In the Internet world, oftentimes serviced by the services provided by service providers, clients need to interact with the servers by which the service providers utilize to provide such services. Typically, it is after the service provider servers verify the identities of the users of the client end that the users are permitted to access the service from the client end.
The prior art technology verifies a user's identity through prompting the user to answer the security questions or challenges configured upon the registration of the account. If the user answers the security challenges with the right answers pre-configured by the user, it is determined that the user's identity is successfully verified.
However, there are several problems existing with the prior art technology. For example, the right answers are pre-configured by the user for the security challenges either at the time of user registration or subsequently during the user's normal business operation under the account. The answers configured manually in this manner can easily be decrypted such that un-authorized parties can use the decrypted answers to pass the server verification of the user identity. Once an un-authorized party bypasses the user identity verification of a server, accesses to the respective services configured for the comprised account can be obtained, consequently causing economic harm to the genuine account holder.
Therefore, there exists a need of a method of user identity verification to enhance user account security.