CN101047503A - Method and system for fetching cipher - Google Patents
Method and system for fetching cipher Download PDFInfo
- Publication number
- CN101047503A CN101047503A CN 200610066941 CN200610066941A CN101047503A CN 101047503 A CN101047503 A CN 101047503A CN 200610066941 CN200610066941 CN 200610066941 CN 200610066941 A CN200610066941 A CN 200610066941A CN 101047503 A CN101047503 A CN 101047503A
- Authority
- CN
- China
- Prior art keywords
- client
- applicant
- server
- contact person
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A method for cipher taking back includes receiving account number desired to take cipher back and sent from applicant client end by server, carrying out interaction of server with applicant client end and contact person client end corresponding said account number to judge whether status certification of applicant is passed or not and generating new cipher for said account number by server as well as sending new cipher to applicant client end if it is or otherwise ending this time of flow. The system used for realizing said method is also disclosed.
Description
Technical field
The present invention relates to Internet technology, particularly relate to a kind of method and system that after the user loses account number cipher, carries out fetching cipher.
Background technology
The situation that account number cipher is lost takes place in Internet user sometimes.Here said account number cipher is lost and is comprised that two kinds of situations, a kind of situation are that account number cipher is revised and user and ignorant by other people, and another kind of situation is that user self has forgotten account number cipher.In order to allow the user who loses account number cipher can continue to use account, be that account generates a new password normally, and new password informed the user who loses the account number original code that this way is called fetching cipher by server.Consider safety problem, before fetching cipher, need at first to carry out authentication, confirm that promptly the applicant of application fetching cipher is exactly the actual owner of account number.
Prior art has two kinds of methods to realize fetching cipher.First method is, when the user registers account number, submits own contact method by the user to server, for example phone number or e-mail address, and server is bound account number and these contact methods.Server sends to the contact method that the user submits to the new password that generates after the request of receiving fetching cipher.Second method is in user's registration, to submit to some personal information storage on server by the user.During authentication before carrying out fetching cipher, it is right to carry out the artificial nucleus by the customer service personnel with regard to these personal information and applicant, and judges whether by authentication according to checked result.If pass through, then new password is sent to the contact method that the applicant provides separately.
Prior art has bigger limitation.In general, no matter be contact method or personal information, in the account number registration, must not provide, and server can not verified its real effectiveness yet.The user on the one hand, has the consideration of aspects such as protection privacy when registration; On the other hand, can think the situation of unlikely generation password loss.Like this, the user can not provide authentic and valid contact method or personal information usually.If the contact method that the user provides is not authentic and valid, first of prior art kind of identity identifying method just can't be realized so; If the personal information that the user provides is not authentic and valid, when carrying out authentication, the user possibly can't be provided by the own content that provides when registration so, so also is difficult to finish second kind of identity identifying method of prior art.That is to say that prior art depends on the information that the user provides to server when registration when carrying out authentication, can't carry out authentication under more general situation, and further help the user of password loss to fetch password.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method and system of fetching cipher, does not rely on the information that the user provides to server when authentication, thereby finish fetching cipher when registration under more general situation.
In order to achieve the above object, the invention provides a kind of method of fetching cipher, this method comprises:
The account number of fetching cipher is carried out in the hope that A, server reception applicant client are sent;
B, server and applicant's client and mutual with the corresponding contact person's of described account number client judge whether by the authentication to the applicant, if pass through, and execution in step C then, otherwise finish this flow process;
C, server are that described account number generates new password, and new password is sent to applicant's client.
Wherein, all passwords of the described account number correspondence of server stores further comprise between steps A and step B:
AB11, server judge that whether the password of described account number correspondence surpasses one, if execution in step AB12 then, otherwise execution in step AB13;
AB12, server judge whether applicant's client can provide the historical password of described account number, if can provide then execution in step B, otherwise finish this flow process;
AB13, server judge whether account number is online, if online, then finish this flow process, otherwise execution in step B.
Wherein, steps A further comprises:
What server received that applicant's client sends carries out the pairing Affiliates List of account number of fetching cipher with hope;
Between steps A and step B, further comprise:
Server is judged the contact person in the list that applicant's client sent, and the contact person in the Affiliates List of the described account number of storing with server is consistent, if consistent, execution in step B then, otherwise finish this flow process.
Wherein, preestablish authentication question, the described server of step B and applicant's client and mutual with the corresponding contact person's client of described account number judge whether to comprise by the authentication to the applicant:
B11, server send to applicant's client and contact person's client with authentication question, and receive the answer for authentication question that applicant's client and contact person's client are sent;
Whether B12, server comparison applicant client be consistent with the answer for authentication question that contact person's client is sent, if consistent, then by authentication to the applicant, otherwise by the authentication to the applicant.
Wherein, preestablish lowest percentage, whether what the described server comparison of step B12 applicant client was sent with contact person's client sends consistently for the answer of authentication question is:
B121, server respectively relatively each contact person's client sent whether consistent for the answer of authentication question with the answer that applicant's client is sent for authentication question, and the number of the consistent contact person's client of the answer that sent of record answer and applicant's client;
B122, server calculate answer and the consistent contact person's client number of answer that applicant's client is sent, and account for the percentage of total participation authentication contact person client number;
Whether the percentage that is calculated among B123, the server comparison step B122 is not less than the lowest percentage that sets, if be not less than the lowest percentage that sets, the answer for authentication question that is sent with contact person's client of thinking then that applicant's client sent is consistent, if less than the lowest percentage that sets, the answer for authentication question that is sent with contact person's client of thinking then that applicant's client sent is inconsistent.
Wherein, preestablish authentication question, the described server of step B and applicant's client and mutual with the corresponding contact person's client of described account number judge whether to comprise by the authentication to the applicant:
B21, server are issued applicant's client with authentication question, and receive the answer to authentication question that applicant's client is sent, and the answer to authentication question that applicant's client is sent sends to contact person's client then;
B22, contact person are according to the answer of applicant to authentication question, and whether decision confirms whether the applicant is the actual owner of account number, and conclusion is submitted to server by contact person's client;
B23, server judge whether contact person's client confirms to apply for the actual owner of artificial account number, if the affirmation of contact person's client, then by authentication to the applicant, otherwise by the authentication to the applicant.
Wherein, step B server and applicant's client and mutual with the corresponding contact person's client of described account number judge whether to comprise by the authentication to the applicant:
B31, contact person's client and applicant's client are mutual, and the contact person determines whether confirm whether the applicant is the actual owner of account number according to interaction results, and conclusion is submitted to server by contact person's client;
B32, server judge whether contact person's client confirms to apply for the actual owner of artificial account number, if contact person's affirmation, then by authentication to the applicant, otherwise by the authentication to the applicant.
Wherein, preestablish lowest percentage, described server judges whether contact person's client confirms that the actual owner who applies for artificial account number is:
Server calculates contact person's client number of confirming the actual owner of the artificial account number of application, accounts for the percentage of total participation authentication contact person client number; Whether the percentage that relatively calculates then is not less than the lowest percentage that sets, if be not less than the lowest percentage that sets, think that then contact person's client confirms the actual owner of the artificial account number of application, if less than the lowest percentage that sets, then think the actual owner of the artificial account number of contact person's client application unconfirmed.
Wherein, between steps A and step B, further comprise:
AB21, server provide contacts list to applicant's client;
AB22, applicant select to participate in the contact person of authentication from tabulation, and selection result is sent to server.
The present invention also provides a kind of system of fetching cipher, and this system comprises:
Applicant's client is used for and server interaction, initiates and finish the fetching cipher flow process;
Server, be used for basis and applicant's client and the mutual content of contact person's client, whether judge the applicant by authentication, and mutual with applicant's client under by the situation of authentication, and then new password is sent to applicant's client the applicant;
Contact person's client, be used for server interaction to finish authentication to the applicant.
Wherein, described server comprises:
The communication service module is used for and applicant's client and contact person's client communication, and sends Content of Communication to logic judgment module;
Logic control module, be used for Content of Communication according to communication service module and applicant's client and contact person's client of server, judge that whether the applicant is by authentication, and under the situation of applicant by authentication, the database module of Control Server is the account number setting code again, and new password is sent to the applicant by the communication service module;
Database module is used to store the relevant information of account number, comprises the contacts list of account number at least; And under the control of Logic control module, generate and set new password for account number.
Wherein, described applicant's client is for further having the device of following function:
With contact person's client alternately to carry out authentication to the applicant;
The communication service module of described server is for further having the module of following function:
Set up communicating to connect of applicant's client and contact person's client;
Described contact person's client is for further having the device of following function:
With applicant's client alternately to carry out authentication to the applicant.
Adopt technical scheme provided by the present invention, during authentication before carrying out fetching cipher, contact person's client of server and applicant's client and account number is carried out alternately, according to mutual results verification applicant's identity, and new password is sent to applicant's client.Server mainly depends on the information of the actual owner of account number known to the contact person to applicant's authentication, provides and be stored in information on the server and needn't depend on the user when the registration account number.Further, if authentication is by carrying out alternately with a plurality of contact person's clients, can also improving the accuracy of authentication.The scheme of applied authentication in the present invention though be that authentication during at fetching cipher proposes, can also be applied to other occasions flexibly.
Description of drawings
Fig. 1 is the flow chart of the method embodiment one of fetching cipher provided by the invention;
Fig. 2 is the flow chart of the method embodiment two of fetching cipher provided by the invention;
Fig. 3 is the block diagram of the system of fetching cipher provided by the invention.
Embodiment
Core concept of the present invention is: when the applicant proposes to fetch the application of password to account number, by the contact person of account the applicant is carried out authentication, judge whether the applicant is the owner of account; Whether server is that the applicant carries out the fetching cipher flow process according to contact person's authentication conclusion decision.
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with drawings and the specific embodiments.
The applied account number of the present invention can be various types of account numbers, and at dissimilar account numbers, described contact person has different forms.For example, for the instant messaging account number, described contact person is exactly other users in the buddy list; For e-mail accounts, described contact person is other e-mail addresses in the address book.In following embodiment, mainly be applied to the instant messaging account number cipher and fetch and be example with the present invention, describe technical scheme provided by the present invention in detail.
Please refer to Fig. 1, Fig. 1 is the flow chart of the method embodiment one of fetching cipher provided by the invention, and this embodiment comprises:
Step 101: what server reception applicant client sent carries out the application of fetching cipher to a certain account number.
Generally, the user can't login after finding to have imported original code when login, realizes password loss thus.For instantaneous communication system, what the user logined is instant communication client, therefore, the user can submit the fetching cipher application to by the fetching cipher interface that instant communication client provided, and at this moment described applicant's client is exactly an instant communication client.Certainly, the user also can visit specific network address, submits the fetching cipher application to by the fetching cipher interface that this particular web site provided, and at this moment described applicant's client is exactly a browser.At least comprise the account number of wishing to carry out fetching cipher in the fetching cipher application of being submitted to.
