CN104967586A

CN104967586A - User identity authentication method, user identity authentication apparatus and user identity authentication system

Info

Publication number: CN104967586A
Application number: CN201410183173.1A
Authority: CN
Inventors: 秦铭雪; 陆莉; 段文文; 陈文辉; 陈旺林; 曾岳锋
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd; Tencent Cloud Computing Beijing Co Ltd
Priority date: 2014-05-04
Filing date: 2014-05-04
Publication date: 2015-10-07
Anticipated expiration: 2034-05-04
Also published as: CN104967586B

Abstract

The invention relates to a user identity authentication method, a user identity authentication apparatus and a user identity authentication system. The method includes the steps of displaying graph authentication information according to the input first user command which is used for performing the preset operation, wherein the graph authentication information includes a preset trigger unit which is used for triggering a second electronic terminal to upload the equipment information of the second electronic terminal to the server when the graph authentication information is scanned by the second electronic terminal; acquiring the authentication result from the server, wherein the authentication result includes the information which is used for identifying whether the user of the first electronic terminal is a valid user; and sending an operation corresponding to the first user command to the server to enable the server to perform the preset operation if the user of the first electronic terminal is a valid user. The method, the apparatus and the system improves the security when the user performs sensitive operation.

Description

A kind of user ID authentication method, Apparatus and system

Technical field

The present invention relates to subscriber authentication technology, particularly relate to a kind of user ID authentication method, Apparatus and system.

Background technology

Along with the development of network technology, the increasing behavior transfer of people is carried out on network, and as online payment, online game, matchmaker etc., therefore network account becomes more and more important.And malicious user utilizes wooden horse to steal user account number and password, obtain the critical data of user, the user that just can disguise oneself as performs the important operation that some could make a profit or damage the sensitivity of user benefit, as by Web bank payment, transfer accounts steal user property, steal ideal money, transfer game article, check or delete important information data etc.Therefore, the fail safe how promoted when user will carry out these sensitive operation just becomes the content that network system must be considered.

Summary of the invention

In view of this, the embodiment of the present invention provides a kind of user authentication method, Apparatus and system, and it can promote the fail safe of user when carrying out sensitive operation.

A kind of user ID authentication method, can be used in the first electric terminal, it comprises the following steps:

According to the first user instruction display graphics check information for carrying out scheduled operation of input, described figure check information comprises default trigger element, and described trigger element is used for triggering described second electric terminal after described checking information is by the second electric terminal scanning makes it upload the facility information of described second electric terminal to server;

Obtain the result from described server, described the result comprises the information whether user for identifying described first electric terminal is validated user;

If the user of described first electric terminal is validated user, send the operation requests corresponding with described first user instruction to described server, perform described scheduled operation to make described server.

A kind of user ID authentication method, can be used for, in the second electric terminal, comprising the following steps:

Instruction according to user's input starts predetermined graph scanning application program;

Scan the two-dimension code pattern check information shown in the first electric terminal;

Resolve described two-dimension code pattern check information and judge whether comprise default trigger element in described two-dimension code pattern check information;

If comprise described default trigger element in described two-dimension code pattern check information, obtain the facility information of described second electric terminal; And

Described facility information is uploaded in the server pointed by described two-dimension code pattern check information.

A kind of user ID authentication method, it comprises the following steps:

First electric terminal is according to the first user instruction display graphics check information for carrying out scheduled operation of input, and described figure check information comprises default trigger element;

Second electric terminal scans described figure check information after the second user instruction being detected, resolves described figure check information and the facility information of described second electric terminal is uploaded to after described trigger element detected in described figure check information the server pointed by described checking information;

Described server judges whether described facility information matches with the user of described first electric terminal, if then described server judges that the user of described first electric terminal is as validated user, and the result is back to described first electric terminal;

If the user of described first electric terminal is validated user, described first electric terminal sends the operation requests corresponding with described first user instruction to described server, performs described scheduled operation to make described server.

A kind of subscriber authentication device, in the first electric terminal, it comprises:

Display module, for the first user instruction display graphics check information for carrying out scheduled operation according to input, described figure check information comprises default trigger element, and described trigger element is used for triggering described second electric terminal after described checking information is by the second electric terminal scanning makes it upload the facility information of described second electric terminal to server;

Acquisition module, for obtaining the result from described server, described the result comprises the information whether user for identifying described first electric terminal is validated user;

Request module, if be validated user for the user of described first electric terminal, sends the operation requests corresponding with described first user instruction to described server, performs described scheduled operation to make described server.

A kind of subscriber authentication device, in the second electric terminal, it comprises:

Start module, the instruction for inputting according to user starts predetermined graph scanning application program;

Scan module, for scanning the two-dimension code pattern check information shown in the first electric terminal;

Parsing module, for resolving described two-dimension code pattern check information and judging whether comprise default trigger element in described two-dimension code pattern check information;

Acquisition module, if for comprising described default trigger element in described two-dimension code pattern check information, obtain the facility information of described second electric terminal; And

Upper transmission module, for being uploaded to described facility information in the server pointed by described two-dimension code pattern check information.

A kind of subscriber identity authentication system, it comprises: the first electric terminal, the second electric terminal and server;

Described server judges whether described facility information matches with the user of described first electric terminal, and if so, then described server judges that the user of described first electric terminal is as validated user, and the result is back to described first electric terminal;

According to above-mentioned scheme, when user carries out sensitive operation except normal user rs authentication flow process, whether the current user logged in of facility information checking also by uploading controls certain electric terminal bound in advance, the possibility be simultaneously stolen due to general account number and electric terminal is very low, and therefore employing such scheme can the fail safe of significant increase user when carrying out sensitive operation.

For above and other object of the present invention, feature and advantage can be become apparent, preferred embodiment cited below particularly, and coordinate institute's accompanying drawings, be described in detail below.

Accompanying drawing explanation

The configuration diagram of the subscriber authentication system that Fig. 1 provides for the first embodiment.

The module map of the subscriber authentication system that Fig. 2 provides for the first embodiment.

The mutual sequential chart of the subscriber authentication system that Fig. 3 provides for the first embodiment.

Fig. 4 is the interface schematic diagram of the first electric terminal in the subscriber authentication system of the first embodiment.

Fig. 5 is the interface schematic diagram of the second electric terminal in the subscriber authentication system of the first embodiment.

Fig. 6 is another interface schematic diagram of the first electric terminal in the subscriber authentication system of the first embodiment.

Fig. 7 is an interface schematic diagram again of the first electric terminal in the subscriber authentication system of the first embodiment.

The mutual sequential chart of the subscriber authentication system that Fig. 8 provides for the second embodiment.

Fig. 9 is the interface schematic diagram of the second electric terminal in the subscriber authentication system of the second embodiment.

The mutual sequential chart of the subscriber authentication system that Figure 10 provides for the 3rd embodiment.

The mutual sequential chart of the subscriber authentication system that Figure 11 provides for the 4th embodiment.

The flow chart of the user authentication method that Figure 12 provides for the 5th embodiment.

The flow chart of the user authentication method that Figure 13 provides for the 6th embodiment.

The structured flowchart of a kind of user authentication device that Figure 14 provides for the 7th embodiment.

The flow chart of the user authentication method that Figure 15 provides for the 8th embodiment.

The structured flowchart of the user authentication device that Figure 16 provides for the 9th embodiment.

The flow chart of the user authentication method that Figure 17 provides for the tenth embodiment.

The flow chart of the user authentication method that Figure 18 provides for 11 embodiments.

The flow chart of the user authentication method that Figure 19 provides for the 12 embodiment.

Embodiment

For further setting forth the present invention for the technological means that realizes predetermined goal of the invention and take and effect, below in conjunction with accompanying drawing and preferred embodiment, to according to the specific embodiment of the present invention, structure, feature and effect thereof, be described in detail as follows.

Consult Fig. 1, the first embodiment provides a kind of subscriber authentication system 100, and it comprises: web page server 12, equipment information management server 14, Authentication server 16, first electric terminal 22 and the second electric terminal 24.

Web page server 12, equipment information management server 14, Authentication server 16 are servers, it can be the computer be deployed on network respectively, for intercepting the network request that client (as the first electric terminal 22 and the second electric terminal 24) sends according to predetermined agreement, resolve these network requests, and complete corresponding data processing according to network request further, then result is returned to client.

First electric terminal 22 and the second electric terminal 24 are terminal equipment, its instantiation includes, but are not limited to desktop computer, notebook computer, panel computer (includes, but are not limited to the iPad of Apple and the touch-screen equipment of other operation Apple IOS, run the touch-screen equipment of Microsoft Windows operating system and run the touch-screen equipment of Google's Android operation system), mobile phone, smart mobile phone (includes, but are not limited to Apple's IOS, Windows Mobile operating system, black mould operating system, the smart mobile phone of plug spot operating system), E-book reader, run the car-mounted terminal of any aforementioned operation system or other operating systems, and wearable electronic terminal (includes, but are not limited to intelligent glasses, wrist-watch, bracelet, wrist strap, and other ornaments).

Although web page server 12, equipment information management server 14, Authentication server 16, first electric terminal 22 and the second electric terminal 24 can have different physical structures, it all can comprise memory, processor or similar element.

Memory can be used for storing software program and module, and processor by running the software program and module that are stored in memory, thus performs the application of various function and data processing.Described module such as refers to the set of instruction or code, can carry out predetermined data processing to realize predetermined function after being executed by processor.

Memory can comprise high speed random asccess memory, also can comprise nonvolatile memory, as one or more magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, memory can comprise the memory relative to the long-range setting of processor further, and these remote memories can be connected to above-mentioned server or electric terminal by network.The example of above-mentioned network includes but not limited to the Internet, intranet, local area network (LAN), mobile radio communication and combination thereof.

Further, consult Fig. 2, its server involved by the subscriber authentication system of the present embodiment and the module diagram of electric terminal.As shown in Figure 2, web page server 12 comprises web server module 122, it is for receiving the web-page requests from other equipment, the network address of specifying is asked to perform corresponding code according to net, carry out data calculating and/or read data from database, the data encapsulation that will export becomes to be suitable for form that viewed device resolves as html format, then the data meeting form is returned to client.In a representative instance, web server module 122 can comprise a http protocol server end, the script operated on this http protocol server end explains execution environment and for explained by script execution environment and perform thus complete the dynamic script of particular data process.

Above-mentioned http protocol server end such as can comprise the Internet Information Service (Internet Information Service, IIS) of Apache (Apache) http server program or Microsoft.The example of above-mentioned script includes, but are not limited to as hypertext word processor (HypertextPreprocessor, PHP), Active Server Pages (Active Server Page, ASP), the java server page (Java Server Page, JSP) and Python.In the present embodiment, above-mentioned script can comprise can allow user modify the script of webpage of account number cipher for generating one.

In addition, as mentioned above, above-mentioned web server module 122 also can adopt Application Specific Integrated Circuit (Application Specific Integrated Circuit, ASIC), the hardware mode such as field programmable gate array (field programmable gate array, FPGA) realizes.

Equipment information management server 14 comprises equipment information management module 142, equipment information management module 142 is similar with web server module 122, such as all can comprise http protocol server end, operate in script on this http protocol server end and explain execution environment, its difference part is, its concrete execution script is different.Script in equipment information management module 142 is the facility information for receiving client upload, and the facility information received is submitted to Authentication server 16 verifies.

Authentication server 16 comprises authentication module 162, equipment information management module 142 is similar with web server module 122, such as all can comprise http protocol server end, operate in script on this http protocol server end and explain execution environment, its difference part is, its concrete execution script is different.Script in authentication module 162 is the facility information submitted to for receiving web server module 122, whether Authentication devices information mates with account, and the result is returned to client (as web page server 12 or the first electric terminal 22).

First electric terminal 22 comprises browses module 222.In one embodiment, browsing module 222 is browser application for browsing page.Its instantiation includes but not limited to: IE browser (InternetExplorer), red fox browser (Firefox), Chrome browser, Safari browser etc.Certainly browsing module 222 is not limited to as browser, it can be the application program of other arbitrary forms, the embedded application program of such as operating system, the embedding application program etc. running directly in the native applications program in operating system and operate on certain application framework.Browse module 222 for sending network request to web page server 12 to obtain the web page contents corresponding to certain network address, webpage output is also checked for user by the webpage that parsing receives.In addition, when browsing module 222 for native applications program, the content of its display can also prestore, and does not need to ask to web page server 12.

Second electric terminal 24 comprises image scanning module 242.Image scanning module 242 is certain functional module of an application program or an application program, it is for the camera pictures taken by the second electric terminal 24, the picture of shooting is resolved according to predetermined agreement (as Quick Response Code agreement), corresponding function is performed according to the result of resolving, such as, when a predetermined trigger module being detected, collect the hardware information of the second electric terminal 24, uploaded to predetermined server (as equipment information management server 16).

Further, consult Fig. 3, it is the mutual sequential chart of the subscriber authentication system of the present embodiment.First, user is by browsing module 222 from web page server 12 Web page loading.Consult Fig. 4, it is the webpage schematic diagram shown in an execution mode, webpage comprise link or button 101, link or button 101 clicked after namely show checking information 102 and information 103.Checking information 102 such as can be two-dimension code image.The content of information 103 can be prompting user and opens corresponding image scanning application program to scan the checking information 102 of display.The current user account number that logs in and trigger element can be comprised in checking information 102.Trigger element herein such as refers to predetermined character string (as network address or command word).

Consult Fig. 5, it is the interface schematic diagram of image scanning module 242 in an execution mode.Image scanning module 242 is by the image shot by camera of the second electric terminal 24, and by image display on a display screen, the module of image scanning simultaneously 242 is also decoded according to the image of predetermined agreement (as Quick Response Code agreement) to shooting, and detects in decoded result whether comprise predetermined trigger element.After trigger element being detected, image scanning module 242 also can collect the facility information of the second electric terminal 24.Facility information comprises, but be not limited to, the international mobile equipment identification number (International MobileStation Equipment Identity, IMEI) of the second electric terminal 24, the unique identifier of application program, the unique identifier of other hardware (as flash memory) etc. of installation.As long as this facility information can be used to the different terminal of unique differentiation.After collecting facility information, the information such as facility information, above-mentioned user account number can be uploaded to equipment information management server 14 by image scanning module 242.

Particularly, the facility information that image scanning module 242 is uploaded is handled by equipment information management module 262, and equipment information management module 262 can generate checking request according to facility information and user account number, and checking request is sent to Authentication server 16.

Authentication module 162 therefrom parses user account number and facility information after receiving checking request, and whether authentication of users account number mates with facility information.Such as, in one embodiment, the facility information can bound according to user account number inquiry, and whether the facility information that comparison query arrives is consistent with the facility information that information management module 262 sends; If consistent, illustrate that the user sending first user instruction is at control second electric terminal 24, the user of this first electric terminal 22 is validated user; Otherwise illustrate that the user sending first user instruction does not have the control of the second electric terminal 24, the user of the first electric terminal 22 is disabled user.

In addition, whether authentication module 162 is not restricted to Authentication devices information and mates, and such as, also can carry out password authentification, key authentication.

When being verified, namely when user browses module 222 for acknowledge message can send to by authentication module 162 during validated user.In one embodiment, browse module 222 after two-dimensional code display 102, inquiry request can be sent to obtain the result to Authentication server 16.Authentication module 162 returns the result to browsing module 222 according to the inquiry request browsing module 222 transmission.

If the result shows that user is validated user, then browse module 222 show as shown in Figure 6 password amendment interface, user can input new password, after button 104 is clicked (namely user inputs the 3rd user instruction), browses module 222 and send to web page server 12 to verify password, new password and identifying code that user inputs.If be verified, the new password of web page server 12 updatable data library storage user setting.

If the result shows that user is disabled user, then browse module 222 and can show information as shown in Figure 7, refusal user Modify password.

Although be described for Modify password above, the present embodiment is not limited to carry out password amendment.Such as, when user carries out some sensitive operation time, all similar authentication mechanism can be adopted.Operation such as increase/deletion password protection problem, binding/solution that above-mentioned sensitive operation can comprise affects user account security tie up mobile device or dynamic cipher device.Sensitive operation also can comprise the operation of the assets process relating to user's virtual assets or accounts of finance as account transfer, purchase, transactional operation.

According to the scheme of the present embodiment, when user carries out sensitive operation except normal user rs authentication flow process, whether the current user logged in of facility information checking also by uploading controls certain electric terminal bound in advance, the possibility be simultaneously stolen due to general account number and electric terminal is very low, therefore adopts the method for the present embodiment can the fail safe of significant increase user when carrying out sensitive operation.

In addition, concrete proof procedure can also change on the basis of above-described embodiment.Consult Fig. 8, it is the mutual sequential chart of subscriber authentication system in the second embodiment.The interaction flow of the subscriber authentication system of the present embodiment is similar to part shown in Fig. 3, its main difference part is, after authentication module 162 is verified, acknowledge message is not directly send to browse module 222, but sends to image scanning module 242.After the acknowledge message receiving authentication module 162 transmission, image scanning module 242 shows interface as shown in Figure 9, it comprise two ACK buttons 105 and refusal button 106, ACK button 105 clicked after (namely user inputs the 4th user instruction) can to browse module 222 send user confirmation notification message; Refusal button 106 clicked after can to browse module 222 send user refusal notification message.Be appreciated that because the first electric terminal 22 may directly not be connected with the second electric terminal 24, image scanning module 242 may need to realize forwarding by third-party server to browsing module 222 notification message.Such as, image scanning module 242 is confirmed user or the message of refusal sends to web page server 12, and web page server 12 can return the confirmation result of user according to the request browsing module 222, or initiatively the confirmation result of user is pushed to and browses module 222.Certainly, user confirms or the message of refusal also can be the server sending to other, as long as this notification message can arrive browse module 222.

If browse module 222 receive representative of consumer confirm notification message, then browse module 222 show as shown in Figure 6 password amendment interface, to carry out follow-up password modification process.The notification message that module 222 receives representative of consumer refusal if browse, then browse module 222 and can show information interface as shown in Figure 7, and prompting user rs authentication is not passed through, refusal Modify password.

According to the present embodiment, add the confirmation step in the second electric terminal 24, malicious user effectively can be avoided to carry out Quick Response Code phishing attack, improve the fail safe of authentication procedures further.

Consult Figure 10, it is the mutual sequential chart of the subscriber authentication system of the 3rd embodiment.The interaction flow of the subscriber authentication system of the present embodiment is similar to part shown in Fig. 3, its main difference part is, the facility information that image scanning module 242 gathers not is send to equipment information management server 14, but directly sends to Authentication server 16.That is, equipment information management module 142 and authentication module also can be deployed in same server.

In addition, after the verification operation whether authentication module 162 finishing equipment information and user account number mate, the result is sent to web server module 122.Web server module 122 can store after receiving the result, and returns the result after receiving the inquiry request browsing module 222 transmission.If be verified, namely user is validated user, then browse module 222 interface shown as shown in Figure 6 and allow user to operate accordingly, otherwise; Browse module 222 and show announcement interface as shown in Figure 7, forbid that user operates accordingly.

According to the present embodiment, equipment information management module 142 and authentication module are deployed in same server, can reduce the quantity of network request in authentication process itself, reduce the proving time.

Consult Figure 11, it is the mutual sequential chart of the subscriber authentication system of the 4th embodiment.The interaction flow of the subscriber authentication system of the present embodiment is similar to part shown in Figure 10, its difference is mainly, after first user instruction being detected, browse module 222 show as shown in Figure 6 password amendment interface, user can input the information such as Old Password, new password and identifying code.Browse module 222 and can generate checking request according to information such as Old Password, new password and identifying codes after receiving the 3rd user instruction, and checking request is sent to web server module 122.

Whether the Old Password of web server module 122 authentication of users input is identical with the user cipher prestored, and returned to by the result and browse module 222.If be verified, then browse module 222 and show interface as shown in Figure 4, prompting user starts the Quick Response Code that image scanning module 242 scans display; Otherwise, browse the information that module 222 can show password authentification mistake.

Image scanning module 242 collects the facility information of the second electric terminal 24 after two-dimension code image comprises predetermined trigger element detecting, and send to authentication module 162 to verify the information such as the facility information of collection, the current account number logged in of the first electric terminal.

The result is sent to web server module 122 by authentication module 162 after completing checking.If the result shows to be verified, then perform corresponding operation, namely according to the new password of user's input more new database to complete password retouching operation.If the result shows that checking is not passed through, then show interface as shown in Figure 5, prompting user rs authentication is not passed through.

According to the present embodiment, authenticate to user for after validated user in authentication module 162, make web page server 122 directly perform predetermined operation, the number of times of user input instruction can be reduced, the convenience of lifting operation.

Under an embody rule scene, the first above-mentioned electric terminal 22 is desktop computer or notebook computer, browse module 222 for browser, second electric terminal 24 is smart mobile phone, and image scanning module 242 is for being embedded in the image scanning module in instant messaging application program (as micro-letter or mobile phone QQ).Therefore, according to the description of the various embodiments described above, when user will modify password or other sensitive operation in a browser, browser display two-dimension code image, and disclose user's starting hand-set QQ or micro-letter scans.When detecting that Quick Response Code comprises predetermined trigger element (network address as predetermined), starting device infonnation collection process, collect the facility information of the second electric terminal 24 as IMEI, and send to Authentication server 16 to verify the user account number logining web page server 12 current in IMEI and browser.Whether the IMEI matching judgment user whether bound with user account number by comparing IMEI is validated user.If user is validated user, push the result by the server of micro-letter/QQ to the second electric terminal 24.Correspondingly, the micro-letter in the second electric terminal 24 or mobile phone QQ client application display confirmation interface as shown in Figure 9.After user confirms, user's confirmation is sent to web server module 122.

Whether browser is validated user by sending request inquiring user to web server module 122, and password retouching operation is carried out at the interface if so, then shown as shown in Figure 6; Otherwise display interface prompt user rs authentication is not as shown in Figure 7 passed through.

According to this user rs authentication flow process, whether the user that really currently can carry out account number sensitive operation is validated user, promotes account number fail safe.

Consult Figure 12, the flow chart of its user authentication method provided for the 5th embodiment.The method of the present embodiment such as can be applicable in the first electric terminal 22 shown in Fig. 1.Consult Figure 12, said method comprising the steps of:

Step S101, according to input the first user instruction display graphics check information for carrying out scheduled operation.

In one embodiment, before step S101, also comprise the step at webpage that display one loads from server or local application interface.Described webpage or Application Program Interface comprise the entrance carrying out scheduled operation (such as Modify password).Entrance is herein the object that link, button etc. can receive arbitrarily first user instruction.And first user instruction can comprise: click, touch, slip, voice command, space gesture and combination in any thereof.Checking information can be shown after first user instruction being detected.

Consult Fig. 4, in one embodiment, webpage comprise link or button 101, link or button 101 clicked after namely show checking information 102 and information 103.Checking information 102 such as can be two-dimension code image.The content of information 103 can be prompting user and opens corresponding image scanning application program to scan the checking information 102 of display.The current user account number that logs in and trigger element can be comprised in checking information 102.Trigger element herein such as refers to predetermined character string (as network address or command word).

Behind the interface shown in display Fig. 4, user can open the image scanning module 242 in the second electric terminal 24.Consult Fig. 5, it is the interface schematic diagram of image scanning module 242 in an execution mode.Image scanning module 242 is by the image shot by camera of the second electric terminal 24, and by image display on a display screen, the module of image scanning simultaneously 242 is also decoded according to the image of predetermined agreement (as Quick Response Code agreement) to shooting, and detects in decoded result whether comprise predetermined trigger element.After trigger element being detected, image scanning module 242 also can collect the facility information of the second electric terminal 24.Facility information comprises, but be not limited to, the international mobile equipment identification number (InternationalMobile Station Equipment Identity, IMEI) of the second electric terminal 24, the unique identifier of application program, the unique identifier of other hardware (as flash memory) etc. of installation.As long as this facility information can be used to the different terminal of unique differentiation.After collecting facility information, the information such as facility information, above-mentioned user account number can upload onto the server to carry out authentication by image scanning module 242.

Step S102, obtain the result from described server, described the result comprises the information whether user for identifying described first electric terminal is validated user.

Server parses user account number and facility information after receiving checking request, and whether authentication of users account number mates with facility information.Such as, in one embodiment, can according to user account number inquiry binding facility information, and comparison query to facility information whether consistent with the facility information sent in step S101; If consistent, represent that the user of the first electric terminal is for validated user; Otherwise, illustrate that the user of the first electric terminal is disabled user.

After step S101, the first electric terminal 22 can send inquiry request to obtain the result to server.And server can return the result according to the inquiry request of the first electric terminal 22.Certainly, server also can active push the result to the first electric terminal 22.

If the user of described first electric terminal of step S103 is validated user, send the operation requests corresponding with described first user instruction to described server, perform described scheduled operation to make described server.

If the result shows that user is validated user, then the first electric terminal 22 shows password amendment interface as shown in Figure 6, user can input new password, after button 104 is clicked (namely user inputs the 3rd user instruction), password, new password and the identifying code that user inputs sends to server to verify by the first electric terminal 22.If be verified, the new password of server updatable data library storage user setting.

If the result shows that user is disabled user, then the first electric terminal 22 can show information as shown in Figure 7, refusal user Modify password.

According to the scheme of the present embodiment, when user carries out sensitive operation except normal user rs authentication flow process, whether the current user logged in of facility information checking also by uploading controls certain electric terminal bound in advance, the possibility be simultaneously stolen due to general account number and electric terminal is very low, therefore adopts the scheme of the present embodiment can the fail safe of significant increase user when carrying out sensitive operation.

Consult Figure 13, its flow chart provided for the 6th embodiment.The method of the present embodiment such as can be applicable in the first electric terminal 22 shown in Fig. 1.Consult Figure 13, said method comprising the steps of:

Step S201, two-dimensional code display.

Consult Fig. 4, after button 101 is clicked, namely two-dimensional code display scans for the second electric terminal 24.

Step S202, waits for the result.

After step S201, can to server send inquiry request with obtain the result and etc. result to be returned.

Step S203, judges whether checking is passed through, and namely whether the active user of the first electric terminal 22 is validated user; If so, then step S204 is performed; Otherwise perform step S205.

Step S204, Modify password.

Such as, interface shown in display Fig. 6, receives the information of user's input, and the information of input is submitted to server with Password Operations of modifying.

Step S205, display information.

Such as, interface shown in display Fig. 7, prompting user rs authentication is not passed through.User can initiate password retouching operation again, restarts to carry out user rs authentication flow process.

Consult Figure 14, the structured flowchart of its user authentication device provided for the 7th embodiment.The device of the present embodiment such as can be applicable in the first electric terminal 22 shown in Fig. 1.Consult Figure 14, described device comprises: display module 110, acquisition module 120, receiver module 130, request module 140 and reminding module 150.

Display module 110 is for the first user instruction display graphics check information for carrying out scheduled operation according to input, described figure check information comprises default trigger element, and described trigger element is used for triggering described second electric terminal after described checking information is by the second electric terminal scanning makes it upload the facility information of described second electric terminal to server;

Acquisition module 120 is for obtaining the result from described server, and described the result comprises the information whether user for identifying described first electric terminal is validated user.

If receiver module 130 is the information that validated user also receives user's input for the user of described first electric terminal, and the information that described user inputs is included in described request, scheduled operation described in the information and executing inputted according to described user to make described server.

If request module 140 is validated user for the user of described first electric terminal, send the operation requests corresponding with described first user instruction to described server, perform described scheduled operation to make described server.

If reminding module 150 is disabled user for the user of described first electric terminal, show the information for representing user rs authentication failure.

Consult Figure 15, the flow chart of its user ID authentication method provided for the 8th embodiment.The method of the present embodiment such as can be applicable in the second electric terminal 24 shown in Fig. 1.Consult Figure 15, said method comprising the steps of:

S601, according to user input instruction start predetermined graph scanning application program.

Be appreciated that the content that general graph scanning application program can only contain to resolve handbag in Quick Response Code according to general Quick Response Code agreement.And as mentioned above, according to the scheme in above-described embodiment, figure check information to be scanned comprises predetermined trigger element.In order to respond trigger element, need two difficult code scanning application programs can identify these trigger elements.That is, Quick Response Code application program needs amendment to add the function identifying trigger element.In some embodiments, above-mentioned graph scanning application program is the Quick Response Code scan module (" sweep and the sweep " function as in micro-letter) be embedded in other application programs (as instant messaging application program QQ, micro-letter).

S602, scan the two-dimension code pattern check information shown in the first electric terminal.

User operation can operate the second electric terminal, aims at the two-dimension code pattern check information be presented in the first electric terminal, and waits for that graph scanning application prompts scans successfully or the prompting of failed result.

S603, resolve described two-dimension code pattern check information and judge whether comprise default trigger element in described two-dimension code pattern check information.

After successfully obtaining image in 2 D code, graph scanning application program according to general its content of Quick Response Code protocol analysis, and can judge whether comprise default trigger element (as specific character string) in it further.

If comprise described default trigger element in S604 described two-dimension code pattern check information, obtain the facility information of described second electric terminal.

If comprise default trigger element in two-dimension code pattern check information, then trigger the apparatus information acquiring module in the second electric terminal, collect the facility information (as IMEI) of the second electric terminal.

S605, be uploaded to described facility information pointed by described two-dimension code pattern check information server.

Network address facility information will uploaded directly can be comprised in two-dimension code pattern check information, now can directly from parsing the first network address and adopt predetermined procotol to be committed to described first network address as parameter described facility information from described two-dimension code pattern check information.

In another embodiment, can be prestored one the second network address be associated with trigger element in the second electric terminal, now, when default trigger element being detected in two-dimension code pattern check information, directly in the memory of the second electric terminal, directly can read described second network address, and adopt predetermined procotol to be committed to described second network address as parameter described facility information.

In addition, identify that in order to enable server the facility information uploaded is the verification operation for which user, also can parse one for identifying the identifier of the active user of described two-dimension code pattern check information or described first electric terminal from described two-dimension code pattern check information, and described identifier and described facility information are uploaded in described server in the lump.

According to the method for the present embodiment, when detecting that Quick Response Code comprises default trigger element, active collection facility information is also uploaded onto the server, and whether can be used for carrying out authentication of users is validated user, thus promote user carry out some authorities than more sensitive operation time fail safe.

Consult Figure 16, the structured flowchart of its user authentication device provided for the 9th embodiment.The device of the present embodiment such as can be applicable in the first electric terminal 24 shown in Fig. 2.Consult Figure 16, described device comprises: start module 210, scan module 220, parsing module 230, acquisition module 240 and upper transmission module 250.

Start module 210 and start predetermined graph scanning application program for the instruction inputted according to user.

Scan module 220 is for scanning the figure check information shown in the first electric terminal.

User operation can operate the second electric terminal, aims at the figure check information be presented in the first electric terminal, and waits for that graph scanning application prompts scans successfully or the prompting of failed result.

Parsing module 230 is for resolving described figure check information and judging whether comprise default trigger element in described check information.

If acquisition module 240, for comprising described default trigger element in described figure check information, obtains the facility information of described second electric terminal.

If comprise default trigger element in figure check information, then trigger the apparatus information acquiring module in the second electric terminal, collect the facility information (as IMEI) of the second electric terminal.

Upper transmission module 250 is for being uploaded to described facility information in the server pointed by described figure check information.

Network address facility information will uploaded directly can be comprised in figure check information, now can directly from parsing the first network address and adopt predetermined procotol to be committed to described first network address as parameter described facility information from described figure check information.

In another embodiment, can be prestored one the second network address be associated with trigger element in the second electric terminal, now, when default trigger element being detected in figure check information, directly in the memory of the second electric terminal, directly can read described second network address, and adopt predetermined procotol to be committed to described second network address as parameter described facility information.

In addition, identify that in order to enable server the facility information uploaded is the verification operation for which user, described parsing module also can parse one for identifying the identifier of the active user of described figure check information or described first electric terminal from described figure check information, and described identifier and described facility information also upload in described server by described upper transmission module in the lump.

Consult Figure 17, the flow chart of its user authentication method provided for the tenth embodiment.The method of the present embodiment comprises the following steps:

Step S301, the first electric terminal are according to the first user instruction display graphics check information for carrying out scheduled operation of input, and described figure check information comprises default trigger element.

Consult Fig. 4, in one embodiment, first electric terminal 22 loads from server and shows a webpage, and webpage comprises link or button 101, after link or button 101 clicked (first user instruction), namely show checking information 102 and information 103.Checking information 102 such as can be two-dimension code image.The content of information 103 can be prompting user and opens corresponding image scanning application program to scan the checking information 102 of display.The current user account number that logs in and trigger element can be comprised in checking information 102.Trigger element herein such as refers to predetermined character string (as network address or command word).

Step S302, the second electric terminal scan described figure check information and are uploaded onto the server by the facility information of described second electric terminal after described trigger element being detected after the second user instruction being detected.

Described in step S303, described server authentication, whether the user of the first electric terminal is validated user and the result is back to described first electric terminal.

First electric terminal 22, after display graphics check information, also can send inquiry request to obtain the result to server.Correspondingly, server returns the result to the first electric terminal 22 after receiving inquiry request.

If the user of described first electric terminal of step S304 is validated user, described first electric terminal sends request to described server, performs described scheduled operation to make described server.

If the result shows that user is validated user, then the first electric terminal 22 shows password amendment interface as shown in Figure 6, user can input new password, namely the first electric terminal 22 receives the information of user's input, after button 104 is clicked (namely user inputs the 3rd user instruction), password, new password and the identifying code of the information that user inputs by the first electric terminal 22 as inputted send to server to verify.If be verified, the new password of server updatable data library storage user setting.

Consult Figure 18, the flow chart of its user authentication method provided for the 11 embodiment.The method of the present embodiment is similar to the method for Figure 17, its difference is, also can comprise after step S303: if the user of described first electric terminal of step S404 is disabled user, the information of described first electric terminal display for representing user rs authentication failure.

Consult Fig. 7, it is the schematic diagram of the information of display.After the information shown in display Fig. 7, user can initiate the operation of retouching operation again, and certainly, user rs authentication flow process also can restart.

According to the method for the present embodiment, after user's failure, reminding user checking is not in time passed through, and can promote the convenience in user's use.

Consult Figure 19, the flow chart of its user authentication method provided for the tenth embodiment.The method of the present embodiment is similar to the method for Figure 17, and its difference is, comprises the following steps after step S303:

If step S504 is verified (user of the first electric terminal is validated user), Authentication server sends acknowledge message to the second electric terminal.

Step S505, the second electric terminal carry out user's confirmation and after user confirms, the result are sent to web page server after receiving the confirmation message.

Such as, consult Fig. 9, the second electric terminal shows user and confirms interface after receiving the confirmation message, and particularly, this interface can comprise for reminding active user to carry out a certain sensitive operation, and point out user be confirmed whether be oneself operation.User can carry out respectively confirming by button click 105 or button 106 and refuse.If user's button click 105, be then considered as user and confirm; If user's button click 106, be then considered as user's refusal.

After user confirms, the second electric terminal can be that the result of validated user sends to web page server by representing current first electric terminal user; Otherwise the result that the user representing current first electric terminal can be disabled user by the second electric terminal sends to web page server.

Step S506, web page server return the result to the first electric terminal.

First electric terminal can send inquiry request to web page server after display graphics check information, and waits for the result that web page server returns.

After step S506, then can perform step S304 or step S404 respectively according to the result.

According to the method for the present embodiment, when user carries out sensitive operation except normal user rs authentication flow process, whether the current user logged in of facility information checking also by uploading controls certain electric terminal bound in advance, the possibility be simultaneously stolen due to general account number and electric terminal is very low, therefore adopts the scheme of the present embodiment can the fail safe of significant increase user when carrying out sensitive operation.

In addition, the embodiment of the present invention also provides a kind of computer-readable recording medium, is stored with computer executable instructions, and above-mentioned computer-readable recording medium is such as nonvolatile memory such as CD, hard disk or flash memory.Above-mentioned computer executable instructions completes various operations in above-mentioned image processing method for allowing computer or similar arithmetic unit.

The above, it is only preferred embodiment of the present invention, not any pro forma restriction is done to the present invention, although the present invention discloses as above with preferred embodiment, but and be not used to limit the present invention, any those skilled in the art, do not departing within the scope of technical solution of the present invention, make a little change when the technology contents of above-mentioned announcement can be utilized or be modified to the Equivalent embodiments of equivalent variations, in every case be do not depart from technical solution of the present invention content, according to any brief introduction amendment that technical spirit of the present invention is done above embodiment, equivalent variations and modification, all still belong in the scope of technical solution of the present invention.

Claims

1. a user ID authentication method, in the first electric terminal, is characterized in that, said method comprising the steps of:

2. the method for claim 1, it is characterized in that, also comprise: if the user of described first electric terminal is validated user also receive user input information, and the information that described user inputs is included in described operation requests, scheduled operation described in the information and executing inputted according to described user to make described server.

3. the method for claim 1, it is characterized in that, described comprising for the first user instruction display graphics check information carrying out scheduled operation according to input: according to the first user instruction two-dimensional code display for carrying out scheduled operation of input, described trigger element is predetermined character string.

4. method as claimed in claim 3, is characterized in that, also comprise: after the described figure check information of display, also show the information for pointing out user to perform specific graph scanning application program.

5. the method for claim 1, is characterized in that, if the user of described first electric terminal is disabled user, shows the information for representing user rs authentication failure.

6. a user ID authentication method, in the second electric terminal, is characterized in that, said method comprising the steps of:

Scan the figure check information shown in the first electric terminal;

Resolve described two-dimension code pattern check information and judge whether comprise default trigger element in described figure check information;

If comprise described default trigger element in described figure check information, obtain the facility information of described second electric terminal; And

Described facility information is uploaded in the server pointed by described figure check information.

7. method as claimed in claim 6, it is characterized in that, described by described facility information, the server be uploaded to pointed by described figure check information comprises:

From described figure check information, parse the first network address and adopt predetermined procotol to be committed to described first network address as parameter described facility information.

8. method as claimed in claim 6, it is characterized in that, described by described facility information, the server be uploaded to pointed by described figure check information comprises:

From the memory of described second electric terminal, read the second network address prestored, and adopt predetermined procotol to be committed to described second network address as parameter described facility information, described second network address is associated with described trigger element.

9. method as claimed in claim 6, is characterized in that, also comprise:

One is parsed for identifying described figure check information and uploading in described server in the lump by described identifier and described facility information from described figure check information; Or

From described figure check information, parse one for identifying the identifier of the active user of described first electric terminal, and the identifier of described user and described facility information are uploaded in described server in the lump.

10. a user ID authentication method, is characterized in that, said method comprising the steps of:

Second electric terminal scans described figure check information after the second user instruction being detected, resolve described figure check information, and described trigger element detected in described figure check information after, the facility information of described second electric terminal is uploaded to the server pointed by described checking information;

Described server judges whether the facility information that described second electric terminal is uploaded mates with the user of described first electric terminal, if so, described server judges whether the user of described first electric terminal is validated user and the result is back to described first electric terminal;

11. methods as claimed in claim 10, it is characterized in that, if the user of described first electric terminal is validated user, described first electric terminal also receives the information of user's input, and after the 3rd user instruction that user inputs being detected, the information that described user inputs is included in described request, scheduled operation described in the information and executing inputted according to described user to make described server.

12. methods as claimed in claim 10, is characterized in that, described first electric terminal comprises according to first user instruction display graphics check information: two-dimensional code display, and described trigger element is predetermined character string; Described first electric terminal also shows the information for pointing out user to perform specific graph scanning application program after the described Quick Response Code of display.

13. methods as claimed in claim 10, is characterized in that, also comprise: if the user of described first electric terminal is disabled user, the information of described first electric terminal display for representing user rs authentication failure.

14. methods as claimed in claim 10, it is characterized in that, described server comprises: web page server and Authentication server;

Described facility information is sent to described Authentication server by described second electric terminal;

Described Authentication server judges whether described facility information is the facility information with first user account number binding, if then described Authentication server judges that the user of described first electric terminal is as validated user, described first user account number is the account number that described first electric terminal logins described web page server.

15. methods as claimed in claim 14, it is characterized in that, described server also comprises equipment information management server;

Described facility information is sent to described Authentication server and comprises by described second electric terminal: send network request to described equipment information management server, thus described facility information is submitted to described equipment information management server and makes described equipment information management server that described facility information is forwarded to described Authentication server.

16. methods as claimed in claim 14, is characterized in that, if the user of described first electric terminal is for Authentication server described in validated user is also to described second electric terminal transmission acknowledge message;

Described second electric terminal exports user and confirms request after receiving described acknowledge message, and after the 4th user instruction of input being detected, send the result representing that authentication is passed through to described first electric terminal.

17. methods as claimed in claim 16, is characterized in that, to sending to described first electric terminal, described second electric terminal represents that the result that authentication is passed through comprises:

Described the result is sent to described web page server by described second electric terminal, and to make, described the result is transmitted to described first electric terminal by web page server.

18. methods as claimed in claim 14, it is characterized in that, described the result is sent to described web page server by described Authentication server;

Described web page server returns described the result according to the inquiry request of described first electric terminal.

19. methods as claimed in claim 10, is characterized in that, also comprise: described server stores the binding relationship between the active user of described first electric terminal and the facility information of described second electric terminal according to the data that user submits to.

20. 1 kinds of subscriber authentication devices, in the first electric terminal, is characterized in that, described device comprises:

21. devices as claimed in claim 20, it is characterized in that, also comprise: receiver module, if the user for described first electric terminal is validated user also receive user input information, and the information that described user inputs is included in described operation requests, scheduled operation described in the information and executing inputted according to described user to make described server.

22. devices as claimed in claim 20, it is characterized in that, described display module is used for: according to the first user instruction two-dimensional code display for carrying out scheduled operation of input, described trigger element is predetermined character string; Described display module is also for showing the information for pointing out user to perform specific graph scanning application program.

23. devices as claimed in claim 20, is characterized in that, also comprise: reminding module, if be disabled user for the user of described first electric terminal, show the information for representing user rs authentication failure.

24. 1 kinds of subscriber authentication devices, in the second electric terminal, is characterized in that, described device comprises:

25. devices as claimed in claim 24, it is characterized in that, described upper transmission module is used for:

From described two-dimension code pattern check information, parse the first network address and adopt predetermined procotol to be committed to described first network address as parameter described facility information.

26. devices as claimed in claim 24, it is characterized in that, described upper transmission module is used for:

27. devices as claimed in claim 24, it is characterized in that, described parsing module also for parsing one for identifying the identifier of the active user of described two-dimension code pattern check information or described first electric terminal from described two-dimension code pattern check information, and described upper transmission module is also for uploading to described identifier and described facility information in the lump in described server.

28. 1 kinds of subscriber identity authentication systems, is characterized in that, comprising: the first electric terminal, the second electric terminal and server;

29. systems as claimed in claim 28, it is characterized in that, if the user of described first electric terminal for the first electric terminal described in validated user also receive user input information, and after the 3rd user instruction that user inputs being detected, the information that described user inputs is included in described request, scheduled operation described in the information and executing inputted according to described user to make described server.

30. systems as claimed in claim 28, is characterized in that, described first electric terminal comprises according to first user instruction display graphics check information: two-dimensional code display, and described trigger element is predetermined character string; Described first electric terminal also shows the information for pointing out user to perform specific graph scanning application program after the described Quick Response Code of display.

31. systems as claimed in claim 28, is characterized in that, also comprise: if the user of described first electric terminal is disabled user, the information of described first electric terminal display for representing user rs authentication failure.

32. systems as claimed in claim 28, it is characterized in that, described server comprises: web page server and Authentication server;

Described Authentication server judges whether described facility information is the facility information with first user account number binding, if, then described Authentication server judges that the user of described first electric terminal is as validated user, and described first user account number is the account number that described first electric terminal logins described web page server.

33. systems as claimed in claim 32, it is characterized in that, described server also comprises equipment information management server;

Described facility information is sent to described Authentication server and comprises by described second electric terminal: send network request to described equipment information management server, thus described facility information is submitted to described equipment information management server, and make described equipment information management server that described facility information is forwarded to described Authentication server.

34. systems as claimed in claim 32, is characterized in that, if the user of described first electric terminal is for Authentication server described in validated user is also to described second electric terminal transmission acknowledge message;

35. systems as claimed in claim 34, is characterized in that, to sending to described first electric terminal, described second electric terminal represents that the result that authentication is passed through comprises:

36. systems as claimed in claim 28, it is characterized in that, described the result is sent to described web page server by described Authentication server;

37. systems as claimed in claim 28, is characterized in that, the data that described server is also submitted to according to user store the binding relationship between the active user of described first electric terminal and the facility information of described second electric terminal.