CN113824628B - User identity authentication method, device, server and storage medium based on IM - Google Patents
User identity authentication method, device, server and storage medium based on IM Download PDFInfo
- Publication number
- CN113824628B CN113824628B CN202111158857.2A CN202111158857A CN113824628B CN 113824628 B CN113824628 B CN 113824628B CN 202111158857 A CN202111158857 A CN 202111158857A CN 113824628 B CN113824628 B CN 113824628B
- Authority
- CN
- China
- Prior art keywords
- verification
- user
- code
- application
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/23—Reliability checks, e.g. acknowledgments or fault reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/04—Real-time or near real-time messaging, e.g. instant messaging [IM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
Abstract
The invention provides a user identity authentication method, a device, a server and a storage medium thereof based on IM, wherein the authentication method comprises the following steps: receiving a verification request sent by an application program of a terminal; generating a verification link according to the verification request, and sending the verification link to an application program of the terminal, wherein the verification link comprises a first verification code and an IM application end identification code; receiving a second verification code sent by an IM application end, wherein the IM application end is an IM application program corresponding to the IM application end identification code; and passing the verification when the first verification code and the second verification code match. According to the user identity authentication method and device, the IM application program is used as a transmission path for authentication, and the user sends the real-time authentication code through the IM application end, so that the cost and the user convenience are better considered compared with the case that the authentication code is input in a short message mode.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a method, an apparatus, a server, and a storage medium for user identity authentication based on IM.
Background
Among the five functions of network information security (Authentication, authorization, confidentiality, integrity and non-repudiation), authentication (Authentication) is the most fundamental and most important link. The identity authentication has the function of ensuring the real intention of the user in a specific decision-making link.
Therefore, for the security of information access and the assurance of the unique identity of the user, when the user registers/logs in the third-party server when using a terminal such as a mobile phone or a tablet computer, the user is usually checked by using a mobile phone number, so as to verify the identity of the user to ensure the network security of personal accounts and privacy. Two common technical schemes for user identity authentication in the prior art are as follows:
the first technical scheme is a scheme of using a downlink short message verification code, and specifically includes: a. when a user registers/logs in, inputting a mobile phone number; b. after the server takes the number, a random number verification code is issued through a short message gateway; c. after receiving the short message, the user inputs the verification code; d. the server compares the verification codes input by the user, and the registration/login function is completed after the verification codes are successfully compared. The scheme is widely applied to the registration/login process of most of the current third-party servers, but the scheme requires the user to manually input the mobile phone number, so that the operation is inconvenient; on the other hand, the scheme needs to cooperate with the operators to complete the short message sending verification code, and the access cost of the short message gateway is higher, so the cost is higher, and the implementation cost is higher in countries and regions with a larger number of operators.
The second technical scheme is a scheme of adopting one-key login of an operator, and specifically comprises the following steps: a. an authentication Software Development Kit (SDK) needs to be embedded in an application client; b. when the user requests registration/login, the mobile phone number of the user is collected and displayed through the network communication between the SDK and the operator; c. after obtaining the user agreement authorization, the application client obtains an interface calling Token and transmits the Token to the application server; d. the authentication server side obtains a mobile phone number interface by using Token, finally obtains the mobile phone number of the current authorized user, and completes registration/login. However, such a technical solution has a high threshold, needs an operator to directly provide technical support, needs to embed an SDK, can only be used on an application client, and may cause privacy concerns of a user.
The above two technical schemes all need to complete the user authentication under the cooperation of the operator, and under the complex operator environment, not only the cost is higher, but also the convenience of the user operation is affected. Therefore, it is an urgent problem to provide a user authentication method that is cost effective and user friendly.
Disclosure of Invention
In order to solve the problems of higher cost and inconvenient operation of user identity authentication in the related technology, the invention provides a user identity authentication method, a device, a server and a storage medium thereof based on IM, which simplify the user operation to the utmost extent and realize the user identity authentication on the premise of considering both the cost and the user convenience.
In order to solve the technical problems, the technical scheme provided by the invention is as follows:
in one aspect, the present invention provides an IM-based user identity authentication method, which is characterized in that the authentication method includes:
receiving a verification request sent by an application program of a terminal;
generating a verification link according to the verification request, and sending the verification link to an application program of the terminal, wherein the verification link comprises a first verification code and an IM application end identification code;
receiving a second verification code and a user identification code sent by an IM application end, wherein the IM application end is an IM application program corresponding to the IM application end identification code;
when the first verification code and the second verification code match, the verification is passed.
