阅读说明：本技术 一种认证的方法和装置 (Authentication method and device ) 是由 范瑞丰 于 2020-10-30 设计创作，主要内容包括：本发明公开了一种认证的方法和装置,涉及计算机技术领域。该方法的一具体实施方式包括：能够根据反映业务认证需求的认证策略,客户端从服务端获取业务对应的认证策略、认证方式以及两者的映射关系,并获取所述认证方式的认证优先级,当多个业务对应多个认证策略时,根据认证优先级确定用户执行业务所使用的认证方式,克服了多个业务场景中触发不同的认证方式而导致的认证混乱的问题；并通过添加认证方式,根据用户输入的认证信息完成业务的认证,克服了用户无认证方式时需要工作人员人工添加的问题,提升了用户体验。(The invention discloses an authentication method and device, and relates to the technical field of computers. One embodiment of the method comprises: the method has the advantages that the client can obtain the authentication strategy, the authentication mode and the mapping relation of the authentication strategy and the authentication mode corresponding to the service from the server according to the authentication strategy reflecting the service authentication requirement, and obtain the authentication priority of the authentication mode, when a plurality of services correspond to a plurality of authentication strategies, the authentication mode used by a user for executing the service is determined according to the authentication priority, and the problem of authentication confusion caused by triggering different authentication modes in a plurality of service scenes is solved; and by adding the authentication mode, the service authentication is completed according to the authentication information input by the user, the problem that the user needs to manually add the authentication information when the user does not have the authentication mode is solved, and the user experience is improved.)

1. A method of authentication, comprising:

according to one or more services executed by a user, acquiring one or more authentication policies contained in the services and one or more authentication modes corresponding to the authentication policies, wherein the authentication policies and the authentication modes have a mapping relation;

acquiring an authentication priority corresponding to the authentication mode; determining the authentication mode used by the service according to the authentication priority;

and completing the authentication of the service executed by the user according to the authentication mode.

2. The method of claim 1,

determining the authentication mode used by the service according to the authentication priority, including:

acquiring the authentication mode corresponding to the authentication strategy according to the mapping relation, acquiring the authentication mode and the authentication mode with the priority higher than that of the authentication mode according to the authentication priority, and generating list options of the authentication modes for a user to select;

and determining the authentication mode used by the service according to the selection of the user.

3. The method of claim 1,

determining the authentication mode used by the service according to the authentication priority, including:

acquiring the authentication modes corresponding to at least two authentication strategies according to the mapping relation;

and selecting the highest priority in the authentication modes as the authentication mode used by the service according to the authentication priority.

4. The method of claim 1,

determining the authentication mode used by the service according to the authentication priority, including:

and acquiring the authentication mode used by the service from a server, wherein the authentication mode is determined according to the authentication priority.

5. The method of claim 1,

according to the authentication mode, completing the authentication of the service executed by the user, comprising the following steps:

and starting a page corresponding to the authentication mode according to the authentication mode so that a user can input authentication information, wherein the authentication information is used for finishing the authentication of the service executed by the user.

6. The method of claim 1,

according to the authentication mode, completing the authentication of the service executed by the user, comprising the following steps:

when the authentication mode corresponding to the user is not found, starting a page added with the authentication mode for the user to input authentication information;

and after the authentication mode is added, finishing the authentication of the service executed by the user according to the authentication mode.

7. The method according to any one of claims 1 to 6,

the authentication mode comprises any one or more of a user unique identification authentication mode and a user biological characteristic authentication mode.

8. A method of authentication, comprising:

receiving a service authentication request, and acquiring and storing an authentication strategy and an authentication mode contained in the service, wherein the authentication strategy and the authentication mode have a mapping relation;

acquiring authentication priorities of at least two authentication modes; storing the authentication priority;

and receiving a service executed by a user from a client, and sending the authentication strategy, the authentication mode, the mapping relation and the authentication priority corresponding to the service to the client according to the service.

9. The method of claim 8,

and determining the authentication mode used by the service according to the authentication priority, and sending the authentication mode.

10. An apparatus for authentication, comprising: the authentication method comprises an authentication mode obtaining module, an authentication mode determining module and a user authentication module; wherein the content of the first and second substances,

the authentication mode acquiring module is used for acquiring one or more authentication strategies contained in one or more services executed by a user and one or more authentication modes corresponding to the authentication strategies, and the authentication strategies and the authentication modes have a mapping relation;

the authentication priority acquisition module is used for acquiring the authentication priority corresponding to the authentication mode; determining the authentication mode used by the service according to the authentication priority;

and the user authentication module is used for finishing the authentication of the service executed by the user according to the authentication mode.

11. An apparatus for authentication, comprising: the authentication information acquisition module and the authentication information sending module; wherein the content of the first and second substances,

the authentication information acquisition module is used for receiving a service authentication request, acquiring and storing an authentication strategy and an authentication mode contained in the service, wherein the authentication strategy and the authentication mode have a mapping relation; acquiring authentication priorities of at least two authentication modes; storing the authentication priority;

and the authentication information sending module is used for receiving a service executed by a user from a client, and sending the authentication strategy, the authentication mode, the mapping relation and the authentication priority corresponding to the service to the client according to the service.

12. An electronic device, comprising:

one or more processors;

a storage device for storing one or more programs,

when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7 or 8-9.

13. A computer-readable medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method of any one of claims 1-7 or 8-9.

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for authentication.

Background

In an internet application system, a user identity authentication application scenario is widely used, and user identity authentication is generally used in service scenarios such as user login, account security, risk control, payment and the like.

In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art:

in the prior art, when a plurality of service scenes trigger different identity authentications simultaneously, the situation of authentication confusion can occur due to the fact that the authentication modes conflict because the priorities of the application scenes and the authentication modes are not clearly divided; meanwhile, the problem that the user cannot finish the whole authentication process by self exists, and when the user has no authentication mode, the authentication mode needs to be added manually by workers, so that the operation flow of the user in the service is interrupted, and the user experience is influenced.

Disclosure of Invention

In view of this, embodiments of the present invention provide an authentication method and apparatus, which can obtain, by a client, an authentication policy and an authentication manner corresponding to a service and a mapping relationship between the authentication policy and the authentication manner from a server according to an authentication policy reflecting a service authentication requirement, and obtain an authentication priority of the authentication manner, and when multiple services correspond to multiple authentication policies, determine an authentication manner used by a user to execute the service according to the authentication priority, thereby overcoming a problem of authentication confusion caused by triggering different authentication manners in multiple service scenarios; and by adding the authentication mode, the service authentication is completed according to the authentication information input by the user, the problem that the user needs to manually add the authentication information when the user does not have the authentication mode is solved, and the user experience is improved.

In order to achieve the above object, according to an aspect of the embodiments of the present invention, there is provided an authentication method applied to a client, including: according to one or more services executed by a user, acquiring one or more authentication policies contained in the services and one or more authentication modes corresponding to the authentication policies, wherein the authentication policies and the authentication modes have a mapping relation; acquiring an authentication priority corresponding to the authentication mode; determining the authentication mode used by the service according to the authentication priority; and completing the authentication of the service executed by the user according to the authentication mode.

Optionally, the method of authenticating, characterized by,

determining the authentication mode used by the service according to the authentication priority, including:

acquiring the authentication mode corresponding to the authentication strategy according to the mapping relation, acquiring the authentication mode and the authentication mode with the priority higher than that of the authentication mode according to the authentication priority, and generating list options of the authentication modes for a user to select;

and determining the authentication mode used by the service according to the selection of the user.

Optionally, the method of authenticating, characterized by,

determining the authentication mode used by the service according to the authentication priority, including:

acquiring the authentication modes corresponding to at least two authentication strategies according to the mapping relation;

and selecting the highest priority in the authentication modes as the authentication mode used by the service according to the authentication priority.

Optionally, the method of authenticating, characterized by,

determining the authentication mode used by the service according to the authentication priority, including:

and acquiring the authentication mode used by the service from a server, wherein the authentication mode is determined according to the authentication priority.

Optionally, the method of authenticating, characterized by,

according to the authentication mode, completing the authentication of the service executed by the user, comprising the following steps:

and starting a page corresponding to the authentication mode according to the authentication mode so that a user can input authentication information, wherein the authentication information is used for finishing the authentication of the service executed by the user.

Optionally, the method of authenticating, characterized by,

according to the authentication mode, completing the authentication of the service executed by the user, comprising the following steps:

when the authentication mode corresponding to the user is not found, starting a page added with the authentication mode for the user to input authentication information;

and after the authentication mode is added, finishing the authentication of the service executed by the user according to the authentication mode.

Optionally, the method of authenticating, characterized by,

the authentication mode comprises any one or more of a user unique identification authentication mode and a user biological characteristic authentication mode.

In order to achieve the above object, according to a second aspect of the embodiments of the present invention, there is provided an authentication method applied to a server, including: receiving a service authentication request, and acquiring and storing an authentication strategy and an authentication mode contained in the service, wherein the authentication strategy and the authentication mode have a mapping relation; acquiring authentication priorities of at least two authentication modes; storing the authentication priority; and receiving a service executed by a user from a client, and sending the authentication strategy, the authentication mode, the mapping relation and the authentication priority corresponding to the service to the client according to the service.

Optionally, the method of authenticating, characterized by,

and determining the authentication mode used by the service according to the authentication priority, and sending the authentication mode.

To achieve the above object, according to a third aspect of embodiments of the present invention, there is provided an apparatus for authentication, including: the authentication method comprises an authentication mode obtaining module, an authentication mode determining module and a user authentication module; wherein the content of the first and second substances,

the authentication mode acquiring module is used for acquiring one or more authentication strategies contained in one or more services executed by a user and one or more authentication modes corresponding to the authentication strategies, and the authentication strategies and the authentication modes have a mapping relation;

the authentication priority acquisition module is used for acquiring the authentication priority corresponding to the authentication mode; determining the authentication mode used by the service according to the authentication priority;

and the user authentication module is used for finishing the authentication of the service executed by the user according to the authentication mode.

Optionally, the apparatus for authenticating, characterized in that,

determining the authentication mode used by the service according to the authentication priority, including:

acquiring the authentication mode corresponding to the authentication strategy according to the mapping relation, acquiring the authentication mode and the authentication mode with the priority higher than that of the authentication mode according to the authentication priority, and generating list options of the authentication modes for a user to select;

and determining the authentication mode used by the service according to the selection of the user.

Optionally, the apparatus for authenticating, characterized in that,

determining the authentication mode used by the service according to the authentication priority, including:

acquiring the authentication modes corresponding to at least two authentication strategies according to the mapping relation;

and selecting the highest priority in the authentication modes as the authentication mode used by the service according to the authentication priority.

Optionally, the apparatus for authenticating, characterized in that,

determining the authentication mode used by the service according to the authentication priority, including:

and acquiring the authentication mode used by the service from a server, wherein the authentication mode is determined according to the authentication priority.

Optionally, the apparatus for authenticating, characterized in that,

according to the authentication mode, completing the authentication of the service executed by the user, comprising the following steps:

and starting a page corresponding to the authentication mode according to the authentication mode so that a user can input authentication information, wherein the authentication information is used for finishing the authentication of the service executed by the user.

Optionally, the apparatus for authenticating, characterized in that,

according to the authentication mode, completing the authentication of the service executed by the user, comprising the following steps:

when the authentication mode corresponding to the user is not found, starting a page added with the authentication mode for the user to input authentication information;

and after the authentication mode is added, finishing the authentication of the service executed by the user according to the authentication mode.

Optionally, the apparatus for authenticating, characterized in that,

the authentication mode comprises any one or more of a user unique identification authentication mode and a user biological characteristic authentication mode.

In order to achieve the above object, according to a fourth aspect of an embodiment of the present invention, there is provided an apparatus for authentication, including: the authentication information acquisition module and the authentication information sending module; wherein the content of the first and second substances,

the authentication information acquisition module is used for receiving a service authentication request, acquiring and storing an authentication strategy and an authentication mode contained in the service, wherein the authentication strategy and the authentication mode have a mapping relation; acquiring authentication priorities of at least two authentication modes; storing the authentication priority;

and the authentication information sending module is used for receiving a service executed by a user from a client, and sending the authentication strategy, the authentication mode, the mapping relation and the authentication priority corresponding to the service to the client according to the service.

Optionally, the apparatus for authenticating, characterized in that,

and determining the authentication mode used by the service according to the authentication priority, and sending the authentication mode.

To achieve the above object, according to a third aspect of embodiments of the present invention, there is provided an authenticated electronic apparatus, comprising: one or more processors; storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to carry out a method as claimed in any one of the above-mentioned methods of authentication.

To achieve the above object, according to a fourth aspect of embodiments of the present invention, there is provided a computer-readable medium on which a computer program is stored, characterized in that the program, when executed by a processor, implements the method as in any one of the above-described methods of authentication.

One embodiment of the above invention has the following advantages or benefits: the method has the advantages that the client can obtain the authentication strategy, the authentication mode and the mapping relation of the authentication strategy and the authentication mode corresponding to the service from the server according to the authentication strategy reflecting the service authentication requirement, and obtain the authentication priority of the authentication mode, when a plurality of services correspond to a plurality of authentication strategies, the authentication mode used by a user for executing the service is determined according to the authentication priority, and the problem of authentication confusion caused by triggering different authentication modes in a plurality of service scenes is solved; and by adding the authentication mode, the service authentication is completed according to the authentication information input by the user, the problem that the user needs to manually add the authentication information when the user does not have the authentication mode is solved, and the user experience is improved.

Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.

Drawings

The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:

fig. 1 is a flowchart illustrating a method applied to authentication of a client according to an embodiment of the present invention;

fig. 2 is a flowchart illustrating a method applied to authentication of a server according to an embodiment of the present invention;

fig. 3 is a schematic diagram of determining an authentication manner according to an embodiment of the present invention;

FIG. 4 is a flow chart illustrating user authentication according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of an apparatus for authentication applied to a client according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of an apparatus for authentication applied to a server according to an embodiment of the present invention;

FIG. 7 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;

fig. 8 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.

Detailed Description

Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

As shown in fig. 1, an embodiment of the present invention provides an authentication method, which is applied to a client, and the method may include the following steps:

step S101: according to one or more services executed by a user, acquiring one or more authentication policies contained in the services and one or more authentication modes corresponding to the authentication policies, wherein the authentication policies and the authentication modes have a mapping relation;

specifically, the client obtains an authentication policy and an authentication mode included in a service from the server according to the service executed by the user (i.e. one or more services executed by the user); the authentication policy is an authentication category required by the service, for example: a login authentication policy; an authentication policy for the transaction; authentication policy for payment, etc.; the authentication mode is that the user passes through the unique identification (such as an identity card number and a password, a user name and a password, a mobile phone number and a short message verification code and the like) of the user or the biological characteristics (such as a voiceprint, a fingerprint, an iris, a face and the like) of the user; namely, the authentication mode comprises any one or more of a user unique identifier authentication mode and a user biological characteristic authentication mode; further, the authentication policy and the authentication mode have a mapping relationship. The mapping relationship represents the association between the authentication policy and the authentication method, that is, the authentication method used by one authentication policy, for example: the identity authentication strategy of login uses a mobile phone number authentication mode; it is to be understood that a user may execute one or more services, and that a service may contain one or more authentication policies and an authentication policy may contain one or more authentication methods, depending on the context of the service.

Step S102: acquiring the authentication priority corresponding to the authentication mode from a server; acquiring an authentication priority corresponding to the authentication mode according to the mapping relation and the authentication priority; and determining the authentication mode used by the service according to the authentication priority.

Specifically, an authentication priority corresponding to the authentication mode is obtained from a server, and when a service scene contains a plurality of authentication strategies, the authentication mode used by the service is determined according to the mapping relation and the authentication priority of the authentication strategies; furthermore, according to different service scenes executed by a user, different scene authentication strategies need to be formulated, and the priority of the authentication mode is set, so that the conflict between the priority and the authentication mode caused by different authentication modes is overcome;

further, according to the mapping relationship and the authentication priority, three methods for determining the authentication mode used by the service are provided:

the first method comprises the following steps: acquiring the authentication modes corresponding to at least two authentication strategies according to the mapping relation; and selecting the highest priority in the authentication modes as the authentication mode used by the service according to the authentication priority.

This is illustrated in the schematic diagram of FIG. 3A, as shown in FIG. 3A: assuming that the scenario is user login in payment application, for example, service a and service B shown in fig. 3A are included in the login process, and there are two associated authentication policies, namely, an authentication policy a1 for transaction and an authentication policy B1 for preventing security risk (for example, a theft-proof policy), wherein, assuming that an authentication manner C3 having a mapping relationship with an authentication policy a1 is short message uplink, an authentication manner C1 having a mapping relationship with an authentication policy B1 is short message downlink, according to the obtained authentication priorities, as shown in fig. 3A, the authentication priorities are from top to bottom, i.e., the authentication manner C3 is higher than the authentication manner C1, determining an authentication manner C3 with a higher priority as an authentication manner, that is the authentication manner used for user uplink, and shielding the authentication of short message downlink of the user, and when the user short message uplink authentication is passed, the login services corresponding to the two authentication strategies pass the authentication, and the user login is successful. Namely, the determining the authentication mode used by the service according to the authentication priority comprises: acquiring the authentication modes corresponding to at least two authentication strategies according to the mapping relation; and selecting the highest priority in the authentication modes as the authentication mode used by the service according to the authentication priority.

The second method comprises the following steps: acquiring the authentication mode corresponding to the authentication strategy according to the mapping relation, acquiring the authentication mode and the authentication mode with the priority higher than that of the authentication mode according to the authentication priority, and generating list options of the authentication modes for a user to select; and determining the authentication mode used by the service according to the selection of the user.

Specifically, as illustrated in the schematic diagram of fig. 3B, for example, in the execution operation, the service B is included, authentication needs to be performed by using the authentication policy B2 associated with the service B, the authentication method having a mapping relationship with the authentication policy B2 is C2, and as illustrated in fig. 3B, the authentication methods having higher priorities than the authentication method C2 include C3 and C4, although C3 and C4 are not priorities corresponding to the authentication policy B2, a list option may be generated according to the authentication methods C2, C3, and C4, for example, displayed in a user page for selection by a user, and the user may select any one of the authentication methods C2, C3, and C4, determine the authentication method used by the service according to the selection of the user, and pass the authentication.

The third method comprises the following steps: and acquiring the authentication mode used by the service from a server, wherein the authentication mode is determined according to the authentication priority.

Specifically, the client side directly obtains the authentication mode used by the service from the server side, and the server side determines the authentication mode according to the authentication priority; the method for the server to determine the authentication mode may adopt a first method or a second method similar to that used by the client.

Step S103: and completing the authentication of the service executed by the user according to the authentication mode.

Specifically, according to the descriptions of step S101 to step S102, the authentication method used by the service is determined according to the mapping relationship between the authentication policy and the authentication method and the priority of the authentication method; further, according to the authentication mode, completing the authentication of the service executed by the user, including: and starting a page for a user to input authentication information according to the authentication mode, wherein the authentication information is used for finishing the authentication of the service executed by the user. For example: and starting a page if the authentication mode is face brushing, wherein the page comprises an input mode capable of acquiring the facial features of the user, namely, starting the page for the user to input authentication information, and further finishing the authentication process.

Further, when the authentication mode corresponding to the user is not found, starting a page added with the authentication mode for the user to input authentication information; and after the authentication mode is added, finishing the authentication of the service executed by the user according to the authentication mode. For example: when a user executes a voice payment service, a voiceprint authentication mode needs to be executed, and meanwhile, the user does not store information about voiceprints, a page added with the voiceprint authentication mode is started, so that the user can input the information of voiceprint authentication, and authentication is further completed according to the added voiceprint authentication mode. It can be understood that the technical means of the user self-service adding of the authentication mode adopted in the step solves the problem that the user service is interrupted because the worker needs to manually add the authentication mode to the user, and improves the user experience.

As shown in fig. 2, an embodiment of the present invention provides an authentication method, which is applied to a server, and the method may include the following steps:

step S201: receiving a service authentication request, and acquiring and storing an authentication strategy and an authentication mode contained in the service, wherein the authentication strategy and the authentication mode have a mapping relation.

Specifically, a server acquires an authentication policy and an authentication mode contained in a service, wherein the authentication policy and the authentication mode have a mapping relation; and storing the authentication strategy, the authentication mode and the mapping relation; further, acquiring authentication priorities of at least two authentication modes; storing the authentication priority. The mode for acquiring the authentication policy, the authentication mode and the authentication priority can be acquired through a configuration file or a server of a third party. Further, the descriptions of the authentication policy, the authentication method, the mapping relationship, and the authentication priority are consistent with those of steps S101 to S102, and are not repeated herein.

Step S202: and receiving a service executed by a user from a client, and sending the authentication strategy, the authentication mode, the mapping relation and the authentication priority corresponding to the service to the client according to the service.

Specifically, a service executed by a user is received from a client, for example, the service is a login payment application, an authentication policy related to the login service, an authentication mode with a mapping relationship and an authentication priority of the authentication mode are obtained according to the login service, and the authentication policy, the authentication mode, the mapping relationship and the authentication priority corresponding to the service are sent to the client according to the service. Further, according to the authentication priority, the authentication mode used by the service is determined, and the authentication mode is sent to the client.

As shown in fig. 4, an embodiment of the present invention provides a method for authentication, which may include the following steps;

step S401: the user performs the service.

Step S402: and determining the authentication mode used by the service according to the mapping relation and the authentication priority.

Specifically, the descriptions of step S401 to step S402 are: according to one or more services executed by a user, acquiring one or more authentication policies contained in the services and one or more authentication modes corresponding to the authentication policies, wherein the authentication policies and the authentication modes have a mapping relation; acquiring an authentication priority corresponding to the authentication mode; determining the authentication mode used by the service according to the authentication priority; the detailed description is consistent with the description of step S101 to step S102, and is not repeated here.

Step S403: and searching the authentication mode corresponding to the user.

Specifically, when the authentication mode corresponding to the user is found, step S405 is executed; otherwise, step S404 is executed. After the authentication mode related to the service is determined, further, the authentication mode corresponding to the user using the service is searched.

Step S404: and starting an authentication mode adding page.

Specifically, when the authentication mode corresponding to the user is not found, a page added with the authentication mode is started to allow the user to input authentication information. After the authentication mode is added, the authentication of the service executed by the user is completed according to the authentication mode; namely, step S405 is executed.

Step S405: a user authentication page is launched.

Step S406: and finishing the authentication.

Specifically, step S405 to step S406 describe that, according to the authentication manner, a page corresponding to the authentication manner is started to allow a user to input authentication information, where the authentication information is used to complete authentication of the service executed by the user.

As shown in fig. 5, an embodiment of the present invention provides an apparatus 500 for authentication, including: an authentication mode obtaining module 501, an authentication mode determining module 502 and a user authentication module 503; wherein the content of the first and second substances,

the authentication mode obtaining module 501 is configured to obtain, according to one or more services executed by a user, one or more authentication policies included in the services and one or more authentication modes corresponding to the authentication policies, where the authentication policies and the authentication modes have a mapping relationship;

the authentication priority obtaining module 502 is configured to obtain an authentication priority corresponding to the authentication manner; determining the authentication mode used by the service according to the authentication priority;

the user authentication module 503 is configured to complete the authentication of the service executed by the user according to the authentication manner.

Optionally, the module 502 for obtaining authentication priority is configured to obtain the authentication manner corresponding to the authentication policy according to the mapping relationship, obtain the authentication manner and an authentication manner with a priority higher than that of the authentication manner according to the authentication priority, and generate a list option of the authentication manners for a user to select; and determining the authentication mode used by the service according to the selection of the user.

Optionally, the module 502 for obtaining authentication priority is configured to obtain the authentication manners corresponding to at least two authentication policies according to the mapping relationship; and selecting the highest priority in the authentication modes as the authentication mode used by the service according to the authentication priority.

Optionally, the module 502 for obtaining the authentication priority is configured to obtain the authentication manner used by the service from the server, where the authentication manner is determined according to the authentication priority.

Optionally, the user authentication module 503 is configured to start a page corresponding to the authentication manner according to the authentication manner, so that a user inputs authentication information, where the authentication information is used to complete authentication of the service executed by the user.

Optionally, the user authentication module 503 is configured to, when the authentication manner corresponding to the user is not found, start a page to which the authentication manner is added to allow the user to input authentication information; and after the authentication mode is added, finishing the authentication of the service executed by the user according to the authentication mode.

Optionally, the obtaining authentication manner module 501 includes: the authentication mode comprises any one or more of a user unique identification authentication mode and a user biological characteristic authentication mode.

As shown in fig. 6, an embodiment of the present invention provides an apparatus 600 for authentication, including: an authentication information acquisition module 601 and an authentication information sending module 602; wherein the content of the first and second substances,

the authentication information obtaining module 601 is configured to receive a service authentication request, obtain and store an authentication policy and an authentication manner included in the service, where the authentication policy and the authentication manner have a mapping relationship; acquiring authentication priorities of at least two authentication modes; storing the authentication priority;

the authentication information sending module 602 is configured to receive a service executed by a user from a client, and send the authentication policy, the authentication manner, the mapping relationship, and the authentication priority corresponding to the service to the client according to the service.

Optionally, the authentication information sending module 602 is further configured to determine the authentication manner used by the service according to the authentication priority, and send the authentication manner.

An embodiment of the present invention further provides an authenticated electronic device, including: one or more processors; the storage device is used for storing one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors are enabled to realize the method provided by any one of the above embodiments.

Embodiments of the present invention further provide a computer-readable medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method provided in any of the above embodiments.

Fig. 7 illustrates an exemplary system architecture 700 of an apparatus or method of authentication to which embodiments of the invention may be applied.

As shown in fig. 7, the system architecture 700 may include terminal devices 701, 702, 703, a network 704, and a server 705. The network 704 serves to provide a medium for communication links between the terminal devices 701, 702, 703 and the server 705. Network 704 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.

A user may use the terminal devices 701, 702, 703 to interact with a server 705 over a network 704, to receive or send messages or the like. Various client applications, such as an electronic banking client application, an electronic mall client application, an instant messaging tool, a mailbox client, and the like, may be installed on the terminal devices 701, 702, and 703.

The terminal devices 701, 702, 703 may be various electronic devices having display screens and supporting various client applications, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.

The server 705 may be a server providing various services, such as a background management server providing support for client applications used by users with the terminal devices 701, 702, 703. The background management server can return an authentication strategy, an authentication mode, a mapping relation and an authentication priority corresponding to the service according to the received service request of the client application, and feeds back the authentication information to the terminal equipment.

It should be noted that the authentication method provided in the embodiment of the present invention is generally executed by the terminal devices 701, 702, and 703, and accordingly, the authentication apparatus is generally disposed in the terminal devices 701, 702, and 703 or the server 705.

It should be understood that the number of terminal devices, networks, and servers in fig. 7 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.

Referring now to FIG. 8, shown is a block diagram of a computer system 800 suitable for use with a terminal device implementing an embodiment of the present invention. The terminal device shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.

As shown in fig. 8, the computer system 800 includes a Central Processing Unit (CPU)801 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data necessary for the operation of the system 800 are also stored. The CPU 801, ROM 802, and RAM 803 are connected to each other via a bus 804. An input/output (I/O) interface 805 is also connected to bus 804.

The following components are connected to the I/O interface 805: an input portion 806 including a keyboard, a mouse, and the like; an output section 807 including a signal such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 808 including a hard disk and the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the I/O interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted on the storage section 808 as necessary.

In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 809 and/or installed from the removable medium 811. The computer program executes the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 801.

It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The modules and/or units described in the embodiments of the present invention may be implemented by software, and may also be implemented by hardware. The described modules and/or units may also be provided in a processor, and may be described as: a processor includes an acquisition authentication mode module, a determination authentication mode module, and a user authentication module. The names of these modules do not form a limitation on the module itself under certain circumstances, for example, the user authentication module may also be described as a "module that completes service authentication performed by a user according to a selected authentication manner", for example: can be described as: a processor includes an acquire authentication information module and a send authentication information module. The names of these modules do not form a limitation on the modules themselves in some cases, for example, the module for obtaining authentication information may also be described as a "module for obtaining service authentication information corresponding to a service according to a service request sent by a client".

As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: the method comprises the steps that a client side obtains one or more authentication strategies contained in one or more services executed by a user and one or more authentication modes corresponding to the authentication strategies, and the authentication strategies and the authentication modes have a mapping relation; acquiring an authentication priority corresponding to the authentication mode; determining the authentication mode used by the service according to the authentication priority; according to the authentication mode, completing the authentication of the service executed by the user; the method comprises the steps that a service terminal receives a service authentication request, acquires and stores an authentication strategy and an authentication mode contained in the service, wherein the authentication strategy and the authentication mode have a mapping relation; acquiring authentication priorities of at least two authentication modes; storing the authentication priority; and receiving a service executed by a user from a client, and sending the authentication strategy, the authentication mode, the mapping relation and the authentication priority corresponding to the service to the client according to the service.

The method has the advantages that the client can obtain the authentication strategy, the authentication mode and the mapping relation of the authentication strategy and the authentication mode corresponding to the service from the server according to the authentication strategy reflecting the service authentication requirement, and obtain the authentication priority of the authentication mode, when a plurality of services correspond to a plurality of authentication strategies, the authentication mode used by a user for executing the service is determined according to the authentication priority, and the problem of authentication confusion caused by triggering different authentication modes in a plurality of service scenes is solved; and by adding the authentication mode, the service authentication is completed according to the authentication information input by the user, the problem that the user needs to manually add the authentication information when the user does not have the authentication mode is solved, and the user experience is improved.

The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.