Step 102: server judges whether the pairing password number of account number that the applicant wishes to carry out fetching cipher is 1, if execution in step 114 then, otherwise execution in step 103.
The password of instant messaging account number all leaves on the instant communication server.In order to realize the present invention, instant communication server also should be preserved and account number corresponding historical password except preserving the current password corresponding with account number.
Judge that whether the pairing password number of account number is that 1 purpose is, judges that according to described password number password loss belongs to any situation.If the password of account number correspondence has only one, then think it may is that the actual owner self of account number has forgotten account number cipher, also need follow-up flow process further to confirm; If the password of account number correspondence surpasses one, then think it may is that account number cipher is revised by other people and the actual owner of account number and ignorant, also need follow-up flow process further to confirm.
Step 103: server sends message to applicant's client, requires applicant's client that the desired historical password that carries out the account number of fetching cipher is provided.
Step 104: server is judged the historical password that applicant's client is sent, and with server institute stored historical password coupling, if coupling, then execution in step 105, otherwise execution in step 115.
If the corresponding a plurality of passwords of account number, in step 102, server thinks it may is that account number cipher is revised by other people and the actual owner of account number and ignorant.The password before but the actual owner of account number should be able to provide and be modified.Therefore, the applicant has only by applicant's client provides correct historical password, just the qualified flow process that enters authentication.
After server receives the historical password that applicant's client sent, the historical password that applicant's client is sent is compared with server institute stored historical password, if two passwords are just the same, then think historical password that applicant's client is sent and server institute stored historical password coupling, otherwise think and do not match.If the historical password of the account number of storing on the server is above one, then server historical password that applicant's client is sent is compared with in the server institute stored historical password each, if any one in historical password that applicant's client is sent and the server institute stored historical password is just the same, think that then historical password and server institute stored historical password that applicant's client is sent mate; Otherwise think and do not match.
Step 105: judge whether account number is online, if online, then execution in step 106, otherwise execution in step 107.
Because present embodiment is that example illustrates technical scheme provided by the present invention with the instant messaging account number, therefore the online finger of said herein account number is exactly whether the instant messaging account number is used.
Step 106: force account to roll off the production line.
Force the purpose that account rolls off the production line to have two: at first, in general instantaneous communication system, an account number can only be logined once simultaneously, has only to allow current online account number roll off the production line, could allow the applicant login account, and finish authentication by instant communication client; Secondly, because the applicant provides correct historical password and initiated flow for authenticating ID in step 102, that so using account might be illegal user, therefore needs to force illegal user to roll off the production line.
Step 107: send message to applicant's client, prompting applicant client login account, and mark this log on as interim login, refuse other logging request simultaneously for account.
Here said interim login refers to the applicant behind login account on the instant communication client, can only use limited function, and controls account can not be as normal the use time fully.Because do not finish as yet applicant's authentication process this time, can not confirm that the applicant is exactly the actual owner of account.The function that interim login identity can be used generally only is to send message by instant communication client, and can not makes change to the attribute of account number.
In order to realize interim login, server is identifier of each login configurations, represents that with this identifier this login is interim login or normal login.For example, described identifier is a bit, represents that when this binary digit is 0 this login is normal login, represents that when this binary digit is 1 this login is interim login.When the user logined, server was provided with the value of this identifier.After user's login, server judges according to the value of this identifier whether the operation requests that the user sends by instant communication client can be performed.For example, if the value of identifier is 1, then the instant communication client request that password revises of carrying out that sends to server is judged as serviced device can not carry out.
And,,, also should refuse other logging request for account based on the identical reason that rolls off the production line with pressure account in the step 104 because the applicant has logined account.
Step 108: return contacts list and authentication question to applicant's client.
Contacts list also leaves on the instant communication server, sends to applicant's client by instant communication server.Server can all return to applicant's client with whole contacts list, also can select a part wherein to return to applicant's client.If latter event promptly selects a part of contact person in the contacts list to return to applicant's client, when selecting, can select current online contact person so, also can select and the more frequent contact person of applicant's contacts.Contacts list is returned to the purpose of applicant's client, is in order to allow the applicant select a part of contact person to participate in authentication from tabulation, to improve the efficient of authentication.Certainly, instant communication server can not send contacts list to applicant's client yet, and decides the contact person who participates in authentication in its sole discretion by instant communication server.
Authentication question is predefined.Normally more relevant information with the applicant, and answer is determined.For example, applicant's name, sex, birthplace, date of birth etc.
Step 109: receive the answer that applicant's client is sent for authentication question, and selecting the authentication contact person.
The applicant can pass through instant communication client, further selects part conduct wherein that oneself is carried out the contact person of authentication from the contacts list that server provides.To ownly send to instant communication server by instant communication client then to the answer of authentication question with to the selected of authentication contact person.
In order to improve the reliability of authentication, can preestablish a threshold value, the selected authentication of applicant contact person's number must be greater than this threshold value.If the selected authentication of applicant contact person's number less than the threshold value that sets, then points out the applicant to proceed to select till selected authentication contact person's number is greater than or equal to the threshold value that sets.
Step 110: the contact person client selected to the applicant sends message, and notification of contacts is carried out authentication to the applicant, and sends authentication question.
Step 111: receive the answer that contact person's client is sent for authentication question.
Step 112: judge whether the answer for authentication question that applicant's client and contact person's client sent is consistent,, think that then authentication passes through execution in step 113 if consistent; Otherwise think that authentication do not pass through execution in step 115.
In step 111, the contact person makes answer to Verify Your Identity questions, and answer is sent to instant communication server by the employed instant communication client of contact person oneself according to the personal information of the actual owner of account number known to the contact person oneself.Whether instant communication server contrast contact person is consistent to the answer of authentication question with the applicant to the answer of authentication question, if unanimity is thought that then authentication passes through, otherwise thought and do not pass through.
There being a plurality of contact persons to participate under the situation of authentication, can preestablish a lowest percentage.After instant communication server gathered the answer for authentication question that each contact person's client that participates in authentication sent, at first calculating had percent what contact person, and its answer of submitting to is consistent with the answer that the applicant is submitted to.Whether the percentage that judge to calculate gained then surpasses predefined lowest percentage, if surpass, thinks that then authentication passes through, otherwise thinks that authentication do not pass through.Certainly, described lowest percentage also can be one of percentage hundred, promptly only under the consistent situation of the answer that all answers that the contact person submitted to that participate in authentications are all submitted to the applicant, instant communication server is just thought applicant's authentication is passed through.
Step 113: carry out follow-up fetching cipher flow process alternately with applicant's client.
In this time, instant communication server has confirmed that the applicant is exactly the actual owner of account number, therefore can carry out follow-up fetching cipher flow process alternately with the applicant.For example, new password is sent on the instant communication client of applicant's use; Perhaps allow the applicant submit an E-mail address to, new password is sent to this mailbox by instant communication client.The applicant logins once more with new password after withdrawing from current interim login, has just had the power that account number is controlled fully.
If account number cipher is revised and the unwitting situation of actual owner of account number by other people, server is also deleted the current password of account number, utilizes same flow process to carry out fetching cipher to prevent the people who revises account number cipher.
Step 114 judges whether account number is online, if online, then execution in step 115, otherwise return execution in step 107.
If the password of account number correspondence has only one, and account is online again, then server is thought the current actual owner who is using the user of account number as account number, and the applicant of application fetching cipher is not the actual owner of account number, will not carry out follow-up authentication flow process, so execution in step 115.Otherwise if the password of account number correspondence has only one, and account is not online, and then server thinks it may is that user self has forgotten account number cipher, also needs follow-up flow process further to carry out authentication to the applicant.
Step 115: after applicant's client sends prompting message, finish this flow process.
Instant communication server is by this fetching cipher flow process failure of instant communication client prompting applicant.In prompting, can also provide concrete reason, for example account number has only a password and account number current online, and perhaps the applicant fails to provide correct historical password, and perhaps the contact person fails the authentication by the applicant.
As first kind of replacement scheme, in step 110, the answer for authentication question that instant communication server can be sent applicant's client directly sends to contact person's client.The answer that the contact person sends according to instant communication server for authentication question, in conjunction with the understanding of contact person oneself for the actual owner's of account number personal information, judge whether the applicant is the actual owner of account number, and will judge that conclusion feeds back to instant communication server by instant communication client.Like this, in step 111, instant communication server receives is the conclusion that the applicant is carried out authentication that contact person's client is sent.And in step 112, whether the conclusion that instant communication server is sent according to contact person's client confirms to apply for that it still is step 115 that the actual owner of artificial account number decides execution in step 113.
There being a plurality of contact persons to participate under the situation of authentication, can preestablish a lowest percentage.After instant communication server gathers the judgement conclusion that each contact person's client that participates in authentication sent, at first calculate to confirm the actual owner's of the artificial account number of application contact person's number, shared percentage in the contact person's of total participation authentication number.Whether the percentage that judge to calculate gained then surpasses predefined lowest percentage, if surpass, thinks that then authentication passes through, otherwise thinks that authentication do not pass through.Certainly, described lowest percentage also can be one of percentage hundred, promptly only confirms all that all contact persons that participate in authentications the applicant is under actual owner's the situation of account number, and instant communication server is just thought applicant's authentication is passed through.
As second kind of replacement scheme, because in instantaneous communication system, can between instant communication client, set up directly by instant communication server and connect, therefore in the step 109 of former scheme, server can receive only the applicant by applicant's client selected to the contact person that participates in authentication, being respectively applicant's client then directly is connected with the selected client foundation that participates in the contact person of authentication of each defending party to the application, in the step 110 of former scheme, just pass through the employed instant communication client of applicant oneself like this, authentication question is sent to the selected contact person's client of applicant oneself by the applicant; And in the step 110 of first kind of replacement scheme, also can be by the applicant by the employed instant communication client of applicant oneself, the answer of authentication question is sent to contact person's client that applicant oneself selectes.Instant communication server is being set up the direct-connected while for applicant's instant communication client and contact person's instant communication client, notes the applicant and has selected which contact person to participate in authentication.
As the third replacement scheme, authentication question can not be predefined also, but decide according to the personal information of the actual owner of account number known to own by the contact person who participates in authentication.Like this, instant communication server only needs at first to send Affiliates List to the employed instant communication client of applicant, and need not send authentication question; Then, according to applicant's selecting for the contact person who participates in authentication, by the employed instant communication client of chosen contact person, notify chosen contact person to carry out authentication, and set up the connection between applicant's instant communication client and contact person's the instant communication client; Next, contact person and applicant are undertaken alternately by instant communication client separately, and the contact person makes authentication conclusion to the applicant according to mutual content, and send to instant communication server by contact person's client; Instant communication server judges that according to the authentication conclusion that chosen contact person's client is sent whether the applicant is by authentication.
Please refer to Fig. 2, Fig. 2 is the flow chart of the method embodiment two of fetching cipher provided by the invention, and this embodiment comprises:
Step 201: what server reception applicant client sent carries out the application of fetching cipher to a certain account number, and Affiliates List.
The applicant can submit the fetching cipher application to by the fetching cipher interface that instant communication client provided; Also can visit specific network address, submit the fetching cipher application to by the fetching cipher interface that this particular web site provided.At least comprise the account number of wishing to carry out fetching cipher in the fetching cipher application, and the Affiliates List of account.
Step 202: whether the Affiliates List that comparison applicant client is sent is consistent with the account number Affiliates List of server stores, if consistent, then execution in step 203, otherwise execution in step 212.
Server is provided with two threshold values: first threshold value and second threshold value, if be present in the Affiliates List that applicant's client sent simultaneously and the contact person's number in the account number Affiliates List of server stores surpasses first threshold value; And only be present in the Affiliates List that applicant's client sent, and the contact person's number that is not present in the account number Affiliates List of server stores surpasses second threshold value, thinks that then Affiliates List that applicant's client sent is consistent with the account number Affiliates List of server stores.
For example, suppose that described first threshold value is 3, second threshold value is 2, applicant's client has sent A, B, C, five contact persons of D and E, and A is arranged among the contact person of the account number of server stores, B, C, D, F, G, H, be present in the Affiliates List that applicant's client sent so simultaneously and the contact person in the account number Affiliates List of server stores is A, B, C, totally 4 of D, only be present in the Affiliates List that applicant's client sent, and the contact person who is not present in the account number Affiliates List of server stores is totally 1 of E, and server just thinks that Affiliates List that applicant's client sent is consistent with the account number Affiliates List of server stores so.
To be whether the preliminary identification applicant is qualified carry out follow-up authentication flow process to the purpose in this step, to avoid the fetching cipher flow process by the initiation of malice.
Step 203 adds that to step 113 step 115 is the same basically with step 105 to step 212, institute's difference only is, server will obtain after will directly adopting and comparing in the step 202, in the Affiliates List that both had been present in the applicant and is provided, be present in the contact person in the account number Affiliates List that server stores again, carry out follow-up authentication, and do not need the applicant once more the contact person who participates in authentication to be selected.
The alternative steps of present embodiment is also the same with the alternative steps described in the embodiment one.
Please refer to Fig. 3, Fig. 3 is the block diagram of the system of fetching cipher provided by the invention.This system comprises applicant's client, server and contact person's client.
The system that carries out authentication provided by the present invention comprises:
Applicant's client is used for and server interaction, initiates and finish the fetching cipher flow process; Can also be when needed with contact person's client alternately to carry out authentication.
Server comprises: communication service module, Logic control module and database module.
The communication service module of server at first is used for and applicant's client and contact person's client communication, and sends Content of Communication to the server logical judge module; Also be used in needs, setting up the direct communication contact between applicant's client and the contact person's client.
The server logical control module at first is used for the Content of Communication according to communication service module and applicant's client and contact person's client of server, judges that whether the applicant is by authentication; The database module that also is used for Control Server is the account number setting code again, and the communication service module of new password by server sent to the applicant.
The data in server library module is used to store the relevant information of account number, comprises historical and current password, and the contacts list of account number; Also be used to account number to generate and set new password.
Contact person's client is used for and server interaction, provides to server the applicant is carried out the required information of authentication; Can also be when needed with applicant's client alternately to carry out authentication.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1, a kind of method of fetching cipher is characterized in that, this method comprises:
The account number of fetching cipher is carried out in the hope that A, server reception applicant client are sent;
B, server and applicant's client and mutual with the corresponding contact person's of described account number client judge whether by the authentication to the applicant, if pass through, and execution in step C then, otherwise finish this flow process;
C, server are that described account number generates new password, and new password is sent to applicant's client.
2, the method for fetching cipher according to claim 1 is characterized in that, all passwords of the described account number correspondence of server stores further comprise between steps A and step B:
AB11, server judge that whether the password of described account number correspondence surpasses one, if execution in step AB12 then, otherwise execution in step AB13;
AB12, server judge whether applicant's client can provide the historical password of described account number, if can provide then execution in step B, otherwise finish this flow process;
AB13, server judge whether account number is online, if online, then finish this flow process, otherwise execution in step B.
3, the method for fetching cipher according to claim 1 is characterized in that, steps A further comprises:
What server received that applicant's client sends carries out the pairing Affiliates List of account number of fetching cipher with hope;
Between steps A and step B, further comprise:
Server is judged the contact person in the list that applicant's client sent, and the contact person in the Affiliates List of the described account number of storing with server is consistent, if consistent, execution in step B then, otherwise finish this flow process.
4, the method for fetching cipher according to claim 1, it is characterized in that, preestablish authentication question, the described server of step B and applicant's client and mutual with the corresponding contact person's client of described account number judge whether to comprise by the authentication to the applicant:
B11, server send to applicant's client and contact person's client with authentication question, and receive the answer for authentication question that applicant's client and contact person's client are sent;
Whether B12, server comparison applicant client be consistent with the answer for authentication question that contact person's client is sent, if consistent, then by authentication to the applicant, otherwise by the authentication to the applicant.
5, the method for fetching cipher according to claim 4, it is characterized in that, preestablish lowest percentage, whether what the described server comparison of step B12 applicant client was sent with contact person's client sends consistently for the answer of authentication question is:
B121, server respectively relatively each contact person's client sent whether consistent for the answer of authentication question with the answer that applicant's client is sent for authentication question, and the number of the consistent contact person's client of the answer that sent of record answer and applicant's client;
B122, server calculate answer and the consistent contact person's client number of answer that applicant's client is sent, and account for the percentage of total participation authentication contact person client number;
Whether the percentage that is calculated among B123, the server comparison step B122 is not less than the lowest percentage that sets, if be not less than the lowest percentage that sets, the answer for authentication question that is sent with contact person's client of thinking then that applicant's client sent is consistent, if less than the lowest percentage that sets, the answer for authentication question that is sent with contact person's client of thinking then that applicant's client sent is inconsistent.
6, the method for fetching cipher according to claim 1, it is characterized in that, preestablish authentication question, the described server of step B and applicant's client and mutual with the corresponding contact person's client of described account number judge whether to comprise by the authentication to the applicant:
B21, server are issued applicant's client with authentication question, and receive the answer to authentication question that applicant's client is sent, and the answer to authentication question that applicant's client is sent sends to contact person's client then;
B22, contact person are according to the answer of applicant to authentication question, and whether decision confirms whether the applicant is the actual owner of account number, and conclusion is submitted to server by contact person's client;
B23, server judge whether contact person's client confirms to apply for the actual owner of artificial account number, if the affirmation of contact person's client, then by authentication to the applicant, otherwise by the authentication to the applicant.
7, the method for fetching cipher according to claim 1 is characterized in that, step B server and applicant's client and mutual with the corresponding contact person's client of described account number judge whether to comprise by the authentication to the applicant:
B31, contact person's client and applicant's client are mutual, and the contact person determines whether confirm whether the applicant is the actual owner of account number according to interaction results, and conclusion is submitted to server by contact person's client;
B32, server judge whether contact person's client confirms to apply for the actual owner of artificial account number, if contact person's affirmation, then by authentication to the applicant, otherwise by the authentication to the applicant.
8, according to claim 6 or 7 described methods of carrying out authentication, it is characterized in that, preestablish lowest percentage, described server judges whether contact person's client confirms that the actual owner who applies for artificial account number is:
Server calculates contact person's client number of confirming the actual owner of the artificial account number of application, accounts for the percentage of total participation authentication contact person client number; Whether the percentage that relatively calculates then is not less than the lowest percentage that sets, if be not less than the lowest percentage that sets, think that then contact person's client confirms the actual owner of the artificial account number of application, if less than the lowest percentage that sets, then think the actual owner of the artificial account number of contact person's client application unconfirmed.
9, method of carrying out authentication according to claim 1 is characterized in that, further comprises between steps A and step B:
AB21, server provide contacts list to applicant's client;
AB22, applicant select to participate in the contact person of authentication from tabulation, and selection result is sent to server.
10, a kind of system of fetching cipher is characterized in that, this system comprises:
Applicant's client is used for and server interaction, initiates and finish the fetching cipher flow process;
Server, be used for basis and applicant's client and the mutual content of contact person's client, whether judge the applicant by authentication, and mutual with applicant's client under by the situation of authentication, and then new password is sent to applicant's client the applicant;
Contact person's client, be used for server interaction to finish authentication to the applicant.
11, the system of fetching cipher according to claim 10 is characterized in that, described server comprises:
The communication service module is used for and applicant's client and contact person's client communication, and sends Content of Communication to logic judgment module;
Logic control module, be used for Content of Communication according to communication service module and applicant's client and contact person's client of server, judge that whether the applicant is by authentication, and under the situation of applicant by authentication, the database module of Control Server is the account number setting code again, and new password is sent to the applicant by the communication service module;
Database module is used to store the relevant information of account number, comprises the contacts list of account number at least; And under the control of Logic control module, generate and set new password for account number.
12, the system of fetching cipher according to claim 10 is characterized in that, described applicant's client is for further having the device of following function:
With contact person's client alternately to carry out authentication to the applicant;
The communication service module of described server is for further having the module of following function:
Set up communicating to connect of applicant's client and contact person's client;
Described contact person's client is for further having the device of following function:
With applicant's client alternately to carry out authentication to the applicant.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006100669410A CN101047503B (en) | 2006-03-30 | 2006-03-30 | Method and system for fetching cipher |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006100669410A CN101047503B (en) | 2006-03-30 | 2006-03-30 | Method and system for fetching cipher |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101047503A true CN101047503A (en) | 2007-10-03 |
| CN101047503B CN101047503B (en) | 2010-04-14 |
Family
ID=38771761
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006100669410A Active CN101047503B (en) | 2006-03-30 | 2006-03-30 | Method and system for fetching cipher |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101047503B (en) |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102035649A (en) * | 2009-09-29 | 2011-04-27 | 国际商业机器公司 | Authentication method and device |
| CN102340750A (en) * | 2010-07-20 | 2012-02-01 | 上海酷吧信息技术有限公司 | Method for retrieving password of mobile phone private space |
| CN102769629A (en) * | 2012-07-27 | 2012-11-07 | 汉柏科技有限公司 | Client-side password storage method and service system |
| CN101626316B (en) * | 2009-08-04 | 2012-11-07 | 深圳市腾讯计算机系统有限公司 | Method, apparatus and system for confirming attribution of account numbers |
| CN102821110A (en) * | 2012-09-06 | 2012-12-12 | 深圳英飞拓科技股份有限公司 | Password finding method used for audio/video storage device |
| CN102880819A (en) * | 2012-08-08 | 2013-01-16 | 北京九恒星科技股份有限公司 | Password setting method and system for users outside system and password setting center |
| CN103179098A (en) * | 2011-12-23 | 2013-06-26 | 阿里巴巴集团控股有限公司 | Method and device for retrieving password of network account number |
| CN103246841A (en) * | 2012-02-09 | 2013-08-14 | 富泰华工业(深圳)有限公司 | Unlocking password resetting system and method of electronic device |
| CN103368928A (en) * | 2012-04-11 | 2013-10-23 | 富泰华工业(深圳)有限公司 | System and method for resetting account password |
| CN103442002A (en) * | 2013-08-23 | 2013-12-11 | 北京网秦天下科技有限公司 | Device and method for resetting password |
| CN104104656A (en) * | 2013-04-07 | 2014-10-15 | 腾讯科技(深圳)有限公司 | Account retrieving method and device |
| WO2014180149A1 (en) * | 2013-05-07 | 2014-11-13 | Tencent Technology (Shenzhen) Company Limited | Method, system and computer storage medium for handling of account theft in online games |
| CN104184705A (en) * | 2013-05-23 | 2014-12-03 | 腾讯科技(深圳)有限公司 | Verification method, apparatus, server, user data center and system |
| WO2014190841A1 (en) * | 2013-05-31 | 2014-12-04 | Tencent Technology (Shenzhen) Company Limited | Data recovery method, device and system using same |
| CN104751032A (en) * | 2013-12-31 | 2015-07-01 | 腾讯科技(深圳)有限公司 | Authentication method and authentication device |
| CN104883367A (en) * | 2015-05-20 | 2015-09-02 | 吴振祎 | Method for auxiliary verification login, system, and application client |
| CN104883255A (en) * | 2015-06-24 | 2015-09-02 | 郑州悉知信息技术有限公司 | Password resetting method and device |
| CN104967606A (en) * | 2015-04-23 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Account number appeal request, account number appeal verification method and account number appeal verification device |
| CN106332054A (en) * | 2016-10-20 | 2017-01-11 | 广东欧珀移动通信有限公司 | Method and device for identifying verification in data migration |
| CN106559387A (en) * | 2015-09-28 | 2017-04-05 | 腾讯科技(深圳)有限公司 | A kind of auth method and device |
| CN107171946A (en) * | 2017-06-29 | 2017-09-15 | 中国联合网络通信集团有限公司 | The method and device that password is given for change |
| WO2017190668A1 (en) * | 2016-05-05 | 2017-11-09 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
| CN108833093A (en) * | 2018-06-14 | 2018-11-16 | 百度在线网络技术(北京)有限公司 | Determination method, apparatus, equipment and the storage medium of account key |
| CN114297619A (en) * | 2021-12-28 | 2022-04-08 | 北京天融信网络安全技术有限公司 | Method, device, electronic equipment and medium for retrieving lost password |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105323219B (en) * | 2014-07-01 | 2020-06-16 | 腾讯科技(深圳)有限公司 | Method and device for verifying user account identity information |
| CN106534041B (en) * | 2015-09-09 | 2020-08-07 | 腾讯科技(深圳)有限公司 | Verification method, verification platform and client |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1393768A (en) * | 2001-06-27 | 2003-01-29 | 深圳市六韬信息技术有限公司 | Method for preventing password from being forgotten in operating computer application system |
-
2006
- 2006-03-30 CN CN2006100669410A patent/CN101047503B/en active Active
Cited By (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101626316B (en) * | 2009-08-04 | 2012-11-07 | 深圳市腾讯计算机系统有限公司 | Method, apparatus and system for confirming attribution of account numbers |
| CN102035649B (en) * | 2009-09-29 | 2013-08-21 | 国际商业机器公司 | Authentication method and device |
| CN102035649A (en) * | 2009-09-29 | 2011-04-27 | 国际商业机器公司 | Authentication method and device |
| CN102340750A (en) * | 2010-07-20 | 2012-02-01 | 上海酷吧信息技术有限公司 | Method for retrieving password of mobile phone private space |
| CN103179098A (en) * | 2011-12-23 | 2013-06-26 | 阿里巴巴集团控股有限公司 | Method and device for retrieving password of network account number |
| CN103179098B (en) * | 2011-12-23 | 2017-03-01 | 阿里巴巴集团控股有限公司 | A kind of password method for retrieving of network account and device |
| CN103246841A (en) * | 2012-02-09 | 2013-08-14 | 富泰华工业(深圳)有限公司 | Unlocking password resetting system and method of electronic device |
| CN103368928A (en) * | 2012-04-11 | 2013-10-23 | 富泰华工业(深圳)有限公司 | System and method for resetting account password |
| CN102769629A (en) * | 2012-07-27 | 2012-11-07 | 汉柏科技有限公司 | Client-side password storage method and service system |
| CN102880819B (en) * | 2012-08-08 | 2015-12-02 | 北京九恒星科技股份有限公司 | The cipher set-up method of the outer user of system, system and password arrange center |
| CN102880819A (en) * | 2012-08-08 | 2013-01-16 | 北京九恒星科技股份有限公司 | Password setting method and system for users outside system and password setting center |
| CN102821110A (en) * | 2012-09-06 | 2012-12-12 | 深圳英飞拓科技股份有限公司 | Password finding method used for audio/video storage device |
| CN102821110B (en) * | 2012-09-06 | 2016-02-24 | 深圳英飞拓科技股份有限公司 | A kind of password method for retrieving for audio/video storage device |
| CN104104656A (en) * | 2013-04-07 | 2014-10-15 | 腾讯科技(深圳)有限公司 | Account retrieving method and device |
| CN104104656B (en) * | 2013-04-07 | 2019-05-21 | 腾讯科技(深圳)有限公司 | Give the method and device of account number for change |
| WO2014180149A1 (en) * | 2013-05-07 | 2014-11-13 | Tencent Technology (Shenzhen) Company Limited | Method, system and computer storage medium for handling of account theft in online games |
| CN104184705A (en) * | 2013-05-23 | 2014-12-03 | 腾讯科技(深圳)有限公司 | Verification method, apparatus, server, user data center and system |
| WO2014190841A1 (en) * | 2013-05-31 | 2014-12-04 | Tencent Technology (Shenzhen) Company Limited | Data recovery method, device and system using same |
| CN103442002A (en) * | 2013-08-23 | 2013-12-11 | 北京网秦天下科技有限公司 | Device and method for resetting password |
| WO2015101018A1 (en) * | 2013-12-31 | 2015-07-09 | Tencent Technology (Shenzhen) Company Limited | Identity verification method and device |
| US10447694B2 (en) | 2013-12-31 | 2019-10-15 | Tencent Technology (Shenzhen) Company Limited | Identity verification method and device |
| CN104751032A (en) * | 2013-12-31 | 2015-07-01 | 腾讯科技(深圳)有限公司 | Authentication method and authentication device |
| US9998458B2 (en) | 2013-12-31 | 2018-06-12 | Tencent Technology (Shenzhen) Company Limited | Identity verification method and device |
| CN104967606A (en) * | 2015-04-23 | 2015-10-07 | 腾讯科技(深圳)有限公司 | Account number appeal request, account number appeal verification method and account number appeal verification device |
| CN104883367A (en) * | 2015-05-20 | 2015-09-02 | 吴振祎 | Method for auxiliary verification login, system, and application client |
| CN104883367B (en) * | 2015-05-20 | 2018-10-30 | 吴振祎 | A kind of method, system and applications client that auxiliary verification logs in |
| CN104883255A (en) * | 2015-06-24 | 2015-09-02 | 郑州悉知信息技术有限公司 | Password resetting method and device |
| WO2017054504A1 (en) * | 2015-09-28 | 2017-04-06 | 腾讯科技(深圳)有限公司 | Identity authentication method and device, and storage medium |
| CN106559387A (en) * | 2015-09-28 | 2017-04-05 | 腾讯科技(深圳)有限公司 | A kind of auth method and device |
| US10728033B2 (en) | 2015-09-28 | 2020-07-28 | Tencent Technology (Shenzhen) Company Limited | Identity authentication method, apparatus, and storage medium |
| WO2017190668A1 (en) * | 2016-05-05 | 2017-11-09 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
| CN107347054A (en) * | 2016-05-05 | 2017-11-14 | 腾讯科技(深圳)有限公司 | A kind of auth method and device |
| CN107347054B (en) * | 2016-05-05 | 2021-08-03 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
| CN106332054B (en) * | 2016-10-20 | 2018-03-27 | 广东欧珀移动通信有限公司 | The method and device of Data Migration authentication |
| CN106332054A (en) * | 2016-10-20 | 2017-01-11 | 广东欧珀移动通信有限公司 | Method and device for identifying verification in data migration |
| CN107171946A (en) * | 2017-06-29 | 2017-09-15 | 中国联合网络通信集团有限公司 | The method and device that password is given for change |
| CN108833093A (en) * | 2018-06-14 | 2018-11-16 | 百度在线网络技术(北京)有限公司 | Determination method, apparatus, equipment and the storage medium of account key |
| CN114297619A (en) * | 2021-12-28 | 2022-04-08 | 北京天融信网络安全技术有限公司 | Method, device, electronic equipment and medium for retrieving lost password |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101047503B (en) | 2010-04-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101047503A (en) | Method and system for fetching cipher | |
| CN1284088C (en) | Access control system | |
| CN101047504A (en) | Network log-in authorization method and authorization system | |
| CN1409836A (en) | Computer system for application by accreditation access | |
| CN101068245A (en) | Shared file issuing and downloading method and file sharing control system | |
| CN1976434A (en) | Method and system for realizing on-line video-frequency conference | |
| CN101076025A (en) | Method and system for realizing on-line game invitation | |
| CN1905446A (en) | Client-based method, system to manage multiple authentication | |
| CN1852094A (en) | Method and system for protecting account of network business user | |
| CN1960345A (en) | Method and system for creating multi-accounting number users in instant communicating system | |
| CN1875564A (en) | Methods and apparatus for providing application credentials | |
| JP2006511104A5 (en) | ||
| CN1229737C (en) | Total system for preventing information outflow from inside | |
| CN101047522A (en) | Method for automatic adding member and its system | |
| CN101068222A (en) | Method and device for processing information | |
| CN1628449A (en) | Method system and device for transferring accounting information | |
| CN1933398A (en) | Method and system for automatic right-discriminating plusing good friend in immediate communication | |
| CN101075876A (en) | Physical certifying method and device | |
| CN101043328A (en) | Cipher key updating method of universal leading frame | |
| CN1933456A (en) | Method and system for automatic feed backing according to time slot in immediate communication | |
| CN1874233A (en) | System and method for sending message of broadcast | |
| CN1471265A (en) | Multi-mark logging-in method for instant communication system | |
| CN1822541A (en) | Device and method for controlling computer access | |
| CN114268462B (en) | Asset information changing method, server, client, and storage medium | |
| CN1889562A (en) | Method for identifying equipment for receiving initial session protocol request information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |