Embodiment
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
The flow chart of the method for a kind of telephone business authentication that Fig. 1 provides for the embodiment of the invention, as shown in Figure 1, present embodiment is an example with telephone banking and IP telephone service, and the method for telephone business authentication of the present invention is described, and specifically comprises the steps:
Step 101, select the user according to log-on message, to generate the business information that is used to carry out telephone service under the situation of log-on message of telephone service correspondence; Log-on message comprises the telephone number of telephone service correspondence.
Concrete, can call user authentication information and the cryptographic algorithm corresponding of self preserving according to log-on message in the present embodiment with log-on message, generate business information by user authentication information and cryptographic algorithm.When carrying out telephone banking or IP telephone service, the user need select to be used to carry out the log-on message of telephone bank or IP phone by portable terminal to the user by portable terminal (for example, mobile phone).Wherein, for telephone bank, the user selects the telephone number of desired telephone bank correspondence; And for IP phone, the user selects the telephone number that will dial.Portable terminal generates the business information that is used to carry out telephone service according to log-on message, be specially: one, for telephone bank with need the IP telephone service of cipher authentication, portable terminal can call the user authentication information and the cryptographic algorithm of self preserving according to log-on message, generates business information.Wherein, telephone bank's corresponding service information can be made up of the telephone number of the telephone bank's correspondence that is used for authentication password that login authentication will use and log-on message, for example, authentication password can be added in the back of telephone number as suffix; IP phone corresponding service information can be by being used for the authentication password that login authentication will be used, telephone number in IP number and the log-on message is formed, for example, authentication password can be added in the back of telephone number as suffix, and the IP number is added in the front of telephone number as prefix, concrete, for example the telephone number that will dial of user is 10086, the IP number is 17951, authentication password is 111111, then when the user dials 10086, add that in 10086 front 17951 back add 111111, last, portable terminal will send 1795110086111111 business information.Wherein, the disposal password that the authentication password in the present embodiment can generate according to factors such as times by cryptographic algorithm, along with the variation authentication password of time also with corresponding change thereupon.Two, for the IP telephone service that does not need cipher authentication, portable terminal can generate business information according to log-on message, and wherein this business information can be made up of the telephone number in IP number and the log-on message, for example, the IP number can be added in the front of telephone number as prefix.
The method of present embodiment telephone business authentication exists two kinds of users to select the mode of log-on message, and specific as follows: mode one, log-on message are by the input of user's keyboard; The telephone number inventory of mode two, preservation telephone service correspondence, log-on message is by selecting input from the telephone number inventory of preserving.
Particularly, mode one, when the user imports telephone number and dials this telephone number by keyboard,
Whether for telephone bank, portable terminal will be judged the telephone number that the user dials, be stored in the telephone number inventory of the telephone bank that self preserves.If the telephone number of preserving in the telephone number that the user dials and the telephone number inventory is identical, then log-on message is exactly the information by the telephone number correspondence of user's keyboard input.At this moment, portable terminal will generate password according to the user authentication information and the cryptographic algorithm of self preserving.If the telephone number of preserving in the telephone number that the user dials and the telephone number inventory is different, illustrate that then the user is not the operation of logining the telephone banking authentication, portable terminal is according to common dialing flow processing; For IP telephone service, the telephone number that portable terminal is dialed the user generates business information as log-on message according to log-on message.Mode two, portable terminal self are preserved the telephone number inventory of telephone service correspondence, and log-on message is by selecting input from the telephone number inventory of preserving.For telephone bank, the user by the selected telephone bank that will login of telephone number inventory after, log-on message is exactly the log-on message of the telephone number correspondence selected from the telephone number inventory of preserving by the user.Portable terminal with the user authentication information and the cryptographic algorithm of self preserving, generates authentication password after selecting from the telephone number inventory by the user so.Concrete, can preserve in the present embodiment portable terminal by user identification application development instrument (SIM Tool Kit, hereinafter to be referred as STK) the technology STK program of writing, this STK program can will be stored in the title of the pairing telephone bank of telephone number in the phone list, form with text menu is presented on the screen of portable terminal, the user can choose the telephone number of the telephone bank of this title correspondence by clicking the title that menu is listed.In actual use, when the user need login designated telephone bank, the user can be presented at the title that is stored in the telephone bank in the portable terminal on the screen by starting the STK program.The user is according to the title of the telephone bank that shows on the screen, chooses and wants the telephone bank that logins, thereby realize that the user selects to be used to login the log-on message of telephone bank's telephone business authentication.Same, for IP telephone service, behind the telephone number that the user selects to dial by the telephone number inventory, log-on message is exactly the log-on message of the telephone number correspondence selected from the telephone number inventory of preserving by the user.
Step 102, business information is sent to the telephone service corresponding server by telephone number.
After portable terminal generates business information, as mentioned above, include the telephone number of telephone service correspondence in this business information, portable terminal sends to the telephone service corresponding server by dialing this telephone number with business information.
Step 103, under the situation that the server authentication business information is passed through, logon server.
Particularly, for telephone bank with need the IP phone of cipher authentication, portable terminal is with after the server of telephone bank or IP telephone service is connected, and server is with the business information of mobile terminal receive transmission, wherein, include information such as authentication password in this business information; Because when the user calls the telephone number of professional correspondence by portable terminal, the user authentication informations such as telephone number of the portable terminal that the user uses also corresponding serviced device are learnt, after so server receives business information, can verify the business information that the receives user authentication informations such as telephone number corresponding with this portable terminal, judge whether the user authentication information such as telephone number of this portable terminal correspondence and the authentication password in the business information mate.Wherein, portable terminal is synchronous by authentication password and the password in the server that cryptographic algorithm generates.Particularly, also preserve identical cryptographic algorithm with portable terminal in the server, server also can generate a password according to user authentication informations such as the telephone number of portable terminal correspondence and cryptographic algorithm at one time.The password that server generates is identical with the authentication password that portable terminal generates, thereby whether the authentication password that can verify the portable terminal transmission is correct.If the authentication password that server authentication receives is correct, then server allows the telephone bank that the portable terminal login will be logined, and this server and portable terminal carry out mutual message transmission.At this moment, server has determined that the portable terminal identity is legal, can allow the user to carry out the corresponding telephone business operation by portable terminal.That is to say that the user can sign in on the server of telephone bank or the user can carry out IP phone and calls out by portable terminal.And for the IP telephone service that does not need cipher authentication, the IP phone corresponding server is after receiving business information, can judge whether this business information is legal, for example, be added with 17951 before the telephone number that portable terminal is being dialed, then server judges whether 17951 are correct IP numbers, if correct, verify that then business information passes through, allow the user to carry out IP phone and call out.
The method of the telephone business authentication that present embodiment provides generates business information by the log-on message of selecting the telephone service correspondence according to the user, need not the input of user's keyboard, has improved the user and has carried out the fail safe of telephone service by portable terminal.Compared with prior art, in the method for the telephone business authentication that present embodiment provides, when the user need carry out the corresponding telephone business, need not user's keyboard input corresponding business information, for example, IP number and authentication password, thus the danger that user's individual private informations such as password are stolen can be reduced effectively; And the password in the present embodiment is disposable, even if the user is when telephone business authentication, password is stolen, and other people also can not reuse this password and carry out telephone business authentication, thus the fail safe when more helping improving the user and carrying out telephone business authentication by portable terminal.
Based on technique scheme, optionally, the method for present embodiment telephone business authentication can also comprise before step 101 generates business information: by the telephone number and the cryptographic algorithm of aerial download channel download user authentication information, telephone service correspondence.Concrete, the aerial download (Over the Air, be called for short: OTA) technology, be one based on short message mechanism, realize dynamic download, the deletion and renewal of service menu in the SIM card making the user obtain the data value-added service of individual info service by portable terminal or server (on the net) mode.In the present embodiment, before portable terminal generated password, portable terminal can pass through the OTA passage, download the relevant information corresponding with this portable terminal, for example, telephone number of user authentication information, telephone service correspondence (for example, the telephone number of telephone bank or IP number) and cryptographic algorithm etc.
Further, the method for present embodiment telephone business authentication can also comprise: telephone number and the cryptographic algorithm of upgrading user authentication information, telephone service correspondence by aerial download channel.After information such as the telephone number of user authentication information, telephone service correspondence and cryptographic algorithm were upgraded, portable terminal can be by the relevant information of the automatic down loading updating of OTA passage.
Information such as the user authentication information that present embodiment is downloaded by the OTA passage, the telephone number of telephone service correspondence and cryptographic algorithm, and can be after above-mentioned information updating, by the information behind the OTA passage down loading updating, upgrade the relevant information in the portable terminal automatically.Make the operation of relevant information of mobile terminal to update telephone business authentication simpler.And the user need not to remember the telephone number of each telephone service correspondence, can learn by the information of searching the telephone service correspondence of preserving in the portable terminal, makes things convenient for the user to carry out telephone business authentication by portable terminal.
The method of telephone business authentication provided by the invention not only can be applied to telephone bank and IP telephone service, also can be applied on other the telephone service, and present embodiment does not limit the method range of application of telephone business authentication.
The structural representation of a kind of portable terminal embodiment that Fig. 2 provides for the embodiment of the invention.As shown in Figure 2, the present embodiment portable terminal comprises: business information generation module 21, business information sending module 22 and login module 23.
Business information generation module 21 is used for selecting under the situation of log-on message of telephone service correspondence the user, according to described log-on message, generates the business information that is used to carry out described telephone service; Log-on message comprises the telephone number of telephone service correspondence.
Concrete, the business information generation module 21 of present embodiment portable terminal can specifically be used for by subscriber identification module (Subscriber Identity Module; Be called for short: SIM card) or sticker realize.For example, can realize the function that business information generation module 21 is had by writing corresponding program in SIM card or sticker.
Business information sending module 22 is used for by telephone number business information being sent to the telephone service corresponding server.
Concrete, after business information generation module 21 generates business information, can with business information, send to business information sending module 22 according to GSM11.11 and GSM11.14 agreement.When business information generation module 21 and business information sending module 22 communicate session according to GSM11.11 and GSM11.14 agreement, information transmitted is that (Application ProtocolData Unit, be called for short: APDU) Zhi Ling form is transmitted with Application Protocol Data Unit between the two.Be business information generation module 21 according to GSM11.11 and GSM11.14 agreement, business information is sent to business information sending module 22 with the form of APDU instruction.Business information sending module 22 is called professional corresponding telephone number, and business information is sent to server.
Login module 23 is used under the situation that the server authentication business information is passed through, logon server.
Concrete, the login module 23 of present embodiment portable terminal can specifically be used for realizing by SIM card or sticker.For example, can realize the function that login module 23 is had by writing corresponding program in SIM card or sticker.
The present embodiment portable terminal is used to carry out the business information of telephone service according to the log-on message generation of the telephone service correspondence of user's selection by the business information generation module, and by the business information sending module business information is sent in the server and to verify, after server authentication is passed through, by the login module logon server, make the user when carrying out telephone service, need not the user and input business information such as password, improved the user and carried out the fail safe of telephone service by portable terminal.The concrete manifestation entity of portable terminal is unrestricted in the present embodiment, as mobile phone etc.
Based on technique scheme, optionally, the present embodiment portable terminal comprises: download module 24 is used for telephone number and cryptographic algorithm by OTA passage download user authentication information, telephone service correspondence.By download module 24 information such as the telephone number of user authentication information, telephone service correspondence and cryptographic algorithm are downloaded in the portable terminal in advance, use for business information generation module 21.
Further, the present embodiment portable terminal can also comprise: update module 25 is used for telephone number and cryptographic algorithm by OTA passage renewal user authentication information, telephone service correspondence.After information such as the telephone number of user authentication information, telephone service correspondence and cryptographic algorithm were upgraded, portable terminal can be by the relevant information of update module 25 automatic down loading updatings.
Telephone number and the information such as cryptographic algorithm of present embodiment by download module 24 download user authentication informations, telephone service correspondence, and can be after above-mentioned information updating, by the information behind update module 25 down loading updatings, upgrade the relevant information in the portable terminal automatically.Make the operation of relevant information of mobile terminal to update telephone business authentication simpler.And the user need not to remember the telephone number of each telephone service correspondence, can learn by the information of searching the telephone service correspondence of preserving in the portable terminal, makes things convenient for the user to carry out telephone business authentication by portable terminal.
The structural representation of a kind of server implementation example that Fig. 3 provides for the embodiment of the invention.As shown in Figure 3, the present embodiment server comprises: business information receiver module 31, business information authentication module 32 and sending module 33.
Business information receiver module 31 is used for the business information that is used for logon server that mobile terminal receive sends;
Business information authentication module 32 is used to verify the business information of business information receiver module 31 receptions;
Sending module 33 is used under the situation that business information authentication module 32 checking business information are passed through, send confirmation for portable terminal according to the confirmation logon server.
The present embodiment server, business information by the transmission of business information authentication module checking portable terminal, make server need not to input business information such as password by the voice reminder user, help reducing the user when incoming traffic information, the danger that business information is stolen, thus fail safe when the user carries out telephone business authentication by portable terminal improved.
The structural representation of the system embodiment of a kind of telephone business authentication that Fig. 4 provides for the embodiment of the invention.As shown in Figure 4, the present embodiment login system comprises: portable terminal 41 and server 42.Portable terminal 41 is used for selecting the log-on message of telephone service correspondence to generate business information according to the user, and business information is sent to server 42; Server 42 is used to receive and verify the business information that portable terminal 41 sends, and under the situation that the checking business information is passed through, allows portable terminal 41 logins.
Portable terminal and server that the portable terminal of present embodiment and server can adopt the foregoing description to provide, its concrete structure and function do not repeat them here.
The present embodiment login system generates business information by portable terminal self, and the business information that sends by the server authentication portable terminal, make the user when carrying out telephone business authentication, need not the user by keyboard incoming traffic information, help reducing the user when incoming traffic information, the danger that business information is stolen, thus fail safe when the user carries out telephone business authentication by portable terminal improved.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is when carrying out, execution comprises the step of said method embodiment, and aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.