Security verification method, related equipment and storage medium
1. A security verification method is applied to a terminal, the terminal comprises a security verification component and a service component, and the method comprises the following steps:
detecting a service execution instruction aiming at a target service, and calling the service component to send a service operation request aiming at the target service to a server;
calling the security verification component to intercept security verification information returned by the server in response to the service operation request;
calling the safety verification component to perform safety verification based on the safety verification information, and if the safety verification passes, sending verification passing indication information to the server so that the server verifies the verification passing indication information;
and calling the service component to receive service data returned by the server after the verification of the verification passing indication information is passed, and executing the target service according to the service data.
2. The method of claim 1, wherein the invoking the security verification component to intercept security verification information returned by the server in response to the business operation request comprises:
calling the security verification component to monitor a target event through an event bus, wherein the target event is used for indicating that a state code of data returned by the server is a target state code;
when the security verification component monitors a target event, intercepting the data of which the state code is the target state code, and acquiring security verification information from the data of which the state code is the target state code.
3. The method of claim 1 or 2, wherein prior to invoking the security verification component for security verification based on the security verification information, the method further comprises:
detecting whether an updating instruction for the safety verification component exists or not, and if so, acquiring version updating information for the safety verification component;
the invoking the security verification component to perform security verification based on the security verification information includes:
and updating the safety verification component by using the version updating information, and calling the updated safety verification component to perform safety verification based on the safety verification information, wherein the safety verification component before updating and the updated safety verification component have different verification logics.
4. The method according to claim 1 or 2, wherein the security verification component comprises a plurality of security verification sub-components, and the security verification mode corresponding to each security verification sub-component is different;
the invoking the security verification component to perform security verification based on the security verification information includes:
determining a security verification mode corresponding to the security verification information;
and calling a safety verification sub-assembly corresponding to the safety verification mode in the safety verification assembly to perform safety verification based on the safety verification information.
5. The method of claim 1 or 2, wherein invoking the security verification component for security verification based on the security verification information comprises:
calling the security verification component to determine a security verification mode aiming at the target service according to the security verification information, and displaying a security verification popup interface corresponding to the security verification mode;
and receiving verification input information input in the security verification popup interface, and calling the security verification component to perform security verification based on the verification input information.
6. A security authentication method, comprising:
receiving a service operation request aiming at a target service, which is sent by a terminal;
when detecting that the target service needs to be verified, acquiring security verification information aiming at the target service, and sending the security verification information to the terminal;
receiving verification passing indication information sent by the terminal, and verifying the verification passing indication information;
and when the verification passes through the indication information, acquiring service data aiming at the target service, and sending the service data aiming at the target service to the terminal.
7. The method of claim 6, wherein the service operation request includes feature information of the target service; the acquiring security verification information for the target service includes:
determining a security verification mode aiming at the target service according to the characteristic information of the target service;
and acquiring the safety verification information corresponding to the safety verification mode, and determining the state code of the safety verification information as a target state code.
8. A terminal, comprising a processor, a memory, wherein the memory is configured to store a computer program comprising program instructions, and wherein the processor is configured to invoke the program instructions to perform the method of any of claims 1-5.
9. A server, comprising a processor, a memory, wherein the memory is configured to store a computer program comprising program instructions, and wherein the processor is configured to invoke the program instructions to perform the method of any of claims 6-7.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to carry out the method according to any one of claims 1-7.
Background
With the rapid development of computers, in order to improve the security of data access and protect the rights and interests of users, security verification is generally required before executing a target service, so as to verify the identity of an object requesting to execute the target service and determine whether the object has the right to execute the target service, i.e. to prove that "i am me". At present, when security verification is performed on a target service, a service component generally needs to receive security verification information returned by a server and store the security verification information into a storage area, and then the security verification information can be obtained from the storage area and the security verification is performed only when the security verification is performed, so that the service component needs to know some logics of a security verification process, the influence of the security verification process on the service component is large, and the security verification efficiency is low. Therefore, how to improve the efficiency of security verification is an urgent problem to be solved.
Disclosure of Invention
The embodiment of the application provides a security verification method, related equipment and a storage medium, and the efficiency of security verification can be improved.
In one aspect, an embodiment of the present application discloses a security verification method, including:
detecting a service execution instruction aiming at a target service, and calling the service component to send a service operation request aiming at the target service to a server;
calling the security verification component to intercept security verification information returned by the server in response to the service operation request;
calling the safety verification component to perform safety verification based on the safety verification information, and if the safety verification passes, sending verification passing indication information to the server so that the server verifies the verification passing indication information;
and calling the service component to receive service data returned by the server after the verification of the verification passing indication information is passed, and executing the target service according to the service data.
On the other hand, the embodiment of the application discloses another security verification method, which comprises the following steps:
receiving a service operation request aiming at a target service, which is sent by a terminal;
when detecting that the target service needs to be verified, acquiring security verification information aiming at the target service, and sending the security verification information to the terminal;
receiving verification passing indication information sent by the terminal, and verifying the verification passing indication information;
and when the verification passes through the indication information, acquiring service data aiming at the target service, and sending the service data aiming at the target service to the terminal.
In another aspect, an embodiment of the present application discloses a security verification apparatus, including:
the detection unit is used for detecting a service execution instruction aiming at the target service;
the calling unit is used for calling the service component to send a service operation request aiming at the target service to a server;
the calling unit is further configured to call the security verification component to intercept security verification information returned by the server in response to the service operation request;
the calling unit is further configured to call the security verification component to perform security verification based on the security verification information, and if the security verification passes, send verification passing indication information to the server, so that the server verifies the verification passing indication information;
the calling unit is further configured to call the service component to receive service data returned by the server after the verification of the verification passing indication information passes, and execute the target service according to the service data.
In another aspect, an embodiment of the present application discloses another security verification apparatus, including:
a receiving unit, configured to receive a service operation request for a target service sent by a terminal;
a processing unit, configured to obtain security authentication information for the target service when it is detected that the target service needs to be authenticated,
a sending unit, configured to send the security verification information to the terminal;
the receiving unit is further configured to receive verification passing indication information sent by the terminal, and verify the verification passing indication information;
the processing unit is further configured to obtain service data for the target service after the verification of the verification passing indication information passes;
the sending unit is further configured to send the service data for the target service to the terminal.
In another aspect, an embodiment of the present application provides a terminal, including a processor and a memory, where the memory is used for storing a computer program, the computer program includes program instructions, and the processor is configured to perform the following steps:
detecting a service execution instruction aiming at a target service, and calling the service component to send a service operation request aiming at the target service to a server;
calling the security verification component to intercept security verification information returned by the server in response to the service operation request;
calling the safety verification component to perform safety verification based on the safety verification information, and if the safety verification passes, sending verification passing indication information to the server so that the server verifies the verification passing indication information;
and calling the service component to receive service data returned by the server after the verification of the verification passing indication information is passed, and executing the target service according to the service data.
In yet another aspect, an embodiment of the present application provides a server, which includes a processor and a memory, where the memory is used to store a computer program, the computer program includes program instructions, and the processor is configured to perform the following steps:
receiving a service operation request aiming at a target service, which is sent by a terminal;
when detecting that the target service needs to be verified, acquiring security verification information aiming at the target service, and sending the security verification information to the terminal;
receiving verification passing indication information sent by the terminal, and verifying the verification passing indication information;
and when the verification passes through the indication information, acquiring service data aiming at the target service, and sending the service data aiming at the target service to the terminal.
In another aspect, an embodiment of the present application provides a computer-readable storage medium, in which computer program instructions are stored, and when executed by a processor, the computer program instructions are configured to perform the following steps:
detecting a service execution instruction aiming at a target service, and calling the service component to send a service operation request aiming at the target service to a server;
calling the security verification component to intercept security verification information returned by the server in response to the service operation request;
calling the safety verification component to perform safety verification based on the safety verification information, and if the safety verification passes, sending verification passing indication information to the server so that the server verifies the verification passing indication information;
and calling the service component to receive service data returned by the server after the verification of the verification passing indication information is passed, and executing the target service according to the service data.
In yet another aspect, an embodiment of the present application provides another computer-readable storage medium, in which computer program instructions are stored, and when the computer program instructions are executed by a processor, the computer program instructions are configured to perform the following steps:
receiving a service operation request aiming at a target service, which is sent by a terminal;
when detecting that the target service needs to be verified, acquiring security verification information aiming at the target service, and sending the security verification information to the terminal;
receiving verification passing indication information sent by the terminal, and verifying the verification passing indication information;
and when the verification passes through the indication information, acquiring service data aiming at the target service, and sending the service data aiming at the target service to the terminal.
In yet another aspect, embodiments of the present application disclose a computer program product or a computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the computer device executes the security verification method.
In the embodiment of the application, the security verification component can be called to intercept security verification information returned by the server in response to the service operation request, the security verification component is called to perform security verification, if the security verification passes, verification passing indication information is sent to the server, the service component is called to receive service data returned after the verification passing indication information is verified by the server, and therefore the target service is executed according to the service data. Therefore, by calling the security verification component to intercept the security verification information returned by the server in response to the service operation request, the influence of the security verification logic on the service component can be reduced, the decoupling of the security verification component and the service component is realized, and the efficiency of the security verification process is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a security verification system provided in an embodiment of the present application;
fig. 2 is a schematic diagram of an application flow of a security verification system provided in an embodiment of the present application;
fig. 3 is a schematic flowchart of a security verification method provided in an embodiment of the present application;
FIG. 4 is a schematic diagram illustrating an effect of a security verification popup interface according to an embodiment of the present disclosure;
fig. 5 is a schematic flowchart of another security verification method provided in an embodiment of the present application;
fig. 6 is a schematic structural diagram of a security authentication device according to an embodiment of the present application;
FIG. 7 is a schematic structural diagram of another security authentication device provided in an embodiment of the present application;
fig. 8 is a schematic structural diagram of a terminal according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a security verification scheme, which can call a security verification component by a terminal (or a client, hereinafter described by taking the terminal as an example) to intercept security verification information returned by a server, send verification passing indication information to the server if the security verification component is called to perform security verification, and call a service component to receive service data returned by the server after the verification passing indication information is verified, so that a target service is executed according to the service data. Therefore, the influence of the safety verification logic on the service component can be reduced, the decoupling of the safety verification component and the service component is realized, and the efficiency of the safety verification process is improved.
The technical scheme of the application can be applied to a safety verification system. For example, please refer to fig. 1, fig. 1 is a schematic structural diagram of a security verification system according to an embodiment of the present disclosure. As shown in fig. 1, the security authentication system may include a terminal and a server. The terminal can comprise a service component and a security verification component, the security verification component can be used for intercepting data of which the status code returned by the server is the target status code, the security verification component can also be used for performing security verification, and the security verification component can also be used for sending verification passing indication information aiming at the target service to the server; the service component can be used for receiving a service execution instruction and sending a service operation request aiming at a target service to the server, the service component can also be used for receiving service data returned by the server and executing the target service according to the service data, the server can be used for receiving the service operation request sent by the terminal and determining whether the target service needs to be safely verified according to the service operation request, if the target service needs to be safely verified, safety verification information aiming at the safety verification data is returned to the terminal, the server can also be used for verifying safety verification indication information, and if the target service passes the verification, the service data aiming at the target service is returned to the terminal. Optionally, the security verification system may further include a security verification background, where the security verification background may be configured to generate security verification information for the target service, and may also verify the security verification indication information.
Optionally, the client may operate in a terminal. The terminal related to the present application may be a smart phone, a tablet computer, a notebook computer, a desktop computer, and the like, which are not described herein again. The server may also be called a server, a service device, or other names, and the application is not limited. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as cloud service, a cloud database, cloud computing, cloud storage, domain name service, security service, and the like, which is not limited herein. The terminal and the server may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein. Further optionally, the server may be a node in a blockchain.
In a possible implementation manner, reference may be made to fig. 2 for an application process of the entire security verification system, and fig. 2 is a schematic diagram of an application flow of a security verification system provided in an embodiment of the present application. As shown in fig. 2, the terminal includes a server and a terminal, where the terminal may include a security verification component and a service component, and after receiving a service execution instruction for a target service, the terminal invokes the service component to send a service operation request for the target service to the server (i.e., step S201); after receiving a service operation request, the server determines whether to perform security verification on a target service, if so, the server sends security verification information aiming at the target service to the terminal, the terminal calls a security verification component to intercept the security verification information returned by the server (step S202), so that the terminal calls the security verification component to perform security verification based on the security verification information, after the security verification passes, the terminal calls the security verification component to send verification passing indication information to the server (step S203), after the server receives the verification passing indication information, the server performs the security verification on the verification passing indication information, and if the verification passes, the server sends service data aiming at the target service to the terminal (step S204), so that the terminal executes the target service after receiving the service data.
It is to be understood that the foregoing scenarios are only examples, and do not constitute a limitation on application scenarios of the technical solutions provided in the embodiments of the present application, and the technical solutions of the present application may also be applied to other scenarios. For example, as can be known by those skilled in the art, with the evolution of system architecture and the emergence of new service scenarios, the technical solution provided in the embodiments of the present application is also applicable to similar technical problems.
Based on the above description, the embodiment of the present application provides a security verification method. Referring to fig. 3, fig. 3 is a schematic flowchart of a security verification method according to an embodiment of the present disclosure. The method can be applied to the terminal and executed by the terminal. The method may comprise steps S301-S304.
S301, detecting a service execution instruction aiming at the target service, and calling a service component to send a service operation request aiming at the target service to the server.
The target service may be any service that needs to be executed in a service component in the terminal, such as accessing a certain web page, querying certain more important data, editing a certain document that needs permission, paying a certain order, and the like, which is not limited herein. The service execution instruction is used for instructing to start a target service execution flow, and the service execution instruction may be an instruction generated when the terminal detects an operation indicating the start of the target service, such as detecting that a user clicks a control indicating to start the target service, or if detecting that a voice instruction indicates to start the target service, and the like; the service execution instruction may also be an instruction for a target service generated when the terminal detects that a certain condition is met, and if the terminal detects that a page is refreshed after a user does not perform an operation for a certain time, the service execution instruction for the target task of refreshing the page is generated.
The service component may be a component for performing service processing, that is, execution logic of the service, input and output during execution, and the like are determined by the component. The business component exists in a component form, so that the decoupling between the business processing logic and the processing logic of other modules (such as a module for performing security verification) can be realized, and the dependency between the business processing logic and other modules is reduced. The service operation request for the target service may include target account information, device information, service operation information, and the like in the terminal, which is not limited herein, so that the service operation request is sent to the server, so that the server determines service data for the target service according to the service operation request and returns the service data to the terminal, where the target account information is used to indicate account information logged in the terminal when the target service is executed, such as an account name of the target account, and the device information is used to indicate device information of the terminal device, such as a device number of the terminal, network information of the device, a system type of the terminal (such as android, IOS, and the like), and the service operation information is used to indicate a purpose of service operation, a called interface, and the like. It can be understood that when the server detects that the security verification of the target service is required, the server returns the security verification information for the target service to the terminal.
S302, calling a security verification component to intercept security verification information returned by the server in response to the service operation request.
The safety verification component can be a component for safety verification, and the safety verification component exists in a component form, so that decoupling between the safety verification logic and processing logic of other modules (such as a module for business processing) can be realized, and dependency between the safety verification logic and other modules is reduced. The security verification information is used to indicate information for performing security verification on the target service, and the security verification information may include information of a verification manner of the security verification, page data of a security verification interface (e.g., a security verification popup interface), and the like. Wherein, the verification mode can comprise one or more of the following modes: the transaction password, the mobile token, the short message OTP, the voice OTP, the card password, the fingerprint, the voiceprint, the face recognition, and the like may be different for each verification mode.
In one possible implementation, invoking the security verification component to intercept the security verification information returned by the server in response to the business operation request may include the following steps: calling a security verification component to monitor a target event through an event bus, wherein the target event is used for indicating a state code of data returned by a server as a target state code; when the security verification component monitors a target event, the data of which the state code is the target state code is intercepted, and the security verification information is obtained from the data of which the state code is the target state code. The event bus is a realization of a (publish-subscribe) mode, is a centralized event processing mechanism, allows different components to communicate with each other without mutual dependence, and achieves a decoupling purpose, so that when a state code of data returned by a server is monitored to be a target state, a security verification component is called to intercept the data with the state code as the target state code, and further security verification information is obtained. The status code may be used to indicate the status of the data returned by the server for the service operation request, such as the status of processing an error, redirection to another task, and the like. The target status code is used to indicate that the returned data is data for security verification, for example, if the target status code is 3333, when the data with the status code of 3333 returned by the server is detected, it indicates that security verification needs to be performed on the data with the status code of 3333, and then the security verification component is invoked to intercept the data with the status code of 3333 returned by the server, so as to obtain security verification information from the data.
S303, calling the security verification component to perform security verification based on the security verification information, and if the security verification passes, sending verification passing indication information to the server so that the server verifies the verification passing indication information.
The security verification based on the security verification information may be receiving verification input information input by a user, comparing the verification input information with verification reference information, obtaining a security verification result according to the comparison result, if the comparison result is that the verification input information matches the verification reference information, the security verification result is that the security verification is passed, and if the comparison result is that the verification input information does not match the verification reference information, the security verification result is that the security verification is not passed. The security verification input information is used to indicate input information received by the terminal for security verification, and the verification reference information is used to indicate information for comparison in the security verification process, for example, if the security verification information indicates that the security verification method for security verification is a security verification method for face recognition, a face image received by the terminal in the security verification process is verification input information, and a correct face image stored in the terminal or the server for the target service is verification reference information. For another example, if the security verification information indicates that the security verification method for performing security verification is an OTP (One-time Password, also called dynamic Password) code, the verification input information is a verification code received by the terminal and input in the security verification process, and the verification reference information is an OTP code sent by the server to the preset contact method. It is understood that the verification reference information may be verification reference information for a target service that is set in advance by a user, such as a face image, a fingerprint image, a voiceprint, etc. that the user determines to execute the target service through identity authentication, etc. in advance, and the verification reference information may also be verification reference information that is sent to a preset contact by a server, such as a short message OTP, a voice OTP, etc. that is sent by the server through the preset contact.
The verification passing indication information is used to indicate information sent to the server after the verification passes, so that the server verifies the verification passing indication information, and the terminal may receive the service data after the verification passing indication information is verified by the server, where in some scenarios, the verification passing indication information may also be referred to as token (token). It can be understood that the service execution instruction for the target service can be received only after the target account is logged in the browser of the terminal, or the target service refers to a service for logging in the target account, and then after the target account is logged in, or when the target account is logged in, the token for the target account sent by the server is received, and after the security verification is performed, the security verification component can send the token (which may be referred to as security verification indication information herein) to the server, so that the server verifies the security verification indication information, and if the server determines that the security verification indication information is indication information that the target service corresponding to the target account passes verification through verification, the service data for the target service is sent to the terminal of the target account.
In one possible implementation, invoking the security verification component for security verification based on the security verification information may include: calling a security verification component to determine a security verification mode aiming at the target service according to the security verification information and displaying a security verification popup interface corresponding to the security verification mode; and receiving verification input information input in the security verification popup interface, and calling the security verification component to perform security verification based on the verification input information. The security verification popup interface can be a popup interface for performing security verification, that is, the security verification component performs security verification through the security verification popup interface, for example, a verification input frame for security verification is displayed through the security verification interface, and for example, verification input information is received through the security verification interface. For example, please refer to fig. 4, fig. 4 is a schematic diagram illustrating an effect of a security verification popup interface provided in an embodiment of the present application, and as shown in fig. 4, the security verification popup interface is displayed on a service interface in a popup mode, that is, a portion 401 in the figure, where the service interface may be an interface for performing service processing. It can be understood that the security verification popup interface is displayed in a popup mode, so that a service interface for a target service is not affected, and therefore, the service interface does not need to jump to the security verification interface for security verification, and the response speed is improved. It can be understood that invoking the security verification component to perform security verification based on the verification input information is essentially to perform security verification by comparing the verification input information with the verification reference information, and is not described herein again. Optionally, the process of performing security verification by the security verification component may be that verification reference information sent by the security verification background is received, so that after verification input information is received, the verification reference information is compared with the verification input information, and whether security verification passes or not is determined; the process of performing the security verification by the security verification component may also be that after receiving the verification input information, the security verification background sends the verification input information for the target service to the security verification background, so that the security verification background compares the verification input information with the verification reference information, and then after determining whether the security verification passes, the security verification component sends the indication information to the security verification component in the terminal, so that the security verification component determines whether the security verification for the target service passes, where no limitation is made. The security authentication background may be a program for performing security authentication service executed in a server, and the server may be the same as or different from a server that receives a service operation request for a target service, and is not limited herein.
In a possible implementation manner, before invoking the security verification component to perform security verification based on the security verification information, the application may further include the following steps: and detecting whether an updating instruction for the safety verification component exists or not, and if so, acquiring version updating information for the safety verification component. Furthermore, invoking the security verification component to perform security verification based on the security verification information may further include: and updating the security verification component by using the version updating information, and calling the updated security verification component to perform security verification based on the security verification information, wherein the security verification component before updating and the security verification component after updating have different verification logics. The update instruction is used for indicating an instruction for updating the security verification component, and the update instruction can be an instruction generated when the existence of the version update information of the security verification component is detected. The version update information may be information for updating the security verification component, such as a version number after updating the security verification component, data for updating the security verification component, a problem of improvement of the updated security verification component, and the like. It is to be understood that the updating of the security verification component may be a full amount of updating of the security verification component, or a patching of the security verification component, which is not limited herein. Optionally, after the update instruction for the security verification component is detected, prompt information may be generated to prompt a user that version update information for the security verification component exists, so that the user determines whether to update the security verification component, and if the user selects to update the security verification component, the version update information for the security verification component is obtained, and the security verification component is updated by using the version update information, so that the updated security verification component is invoked to perform security verification based on the security verification information; and if the user chooses not to update the safety verification component, version updating information aiming at the safety verification component is not acquired, and the safety verification component which is not updated is called to perform safety verification based on the safety verification information. It is understood that the security verification component before updating and the security verification component after updating have different verification logics, and the security verification logics are used for indicating the overall execution logic of the security verification, details in the security verification process, the security verification manner, and the like, and are not limited herein.
In a possible implementation manner, the security verification component includes a plurality of security verification sub-components, where the security verification manner corresponding to each security verification sub-component is different, and further, the security verification component is invoked to perform security verification based on the security verification information, and the method may further include the following steps: determining a security verification mode corresponding to the security verification information; and calling a safety verification sub-assembly corresponding to the safety verification mode in the safety verification assembly to perform safety verification based on the safety verification information. The safety verification sub-assemblies can be sub-assemblies in the safety verification assembly, each safety verification sub-assembly corresponds to one safety verification mode, and the safety verification modes corresponding to the safety verification sub-assemblies are different, so that decoupling of verification logics among various safety verification modes can be realized, and further, operations such as addition, deletion, updating and the like of the safety verification sub-assembly corresponding to a certain safety verification mode can be realized under the condition that the verification logics of the safety verification sub-assemblies corresponding to other safety verification modes are not influenced. Therefore, when the security verification component is called to perform security verification, the security verification subcomponent corresponding to the security verification mode in the security verification component is essentially called to perform security verification, and details are not repeated here.
S304, calling the service component to receive the service data returned by the server after the verification of the verification passing indication information is passed, and executing the target service according to the service data.
The service data is used to indicate data required for executing the target service, and may include page data required for executing the target service, service related data that needs to be displayed in a page when the target service is executed, and the like, which are not limited herein. The page data is used to indicate data of a page displayed when a target service is executed, such as a structure, a font, a color, and the like of the page, and the service-related data is used to indicate acquired service-related data, for example, if the target service is to query employee information of an important employee, the service-related data is the employee information of the important employee. The server verifies the returned service data after the verification passing indication information is passed, and is used for indicating the service data, which is acquired by the server after the verification passing indication information is verified and aims at the target service, so that the terminal can receive the service data, which is returned by the server and aims at the target service, and execute the target service according to the service data. Optionally, executing the target service according to the service data may be displaying a page corresponding to the execution of the target service, that is, after the terminal invokes the security verification component to perform security verification, the terminal may receive the service data returned by the server, so as to display the target service in a service interface, where the service interface is also an interface displayed in the terminal for performing service processing and is different from the security verification interface for performing security verification.
In the embodiment of the application, the security verification component can be called to intercept security verification information returned by the server in response to the service operation request, the security verification component is called to perform security verification, if the security verification passes, verification passing indication information is sent to the server, the service component is called to receive service data returned after the verification passing indication information is verified by the server, and therefore the target service is executed according to the service data. Therefore, by calling the security verification component to intercept the security verification information returned by the server in response to the service operation request, the influence of the security verification logic on the service component can be reduced, the decoupling of the security verification component and the service component is realized, and the efficiency of the security verification process is improved.
Referring to fig. 5, fig. 5 is a schematic flowchart of another security verification method according to an embodiment of the present disclosure. The method can be applied to the server and can be executed by the server. The method may comprise steps S501-S504.
S501, receiving a service operation request aiming at a target service, which is sent by a terminal.
The terminal is configured to receive a service execution instruction for a target service, and send a service operation request to the server, where the service operation request may include target account information, device information, service operation information, and the like in the terminal, and details are not described here.
S502, when the target service is detected to be verified, the safety verification information aiming at the target service is obtained, and the safety verification information is sent to the terminal.
Whether the target service needs to be subjected to security verification or not can be determined through the wind control management engine, namely, whether the target service needs to be subjected to security verification or not is determined according to the risk control rule. The wind control management engine is used for indicating whether security verification needs to be performed on a target service according to a risk control rule, wherein the risk control rule can be determined according to target account information, equipment information, service operation information and the like, for example, whether security verification needs to be performed on the target service can be determined according to a risk level corresponding to the service operation information, and when the service operation information indicates that a called interface risk coefficient is large, security verification needs to be performed on the target service.
The security verification information is used to indicate information for performing security verification on the target service, and the security verification information may include information of a verification mode of the security verification, page data of a security verification interface, and the like. Optionally, the security verification information may be acquired by the server from a security verification background, and the security verification background may be a background for performing security verification and may generate the security verification information for the target service.
In a possible implementation manner, the service operation request may further include feature information of the target service, and then obtaining security verification information for the target service may further include the following steps: determining a security verification mode aiming at the target service according to the characteristic information of the target service; and acquiring the safety verification information corresponding to the safety verification mode, and determining the state code of the safety verification information as the target state code. The feature information of the target service may be information used to indicate features of the target service, such as the above target account information, device information, service operation information, and the like, which may be collectively referred to as feature information of the target service, and a security verification manner for the target service may be determined according to the feature information of the target service, where the security verification manner may be a security verification manner set by a user corresponding to the account information, and if the user may select face recognition payment, fingerprint recognition payment, password payment, or the like when paying an order, the server may set a security verification manner for the target service according to the account information in the service operation request; the server may also determine which security verification method is adopted for the target service according to the feature information of the target service, for example, when the server determines that the network state of the current device of the target service is good according to the feature information of the target service and has a camera and other devices, a convenient security verification method may be preferentially selected, such as determining a face recognition security verification method. The state code of the safety verification information is determined as the target state code and is used for indicating the server to set the corresponding state code so that the terminal can conveniently determine the state of the returned data when returning the data to the terminal, and the state code is used for indicating the returned data as the data for safety verification, so that the terminal can conveniently and quickly determine the safety verification information according to the target state code. Thereby contributing to the flexibility and reliability of the security authentication.
S503, receiving the verification passing indication information sent by the terminal, and verifying the verification passing indication information.
The verification passing indication information is used for indicating that the security verification process performed in the terminal passes verification, the server can verify the verification passing information, the process that the server verifies the verification passing execution information is called secondary verification, and the server can determine that the terminal completes the security verification process and the security verification passes through the secondary verification process. In some scenarios, the verification pass indication information may also be referred to as a token. Optionally, the server verifies the security verification passing indication information, and may invoke a security verification background to verify the verification passing indication information, that is, the security verification background may determine, through the target account corresponding to the target service, the token for the target account stored in the security verification background, and then the security verification background may verify the stored token and the verification passing indication information, if the token matched with the verification passing indication information is stored in the security verification background, it indicates that the verification passes the indication information, and otherwise, if the token matched with the verification passing indication information is not detected in the security verification background, it indicates that the verification passes the indication information.
S504, when the verification passes through the indication information, acquiring the service data aiming at the target service, and sending the service data aiming at the target service to the terminal.
After the verification of the verification passing indication information passes, the service data for the target service can be acquired and sent to the terminal, so that the terminal can execute the target service according to the service data for the target service. The service data is used to indicate data required for executing the target service, and may include page data required for executing the target service, service related data required to be displayed in a page when the target service is executed, and the like, which are not limited herein.
In the embodiment of the application, a service operation request aiming at a target service, which is sent by a terminal, can be received; when the target service is detected to be verified, acquiring security verification information aiming at the target service, sending the security verification information to the terminal so that the security verification component can intercept the security verification of the security verification information machine type, then receiving verification passing indication information sent by the terminal, and verifying the verification passing indication information; and when the verification passes through the indication information, sending the service data aiming at the target service to the terminal. Thereby, the efficiency of the security authentication process can be improved.
Referring to fig. 6, fig. 6 is a schematic structural diagram of a security verification apparatus according to an embodiment of the present application. Alternatively, the security authentication apparatus may be provided in the terminal (or client). As shown in fig. 6, the security authentication apparatus described in the present embodiment may include:
a detecting unit 601, configured to detect a service execution instruction for a target service;
a calling unit 602, configured to call the service component to send a service operation request for the target service to a server;
the invoking unit 602 is further configured to invoke the security verification component to intercept security verification information returned by the server in response to the service operation request;
the invoking unit 602 is further configured to invoke the security verifying component to perform security verification based on the security verifying information, and if the security verification passes, send verification passing indication information to the server, so that the server verifies the verification passing indication information;
the invoking unit 602 is further configured to invoke the service component to receive service data returned by the server after the verification of the verification passing indication information passes, and execute the target service according to the service data.
In an implementation manner, the invoking unit 602 is specifically configured to:
calling the security verification component to monitor a target event through an event bus, wherein the target event is used for indicating that a state code of data returned by the server is a target state code;
when the security verification component monitors a target event, intercepting the data of which the state code is the target state code, and acquiring security verification information from the data of which the state code is the target state code.
In one implementation, the detecting unit 601 is further configured to:
detecting whether an updating instruction for the safety verification component exists or not, and if so, acquiring version updating information for the safety verification component;
the calling unit 602 is specifically configured to:
and updating the safety verification component by using the version updating information, and calling the updated safety verification component to perform safety verification based on the safety verification information, wherein the safety verification component before updating and the updated safety verification component have different verification logics.
In an implementation manner, the security verification component includes a plurality of security verification sub-components, a security verification manner corresponding to each security verification sub-component is different, and the invoking unit 602 is specifically configured to:
determining a security verification mode corresponding to the security verification information;
and calling a safety verification sub-assembly corresponding to the safety verification mode in the safety verification assembly to perform safety verification based on the safety verification information.
In an implementation manner, the invoking unit 602 is specifically configured to:
calling the security verification component to determine a security verification mode aiming at the target service according to the security verification information, and displaying a security verification popup interface corresponding to the security verification mode;
and receiving verification input information input in the security verification popup interface, and calling the security verification component to perform security verification based on the verification input information.
Referring to fig. 7, fig. 7 is a schematic structural diagram of another security verification apparatus provided in the embodiment of the present application. Alternatively, the security authentication apparatus may be provided in the server. As shown in fig. 7, the security authentication apparatus described in the present embodiment may include:
a receiving unit 701, configured to receive a service operation request for a target service sent by a terminal;
a processing unit 702, configured to, when it is detected that the target service needs to be verified, obtain security verification information for the target service,
a sending unit 703, configured to send the security verification information to the terminal;
the receiving unit 701 is further configured to receive verification passing indication information sent by the terminal, and verify the verification passing indication information;
the processing unit 702 is further configured to obtain service data for the target service after the verification of the verification passing indication information passes;
the sending unit 703 is further configured to send the service data for the target service to the terminal.
In an implementation manner, the service operation request includes feature information of the target service, and the processing unit 702 is specifically configured to:
determining a security verification mode aiming at the target service according to the characteristic information of the target service;
and acquiring the safety verification information corresponding to the safety verification mode, and determining the state code of the safety verification information as a target state code.
It can be understood that each functional unit of the security verification apparatus of this embodiment may be specifically implemented according to the method in the foregoing method embodiment fig. 3 or fig. 5, and the specific implementation process may refer to the related description of the embodiment of the method in fig. 3 or fig. 5, which is not described herein again.
Please refer to fig. 8, fig. 8 is a schematic structural diagram of a terminal according to an embodiment of the present application. The terminal described in this embodiment includes: a processor 801 and a memory 802. Optionally, the terminal may further include a network interface 803 or a power supply module. Data may be exchanged between the processor 801, the memory 802, and the network interface 803.
The Processor 801 may be a Central Processing Unit (CPU), and may be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The network interface 803 may include an input device such as a control panel, a microphone, a receiver, etc., and/or an output device such as a display screen, a transmitter, etc., to name but a few. For example, in an application embodiment, the network interface may include a receiver and a transmitter.
The memory 802, which may include both read-only memory and random-access memory, provides program instructions and data to the processor 801. A portion of the memory 802 may also include non-volatile random access memory. Wherein, the processor 801 is configured to execute, when calling the program instruction:
detecting a service execution instruction aiming at a target service, and calling the service component to send a service operation request aiming at the target service to a server;
calling the security verification component to intercept security verification information returned by the server in response to the service operation request;
calling the safety verification component to perform safety verification based on the safety verification information, and if the safety verification passes, sending verification passing indication information to the server so that the server verifies the verification passing indication information;
and calling the service component to receive service data returned by the server after the verification of the verification passing indication information is passed, and executing the target service according to the service data.
In one implementation, the processor 801 is specifically configured to:
calling the security verification component to monitor a target event through an event bus, wherein the target event is used for indicating that a state code of data returned by the server is a target state code;
when the security verification component monitors a target event, intercepting the data of which the state code is the target state code, and acquiring security verification information from the data of which the state code is the target state code.
In one implementation, the processor 801 is further configured to:
detecting whether an updating instruction for the safety verification component exists or not, and if so, acquiring version updating information for the safety verification component;
the processor 801 is specifically configured to:
and updating the safety verification component by using the version updating information, and calling the updated safety verification component to perform safety verification based on the safety verification information, wherein the safety verification component before updating and the updated safety verification component have different verification logics.
In one implementation, the security verification component includes a plurality of security verification sub-components, each security verification sub-component has a different corresponding security verification manner, and the processor 801 is specifically configured to:
determining a security verification mode corresponding to the security verification information;
and calling a safety verification sub-assembly corresponding to the safety verification mode in the safety verification assembly to perform safety verification based on the safety verification information.
In one implementation, the processor 801 is specifically configured to:
calling the security verification component to determine a security verification mode aiming at the target service according to the security verification information, and displaying a security verification popup interface corresponding to the security verification mode;
and receiving verification input information input in the security verification popup interface, and calling the security verification component to perform security verification based on the verification input information.
Referring to fig. 9, fig. 9 is a schematic structural diagram of a server according to an embodiment of the present disclosure. The server described in this embodiment includes: a processor 901, a memory 902. Optionally, the server may further include a network interface 903 or a power supply module. The processor 901, the memory 902, and the network interface 903 may exchange data with each other.
The Processor 901 may be a Central Processing Unit (CPU), and may also be other general-purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field-Programmable Gate arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The network interface 903 may include an input device such as a control panel, a microphone, a receiver, etc., and/or an output device such as a display screen, a transmitter, etc., to name but a few. For example, in an application embodiment, the network interface may include a receiver and a transmitter.
The memory 902 may include a read-only memory and a random access memory, and provides program instructions and data to the processor 901. A portion of the memory 902 may also include non-volatile random access memory. When the processor 901 calls the program instruction, it is configured to:
receiving a service operation request aiming at a target service, which is sent by a terminal;
when detecting that the target service needs to be verified, acquiring security verification information aiming at the target service, and sending the security verification information to the terminal;
receiving verification passing indication information sent by the terminal, and verifying the verification passing indication information;
and when the verification passes through the indication information, acquiring service data aiming at the target service, and sending the service data aiming at the target service to the terminal.
In an implementation manner, the service operation request includes feature information of the target service, and the processor 901 is specifically configured to:
determining a security verification mode aiming at the target service according to the characteristic information of the target service;
and acquiring the safety verification information corresponding to the safety verification mode, and determining the state code of the safety verification information as a target state code.
Optionally, the program instructions may also implement other steps of the method in the above embodiments when executed by the processor, and details are not described here.
The present application further provides a computer-readable storage medium, where a computer program is stored, where the computer program includes program instructions, and the program instructions, when executed by a processor, cause the processor to execute the above method, for example, execute the method executed by the terminal, execute the method executed by the server, and so on, which are not described herein again.
Optionally, the storage medium, such as a computer-readable storage medium, referred to herein may be non-volatile or volatile.
Alternatively, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like. The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
It should be noted that, for simplicity of description, the above-mentioned embodiments of the method are described as a series of acts or combinations, but those skilled in the art should understand that the present application is not limited by the order of acts described, as some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
Embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a computer-readable storage medium. The computer instructions are read by a processor of a computer device from a computer-readable storage medium, and the computer instructions are executed by the processor to cause the computer device to perform the steps performed in the embodiments of the methods described above. For example, the computer device may be a terminal, or may be a server.
The security verification method, apparatus, related devices and storage media provided in the embodiments of the present application are described in detail above, and a specific example is applied in the present application to explain the principle and implementation manner of the present application, and the description of the above embodiments is only used to help understand the method and core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
- 上一篇:石墨接头机器人自动装卡簧、装栓机
- 下一篇:权限处理方法、电子设备及存储介质