In some embodiments, the verification link is configured to: and when the user clicks the verification link, the IM application terminal is automatically opened, and the first verification code is automatically filled in a communication interface of the IM account corresponding to the identification code of the IM application terminal.
In some embodiments, the verification method further comprises:
and when the first verification code does not match with the second verification code, returning verification failure information.
In some embodiments, the verification method further comprises:
and pre-configuring IM account information corresponding to the IM application terminal identification code before receiving a verification request sent by an application program of a terminal.
In some embodiments, the first verification code is comprised of at least 4-bit random characters.
In some embodiments, after the corresponding verification link is generated, if the second verification code is not acquired for more than a predetermined time, the verification link is disabled. Preferably, the predetermined time can be customized according to a use scene.
In one aspect, the present invention provides an IM-based user authentication apparatus, which is characterized in that the authentication apparatus includes:
the first receiving module is used for receiving a verification request sent by an application program of the terminal;
the generating module is used for generating a verification link according to the verification request and sending the verification link to an application program of the terminal, wherein the verification link comprises a first verification code and an IM application end identification code;
the second receiving module is used for receiving a second verification code and a user identification code which are sent by an IM application end, wherein the IM application end is an IM application program corresponding to the IM application end identification code; and
and the verification module is used for passing the verification when the first verification code and the second verification code are matched.
In some embodiments, the verification link is configured to: and when the user clicks the verification link, the IM application terminal is automatically opened, and the first verification code is automatically filled in a communication interface of the IM account corresponding to the identification code of the IM application terminal.
In some embodiments, the verification module is further operable to,
and when the identity authentication information sent by the user is not matched with the identity identification information, returning authentication failure information.
In some embodiments, the verification apparatus further comprises:
and the configuration module is used for pre-configuring the account information of the IM receiving user before receiving the user identity authentication request.
In one aspect, the present invention provides a server comprising a processor and a memory, wherein the memory stores at least one instruction loaded and executed by the processor to implement the operations performed by the IM-based user authentication method as described above.
In one aspect, the present invention provides a computer-readable storage medium having at least one instruction stored therein, which is loaded and executed by a processor to perform the operations performed by the IM-based user authentication method as described above.
The technical scheme provided by the embodiment of the invention can have the following beneficial effects:
in the user identity authentication method, device, server and storage medium thereof based on IM disclosed by the invention, the communication characteristic that the IM application end binds the personal mobile phone number and information is utilized, the IM application end is combined with the third party application program server, the identity authentication identifier of the user is generated through the third party server, then the real-time authentication code is sent through the IM application end binding the personal identity, and finally the third party server carries out matching judgment on the identity authentication identifier, thereby completing the authentication of the user identity information. The user identity authentication method does not need to be matched by short messages or operators, thereby saving the cost of sending the short messages by the operators. On the other hand, the user sends the real-time verification code by using the IM client, and the real-time verification code information can be sent to the third-party server, so that the verification operation of the user is simplified compared with a method for manually inputting the short message verification code by the user.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 schematically illustrates a flow chart of an IM-based user authentication method in an embodiment of the present invention;
FIG. 2 schematically illustrates a block diagram of an IM-based user authentication system in an embodiment of the present invention;
FIG. 3 is a flow chart that schematically illustrates an embodiment of the present invention, in which the method for user authentication based on IM is applied;
fig. 4 schematically shows a structure diagram of a server according to an embodiment of the present invention.
Detailed Description
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged under appropriate circumstances for purposes of describing the embodiments of the invention herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It should be apparent that the described embodiments are only some of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, shall fall within the scope of the present invention.
Referring to fig. 1, fig. 1 schematically shows a flowchart of an IM (Instant Messaging) -based user authentication method in an embodiment of the present invention. The embodiment of the invention provides a user identity authentication method based on IM, which is applied to any third-party application program running on a terminal, wherein the terminal comprises but is not limited to internet equipment such as a smart phone, a tablet computer, a desktop computer and a workstation. The IM on which the present invention is based is an instant messaging APP using a mobile phone number as a user account, including but not limited to WhatsApp and Telegram. Specifically, the IM-based user authentication method includes, but is not limited to, the following steps.
Step S101, an authentication request sent by an application program of a terminal is received.
Specifically, the authentication request includes a request for a user to apply for registering an account with the application server or a request for a user to apply for logging in an account with the application server, or a request for the user to execute some functions of the application. At this time, a user authentication interface is displayed on the interactive interface of the application. The user identity authentication interface comprises an authentication request sending control, and the authentication request sending control is used for clicking and executing the operation of sending the authentication request by the user. And after the user sends the authentication request operation, the application program server receives the user authentication request.
And step S102, generating a verification link according to the verification request, and sending the verification link to an application program of the terminal, wherein the verification link comprises a first verification code and an IM application terminal identification code.
Specifically, the application server generates a first verification code of the user as an On Time Password (OTP) as the user identification information. The first verification code may be a plurality of characters consisting of a plurality of random numbers, may be a plurality of characters consisting of a plurality of random english letters (wherein upper-case english letters and lower-case english letters represent different characters), and may also be a letter consisting of a plurality of random numbers and a plurality of random english letters. More specifically, the first verification code is a random character of at least 4 bits. In addition, in this embodiment, one of the bits of the first verification code is a check code, specifically, the last bit of the group of numbers is obtained from the previous number through some operation, so as to check the correctness of the group of numbers, thereby avoiding the problem of mismatching when the verification code is incorrectly input.
The IM application end identification code is pre-configured on the IM application end by the application program server and is used for receiving an IM account of which the user sends the verification code. The IM application end identification code for realizing the user identity authentication method can be a uniform IM account, and can also be set with a plurality of different IM accounts according to the type of the authentication application program, the user type, the authentication request type and the like. In addition, the IM account can be changed periodically according to the business process.
In some embodiments, the verification link does not have a skip function, the user can only view the first verification code and the IM application identifier code on the application program user authentication interface of the terminal, and the user needs to manually open the corresponding IM application on the terminal according to the received information, then find the IM account of the corresponding IM application identifier code, manually input the first verification code into the communication interface of the IM account of the IM application identifier code, and then click to send, thereby completing uploading of the verification information.
In other embodiments, the verification link has a skip function, when the user clicks the verification link, the IM application terminal can be automatically woken up, the first verification code can be automatically filled in the communication interface on the communication interface of the IM account corresponding to the identification code of the IM application terminal, and the user can upload the verification information only by clicking to send. Therefore, the verification link with the skip function greatly simplifies the verification operation of the user, and the user can finish verification information uploading only by clicking twice. In addition, in the mode, the user information is automatically filled in without manual operation, and the condition that the verification fails due to the fact that the user inputs the verification code by mistake is avoided, so that the efficiency and the success rate of user identity verification are improved.
Step S103, receiving a second verification code and a user verification code sent by an IM application end, wherein the IM application end is an IM application program corresponding to the IM application end identification code.
Specifically, the second verification code is a real-time verification code sent by the user to the IM account corresponding to the IM application terminal identification code. After a user sends a second verification code through an IM application end of the terminal, an IM account corresponding to the identification code of the IM application end is used as a receiver to obtain the second verification code sent by the user on a communication interface; and then the application program server obtains the second verification code and the user mobile phone number corresponding to the user from an Application Program Interface (API) of the IM application end through a real-time verification code Gateway (OTP Gateway), wherein the real-time verification code Gateway (OTP Gateway) and the Application Program Interface (API) are configured in advance.
Specifically, the IM in the present invention is an instant messaging APP using a mobile phone number as a user account, so that when a user uses an IM application terminal of a terminal to send a second verification code, an IM account corresponding to an IM application terminal identification code of a receiver can obtain the mobile phone number of the user, and send the mobile phone number to an application server to be verified through the real-time verification code Gateway (OTP Gateway).
In some embodiments, after the corresponding verification link is generated, if the second verification code sent by the user is not obtained for more than a predetermined time, the verification link is invalid. Specifically, the predetermined time may be customized according to a usage scenario. The purpose of designing the verification link to be timing failure is to prevent the verification code from being stolen to cause user loss. When the verification code is acquired, a great number of lawless persons can crack the verification code by using an illegal means, in order to prevent the behavior that the lawless persons steal the verification code, effective time is set for a verification link and a user is reminded, and the verification code can be invalid when the effective time is exceeded. If the user himself does not receive the verification link in the valid time, the verification request can be sent again to obtain the verification link, so that the loss caused by the fact that lawbreakers steal the verification code can be prevented.
Step S104, judging whether the first verification code is matched with the second verification code; when the first verification code is matched with the second verification code, the step S105 is entered; when the first verification code does not match the second verification code, the method proceeds to step S106.
Specifically, traversing the verification code generated in the application server, matching the second verification code sent by the user with the first verification code generated by the application server, and when each character of the second verification code sent by the user is completely the same as each character of the first verification code generated by the application server, the matching is successful.
And step S105, when the first verification code is matched with the second verification code, the verification is passed. The application program server confirms the user identification code, and therefore user identity verification of the user identification code is completed. The user opens the application program through the terminal, the application program returns the passing information, and the user identity information verification process is completed.
And step S106, when the first verification code is not matched with the second verification code, returning verification failure information. The user opens the application program through the terminal, the application program returns the verification failing information, and the user can resend the verification request at the moment to carry out the user identity information verification process for the second time.
Compared with the prior art, in the IM-based user identity authentication method disclosed by the invention, the communication characteristic that the IM application terminal binds the personal mobile phone number and the personal information is utilized, the IM application terminal and the application program server to be authenticated are combined, the real-time authentication code of the user is generated through the application program server to be authenticated, then the user sends the returned real-time authentication code through the IM application terminal binding the personal identity, and finally the application program server to be authenticated performs matching judgment on the real-time authentication code, so that the authentication of the user identity information is completed. The user identity authentication method of the invention does not need to be matched by short messages or operators, thereby saving the cost of sending the short messages by the operators. And the verification link function is integrated, the sending content for sending the real-time verification code to a specific IM receiving user can be automatically formed after the user clicks the link, the user can send the identity verification identification information to the application program server to be verified only by one-key sending, and the verification operation of the user is simplified compared with a method for manually inputting the short message verification code by the user.
Referring to fig. 2, fig. 2 schematically shows a block diagram of an IM-based user authentication system according to an embodiment of the present invention. Embodiments of the present invention provide an IM-based user authentication apparatus, which is applied to a third-party server, including but not limited to the following modules.
The first receiving module is used for receiving an authentication request sent by an application program of the terminal.
Specifically, the authentication request includes a request that the user applies for registering an account with the application server, or a request that the user applies for logging in an account with the application server, or a request that the user needs to execute some functions of the application. At this time, a user authentication interface is displayed on the interactive interface of the application program. The user identity authentication interface comprises an authentication request sending control, and the authentication request sending control is used for clicking and executing the operation of sending the authentication request by the user. And after the user sends the authentication request operation, the application program server receives the user authentication request.
And the generating module is used for generating a verification link according to the verification request and sending the verification link to an application program of the terminal, wherein the verification link comprises a first verification code and an IM application end identification code.
Specifically, the application server generates a first verification code of the user as an On Time Passed (OTP) as the user identification information. The first verification code may be a plurality of characters consisting of a plurality of random numbers, may be a plurality of characters consisting of a plurality of random english letters (wherein upper-case english letters and lower-case english letters represent different characters), and may also be a letter consisting of a plurality of random numbers and a plurality of random english letters. More specifically, the first verification code is a random character of at least 4 bits. In addition, in this embodiment, one of the bits of the first verification code is a check code, specifically, the last bit of the group of numbers is obtained from the previous number through some operation, so as to check the correctness of the group of numbers, thereby avoiding the problem of mismatching under the condition of error transmission of the verification code.
The IM application end identification code is pre-configured on the IM application end by the application program server and is used for receiving an IM account sent by a user. The IM application end identification code for realizing the user identity authentication method can be a uniform IM account, and can also be set with a plurality of different IM accounts according to the type of the authentication application program, the user type, the authentication request type and the like. In addition, the IM account can be changed periodically according to the business process.
In some embodiments, the verification link does not have a skip function, the user can only view the first verification code and the IM application identifier code on the application program user authentication interface of the terminal, and the user needs to manually open the corresponding IM application on the terminal according to the received information, then find the IM account of the corresponding IM application identifier code, manually input the first verification code into the communication interface of the IM account of the IM application identifier code, and then click to send, thereby completing uploading of the verification information.
In other embodiments, the verification link has a skip function, when the user clicks the verification link, the IM application terminal can be automatically woken up, the first verification code can be automatically filled in the communication interface on the communication interface of the IM account corresponding to the identification code of the IM application terminal, and the user can finish uploading the verification information only by clicking to send. Therefore, the verification link with the skip function greatly simplifies the verification operation of the user, and the user can finish verification information uploading only by clicking twice. In addition, in the mode, the user information is automatically filled, manual operation is not needed, the condition that the verification fails due to the fact that the user inputs the verification code by mistake is avoided, and therefore the efficiency and the success rate of user identity verification are improved.
And the second receiving module is used for receiving a second verification code and a user verification code sent by an IM application end, wherein the IM application end is an IM application program corresponding to the IM application end identification code.
Specifically, the second verification code is a real-time verification code sent by the user to the IM account corresponding to the IM application identifier. After a user sends a second verification code through an IM application end of the terminal, an IM account corresponding to the identification code of the IM application end is used as a receiver to obtain the second verification code sent by the user on a communication interface; and then the application program server obtains the second identifying code and the user mobile phone number corresponding to the user from an Application Program Interface (API) of the IM application end through a real-time identifying code Gateway (OTP Gateway), wherein the real-time identifying code Gateway (OTP Gateway) and the Application Program Interface (API) are configured in advance.
Specifically, the IM is an instant messaging APP using a mobile phone number as a user account, so that when a user uses an IM application terminal of the terminal to send a second verification code, the IM account corresponding to the IM application terminal identification code of the receiver can obtain the mobile phone number of the user, and send the mobile phone number to the application server to be verified through the real-time verification code Gateway (OTP Gateway).
And the verification module is used for judging whether the first verification code is matched with the second verification code. When the first verification code is matched with the second verification code, the verification is passed; and the user opens the application program through the terminal, the application program returns the passing information, and the user information verification process is completed. When the first verification code is not matched with the second verification code, returning verification failure information; the user opens the application program through the terminal, the application program returns the verification failing information, and the user can resend the verification request at the moment to carry out the verification process for the second time.
Specifically, the verification module traverses the verification code generated in the application server, matches the second verification code sent by the user with the first verification code generated by the application server, and when each character of the second verification code sent by the user is completely the same as each character of the first verification code generated by the application server, the matching is successful.
In some embodiments, the IM-based user authentication apparatus further includes a configuration module, configured to, before receiving the user authentication request, pre-configure IM account information corresponding to the IM application identity code. Specifically, the receiving account is registered in advance at the IM application terminal and information verification is completed, and the configuration module is used for configuring communication between the IM application terminal and the application program to be verified, so that after a user receives a real-time verification code of the user through the IM application terminal, the real-time verification code can be transmitted to the real-time verification code gateway through an Application Program Interface (API) of the IM, and then the real-time verification code is input to the application program server, and therefore user verification information is verified.
Compared with the prior art, in the user identity authentication device based on the IM, which is disclosed by the invention, the IM application terminal is combined with the application program server to be authenticated by utilizing the communication characteristic that the IM application terminal binds the personal mobile phone number and the information on the IM application terminal running on the third-party application program server. The user identity authentication device receives a user identity authentication request through a receiving request module and generates a real-time authentication code of a user by using a generating module; and then the user sends a real-time verification code through the IM application end bound with the personal identity, the real-time verification code is transmitted to the information receiving end of the IM receiving user, the real-time verification code sent by the user is received from the real-time verification code gateway, and finally the verification module carries out matching judgment on the real-time verification code, so that the verification of the user information is completed. The user identity authentication device does not need to be matched with a short message or an operator, so that the cost of sending the short message by the operator is saved. And the verification link function is integrated, the sending content for sending the authentication identification to the specific IM receiving user can be automatically formed after the user clicks the link, and the user can send the authentication identification information to the application server to be verified only by one-key sending, so that the verification operation of the user is simplified.
Fig. 3 is a flow chart schematically illustrating an IM-based user authentication method in a preferred embodiment of the present invention, and the technical contents related to the above embodiment will be described in detail with reference to fig. 3 and this embodiment.
The embodiment provides a user identity authentication method based on IM. The user authentication method can be used for user login, registration or application for executing application program special functions, and user registration is taken as an example in the embodiment. Specifically, the user authentication method may be executed in an application server to be registered or in an application client to be registered, and the user authentication method includes the following steps:
(1) Configuring a Gateway (Gateway) of a real-time authentication code (OTP) and informing an application program Server (NetApp Server) of receiving account information of an Instant Messaging (IM) application program of the OTP; the Gateway is an API Gateway based on an HTTP protocol and serves as a uniform API access layer, so that the connection between the NetApp Server and the IM Server is realized; netApp is an application program that uses the authentication scheme of the present application, IM is an instant messaging APP that uses a mobile phone number as a user account, and in this embodiment, is Whatsapp or Telegram.
(2) After the user finishes the registration information request on the display interface of the NetApp, the NetApp Server generates an OTP (one time password) and an IM receiving number, generates an IM sending link together and displays the IM sending link on a user registration page; the registration information request comprises a mobile phone number filling and a registration request sending by clicking; the IM sending connection comprises the OTP and the IM receiving number, and also comprises a control instruction for jumping to open the IM application program and a control instruction for sending information to the IM receiving number.
(3) And clicking the IM sending link by the user, automatically calling the IM, and automatically filling the pre-prepared OTP information in the chat interface of the receiving number.
(4) Clicking and sending the prefabricated OTP information on the IM by the user; the pre-manufactured OTP information is sent to the communication of an IM receiving user, and the information content sent by the registered user is obtained from the IMAPI through the pre-configured OTP Gateway.
(5) The OTP Gateway transmits the mobile phone number of the user and the received OTP information to the NetApp Server.
(6) The OTP Gateway receives a user notification through IM and switches back to NetApp to complete the registration process.
(7) The NetApp Server judges whether the prefabricated OTP information is consistent with the OTP sent to the registered user in the step (2); if the prefabricated OTP information is consistent with the OTP of the sending registered user, the step (8) is carried out; and if the prefabricated OTP information is consistent with the OTP of the sending registered user, the step (9) is carried out.
(8) And the NetApp Server returns verification passing information to complete user registration.
(9) The NetApp Server returns the verification failure information. When the authentication fails, the user can resend the authentication request to perform the second registration.
In the user identity authentication method based on IM disclosed in this embodiment, the communication characteristic that the IM application itself binds a personal mobile phone number and information is utilized, the IM application is combined with the application server to be registered, an identity authentication identifier of the user is generated by the application server to be registered, then the user sends the identity authentication identifier through the IM application binding the personal identity, and finally the application server to be registered performs matching judgment on the identity authentication identifier, thereby completing authentication of the user information. The user identity authentication method of the invention does not need to be matched by short messages or operators, thereby saving the cost of sending the short messages by the operators. And the verification link function is integrated, the sending content of the identity verification identification sent to a specific IM receiving user can be automatically formed after the user clicks the link, the user can send the identity verification identification information to the application program server to be registered only by one-key sending, and compared with the method for manually inputting the short message verification code by the user, the method has the advantages that the user operation is simple, the user only needs 2 clicks, the verification code does not need to be manually input, and the verification operation of the user is simplified.
Fig. 4 is a schematic structural diagram of a server 400 according to an embodiment of the present invention, where the server 400 may generate a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 401 and one or more memories 402, where the memory 402 stores at least one instruction, and the at least one instruction is loaded and executed by the processor 401 to implement the IM-based user authentication method provided by the above-mentioned method embodiments. Of course, the server may also have components such as a wired or wireless network interface, a keyboard, and an input/output interface, so as to perform input/output, and the server may also include other components for implementing the functions of the device, which are not described herein again.
In an exemplary embodiment, a computer-readable storage medium, such as a memory, is also provided that includes instructions executable by a processor in a terminal to perform the IM-based user authentication method in the embodiments described below. For example, the computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
It should be understood that any combination of the features of the above-described embodiments is possible, and for the sake of brevity, all possible combinations of the features of the above-described embodiments will not be described in detail, however, such non-contradictory combinations of features are to be construed as being included within the scope of the present description.
The above description is only a preferred embodiment of the disclosure, and is not intended to limit the scope of the disclosure, which is included in the present disclosure by the way of description and drawings of the present disclosure.
Claims (12)
1. An IM-based user authentication method, the authentication method comprising:
receiving a verification request sent by an application program of a terminal;
generating a verification link according to the verification request, and sending the verification link to an application program of the terminal, wherein the verification link comprises a first verification code and an IM application end identification code; the IM application end identification code is an IM account which is pre-configured on the IM application end by the application program server and is used for receiving the verification code sent by the user;
receiving a second verification code and a user identification code sent by the IM application terminal, wherein the IM application terminal is an IM application program corresponding to the IM application terminal identification code; and
when the first verification code and the second verification code match, the verification is passed.
2. The IM based user authentication method of claim 1, wherein the authentication link is configured to: and when the user clicks the verification link, the IM application terminal is automatically opened, and the first verification code is automatically filled in a communication interface of the IM account corresponding to the identification code of the IM application terminal.
3. The IM based user authentication method of claim 1, wherein the authentication method further comprises:
and when the first verification code is not matched with the second verification code, returning verification failure information.
4. The IM based user authentication method of claim 1, wherein the authentication method further comprises:
and pre-configuring IM account information corresponding to the IM application terminal identification code before receiving a verification request sent by an application program of a terminal.
5. The IM based user authentication method of claim 1, wherein the first authentication code is comprised of at least 4 bits of random characters.
6. The IM based user authentication method of claim 1, wherein after generating the corresponding authentication link, if the second authentication code is not obtained for more than a predetermined time, the authentication link is disabled.
7. An IM-based user authentication apparatus, the authentication apparatus comprising:
the first receiving module is used for receiving a verification request sent by an application program of the terminal;
the generating module is used for generating a verification link according to the verification request and sending the verification link to an application program of the terminal, wherein the verification link comprises a first verification code and an IM application end identification code; the IM application end identification code is an IM account which is pre-configured on the IM application end by the application program server and is used for receiving the verification code sent by the user;
the second receiving module is used for receiving a second verification code and a user identification code which are sent by the IM application terminal, wherein the IM application terminal is an IM application program corresponding to the IM application terminal identification code; and
and the verification module is used for passing the verification when the first verification code and the second verification code are matched.
8. The IM based user authentication device of claim 7, wherein the authentication link is configured to: and when the user clicks the verification link, the IM application terminal is automatically opened, and the first verification code is automatically filled in a communication interface of the IM account corresponding to the identification code of the IM application terminal.
9. The IM-based user authentication device of claim 7, wherein the authentication module is further configured to,
and when the second verification code sent by the user is not matched with the first verification code, returning verification failure information.
10. The IM based user authentication device of claim 7, wherein the authentication device further comprises:
and the configuration module is used for pre-configuring the IM account information corresponding to the IM application terminal identification code before receiving the user identity authentication request.
11. A server, comprising a processor and a memory, wherein the memory has stored therein at least one instruction that is loaded and executed by the processor to perform operations performed by the IM based user authentication method of any one of claims 1 to 6.
12. A computer-readable storage medium having stored therein at least one instruction which is loaded and executed by a processor to perform operations performed by the IM based user authentication method of any one of claims 1 to 6.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111158857.2A CN113824628B (en) | 2021-09-30 | 2021-09-30 | User identity authentication method, device, server and storage medium based on IM |
| PCT/CN2021/128188 WO2023050524A1 (en) | 2021-09-30 | 2021-11-02 | Im-based user identity authentication method and apparatus, and server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111158857.2A CN113824628B (en) | 2021-09-30 | 2021-09-30 | User identity authentication method, device, server and storage medium based on IM |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113824628A CN113824628A (en) | 2021-12-21 |
| CN113824628B true CN113824628B (en) | 2023-04-07 |
Family
ID=78919868
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111158857.2A Active CN113824628B (en) | 2021-09-30 | 2021-09-30 | User identity authentication method, device, server and storage medium based on IM |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113824628B (en) |
| WO (1) | WO2023050524A1 (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114979048B (en) * | 2022-08-02 | 2022-11-29 | 深圳市明源云科技有限公司 | Identity verification method, system, electronic device and medium based on instant messaging |
| CN116436633B (en) * | 2023-02-08 | 2023-12-05 | 广州希倍思智能科技有限公司 | Platform login method and system for receiving and transmitting verification code based on instant messaging |
| CN117835248A (en) * | 2023-10-17 | 2024-04-05 | 湖北星纪魅族集团有限公司 | Security control method, terminal, and non-transitory computer-readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016175647A1 (en) * | 2015-04-27 | 2016-11-03 | Linkdood Technologies Sdn Bhd | A secured instant messaging (im) system structure based on identification |
| CN111709007A (en) * | 2020-06-10 | 2020-09-25 | 中国建设银行股份有限公司 | User authentication method, device and equipment |
| CN111741011A (en) * | 2020-07-16 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Verification method, verification device and storage medium |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8705720B2 (en) * | 2007-02-08 | 2014-04-22 | Avaya Inc. | System, method and apparatus for clientless two factor authentication in VoIP networks |
| CN102480434A (en) * | 2010-11-24 | 2012-05-30 | 金蝶软件(中国)有限公司 | Method, device and system for realizing seamless transition among different system businesses |
| CN105207777B (en) * | 2014-06-30 | 2019-09-20 | 腾讯科技(深圳)有限公司 | The method and apparatus of network information verifying |
| CN105407074A (en) * | 2014-09-11 | 2016-03-16 | 腾讯科技(深圳)有限公司 | Authentication method, apparatus and system |
| CN105490809B (en) * | 2014-09-17 | 2020-11-06 | 腾讯科技(深圳)有限公司 | Information acquisition method and device, terminal and server |
| EP3179751B1 (en) * | 2015-06-15 | 2020-04-22 | Huawei Technologies Co., Ltd. | Information sending method and apparatus, terminal device, and system |
| CN106101125B (en) * | 2016-07-01 | 2020-09-22 | 龙官波 | Verification processing method, device and system |
| CN106230702B (en) * | 2016-08-29 | 2019-05-10 | 北京小米移动软件有限公司 | Identity information verification method, apparatus and system |
| CN111683103B (en) * | 2016-12-21 | 2022-08-30 | 创新先进技术有限公司 | Information interaction method and device |
| CN111835714A (en) * | 2017-07-11 | 2020-10-27 | 创新先进技术有限公司 | Information verification processing method, client and server |
| CN110099029A (en) * | 2018-01-30 | 2019-08-06 | 阿里健康信息技术有限公司 | A kind of auth method, terminal device and server |
| CN109787991B (en) * | 2019-01-31 | 2022-02-25 | 平安科技(深圳)有限公司 | Secret-free login method, device, equipment and storage medium based on mobile terminal |
| CN111245841A (en) * | 2020-01-14 | 2020-06-05 | 杭州涂鸦信息技术有限公司 | Account authorization method and system |
-
2021
- 2021-09-30 CN CN202111158857.2A patent/CN113824628B/en active Active
- 2021-11-02 WO PCT/CN2021/128188 patent/WO2023050524A1/en unknown
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016175647A1 (en) * | 2015-04-27 | 2016-11-03 | Linkdood Technologies Sdn Bhd | A secured instant messaging (im) system structure based on identification |
| CN111709007A (en) * | 2020-06-10 | 2020-09-25 | 中国建设银行股份有限公司 | User authentication method, device and equipment |
| CN111741011A (en) * | 2020-07-16 | 2020-10-02 | 腾讯科技(深圳)有限公司 | Verification method, verification device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113824628A (en) | 2021-12-21 |
| WO2023050524A1 (en) | 2023-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113824628B (en) | User identity authentication method, device, server and storage medium based on IM | |
| CN105024819B (en) | A kind of multiple-factor authentication method and system based on mobile terminal | |
| CN107086979B (en) | User terminal verification login method and device | |
| CN108055253A (en) | A kind of software login validation method, apparatus and system | |
| CN101035116A (en) | Instant-communication-based accounts security management system and method | |
| CN104639562A (en) | Work method of authentication pushing system and equipment | |
| CN103888255A (en) | Identity authentication method, device and system | |
| CN105227536A (en) | A kind of Quick Response Code login method and equipment | |
| CN103067378A (en) | Log-in control method and system based on two-dimension code | |
| CN110266642A (en) | Identity identifying method and server, electronic equipment | |
| CN105357186A (en) | Secondary authentication method based on out-of-band authentication and enhanced OTP (One-time Password) mechanism | |
| CN105763520A (en) | Network account password recovery method and device, client terminal device and server | |
| CN106060034A (en) | Account login method and device | |
| CN105897771B (en) | Identity identifying method, certificate server and third-party platform | |
| CN106161475A (en) | The implementation method of subscription authentication and device | |
| CN105100093B (en) | A kind of identity authentication method and server | |
| CN111181913B (en) | Information verification method and device | |
| CN109587683B (en) | Method and system for preventing short message from being monitored, application program and terminal information database | |
| US20220300960A1 (en) | System and method for confirming instructions over a communication channel | |
| US9282094B1 (en) | Transparent adaptive authentication and transaction monitoring | |
| CN101500235B (en) | Off-line authentication method, off-line authentication system and mobile terminal | |
| CN109525588B (en) | Verification code processing method, device and system | |
| CN101232379B (en) | Method for implementing system login, information technology system and communication system | |
| CN104301285B (en) | Login method for web system | |
| CN116015683A (en) | Authentication method, device, equipment and storage medium based on random key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |