CN104967586B

CN104967586B - A kind of user ID authentication method, apparatus and system

Info

Publication number: CN104967586B
Application number: CN201410183173.1A
Authority: CN
Inventors: 秦铭雪; 陆莉; 段文文; 陈文辉; 陈旺林; 曾岳锋
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd; Tencent Cloud Computing Beijing Co Ltd
Priority date: 2014-05-04
Filing date: 2014-05-04
Publication date: 2018-02-27
Anticipated expiration: 2034-05-04
Also published as: CN104967586A

Abstract

The present invention relates to a kind of user authentication method, apparatus and system, the described method comprises the following steps：Figure check information is shown according to the first user instruction for being used to carry out scheduled operation of input, the figure check information includes default trigger element, and the trigger element is used to after figure check information is scanned by the second electric terminal trigger the facility information that second electric terminal makes it to server upload second electric terminal；From the server obtain the result, the result include be used for identify first electric terminal user whether be validated user information；Operation requests corresponding with first user instruction are sent to the server if being validated user if the user of first electric terminal, so that the server performs the scheduled operation.Above-mentioned method, apparatus and system improving security of the user when carrying out sensitive operation.

Description

A kind of user ID authentication method, apparatus and system

Technical field

The present invention relates to subscriber authentication technology, more particularly to a kind of user ID authentication method, apparatus and system.

Background technology

With the development of network technology, the increasing behavior transfer of people is carried out on network, such as online payment, network Game, matchmaker etc., therefore network account becomes more and more important.And malicious user steals user account number and close using wooden horse Code, has obtained the critical data of user, it is possible to which the user that disguises oneself as, which performs some, can make a profit or damage the sensitivity of user benefit Important operation, such as paid the bill by Web bank, transfer accounts steal the property of user, steal ideal money, transfer game article, look into See or delete important information data etc..Therefore, the security for how lifting user when carrying out these sensitive operations just turns into net Network system has to the content considered.

The content of the invention

In view of this, the embodiment of the present invention provides a kind of user authentication method, apparatus and system, and it can lift user and enter Security during row sensitive operation.

A kind of user ID authentication method, available in the first electric terminal, it comprises the following steps：

Figure check information, the figure verification are shown according to the first user instruction for being used to carry out scheduled operation of input Packet contains default trigger element, and the trigger element is used for after the figure check information is scanned by the second electric terminal Triggering second electric terminal makes it upload the facility information of second electric terminal to server；

From the server obtain the result, the result show first electric terminal user whether be Validated user, wherein when the facility information of the user account number and second electric terminal of first electric terminal matches When, the user of first electric terminal is validated user；

Send to the server if being validated user if the user of first electric terminal and refer to first user Operation requests corresponding to order, so that the server performs the scheduled operation.

A kind of user ID authentication method, available in the second electric terminal, comprise the following steps：

The instruction inputted according to user starts predetermined graph scanning application program；

Scan the figure check information shown in the first electric terminal；

Parse the figure check information and judge whether include default trigger element in the figure check information；

Setting for second electric terminal is obtained if the default trigger element is included in the figure check information Standby information；And

The facility information is uploaded in the server pointed by the figure check information, so that the server is sentenced Whether the facility information that disconnected second electric terminal uploads matches with the user of first electric terminal.

A kind of user ID authentication method, it comprises the following steps：

First electric terminal shows figure check information according to the first user instruction for being used to carry out scheduled operation of input, The figure check information includes default trigger element；

Second electric terminal scans the figure check information after second user instruction is detected, parses the figure school Test information and detected the facility information of second electric terminal in the figure check information after the trigger element It is uploaded to the server pointed by the figure check information；

The server judges whether the facility information matches with the user account number of first electric terminal, if Then the server judges the user of first electric terminal for validated user, and the result is back into first electricity Sub- terminal；

First electric terminal is sent to the server if being validated user if the user of first electric terminal Operation requests corresponding with first user instruction, so that the server performs the scheduled operation.

A kind of subscriber authentication device, in the first electric terminal, it to include：

Display module, for showing figure verification letter according to the first user instruction for being used to carry out scheduled operation of input Breath, the figure check information include default trigger element, the trigger element in the figure check information by the Second electric terminal is triggered after the scanning of two electric terminals makes it upload the equipment letter of second electric terminal to server Breath；

Acquisition module, for obtaining the result from the server, the result is used to show first electricity Whether the user of sub- terminal is validated user, wherein user account number and second electric terminal when first electric terminal Facility information when matching, the user of first electric terminal is validated user；

Request module, for if the user of first electric terminal for validated user if sent to the server and institute Operation requests corresponding to the first user instruction are stated, so that the server performs the scheduled operation.

A kind of subscriber authentication device, in the second electric terminal, it to include：

Starting module, the instruction for being inputted according to user start predetermined graph scanning application program；

Scan module, for scanning the figure check information shown in the first electric terminal；

Parsing module, for parsing the figure check information and whether judging in the figure check information comprising default Trigger element；

Acquisition module, for obtaining described second if the default trigger element is included in the figure check information The facility information of electric terminal；And

Uploading module, for the facility information to be uploaded in the server pointed by the figure check information so that The server judge facility information that second electric terminal uploads and first electric terminal user account number whether Matching.

A kind of subscriber identity authentication system, it includes：First electric terminal, the second electric terminal and server；

The server judges whether the facility information matches with the user account number of first electric terminal, if It is that then the user of the first electric terminal described in the server authentication is validated user, and the result is back to described One electric terminal；

According to above-mentioned scheme, when user carries out sensitive operation in addition to normal user's checking flow, also by upper The electric terminal whether user that the facility information checking of biography currently logs in controls some to bind in advance, due to general account number and electricity The possibility that sub- terminal is stolen simultaneously is very low, therefore uses such scheme to carry out sensitive operation with significant increase user When security.

For the above and other objects, features and advantages of the present invention can be become apparent, preferred embodiment cited below particularly, And coordinate institute's accompanying drawings, it is described in detail below.

Brief description of the drawings

Fig. 1 is the configuration diagram for the subscriber authentication system that first embodiment provides.

Fig. 2 is the module map for the subscriber authentication system that first embodiment provides.

Fig. 3 is the interaction timing diagram for the subscriber authentication system that first embodiment provides.

Fig. 4 be first embodiment subscriber authentication system in the first electric terminal interface schematic diagram.

Fig. 5 be first embodiment subscriber authentication system in the second electric terminal interface schematic diagram.

Fig. 6 be first embodiment subscriber authentication system in the first electric terminal another interface schematic diagram.

Fig. 7 be first embodiment subscriber authentication system in the first electric terminal another interface schematic diagram.

Fig. 8 is the interaction timing diagram for the subscriber authentication system that second embodiment provides.

Fig. 9 be second embodiment subscriber authentication system in the second electric terminal interface schematic diagram.

Figure 10 is the interaction timing diagram for the subscriber authentication system that 3rd embodiment provides.

Figure 11 is the interaction timing diagram for the subscriber authentication system that fourth embodiment provides.

Figure 12 is the flow chart for the user authentication method that the 5th embodiment provides.

Figure 13 is the flow chart for the user authentication method that sixth embodiment provides.

Figure 14 is a kind of structured flowchart for user authentication device that the 7th embodiment provides.

Figure 15 is the flow chart for the user authentication method that the 8th embodiment provides.

Figure 16 is the structured flowchart for the user authentication device that the 9th embodiment provides.

Figure 17 is the flow chart for the user authentication method that the tenth embodiment provides.

Figure 18 is the flow chart for the user authentication method that 11 embodiments provide.

Figure 19 is the flow chart for the user authentication method that the 12nd embodiment provides.

Embodiment

Further to illustrate that the present invention is to realize technological means and effect that predetermined goal of the invention taken, below in conjunction with Accompanying drawing and preferred embodiment, to embodiment, structure, feature and its effect according to the present invention, describe in detail as after.

Refering to Fig. 1, first embodiment provides a kind of subscriber authentication system 100, and it includes：Web page server 12, equipment letter Cease management server 14, Authentication server 16, the first electric terminal 22 and the second electric terminal 24.

Web page server 12, equipment information management server 14, Authentication server 16 are servers, and it can be respectively The computer being deployed on network, for intercepting client (such as the first electric terminal 22 and the second electric terminal 24) according to predetermined The network request that sends of agreement, parse these network requests, and corresponding data processing is further completed according to network request, Then result is returned into client.

First electric terminal 22 and the second electric terminal 24 are terminal device, and its instantiation is including but not limited to desk-top Computer, notebook computer, tablet personal computer (the including but not limited to iPad of Apple Inc. and other operations Apple Inc. IOS The touch-screen equipment of operating system, the touch-screen equipment and operation Google Android of operation Microsoft Windows operating system The touch-screen equipment of operating system), mobile phone, smart mobile phone (including but not limited to Apple Inc.'s IOS, Windows Mobile operating systems, black mould operating system, fill in spot operating system smart mobile phone), E-book reader, operation appoint The car-mounted terminal and wearable electronic terminal of aforementioned operation system of anticipating or other operating systems (including but not limited to intelligence Energy glasses, wrist-watch, bracelet, wrist strap and other ornaments).

Although web page server 12, equipment information management server 14, Authentication server 16, the first electric terminal 22 and second electric terminal 24 can have different physical structures, but it may each comprise memory, processor or similar Element.

Memory can be used for storage software program and module, and processor is stored in the software journey in memory by operation Sequence and module, so as to perform various function application and data processing.The module for example refers to the collection of instruction or code Close, predetermined data processing can be carried out after being executed by processor to realize predetermined function.

Memory may include high speed random access memory, may also include nonvolatile memory, such as one or more magnetic Storage device, flash memory or other non-volatile solid state memories.In some instances, memory can further comprise relatively In the remotely located memory of processor, these remote memories can pass through network connection to above-mentioned server or electronics Terminal.The example of above-mentioned network includes but is not limited to internet, intranet, LAN, mobile radio communication and combinations thereof.

Further, refering to Fig. 2, it is the server and the mould of electric terminal involved by the subscriber authentication system of the present embodiment Block schematic diagram.As shown in Fig. 2 web page server 12 includes web server module 122, it is used to receive from other equipment Web-page requests, the code according to corresponding to performing the network address that net request is specified, carry out data calculating and/or number is read from database According to the data that will be exported are packaged into the form such as html format suitable for being parsed by browser, then will meet the number of form According to returning to client.In a representative instance, web server module 122 may include a http protocol server end, The script operated on this http protocol server end explains performing environment and for by script performing environment Explain and perform so as to completing the dynamic script of specific data processing.

Above-mentioned http protocol server end for example may include Apache's (Apache) HTTP server program or Microsoft The Internet Information Service (Internet Information Service, IIS) of company.The example bag of above-mentioned script Include but be not limited to such as hypertext word processing device (Hypertext Preprocessor, PHP), Active Server Pages (Active Server Page, ASP), the java server page (Java Server Page, JSP) and Python.At this In embodiment, above-mentioned script may include for generate one can allow user modify account number cipher webpage script.

In addition, as described above, above-mentioned web server module 122 can also use ASIC (Application Specific Integrated Circuit, ASIC), field programmable gate array (field Programmable gate array, FPGA) etc. hardware mode realize.

Equipment information management server 14 includes equipment information management module 142, equipment information management module 142 and webpage Server module 122 is similar, such as may comprise http protocol server end, operates on this http protocol server end Script explains performing environment, is in place of its difference, its specific execution script is different.Equipment information management module Script in 142 is the facility information uploaded for receiving client, and the facility information received is submitted into authentication Server 16 is verified.

Authentication server 16 includes authentication module 162, equipment information management module 142 and web page server mould Block 122 is similar, such as may comprise http protocol server end, the script operated on this http protocol server end Performing environment is explained, is in place of its difference, its specific execution script is different.Script in authentication module 162 It is the facility information for receiving the submission of web server module 122, whether checking facility information matches with account, and will The result returns to client (such as electric terminal 22 of web page server 12 or first).

First electric terminal 22 includes browsing module 222.In one embodiment, browsing module 222 is for browsing webpage Browser application.Its instantiation includes but is not limited to：IE browser (Internet Explorer), red fox browse Device (Firefox), Chrome browsers, Safari browsers etc..Certain browsing module 222 is not limited to as browser, and it can For other any form of application programs, such as the embedded application program of operating system, the original that runs directly in operating system Give birth to application program and the insertion application program operated on some application framework etc..Browsing module 222 is used for webpage Server 12 sends network request and corresponds to the web page contents of some network address to obtain, and parses the webpage that receives and webpage is defeated Go out so that user checks.In addition, when browsing module 222 is native applications program, its content shown can also be deposits in advance Storage, and need not be asked to web page server 12.

Second electric terminal 24 includes image scanning module 242.Image scanning module 242 is an application program or one Some functional module of individual application program, it is used to shoot picture by the camera of the second electric terminal 24, according to predetermined association Discuss the picture of (such as Quick Response Code agreement) parsing shooting, the function according to corresponding to performing the result of parsing, for example, detecting one During predetermined trigger module, the hardware information of the second electric terminal 24 is collected, being uploaded to predetermined server, (such as equipment is believed Cease management server 16).

Further, refering to Fig. 3, it is the interaction timing diagram of the subscriber authentication system of the present embodiment.First, user passes through Browsing module 222 loads webpage from web page server 12.Refering to Fig. 4, it is the webpage schematic diagram shown in an embodiment, Webpage include link or button 101, shown after link or button 101 are clicked figure check information 102 and Prompt message 103.Figure check information 102 for example can be two-dimension code image.The content of prompt message 103 can be that prompting user opens Corresponding image scanning application program is opened to scan the figure check information 102 of display.It may include to work as in figure check information 102 Before the user account number and trigger element that log in.Trigger element herein for example refers to predetermined character string (such as network address or life Make word).

Refering to Fig. 5, it is the interface schematic diagram of image scanning module 242 in an embodiment.Image scanning module 242 Shown on a display screen by the image shot by camera of the second electric terminal 24, and by image, while image scanning module 242 is also The image of shooting is decoded according to predetermined agreement (such as Quick Response Code agreement), and whether detected in decoded result including predetermined Trigger element.After trigger element is detected, image scanning module 242 also collects the equipment letter of the second electric terminal 24 Breath.Facility information includes, but is not limited to, the international mobile equipment identification number (International of the second electric terminal 24 Mobile Station Equipment Identity, IMEI), installation application program unique identifier, other hardware The unique identifier of (such as flash memory).As long as the facility information can be used to uniquely distinguish different terminals.Collecting After facility information, the information such as facility information, above-mentioned user account number can be uploaded to equipment information management by image scanning module 242 Server 14.

Specifically, the facility information that image scanning module 242 uploads is handled by equipment information management module 262, equipment Information management module 262 can generate checking request according to facility information and user account number, and checking request is sent to identity Authentication server 16.

Authentication module 162 therefrom parses user account number and facility information after checking request is received, and tests Whether card user account number matches with facility information.For example, in one embodiment, setting for binding can be inquired about according to user account number Standby information, and whether the facility information that comparison query arrives is consistent with the facility information that information management module 262 is sent；If consistent Illustrate that the user for sending the first user instruction is controlling the second electric terminal 24, the user of first electric terminal 22 is legal use Family；Otherwise, the user for sending the first user instruction and the control without the second electric terminal 24, the first electric terminal are illustrated 22 user is disabled user.

In addition, authentication module 162 is not restricted to verify whether facility information matches, for example, can also carry out close Code checking, key authentication.

When being verified, i.e., it is clear can to will confirm that message is sent to for authentication module 162 when user is validated user Look at module 222.In one embodiment, browsing module 222, can be to Authentication server 16 after two-dimensional code display 102 Inquiry request is sent to obtain the result.The inquiry request that authentication module 162 is sent according to browsing module 222 is returned and tested Result is demonstrate,proved to browsing module 222.

If the result shows that user is validated user, browsing module 222 shows password modification circle as shown in Figure 6 Face, user can input new password, and after button 104 is clicked (i.e. user inputs the 3rd user instruction), browsing module 222 will Password, new password and the identifying code of user's input are sent to web page server 12 and verified.If being verified, webpage clothes The new password of business device 12 updatable data library storage user setting.

If the result shows that user is disabled user, browsing module 222 can show prompt message as shown in Figure 7, Refuse user's Modify password.

Although being illustrated above by taking Modify password as an example, the present embodiment is not limited to carry out password modification.For example, work as Similar authentication mechanism can be used when user carries out some sensitive operations.Above-mentioned sensitive operation may include to influence to use The operation of family account number security such as increase/the close guarantor's problem of deletion, binding/unbinds mobile device or dynamic cipher device.Sensitivity behaviour The operation for the assets processing for being related to user's virtual assets or accounts of finance be may also include as transferred accounts, buying, transactional operation.

It is also logical when user carries out sensitive operation in addition to normal user's checking flow according to the scheme of the present embodiment The electric terminal whether user that the facility information checking uploaded currently logs in controls some to bind in advance is crossed, due to general account number The possibility being stolen simultaneously with electric terminal is very low, therefore uses the method for the present embodiment to enter with significant increase user Security during row sensitive operation.

In addition, specific verification process can also be changed on the basis of above-described embodiment.Refering to Fig. 8, it is The interaction timing diagram of subscriber authentication system in two embodiments.Shown in the interaction flow and Fig. 3 of the subscriber authentication system of the present embodiment Part is similar, is in place of its main difference, after authentication module 162 is verified, confirmation message is not directly to send out Browsing module 222 is given, and is destined to image scanning module 242.Disappear in the confirmation for receiving the transmission of authentication module 162 After breath, image scanning module 242 shows interface as shown in Figure 9, and it includes two ACK buttons 105 and refusal button 106, (i.e. user inputs fourth user instruction) can send the logical of user's confirmation to browsing module 222 after ACK button 105 is clicked Know message；The notification message of user's refusal can be sent to browsing module 222 after refusal button 106 is clicked.It is appreciated that by May it be joined directly together in the first electric terminal 22 and the second electric terminal 24, image scanning module 242 is to browsing module 222 Notification message, which may need to realize by third-party server, to be forwarded.For example, user is confirmed or refused by image scanning module 242 Exhausted message is sent to web page server 12, and web page server 12 can return to user really according to the request of browsing module 222 Recognize result, or the confirmation result of user is actively pushed to browsing module 222.Certainly, the message that user confirms or refused Other servers can also be destined to, as long as this notification message can reach browsing module 222.

If browsing module 222 receives the notification message for representing user's confirmation, browsing module 222 is shown as shown in Figure 6 Password modification interface, change process to carry out follow-up password.If browsing module 222 receives the notice for representing user's refusal Message, then browsing module 222 can show prompt message interface as shown in Figure 7, prompt user's checking not by the way that refusal modification is close Code.

According to the present embodiment, the verification step in the second electric terminal 24 is added, it is possible to prevente effectively from malicious user Quick Response Code phishing attack is carried out, further improves the security of authentication procedures.

Refering to Figure 10, it is the interaction timing diagram of the subscriber authentication system of 3rd embodiment.The user's checking of the present embodiment The interaction flow of system is similar to part shown in Fig. 3, is in place of its main difference, the equipment that image scanning module 242 gathers Information is not destined to equipment information management server 14, but is transmitted directly to Authentication server 16.That is, Equipment information management module 142 can also be deployed in same server with authentication module.

In addition, after the verification operation that authentication module 162 completes whether facility information matches with user account number, checking As a result it is sent to web server module 122.Web server module 122 can be stored after the result is received, And return to the result after the inquiry request of the transmission of browsing module 222 is received.If being verified, i.e., user is legal use Family, then browsing module 222 show that interface as shown in Figure 6 allows user to be operated accordingly, otherwise；Browsing module 222 is aobvious Show announcement interface as shown in Figure 7, forbid user to be operated accordingly.

According to the present embodiment, equipment information management module 142 and authentication module are deployed in same server, can be with The quantity of network request in authentication process itself is reduced, reduces the proving time.

Refering to Figure 11, it is the interaction timing diagram of the subscriber authentication system of fourth embodiment.The user's checking of the present embodiment The interaction flow of system is similar to part shown in Figure 10, and its difference essentially consists in, after the first user instruction is detected, Browsing module 222 shows password modification interface as shown in Figure 6, and user can input the letter such as Old Password, new password and identifying code Breath.Browsing module 222 can be generated according to information such as Old Password, new password and identifying codes after the 3rd user instruction is received and tested Card request, and checking request is sent to web server module 122.

Web server module 122 verifies whether the Old Password of user's input is identical with the user cipher to prestore, and will test Card result returns to browsing module 222.If being verified, browsing module 222 shows interface as shown in Figure 4, prompts user Start the Quick Response Code that image scanning module 242 scans display；Otherwise, browsing module 222 can show the prompting of password authentification mistake Information.

Image scanning module 242 collects the second electronics end after detecting that two-dimension code image includes predetermined trigger element The facility information at end 24, and the information such as account number that the facility information of collection, the first electric terminal are currently logged in is sent to identity Authentication module 162 is verified.

Authentication module 162 transmits verification result to web server module 122 after completing to verify.If checking knot Fruit shows to be verified, then performs corresponding operation, i.e., the new password inputted according to user updates the data storehouse and repaiied with completing password Change operation.If the result shows checking not by showing interface as shown in Figure 5, prompting user's checking not pass through.

According to the present embodiment, after authentication module 162 authenticates to user as validated user, make web page server 122 Directly perform predetermined operation, it is possible to reduce the number of user input instruction, the convenience of lifting operation.

Under a concrete application scene, the first above-mentioned electric terminal 22 is desktop computer or notebook computer, clear Module 222 of looking at is browser, and the second electric terminal 24 is smart mobile phone, and image scanning module 242 should to be embedded in instant messaging With the image scanning module in program (such as wechat or mobile phone QQ).Therefore, according to the description of the various embodiments described above, when user will When password or other sensitive operations of modifying in a browser, browser two-dimensional code display picture, and disclose user's unlatching Mobile phone QQ or wechat are scanned.When detecting that Quick Response Code includes predetermined trigger element (such as predetermined network address), open Dynamic facility information collects process, collects the facility information such as international mobile equipment identity number of the second electric terminal 24, and by international mobile equipment identity number and clear Look in device and currently login the user account number of web page server 12 and be sent to Authentication server 16 and verified.Pass through and compare Whether whether the international mobile equipment identity number matching judgment user bound with user account number is validated user to international mobile equipment identity number.If user is legal use Family then pushes the result by wechat/QQ server to the second electric terminal 24.Correspondingly, in the second electric terminal 24 Wechat or mobile phone QQ client applications show confirmation interface as shown in Figure 9.After user confirms, by user's confirmation letter Breath is sent to web server module 122.

Browser to web server module 122 by sending whether requesting query user is validated user, if so, then showing Show that interface as shown in Figure 6 carries out password modification operation；Otherwise, show that interface prompt user's checking as shown in Figure 7 does not pass through.

According to this user's checking flow, whether the user that can currently carry out account number sensitive operation really is legal use Family, lift account number security.

Refering to Figure 12, it is the flow chart for the user authentication method that the 5th embodiment provides.The method of the present embodiment is for example It can be applied in the first electric terminal 22 shown in Fig. 1.Refering to Figure 12, the described method comprises the following steps：

Step S101, figure check information is shown according to the first user instruction for being used to carry out scheduled operation of input.

In one embodiment, one webpage or sheet from server loading of display is also included before step S101 The step of ground Application Program Interface.Described webpage or Application Program Interface includes carrying out scheduled operation (such as changing close Code) entrance.Entrance herein is the object that link, button etc. can arbitrarily receive the first user instruction.And the first user instruction It may include：Click, touch, slip, voice command, space gesture and its any combination.Can after the first user instruction is detected Show figure check information.

Refering to Fig. 4, in one embodiment, webpage includes link or button 101, in link or button 101 Figure check information 102 and prompt message 103 are shown after being clicked.Figure check information 102 for example can be Quick Response Code figure Piece.The content of prompt message 103 can be that prompting user opens corresponding image scanning application program to scan the figure school of display Test information 102.It may include the user account number and trigger element currently logged in figure check information 102.Triggering list herein Member for example refers to predetermined character string (such as network address or command word).

Behind the interface shown in display Fig. 4, user can open the image scanning module 242 in the second electric terminal 24. Refering to Fig. 5, it is the interface schematic diagram of image scanning module 242 in an embodiment.Image scanning module 242 passes through second The image shot by camera of electric terminal 24, and image is shown on a display screen, while image scanning module 242 is according further to predetermined Agreement (such as Quick Response Code agreement) image of shooting is decoded, and detect in decoded result whether include predetermined triggering list Member.After trigger element is detected, image scanning module 242 also collects the facility information of the second electric terminal 24.Equipment is believed Breath includes, but is not limited to, international mobile equipment identification number (the International Mobile of the second electric terminal 24 Station Equipment Identity, IMEI), installation application program unique identifier, other hardware (such as flash memory) Unique identifier etc..As long as the facility information can be used to uniquely distinguish different terminals.Collecting facility information Afterwards, the information such as facility information, above-mentioned user account number can be uploaded onto the server and be tested with carrying out identity by image scanning module 242 Card.

Step S102, the result is obtained from the server, the result includes being used to identify first electricity The user of sub- terminal whether be validated user information.

Server parses user account number and facility information after checking request is received, and whether verifies user account number Matched with facility information.For example, in one embodiment, the facility information of binding can be inquired about according to user account number, and compare Whether the facility information inquired is consistent with the facility information sent in step S101；The first electric terminal is represented if consistent User is validated user；Otherwise, the user for illustrating the first electric terminal is disabled user.

After step S101, the first electric terminal 22 can send inquiry request to obtain the result to server.And take Being engaged in device can be according to the inquiry request of the first electric terminal 22 return the result.Certainly, server can also active push checking As a result to the first electric terminal 22.

Step S103, sent and described the to the server if being validated user if the user of first electric terminal Operation requests corresponding to one user instruction, so that the server performs the scheduled operation.

If the result shows that user is validated user, the first electric terminal 22 shows password modification as shown in Figure 6 Interface, user can input new password, and after button 104 is clicked (i.e. user inputs the 3rd user instruction), the first electronics is whole Password, new password and the identifying code of user's input are sent to server and verified by end 22.If being verified, server The new password of updatable data library storage user setting.

If the result shows that user is disabled user, the first electric terminal 22 can show prompting letter as shown in Figure 7 Breath, refuse user's Modify password.

It is also logical when user carries out sensitive operation in addition to normal user's checking flow according to the scheme of the present embodiment The electric terminal whether user that the facility information checking uploaded currently logs in controls some to bind in advance is crossed, due to general account number The possibility being stolen simultaneously with electric terminal is very low, therefore uses the scheme of the present embodiment to enter with significant increase user Security during row sensitive operation.

Refering to Figure 13, it is the flow chart that sixth embodiment provides.The method of the present embodiment for example can be applied to shown in Fig. 1 The first electric terminal 22 in.Refering to Figure 13, the described method comprises the following steps：

Step S201, two-dimensional code display.

Refering to Fig. 4, i.e. two-dimensional code display scans for the second electric terminal 24 after button 101 is clicked.

Step S202, wait the result.

After step S201, you can send inquiry request to server to obtain the result and wait result to be returned.

Step S203, judgement are verified whether by the way that is, whether the active user of the first electric terminal 22 is validated user；If It is then to perform step S204；Otherwise step S205 is performed.

Step S204, Modify password.

For example, display Fig. 6 shown in interface, receive user input information, and by the information of input submit to server with Modify Password Operations.

Step S205, display information.

For example, interface shown in display Fig. 7, prompts user's checking not pass through.User can initiate password modification operation again, Restart to carry out user's checking flow.

Refering to Figure 14, it is the structured flowchart for the user authentication device that the 7th embodiment provides.The device example of the present embodiment As can be applied in the first electric terminal 22 shown in Fig. 1.Refering to Figure 14, described device includes：Display module 110, obtain mould Block 120, receiving module 130, request module 140 and reminding module 150.

Display module 110 is used to show figure verification letter according to the first user instruction for being used to carry out scheduled operation of input Breath, the figure check information include default trigger element, the trigger element in the figure check information by the Second electric terminal is triggered after the scanning of two electric terminals makes it upload the equipment letter of second electric terminal to server Breath；

Acquisition module 120 is used to obtain the result from the server, and the result includes described for identifying The user of first electric terminal whether be validated user information.

If the user that receiving module 130 is used for first electric terminal is the letter that validated user also receives user's input Breath, and the information that the user is inputted is included in the request, so that the letter that the server inputs according to the user Breath performs the scheduled operation.

Request module 140 be used for if first electric terminal user be validated user if to the server send with Operation requests corresponding to first user instruction, so that the server performs the scheduled operation.

Reminding module 150 is used for be disabled user if the user of first electric terminal if show for representing that user tests Demonstrate,prove the prompt message of failure.

Refering to Figure 15, it is the flow chart for the user ID authentication method that the 8th embodiment provides.The method of the present embodiment Such as it can be applied in the second electric terminal 24 shown in Fig. 1.Refering to Figure 15, the described method comprises the following steps：

S601, the instruction inputted according to user start predetermined graph scanning application program.

It is appreciated that in general graph scanning application program can only be parsed in Quick Response Code according to general Quick Response Code agreement The content included.And as described above, according to the scheme in above-described embodiment, figure check information to be scanned includes predetermined Trigger element.In response to trigger element, it is necessary to which two difficult code scanning application programs can identify these trigger elements.Namely Say, Quick Response Code application program needs to change to add the function of identification trigger element.In some embodiments, above-mentioned figure It is the Response Code scan module being embedded in other applications (such as instant messaging application program QQ, wechat) to scan application program (" sweep and sweep " function in such as wechat).

The figure check information that S602, scanning are shown in the first electric terminal.

User operates operable second electric terminal, and alignment is shown in the figure check information in the first electric terminal, and The result prompting for waiting graph scanning application prompts to scan successfully or fail.

Whether S603, the parsing figure check information simultaneously judge single comprising default triggering in the figure check information Member.

After successfully image in 2 D code is obtained, graph scanning application program can be according to general Quick Response Code protocol analysis in it Hold, and determine whether include default trigger element (such as specific character string) in it.

S604, obtain second electric terminal if the default trigger element is included in the figure check information Facility information.

If including default trigger element in figure check information, the facility information triggered in the second electric terminal obtains Modulus block, collect the facility information (such as international mobile equipment identity number) of the second electric terminal.

S605, the facility information is uploaded in the server pointed by the figure check information.

The network address for uploading facility information can directly be included in figure check information, now can be directly from from the figure The first network address is parsed in shape check information and institute is committed to using predetermined procotol using the facility information as parameter State the first network address.

In another embodiment, can be prestored in the second electric terminal one associated with trigger element second Network address, now, can direct depositing from the second electric terminal when detecting default trigger element in figure check information Second network address is directly read in reservoir, and institute is committed to using predetermined procotol using the facility information as parameter State the second network address.

In addition, the facility information uploaded to enable the server to identification is the verification operation for which user, may be used also One is parsed from the figure check information to be used to identify the figure check information or first electric terminal The identifier of active user, and the identifier and the facility information are uploaded in the server in the lump.

According to the method for the present embodiment, when detecting that Quick Response Code includes default trigger element, active collection equipment Information is simultaneously uploaded onto the server, and available for carrying out whether checking user is validated user, one is being carried out so as to lift user Security when a little authorities are than more sensitive operation.

Refering to Figure 16, it is the structured flowchart for the user authentication device that the 9th embodiment provides.The device example of the present embodiment As can be applied in the first electric terminal 24 shown in Fig. 2.Refering to Figure 16, described device includes：Starting module 210, scanning mould Block 220, parsing module 230, acquisition module 240 and uploading module 250.

The instruction that starting module 210 is used to be inputted according to user starts predetermined graph scanning application program.

Scan module 220 is used to scan the figure check information shown in the first electric terminal.

Whether parsing module 230 is used to parse the figure check information and judges in the check information comprising default Trigger element.

Acquisition module 240 is used to obtain described the if the default trigger element is included in the figure check information The facility information of two electric terminals.

Uploading module 250 is used to the facility information being uploaded in the server pointed by the figure check information.

In addition, the facility information uploaded to enable the server to identification is the verification operation for which user, it is described Parsing module can also parse one from the figure check information and be used to identify the figure check information or described the The identifier of the active user of one electric terminal, the uploading module also upload the identifier and the facility information in the lump Into the server.

Refering to Figure 17, it is the flow chart for the user authentication method that the tenth embodiment provides.The method of the present embodiment includes Following steps：

Step S301, the first electric terminal shows figure according to the first user instruction for being used to carry out scheduled operation of input Check information, the figure check information include default trigger element.

Refering to Fig. 4, in one embodiment, the first electric terminal 22 loads from server and shows a webpage, net Page includes link or button 101, and be clicked (the first user instruction) in link or button 101 shows figure verification letter afterwards Breath 102 and prompt message 103.Figure check information 102 for example can be two-dimension code image.The content of prompt message 103 can be Prompting user opens corresponding image scanning application program to scan the figure check information 102 of display.Figure check information 102 In may include the user account number and trigger element that currently log in.Trigger element herein for example refers to predetermined character string (such as Network address or command word).

Step S302, the second electric terminal scans the figure check information after second user instruction is detected and examined The facility information of second electric terminal is uploaded onto the server after measuring the trigger element.

Whether the user of the first electric terminal described in step S303, described server authentication is validated user and ties checking Fruit is back to first electric terminal.

First electric terminal 22 can also send inquiry request to server and be tested with obtaining after figure check information is shown Demonstrate,prove result.Correspondingly, server returns to the result to the first electric terminal 22 after inquiry request is received.

Step S304, first electric terminal is to the clothes if being validated user if the user of first electric terminal Business device sends request, so that the server performs the scheduled operation.

If the result shows that user is validated user, the first electric terminal 22 shows password modification as shown in Figure 6 Interface, user can input new password, i.e. the first electric terminal 22 receives the information of user's input, after button 104 is clicked (i.e. user input the 3rd user instruction), the information that user input by the first electric terminal 22 as the password of input, new password, with And identifying code is sent to server and verified.If being verified, Xinmi City of server updatable data library storage user setting Code.

Refering to Figure 18, it is the flow chart for the user authentication method that the 11st embodiment provides.The method of the present embodiment with Figure 17 method is similar, and its difference is, may also include after step S303：If step S404, described first electronics The user of terminal is that then first electric terminal shows the prompt message to fail for representing user's checking to disabled user.

Refering to Fig. 7, it is the schematic diagram of the prompt message shown.After the prompt message shown in display Fig. 7, user can be with The operation of modification operation is initiated again, and certainly, user's checking flow can also restart.

According to the method for the present embodiment, user's checking is reminded in time after user's failure not by the way that can lift user makes The convenience used.

Refering to Figure 19, it is the flow chart for the user authentication method that the tenth embodiment provides.The method and figure of the present embodiment 17 method is similar, and its difference is, comprises the following steps after step S303：

Step S504, if (user of the first electric terminal is validated user) is verified, Authentication server is to Two electric terminals send confirmation message.

Step S505, the second electric terminal will be tested after user's confirmation is carried out after receiving confirmation message and is confirmed in user Card result is sent to web page server.

For example, referring to Fig. 9, the second electric terminal shows that user confirms interface after confirmation message is received, specifically, this Interface may include to be used to remind active user to carry out a certain sensitive operation, and it is oneself operation to prompt user to be confirmed whether. User can be confirmed and be refused respectively by clicking on button 105 or button 106.If user clicks on button 105, it is considered as User confirms；If user clicks on button 106, it is considered as user's refusal.

After user confirms, the second electric terminal can will represent the checking that current first electric terminal user is validated user As a result it is sent to web page server；It is disabled user that otherwise the second electric terminal, which can will represent the user of current first electric terminal, The result be sent to web page server.

Step S506, web page server returns to the result to the first electric terminal.

First electric terminal can send inquiry request after figure check information is shown to web page server, and wait webpage The result that server returns.

After step S506, then step S304 or step S404 can be performed respectively according to the result.

It is also logical when user carries out sensitive operation in addition to normal user's checking flow according to the method for the present embodiment The electric terminal whether user that the facility information checking uploaded currently logs in controls some to bind in advance is crossed, due to general account number The possibility being stolen simultaneously with electric terminal is very low, therefore uses the scheme of the present embodiment to enter with significant increase user Security during row sensitive operation.

In addition, the embodiment of the present invention also provides a kind of computer-readable recording medium, it is stored with computer and can perform Instruction, above-mentioned computer-readable recording medium is, for example, nonvolatile memory such as CD, hard disk or flash memory.It is above-mentioned Computer executable instructions be used to allowing computer or similar arithmetic unit to complete it is each in above-mentioned image processing method Kind operation.

The above described is only a preferred embodiment of the present invention, any formal limitation not is made to the present invention, though So the present invention is disclosed as above with preferred embodiment, but is not limited to the present invention, any those skilled in the art, not Depart from the range of technical solution of the present invention, when the technology contents using the disclosure above make a little change or are modified to equivalent change The equivalent embodiment of change, as long as being without departing from technical solution of the present invention content, the technical spirit according to the present invention is implemented to more than Example any brief introduction modification, equivalent variations and the modification made, in the range of still falling within technical solution of the present invention.

Claims

1. a kind of user ID authentication method, in the first electric terminal, it is characterised in that methods described includes following step Suddenly：

Figure check information, the figure check information are shown according to the first user instruction for being used to carry out scheduled operation of input Comprising default trigger element, the trigger element is used to after the figure check information is scanned by the second electric terminal trigger Second electric terminal makes it upload the facility information of second electric terminal to server；

From the server obtain the result, the result be used for show first electric terminal user whether be Validated user, wherein when the facility information of the user account number and second electric terminal of first electric terminal matches When, the user of first electric terminal is validated user；

Sent and first user instruction pair to the server if being validated user if the user of first electric terminal The operation requests answered, so that the server performs the scheduled operation.

2. the method as described in claim 1, it is characterised in that also include：If the user of first electric terminal is legal User also receives the information of user's input, and the information that the user is inputted is included in the operation requests, so that described The information that server inputs according to the user performs the scheduled operation.

3. the method as described in claim 1, it is characterised in that first use for being used to carry out scheduled operation according to input Family instruction shows that figure check information includes：Two dimension is shown according to the first user instruction for being used to carry out scheduled operation of input Code, the trigger element is predetermined character string.

4. method as claimed in claim 3, it is characterised in that also include：Also shown after the figure check information is shown For prompting user to perform the prompt message of specific graph scanning application program.

5. the method as described in claim 1, it is characterised in that show if being disabled user if the user of first electric terminal Show the prompt message for representing user's checking failure.

6. a kind of user ID authentication method, in the second electric terminal, it is characterised in that methods described includes following step Suddenly：

Scan the figure check information shown in the first electric terminal；

The equipment letter of second electric terminal is obtained if the default trigger element is included in the figure check information Breath；And

The facility information is uploaded in the server pointed by the figure check information, so that the server judges institute Whether the facility information for stating the upload of the second electric terminal matches with the user account number of first electric terminal.

7. method as claimed in claim 6, it is characterised in that described that the facility information is uploaded to the figure verification letter The pointed server of breath includes：

The first network address is parsed from the figure check information and uses predetermined network using the facility information as parameter Agreement is committed to first network address.

8. method as claimed in claim 6, it is characterised in that described that the facility information is uploaded to the figure verification letter The pointed server of breath includes：

The second network address to prestore is read from the memory of second electric terminal, and the facility information is adopted as parameter Second network address is committed to predetermined procotol, second network address is associated with the trigger element.

9. method as claimed in claim 6, it is characterised in that also include：

One is parsed from the figure check information to be used to identify the identifier of the figure check information and by the mark Know symbol to upload in the lump in the server with the facility information；Or

An identifier for being used to identify the active user of first electric terminal is parsed from the figure check information, And the identifier of the user and the facility information are uploaded in the server in the lump.

10. a kind of user ID authentication method, it is characterised in that the described method comprises the following steps：

First electric terminal shows figure check information according to the first user instruction for being used to carry out scheduled operation of input, described Figure check information includes default trigger element；

Second electric terminal scans the figure check information after second user instruction is detected, parses the figure verification letter Breath, and upload the facility information of second electric terminal after detecting the trigger element in the figure check information To the server pointed by the figure check information；

The server judges the user account number of facility information and first electric terminal that second electric terminal uploads Whether match, if so, the user of the first electric terminal described in the server authentication is validated user and returns to the result To first electric terminal；

If first electric terminal user for validated user if first electric terminal sent to the server and institute Operation requests corresponding to the first user instruction are stated, so that the server performs the scheduled operation.

11. method as claimed in claim 10, it is characterised in that if the user of first electric terminal is validated user, First electric terminal also receives the information of user's input, and after the 3rd user instruction of user's input is detected by described in The information of user's input is included in the request, so that the information execution that the server inputs according to the user is described pre- Fixed operation.

12. method as claimed in claim 10, it is characterised in that first electric terminal is shown according to the first user instruction Figure check information includes：Two-dimensional code display, the trigger element are predetermined character string；First electric terminal is being shown The prompt message for prompting user to perform specific graph scanning application program is also shown after the Quick Response Code.

13. method as claimed in claim 10, it is characterised in that also include：If the user of first electric terminal is non- Then first electric terminal shows the prompt message to fail for representing user's checking to method user.

14. method as claimed in claim 10, it is characterised in that the server includes：Web page server and identity are tested Demonstrate,prove server；

Second electric terminal sends the facility information to the Authentication server；

The Authentication server judges whether the facility information is the facility information bound with the first user account number, if Then the Authentication server judges the user of first electric terminal for validated user, and first user account number is institute State the account number that the first electric terminal logins the web page server.

15. method as claimed in claim 14, it is characterised in that the server also includes equipment information management server；

Second electric terminal, which sends the facility information to the Authentication server, to be included：To the facility information Management server sends network request, so as to which the facility information is submitted into the equipment information management server and made described The facility information is forwarded to the Authentication server by equipment information management server.

16. method as claimed in claim 14, it is characterised in that if the user of first electric terminal is validated user institute State Authentication server and also send confirmation message to second electric terminal；

Second electric terminal exports user's confirmation request after the confirmation message is received, and is detecting the of input The result for representing that authentication passes through is sent after four user instructions to first electric terminal.

17. method as claimed in claim 16, it is characterised in that second electric terminal is sent out to first electric terminal Send and represent that the result that authentication passes through includes：

The result is sent to the web page server by second electric terminal, so that institute's web page server is by described in The result is transmitted to first electric terminal.

18. method as claimed in claim 14, it is characterised in that the Authentication server sends the result To the web page server；

The web page server returns to the result according to the inquiry request of first electric terminal.

19. method as claimed in claim 10, it is characterised in that also include：The data that the server is submitted according to user Store the binding relationship between active user's account number of first electric terminal and the facility information of second electric terminal.

A kind of 20. subscriber authentication device, in the first electric terminal, it is characterised in that described device includes：

Display module, figure check information, institute are shown for the first user instruction for being used to carry out scheduled operation according to input State figure check information and include default trigger element, the trigger element is used in the figure check information by the second electronics Second electric terminal is triggered after terminal scanning makes it upload the facility information of second electric terminal to server；

Acquisition module, for obtaining the result from the server, the result is used to show that first electronics is whole Whether the user at end is validated user, wherein when the user account number of first electric terminal and setting for second electric terminal During standby information match, the user of first electric terminal is validated user；

Request module, for being validated user if the user of first electric terminal if sent and described the to the server Operation requests corresponding to one user instruction, so that the server performs the scheduled operation.

21. device as claimed in claim 20, it is characterised in that also include：Receiving module, if whole for first electronics The user at end is the information that validated user also receives user's input, and the information that the user is inputted please included in the operation In asking, so that the information that the server inputs according to the user performs the scheduled operation.

22. device as claimed in claim 20, it is characterised in that the display module is used for：It is used to carry out according to input First user instruction two-dimensional code display of scheduled operation, the trigger element are predetermined character string；The display module is also used In the prompt message that display is used to prompt user to perform specific graph scanning application program.

23. device as claimed in claim 20, it is characterised in that also include：Reminding module, if whole for first electronics The user at end is that disabled user then shows the prompt message to fail for representing user's checking.

A kind of 24. subscriber authentication device, in the second electric terminal, it is characterised in that described device includes：

Parsing module, for parsing the figure check information and whether judging in the figure check information comprising default tactile Bill member；

Acquisition module, for obtaining second electronics if the default trigger element is included in the figure check information The facility information of terminal；And

Uploading module, for the facility information to be uploaded in the server pointed by the figure check information, so that institute State facility information that server judges that second electric terminal uploads and first electric terminal user account number whether Match somebody with somebody.

25. device as claimed in claim 24, it is characterised in that the uploading module is used for：

26. device as claimed in claim 24, it is characterised in that the uploading module is used for：

27. device as claimed in claim 24, it is characterised in that the parsing module is additionally operable to from the figure check information In parse one be used for identify the figure check information or first electric terminal active user identifier, institute Uploading module is stated to be additionally operable to upload to the identifier and the facility information in the server in the lump.

A kind of 28. subscriber identity authentication system, it is characterised in that including：First electric terminal, the second electric terminal and clothes Business device；

Second electric terminal scans the figure check information after second user instruction is detected, parses the figure verification letter Cease and upload the facility information of second electric terminal after the trigger element is detected in the figure check information To the server pointed by the figure check information；

The server judges whether the facility information matches with the user account number of first electric terminal, if so, then The server judges the user of first electric terminal for validated user, and the result is back into first electronics Terminal；

29. system as claimed in claim 28, it is characterised in that if the user of first electric terminal is validated user institute The information that the first electric terminal also receives user's input is stated, and by the use after the 3rd user instruction of user's input is detected The information of family input is included in the request, so that the information that the server inputs according to the user performs described make a reservation for Operation.

30. system as claimed in claim 28, it is characterised in that first electric terminal is shown according to the first user instruction Figure check information includes：Two-dimensional code display, the trigger element are predetermined character string；First electric terminal is being shown The prompt message for prompting user to perform specific graph scanning application program is also shown after the Quick Response Code.

31. system as claimed in claim 28, it is characterised in that also include：If the user of first electric terminal is non- Then first electric terminal shows the prompt message to fail for representing user's checking to method user.

32. system as claimed in claim 28, it is characterised in that the server includes：Web page server and identity are tested Demonstrate,prove server；

The Authentication server judges whether the facility information is the facility information bound with the first user account number, if It is that then the Authentication server judges the user of first electric terminal for validated user, first user account number The account number of the web page server is logined for first electric terminal.

33. system as claimed in claim 32, it is characterised in that the server also includes equipment information management server；

Second electric terminal, which sends the facility information to the Authentication server, to be included：To the facility information Management server sends network request, so as to which the facility information is submitted into the equipment information management server, and makes institute State equipment information management server and the facility information is forwarded to the Authentication server.

34. system as claimed in claim 32, it is characterised in that if the user of first electric terminal is validated user institute State Authentication server and also send confirmation message to second electric terminal；

35. system as claimed in claim 34, it is characterised in that second electric terminal is sent out to first electric terminal Send and represent that the result that authentication passes through includes：

36. system as claimed in claim 28, it is characterised in that the Authentication server sends the result To the web page server；

37. system as claimed in claim 28, it is characterised in that the data storage institute that the server is submitted always according to user State the binding relationship between active user's account number of the first electric terminal and the facility information of second electric terminal.