CN105515781A - Login system of application platform and login method thereof - Google Patents

Login system of application platform and login method thereof Download PDF

Info

Publication number
CN105515781A
CN105515781A CN201610032579.9A CN201610032579A CN105515781A CN 105515781 A CN105515781 A CN 105515781A CN 201610032579 A CN201610032579 A CN 201610032579A CN 105515781 A CN105515781 A CN 105515781A
Authority
CN
China
Prior art keywords
application platform
module
identification information
information
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610032579.9A
Other languages
Chinese (zh)
Other versions
CN105515781B (en
Inventor
谈剑锋
张雪松
姜立稳
王力
钱金金
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Peoplenet Security Technology Co Ltd
Original Assignee
Shanghai Peoplenet Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Peoplenet Security Technology Co Ltd filed Critical Shanghai Peoplenet Security Technology Co Ltd
Priority to CN201610032579.9A priority Critical patent/CN105515781B/en
Publication of CN105515781A publication Critical patent/CN105515781A/en
Application granted granted Critical
Publication of CN105515781B publication Critical patent/CN105515781B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention provides a login system of an application platform and a login method thereof. The login system of the application platform comprises a login terminal, a mobile terminal, the application platform and an authentication platform. The login terminal is used for obtaining the requesting information of users for logging in the application platform and receiving the identification information automatically distributed by the application platform on the basis of the requesting information. The mobile terminal is in communication connection with the login terminal, obtains the identification information from the login terminal while obtaining the user information, and generates a first authentication code on the basis of the user information and the identification information. The application platform is in communication connection with the login terminal, the mobile terminal and the authentication platform respectively, receives the requesting information sent by the login terminal and automatically distributes the identification information which is fed back to the login terminal; and at the same time, the application platform receives the first authentication code and sends it to the authentication platform for authentication. The authentication platform is in communication connection with the application platform and is used for achieving authentication of the first authentication code. The login system greatly reduces the risk caused by the leakage of a user account to a user, and is safe and reliable.

