CN106209742A - Safe verification method and system - Google Patents
Safe verification method and system Download PDFInfo
- Publication number
- CN106209742A CN106209742A CN201510229302.0A CN201510229302A CN106209742A CN 106209742 A CN106209742 A CN 106209742A CN 201510229302 A CN201510229302 A CN 201510229302A CN 106209742 A CN106209742 A CN 106209742A
- Authority
- CN
- China
- Prior art keywords
- application
- user
- verifying information
- approach
- user side
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
This application provides a kind of safe verification method and system, safe verification method therein includes: the user name of user's input that receiving terminal apparatus transmits and static password;The first safety verification is carried out based on described user name and static password;At least two is provided to return the approach of the dynamically verifying information that the application of user side generates to described user;Receive the dynamically verifying information that described user is returned by one of described at least two approach;The dynamically verifying information that described user is from a locally generated by the dynamically verifying information that one of described at least two approach returns is compared, thus carries out the second safety verification.The application avoids static password in the first safety verification and is easily cracked the safety issue brought, and the security reliability of subscriber authentication is effectively ensured.
Description
Technical field
The application relates to computer realm, particularly relates to a kind of safe verification method and system.
Background technology
Developing rapidly and applying along with the Internet, network security problem has become network provider and use
One of problem that family is paid close attention to the most.User identity is carried out safety verification and is to ensure that the one of network security
Necessary means.At present, most of network services are all to user identity by user name and static password
Carry out safety verification.In order to ensure safety, static password needs the more complicated, thus of setting
Make password be difficult to remember, and be inconvenient to input.It addition, static password there is also by such as violence
Crack, hit storehouse, Tuo Ku, spy on, risk that the means such as wooden horse are cracked.
Therefore, current based on user name and static password, user identity is carried out the means of safety verification
There is the risk that static password is easily cracked, therefore, the safety of subscriber authentication is not high enough.
Summary of the invention
The application one of solves the technical problem that a kind of safe verification method and the system of being to provide, further
Improve the safety of subscriber authentication.
According to the application embodiment on the one hand, it is provided that a kind of safe verification method, including:
The user name of user's input that receiving terminal apparatus transmits and static password;
The first safety verification is carried out based on described user name and static password;
At least two is provided to return to the way of the dynamically verifying information that the application of user side generates to described user
Footpath;
Receive the dynamically verifying information that described user is returned by one of described at least two approach;
The dynamically verifying information described user returned by one of described at least two approach is with local
The dynamically verifying information generated compares, thus carries out the second safety verification.
According to the application embodiment on the other hand, it is provided that a kind of security authentication systems, including:
First receives unit, and user name and static state that the user for receiving terminal apparatus transmission inputs are close
Code;
First safety verification unit, tests safely for carrying out first based on described user name and static password
Card;
There is provided unit, for providing at least two to return the dynamic of user side application generation to described user
The approach of checking information;
Second receives unit, for receiving what described user was returned by one of described at least two approach
Dynamically verifying information;
Second safety verification unit, for returning described user by one of described at least two approach
The dynamically verifying information that is from a locally generated of dynamically verifying information compare, thus carry out the second safety verification.
The embodiment of the present application is carrying out carrying out the base of the first safety verification based on user name and static password
On plinth, carry out the second safety verification based on dynamically verifying information.Owing to dynamically verifying information is dynamic
Generate, if attempting cracker to be not configured with the user generating dynamically verifying information as user
Side application (dynamically verifying information application), is difficult to crack.Therefore, it is to avoid first tests safely
In card, static password is easily cracked the safety issue brought, and the safety of subscriber authentication is effectively ensured
Reliability.And the present embodiment provides at least two to return for the application life of the user side of the second safety verification
The approach of the dynamically verifying information become, overcomes and is providing only a kind of return for the second safety verification
Net residing for terminal unit in the case of the approach of the dynamically verifying information that the application of user side generates
Network environment and/or terminal capability are limited can not be returned dynamically verifying information by this approach, be caused and cannot enter
The problem of row the second safety verification, has been effectively ensured and has obtained dynamically verifying information timely and accurately, thus
It is further ensured that the reliability of subscriber authentication.
Although those of ordinary skill in the art it will be appreciated that detailed description below by referenced in schematic embodiment,
Accompanying drawing is carried out, but the application is not limited in these embodiments.But, scope of the present application is extensive
, and it is intended to be bound only by appended claims restriction scope of the present application.
Accompanying drawing explanation
The detailed description that non-limiting example is made made with reference to the following drawings by reading, this
The other features, objects and advantages of application will become more apparent upon:
Fig. 1 a is a kind of flow process implementing order of the safe verification method according to one embodiment of the application
Figure.
Fig. 1 b is the stream of the safe verification method another kind enforcement order according to one embodiment of the application
Cheng Tu.
Fig. 2 is the boundary with the input frame receiving dynamically verifying information according to one embodiment of the application
Face schematic diagram.
Fig. 3 is the interface schematic diagram that the checking page prompts user according to one embodiment of the application confirms.
Fig. 4 is the interface signal that the user side Application Hints user according to one embodiment of the application confirms
Figure.
Fig. 5 is the block diagram of the security authentication systems according to one embodiment of the application.
In accompanying drawing, same or analogous reference represents same or analogous parts.
Detailed description of the invention
It should be mentioned that, some exemplary enforcements before being discussed in greater detail exemplary embodiment
Example is described as process or the method described as flow chart.Although operations is described as by flow chart
The process of order, but many of which operation can be implemented concurrently, concomitantly or simultaneously.
Additionally, the order of operations can be rearranged.The most described process can be by
Terminate, it is also possible to have the additional step being not included in accompanying drawing.Described process can correspond to
Method, function, code, subroutine, subprogram etc..
Described computer equipment includes subscriber equipment and the network equipment.Wherein, described subscriber equipment includes
But it is not limited to computer, smart mobile phone, PDA etc.;The described network equipment includes but not limited to single network
Server, multiple webserver composition server group or based on cloud computing (Cloud Computing)
The cloud being made up of a large amount of computers or the webserver, wherein, cloud computing is the one of Distributed Calculation
Kind, the super virtual machine being made up of a group loosely-coupled computer collection.Wherein, described
Computer equipment isolated operation can realize the application, it is possible to access network and by with its in network
He realizes the application at the interactive operation of computer equipment.Wherein, the net residing for described computer equipment
Network includes but not limited to the Internet, wide area network, Metropolitan Area Network (MAN), LAN, VPN etc..
It should be noted that described subscriber equipment, the network equipment and network etc. are only for example, other are existing
Computer equipment that is that have or that be likely to occur from now on or network are such as applicable to the application, also should be included in
Within the application protection domain, and it is incorporated herein with way of reference.
Method (some of them are illustrated by flow chart) discussed hereafter can pass through hardware, software,
Firmware, middleware, microcode, hardware description language or its combination in any are implemented.When with software,
When firmware, middleware or microcode are implemented, in order to implement program code or the code segment of necessary task
Can be stored in machine or computer-readable medium (such as storage medium).(one or more)
Processor can implement the task of necessity.
Concrete structure disclosed herein and function detail are the most representational, and are for describing
The purpose of the exemplary embodiment of the application.But the application can come concrete by many alternative forms
Realize, and be not interpreted as being limited only by the embodiments set forth herein.
Although retouching it should be appreciated that here may have been used term " first ", " second " etc.
State unit, but these unit should not be limited by these terms.Use these terms only
In order to a unit is made a distinction with another unit.For example, without departing substantially from exemplary enforcement
In the case of the scope of example, first module can be referred to as second unit, and second unit similarly
First module can be referred to as.Term "and/or" used herein above include one of them or more listed
Any and all combination of the associated item gone out.
It should be appreciated that when a unit is referred to as " connection " or during " coupled " to another unit, its
Another unit described can be connected or coupled to, or temporary location can be there is.On the other hand,
When a unit is referred to as " when being directly connected " or " directly coupled " to another unit, the most there is not centre
Unit.Other words being used for describing the relation between unit should be explained in a comparable manner
(such as " it is in ... between " compared to " it is directly in ... between ", " with ... neighbouring " compared to " with ... directly
Neighbouring " etc.).
Term used herein above is only used to describe specific embodiment and be not intended to limit exemplary
Embodiment.Unless the context clearly dictates otherwise, singulative the most used herein above " ",
" one " alsos attempt to include plural number.It is to be further understood that term used herein above " include " and/
Or " comprising " specifies the existence of feature, integer, step, operation, unit and/or the assembly stated,
And do not preclude the presence or addition of other features one or more, integer, step, operation, unit, group
Part and/or a combination thereof.
It should further be mentioned that replace in implementations at some, the function/action being previously mentioned can be by
Occur according to being different from accompanying drawing the order indicated.For example, involved function/action is depended on,
The two width figures in succession illustrated can essentially substantially simultaneously perform or sometimes can be according to contrary
Order performs.
As previously described, because user identity is carried out the side of safety verification based on user name and static password
There is the risk that static password is easily cracked in method, therefore safety is the highest.The embodiment of the present application is for solving
This problem, on the basis of carrying out safety verification based on user name and static password, then is carried out based on dynamic
The safety verification of state checking information, is effectively increased the security reliability of subscriber authentication.
The application following example are by safety verification based on user name and static password for convenience of description
It is referred to as the first safety verification, safety verification based on dynamically verifying information is referred to as the second safety verification.
Below in conjunction with the accompanying drawings the technical scheme of the application is described in further detail.
Fig. 1 a-1b is that two kinds of different execution of the safe verification method according to one embodiment of the application are suitable
The flow chart of sequence.This safe verification method can be completed by a server being capable of safety verification,
Can also be realized by one group of server.This group of server can be such as two-server, Qi Zhongyi
Platform is the server for realizing the first safety verification, and another is for for realizing the second safety verification
Server.This group of server can also be the Cloud Server group including multiple servers.Such as Fig. 1 a-b
Shown in, this safe verification method mainly comprises the steps:
The user name of user's input that S10, receiving terminal apparatus transmit and static password;
S11, carry out the first safety verification based on described user name and static password;
S12, provide to described user at least two return user side application generate dynamically verifying information
Approach;
S13, receive the dynamically verifying information that described user is returned by one of described at least two approach;
S14, the dynamically verifying information that described user is returned by one of described at least two approach with
The local dynamically verifying information generated compares, thus carries out the second safety verification.
Below above steps is described in further detail.
Wherein, step S10 and S11 are the process that realizes of the first safety verification, the embodiment of the present application pair
First safe verification method is not particularly limited, and prior art can be used to realize.
Step S12~S14 be the second safety verification realize process.It should be noted that the application is real
The second safety verification executing example can be at the first safety verification by rear checking, as shown in Figure 1a, also
Can perform with the first safety verification simultaneously, namely carry out first based on user name and static password
The second checking is carried out based on dynamically verifying information, as shown in Figure 1 b while safety verification.
The application of described user side be in advance with the user name of user (or claiming ID) binding, can generate dynamic
The application of checking information, it can be carried in intelligent mobile terminal.By as follows in the application of user side
Algorithm generation dynamically verifying information:
Dynamically verifying information=f (random string, time factor, password length) (1)
Server also generates a dynamically verifying information by algorithm in the same manner as above.If user side
The dynamic authentication letter that application real-time report generates in real time to the dynamically verifying information of server and server
Breath is consistent, has just passed through the second safety verification.
For realizing safety verification based on dynamically verifying information, the embodiment of the present application can be answered by user side
With or server (hereinafter referred to as server) for realizing the second safety verification generate described random words
Symbol string, and preserve this random string in the application of user side and server simultaneously, wherein, this is random
Character string associates preservation with user side application ID, and user side application ID applies with installing this user side
Terminal the user name holding user again be binding, so, either in user side application end,
Or at server end, this random string can be found by the user name of user, and for same
The random string that one user finds is identical.This way it is ensured that user side application end and server
Random character string variable in the above-mentioned algorithm (1) of end is identical.
When the initial configuration of dynamically verifying information application, dynamically verifying information application and service device is allowed to lead to
Letter, obtains server present system time, when then preserving the system of server in user side is applied
Between with the time difference of the system time of application place, user side system.When the application of user side needs to generate
During dynamically verifying information, just with the system time of application place, active user side system plus this time difference
Value, as time factor (system time of the current server actually calculated), substitutes into
Algorithm (1).When server generates dynamically verifying information, just with the system time generation that server is current
Enter algorithm (1).This way it is ensured that in the above-mentioned algorithm (1) of user side application end and server end
Time factor be identical.
When the initial configuration of dynamically verifying information application, also dynamically verifying information is applied in algorithm (1)
The password length that the password length of middle employing uses in algorithm (1) with server is configured to identical.
So, for synchronization, the application of user side generated in real time by above-mentioned algorithm (1), on
The dynamically verifying information offering server passes through the dynamic of above-mentioned algorithm (1) generation in real time with server
Checking information should be consistent.If verifying user side application real-time report dynamically testing to server
The dynamically verifying information that card information generates in real time with server is consistent, has just passed through second and has tested safely
Card.
In step S12, the available approach returning the dynamically verifying information that the application of user side generates includes
But it is not limited to following three kinds:
Approach one) provide a user with the input frame that the dynamically verifying information of generation is applied in input user side.
Wherein, this input frame can be the input frame being different from and receiving static password, i.e. be provided separately
One input frame is used for receiving dynamically verifying information, as shown in Figure 2, provides a use in the checking page
In the input frame receiving dynamically verifying information;
This input frame can also be and the same input frame of input frame receiving static password, such as, for
The such scene not supporting the change checking page of outlook, then directly will receive the input of static password
Frame is as receiving the input frame of dynamically verifying information, and in the input information that will be received by this input frame
The password identification specifying figure place below is the dynamically verifying information that user inputs.The present embodiment is i.e. in static state
Dynamically verifying information is inputted after Password Input frame inputs static password.
In implementing, can be directly by by being used for receiving what the input frame of dynamically verifying information received
Dynamically verifying information sends the server for realizing the second safety verification to.Can also be by for real
This dynamically verifying information is sent to user and realizes second and test safely by the server of existing first safety verification
(this is same input for corresponding static password input frame and dynamically verifying information input frame to the server of card
The scene of frame).
Approach two) to the user side of described user, application sends message to be confirmed, triggers described user side
Application sends the checking request carrying the dynamically verifying information that the application of described user side generates.
To the user side of described user, application sends message to be confirmed, i.e. bind to this user name
The application of user side sends message to be confirmed.This message to be confirmed comprises user name to be confirmed and event,
Such as, this message content to be confirmed is: XX account request logs in.
Such as, send message to be confirmed to the user side application of user's binding, simultaneously can be at the checking page
Middle prompting user confirms to the application of user side, and as shown in Figure 3, prompting user " please open hands
Machine confirms to log in ".
Showing that this message to be confirmed confirms for user in the application of user side, user is optionally connected to be subject to or refusal
Confirm, confirm that result will apply together with user side the dynamically verifying information generated with checking
The mode of request is sent to server.
It is understood that application carrying of sending in user side confirms result and dynamically verifying information
Checking request can also comprise the ID of this user side application.
Approach three) provide two-dimension code image to described user, so that the application of user side is by scanning institute
State two-dimension code image and trigger to send and carry the testing of dynamically verifying information that the application of described user side generates
Card request.
Such as, can checking page two-dimensional code display picture, and point out scanning input two-dimension code image with
Completing checking, after user is by user side application scanning Quick Response Code, the application of user side is upper to be occurred such as figure
Interface shown in 4.
Wherein, the application of user side can obtain in this two-dimension code image by scanning described two-dimension code image
Message to be confirmed, comprises user name to be confirmed and event in described message to be confirmed, such as, this is treated
Confirm that message content is: XX account request logs in.User can be at the interface of user side application (such as figure
4) select in accept or refuse to confirm, confirm that result is dynamic by generate together with the application of user side
State checking information is sent to server together in the way of checking request.
It is understood that application carrying of sending in user side confirms result and dynamically verifying information
Checking request can also comprise the ID of this user side application.
Certain drawback is all there is, such as, if singly owing to above-mentioned three kinds of approach are provided separately one of which
Approach one is solely provided), then need user to manually enter dynamically verifying information, Consumer's Experience is poor;If
Approach two is provided separately), then need network support, in the case of network quality is poor, there is delay;
If approach three is provided separately), then need network support, and provide two-dimension code image to need certain showing
Show space, for not supporting the terminal of two-dimensional code display picture, such as VPN (Virtual Private
Network, VPN (virtual private network)) terminal, or SSH (Secure Shell Protocol, Secure Shell
Agreement) terminal then cannot show.
The embodiment of the present application, by being simultaneously provided to the approach of few two kinds of return dynamically verifying informations, can have
Effect avoids the problem that single channel exists, in order to obtain dynamically verifying information in time, performs based on dynamic
Second safety verification of state checking information, promotes verifying speed.
In addition, it is necessary to explanation, in another embodiment, server can be according to terminal unit institute
Which user side application the network environment at place and/or the terminal capability of the terminal unit directional user that determines returns
The approach of the dynamically verifying information generated.I.e. step S12 may include that
Obtain the network environment residing for described terminal unit and/or the terminal capability of described terminal unit;
According to the network environment residing for the described terminal unit obtained and/or the terminal of described terminal unit
Ability, provides at least two to return to the way of the dynamically verifying information that the application of user side generates to described user
Footpath.
Described current network conditions includes: whether to connect network, network speed, network signal intensity etc..Institute
State terminal capability to include: whether to support two-dimensional code display, whether support to provide dynamically verifying information input
Frame etc..Described acquisition includes: receives and/or detects.The example received is for example, it is possible to set in terminal
On standby checking interface, the terminal capability filling in the network environment residing for terminal unit and/or user is set
Frame, user input, server is by obtaining the content aware terminal unit institute filled in of user
The network environment at place and/or the terminal capability of terminal unit.Such as, server detection is eventually for the example of detection
Having network to connect in the environment that end equipment is presently in or connect without network, this is in current technology
Can realize.
Such as, server detect the network environment residing for terminal unit for there being network to connect, but this is eventually
End does not support that Quick Response Code shows, now server only provides a user with above-mentioned approach one) and approach two),
Rather than provide a user with all approach.
Step S13 is to receive the dynamically verifying information that user is returned by one of described at least two approach,
Namely user can return dynamically verifying information by any one in described at least two approach.Example
As, if provide above-mentioned three kinds of approach simultaneously, user can directly pass through approach two) in user side is applied
Checking message is verified, and sends the checking carrying the dynamically verifying information that the application of user side generates
Request, this process inputs dynamically verifying information without user.Certainly approach one can also be passed through) or approach
Three) dynamically verifying information is returned.
Step S14 is the dynamic authentication that described user is returned by one of described at least two approach to be believed
The dynamically verifying information that breath is from a locally generated compares, thus carries out the second safety verification.
The principle of this second safety verification is as previously mentioned.The described local dynamically verifying information generated i.e. is held
The dynamically verifying information that the server local of row the second safety verification generates, this server is and user side
The server of application binding.
The embodiment of the present application is carrying out carrying out the base of the first safety verification based on user name and static password
On plinth, carry out the second safety verification based on dynamically verifying information, it is to avoid quiet in the first safety verification
State password is easily cracked the safety issue brought, and the security reliability of subscriber authentication is effectively ensured.
And the present embodiment provides at least two return to apply the dynamic of generation for the user side of the second safety verification
The approach of state checking information, has been effectively ensured acquisition dynamically verifying information promptly and accurately, to ensure the
The execution of two safety verifications, thus it is further ensured that the reliability of subscriber authentication.
The embodiment of the present application also provides for the security authentication systems that a kind of and above-mentioned safe verification method is corresponding.
This security authentication systems can include one group of server, and this group of server can be such as two services
Device, wherein one is the server for realizing the first safety verification, and another is for being used for realizing second
The server of safety verification.Certainly this group of server can also be the cloud service including multiple servers
Device group.A kind of security authentication systems shown in Fig. 5, including:
First receive unit 20, for receiving terminal apparatus transmit user input user name and static state
Password;
First safety verification unit 21, for carrying out the first safety based on described user name and static password
Checking;
There is provided unit 22, for providing at least two to return the dynamic of user side application generation to described user
The approach of state checking information;
Second receives unit 23, is used for receiving described user and is returned by one of described at least two approach
Dynamically verifying information;
Second safety verification unit 24, for returning described user by one of described at least two approach
The dynamically verifying information that the dynamically verifying information returned is from a locally generated compares, thus carries out second and test safely
Card.
Alternatively, during described at least two returns the approach of the dynamically verifying information that the application of user side generates
A kind of approach be: provide a user with the input frame of dynamically verifying information that the application of input user side generates.
Alternatively, during described at least two returns the approach of the dynamically verifying information that the application of user side generates
A kind of approach be: to the user side of described user application send message to be confirmed, trigger described user
Side application sends the checking request carrying the dynamically verifying information that the application of described user side generates.
Alternatively, during described at least two returns the approach of the dynamically verifying information that the application of user side generates
A kind of approach be: provide two-dimension code image to described user so that user side application by scanning
Described two-dimension code image and trigger to send and carry the dynamically verifying information that the application of described user side generates
Checking request.
Alternatively, described offer unit is configured to:
Obtain the network environment residing for described terminal unit and/or the terminal capability of described terminal unit;
According to the network environment residing for the described terminal unit obtained and/or the terminal of described terminal unit
Ability, provides at least two to return to the way of the dynamically verifying information that the application of user side generates to described user
Footpath.
It should be noted that the application can be carried out in the assembly of hardware at software and/or software,
Such as, special IC (ASIC), general purpose computer can be used or any other is similar hard
Part equipment realizes.In one embodiment, the software program of the application can be performed by processor
To realize steps described above or function.Similarly, the software program of the application (includes the number being correlated with
According to structure) can be stored in computer readable recording medium storing program for performing, such as, and RAM memory, magnetic
Or CD-ROM driver or floppy disc and similar devices.It addition, some steps of the application or function can use
Hardware realizes, and such as, performs the circuit of each step or function as coordinating with processor.
It addition, the part of the application can be applied to computer program, such as computer program
Instruction, when it is computer-executed, by the operation of this computer, can call or provide basis
The present processes and/or technical scheme.And call the programmed instruction of the present processes, may be deposited
Store up fixing or movably in record medium, and/or by broadcast or other signal bearing medias
Data stream and be transmitted, and/or be stored in the computer equipment that runs according to described programmed instruction
In working storage.Here, include a device according to an embodiment of the application, this device bag
Include the memorizer for storing computer program instructions and for performing the processor of programmed instruction, wherein,
When this computer program instructions is performed by this processor, trigger this plant running based on aforementioned according to this
The method of multiple embodiments of application and/or technical scheme.
It is obvious to a person skilled in the art that the application is not limited to the thin of above-mentioned one exemplary embodiment
Joint, and in the case of without departing substantially from spirit herein or basic feature, it is possible to concrete with other
Form realizes the application.Therefore, no matter from the point of view of which point, embodiment all should be regarded as exemplary
, and be nonrestrictive, scope of the present application is limited by claims rather than described above
It is fixed, it is intended that all changes fallen in the implication of equivalency and scope of claim are included
In the application.Any reference in claim should not be considered as limit involved right want
Ask.Furthermore, it is to be understood that " an including " word is not excluded for other unit or step, odd number is not excluded for plural number.System
In system claim, multiple unit or the device of statement can also be passed through software by a unit or device
Or hardware realizes.The first, the second word such as grade is used for representing title, and is not offered as any specific
Order.
Claims (10)
1. a safe verification method, it is characterised in that including:
The user name of user's input that receiving terminal apparatus transmits and static password;
The first safety verification is carried out based on described user name and static password;
At least two is provided to return to the way of the dynamically verifying information that the application of user side generates to described user
Footpath;
Receive the dynamically verifying information that described user is returned by one of described at least two approach;
The dynamically verifying information described user returned by one of described at least two approach is with local
The dynamically verifying information generated compares, thus carries out the second safety verification.
Safe verification method the most according to claim 1, it is characterised in that described at least two
A kind of approach planted in the approach returning the dynamically verifying information that the application of user side generates is:
The input frame of the dynamically verifying information of input user side application generation is provided to described user.
Safe verification method the most according to claim 1, it is characterised in that described at least two
A kind of approach planted in the approach returning the dynamically verifying information that the application of user side generates is:
To the user side of described user, application sends message to be confirmed, triggers the application of described user side and sends
Carry the checking request of the dynamically verifying information that the application of described user side generates.
Safe verification method the most according to claim 1, it is characterised in that described at least two
A kind of approach planted in the approach returning the dynamically verifying information that the application of user side generates is:
Two-dimension code image is provided, so that the application of user side is by scanning described Quick Response Code to described user
Picture and trigger send carry described user side application generate dynamically verifying information checking request.
Safe verification method the most according to claim 1, it is characterised in that to described user
The approach providing at least two to return the dynamically verifying information that the application of user side generates includes:
Obtain the network environment residing for described terminal unit and/or the terminal capability of described terminal unit;
According to the network environment residing for the described terminal unit obtained and/or the terminal of described terminal unit
Ability, provides at least two to return to the way of the dynamically verifying information that the application of user side generates to described user
Footpath.
6. a security authentication systems, it is characterised in that including:
First receives unit, and user name and static state that the user for receiving terminal apparatus transmission inputs are close
Code;
First safety verification unit, tests safely for carrying out first based on described user name and static password
Card;
There is provided unit, for providing at least two to return the dynamic of user side application generation to described user
The approach of checking information;
Second receives unit, for receiving what described user was returned by one of described at least two approach
Dynamically verifying information;
Second safety verification unit, for returning described user by one of described at least two approach
The dynamically verifying information that is from a locally generated of dynamically verifying information compare, thus carry out the second safety verification.
Security authentication systems the most according to claim 6, it is characterised in that described at least two
A kind of approach planted in the approach returning the dynamically verifying information that the application of user side generates is:
The input frame of the dynamically verifying information of input user side application generation is provided to described user.
Security authentication systems the most according to claim 6, it is characterised in that described at least two
A kind of approach planted in the approach returning the dynamically verifying information that the application of user side generates is:
To the user side of described user, application sends message to be confirmed, triggers the application of described user side and sends
Carry the checking request of the dynamically verifying information that the application of described user side generates.
Security authentication systems the most according to claim 6, it is characterised in that described at least two
A kind of approach planted in the approach returning the dynamically verifying information that the application of user side generates is:
Two-dimension code image is provided, so that the application of user side is by scanning described Quick Response Code to described user
Picture and trigger send carry described user side application generate dynamically verifying information checking request.
Security authentication systems the most according to claim 6, it is characterised in that described offer list
Unit is configured to:
Obtain the network environment residing for described terminal unit and/or the terminal capability of described terminal unit;
According to the network environment residing for the described terminal unit obtained and/or the terminal of described terminal unit
Ability, provides at least two to return to the way of the dynamically verifying information that the application of user side generates to described user
Footpath.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510229302.0A CN106209742B (en) | 2015-05-07 | 2015-05-07 | Security verification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510229302.0A CN106209742B (en) | 2015-05-07 | 2015-05-07 | Security verification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106209742A true CN106209742A (en) | 2016-12-07 |
| CN106209742B CN106209742B (en) | 2020-08-14 |
Family
ID=57459947
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510229302.0A Active CN106209742B (en) | 2015-05-07 | 2015-05-07 | Security verification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106209742B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107341377A (en) * | 2017-06-16 | 2017-11-10 | 武汉斗鱼网络科技有限公司 | Time synchronization control method in one kind authentication |
| CN108600156A (en) * | 2018-03-07 | 2018-09-28 | 华为技术有限公司 | A kind of server and safety certifying method |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1855810A (en) * | 2005-04-26 | 2006-11-01 | 上海盛大网络发展有限公司 | Dynamic code verificating system, method and use |
| CN100409685C (en) * | 1999-10-19 | 2008-08-06 | 汤姆森许可公司 | System and method for verifying authorization for communicating protected content |
| CN101662364A (en) * | 2009-09-17 | 2010-03-03 | 北京飞天诚信科技有限公司 | Method and system for safe login |
| CN102946334A (en) * | 2012-11-28 | 2013-02-27 | 中国移动(深圳)有限公司 | Method and system for acquiring valid image verification code |
| US20130217374A1 (en) * | 2010-01-25 | 2013-08-22 | Research In Motion Limited | Error correction for dtmf corruption on uplink |
| CN103841130A (en) * | 2012-11-21 | 2014-06-04 | 深圳市腾讯计算机系统有限公司 | Verification information pushing method and device, and identity authentication method and device |
| CN103927464A (en) * | 2013-01-11 | 2014-07-16 | 深圳市腾讯计算机系统有限公司 | Common validation method, and method, device and system for generating two dimensional code |
| CN104038502A (en) * | 2014-06-24 | 2014-09-10 | 五八同城信息技术有限公司 | Verification method and system |
| CN104144058A (en) * | 2014-07-29 | 2014-11-12 | 诚迈科技(南京)股份有限公司 | Information verification method based on sound wave pairing |
-
2015
- 2015-05-07 CN CN201510229302.0A patent/CN106209742B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100409685C (en) * | 1999-10-19 | 2008-08-06 | 汤姆森许可公司 | System and method for verifying authorization for communicating protected content |
| CN1855810A (en) * | 2005-04-26 | 2006-11-01 | 上海盛大网络发展有限公司 | Dynamic code verificating system, method and use |
| CN101662364A (en) * | 2009-09-17 | 2010-03-03 | 北京飞天诚信科技有限公司 | Method and system for safe login |
| US20130217374A1 (en) * | 2010-01-25 | 2013-08-22 | Research In Motion Limited | Error correction for dtmf corruption on uplink |
| CN103841130A (en) * | 2012-11-21 | 2014-06-04 | 深圳市腾讯计算机系统有限公司 | Verification information pushing method and device, and identity authentication method and device |
| CN102946334A (en) * | 2012-11-28 | 2013-02-27 | 中国移动(深圳)有限公司 | Method and system for acquiring valid image verification code |
| CN103927464A (en) * | 2013-01-11 | 2014-07-16 | 深圳市腾讯计算机系统有限公司 | Common validation method, and method, device and system for generating two dimensional code |
| CN104038502A (en) * | 2014-06-24 | 2014-09-10 | 五八同城信息技术有限公司 | Verification method and system |
| CN104144058A (en) * | 2014-07-29 | 2014-11-12 | 诚迈科技(南京)股份有限公司 | Information verification method based on sound wave pairing |
Non-Patent Citations (1)
| Title |
|---|
| 温浩宇,等: "《web网站设计与开发教程(HTML5、JSP版)》", 31 January 2014 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107341377A (en) * | 2017-06-16 | 2017-11-10 | 武汉斗鱼网络科技有限公司 | Time synchronization control method in one kind authentication |
| CN108600156A (en) * | 2018-03-07 | 2018-09-28 | 华为技术有限公司 | A kind of server and safety certifying method |
| CN108600156B (en) * | 2018-03-07 | 2021-05-07 | 华为技术有限公司 | Server and security authentication method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106209742B (en) | 2020-08-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104980278B (en) | The method and apparatus for verifying the availability of biometric image | |
| CN108965950B (en) | Advertisement monitoring method and device | |
| CN104994060B (en) | It is a kind of to provide the method and apparatus of verifying for logging in for user | |
| CN104618315B (en) | A kind of method, apparatus and system of verification information push and Information Authentication | |
| CN107733883B (en) | Method and device for detecting account numbers registered in batches | |
| CN104901970B (en) | A kind of Quick Response Code login method, server and system | |
| US20150143481A1 (en) | Application security verification method, application server, application client and system | |
| CN105357008B (en) | Auth method and device | |
| CN104199654A (en) | Open platform calling method and device | |
| CN104967594B (en) | Stolen account identification method and apparatus | |
| CN106331042A (en) | Single sign-on method and device for heterogeneous user system | |
| CN104253714A (en) | Monitoring method, system, browser and server | |
| CN105095729B (en) | A kind of Quick Response Code login method, server and system | |
| CN105992174A (en) | Message processing method and device | |
| CN106209742A (en) | Safe verification method and system | |
| CN107707529A (en) | A kind of client validation method for realizing limitation identifying code transmission times | |
| CN105391714B (en) | Mobile application software automation signature and verification method and device | |
| CN111385272A (en) | Weak password detection method and device | |
| CN107231358B (en) | Questionnaire data acquisition method, server and mobile terminal | |
| US20170026409A1 (en) | Phishing campaign ranker | |
| CN109509001A (en) | For visual marker anti-counterfeit authentication method | |
| CN104994082A (en) | Picture information processing method, server and system | |
| CN117220904A (en) | Service protection method, device, electronic equipment and storage medium | |
| CN103761473B (en) | application management system and method on mobile terminal | |
| CN105871801A (en) | Stolen chain detection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |