)电路,传感器、音频电路、WiFi模块;输入单元,比显示屏,触摸屏;网络接口可选除无线接口中除WiFi外,蓝牙、探针等等。其中,传感器比如光传感器、运动传感器以及其他传感器。具体地,光传感器可包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示屏的亮度,接近传感器可在移动终端移动到耳边时,关闭显示屏和/或背光。作为运动传感器的一种,重力加速度传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别移动终端姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等;当然,移动终端还可配置陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。Optionally, the terminal may further include a camera, RF (Radio) Frequency, RF) circuit, sensor, audio circuit, WiFi module; input unit, display screen, touch screen; network interface optional in addition to WiFi in the wireless interface, Bluetooth, probes, etc. Among them, sensors such as light sensors, motion sensors, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display according to the brightness of the ambient light, and the proximity sensor may turn off the display and/or when the mobile terminal moves to the ear. Backlighting. As a kind of motion sensor, the gravity acceleration sensor can detect the magnitude of acceleration in each direction (usually three axes), and can detect the magnitude and direction of gravity when stationary, and can be used to identify the posture of the mobile terminal (such as horizontal and vertical screen switching, Related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; of course, the mobile terminal can also be equipped with other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor, etc. No longer.

本领域技术人员可以理解,图1中示出的终端结构并不构成对终端的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。It will be understood by those skilled in the art that the terminal structure shown in FIG. 1 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements.

如图1所示,该计算机软件产品存储在一个存储介质(存储介质:又叫计算机存储介质、计算机介质、可读介质、可读存储介质、计算机可读存储介质或者直接叫介质等,可以为非易失性可读存储介质,如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法,作为一种计算机存储介质的存储器1005中可以包括操作系统、网络通信模块、用户接口模块以及金融业务的验证应用可读指令。As shown in FIG. 1, the computer software product is stored in a storage medium (storage medium: also called computer storage medium, computer medium, readable medium, readable storage medium, computer readable storage medium or directly called medium, etc., A non-volatile readable storage medium, such as a ROM/RAM, a magnetic disk, or an optical disk, includes instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the present Applying the method described in various embodiments, the memory 1005 as a computer storage medium may include an operating system, a network communication module, a user interface module, and a verification application readable instruction of a financial service.

在图1所示的终端中,网络接口1004主要用于连接后台服务器,与后台服务器进行数据通信;用户接口1003主要用于连接客户端(用户端),与客户端进行数据通信;而处理器1001可以用于调用存储器1005中存储的金融业务的验证应用可读指令,并执行本申请以下实施例提供的金融业务的验证方法中的步骤。In the terminal shown in FIG. 1, the network interface 1004 is mainly used to connect to the background server and perform data communication with the background server; the user interface 1003 is mainly used to connect the client (user end), and perform data communication with the client; and the processor The 1001 may be used to invoke a verification application readable instruction of the financial service stored in the memory 1005, and perform the steps in the verification method of the financial service provided by the following embodiments of the present application.

本实施例提供一种金融业务的验证方法,在本实施例的步骤执行之前,需要用户在终端对应的金融应用软件或者金融网页界面上进行用户的登录注册,具体地:The present embodiment provides a method for verifying a financial service. Before the step of the embodiment is performed, the user needs to perform login registration of the user on the financial application software or the financial webpage interface corresponding to the terminal, specifically:

步骤a1,接收用户输入的金融账户的申请请求,获取所述申请请求中包含的身份信息;Step a1: receiving an application request of a financial account input by a user, and acquiring identity information included in the application request;

步骤a2,基于所述身份信息建立金融账户,并在所述金融账户上设置验证库,以将操作权限验证的标准信息保存至所述验证库中。Step a2: Establish a financial account based on the identity information, and set a verification library on the financial account to save standard information of the operation authority verification to the verification library.

用户在终端上触发金融账户的申请请求,终端接收用户输入的金融账户的申请请求,获取所述申请请求中包含的身份信息,即,用户申请金融账户需要输入用户基本身份信息,例如:用户姓名、用户联系方式(用户联系方式:包括用户手机号码、用户邮件账号等)、用户证件信息(用户证件信息包括:用户证件复印件、用户证件号码等)、用户地址信息(用户地址信息包括:用户家庭住址信息、用户公司地址信息)和用户生物特征信息(用户生物特征信息包括:用户指纹数据、用户头像信息、用户声音信息)及其他用户相关信息,终端基于用户输入的申请信息建立金融账户,并将用户输入的申请信息作为后期用户身份验证的标准信息。The user triggers the application request of the financial account on the terminal, and the terminal receives the application request of the financial account input by the user, and obtains the identity information included in the application request, that is, the user needs to input the basic identity information of the user, for example, the user name. User contact information (user contact information: including user mobile phone number, user mail account, etc.), user ID information (user ID information includes: copy of user ID, user ID number, etc.), user address information (user address information includes: user The home address information, the user company address information) and the user biometric information (the user biometric information include: user fingerprint data, user avatar information, user voice information) and other user related information, and the terminal establishes a financial account based on the application information input by the user, The application information input by the user is used as the standard information for the late user authentication.

终端在建立金融账户之后,在该金融账户上设置验证库,验证库用于保存用户建立金融账户时输入的基本身份信息,其中,基本身份信息用户作为操作权限验证相关的标准信息。After the terminal establishes the financial account, the terminal sets a verification library on the financial account, and the verification library is used to save the basic identity information input by the user when establishing the financial account, wherein the basic identity information user is used as the operation authority to verify the relevant standard information.

进一步地,在用户金融账户建立完成时,用户可以登录金融账户进行金融相关的业务操作,即,用户基于终端触发金融账户登录指令,对用户登录信息进行登录验证,在用户登录验证通过后,在用户登录的金融账户上显示对应的金融业务,需要补充说明的是:在本申请金融业务的验证方法的实施例之前,需要用户建立相关的金融账户,用户在在登录金融账户时,进行登录验证,登录验证的方式不作为本申请的重点,本申请主要围绕用户登录金融账户后,在金融账户上触发金融业务操作,从而对用户进行身份验证,最终实现用户金融业务操作的操作权限授权。Further, when the user financial account is established, the user can log in to the financial account to perform financial related business operations, that is, the user triggers the financial account login instruction based on the terminal, and performs login verification on the user login information. After the user login verification is passed, The financial account that the user logs in displays the corresponding financial service. It is necessary to add that the user needs to establish a related financial account before the embodiment of the verification method of the financial service of the present application, and the user performs login verification when logging in to the financial account. The method of login verification is not the focus of this application. This application mainly focuses on triggering the financial service operation on the financial account after the user logs in to the financial account, thereby authenticating the user and finally realizing the operation authority authorization of the user financial service operation.

在实施中涉及到不同的验证方式进行组合,例如,1、人证比对,即以云平台接口调用的形式,根据用户的身份证信息,实时比对用户自拍照和用户公安部底图,核验用户身份;2、人脸比对服务,即,以云平台接口调用和算法私部署的形式,通过比对用户两次上传的自拍照,来核验用户身份;3、OCR技术(OCR技术是光学字符识别的缩写(Optical Character Recognition),是通过扫描等光学输入方式将各种票据、报刊、书籍、文稿及其它印刷品的文字转化为图像信息,再利用文字识别技术将图像信息转化为可以使用的计算机输入技术),提供身份证证件识别和银行卡卡片识别功能,以云平台接口调用形式提供服务,将用户上传的身份证照片和银行卡照片转化为可编辑的文字,进行用户身份信息的确认。4、声纹识别,即,通过采集的说话人的声纹信息进入数据库,当说话人再次说话时,系统对比数据库中的声纹资料,识别(辨认/确认)说话人的身份;5、指纹识别,即将用户预先采集的指纹信息与执行操作的指纹信息进行比对、6、手机动态验证码识别等等。In the implementation, different verification methods are combined, for example, 1. The human witness comparison, that is, in the form of the cloud platform interface call, according to the user's ID information, the user self-photograph and the user's public security base map are compared in real time. Verify the identity of the user; 2. Face matching service, that is, in the form of cloud platform interface call and algorithm private deployment, verify the user identity by comparing the self-photographed by the user twice; 3. OCR technology (OCR technology is Abbreviation for optical character recognition (Optical Character Recognition) is to convert texts of various bills, newspapers, books, manuscripts and other printed materials into image information through scanning and other optical input methods, and then use image recognition technology to convert image information into usable computer input technology) The certificate identification and bank card identification function provides services in the form of cloud platform interface call, converts the ID card photos and bank card photos uploaded by the user into editable texts, and confirms the user identity information. 4, voiceprint recognition, that is, through the collected voiceprint information of the speaker into the database, when the speaker speaks again, the system compares the voiceprint data in the database to identify (identify/confirm) the identity of the speaker; Identification, that is, the fingerprint information pre-acquired by the user is compared with the fingerprint information for performing the operation, 6, the mobile phone dynamic verification code is recognized, and the like.

参照图2,本申请金融业务的验证方法的第一实施例中,所述金融业务的验证方法包括: Referring to FIG. 2, in the first embodiment of the verification method for the financial service of the present application, the verification method of the financial service includes:

步骤S10,接收金融业务的操作指令,获取所述操作指令中包含的业务信息。Step S10: Receive an operation instruction of the financial service, and acquire the service information included in the operation instruction.

用户登录金融账户并在登录的金融账户上触发金融业务的操作指令,终端接收金融业务的操作指令,终端获取操作指令中包含的业务信息,操作指令包含的业务信息包括:用户触发的操作指令针对的业务类型、业务名称、操作时间、业务操作金额等等,即,业务类型包括:申请转账、基金购买、股票购买、期货购买、保险购买等涉及到资金流转的业务,例如,用户在登录的金融账户上触发基金产品购买的操作指令,则该操作指令中包含:产品名称、交易时间、交易金额。The user logs in the financial account and triggers an operation instruction of the financial service on the login financial account, the terminal receives the operation instruction of the financial service, and the terminal acquires the service information included in the operation instruction, and the service information included in the operation instruction includes: the operation instruction triggered by the user is Business type, business name, operation time, business operation amount, etc., that is, business types include: application transfer, fund purchase, stock purchase, futures purchase, insurance purchase, etc., which involve the transfer of funds, for example, the user is logged in. The operation instruction for triggering the purchase of the fund product on the financial account includes the product name, the transaction time, and the transaction amount.

步骤S20,根据所述业务信息确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则。Step S20: Determine a security level of the operation instruction according to the service information, to obtain a verification rule corresponding to the security level.

终端根据用户操作指令中携带的业务信息确定用户操作指令的安全等级,例如,终端可以根据业务信息中的业务名称和相关的操作金额与预设等级表(预设等级表根据具体的操作场景设置,终端根据预设等级表中的信息确定用户操作指令对应的安全等级)进行比对,若预设等级表中存在与业务信息中的业务名称和操作金额匹配的安全等级,则将与业务信息中的业务名称和操作金额匹配的安全等级作为操作指令的安全等级,终端获取安全等级对应的验证规则,以根据所述验证规则进行验证。The terminal determines the security level of the user operation instruction according to the service information carried in the user operation instruction. For example, the terminal may set the service name and the related operation amount and the preset level table according to the service information (the preset level table is set according to the specific operation scenario). The terminal determines the security level corresponding to the user operation instruction according to the information in the preset level table. If the security level corresponding to the service name and the operation amount in the service information exists in the preset level table, the terminal and the service information The security level matched by the service name and the operation amount is used as the security level of the operation instruction, and the terminal acquires the verification rule corresponding to the security level to perform verification according to the verification rule.

步骤S30,获取所述验证规则中包含的待验证单元,并将所述待验证单元中的待验证要素进行显示,以供用户输入待验证要素对应的验证信息。In step S30, the to-be-verified unit included in the verification rule is obtained, and the to-be-verified element in the to-be-verified unit is displayed, so that the user inputs the verification information corresponding to the element to be verified.

获取所述验证规则中包含的待验证单元,待验证单元是指一类型的验证信息,在本实施例中将待验证单元分为:动态密码验证、用户证件验证和生物特征验证,在确定待验证单元之后,确定待验证单元中的待验证要素,并将所述待验证单元中的待验证要素进行显示,即,一类验证规则中包含相同类型的验证单元,一个待验证单元中包含不同的待验证要素(如,第一安全等级对应第一验证规则,第一验证规则中包含三个验证单元分别是:动态密码验证(动态密码验证包括的验证要素为:手机动态验证码,邮箱动态验证码等)、用户证件验证(用户证件验证包括:身份证、驾驶证、护照或者社保信息等)和生物特征验证(生物特征验证包括:指纹验证、面部验证、声音验证)),终端根据随机或者根据设定的规则确定待验证单元中的待验证要素,以供用户输入待验证要素对应的验证信息。The unit to be verified is included in the verification rule, and the unit to be verified refers to a type of verification information. In this embodiment, the unit to be verified is divided into: dynamic password verification, user certificate verification, and biometric verification. After the verification unit, the elements to be verified in the unit to be verified are determined, and the elements to be verified in the unit to be verified are displayed, that is, one type of verification rule includes the same type of verification unit, and one unit to be verified contains different The elements to be verified (for example, the first security level corresponds to the first verification rule, and the first verification rule includes three verification units: dynamic password verification (the verification element included in the dynamic password verification is: mobile dynamic verification code, mailbox dynamic) Verification code, etc.), user ID verification (user ID verification includes: ID card, driver's license, passport or social security information, etc.) and biometric verification (biometric verification including: fingerprint verification, face verification, voice verification), the terminal is based on random Or determining the elements to be verified in the unit to be verified according to the set rules for User inputs the authentication information corresponding to the element to be verified.

例如:a、用户金融业务的名称为转账、转账金额为500000,则对应第一安全等级,第一安全等级对应第一验证规则,第一验证规则中包含三个验证单元分别是:动态密码验证、用户证件验证和生物特征验证,对应待验证单元确定的带验证要素为:手机动态密码、用户身份证号码、指纹验证;b、用户金融业务的名称为转账、转账金额为50000,则对应第二安全等级,第二安全等级对应第二验证规则,第二验证规则中包含两个验证单元分别是:动态密码验证和用户证件验证;对应待验证单元确定的带验证要素为:邮箱动态密码、用户驾驶号码;c、用户金融业务的名称为支付、转账金额为500,则对应第三安全等级,第三安全等级对应第三验证规则,第三验证规则中包含一个验证单元分别是:动态密码验证,对应待验证单元确定的带验证要素为:手机动态密码;d、用户金融业务的名称为支付金额为50,则不存在对应的安全等级,则进行免密支付。For example: a. The name of the user financial service is transfer, and the transfer amount is 500000, which corresponds to the first security level. The first security level corresponds to the first verification rule. The first verification rule includes three verification units: dynamic password verification. User ID verification and biometric verification, the verification elements determined by the unit to be verified are: mobile phone dynamic password, user ID number, fingerprint verification; b, the name of the user financial service is transfer, the transfer amount is 50000, then the corresponding The second security level corresponds to the second verification rule, and the second verification rule includes two verification units: dynamic password verification and user certificate verification; and the verification element determined by the unit to be verified is: a mailbox dynamic password, User driving number; c, the name of the user financial service is payment, the transfer amount is 500, corresponding to the third security level, the third security level corresponds to the third verification rule, and the third verification rule includes a verification unit: dynamic password Verification, the verification element corresponding to the unit to be verified is: mobile phone dynamic secret ; Name d, users of financial services for the payment of the amount of 50, then there is no safe level corresponding, free secret payment is carried out.

步骤S40,将所述验证信息与预设验证库进行比较,以进行所述操作指令的操作权限验证。Step S40, comparing the verification information with a preset verification library to perform operation authority verification of the operation instruction.

终端将验证信息与预设验证库(预设验证库:为金融账户建立时设置,验证库中保存有用户建立账户时提供的身份信息)进行比较,以进行操作指令的操作权限验证。即,终端将用户输入的验证信息与预设验证库存储的身份信息进行比较,在用户输入的验证信息与预设信息库中的信息匹配时,则授予操作指令对应的操作权限。The terminal compares the verification information with the preset verification library (the default verification library: set when the financial account is established, and the verification library stores the identity information provided when the user establishes the account) to perform the operation authority verification of the operation instruction. That is, the terminal compares the verification information input by the user with the identity information stored in the preset verification library, and when the verification information input by the user matches the information in the preset information base, the operation authority corresponding to the operation instruction is granted.

具体地,步骤S40包括:Specifically, step S40 includes:

步骤b1,获取用户输入的验证信息,将所述验证信息与预设验证库中的标准信息进行比对;Step b1: Obtain verification information input by the user, and compare the verification information with standard information in the preset verification library;

步骤b2,若验证信息与预置验证库中的标准信息匹配,则操作指令对应的操作权限验证通过;Step b2, if the verification information matches the standard information in the preset verification library, the operation authority corresponding to the operation instruction is verified;

步骤b3,若验证信息与预置验证库中的标准信息不匹配,则操作指令对应的操作权限验证不通过,并调整所述待验证单元中的待验证要素,以进行二次验证。In step b3, if the verification information does not match the standard information in the preset verification library, the operation authority verification corresponding to the operation instruction fails, and the to-be-verified element in the to-be-verified unit is adjusted to perform secondary verification.

终端获取用户输入的验证信息,将验证信息与预设验证库中的标准信息进行比对;若验证信息与预置验证库中的标准信息匹配,即,验证信息与标准信息相同,则操作指令对应的操作权限验证通过;若验证信息与预置验证库中的标准信息不匹配,即,验证信息与标准信息不同,则操作指令对应的操作权限验证不通过,并调整所述待验证单元中的待验证要素,以进行二次验证。The terminal obtains the verification information input by the user, and compares the verification information with the standard information in the preset verification library; if the verification information matches the standard information in the preset verification library, that is, the verification information is the same as the standard information, the operation instruction If the verification information does not match the standard information in the preset verification library, that is, the verification information is different from the standard information, the operation authority verification corresponding to the operation instruction fails, and the unit to be verified is adjusted. The elements to be verified for secondary verification.

在本实施例中根据验证情况确定具体的处理步骤,在检测到验证不通过时,终端可自动地进行待验证单元中待验证要素的调节,即,确定为第一安全等级后,第一安全等级中的验证单元包括动态密码验证、用户证件验证和生物特征验证,首次验证的待验证要素是手机动态密码、用户身份证号码、指纹验证,验证没有通过,进行二次验证终端将待验证要素调整为:邮箱动态密码验证、驾驶证件取的日期验证、用户声纹验证,当二次验证依然未通过,再次调整待验证要素,直至验证此处超过阈值,进行对应账户部分金融业务功能冻结。In this embodiment, a specific processing step is determined according to the verification situation. When it is detected that the verification fails, the terminal may automatically perform adjustment of the to-be-verified element in the to-be-verified unit, that is, after determining the first security level, the first security is performed. The verification unit in the level includes dynamic password verification, user ID verification and biometric verification. The first verified element to be verified is the mobile phone dynamic password, user ID number, fingerprint verification, verification fails, and the secondary verification terminal will be verified. Adjusted to: mailbox dynamic password verification, date verification of driving documents, user voiceprint verification, when the secondary verification still fails, adjust the elements to be verified again until the verification exceeds the threshold, and the financial function of the corresponding account is frozen.

步骤S50,当检测到操作权限验证通过时,执行所述操作指令。Step S50, when it is detected that the operation authority verification is passed, the operation instruction is executed.

在终端根据用户输入的验证消息得到用户身份验证通过,则终端根据用户的操作指令执行对应的操作。After the terminal obtains the user identity verification according to the verification message input by the terminal, the terminal performs a corresponding operation according to the operation instruction of the user.

在本实施例中用户在终端上触发操作指令,终端接收金融业务的操作指令,获取操作指令中包含的业务信息;根据业务信息确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则;获取所述验证规则中包含的待验证单元,并将所述待验证单元中的待验证要素进行显示,以供用户输入待验证要素对应的验证信息;将用户输入的验证信息与预设验证库进行比较,若用户输入的验证信息与预设验证库匹配,则操作指令对应的操作权限验证验证通过;当检测到操作权限验证通过时,执行所述操作指令。本申请在基于终端进行金融操作通过对金融业务的操作设置的操作权限验证方式,提高金融业务操作的安全性。In this embodiment, the user triggers an operation instruction on the terminal, the terminal receives an operation instruction of the financial service, acquires service information included in the operation instruction, and determines a security level of the operation instruction according to the service information, to obtain the security level corresponding to the operation level. a verification rule; obtaining a to-be-verified unit included in the verification rule, and displaying the to-be-verified element in the to-be-verified unit for the user to input verification information corresponding to the element to be verified; and verifying information input by the user The verification library is compared for comparison. If the verification information input by the user matches the preset verification library, the operation authority verification verification corresponding to the operation instruction passes; when the operation authority verification is detected, the operation instruction is executed. The present application improves the security of financial business operations by performing an operation authority verification method for financial operations based on terminals for financial operations.

进一步的,在本申请第一实施例的基础上,提出了本申请金融业务的验证方法的本实施例,本实施例是针对第一实施例中步骤S20的细化,在本实施例中具体说明了如何根据业务信息确定操作指令安全的等级的实现方式;Further, based on the first embodiment of the present application, the present embodiment of the verification method for the financial service of the present application is proposed. This embodiment is specific to the refinement of step S20 in the first embodiment, and is specifically implemented in this embodiment. Describes how to determine the implementation level of the operational instruction security based on the business information;

所述金融业务的验证方法包括:The verification method of the financial service includes:

方式一:参照图3,将业务信息与预设等级表进行比对确定安全等级。Method 1: Referring to FIG. 3, the service information is compared with a preset level table to determine the security level.

步骤S21,将所述业务信息与预设等级表进行比对,以判断预设等级表中是否存在与业务信息匹配的安全等级。In step S21, the service information is compared with a preset level table to determine whether there is a security level matching the service information in the preset level table.

将所述业务信息与预设等级表(预设等级表:如下表1所示,预设等级表中包含根据操作指令中涉及到操作业务信息进行设置,可根据业务信息确定用户操作对应的安全等级)进行比对,以判断预设等级表中是否存在与业务信息匹配的安全等级,例如,用户触发的操作指令是转账50000元,则查找预设等级表,确定业务类型为转账,收款方为陌生人,转账金额为50000,则确定用户触发操作指令对应的安全等级为一级。The service information and the preset level table (preset level table: as shown in the following Table 1), the preset level table includes setting according to the operation service information involved in the operation instruction, and determining the security corresponding to the user operation according to the service information. Level) to perform a comparison to determine whether there is a security level matching the service information in the preset level table. For example, if the operation instruction triggered by the user is transferring 50000 yuan, the preset level table is searched, and the service type is determined as a transfer, and the payment is received. If the party is a stranger and the transfer amount is 50000, it is determined that the security level corresponding to the user triggering operation instruction is one level.

金额/名称Amount/name 转账Transfer 理财产品Financial product 保险产品Insurance Products 陌生人stranger 联系人Contact 基金fund 股票stock 人身personal 财产property 意外accident 500-4999500-4999 三级Third level 三级Third level 三级Third level 三级Third level 三级Third level 三级Third level 三级Third level 5000-299995000-29999 二级Secondary 三级Third level 三级Third level 三级Third level 三级Third level 三级Third level 三级Third level 30000-4999930000-49999 二级Secondary 二级Secondary 三级Third level 二级Secondary 三级Third level 二级Secondary 二级Secondary 50000-10000050000-100000 一级First level 二级Secondary 二级Secondary 二级Secondary 二级Secondary 二级Secondary 二级Secondary 100000以上More than 100,000 一级First level 二级Secondary 二级Secondary 一级First level 二级Secondary 一级First level 一级First level

表1Table 1

步骤S22,若预设等级表中存在与业务信息匹配的安全等级,并将所述安全等级作为所述操作指令的安全等级。Step S22: If there is a security level matching the service information in the preset level table, and the security level is used as the security level of the operation instruction.

终端在预设等级表中存在与业务信息匹配的安全等级,并将所述安全等级作为所述操作指令的安全等级,终端根据预设等级表确定用户的操作指令对应的安全等级,以进一步地,根据安全等级确定验证规则。The terminal has a security level matching the service information in the preset level table, and the security level is used as the security level of the operation instruction, and the terminal determines the security level corresponding to the operation instruction of the user according to the preset level table, to further , the verification rules are determined according to the security level.

步骤S23,若预设等级表中不存在与业务信息匹配的安全等级,则将所述操作指令作为免验证指令。Step S23: If there is no security level matching the service information in the preset level table, the operation instruction is used as the verification-free instruction.

若终端在预设等级表中不存在与业务信息匹配的安全等级,即,预设等级表中不存在与用户操作指令中业务信息对应的安全等级,则终端将操作指令作为免验证指令;例如,用户在终端上进行50元的小额支付,则该验证指令为免验证指令,不需要用户进行操作权限验证。If the terminal does not have a security level matching the service information in the preset level table, that is, the security level corresponding to the service information in the user operation instruction does not exist in the preset level table, the terminal uses the operation instruction as a verification-free instruction; for example If the user performs a small payment of 50 yuan on the terminal, the verification instruction is a verification-free instruction, and the user does not need to perform operation authority verification.

在本实施例中将操作指令中的业务信息与预设等级表进行比对,预先设置好等级表,根据用户操作指令中包含的业务信息进行准确识别,操作指令对应的安全等级,实现针对用户操作指令的准确验证。In this embodiment, the service information in the operation instruction is compared with the preset level table, the level table is set in advance, and the service information included in the user operation instruction is accurately identified, and the security level corresponding to the operation instruction is implemented for the user. Accurate verification of operational instructions.

方式二:参照图4,基于业务信息的历史操作记录确定安全等级。Method 2: Referring to FIG. 4, the security level is determined based on the historical operation record of the service information.

步骤S24,获取业务信息相关的历史操作记录,获取所述历史操作记录中的操作信息。Step S24: Obtain a historical operation record related to the service information, and obtain operation information in the historical operation record.

终端获取业务信息相关的历史操作记录,即,终端获取所述历史操作记录中的操作信息,用户触发操作指令的时间,用户触发操作指令的频率,用户触发操作指令对应的收款方信息,例如,用户在终端上时间为3:00,进行100次的,对陌生账户转账500元的操作,终端获取预设时间段的金融账户操作时间。The terminal obtains the historical operation record related to the service information, that is, the terminal acquires the operation information in the historical operation record, the time when the user triggers the operation instruction, the frequency at which the user triggers the operation instruction, and the user triggers the payment party corresponding to the operation instruction, for example, The user performs the operation on the terminal at 3:00, 100 times, and transfers the unfamiliar account to 500 yuan, and the terminal acquires the financial account operation time of the preset time period.

步骤S25,将所述操作信息与预设指令安全等级进行比对,确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则。In step S25, the operation information is compared with a preset instruction security level, and the security level of the operation instruction is determined to obtain a verification rule corresponding to the security level.

终端将所述操作信息与预设指令安全等级进行比对,确定所述操作指令的安全等级,其中,预设等级表是预先根据操作时间,操作频率等操作信息设置的等级表,例如,预设等级表中:操作时间为凌晨3:00,操作频率大于30次的操作指令对应的安全等级为3级,终端将用户触发的操作指令对应的操作时间,操作频率,或者其他信息与预设等级表进行比对,确定操作指令的安全等级,当操作指令的安全等级高于预设值,预设值可根据具体情况设置,例如设置为2级,则终端将用户触发的操作指令认定为敏感操作,终端确定操作指令的安全等级,以获取所述安全等级对应的验证规则。The terminal compares the operation information with a preset instruction security level, and determines a security level of the operation instruction, wherein the preset level table is a level table set in advance according to operation information such as operation time and operation frequency, for example, In the rating table: the operation time is 3:00 am, the operation level corresponding to the operation frequency is greater than 30, and the security level is 3, and the terminal will operate the operation time, operation frequency, or other information corresponding to the operation command triggered by the user. The level table is compared to determine the security level of the operation instruction. When the security level of the operation instruction is higher than the preset value, the preset value may be set according to a specific situation. For example, if the level is set to level 2, the terminal identifies the operation instruction triggered by the user as The sensitive operation, the terminal determines the security level of the operation instruction to obtain the verification rule corresponding to the security level.

需要补充说明的是,本实施例中的方式一和方式二可以进行结合,即,在本实施例中若仅按照方式一所述的方案进行用户操作指令安全的等级的验证针对用户单次的操作,若存在用户频繁地操作并不能进行有效地避免,若采用方式二所述的方案进行用户操作指令的安全等级确定并不准确,将本实施例中的方式一确定安全等级后,进一步地,终端根据金融账户的历史操作情况再次确定。It should be noted that the first mode and the second mode in the embodiment may be combined, that is, in the embodiment, the user operation instruction security level verification is performed only for the user single time according to the solution described in the first mode. If the security level of the user operation command is determined to be inaccurate, the method of the second embodiment is used to determine the security level. The terminal is determined again according to the historical operation of the financial account.

在本实施例中根据操作指令中包含的业务信息,确定用户操作指令对应的安全等级,并根据安全等确定验证规则,使得金融操作更加具有准确性。In this embodiment, according to the service information included in the operation instruction, the security level corresponding to the user operation instruction is determined, and the verification rule is determined according to security or the like, so that the financial operation is more accurate.

进一步的,参照图5,在本申请第一实施例的基础上,提出了本申请金融业务的验证方法的本实施例,本实施例是针对第一实施例中步骤S30的细化,在本实施例中具体说明了确定待显示要素的具体实现方式;Further, with reference to FIG. 5, based on the first embodiment of the present application, the present embodiment of the verification method for the financial service of the present application is proposed. This embodiment is directed to the refinement of step S30 in the first embodiment. Specific implementation manners for determining an element to be displayed are specifically described in the embodiment;

所述金融业务的验证方法中步骤S30包括:Step S30 of the verification method of the financial service includes:

步骤S31,根据操作指令的安全等级查询预设验证数据库,获取预设验证数据库中与安全等级匹配的验证规则;Step S31: Query a preset verification database according to a security level of the operation instruction, and obtain a verification rule that matches a security level in the preset verification database;

终端根据操作指令的安全等级查询预设验证数据库,获取预设验证数据库中与安全等级匹配的验证规则,即,终端操作指令的安全等级与预设验证数据库进行遍历,终端获取预设验证数据库中与安全等级匹配的验证规则,其中,验证规则是根据安全等级预先设置的,不同的验证规则中包含不同的验证要素,验证规则与验证单元之间设置有关联关系,例如,第一验证规则为对用户最严格的验证,第一验证规则包含用户动态密码验证、用户证件验证和生物特征验证的待验证单元;第二验证规则为对用户较严格的验证,第二验证规则包含用户动态密码验证和用户证件验证的待验证单元,第三验证规则为对用户最基本的验证,第三验证规则包含用户动态密码验证为待验证单元。The terminal queries the preset verification database according to the security level of the operation instruction, and obtains the verification rule that matches the security level in the preset verification database, that is, the security level of the terminal operation instruction and the preset verification database are traversed, and the terminal acquires the preset verification database. The verification rule that matches the security level, wherein the verification rule is preset according to the security level, and different verification rules include different verification elements, and the verification rule is associated with the verification unit. For example, the first verification rule is The most stringent verification of the user, the first verification rule includes the unit to be verified for user dynamic password verification, user certificate verification and biometric verification; the second verification rule is stricter verification for the user, and the second verification rule includes user dynamic password verification. And the unit to be verified by the user ID verification, the third verification rule is the most basic verification to the user, and the third verification rule includes the user dynamic password verification as the unit to be verified.

步骤S32,获取所述验证规则中包含的待验证单元,并获取所述待验证单元中各个待验证要素的历史验证记录。Step S32: Acquire a unit to be verified included in the verification rule, and obtain a history verification record of each element to be verified in the unit to be verified.

终端根据验证规则和对应关联关系,获取验证规则中包含的待验证单元,终端获取金融账户中待验证单元的历史验证记录,例如,金融账户中待验证单元为用户生物特征验证,生物特征验证中包含的待验证单元为用户声纹验证、指纹验证和面部表情采集验证;预设时间段中的历史验证记录为用户声纹验证10次,指纹验证50次,面部表情采集识别验证15次,用户声纹验证通过率95%,指纹验证通过率99%,面部表情采集识别验证通过率85%。The terminal obtains the to-be-verified unit included in the verification rule according to the verification rule and the corresponding association relationship, and the terminal obtains the historical verification record of the unit to be verified in the financial account. For example, the unit to be verified in the financial account is the user biometric verification, and the biometric verification is performed. The included unit to be verified is user voiceprint verification, fingerprint verification and facial expression collection verification; the historical verification record in the preset time period is 10 times of user voiceprint verification, 50 fingerprint verification, facial expression collection and identification verification 15 times, user The voiceprint verification pass rate is 95%, the fingerprint verification pass rate is 99%, and the facial expression collection and recognition verification pass rate is 85%.

步骤S33,根据待验证单元中各个待验证要素的历史验证记录,确定待验证单元中的待验证要素。Step S33: Determine, according to the historical verification record of each element to be verified in the unit to be verified, the element to be verified in the unit to be verified.

终端根据待验证单元中各个待验证要素的历史验证记录,确定待验证单元中的待验证要素,即,终端根据历史验证记录,获取待验证单元中验证要素验证次数少,验证通过率低的验证要素作为操作指令对应的待验证要素。The terminal determines the to-be-verified element in the to-be-verified unit according to the historical verification record of each element to be verified in the unit to be verified, that is, the terminal obtains the verification that the verification element has fewer verification times and the verification pass rate is low according to the historical verification record. The element is the element to be verified corresponding to the operation instruction.

步骤S34,将所述待验证要素进行显示,以供用户输入待验证要素对应的验证信息。Step S34: Display the to-be-verified element for the user to input verification information corresponding to the element to be verified.

终端将确定的将待验证要素进行显示,以供用户输入待验证要素对应的验证信息,需要补充说明的是,本实施例中确定待验证要素的方法是根据历史验证情况,同样还可以采取其他确定待验证要素的方法,例如随机抽取,或者设置相应的权重确定待验证要素。The terminal determines the verification of the element to be verified for the user to input the verification information corresponding to the element to be verified. It is necessary to add that the method for determining the element to be verified in this embodiment is based on the historical verification situation, and may also adopt other The method of determining the feature to be verified, such as random extraction, or setting the corresponding weight to determine the feature to be verified.

在本实施例中终端可以进行确定待验证要素,他人偶然获取到用户的验证进行,对用户的金融账户进行金融业务操作,使得终端金融账户的安全性更高。In this embodiment, the terminal may perform determining the element to be verified, and the user obtains the verification of the user by chance, and performs financial business operations on the user's financial account, so that the security of the terminal financial account is higher.

进一步的,参照图6,在本申请第一实施例的基础上,提出了本申请金融业务的验证方法的第二实施例。Further, referring to FIG. 6, based on the first embodiment of the present application, a second embodiment of the verification method of the financial service of the present application is proposed.

本申请的第二实施例是针对验证不通过提出的处理方案,即,在第一实施例的步骤S40:将所述验证信息与预设验证库进行比较,以进行所述操作指令的操作权限验证之后,若验证不通过,在执行步骤:操作指令对应的操作权限验证不通过,并调整所述待验证单元中的待验证要素,以进行二次验证的同时还需要执行以下步骤:The second embodiment of the present application is directed to the processing scheme proposed by the verification failure, that is, in step S40 of the first embodiment: comparing the verification information with the preset verification library to perform the operation authority of the operation instruction. After the verification, if the verification fails, in the execution step: the operation authority corresponding to the operation instruction fails to pass, and the element to be verified in the unit to be verified is adjusted to perform the second verification, and the following steps are also performed:

步骤S60,统计操作权限验证不通过的验证频率,将所述验证频率与预设阈值进行比较。Step S60: The verification operation frequency of the operation authority verification is not verified, and the verification frequency is compared with a preset threshold.

终端统计操作权限验证不通过的验证频率,并将所述验证频率与预设阈值(预设阈值:根据具体的情况设置,例如,将预设阈值设置为10次)进行比较,以确定是否需要冻结对应的操作指令,或者对金融账户进行冻结。The terminal statistics operation authority verifies the verification frequency that fails, and compares the verification frequency with a preset threshold (preset threshold: according to a specific situation, for example, setting the preset threshold to 10 times) to determine whether it is needed. Freeze the corresponding operation instructions or freeze the financial account.

步骤S70,若所述验证频率超过预设阈值,则将操作指令对应的操作业务进行部分冻结。Step S70: If the verification frequency exceeds a preset threshold, the operation service corresponding to the operation instruction is partially frozen.

若验证频率超过预设阈值,则将操作指令对应的操作业务进行部分冻结,即,终端可以将金融账户中涉及金融操作的部分操作指令进行冻结,并在接收到用户的申请时再次的开启。If the verification frequency exceeds the preset threshold, the operation service corresponding to the operation instruction is partially frozen, that is, the terminal may freeze part of the operation instructions related to the financial operation in the financial account, and then open again when receiving the application of the user.

在本实施例中终端在多次金融操作没有通过时,对终端的金融账户中部分金融业务进行冻结,这样既避免了金融账户完全冻结导致的用户操作不方便的问题,同时保证了用户金融操作的安全性。In this embodiment, when the terminal fails to pass multiple financial operations, the terminal freezes part of the financial service in the financial account of the terminal, thereby avoiding the problem of inconvenient user operation caused by the complete freezing of the financial account, and ensuring the user financial operation. Security.

此外,参照图7,本申请实施例还提出一种金融业务的验证装置,所述金融业务的验证装置包括: In addition, referring to FIG. 7, the embodiment of the present application further provides a verification apparatus for a financial service, where the verification apparatus of the financial service includes:

接收获取模块10,用于接收金融业务的操作指令,获取所述操作指令中包含的业务信息;The receiving and acquiring module 10 is configured to receive an operation instruction of the financial service, and obtain the service information included in the operation instruction;

等级确定模块20,用于根据所述业务信息确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则;a level determining module 20, configured to determine a security level of the operation instruction according to the service information, to obtain a verification rule corresponding to the security level;

获取显示模块30,用于获取所述验证规则中包含的待验证单元,并将所述待验证单元中的待验证要素进行显示,以供用户输入待验证要素对应的验证信息;The obtaining display module 30 is configured to obtain the to-be-verified unit included in the verification rule, and display the to-be-verified element in the to-be-verified unit, so that the user inputs the verification information corresponding to the element to be verified;

权限验证模块40,用于将所述验证信息与预设验证库进行比较,以进行所述操作指令的操作权限验证;The authority verification module 40 is configured to compare the verification information with a preset verification library to perform operation authority verification of the operation instruction;

指令执行模块50,用于当检测到操作权限验证通过时,执行所述操作指令。The instruction execution module 50 is configured to execute the operation instruction when detecting that the operation authority verification is passed.

其中,金融业务的验证装置的各个功能模块实现的步骤可参照本申请金融业务的验证方法的各个实施例,此处不再赘述。The steps of implementing the function modules of the financial service verification device may refer to various embodiments of the verification method of the financial service of the present application, and details are not described herein again.

此外,本申请实施例还提出一种计算机存储介质。In addition, the embodiment of the present application further provides a computer storage medium.

所述计算机存储介质上存储有金融业务的验证可读指令,所述金融业务的验证可读指令被处理器执行时实现上述实施例提供的金融业务的验证方法中的操作。The computer storage medium stores the verification readable instructions of the financial service, and the verification readable instructions of the financial service are executed by the processor to implement the operations in the verification method of the financial service provided by the foregoing embodiments.

上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the embodiments of the present application are merely for the description, and do not represent the advantages and disadvantages of the embodiments.

以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above is only a preferred embodiment of the present application, and is not intended to limit the scope of the patent application, and the equivalent structure or equivalent process transformations made by the specification and the drawings of the present application, or directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of this application.

Claims (20)

一种金融业务的验证方法,其特征在于,所述金融业务的验证方法包括以下步骤:A method for verifying a financial service, characterized in that the verification method of the financial service comprises the following steps: 接收金融业务的操作指令,获取所述操作指令中包含的业务信息;Receiving an operation instruction of the financial service, and acquiring service information included in the operation instruction; 根据所述业务信息确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则;Determining, according to the service information, a security level of the operation instruction, to obtain a verification rule corresponding to the security level; 获取所述验证规则中包含的待验证单元,并将所述待验证单元中的待验证要素进行显示,以供用户输入待验证要素对应的验证信息;Acquiring the to-be-verified unit included in the verification rule, and displaying the to-be-verified element in the to-be-verified unit, so that the user inputs the verification information corresponding to the element to be verified; 将所述验证信息与预设验证库进行比较,以进行所述操作指令的操作权限验证;Comparing the verification information with a preset verification library to perform operation authority verification of the operation instruction; 当检测到操作权限验证通过时,执行所述操作指令。The operation instruction is executed when it is detected that the operation authority verification is passed. 如权利要求1所述的金融业务的验证方法,其特征在于,所述接收金融业务的操作指令,获取所述操作指令中包含的业务信息的步骤之前,包括:The method for verifying a financial service according to claim 1, wherein the step of receiving an operation instruction of the financial service and acquiring the service information included in the operation instruction comprises: 接收用户输入的金融账户的申请请求,获取所述申请请求中包含的身份信息;Receiving an application request of a financial account input by a user, and acquiring identity information included in the application request; 基于所述身份信息建立金融账户,并在所述金融账户上设置验证库,以将操作权限验证的标准信息保存至所述验证库中。Establishing a financial account based on the identity information, and setting a verification library on the financial account to save standard information of the operation authority verification to the verification library. 如权利要求1所述的金融业务的验证方法,其特征在于,所述根据所述业务信息确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则的步骤包括:The method for verifying the financial service according to claim 1, wherein the step of determining the security level of the operation instruction according to the service information to obtain the verification rule corresponding to the security level comprises: 将所述业务信息与预设等级表进行比对,以判断预设等级表中是否存在与业务信息匹配的安全等级;Comparing the service information with a preset level table to determine whether a security level matching the service information exists in the preset level table; 若预设等级表中存在与业务信息匹配的安全等级,并将所述安全等级作为所述操作指令的安全等级;If there is a security level matching the service information in the preset level table, and the security level is used as the security level of the operation instruction; 若预设等级表中不存在与业务信息匹配的安全等级,则将所述操作指令作为免验证指令。If there is no security level matching the service information in the preset level table, the operation instruction is used as a verification-free instruction. 如权利要求1所述的金融业务的验证方法,其特征在于,所述根据所述业务信息确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则的步骤包括:The method for verifying the financial service according to claim 1, wherein the step of determining the security level of the operation instruction according to the service information to obtain the verification rule corresponding to the security level comprises: 获取业务信息相关的历史操作记录,获取所述历史操作记录中的操作信息;Obtaining a historical operation record related to the service information, and acquiring operation information in the historical operation record; 将所述操作信息与预设指令安全等级进行比对,确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则。Comparing the operation information with a preset instruction security level, determining a security level of the operation instruction, to obtain a verification rule corresponding to the security level. 如权利要求1所述的金融业务的验证方法,其特征在于,所述获取所述验证规则中包含的待验证单元,并将所述待验证单元中的待验证要素进行显示,以供用户输入待验证要素对应的验证信息的步骤,包括:The method for verifying a financial service according to claim 1, wherein the obtaining the unit to be verified included in the verification rule, and displaying the element to be verified in the unit to be verified, for input by a user The steps of the verification information corresponding to the element to be verified include: 根据操作指令的安全等级查询预设验证数据库,获取预设验证数据库中与安全等级匹配的验证规则;Querying the preset verification database according to the security level of the operation instruction, and obtaining the verification rule matching the security level in the preset verification database; 获取所述验证规则中包含的待验证单元,并获取所述待验证单元中各个待验证要素的历史验证记录;Acquiring a unit to be verified included in the verification rule, and acquiring a historical verification record of each element to be verified in the unit to be verified; 根据待验证单元中各个待验证要素的历史验证记录,确定待验证单元中的待验证要素;Determining an element to be verified in the unit to be verified according to a historical verification record of each element to be verified in the unit to be verified; 将所述待验证要素进行显示,以供用户输入待验证要素对应的验证信息。The to-be-verified element is displayed for the user to input verification information corresponding to the element to be verified. 如权利要求1所述的金融业务的验证方法,其特征在于,所述将所述验证信息与预设验证库进行比较,以进行所述操作指令的操作权限验证的步骤,包括:The method for verifying the financial service according to claim 1, wherein the step of comparing the verification information with a preset verification library to perform operation authority verification of the operation instruction comprises: 获取用户输入的验证信息,将所述验证信息与预设验证库中的标准信息进行比对;Obtaining verification information input by the user, and comparing the verification information with standard information in the preset verification library; 若验证信息与预置验证库中的标准信息匹配,则操作指令对应的操作权限验证通过;If the verification information matches the standard information in the preset verification library, the operation authority corresponding to the operation instruction is verified; 若验证信息与预置验证库中的标准信息不匹配,则操作指令对应的操作权限验证不通过,并调整所述待验证单元中的待验证要素,以进行二次验证。If the verification information does not match the standard information in the preset verification library, the operation authority verification corresponding to the operation instruction fails, and the to-be-verified element in the to-be-verified unit is adjusted to perform secondary verification. 如权利要求6所述的金融业务的验证方法,其特征在于,所述若验证信息与预置验证库中的标准信息不匹配,则操作指令对应的操作权限验证不通过,并调整所述待验证单元中的待验证要素,以进行二次验证的步骤之后,包括:The method for verifying a financial service according to claim 6, wherein if the verification information does not match the standard information in the preset verification library, the operation authority verification corresponding to the operation instruction fails, and the waiting is adjusted. After verifying the elements to be verified in the unit for the second verification step, it includes: 统计操作权限验证不通过的验证频率,将所述验证频率与预设阈值进行比较;The verification operation frequency verifies the verification frequency that fails, and compares the verification frequency with a preset threshold; 若所述验证频率超过预设阈值,则将操作指令对应的操作业务进行部分冻结。If the verification frequency exceeds a preset threshold, the operation service corresponding to the operation instruction is partially frozen. 一种金融业务的验证装置,其特征在于,所述金融业务的验证装置包括:A verification device for a financial service, characterized in that the verification device of the financial service comprises: 接收获取模块,用于接收金融业务的操作指令,获取所述操作指令中包含的业务信息;Receiving an acquisition module, configured to receive an operation instruction of the financial service, and obtain the service information included in the operation instruction; 等级确定模块,用于根据所述业务信息确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则;a level determining module, configured to determine a security level of the operation instruction according to the service information, to obtain a verification rule corresponding to the security level; 获取显示模块,用于获取所述验证规则中包含的待验证单元,并将所述待验证单元中的待验证要素进行显示,以供用户输入待验证要素对应的验证信息;Obtaining a display module, configured to obtain a to-be-verified unit included in the verification rule, and display the to-be-verified element in the to-be-verified unit, so that the user inputs verification information corresponding to the element to be verified; 权限验证模块,用于将所述验证信息与预设验证库进行比较,以进行所述操作指令的操作权限验证;a rights verification module, configured to compare the verification information with a preset verification library to perform operation authority verification of the operation instruction; 指令执行模块,用于当检测到操作权限验证通过时,执行所述操作指令。The instruction execution module is configured to execute the operation instruction when detecting that the operation authority verification is passed. 如权利要求8所述的金融业务的验证装置,其特征在于,所述金融业务的验证装置,包括:The verification device for the financial service according to claim 8, wherein the verification device of the financial service comprises: 身份获取模块,用于接收用户输入的金融账户的申请请求,获取所述申请请求中包含的身份信息;An identity obtaining module, configured to receive an application request of a financial account input by a user, and obtain identity information included in the application request; 账户建立模块,用于基于所述身份信息建立金融账户,并在所述金融账户上设置验证库,以将操作权限验证的标准信息保存至所述验证库中。And an account establishing module, configured to establish a financial account based on the identity information, and set a verification library on the financial account to save standard information of the operation authority verification into the verification library. 如权利要求8所述的金融业务的验证装置,其特征在于,所述等级确定模块,包括:The device for verifying a financial service according to claim 8, wherein the level determining module comprises: 信息比对单元,用于将所述业务信息与预设等级表进行比对,以判断预设等级表中是否存在与业务信息匹配的安全等级;The information comparison unit is configured to compare the service information with a preset level table to determine whether a security level matching the service information exists in the preset level table; 等级确定单元,用于若预设等级表中存在与业务信息匹配的安全等级,并将所述安全等级作为所述操作指令的安全等级;a level determining unit, configured to: if there is a security level matching the service information in the preset level table, and use the security level as a security level of the operation instruction; 验证免除单元,用于若预设等级表中不存在与业务信息匹配的安全等级,则将所述操作指令作为免验证指令。The verification exemption unit is configured to use the operation instruction as a verification-free instruction if there is no security level matching the service information in the preset level table. 如权利要求8所述的金融业务的验证装置,其特征在于,所述等级确定模块,包括:The device for verifying a financial service according to claim 8, wherein the level determining module comprises: 记录获取单元,用于获取业务信息相关的历史操作记录,获取所述历史操作记录中的操作信息;a record obtaining unit, configured to acquire a historical operation record related to the service information, and obtain operation information in the historical operation record; 规则确定单元,用于将所述操作信息与预设指令安全等级进行比对,确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则。The rule determining unit is configured to compare the operation information with a preset instruction security level, and determine a security level of the operation instruction to obtain a verification rule corresponding to the security level. 如权利要求8所述的金融业务的验证装置,其特征在于,所述获取显示模块,包括:The device for verifying a financial service according to claim 8, wherein the obtaining the display module comprises: 查询获取单元,用于根据操作指令的安全等级查询预设验证数据库,获取预设验证数据库中与安全等级匹配的验证规则;The query obtaining unit is configured to query the preset verification database according to the security level of the operation instruction, and obtain a verification rule that matches the security level in the preset verification database; 信息获取单元,用于获取所述验证规则中包含的待验证单元,并获取所述待验证单元中各个待验证要素的历史验证记录;An information obtaining unit, configured to acquire a to-be-verified unit included in the verification rule, and obtain a historical verification record of each element to be verified in the to-be-verified unit; 要素确定单元,用于根据待验证单元中各个待验证要素的历史验证记录,确定待验证单元中的待验证要素;An element determining unit, configured to determine, according to a historical verification record of each element to be verified in the unit to be verified, an element to be verified in the unit to be verified; 显示模块,用于将所述待验证要素进行显示,以供用户输入待验证要素对应的验证信息。And a display module, configured to display the to-be-verified element for the user to input verification information corresponding to the element to be verified. 如权利要求8所述的金融业务的验证装置,其特征在于,所述权限验证模块,包括:The authentication device for a financial service according to claim 8, wherein the authority verification module comprises: 信息比对单元,用于获取用户输入的验证信息,将所述验证信息与预设验证库中的标准信息进行比对;The information comparison unit is configured to obtain verification information input by the user, and compare the verification information with standard information in the preset verification library; 第一验证单元,用于若验证信息与预置验证库中的标准信息匹配,则操作指令对应的操作权限验证通过;a first verification unit, configured to: if the verification information matches the standard information in the preset verification library, the operation authority corresponding to the operation instruction is verified; 第二验证单元,用于若验证信息与预置验证库中的标准信息不匹配,则操作指令对应的操作权限验证不通过,并调整所述待验证单元中的待验证要素,以进行二次验证。a second verification unit, configured to: if the verification information does not match the standard information in the preset verification library, the operation authority verification corresponding to the operation instruction fails, and adjust the to-be-verified element in the to-be-verified unit to perform the second verification. 如权利要求13所述的金融业务的验证装置,其特征在于,所述金融业务的验证装置,包括:The verification device for the financial service according to claim 13, wherein the verification device of the financial service comprises: 频率统计模块,用于统计操作权限验证不通过的验证频率,将所述验证频率与预设阈值进行比较;The frequency statistics module is configured to compare the verification frequency that the operation authority verification fails, and compare the verification frequency with a preset threshold; 业务冻结模块,用于若所述验证频率超过预设阈值,则将操作指令对应的操作业务进行部分冻结。The service freeze module is configured to partially freeze the operation service corresponding to the operation instruction if the verification frequency exceeds a preset threshold. 一种金融业务的验证设备,其特征在于,所述金融业务的验证设备包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的金融业务的验证可读指令,其中:A verification device for a financial service, characterized in that the verification device of the financial service comprises: a memory, a processor, and a verification readable instruction of a financial service stored on the memory and operable on the processor, among them: 所述金融业务的验证可读指令被所述处理器执行时实现以下步骤:The verification readable instructions of the financial service are executed by the processor to implement the following steps: 接收金融业务的操作指令,获取所述操作指令中包含的业务信息;Receiving an operation instruction of the financial service, and acquiring service information included in the operation instruction; 根据所述业务信息确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则;Determining, according to the service information, a security level of the operation instruction, to obtain a verification rule corresponding to the security level; 获取所述验证规则中包含的待验证单元,并将所述待验证单元中的待验证要素进行显示,以供用户输入待验证要素对应的验证信息;Acquiring the to-be-verified unit included in the verification rule, and displaying the to-be-verified element in the to-be-verified unit, so that the user inputs the verification information corresponding to the element to be verified; 将所述验证信息与预设验证库进行比较,以进行所述操作指令的操作权限验证;Comparing the verification information with a preset verification library to perform operation authority verification of the operation instruction; 当检测到操作权限验证通过时,执行所述操作指令。The operation instruction is executed when it is detected that the operation authority verification is passed. 如权利要求15所述的金融业务的验证设备,其特征在于,所述金融业务的验证可读指令被所述处理器执行时实现以下步骤:The verification device for a financial service according to claim 15, wherein the verification readable instructions of the financial service are executed by the processor to implement the following steps: 接收用户输入的金融账户的申请请求,获取所述申请请求中包含的身份信息;Receiving an application request of a financial account input by a user, and acquiring identity information included in the application request; 基于所述身份信息建立金融账户,并在所述金融账户上设置验证库,以将操作权限验证的标准信息保存至所述验证库中。Establishing a financial account based on the identity information, and setting a verification library on the financial account to save standard information of the operation authority verification to the verification library. 如权利要求15所述的金融业务的验证设备,其特征在于,所述金融业务的验证可读指令被所述处理器执行:所述根据所述业务信息确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则的步骤,包括:A verification apparatus for a financial service according to claim 15, wherein said verification readable instruction of said financial service is executed by said processor: said determining a security level of said operation instruction based on said service information, The step of obtaining the verification rule corresponding to the security level includes: 将所述业务信息与预设等级表进行比对,以判断预设等级表中是否存在与业务信息匹配的安全等级;Comparing the service information with a preset level table to determine whether a security level matching the service information exists in the preset level table; 若预设等级表中存在与业务信息匹配的安全等级,并将所述安全等级作为所述操作指令的安全等级;If there is a security level matching the service information in the preset level table, and the security level is used as the security level of the operation instruction; 若预设等级表中不存在与业务信息匹配的安全等级,则将所述操作指令作为免验证指令。If there is no security level matching the service information in the preset level table, the operation instruction is used as a verification-free instruction. 如权利要求15所述的金融业务的验证设备,其特征在于,所述金融业务的验证可读指令被所述处理器执行:所述根据所述业务信息确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则的步骤包括:A verification apparatus for a financial service according to claim 15, wherein said verification readable instruction of said financial service is executed by said processor: said determining a security level of said operation instruction based on said service information, The steps of obtaining the verification rule corresponding to the security level include: 获取业务信息相关的历史操作记录,获取所述历史操作记录中的操作信息;Obtaining a historical operation record related to the service information, and acquiring operation information in the historical operation record; 将所述操作信息与预设指令安全等级进行比对,确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则。Comparing the operation information with a preset instruction security level, determining a security level of the operation instruction, to obtain a verification rule corresponding to the security level. 如权利要求15所述的金融业务的验证设备,其特征在于,所述金融业务的验证可读指令被所述处理器执行:所述获取所述验证规则中包含的待验证单元,并将所述待验证单元中的待验证要素进行显示,以供用户输入待验证要素对应的验证信息的步骤,包括:The verification device of the financial service according to claim 15, wherein the verification readable instruction of the financial service is executed by the processor: the acquiring a unit to be verified included in the verification rule, and The step of displaying the to-be-verified element in the verification unit for displaying the verification information corresponding to the element to be verified, including: 根据操作指令的安全等级查询预设验证数据库,获取预设验证数据库中与安全等级匹配的验证规则;Querying the preset verification database according to the security level of the operation instruction, and obtaining the verification rule matching the security level in the preset verification database; 获取所述验证规则中包含的待验证单元,并获取所述待验证单元中各个待验证要素的历史验证记录;Acquiring a unit to be verified included in the verification rule, and acquiring a historical verification record of each element to be verified in the unit to be verified; 根据待验证单元中各个待验证要素的历史验证记录,确定待验证单元中的待验证要素;Determining an element to be verified in the unit to be verified according to a historical verification record of each element to be verified in the unit to be verified; 将所述待验证要素进行显示,以供用户输入待验证要素对应的验证信息。The to-be-verified element is displayed for the user to input verification information corresponding to the element to be verified. 一种计算机存储介质,其特征在于,所述计算机存储介质上存储有金融业务的验证可读指令,所述金融业务的验证可读指令被处理器执行时实现以下步骤:A computer storage medium, characterized in that the computer storage medium stores verification readable instructions of a financial service, and the verification readable instructions of the financial service are executed by the processor to implement the following steps: 接收金融业务的操作指令,获取所述操作指令中包含的业务信息;Receiving an operation instruction of the financial service, and acquiring service information included in the operation instruction; 根据所述业务信息确定所述操作指令的安全等级,以获取所述安全等级对应的验证规则;Determining, according to the service information, a security level of the operation instruction, to obtain a verification rule corresponding to the security level; 获取所述验证规则中包含的待验证单元,并将所述待验证单元中的待验证要素进行显示,以供用户输入待验证要素对应的验证信息;Acquiring the to-be-verified unit included in the verification rule, and displaying the to-be-verified element in the to-be-verified unit, so that the user inputs the verification information corresponding to the element to be verified; 将所述验证信息与预设验证库进行比较,以进行所述操作指令的操作权限验证;Comparing the verification information with a preset verification library to perform operation authority verification of the operation instruction; 当检测到操作权限验证通过时,执行所述操作指令。The operation instruction is executed when it is detected that the operation authority verification is passed.
PCT/CN2018/122609 2018-01-29 2018-12-21 Financial service verification method, apparatus and device, and computer storage medium Ceased WO2019144738A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810081998.0A CN108269187A (en) 2018-01-29 2018-01-29 Verification method, device, equipment and the computer storage media of financial business
CN201810081998.0 2018-01-29

Publications (1)

Publication Number Publication Date
WO2019144738A1 true WO2019144738A1 (en) 2019-08-01

Family

ID=62776843

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/122609 Ceased WO2019144738A1 (en) 2018-01-29 2018-12-21 Financial service verification method, apparatus and device, and computer storage medium

Country Status (2)

Country Link
CN (1) CN108269187A (en)
WO (1) WO2019144738A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI901928B (en) * 2023-01-13 2025-10-21 玉山商業銀行股份有限公司 Method and system for identity verification applied to financial system

Families Citing this family (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254378B (en) * 2016-09-09 2020-02-07 宇龙计算机通信科技(深圳)有限公司 Safety control method and system for Near Field Communication (NFC) mobile terminal
CN108269187A (en) * 2018-01-29 2018-07-10 深圳壹账通智能科技有限公司 Verification method, device, equipment and the computer storage media of financial business
CN110889106B (en) * 2018-09-11 2024-08-16 京东科技控股股份有限公司 Configuration method, device, system and computer readable storage medium
CN111181725A (en) * 2018-11-12 2020-05-19 奇酷互联网络科技(深圳)有限公司 Identity information verification method, mobile terminal and computer storage medium
CN110011957B (en) * 2018-12-13 2022-08-30 创新先进技术有限公司 Security authentication method and device for enterprise account, electronic equipment and storage medium
CN109686011A (en) * 2018-12-18 2019-04-26 维拓智能科技(深圳)有限公司 The user identification method of self-aided terminal and self-aided terminal
CN110113168B (en) * 2019-04-03 2022-04-22 厦门历思科技服务有限公司 Information authentication method, client, system and computer readable storage medium
CN110166438B (en) * 2019-04-19 2022-03-18 平安科技(深圳)有限公司 Account information login method and device, computer equipment and computer storage medium
CN110188159B (en) * 2019-05-27 2023-05-12 深圳前海微众银行股份有限公司 Credit data access method, device, equipment and computer readable storage medium
CN112000657B (en) * 2019-05-27 2025-04-15 北京京东尚科信息技术有限公司 Data management method, device, server and storage medium
CN110457876A (en) * 2019-08-15 2019-11-15 中国银行股份有限公司 Identity identifying method, apparatus and system
CN110795770A (en) * 2019-09-26 2020-02-14 平安科技(深圳)有限公司 Electronic data verification method, device, computer equipment and storage medium
CN110909013B (en) * 2019-10-12 2023-10-03 中国平安财产保险股份有限公司 Service list generation method, device, equipment and computer readable storage medium
CN111786936A (en) * 2019-11-27 2020-10-16 北京沃东天骏信息技术有限公司 Method and apparatus for authentication
CN111160137B (en) * 2019-12-12 2021-03-12 天目爱视(北京)科技有限公司 An intelligent business processing device based on biological 3D information
CN111738731B (en) * 2020-06-16 2024-10-11 中国银行股份有限公司 Bank cash transaction operation control method and device
CN112231617A (en) * 2020-10-12 2021-01-15 深圳市欢太科技有限公司 Service call checking method and device, storage medium and electronic equipment
CN112328482A (en) * 2020-11-05 2021-02-05 中国平安人寿保险股份有限公司 Test method and device based on script template, computer equipment and storage medium
CN112465503B (en) * 2020-11-17 2021-10-29 深圳市快付通金融网络科技服务有限公司 Information security protection method and cloud platform based on Internet finance and biometrics
CN112714108B (en) * 2020-12-21 2022-08-12 中国移动通信集团江苏有限公司 Method, device, device and computer storage medium for terminal communication number verification
CN112395541A (en) * 2020-12-29 2021-02-23 畅捷通信息技术股份有限公司 Data content verification method, device and system, storage medium and computing equipment
CN113505161A (en) * 2021-01-20 2021-10-15 何青波 Service query and verification method based on big data and cloud computing
CN112686760B (en) * 2021-01-20 2021-09-14 深圳市全景网络有限公司 Financial business processing method and platform based on big data
CN112801619B (en) * 2021-01-29 2025-01-10 中国农业银行股份有限公司上海市分行 Screening method and screening device for financial business operation log
CN114995167A (en) * 2021-03-02 2022-09-02 阿里巴巴新加坡控股有限公司 Control method, device and equipment
CN112669042A (en) * 2021-03-15 2021-04-16 中国银联股份有限公司 Payment method, server, user terminal, system and storage medium
CN113299016B (en) * 2021-04-27 2024-09-03 深圳市怡化时代科技有限公司 Service timing method and system of self-service terminal, self-service equipment and storage medium
CN112995227B (en) * 2021-05-13 2021-07-13 深圳格隆汇信息科技有限公司 One-stop information service platform based on three-party credit management
CN113191757A (en) * 2021-06-03 2021-07-30 中国银行股份有限公司 Bank business control method, device, server and storage medium
CN114138790B (en) * 2021-12-02 2025-02-11 中国建设银行股份有限公司 Interface element verification method, device, storage medium and program product
CN114553838A (en) * 2022-02-23 2022-05-27 京东方科技集团股份有限公司 Implementation method, system and server for remote business processing
CN115001779A (en) * 2022-05-26 2022-09-02 中国农业银行股份有限公司 Verification method, device, equipment and medium of operation instruction
CN114925347A (en) * 2022-06-07 2022-08-19 中国银行股份有限公司 Fingerprint verification method and device, electronic equipment and computer storage medium
CN115293773A (en) * 2022-08-03 2022-11-04 中国银行股份有限公司 Method, system and related equipment for verifying financial transaction
CN118153017B (en) * 2024-05-09 2024-08-20 翌飞锐特电子商务(北京)有限公司 Service management method based on AI and big data
CN118735470B (en) * 2024-09-04 2024-12-03 青岛邦诚信息科技有限公司 Enterprise project management system and method based on service verification
CN119254492B (en) * 2024-09-29 2025-07-25 无锡智朴物联科技有限公司 Dynamic password generation system for mobile device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104867010A (en) * 2015-05-20 2015-08-26 杨淼彬 User friendly payment method
US20150302411A1 (en) * 2014-04-22 2015-10-22 Bank Of America Corporation Proximity to a location as a form of authentication
CN107316195A (en) * 2017-06-26 2017-11-03 北京明华联盟科技有限公司 The method of payment and device of a kind of safe and convenient
CN108269187A (en) * 2018-01-29 2018-07-10 深圳壹账通智能科技有限公司 Verification method, device, equipment and the computer storage media of financial business

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2438651A (en) * 2006-06-02 2007-12-05 Michael Arnold Secure financial transactions
CN102347929A (en) * 2010-07-28 2012-02-08 阿里巴巴集团控股有限公司 Verification method of user identity and apparatus thereof
CN102790674B (en) * 2011-05-20 2016-03-16 阿里巴巴集团控股有限公司 Auth method, equipment and system
CN104158665A (en) * 2014-08-25 2014-11-19 小米科技有限责任公司 Method and device of verification
CN105991590B (en) * 2015-02-15 2019-10-18 阿里巴巴集团控股有限公司 A kind of method, system, client and server for verifying user identity
CN107231232B (en) * 2016-03-23 2020-04-28 阿里巴巴集团控股有限公司 Identity verification method and device
CN106027543A (en) * 2016-06-23 2016-10-12 北京孔方同鑫科技有限公司 Identification method and apparatus based on weight calculation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150302411A1 (en) * 2014-04-22 2015-10-22 Bank Of America Corporation Proximity to a location as a form of authentication
CN104867010A (en) * 2015-05-20 2015-08-26 杨淼彬 User friendly payment method
CN107316195A (en) * 2017-06-26 2017-11-03 北京明华联盟科技有限公司 The method of payment and device of a kind of safe and convenient
CN108269187A (en) * 2018-01-29 2018-07-10 深圳壹账通智能科技有限公司 Verification method, device, equipment and the computer storage media of financial business

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI901928B (en) * 2023-01-13 2025-10-21 玉山商業銀行股份有限公司 Method and system for identity verification applied to financial system

Also Published As

Publication number Publication date
CN108269187A (en) 2018-07-10

Similar Documents

Publication Publication Date Title
WO2019144738A1 (en) Financial service verification method, apparatus and device, and computer storage medium
WO2020171538A1 (en) Electronic device and method for providing digital signature service of block chain using the same
WO2020206899A1 (en) Timestamp-based identity verification method, apparatus and device, and storage medium
WO2019174090A1 (en) Screenshot file sharing control method, apparatus and device, and computer storage medium
WO2021010766A1 (en) Electronic authentication device and method using blockchain
WO2016137307A1 (en) Attestation by proxy
WO2020062642A1 (en) Blockchain-based method, device, and equipment for electronic contract signing, and storage medium
WO2015126135A1 (en) Method and apparatus for processing biometric information in electronic device
WO2019206854A1 (en) Biometric authentication method, system, and computer program
WO2018030707A1 (en) Authentication system and method, and user equipment, authentication server, and service server for performing same method
WO2018194379A1 (en) Method for approving use of card by using token id on basis of blockchain and merkle tree structure associated therewith, and server using same
WO2019024126A1 (en) Blockchain-based knowledge management method, and terminal and server
WO2017094998A1 (en) Biometric information personal identity authenticating system and method using financial card information stored in mobile communication terminal
WO2011118871A1 (en) Authentication method and system using portable terminal
WO2020087704A1 (en) Credit information management method, apparatus, and device, and storage medium
WO2013141602A1 (en) Authentication method and system for same
WO2013004065A1 (en) Information security method and system based on image acquisition
WO2016126090A1 (en) System and method for prooving digital file tampering by using smart phone, smart phone having smart phone screen capture image authentication function, and method for authenticating smart phone screen capture image
WO2023128345A1 (en) Personal identification method and system using homomorphically encrypted image
WO2019161598A1 (en) Method, apparatus and device for interacting instant messaging with mail, and storage medium
WO2020042463A1 (en) Biometric recognition-based access control unlocking method, apparatus, device and medium
WO2022196851A1 (en) Method and system for providing certification of vaccine inoculation and post-inoculation management
WO2020103275A1 (en) Money deduction control method, apparatus, and device, and readable storage medium
WO2017065576A1 (en) User authentication method and system, which use variable keypad
WO2020034527A1 (en) User personal information encryption and authorisation method, apparatus, and device, and readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18902198

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 02/12/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18902198

Country of ref document: EP

Kind code of ref document: A1