CN105790945A

CN105790945A - Authentication method, device and system for authenticating user unique identity

Info

Publication number: CN105790945A
Application number: CN201410806348.XA
Authority: CN
Inventors: 刘景磊
Original assignee: China Mobile Communications Group Co Ltd
Current assignee: China Mobile Communications Group Co Ltd
Priority date: 2014-12-22
Filing date: 2014-12-22
Publication date: 2016-07-20
Anticipated expiration: 2034-12-22
Also published as: CN105790945B

Abstract

The invention discloses an authentication method for authenticating a user unique identity. The method comprises following steps of carrying out authentication with an authentication platform after an authentication device is connected with a mobile terminal; logging in a client of the authentication device on the mobile terminal after authentication is passed; sending unique identity authentication information and the information of an APP application to the authentication platform by the authentication device; determining identity identification information shared with the APP application by the authentication platform according to the unique identity authentication information; sending the identity identification information to an APP platform; and sending corresponding login information to the client by the APP platform for logging in the APP application. Moreover, the invention also discloses an authentication device and system for authenticating user unique identities.

Description

A kind of realize the authentication method of user's unique identities certification, device and system

Technical field

The present invention relates to network security technology, particularly relate to and a kind of realize the authentication method of user's unique identities certification, device and system.

Background technology

The certification of mobile terminal authentication system many employings (whole world) Subscriber Identity Module (U) SIM of current operator, and this certification mode is primarily directed to the certification of subscriber card, in the epoch of user one machine one card, (U) SIM certification preferably resolves " user identity " authentication question.But along with the arrival in user's multimachine many cards manys' epoch, the problem that (U) SIM certification cannot solve " user identity " certification.Network needs the method for brand-new mark user's unique identities.

Additionally, along with the arrival in 4G epoch, mobile Internet industry enters the stage of high speed development, the upper all kinds of APP installed of intelligent terminal's (hereinafter referred to as terminal) also enrich constantly the Working Life of people.Identification mode and Verification System emerge in an endless stream.A lot of common popular APP are owned by substantial amounts of user, and have each independent authenticating user identification scheme.According to user's use habit, user needs to remember individual account information different in a large number, applies more many, and user remembers that the probability of associated user's name and password is more low, and this had both wasted Internet resources, also brings the unnecessary troubles such as frequent memory to user.How under ensureing the premise of individual privacy of user, to realize quick certification to be particularly important.

The Verification System of current internet, applications can not solve the needs of the quick certification of user.If the business such as immediate communication platform, social platform is for guaranteeing safety, user reset system or change mobile phone again log in time, it is necessary to user re-registers or logs in.When user's certain application commonly used forgets Password, the mode giving password for change also can reduce the experience of user.

Summary of the invention

For solving the technical problem of existing existence, present invention generally provides and a kind of realize the authentication method of user's unique identities certification, device and system.

The technical scheme is that and be achieved in that:

The present invention provides a kind of authentication method realizing user's unique identities certification, and the method includes:

Authenticating device, after being connected to mobile terminal, is authenticated with authentication platform, after certification is passed through, logs in the client of described authenticating device on mobile terminal；

The information that unique identities authentication information and APP are applied is sent to authentication platform by authenticating device, so that authentication platform is determined and the identity identification information of APP Application share according to described unique identities authentication information, and it is sent to APP platform, issued the log-on message of correspondence to described client by APP platform, be used for logging in described APP application.

In such scheme, the method also includes: authenticating device authentication storage platform is the device id value of authenticating device distribution, and CAMEL-Subscription-Information is stored authentication platform, also by with authentication platform interactive setup password.

In such scheme, described it is authenticated with authentication platform, after certification is passed through, log in the client of described authenticating device on mobile terminal, including: authenticating device receives the password of user's input, the first certification request of Portable device ID value and password is sent to authentication platform, receive the authentication platform authentication result according to device id value and password, authentication result be certification pass through time, mobile terminal present procedure is searched the client of correspondence, if found, the then client of login authentication equipment, if do not found, then run the installation kit of client, install after successfully, the client of login authentication equipment.

In such scheme, the information that unique identities authentication information and APP are applied is sent to authentication platform by described authenticating device, show to be whether currently the prompting of the mobile terminal bound by mobile terminal including: authenticating device, when the selection of the mobile terminal received as binding, authenticating device sends the second certification request to authentication platform, described second certification request Portable device ID value and/or current mobile terminal number, and use the information of the APP application of authenticating device certification, described authenticating device is also to device id value and/or current mobile terminal number, and the information of described APP application is encrypted；When receiving not for the selection of the mobile terminal bound, display whether the prompting of binding current mobile terminal, when receiving the selection of binding current mobile terminal, authenticating device obtains the international mobile subscriber identity IMSI number in the Subscriber Identity Module SIM of current mobile terminal or mobile terminal number, the second certification request, the information of described second certification request Portable device ID value, described IMSI number or mobile terminal number, binding instruction and described APP application is sent to authentication platform；When receiving the selection not binding current mobile terminal, authenticating device sends the second certification request, the information of described second certification request Portable device ID value and described APP application to authentication platform.

In such scheme, the method also includes:

The information of the APP application that authentication platform carries according to the second certification request, determine when the identity identification information with corresponding APP Application share is mobile terminal number, if binding instruction not being carried in the second certification request and having mobile terminal number, then send described mobile terminal number and the information of APP application to described APP platform；

If binding instruction not being carried in the second certification request and there is no mobile terminal number and IMSI number, in CAMEL-Subscription-Information, then found the mobile terminal number of corresponding binding by entrained device id value, send described mobile terminal number and the information of APP application to described APP platform；

If binding instruction not being carried in the second certification request and there is no mobile terminal number but have IMSI number, then search corresponding mobile terminal number by described IMSI number to home subscriber server HSS, after the mobile terminal number finding correspondence, send described mobile terminal number and the information of APP application to described APP platform；

If binding instruction is carried in the second certification request, then entrained mobile terminal number is stored in the CAMEL-Subscription-Information that device id value is corresponding, described mobile terminal number and the information of APP application is sent to described APP platform, or, corresponding mobile terminal number is searched to HSS by IMSI number, after the mobile terminal number finding correspondence, described mobile terminal number is stored in the CAMEL-Subscription-Information that device id value is corresponding, sends described mobile terminal number and the information of APP application to described APP platform；

The log-on message of the described mobile terminal number that described APP platform is applied according to the APP information searching applied to corresponding A PP, described log-on message is transmitted to authentication platform, described log-on message is issued to the client of correspondence by described authentication platform, for the described APP login applied.

In such scheme, the method also includes:

The information of the APP application that authentication platform carries according to the second certification request, it is determined that when being device id value with the identity identification information of corresponding APP Application share, the device id value carry the second certification request and the information of APP application are sent to described APP platform；The log-on message of the described device id value that described APP platform is applied according to the described APP information searching applied to corresponding A PP, described log-on message is transmitted to authentication platform, described log-on message is issued to the client of correspondence by described authentication platform, for the described APP login applied.

In such scheme, described APP platform includes: the platform of the APP application that operator is own and the platform of third party APP application.

The client of authenticating device is logged in by rear permission with authentication platform certification at authenticating device, the list applied of the APP with authenticating device binding is shown at client end interface, after the message receiving the APP application that user clicks in described list, determine that mobile terminal is fitted without described APP application, downloaded and install the installation kit of described APP application by authentication platform；

The client of authenticating device receives the log-on message of the described APP application correspondence that APP platform is issued by authentication platform, calls the interface of described APP application, described log-on message is inserted described APP application, described APP application initiate logging request to APP platform.

In such scheme, the method also includes: the log-on message of the client records APP application correspondence of described authenticating device, it is connected with mobile terminal at authenticating device, and when being again started up described APP application, log-on message is directly inserted described APP application by the client of described authenticating device.

In such scheme, the method also includes: the client of described authenticating device, when detecting that authenticating device disconnects with mobile terminal, removes all operations information relevant to described authenticating device in mobile terminal.

The authenticating device being connected to mobile terminal is authenticated by authentication platform, and after certification is passed through, authentication platform receives unique identities authentication information and the information of APP application；

Authentication platform is determined and the identity identification information of APP Application share according to described unique identities authentication information, and is sent to APP platform, and the corresponding log-on message issued by APP platform is forwarded to the client of authenticating device, is used for logging in described APP application.

In such scheme, the authenticating device being connected to mobile terminal is authenticated including by described authentication platform:

The CAMEL-Subscription-Information of authentication platform authentication storage equipment, by the password with authenticating device interactive setup authenticating device, receives the Portable device ID value of authenticating device transmission and the first certification request of password, according to device id value and password, described authenticating device is authenticated.

In such scheme, described authentication platform receives the information of unique identities authentication information and APP application and includes: authentication platform receives the second certification request of the information carrying unique identities authentication information and APP application that authenticating device sends, and described unique identities authentication information includes: the device id value of authenticating device and/or mobile terminal number.

In such scheme, described authentication platform is determined and the identity identification information of APP Application share according to described unique identities authentication information, and is sent to APP platform, and the corresponding log-on message issued by APP platform is forwarded to the client of authenticating device, including:

Authentication platform receives the second certification request that authenticating device sends, information according to the APP application that the second certification request is carried, determine when the identity identification information with corresponding APP Application share is mobile terminal number, if binding instruction not being carried in the second certification request and having mobile terminal number, then send described mobile terminal number and the information of APP application to described APP platform；

If binding instruction not being carried in the second certification request and there is no mobile terminal number but have IMSI number, then search corresponding mobile terminal number by described IMSI number to HSS, after the mobile terminal number finding correspondence, send described mobile terminal number and the information of APP application to described APP platform；

The log-on message of the described mobile terminal number that APP platform is applied according to the described APP information searching applied to corresponding A PP, authentication platform receives the described log-on message that described APP platform sends, and described log-on message is issued to the client of authenticating device.

In such scheme, described authentication platform is determined and the identity identification information of APP Application share according to described unique identities authentication information, and it is sent to APP platform, the corresponding log-on message issued by APP platform is forwarded to the client of authenticating device, including: the information of the APP application that authentication platform carries according to the second certification request, determining when the identity identification information with corresponding APP Application share is device id value, the device id value carry the second certification request and the information of APP application are sent to described APP platform；The log-on message of the described device id value that described APP platform is applied according to the described APP information searching applied to corresponding A PP, authentication platform receives the described log-on message that described APP platform sends, and described log-on message is issued to the client of authenticating device.

In such scheme, the method also includes: the described APP installation kit applied download address in cloud storage is returned to described client after receiving the application of the installation kit downloading APP application of client by authentication platform.

The present invention provides a kind of authenticating device, and this authenticating device includes: device authentication module, APP authentication module；Wherein,

Device authentication module, for, after being connected to mobile terminal, being authenticated with authentication platform, after certification is passed through, logs in the client of described authenticating device on mobile terminal；

APP authentication module, for the information that unique identities authentication information and APP are applied is sent to authentication platform, so that authentication platform is determined and the identity identification information of APP Application share according to described unique identities authentication information, and it is sent to APP platform, issued the log-on message of correspondence to described client by APP platform, be used for logging in described APP application.

In such scheme, described device authentication module, specifically for receiving the password of user's input, the first certification request of Portable device ID value and password is sent to authentication platform, receive the authentication platform authentication result according to device id value and password, authentication result be certification pass through time, search in mobile terminal present procedure correspondence client, if found, the then client of login authentication equipment, if do not found, then runs the installation kit of client, install after successfully, the client of login authentication equipment.

In such scheme, described APP authentication module, specifically for being shown the prompting of the mobile terminal being currently whether binding by mobile terminal, when the selection of the mobile terminal received as binding, send the second certification request, described second certification request Portable device ID value and/or current mobile terminal number to authentication platform and use the APP of the authenticating device certification information applied；When receiving not for the selection of the mobile terminal bound, display whether the prompting of binding current mobile terminal, when receiving the selection of binding current mobile terminal, obtain the IMSI number in the SIM of current mobile terminal or mobile terminal number, the second certification request, the information of described second certification request Portable device ID value, described IMSI number or mobile terminal number, binding instruction and described APP application is sent to authentication platform；When receiving the selection not binding current mobile terminal, send the second certification request, the information of described second certification request Portable device ID value and described APP application to authentication platform.

The present invention provides a kind of client, and this client includes: interface module, download module, login module；Wherein,

Interface module, logs in for passing through rear permission in authenticating device and authentication platform certification, shows the list applied of the APP with authenticating device binding at client end interface；

Download module, for after the message receiving the APP application that user clicks in described list, it is determined that mobile terminal is fitted without described APP application, is downloaded and install the installation kit of described APP application by authentication platform；

Login module, for receiving the log-on message of the described APP application correspondence that APP platform is issued by authentication platform, calls the interface of described APP application, described log-on message is inserted described APP application, described APP application initiate logging request to APP platform.

In such scheme, this client also includes: information storage module, the log-on message corresponding for recording APP application, is connected with mobile terminal at authenticating device, and when being again started up described APP application, directly described log-on message is sent to login module.

In such scheme, this client also includes: erasing of information module, for when detecting that authenticating device disconnects with mobile terminal, removing all operations information relevant to described authenticating device in mobile terminal.

The present invention provides a kind of authentication platform, and this authentication platform includes: the first authentication module, the second authentication module；Wherein,

First authentication module, for being authenticated the authenticating device being connected to mobile terminal；

Second authentication module, for receiving unique identities authentication information and the information of APP application, determine and the identity identification information of APP Application share according to described unique identities authentication information, and it is sent to APP platform, the corresponding log-on message issued by APP platform is forwarded to the client of authenticating device, is used for logging in described APP application.

In such scheme, this authentication platform also includes: CAMEL-Subscription-Information memory module, for the CAMEL-Subscription-Information of authentication storage equipment.

In such scheme, described first authentication module, specifically for by the password with authenticating device interactive setup authenticating device, receiving the Portable device ID value of authenticating device transmission and the first certification request of password, according to device id value and password, described authenticating device be authenticated.

In such scheme, described second authentication module, specifically for receiving the second certification request that authenticating device sends, information according to the APP application that the second certification request is carried, determine when the identity identification information with corresponding APP Application share is mobile terminal number, if binding instruction not being carried in the second certification request and having mobile terminal number, then send described mobile terminal number and the information of APP application to APP platform；

Afterwards, receive the log-on message of the described mobile terminal number of the corresponding A PP application that described APP platform sends, described log-on message is issued to the client of authenticating device, for the described APP login applied.

In such scheme, described second authentication module, specifically for receiving the second certification request that authenticating device sends, information according to the APP application that the second certification request is carried, determining when the identity identification information with corresponding APP Application share is device id value, the device id value carry the second certification request and the information of APP application are sent to APP platform；Receive the log-on message of the described device id value of the corresponding A PP application that described APP platform sends, described log-on message is issued to the client of authenticating device, for the described APP login applied.

In such scheme, this authentication platform also includes: cloud storage module, for storing the installation kit of the APP application that client shows, after the application of the installation kit downloading APP application receiving client, the described APP installation kit applied download address in cloud storage is returned to described client.

In such scheme, this authentication platform also includes: HSS enquiry module, for searching corresponding mobile terminal number according to IMSI number.

The present invention provides a kind of Verification System realizing user's unique identities certification, and this system includes: authenticating device, client, authentication platform；Wherein,

Authenticating device, for, after being connected to mobile terminal, being authenticated with authentication platform, after certification is passed through, logs in the client of described authenticating device on mobile terminal, and the information that unique identities authentication information and APP are applied is sent to authentication platform；

Client, for showing the list of the APP application with authenticating device binding, after the message receiving the APP application that user clicks in described list, it is determined that mobile terminal is fitted without described APP application, is downloaded and install the installation kit of described APP application by authentication platform；Receive the log-on message of the described APP application correspondence that APP platform is issued by authentication platform；Call the interface of described APP application, described log-on message is inserted described APP application, described APP application initiate logging request to APP platform；

Authentication platform, for the authenticating device being connected to mobile terminal is authenticated, after certification is passed through, receive unique identities authentication information and the information of APP application, determine and the identity identification information of APP Application share according to described unique identities authentication information, and it being sent to APP platform, the corresponding log-on message issued by APP platform is forwarded to the client of authenticating device.

The invention provides and a kind of realize the authentication method of user's unique identities certification, device and system, authenticating device is after being connected to mobile terminal, it is authenticated with authentication platform, after certification is passed through, the client of login authentication equipment, the information that unique identities authentication information and APP are applied is sent to authentication platform by authenticating device, so that authentication platform is determined and the identity identification information of APP Application share according to described unique identities authentication information, and it is sent to APP platform, issued the log-on message of correspondence to described client by APP platform, be used for logging in described APP application；So, achieve the certification between authenticating device and authentication platform, and successfully solve the mutual sharing problem of authentication information between authentication platform and other APP platforms, preferably resolve user when using many APP, need to frequently enter the problem of log-on message, ensure that the safety of log-on message and privacy of user are inviolable, and avoid the problem that user can forget Password.

Accompanying drawing explanation

Fig. 1 is the schematic flow sheet that the embodiment of the present invention one realizes the authentication method of user's unique identities certification；

Fig. 2 is the schematic flow sheet that the embodiment of the present invention two realizes the authentication method of user's unique identities certification；

Fig. 3 is the schematic flow sheet that the embodiment of the present invention three realizes the authentication method of user's unique identities certification；

The composition structural representation of the authenticating device that Fig. 4 provides for the embodiment of the present invention four；

The composition structural representation of the client that Fig. 5 provides for the embodiment of the present invention five；

The composition structural representation of the authentication platform that Fig. 6 provides for the embodiment of the present invention six；

Fig. 7 is the composition structural representation that the embodiment of the present invention seven realizes the Verification System of user's unique identities certification.

Detailed description of the invention

In the embodiment of the present invention, authenticating device is after being connected to mobile terminal, it is authenticated with authentication platform, after certification is passed through, log in the client of described authenticating device on mobile terminal, the information that unique identities authentication information and APP are applied is sent to authentication platform by authenticating device, so that authentication platform is determined and the identity identification information of APP Application share according to described unique identities authentication information, and it is sent to APP platform, issued the log-on message of correspondence to described client by APP platform, be used for logging in described APP application.Here, described authenticating device can be " with " key.

Below by drawings and the specific embodiments, the present invention is described in further detail.

Embodiment one

A kind of authentication method realizing user's unique identities certification of the present embodiment, as it is shown in figure 1, the method includes following step:

Step 101: authenticating device is connected to mobile terminal；

Concrete, authenticating device can pass through earphone jack or USB interface is connected with mobile terminal, when supporting wireless access, it is also possible to be connected with mobile terminal by the short distance technology such as bluetooth, WiFi；

Here, described authenticating device possesses hardware encryption and the ability calculated, and at least can provide the multiple modes of operation such as button touch-control, vocal print typing, fingerprint recognition, and can combine with Mobile terminal keyboard and corresponding client, it is provided that Password Input ability；

The installation kit of the built-in supporting client of described authenticating device, supporting client support logs in defeated close interface, supports storage user's APP service condition record, supports to present the function of APP list of application and other the required bindings having cooperation or binding relationship with authenticating device.

Before this step, the method also includes: user is when buying authenticating device, authenticating device authentication storage platform is the device id value of authenticating device distribution, and CAMEL-Subscription-Information is stored authentication platform, described CAMEL-Subscription-Information includes: user's Real Name, identity information, device id value, the required mobile terminal number etc. bound of user, wherein, mobile terminal number can have multiple, when having multiple, major number need to be specified, authenticating device also by with authentication platform interactive setup password, described password can be vocal print, fingerprint, numeral, character etc.；

Described device id value can be chosen as the ID value of phone number form or the ID value of random sequence, if selecting the ID value of phone number form, and when having bound a major number, device id value will become the minor number of user, user may choose whether to receive the incoming call of described minor number or note (general note acquiescence is essential), when the operator belonging to authentication platform and the APP platform cooperation of APP application, if user does not inform the major number of APP application binding described in APP platform, described minor number is using as the identity identification information with described APP Application share, can facilitate user in follow-up use procedure, receive the APP application note to minor number transmission or incoming call, as: the information such as short message password checking.

Step 102: authenticating device and authentication platform are authenticated, after certification is passed through, logs in the client of described authenticating device on mobile terminal；

Concrete, after authenticating device is connected to mobile terminal, receive the password of user's input, the first certification request of Portable device ID value and password is sent to authentication platform, receive the authentication platform authentication result according to device id value and password, authentication result be certification pass through time, mobile terminal present procedure is searched the client of correspondence, if found, the then client of login authentication equipment, if do not found, then runs the installation kit of the built-in client of authenticating device, install after successfully, the client of login authentication equipment.Here, the device id value in the first certification request and password can also be encrypted by described authenticating device, after encryption, described first certification request are sent to authentication platform.The password of described user input can be input password window in interface of mobile terminal display after authenticating device is connected to mobile terminal, password is inputted on mobile terminals by user, or, the multiple mode of operation input password such as button touch-control that user is provided by authenticating device, vocal print typing, fingerprint recognition；Described login refers to the client utilizing the ID value of authenticating device to sign in authenticating device.

Step 103: when starting APP and applying and select to use authenticating device certification, the information that unique identities authentication information and described APP are applied is sent to authentication platform by authenticating device；

In this step, described unique identities authentication information includes: device id value and/or mobile terminal number；

The information that unique identities authentication information and described APP are applied can also be encrypted by described authenticating device, is sent to authentication platform after encryption；

Described APP application includes: the APP application that APP application and other non-customer ends on desktop that client presents present；What the APP application that described client presents was client records applies with the APP of authenticating device binding；

Concrete, when starting APP and applying and select to use authenticating device certification, authenticating device show to be currently whether the prompting of the mobile terminal bound by mobile terminal, when the selection of the mobile terminal received as binding, authenticating device sends the second certification request to authentication platform, the information of described second certification request Portable device ID value and/or current mobile terminal number and described APP application, the information of device id value and/or current mobile terminal number and described APP application can also be encrypted by described authenticating device；When receiving not for the selection of the mobile terminal bound, display whether the prompting of binding current mobile terminal, when receiving the selection of binding current mobile terminal, authenticating device obtains the IMSI number in the SIM of current mobile terminal or mobile terminal number, the second certification request, the information of described second certification request Portable device ID value, described IMSI number or mobile terminal number, binding instruction and described APP application is sent to authentication platform；When receiving the selection not binding current mobile terminal, authenticating device sends the second certification request, the information of described second certification request Portable device ID value and described APP application to authentication platform.

Step 104: authentication platform is determined and the identity identification information of APP Application share according to described unique identities authentication information, and is sent to APP platform, is issued the log-on message of correspondence to described client by APP platform, is used for logging in APP application；

Here, described shared identity identification information is the identity identification information that authentication platform is corresponding with the log-on message with user of APP application agreement, as: mobile terminal number, device id value etc.；

Concrete, the information of the APP application that authentication platform carries according to the second certification request, determine when the identity identification information with corresponding APP Application share is mobile terminal number, if not carrying in the second certification request of binding instruction and having mobile terminal number, then send described mobile terminal number and the information of APP application to described APP platform；If not carrying in the second certification request of binding instruction and there is no mobile terminal number and IMSI number, in CAMEL-Subscription-Information, then found the mobile terminal number of corresponding binding by entrained device id value, send described mobile terminal number and the information of APP application to described APP platform；There is no mobile terminal number if do not carried in the second certification request of binding instruction but have IMSI number, then search corresponding mobile terminal number by described IMSI number to HSS, after the mobile terminal number finding correspondence, send described mobile terminal number and the information of APP application to described APP platform；If binding instruction is carried in the second certification request, then entrained mobile terminal number is stored in the CAMEL-Subscription-Information that device id value is corresponding, described mobile terminal number and the information of APP application is sent to described APP platform, or, corresponding mobile terminal number is searched to HSS by IMSI number, after the mobile terminal number finding correspondence, described mobile terminal number is stored in the CAMEL-Subscription-Information that device id value is corresponding, sends described mobile terminal number and the information of APP application to described APP platform；Then, the log-on message of the described mobile terminal number that described APP platform is applied according to the described APP information searching applied to corresponding A PP, described log-on message is transmitted to authentication platform, and described log-on message is issued to the client of correspondence by described authentication platform, for the described APP login applied；

Here, described APP platform includes: the platform of the APP application that operator is own and the platform of third party APP application.

Embodiment two

A kind of authentication method realizing user's unique identities certification of the present embodiment, as in figure 2 it is shown, the method includes following step:

Step 201: the client of authenticating device is logged in by rear permission with authentication platform certification at authenticating device, the list applied of the APP with authenticating device binding is shown at client end interface, after the message receiving the APP application that user clicks in described list, determine that mobile terminal is fitted without described APP application, downloaded and install the installation kit of described APP application by authentication platform；

Concrete, the client of authenticating device is connected with mobile terminal at authenticating device and is logged in by rear permission with authentication platform certification, the list applied of the APP with authenticating device binding is shown at client end interface, after the message receiving the APP application that user clicks in described list, search whether described APP application is installed in current mobile terminal, when determining that being fitted without described APP applies, the installation kit of described APP application is downloaded to authentication platform application, the installation kit of the described APP application that reception authentication platform returns download address in cloud storage, download and install described APP application by described download address；The list of the described APP application with authenticating device binding comprises the own APP application of operator, as: Fetion, 139 mailboxes, with bright cloud etc., third party APP application is comprised also dependent on cooperation, as: wechat, microblogging etc., user can according to oneself demand, choose the own APP application of operator or have the third party APP of cooperation to apply with operator, add described list, user can also add new APP and be applied to list, described new APP application needs and authentication platform, authenticating device binds shared identity identification information in advance, as: mobile terminal number, device id value etc..

In this step, if the client of authenticating device determines that mobile terminal has been installed the APP application of user's click or determined that user clicks the APP application that non-customer end shows, then directly perform step 202.

Step 202: the client of authenticating device receives the log-on message of the described APP application correspondence that APP platform is issued by authentication platform；

Step 203: the interface of APP application described in the client call of authenticating device, inserts described log-on message described APP application, described APP application initiates logging request to APP platform；

The method also includes: the log-on message of the client records APP application correspondence of described authenticating device, is connected with mobile terminal at authenticating device, and when being again started up described APP application, log-on message is directly inserted described APP application by the client of described authenticating device；

It addition, the client of described authenticating device is when detecting that authenticating device disconnects with mobile terminal, remove all operations information relevant to described authenticating device in mobile terminal, so, user is using other people mobile phone, when temporarily using the business of oneself, does not stay use vestige in other people mobile phone.

Embodiment three

A kind of authentication method realizing user's unique identities certification of the present embodiment, as it is shown on figure 3, the method includes following step:

Step 301: the authenticating device being connected to mobile terminal is authenticated by authentication platform；

Concrete, the authentication platform storage user CAMEL-Subscription-Information when buying authenticating device, described CAMEL-Subscription-Information includes: user's Real Name, identity information, device id value, the required mobile terminal number etc. bound of user, authentication platform is by the password with authenticating device interactive setup authenticating device, receive the Portable device ID value of authenticating device transmission and the first certification request of password, according to device id value and password, described authenticating device is authenticated.

In this step, when in the first certification request, device id value and password are encrypted, authentication platform is decrypted always according to the cipher mode made an appointment.

Step 302: after certification is passed through, authentication platform receives unique identities authentication information and the information of APP application；

Described authentication platform receives the second certification request of the information carrying unique identities authentication information and APP application that authenticating device sends；

When the information that described unique identities authentication information and described APP apply is encrypted, authentication platform is decrypted always according to the cipher mode made an appointment.

Step 303: authentication platform is determined and the identity identification information of APP Application share according to described unique identities authentication information, and it is sent to APP platform, the corresponding log-on message issued by APP platform is forwarded to the client of authenticating device, is used for logging in described APP application.

Concrete, authentication platform receives the second certification request that authenticating device sends, information according to the APP application that the second certification request is carried, determine when the identity identification information with corresponding APP Application share is mobile terminal number, if binding instruction not being carried in the second certification request and having mobile terminal number, then send described mobile terminal number and the information of APP application to described APP platform；If binding instruction not being carried in the second certification request and there is no mobile terminal number and IMSI number, in CAMEL-Subscription-Information, then found the mobile terminal number of corresponding binding by entrained device id value, send described mobile terminal number and the information of APP application to described APP platform；If binding instruction not being carried in the second certification request and there is no mobile terminal number but have IMSI number, then search corresponding mobile terminal number by described IMSI number to HSS, after the mobile terminal number finding correspondence, send described mobile terminal number and the information of APP application to described APP platform；If binding instruction is carried in the second certification request, then entrained mobile terminal number is stored in the CAMEL-Subscription-Information that device id value is corresponding, described mobile terminal number and the information of APP application is sent to described APP platform, or, corresponding mobile terminal number is searched to HSS by IMSI number, after the mobile terminal number finding correspondence, described mobile terminal number is stored in the CAMEL-Subscription-Information that device id value is corresponding, sends described mobile terminal number and the information of APP application to described APP platform；Then, the log-on message of the described mobile terminal number that described APP platform is applied according to the described APP information searching applied to corresponding A PP, authentication platform receives the described log-on message that described APP platform sends, described log-on message is issued to the client of authenticating device, for the described APP login applied；

The information of the APP application that authentication platform carries according to the second certification request, it is determined that when being device id value with the identity identification information of corresponding APP Application share, the device id value carry the second certification request and the information of APP application are sent to described APP platform；The log-on message of the described device id value that described APP platform is applied according to the described APP information searching applied to corresponding A PP, authentication platform receives the described log-on message that described APP platform sends, described log-on message is issued to the client of authenticating device, for the described APP login applied.

The method of the present embodiment also includes: the described APP installation kit applied download address in cloud storage is returned to described client after receiving the application of the installation kit downloading APP application of client by authentication platform.

Embodiment four

The present embodiment provides a kind of authenticating device, and as shown in Figure 4, this authenticating device includes: device authentication module 41, APP authentication module 42；Wherein,

Device authentication module 41, for authenticating device after being connected to mobile terminal, is authenticated with authentication platform, after certification is passed through, logs in the client of described authenticating device on mobile terminal；

APP authentication module 42, for when starting APP and applying and select to use authenticating device certification, the information that unique identities authentication information and described APP are applied is sent to authentication platform, so that authentication platform is determined and the identity identification information of APP Application share according to described unique identities authentication information, and it is sent to APP platform, issued the log-on message of correspondence to described client by APP platform, be used for logging in described APP application.

Described device authentication module 41, specifically for receiving the password of user's input, the first certification request of Portable device ID value and password is sent to authentication platform, receive the authentication platform authentication result according to device id value and password, authentication result be certification pass through time, mobile terminal present procedure is searched the client of correspondence, if found, the then client of login authentication equipment, if do not found, then run the installation kit of the built-in client of authenticating device, install after successfully, the client of login authentication equipment.Here, the device id value in the first certification request and password can also be encrypted by described device authentication module 41, after encryption, described first certification request are sent to authentication platform.

Described unique identities authentication information includes: device id value and/or mobile terminal number；

Described APP authentication module 42, specifically for when starting APP and applying and select to use authenticating device certification, the prompting of the mobile terminal being currently whether binding is shown by mobile terminal, when the selection of the mobile terminal received as binding, the second certification request is sent to authentication platform, the information of described second certification request Portable device ID value and/or current mobile terminal number and described APP application, the information of device id value and/or current mobile terminal number and described APP application can also be encrypted by described APP authentication module 42；When receiving not for the selection of the mobile terminal bound, display whether the prompting of binding current mobile terminal, when receiving the selection of binding current mobile terminal, obtain the IMSI number in the SIM of current mobile terminal or mobile terminal number, the second certification request, the information of described second certification request Portable device ID value, described IMSI number or mobile terminal number, binding instruction and described APP application is sent to authentication platform；When receiving the selection not binding current mobile terminal, send the second certification request, the information of described second certification request Portable device ID value and described APP application to authentication platform.

Embodiment five

The present embodiment realizes a kind of client, as it is shown in figure 5, this client includes: interface module 51, download module 52, login module 53；Wherein,

Interface module 51, logs in for passing through rear permission in authenticating device and authentication platform certification, shows the list applied of the APP with authenticating device binding at client end interface；

Download module 52, for after the message receiving the APP application that user clicks in described list, it is determined that mobile terminal is fitted without described APP application, is downloaded and install the installation kit of described APP application by authentication platform；

Login module 53, for receiving the log-on message of the described APP application correspondence that APP platform is issued by authentication platform, calls the interface of described APP application, described log-on message is inserted described APP application, described APP application initiate logging request to APP platform；

This client also includes: information storage module 54, the log-on message corresponding for recording APP application, is connected with mobile terminal at authenticating device, and when being again started up described APP application, directly described log-on message is sent to login module 53；

This client also includes: erasing of information module 55, for when detecting that authenticating device disconnects with mobile terminal, remove all operations information relevant to described authenticating device in mobile terminal, so, user is using other people mobile phone, when temporarily using the business of oneself, in other people mobile phone, do not stay use vestige.

Embodiment six

The present embodiment also provides for a kind of authentication platform, and as shown in Figure 6, this authentication platform includes: first authentication module the 61, second authentication module 62；Wherein,

First authentication module 61, for being authenticated the authenticating device being connected to mobile terminal；

Second authentication module 62, for receiving unique identities authentication information and the information of APP application, determine and the identity identification information of APP Application share according to described unique identities authentication information, and it is sent to APP platform, the corresponding log-on message issued by APP platform is forwarded to the client of authenticating device, is used for logging in described APP application；

This authentication platform also includes: CAMEL-Subscription-Information memory module 63, and for storing user's CAMEL-Subscription-Information when buying authenticating device, described CAMEL-Subscription-Information includes: user's Real Name, identity information, device id value, the required mobile terminal number etc. bound of user；

Described first authentication module 61, specifically for by the password with authenticating device interactive setup authenticating device, receiving the Portable device ID value of authenticating device transmission and the first certification request of password, according to device id value and password, described authenticating device be authenticated；

Described second authentication module 62, specifically for receiving the second certification request that authenticating device sends, information according to the APP application that the second certification request is carried, determine when the identity identification information with corresponding APP Application share is mobile terminal number, if binding instruction not being carried in the second certification request and having mobile terminal number, then send described mobile terminal number and the information of APP application to APP platform；If binding instruction not being carried in the second certification request and there is no mobile terminal number and IMSI number, in CAMEL-Subscription-Information, then found the mobile terminal number of corresponding binding by entrained device id value, send described mobile terminal number and the information of APP application to described APP platform；If binding instruction not being carried in the second certification request and there is no mobile terminal number but have IMSI number, then search corresponding mobile terminal number by described IMSI number to HSS, after the mobile terminal number finding correspondence, send described mobile terminal number and the information of APP application to described APP platform；If binding instruction is carried in the second certification request, then entrained mobile terminal number is stored in the CAMEL-Subscription-Information that device id value is corresponding, described mobile terminal number and the information of APP application is sent to described APP platform, or, corresponding mobile terminal number is searched to HSS by IMSI number, after the mobile terminal number finding correspondence, described mobile terminal number is stored in the CAMEL-Subscription-Information that device id value is corresponding, sends described mobile terminal number and the information of APP application to described APP platform；Then, receive the log-on message of the described mobile terminal number of the corresponding A PP application that described APP platform sends, described log-on message is issued to the client of authenticating device, for the described APP login applied；

Described second authentication module 62, specifically for receiving the second certification request that authenticating device sends, information according to the APP application that the second certification request is carried, determining when the identity identification information with corresponding APP Application share is device id value, the device id value carry the second certification request and the information of APP application are sent to APP platform；Receive the log-on message of the described device id value of the corresponding A PP application that described APP platform sends, described log-on message is issued to the client of authenticating device, for the described APP login applied.

Described APP platform includes: the platform of the APP application that operator is own and the platform of third party APP application；

This authentication platform also includes: cloud storage module 64, for storing the installation kit of the APP application that client shows, after the application of the installation kit downloading APP application receiving client, the described APP installation kit applied download address in cloud storage is returned to described client；

This authentication platform also includes: HSS enquiry module 65, for searching corresponding mobile terminal number according to IMSI number.

Embodiment seven

A kind of Verification System realizing user's unique identities certification of the present embodiment, as it is shown in fig. 7, this system includes: authenticating device 71, client 72, authentication platform 73；Wherein,

Authenticating device 71, for, after being connected to mobile terminal, being authenticated with authentication platform 73, after certification is passed through, log in the client 72 of described authenticating device on mobile terminal, and the information that unique identities authentication information and described APP are applied is sent to authentication platform 73；

Client 72 arranges on mobile terminals, for showing the list of the APP application with authenticating device 71 binding, after the message receiving the APP application that user clicks in described list, determine that mobile terminal is fitted without described APP application, download and install the installation kit of described APP application by authentication platform 73；Receive the log-on message of the described APP application correspondence that APP platform is issued by authentication platform 73；Call the interface of described APP application, described log-on message is inserted described APP application, described APP application initiate logging request to APP platform；

Authentication platform 73, for the authenticating device being connected to mobile terminal is authenticated, after certification is passed through, receive unique identities authentication information and the information of APP application, determine and the identity identification information of APP Application share according to described unique identities authentication information, and it being sent to APP platform, the corresponding log-on message issued by APP platform is forwarded to the client 72 of authenticating device 71；

Described authenticating device 71 has the concrete structure shown in Fig. 4, and described client 72 has the concrete structure shown in Fig. 5, and authentication platform 73 has the concrete structure shown in Fig. 6, and description is not repeated herein.

By authenticating device, client and authentication platform that the embodiment of the present invention provides, achieve the certification between authenticating device and authentication platform, and successfully solve the mutual sharing problem of authentication information between authentication platform and other APP platforms, preferably resolve user when using many APP, need to frequently enter the problem of log-on message, it is possible to ensure that the safety of log-on message and privacy of user are inviolable.

The above, be only presently preferred embodiments of the present invention, is not intended to limit protection scope of the present invention, all any amendment, equivalent replacement and improvement etc. made within the spirit and principles in the present invention, should be included within protection scope of the present invention.

Claims

1. the authentication method realizing user's unique identities certification, it is characterised in that the method includes:

2. authentication method according to claim 1, it is characterised in that the method also includes: authenticating device authentication storage platform is the device id value of authenticating device distribution, and CAMEL-Subscription-Information is stored authentication platform, also by with authentication platform interactive setup password.

3. authentication method according to claim 2, it is characterized in that, described it is authenticated with authentication platform, after certification is passed through, log in the client of described authenticating device on mobile terminal, including: authenticating device receives the password of user's input, the first certification request of Portable device ID value and password is sent to authentication platform, receive the authentication platform authentication result according to device id value and password, authentication result be certification pass through time, mobile terminal present procedure is searched the client of correspondence, if found, the then client of login authentication equipment, if do not found, then run the installation kit of client, install after successfully, the client of login authentication equipment.

4. authentication method according to claim 1, it is characterized in that, the information that unique identities authentication information and APP are applied is sent to authentication platform by described authenticating device, show to be whether currently the prompting of the mobile terminal bound by mobile terminal including: authenticating device, when the selection of the mobile terminal received as binding, authenticating device sends the second certification request to authentication platform, described second certification request Portable device ID value and/or current mobile terminal number, and use the information of the APP application of authenticating device certification, described authenticating device is also to device id value and/or current mobile terminal number, and the information of described APP application is encrypted；When receiving not for the selection of the mobile terminal bound, display whether the prompting of binding current mobile terminal, when receiving the selection of binding current mobile terminal, authenticating device obtains the international mobile subscriber identity IMSI number in the Subscriber Identity Module SIM of current mobile terminal or mobile terminal number, the second certification request, the information of described second certification request Portable device ID value, described IMSI number or mobile terminal number, binding instruction and described APP application is sent to authentication platform；When receiving the selection not binding current mobile terminal, authenticating device sends the second certification request, the information of described second certification request Portable device ID value and described APP application to authentication platform.

5. authentication method according to claim 4, it is characterised in that the method also includes:

6. authentication method according to claim 4, it is characterised in that the method also includes:

7. the authentication method according to any one of claim 1 to 6, it is characterised in that described APP platform includes: the platform of the APP application that operator is own and the platform of third party APP application.

8. the authentication method realizing user's unique identities certification, it is characterised in that the method includes:

9. authentication method according to claim 8, it is characterized in that, the method also includes: the log-on message of the client records APP application correspondence of described authenticating device, it is connected with mobile terminal at authenticating device, and when being again started up described APP application, log-on message is directly inserted described APP application by the client of described authenticating device.

10. authentication method according to claim 8, it is characterised in that the method also includes: the client of described authenticating device, when detecting that authenticating device disconnects with mobile terminal, removes all operations information relevant to described authenticating device in mobile terminal.

11. the authentication method realizing user's unique identities certification, it is characterised in that the method includes:

12. authentication method according to claim 11, it is characterised in that the authenticating device being connected to mobile terminal is authenticated including by described authentication platform:

13. authentication method according to claim 11, it is characterized in that, described authentication platform receives the information of unique identities authentication information and APP application and includes: authentication platform receives the second certification request of the information carrying unique identities authentication information and APP application that authenticating device sends, and described unique identities authentication information includes: the device id value of authenticating device and/or mobile terminal number.

14. authentication method according to claim 13, it is characterized in that, described authentication platform is determined and the identity identification information of APP Application share according to described unique identities authentication information, and it is sent to APP platform, the corresponding log-on message issued by APP platform is forwarded to the client of authenticating device, including:

15. authentication method according to claim 13, it is characterized in that, described authentication platform is determined and the identity identification information of APP Application share according to described unique identities authentication information, and it is sent to APP platform, the corresponding log-on message issued by APP platform is forwarded to the client of authenticating device, including: the information of the APP application that authentication platform carries according to the second certification request, determining when the identity identification information with corresponding APP Application share is device id value, the device id value carry the second certification request and the information of APP application are sent to described APP platform；The log-on message of the described device id value that described APP platform is applied according to the described APP information searching applied to corresponding A PP, authentication platform receives the described log-on message that described APP platform sends, and described log-on message is issued to the client of authenticating device.

16. authentication method according to claim 11, it is characterized in that, the method also includes: the described APP installation kit applied download address in cloud storage is returned to described client after receiving the application of the installation kit downloading APP application of client by authentication platform.

17. an authenticating device, it is characterised in that this authenticating device includes: device authentication module, APP authentication module；Wherein,

18. authenticating device according to claim 17, it is characterized in that, described device authentication module, specifically for receiving the password of user's input, the first certification request of Portable device ID value and password is sent to authentication platform, receive the authentication platform authentication result according to device id value and password, authentication result be certification pass through time, mobile terminal present procedure is searched the client of correspondence, if it is found, the client of then login authentication equipment, if do not found, then run the installation kit of client, install after successfully, the client of login authentication equipment.

19. authenticating device according to claim 17, it is characterized in that, described APP authentication module, specifically for being shown the prompting of the mobile terminal being currently whether binding by mobile terminal, when the selection of the mobile terminal received as binding, send the second certification request, described second certification request Portable device ID value and/or current mobile terminal number to authentication platform and use the APP of the authenticating device certification information applied；When receiving not for the selection of the mobile terminal bound, display whether the prompting of binding current mobile terminal, when receiving the selection of binding current mobile terminal, obtain the IMSI number in the SIM of current mobile terminal or mobile terminal number, the second certification request, the information of described second certification request Portable device ID value, described IMSI number or mobile terminal number, binding instruction and described APP application is sent to authentication platform；When receiving the selection not binding current mobile terminal, send the second certification request, the information of described second certification request Portable device ID value and described APP application to authentication platform.

20. a client, it is characterised in that this client includes: interface module, download module, login module；Wherein,

21. client according to claim 20, it is characterized in that, this client also includes: information storage module, the log-on message corresponding for recording APP application, it is connected with mobile terminal at authenticating device, and when being again started up described APP application, directly described log-on message is sent to login module.

22. client according to claim 20, it is characterised in that this client also includes: erasing of information module, for when detecting that authenticating device disconnects with mobile terminal, removing all operations information relevant to described authenticating device in mobile terminal.

23. an authentication platform, it is characterised in that this authentication platform includes: the first authentication module, the second authentication module；Wherein,

24. authentication platform according to claim 23, it is characterised in that this authentication platform also includes: CAMEL-Subscription-Information memory module, for the CAMEL-Subscription-Information of authentication storage equipment.

25. authentication platform according to claim 23, it is characterized in that, described first authentication module, specifically for by the password with authenticating device interactive setup authenticating device, receive the Portable device ID value of authenticating device transmission and the first certification request of password, according to device id value and password, described authenticating device is authenticated.

26. authentication platform according to claim 23, it is characterized in that, described second authentication module, specifically for receiving the second certification request that authenticating device sends, information according to the APP application that the second certification request is carried, determine when the identity identification information with corresponding APP Application share is mobile terminal number, if binding instruction not being carried in the second certification request and having mobile terminal number, then send described mobile terminal number and the information of APP application to APP platform；

27. authentication platform according to claim 23, it is characterized in that, described second authentication module, specifically for receiving the second certification request that authenticating device sends, information according to the APP application that the second certification request is carried, determining when the identity identification information with corresponding APP Application share is device id value, the device id value carry the second certification request and the information of APP application are sent to APP platform；Receive the log-on message of the described device id value of the corresponding A PP application that described APP platform sends, described log-on message is issued to the client of authenticating device, for the described APP login applied.

28. authentication platform according to claim 23, it is characterized in that, this authentication platform also includes: cloud storage module, for storing the installation kit of the APP application that client shows, after the application of the installation kit downloading APP application receiving client, the described APP installation kit applied download address in cloud storage is returned to described client.

29. authentication platform according to claim 26, it is characterised in that this authentication platform also includes: HSS enquiry module, for searching corresponding mobile terminal number according to IMSI number.

30. the Verification System realizing user's unique identities certification, it is characterised in that this system includes: authenticating device, client, authentication platform；Wherein,