Description

A kind of application platform login system and login method thereof
Technical field
The present invention relates to communication technical field, particularly relate to a kind of application platform login system and login method thereof.
Background technology
Along with the development of Information technology, the application of information security technology in each field is more extensive.At information security field, safety certification often information system use first key, its fail safe is subject to increasing attention.
But in existing Verification System, the especially login of some application systems, as mailbox logs in, all only need to input user name and login password just can directly log in, even short message verification code does not need just can log in.In the process of certification, application system is that the simple username and password to user's input carries out certification and namely completes whole verification process.
Can find out, whole login process is too simple, especially some is related to the application system of important personal information, and this login mode very dangerous, once password leakage can cause serious loss to user.
Summary of the invention
For the problems referred to above, the invention provides a kind of application platform login system and login method thereof, registration terminal is in the process logging in application platform, and the first authentication code based on the enhancement mode of mobile terminal generation realizes the certification to this user, to ensure the safety of user's logon account.
Technical scheme provided by the invention is as follows:
A kind of application platform login system, comprising: registration terminal, mobile terminal, application platform and authentication platform, wherein,
Described registration terminal, logs in the solicited message of described application platform for obtaining user, receive the identification information that described application platform is distributed automatically based on described request information;
Described mobile terminal, communicates to connect with described registration terminal, and described acquisition for mobile terminal user profile obtains described identification information simultaneously from described registration terminal, and generates the first authentication code based on described user profile and described identification information;
Described application platform, communicates to connect with described registration terminal, mobile terminal and authentication platform respectively, and described application platform receives the solicited message also automatic allocation identification information feed back extremely described registration terminal that described registration terminal sends; Meanwhile, described application platform will receive described first authentication code and sends described authentication platform and carry out certification;
Described authentication platform, communicates to connect with described application platform, for realizing the certification of described first authentication code.
In the technical program, registration terminal, in the process logging in application platform, carries out certification by mobile terminal to its identity.Certainly, in the process logged in, registration terminal enters the link of this application platform or enters in the application software of this application platform; And in order to realize the certification of mobile terminal to registration terminal, having logged in the page of this webpage in mobile terminal or having logged in its application software.
Further preferably, described registration terminal comprises: for obtain described request information first information acquisition module, send described request information first information sending module, for receiving the first information receiver module of described identification information and the display module for showing described identification information, described first information acquisition module is connected with described first information sending module, and described first information receiver module is connected with described display module;
Described request information comprises: application platform access request and application platform logging request;
Described application platform distributes described identification information automatically based on described application platform access request;
Described application platform logging request comprises described identification information.
In the technical program, when inputting this application platform network address or open its application software in application platform access request and registration terminal, to the access request that application platform sends.
Further preferably, described mobile terminal comprises: for obtain the described identification information shown in user profile and described registration terminal the second data obtaining module, for generating the computing module of described first authentication code and the second information sending module for sending described first authentication code and described user profile based on described identification information and described user profile, wherein, described computing module is connected with described second data obtaining module, and described second information sending module is connected with described computing module;
The built-in mathematical algorithm with user's unique association in described computing module.
In the technical program, the computing module of the mathematical algorithm of built-in unique and user-association is all comprised in mobile terminal, like this, mobile terminal is realizing, in the process to registration terminal certification, generating unique authentication code (the first authentication code generated in mobile terminal).Reason is, the uniqueness of mathematical algorithm, i.e. the mathematical algorithm of each user's correspondence oneself, and like this, the first authentication code of generation has possessed uniqueness; And the mathematical algorithm in mobile terminal is difficult to decode, and substantially increases the fail safe in login process.
Further preferably, the two-dimensional code generation module be connected with described first information receiver module and described display module respectively is also comprised in described registration terminal, described identification information for being received by described first information receiver module is converted to 2 D code information, and is presented in described display module by described 2 D code information;
Also comprise the info conversion module be connected with described second data obtaining module and described computing module respectively in described mobile terminal, described mobile terminal obtains described 2 D code information by the mode of scanning and by described info conversion module, described 2 D code information reduction is obtained described identification information.
In the technical program, in order to improve the security performance of accounts information in login process further, identification information shows in registration terminal with the form of Quick Response Code, and mobile terminal obtains this identification information by the mode of scanning.More accurately facilitate compared to the mode of traditional manual input information, and safety.
Further preferably, described application platform comprises: for receiving the 3rd information receiving module of described the registration terminal solicited message sent and the user profile and the first authentication code that receive the transmission of described mobile terminal, based on the identification information distribution module of the automatic allocation identification information of described request information, for described identification information feedback being returned described registration terminal and by described user profile, described first authentication code and described identification information are sent to the 3rd information sending module of described certification terminal and the relating module for described identification information and described user profile being carried out unique association, wherein, described 3rd information receiving module respectively with described identification information distribution module, described relating module and described 3rd information sending module connect, described identification information distribution module is connected with described 3rd information sending module.
Further preferably, described authentication platform comprises: for receive described user profile that described application platform sends, described first authentication code and described identification information the 4th information receiving module, for generating the described computing module of described second authentication code, the judge module of described first authentication code and described second authentication code being compared, the 4th information sending module that described comparison result fed back to described application platform based on described identification information and described user profile; Wherein, described computing module is connected with described 4th information receiving module, and described judge module is connected with described 4th information receiving module and described computing module respectively, and described 4th information sending module is connected with described judge module;
The built-in mathematical algorithm with user's unique association in described computing module.
Further preferably, also comprise in described authentication platform: random number generation module, algorithm generation module and collector; Wherein,
Described random number generation module generates random key based on described identification information;
Described algorithm generation module, is connected with described random number generation module, and described algorithm generation module generates described mathematical algorithm based on described random key;
Described collector, be connected with described algorithm generation module, the described mathematical algorithm compiling that described algorithm generation module generates by described collector is carried out compiling and is formed described computing module, and described computing module is sent to described mobile terminal via application platform.
In the technical program, user carries out in the process registered in this application platform, namely computing module is generated by authentication platform, and computing module is turned back in mobile terminal store, such mobile terminal is carrying out in the process of certification to registration terminal, the authentication code (the first authentication code generated in mobile terminal) that this computing module generates enhancement mode can be called, to ensure the security performance of user profile.
Further preferably, described algorithm generation module comprises:
For determining the priority determining unit of the priority of operations of described mathematical algorithm according to described random key;
And/or,
For determining the structure determination unit of the packet configuration of described mathematical algorithm and the priority of operations of described packet configuration according to described random key;
And/or,
For determining the parameter determination unit of the operational parameter of described mathematical algorithm according to described random key.
In the technical program, obtain mathematical algorithm by above three kinds of modes.
Present invention also offers a kind of application platform login method, be applied to above-mentioned application platform login system, described application platform login method specifically comprises:
S1 registration terminal obtains application platform access request, and sends it to application platform;
S2 application platform receives described application platform access request, automatically distributes an identification information, and this identification information feedback is returned registration terminal;
S3 registration terminal obtains application platform logging request, and it is sent to application platform together with the identification information received;
S4 registration terminal shows described identification information;
S5 acquisition for mobile terminal user profile, simultaneously from described registration terminal, obtain described identification information, and generate the first authentication code based on described identification information and user profile, and described user profile and described first authentication code are sent to application platform in the lump;
S6 application platform receives described user profile and described first authentication code that described mobile terminal sends and receives the identification information that described registration terminal sends, and one is sent to authentication platform;
S7 authentication platform generates the second authentication code based on the described user profile received and described identification information;
The second authentication code generated and the first authentication code received compare by S8 authentication platform, and comparative result is fed back to application platform;
S9 application platform receives described comparative result, and sends confirmation request to mobile terminal based on described comparative result, and after standby communication terminal confirms, feedback user homepage, to registration terminal, completes the login of this user.
Further preferably, step S2 comprises: application platform receives described application platform access request, automatically distributes an identification information, and the Quick Response Code link with this identification information is fed back to registration terminal;
Step S4 comprises: registration terminal display comprises the 2 D code information of described identification information;
Step S5 comprises: mobile terminal obtains described identification information by the mode of scanning from described registration terminal.
Application platform login system provided by the invention and login method thereof, can bring following beneficial effect:
In application platform login system provided by the invention, user carries out in the process registered in application platform, the unique computing module with user-association can be generated based on the random key generated and pre-set rule (priority determining unit and/or structure determination unit and/or parameter determination unit) in authentication platform, and this computing module is stored in mobile terminal and authentication platform respectively.Can it is evident that, due to uniqueness and the unpredictability of random key, ensure the uniqueness of the mathematical algorithm obtained; Computing module based on this mathematical algorithm compiling generation has possessed uniqueness naturally, and (computing module stored in each certain terminal is unique, the mechanism realized is not identical), naturally the security performance of this mathematical algorithm just greatly increases, and is not easy to be cracked.Even if the mathematical algorithm in the computing module installed in a certain mobile terminal has been cracked, the security performance of other mobile terminals also can not be affected.
Further, in the process logging in application platform, the identification information that computing module uses application system to return is as factor of safety, and like this, the authentication code (the first authentication code namely generated in mobile terminal) of generation has possessed randomness naturally simultaneously; In this course, by the novel cipher system that one-time pad, a people one are close, realize object, substantially increase the fail safe of certification.
Have again, in the process logging in application platform, realize authentication to registration terminal by mobile terminal, compared to the existing mode directly inputting user name and login password and directly log in application platform, improve the security performance of the account of user in this application platform undoubtedly.Even if lawless person obtains the account (user name and login password) that user registers in application platform, there is no the authentication that mobile terminal carries out it, just can not log in this application platform.This login mechanism greatly reduces reveals by user account the risk brought to user, safe and reliable.
Finally, login system provided by the invention and login method are applicable to the application platform that any one existing user of need logs in, and e.g., login mailing system etc., application possesses universality, greatly extend application.
Accompanying drawing explanation
Below by clearly understandable mode, accompanying drawings preferred implementation, is further described above-mentioned characteristic, technical characteristic, advantage and implementation thereof.
Fig. 1 is the structural representation of application platform login system in the present invention;
Fig. 2 is the structural representation of a kind of execution mode of registration terminal in the present invention;
Fig. 3 is the structural representation of mobile terminal in the present invention;
Fig. 4 is the structural representation of the another kind of execution mode of registration terminal in the present invention
Fig. 5 is the structural representation of application platform in the present invention;
Fig. 6 is the structural representation of a kind of execution mode of authentication platform in the present invention;
Fig. 7 is the structural representation of the another kind of execution mode of authentication platform in the present invention;
Fig. 8 is application platform login method schematic flow sheet in the present invention.
Drawing reference numeral illustrates:
100-application platform login system, 110-registration terminal, 120-mobile terminal, 130-application platform, 140-authentication platform, 111-first information acquisition module, 112-first information sending module, 113-first information receiver module, 114-display module, 115-two-dimensional code generation module, 121-second data obtaining module, 122/142-computing module, 123-second information sending module, 131-the 3rd information receiving module, 132-identification information distribution module, 133-the 3rd information sending module, 134-relating module, 141-the 4th information receiving module, 143-judge module, 144-the 4th information sending module, 145-random number generation module, 146-algorithm generation module, 147-collector.
Embodiment
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, contrast accompanying drawing is illustrated the specific embodiment of the present invention below.Apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings, and obtain other execution mode.
As the structural representation that Fig. 1 is application platform login system 100 provided by the invention, as can be seen from the figure, this application platform login system 100 comprises: registration terminal 110, mobile terminal 120, application platform 130 and authentication platform 140, wherein, mobile terminal 120 and registration terminal 110 communicate to connect, application platform 130 communicates to connect with registration terminal 110, mobile terminal 120 and authentication platform 140 respectively, and authentication platform 140 and application platform 130 communicate to connect.
In the course of the work, first, registration terminal 110 obtains user and logs in the solicited message of this application platform 130 and be sent to application platform 130, and now this solicited message is specially application platform access request.After application platform 130 receives this application platform access request, automatically distributing one with uniquely identified identification information (each user is different, for being different from other users) feeds back in registration terminal 110.After registration terminal 110 receives this identification information, except being shown by this identification information, also related this identification information can send that of application platform logging request is long to be connected in application platform 130.
Then, in mobile terminal 120, homepage or the application software that user profile logs in (comprising user name and login password) this application platform 130 is inputted; Afterwards, in the homepage or application software of this application platform 130, this identification information is inputted.And after mobile terminal 120 obtains this identification information, produce the first authentication code based on this user profile and identification information immediately, afterwards this user profile is sent in application platform 130 together with the first authentication code.
Application platform 130 receives this user profile and the first authentication code, sends the identification information of returning be sent to certification terminal in the lump together with registration terminal 110.After certification terminal receives identification information and user profile, the mathematical algorithm identical with mobile terminal 120 is used to generate the second authentication code immediately, finally the second authentication code generated and the first authentication code received are compared, complete the certification to authentication code with this.
Can find out from the above description, in whole login authentication process, the registration terminal 110 existing transmission application platform access request of meeting and application platform logging request are in application platform 130, wherein, application platform 130 is based on application platform access request (being equivalent to ask application platform 130 to generate and the request of feedback indicator information) allocation identification information automatically; Application platform logging request comprises identification information.In a particular embodiment, in fact above-mentioned application platform 130 is exactly application server, e.g., can be mailbox login system etc.; Mobile terminal 120 can be smart mobile phone, panel computer etc.; Registration terminal 110 is PC (PersonalComputer) machine etc., specifically can select according to practical application.
In this embodiment, specifically, be illustrated in figure 2 registration terminal 110 1 kinds of execution mode structural representations, specifically comprise: first information acquisition module 111, first information sending module 112, first information receiver module 113 and display module 114, wherein, first information acquisition module 111 is connected with first information sending module 112, and first information receiver module 113 is connected with display module 114.Known based on application platform 130 login process described above, first information acquisition module 111 is for obtaining solicited message (comprising application platform access request and application platform logging request), first information sending module 112 is for being sent in application platform 130 by the solicited message got in first information acquisition module 111, the identification information that first information receiver module 113 sends for receiving application platform 130, display module 114 is for showing this identification information.
In the present embodiment, as shown in Figure 3, mobile terminal 120 comprises: the second data obtaining module 121, computing module 122, first authentication code and the second information sending module 123, wherein, computing module 122 is connected with the second data obtaining module 121, and the second information sending module 123 is connected with computing module 122; And in computing module 122 the built-in mathematical algorithm with user's unique association.Can find out in process from the above description, second data obtaining module 121 is for obtaining the identification information of display in user profile and registration terminal 110, computing module 122 is for generating the first authentication code based on identification information and user profile, and the second information sending module 123 is for sending the first authentication code and user profile to application platform 130.
The registration terminal 110 provided in Fig. 2 is improved to the structural representation of the another kind of execution mode of registration terminal 110 obtained as described in Figure 4, as can be seen from the figure, based on above-mentioned execution mode, the two-dimensional code generation module 115 be connected with first information receiver module 113 and display module 114 respectively is also comprised in registration terminal 110 in present embodiment, identification information for being received by first information receiver module 113 is converted to 2 D code information, and is presented in display module 114 by 2 D code information.Now, equally mobile terminal 120 is as shown in Figure 3 improved, the info conversion module be connected with the second data obtaining module 121 and computing module 122 respectively is also comprised in this mobile terminal 120, when showing this identification information with Quick Response Code form in registration terminal 110, now mobile terminal 120 calls its built-in camera and obtains this 2 D code information in the mode of scanning, and by info conversion module, 2 D code information reduction is obtained identification information, carry out computing in computing module 122 in being sent by this identification information more afterwards and obtain the first authentication code.In the present embodiment, why identification information is converted into 2 D code information, the first is convenient to mobile terminal 120 and is scanned this 2 D code information identification information of acquisition, user-friendly; It two is the safety can protecting this identification information, immediately be have seen the 2 D code information of display in registration terminal 110 by other people, can not very rapidly until the information wherein comprised.
In the present embodiment, as shown in Figure 5, specifically comprise in application platform 130: the 3rd information receiving module 131, identification information distribution module 132, the 3rd information sending module 133 and relating module 134, wherein, 3rd information receiving module 131 is connected with identification information distribution module 132, relating module 134 and the 3rd information sending module 133 respectively, and described identification information distribution module 132 is connected with described 3rd information sending module 133.Known based on process described above, 3rd information receiving module 131 for receive registration terminal 110 send solicited message and mobile terminal receive 120 send user profile and the first authentication code, identification information distribution module 132 is distributed with uniquely identified identification information based on solicited message automatically, 3rd information sending module 133 is for returning by identification information feedback to registration terminal 110 and being used for user profile, the first authentication code and identification information to be sent to certification terminal, and relating module 134 is for carrying out unique association by identification information and user profile.Here identification information why is needed to associate with user profile, reason is, registration terminal 110 does not obtain any user profile in the process logged in, it logs in based on identification information, only have and this identification information is associated with the user profile got in mobile terminal 120, and after confirming in mobile terminal 120, in registration terminal 110, the homepage of this user in this application platform 130 could be logged in smoothly.
In the present embodiment, be illustrated in figure 6 the structural representation of authentication platform 140 1 kinds of execution modes, as seen from the figure, this authentication platform 140 specifically comprises: the 4th information receiving module 141, computing module 142, judge module 143 and the 4th sending module, wherein, computing module 142 is connected with the 4th information receiving module 141, and judge module 143 is connected with the 4th information receiving module 141 and computing module 142 respectively, and the 4th information sending module 144 is connected with judge module 143.Can find out in process from the above description, user profile, the first authentication code and identification information that 4th information receiving module 141 sends for receiving application platform 130, computing module 142 mathematical algorithm of user's unique association (built-in with) is for generating the second authentication code based on identification information and user profile, judge module 143 is for comparing the first authentication code and the second authentication code, and the 4th information sending module 144 is for feeding back to application platform 130 by comparison result.Be noted that, here computing module 142 is in fact same with the computing module 142 in mobile terminal 120, and the computing module 142 of mobile terminal 120 is sent to mobile terminal 120 and storage via application platform 130 generate this computing module 142 in authentication module after.
Improve to the authentication platform 140 provided in such as Fig. 6 the authentication platform 140 obtained as shown in Figure 7, it, except comprising above-mentioned module, also comprises: random number generation module 145, algorithm generation module 146 and collector 147; Wherein, algorithm generation module 146 is connected with random number generation module 145, and collector 147 is connected with algorithm generation module 146.
More particularly, user is when first time logs in application platform 130, and need to register in this application platform 130, detailed process is:
First, user comprises the user profile of user name and login password by the second data obtaining module 121 input in mobile terminal 120, and this user profile obtained is sent to application platform 130.
After application platform 130 receives this user profile, search immediately based on the user name received in the existing registered user's list of application platform 130, whether the user name of authentication of users input is registered in this application platform 130.If do not find the user name identical with the user name inputted in existing register list, then this user name is proved to be successful, and returns in mobile terminal 120 by the message feedback be proved to be successful; Otherwise user name authentication failed, prompting user re-enters user name.In addition, after user name is proved to be successful, this user name and login password association store are formed new registered user's list by application platform 130 in existing registered user's list.
Mobile terminal 120 receives the result that application platform 130 sends, if the result received is authentication failed, then reselects new user name and is again sent in application platform 130 and verifies.If the result received is for being proved to be successful, the second data obtaining module 121 is then used to obtain the identity information of unique identification user (as International Mobile Station Equipment Identification (IMEI again, InternationalMobileEquipmentIdentity) or general unique identifier (UUID, UniversallyUniqueIdentifier)); And the identity information obtained and identifying code request are sent to application platform 130 in the lump.
After the request of application platform 130 Receipt Validation code, generate short message verification code and be sent in mobile terminal 120, mobile terminal 120 receives this short message verification code by note and sends it to application platform 130.After application platform 130 receives the short message verification code of mobile terminal 120 transmission, immediately the short message verification code received and the short message verification code generated before are compared.After success, the computing module comprising user profile is generated request and is sent to authentication platform 140; Otherwise, send in error message to mobile terminal 120 and point out user to make mistakes.
When authentication platform 140 receives computing module generation request, send instruction immediately in random number generation module 145; After random number generation module 145 receives instruction, generate a random number based on the identity information received, and the random number of generation is sent in algorithm generation module 146.Algorithm generation module 146 sets it to random key after receiving random number, and obtains mathematical algorithm based on this random key and storage inside preset algorithm.Finally, the mathematical algorithm obtained is programmed to computing module 142 by the collector 147 in authentication platform 140, be back in mobile terminal 120 by computing module 142 via application platform 130 afterwards, mobile terminal 120 stores after receiving this computing module 142.
More than be the process that new user registers in application platform 130, can find out from the above description, in the process of registration, only after the checking of completing user name and the checking of short message verification code, just can send the computing module 122/142 that computing module generates request generation and this user's unique association in authentication platform 140.From the process that computing module 122/142 generates, we know, generating the random key of mathematical algorithm is generate based on the identity information of this user of unique identification, unearned mathematical algorithm/computing module 122/142 and this user's unique association, safety very, user does not worry being decrypted.
Furthermore, above-mentioned algorithm generation module 146 comprises: for the priority determining unit of the priority of operations according to random key determination mathematical algorithm; And/or for the structure determination unit according to the packet configuration of random key determination mathematical algorithm and the priority of operations of packet configuration; And/or for the parameter determination unit of the operational parameter according to random key determination mathematical algorithm.
Based on above description, in a particular embodiment, we are described in detail the generative process of mathematical algorithm below:
If algorithm generation module 146 comprises priority determining unit, then its process changing the priority of operations of preset algorithm is in a specific embodiment: if the random key obtained in random number generation module 145 is the eight-digit number of 1-8, then algorithm generation module 146 changes the computing sequencing of prediction algorithm according to this random key.Specifically, if just in time altogether include eight steps in preset algorithm, then this Priority Determination module can rearrange priority according to the random key generated to eight steps, if the random key generated is 31245768, in the prediction algorithm then generated, originally the 3rd the preferential computing of step in preset algorithm, first step afterwards, second step, 4th step, five steps, 7th step, 6th step and the 8th step successively computing, the computing sequencing of original preset algorithm is changed with this, generate brand-new mathematical algorithm.Certainly, based on this random key, the rule changing preset algorithm can change accordingly according to actual conditions, as first step in eight steps in script preset algorithm is carried out computing as the step of the 3rd in mathematical algorithm by 3 representative of first in this random key; Second step in eight steps in script preset algorithm is carried out computing as the step of first in mathematical algorithm by 1 representative in random key in second, by that analogy, obtains the brand-new mathematical algorithm based on this mathematical algorithm.Certainly, we just simply introduce the rule that two change priority of operations above, setting can be re-started according to actual conditions, as in fact only included six steps in preset algorithm, then can be adjusted by the figure place changing the random number generated in random number generation module 145, adaptive adjustment can be carried out by latter two of ignoring in eight random numbers of generation.
If further, algorithm generation module 146 comprises structure determination unit, then the priority of operations of the packet configuration and packet configuration that can change preset algorithm according to it obtains new mathematical algorithm.In a specific embodiment, if according to the packet configuration rule of preset algorithm, operation information will be carried out and be divided into n data block, and each data block comprises 8 little piecemeals (a1, a2, a3, a4, a5, a6, a7 and a8), if the random key now generated is 73124568, and in these eight random keys first represents order of operation, second is the corresponding piecemeal of representative.Then in calculating process, be positioned at deputy 3 and represent that piecemeal a3 and piecemeal a1 exchange and change this packet configuration with this, be positioned at the preferential computing of primary 7 expression piecemeal a7, realize object with this.We exemplary give a kind of embodiment above, in other embodiments, corresponding to bits per inch word in above-mentioned rule of classification (length of each data), random key meaning (as piecemeal exchanges) etc. can set according to actual conditions.
Finally, if algorithm generation module 146 comprises parameter determination unit, then can change the constant term in preset algorithm according to it.In a specific embodiment, if preset algorithm comprises first latter two constant, be respectively 1 and 2, also comprise a several X of the unknown.And the random key obtained is 73124568, the 3rd this preset parameter of bit representation specifically in this random key, then the X in this preset algorithm is 1, forms new mathematical algorithm with this.Certainly, in another specific embodiment, also can change existing constant term in preset algorithm according to 1 in the 3rd, as changed existing second constant 2 in the 3rd 1, in the mathematical algorithm namely generated, two constants are all 1.
As a complete embodiment, if comprise above-mentioned three unit in algorithm generation module 146 simultaneously, and generate random parameter in first represent priority of operations, second represents packet configuration, and the 3rd represents constant term.Now, if the random key generated is 35781246, then a5 and the a1 in grouping block carries out adjustment and changes packet configuration, and the preferential computing of a3, constant a certain in mathematical algorithm is become 7 simultaneously, generate the mathematical algorithm with user's unique association with this.
As another embodiment, above-mentioned mobile terminal 120 is mobile phone, and above-mentioned application platform 130 is mailbox login system.Then when user first logs in this banking system, based on above-mentioned steps, first, input user name and login password is verified in mailbox system, verify note code afterwards, in last reauthentication platform 140, generate computing module 122/142.
When logging in this mailbox system upon registration, based on above-mentioned steps, in registration terminal 110, first input email address or open mailbox application software, and then sending mailbox system access request in mailbox system; In mailbox system, generating identification information feed back is returned afterwards.The user profile that mobile phone obtains registration generates the first authentication code with this identification information, and carries out certification to the first authentication code generated in authentication platform 140 in sending via mailbox system, and then realizes the secure log of registration terminal 110.
In an another embodiment, in the process that mobile terminal 120 is registered in this mailbox system, open Quick Response Code login mode in mailbox system (other a registration process is consistent with foregoing description).Like this, registration terminal 110 is with the form explicit identification information of Quick Response Code afterwards, and mobile terminal 120 obtains this 2 D code information with the form of barcode scanning.
As shown in Figure 8, present invention also offers a kind of application platform 130 login method, be applied to above-mentioned application platform login system 100, this application platform 130 login method specifically comprises: S1 registration terminal 110 obtains application platform access request, and sends it to application platform 130; S2 application platform 130 receives application platform access request, automatically distributes an identification information, and this identification information feedback is returned registration terminal 110; S3 registration terminal 110 obtains application platform logging request, and it is sent to application platform 130 together with the identification information received; S4 registration terminal 110 explicit identification information; S5 mobile terminal 120 obtains user profile, from registration terminal 110, obtains identification information simultaneously, and generates the first authentication code based on identification information and user profile, and user profile and the first authentication code are sent to application platform 130 in the lump; The user profile that S6 application platform 130 mobile terminal receive 120 sends and the first authentication code and receive the identification information that registration terminal 110 sends, and one is sent to authentication platform 140; S7 authentication platform 140 generates the second authentication code based on the user profile received and identification information; The second authentication code generated and the first authentication code received compare by S8 authentication platform 140, comparative result are fed back to application platform 130; S9 application platform 130 receives comparative result, and result sends confirmation request to mobile terminal 120 based on the comparison, and after standby communication terminal 120 confirms, feedback user homepage, to registration terminal 110, completes the login of this user.
Improve above-mentioned execution mode, step S2 comprises: application platform 130 receives application platform access request, automatically distributes an identification information, and the Quick Response Code link with this identification information is fed back to registration terminal 110; Step S4 comprises: registration terminal 110 display comprises the 2 D code information of identification information; Step S5 comprises: mobile terminal 120 obtains identification information by the mode of scanning from registration terminal 110.
It should be noted that above-described embodiment all can independent assortment as required.The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.

Claims (10)

1. an application platform login system, is characterized in that, described application platform login system comprises: registration terminal, mobile terminal, application platform and authentication platform, wherein,
Described registration terminal, logs in the solicited message of described application platform for obtaining user, receive the identification information that described application platform is distributed automatically based on described request information;
Described mobile terminal, communicates to connect with described registration terminal, and described acquisition for mobile terminal user profile obtains described identification information simultaneously from described registration terminal, and generates the first authentication code based on described user profile and described identification information;
Described application platform, communicates to connect with described registration terminal, mobile terminal and authentication platform respectively, and described application platform receives the solicited message also automatic allocation identification information feed back extremely described registration terminal that described registration terminal sends; Meanwhile, described application platform will receive described first authentication code and sends described authentication platform and carry out certification;
Described authentication platform, communicates to connect with described application platform, for realizing the certification of described first authentication code.
2. application platform login system as claimed in claim 1, it is characterized in that, described registration terminal comprises: for obtain described request information first information acquisition module, send described request information first information sending module, for receiving the first information receiver module of described identification information and the display module for showing described identification information, described first information acquisition module is connected with described first information sending module, and described first information receiver module is connected with described display module;
Described request information comprises: application platform access request and application platform logging request;
Described application platform distributes described identification information automatically based on described application platform access request;
Described application platform logging request comprises described identification information.
3. application platform login system as claimed in claim 1 or 2, it is characterized in that, described mobile terminal comprises: for obtaining the second data obtaining module of the described identification information shown in user profile and described registration terminal, for generating the computing module of described first authentication code and the second information sending module for sending described first authentication code and described user profile based on described identification information and described user profile, wherein, described computing module is connected with described second data obtaining module, described second information sending module is connected with described computing module,
The built-in mathematical algorithm with user's unique association in described computing module.
4. application platform login system as claimed in claim 3, it is characterized in that, the two-dimensional code generation module be connected with described first information receiver module and described display module respectively is also comprised in described registration terminal, described identification information for being received by described first information receiver module is converted to 2 D code information, and is presented in described display module by described 2 D code information;
Also comprise the info conversion module be connected with described second data obtaining module and described computing module respectively in described mobile terminal, described mobile terminal obtains described 2 D code information by the mode of scanning and by described info conversion module, described 2 D code information reduction is obtained described identification information.
5. the application platform login system as described in claim 1 or 2 or 4, it is characterized in that, described application platform comprises: for receiving the 3rd information receiving module of described the registration terminal solicited message sent and the user profile and the first authentication code that receive the transmission of described mobile terminal, based on the identification information distribution module of the automatic allocation identification information of described request information, for described identification information feedback being returned described registration terminal and by described user profile, described first authentication code and described identification information are sent to the 3rd information sending module of described certification terminal and the relating module for described identification information and described user profile being carried out unique association, wherein, described 3rd information receiving module respectively with described identification information distribution module, described relating module and described 3rd information sending module connect, described identification information distribution module is connected with described 3rd information sending module.
6. application platform login system as claimed in claim 5, it is characterized in that, described authentication platform comprises: for receive described user profile that described application platform sends, described first authentication code and described identification information the 4th information receiving module, for generating the described computing module of described second authentication code, the judge module of described first authentication code and described second authentication code being compared, the 4th information sending module that described comparison result fed back to described application platform based on described identification information and described user profile; Wherein, described computing module is connected with described 4th information receiving module, and described judge module is connected with described 4th information receiving module and described computing module respectively, and described 4th information sending module is connected with described judge module;
The built-in mathematical algorithm with user's unique association in described computing module.
7. application platform login system as claimed in claim 6, is characterized in that,
Also comprise in described authentication platform: random number generation module, algorithm generation module and collector; Wherein,
Described random number generation module generates random key based on described identification information;
Described algorithm generation module, is connected with described random number generation module, and described algorithm generation module generates described mathematical algorithm based on described random key;
Described collector, be connected with described algorithm generation module, the described mathematical algorithm compiling that described algorithm generation module generates by described collector is carried out compiling and is formed described computing module, and described computing module is sent to described mobile terminal via application platform.
8. application platform login system as claimed in claim 7, it is characterized in that, described algorithm generation module comprises:
For determining the priority determining unit of the priority of operations of described mathematical algorithm according to described random key;
And/or,
For determining the structure determination unit of the packet configuration of described mathematical algorithm and the priority of operations of described packet configuration according to described random key;
And/or,
For determining the parameter determination unit of the operational parameter of described mathematical algorithm according to described random key.
9. an application platform login method, is characterized in that, described application platform login method is applied to the application platform login system as described in claim 1-8 any one, and described application platform login method specifically comprises:
S1 registration terminal obtains application platform access request, and sends it to application platform;
S2 application platform receives described application platform access request, automatically distributes an identification information, and this identification information feedback is returned registration terminal;
S3 registration terminal obtains application platform logging request, and it is sent to application platform together with the identification information received;
S4 registration terminal shows described identification information;
S5 acquisition for mobile terminal user profile, simultaneously from described registration terminal, obtain described identification information, and generate the first authentication code based on described identification information and user profile, and described user profile and described first authentication code are sent to application platform in the lump;
S6 application platform receives described user profile and described first authentication code that described mobile terminal sends and receives the identification information that described registration terminal sends, and one is sent to authentication platform;
S7 authentication platform generates the second authentication code based on the described user profile received and described identification information;
The second authentication code generated and the first authentication code received compare by S8 authentication platform, and comparative result is fed back to application platform;
S9 application platform receives described comparative result, and sends confirmation request to mobile terminal based on described comparative result, and after standby communication terminal confirms, feedback user homepage, to registration terminal, completes the login of this user.
10. application platform login method as claimed in claim 9, is characterized in that,
Step S2 comprises: application platform receives described application platform access request, automatically distributes an identification information, and the Quick Response Code link with this identification information is fed back to registration terminal;
Step S4 comprises: registration terminal display comprises the 2 D code information of described identification information;
Step S5 comprises: mobile terminal obtains described identification information by the mode of scanning from described registration terminal.
CN201610032579.9A 2016-01-19 2016-01-19 A kind of application platform login system and its login method Active CN105515781B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610032579.9A CN105515781B (en) 2016-01-19 2016-01-19 A kind of application platform login system and its login method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610032579.9A CN105515781B (en) 2016-01-19 2016-01-19 A kind of application platform login system and its login method

Publications (2)

Publication Number Publication Date
CN105515781A true CN105515781A (en) 2016-04-20
CN105515781B CN105515781B (en) 2018-09-14

Family

ID=55723453

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610032579.9A Active CN105515781B (en) 2016-01-19 2016-01-19 A kind of application platform login system and its login method

Country Status (1)

Country Link
CN (1) CN105515781B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105827621A (en) * 2016-04-25 2016-08-03 上海众人网络安全技术有限公司 Internet-based reservation platform login system and login method thereof
CN107528819A (en) * 2016-11-23 2017-12-29 成都身边科技有限公司 Account binding method and device
CN109033767A (en) * 2018-06-11 2018-12-18 深圳市沃特沃德股份有限公司 A kind of method and device forming registration information
CN109409072A (en) * 2018-11-14 2019-03-01 郑州云海信息技术有限公司 A kind of application login method, device and system
CN113220758A (en) * 2021-04-26 2021-08-06 重庆市规划和自然资源信息中心 Project maturity analysis demonstration method
CN114257393A (en) * 2020-09-25 2022-03-29 中国移动通信有限公司研究院 Terminal equipment authentication method and device and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296241A (en) * 2008-06-30 2008-10-29 北京飞天诚信科技有限公司 Method for improving identity authentication security based on password card
CN102811228A (en) * 2012-08-31 2012-12-05 中国联合网络通信集团有限公司 Network business login method, equipment and system
CN104579649A (en) * 2013-10-28 2015-04-29 腾讯科技(深圳)有限公司 Identity recognition method and system
EP2940961A1 (en) * 2014-04-30 2015-11-04 Fujitsu Limited Device configuration for secure communication
US20150326565A1 (en) * 2009-02-03 2015-11-12 Inbay Technologies Inc. Method and system for authorizing secure electronic transactions using a security device having a quick response code scanner

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296241A (en) * 2008-06-30 2008-10-29 北京飞天诚信科技有限公司 Method for improving identity authentication security based on password card
US20150326565A1 (en) * 2009-02-03 2015-11-12 Inbay Technologies Inc. Method and system for authorizing secure electronic transactions using a security device having a quick response code scanner
CN102811228A (en) * 2012-08-31 2012-12-05 中国联合网络通信集团有限公司 Network business login method, equipment and system
CN104579649A (en) * 2013-10-28 2015-04-29 腾讯科技(深圳)有限公司 Identity recognition method and system
EP2940961A1 (en) * 2014-04-30 2015-11-04 Fujitsu Limited Device configuration for secure communication

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105827621A (en) * 2016-04-25 2016-08-03 上海众人网络安全技术有限公司 Internet-based reservation platform login system and login method thereof
CN107528819A (en) * 2016-11-23 2017-12-29 成都身边科技有限公司 Account binding method and device
CN107528819B (en) * 2016-11-23 2020-06-23 成都身边科技有限公司 Account number binding method and device
CN109033767A (en) * 2018-06-11 2018-12-18 深圳市沃特沃德股份有限公司 A kind of method and device forming registration information
CN109409072A (en) * 2018-11-14 2019-03-01 郑州云海信息技术有限公司 A kind of application login method, device and system
CN114257393A (en) * 2020-09-25 2022-03-29 中国移动通信有限公司研究院 Terminal equipment authentication method and device and computer readable storage medium
CN113220758A (en) * 2021-04-26 2021-08-06 重庆市规划和自然资源信息中心 Project maturity analysis demonstration method

Also Published As

Publication number Publication date
CN105515781B (en) 2018-09-14

Similar Documents

Publication Publication Date Title
CN105515781A (en) Login system of application platform and login method thereof
CN101350720B (en) Dynamic cipher authentication system and method
CN105516195A (en) Security authentication system and security authentication method based on application platform login
TWI683567B (en) Security verification method, device, server and terminal
US9756056B2 (en) Apparatus and method for authenticating a user via multiple user devices
CN103609090A (en) Method and device for identity login
CN104077689A (en) Information verification method, relevant device and system
CN107086979B (en) User terminal verification login method and device
CN101808092B (en) Multi-certificate sharing method and system as well as intelligent card
CN103986584A (en) Double-factor identity verification method based on intelligent equipment
CN104820944A (en) Method and system for bank self-service terminal authentication, and device
CN105323253A (en) Identity verification method and device
CN105227520B (en) A kind of account password setting and the method and system of authenticating user identification
CN103200176A (en) Identification method, identification device and identification system based on bank independent communication channel
CN105959942A (en) Identification authentication system and identification authentication method based on wireless access
US20120159598A1 (en) User authentication system and method using personal identification number
CN104767617A (en) Message processing method, system and related device
CN105827620A (en) Data transmission system and method thereof
CN108932424A (en) A kind of device registering system and method
CN104426659A (en) Dynamic password generating method, authentication method, authentication system and corresponding equipment
CN105591745A (en) Method and system for performing identity authentication on user using third-party application
CN107113613A (en) Server, mobile terminal, real-name network authentication system and method
CN105827621A (en) Internet-based reservation platform login system and login method thereof
CN103209074A (en) Security authentication method and system and short message processor
CN106656969A (en) Payment state management method and system thereof, and network payment system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 201203 Shanghai Pudong New Area China (Shanghai) free trade pilot area Zu

Applicant after: Shanghai PeopleNet Security Technology Co., Ltd.

Address before: 201821 211 rooms, No. 1411, Yecheng Road, Jiading District, Shanghai

Applicant before: Shanghai PeopleNet Security Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant