CN102291372A - Identity authentication method - Google Patents
Identity authentication method Download PDFInfo
- Publication number
- CN102291372A CN102291372A CN2010102073333A CN201010207333A CN102291372A CN 102291372 A CN102291372 A CN 102291372A CN 2010102073333 A CN2010102073333 A CN 2010102073333A CN 201010207333 A CN201010207333 A CN 201010207333A CN 102291372 A CN102291372 A CN 102291372A
- Authority
- CN
- China
- Prior art keywords
- application program
- certificate server
- identification code
- make
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to an identity authentication method applied between an application program and an authentication server which are mutually connected through a network. The identity authentication method mainly comprises the following steps: the authentication server provides identity authentication interworking services when the application program is started or logged on; and the authentication server authenticates the application program by providing an identification code which corresponds to the application program, wherein the identification code is provided for the application program after the authentication server authenticates the identity of a user of the application program. Thus, when the application program is started or logged on in the future, identity authentication data does not need to be input any longer, and the identity of the user is authenticated through the identity authentication interworking services provided by the authentication server, and therefore the identity authentication data can be prevented from being peculated by a rogue program or an unauthorized person.
Description
Technical field
The present invention relates to a kind of identity identifying method, specifically, relate to a kind of application program accessing method, promptly utilizing is situated between connects the method that application program is logined in service.
Background technology
Along with the universalness of computer software and hardware development with the internet, login specific application program by specific number of the account and/or password, to carry out the use operation of application program, or further utilize this application program to carry out transfer of data by network, suitable popularizes, and described these application programs can for example need be carried out the application program of transfer of data by network for network browsing, E-mail receiver/send, real-time communication, game on line etc.In addition, even if inessential application program of carrying out transfer of data by network, as application programs such as document processing, multimedia, digital publication readings, having only the specific user as legal grantee for qualification can use, often before opening and enter described these application programs of use, can require the user to input number of the account and/or password, and after finishing authentication, begin the application program service that provides complete.
Be example with the real-time communication application program of using by the internet, the user needs service server application at least one group number of the account and/or the password of elder generation to the dealer that the real-time communication service is provided usually, and will be stated from the computer under the corresponding application, and after downloading also installation, can start this application program, and according to the requirement of this application program, the number of the account and/or the password of the previous application of input, logining in dealer's the service server, and then use the real-time communication service by this application program.In this process, service server carries out authentication according to number of the account and/or the password that the user inputed to the user, therefore, if the number of the account and/or the password of the careless input error of user, the service server that promptly can't utilize this application program to login the dealer uses the real-time communication service.
Problem is, since dealer's service server can come the user is carried out authentication by number of the account and/or password, ought to ensure user's information security fully, but why falsely used or security incident that user's information is stolen, still constantly frequently taken place about user's identity.Trace it to its cause, be that mainly number of the account and/or password are to offer service server via application program input and by network, so that number of the account and/or password are very easy to be stolen.That is, because the user is when opening application program, all need earlier input number of the account and/or password to give application program, making has increased the risk that number of the account and/or password are stolen by records such as the number of the account that can store the user in the application's data processing unit and/or password are installed.In addition, even if setting, the user number of the account and/or password are not carried out record in the setting option of application program, but in the process of each input number of the account and/or password, still be able to go up this application program or record input state, and then steal number of the account and/or password by connecting as malicious application such as back door (wooden horse) program or logging programs.
In view of this, how to provide a kind of identity identifying method, can make the user use application program for the mode of application program,, be the problem of solution that industry is needed badly in fact fully to ensure information safety need not input number of the account and/or password.
Summary of the invention
For the shortcoming that solves the above-mentioned background technology and reach other purpose, the invention provides a kind of identity identifying method, be applied to by between interconnective application program of network and the certificate server, this identity identifying method may further comprise the steps: 1) make this application program judge whether to have the identification code that is provided by this certificate server, if, then proceed to step 2), if not, then make this application program verify to this certificate server, and make this certificate server provide identification code to application program by checking, proceed to step 3) again; 2) make this application program utilize this identification code to authenticate to this certificate server by this network, if authentication success, then proceed to step 3), if authentification failure, then make this application program verify to this certificate server, and make this certificate server provide identification code to application program by checking, proceed to step 3) again; And 3) make this application program that service is provided, and the process ends step.
In one embodiment of the invention, before step 1), also comprise making this application program verify to this certificate server, provide the step of identification code to make this certificate server to the application program of passing through checking.
In another embodiment of the present invention, before step 1), when this certificate server provided identification code to the application program by checking, the identification code that makes this application program provide at this certificate server was set the valid expiration date and/or the access times upper limit; And in step 2) in, the identification code that makes this application program utilization have this valid expiration date and/or the access times upper limit authenticates to this certificate server.
In another embodiment of the present invention, in step 1) or 2) in the step that makes this application program verify to this certificate server, be to make this application program provide number of the account and/or password, by this number of the account and/or password this application program carried out authentication to make this certificate server to this certificate server.
In an embodiment more of the present invention, this step 3) also comprises makes this application program login service server by this network, provides service to make this service server by this application program.
In of the present invention again again among the embodiment, in this step 1) or 2) in the step that makes this application program verify to this certificate server, be to make this application program provide number of the account and/or password, by this number of the account and/or password this application program carried out authentication to make this certificate server to this certificate server.
In another embodiment of the present invention, this step 1) or 2) comprises that also identification code that the application program of order by checking provides at this certificate server sets the step of the valid expiration date and/or the access times upper limit.
In sum, identity identifying method of the present invention, can make application program authenticate to certificate server with the previous identification code that is provided of certificate server by network, and in authentication by after make application program that service is provided again, or login corresponding service server by network.By network number of the account and/or password are offered this certificate server and verify and this identification code is an application program by obtained person.Therefore, must give the mode of application program need not input number of the account and/or password for the member by identity identifying method of the present invention, starting application program logins in predetermined service server to use specific online service, so not only easy to use, more can avoid identification authentication data suffer rogue program or without permission the person usurp.
Description of drawings
Fig. 1 is the flow chart of steps of identity identifying method of the present invention; And
Fig. 2 is the sequential flow chart of identity identifying method of the present invention.
[primary clustering symbol description]
A user
The b application program
The c certificate server
S11~S15, S21~S24, S31~S34 step
Embodiment
Below by particular specific embodiment explanation embodiments of the present invention, those skilled in the art can understand other advantage of the present invention and effect easily by the content that this specification disclosed, and also can be implemented or use by other different specific embodiment.
See also Fig. 1, it has illustrated the flow chart of steps of identity identifying method provided by the invention.And identity identifying method of the present invention, be applied to by between interconnective application program of network and the certificate server, wherein, application program can be application programs such as online communication software, game on line software, on-line finance transaction software, or as application programs such as document processing, multimedia, digital publication readings, and described these application programs for example can be installed on for personal computer, mobile computer, intelligent mobile phone, and personal digital assistant etc. have in the data processing equipment of network connecting function.Described these application programs can be logined the service server that the online service dealer is set up by network, also can directly operate in data processing equipment.And certificate server can be network service provider (ISP) data processing platform (DPP) of putting of building, and carry out transfer of data by network and data processing equipment, generally speaking, certificate server has calculation function and highly the information security specification more powerful than general data processing unit.Described network can be the network of cable network or wireless network for example, thereby data processing equipment be connected with certificate server and service server.
As shown in Figure 1, in step S11, make application program carry out the oneself and detect, judging whether the having identification code that provides by certificate server, if, then proceed to step S12, if not, then proceed to step S14.In present embodiment, the identification code sequence number row that numeral, letter, pattern, sound, image and/or symbol form of can for example serving as reasons, as symbol (token), and have exclusive corresponding relation, also reach the different application that is installed in same data processing equipment with application program; Be installed in the same application of different pieces of information processing unit; Or be installed in same data processing equipment, but the application program under the operating environment under corresponding different operating system or the different users's identity all can have different corresponding identification codes.
What need supplementary notes is in other embodiment, before step S11 carries out, also can comprise the step that starts this application program.
Preferably, can further make this application program verify, provide identification code to application program by checking to make this certificate server to this certificate server.
In step S12, the requirement that the identification code that makes the application program utilization be had is desired to authenticate to the certificate server proposition, that is, judge by the network requirement certificate server whether the corresponding relation of identification code and application program is correct, and authenticate according to judged result.If it is correct to judge corresponding relation, then represents authentication success, and then proceed to step S13; And wrong if judge corresponding relation, represent authentification failure, then proceed to step S14.
In step S13, make application program launching or login predetermined service server so that service to be provided by network, that is, after certificate server is confirmed application program and the corresponding pass of identification code is correct, can provide the user to manipulate application program by data processing equipment, or the open applications program is logined predetermined service server by network, to make the user be able in service server, use relevant online service or carry out transfer of data, for example real-time communication or game on line by application program.
And in step S14, make application program verify to certificate server, and provide exclusive identification code to application program to make certificate server by checking, then proceed to step S15.Particularly, because application discovery it identification code that is provided by certificate server is not provided, so application program can guide the user to input number of the account and/or password is given certificate server, for example, guide the user to input number of the account and/or password is given certificate server in the mode of automatic unlatching new window, certificate server then can be after receiving number of the account and/or password, come the user who uses application program is carried out authentication program by the mode of checking number of the account and/or password, and after authentication program is finished, provide exclusive identification code to application program by certificate server, and make application program correspondingly store the identification code that obtains.In present embodiment, the password that the user inputed can be static password or dynamic password.
In step S15, order is logined predetermined service server by the application program of checking by network, in other words, after certificate server is finished identity validation by number of the account and/or password, can be when providing exclusive identification code to application program, the open applications program is logined predetermined service server by network in the lump, uses relevant online service to make the user by application program in service server.As previously mentioned, if this application program do not need can provide service by this service server, then make application program by checking directly start operating getting final product for the user.
In other embodiment, before carrying out abovementioned steps S11, also can shilling application program verify to certificate server earlier, to make certificate server provide exclusive identification code to application program by checking, certainly, application program also can be stored in resulting identification code in the data processing equipment.Preferably, when certificate server provide identification code to by the checking application program the time, application program by checking also can be set at the identification code that certificate server provide the while, for example set the valid expiration date and/or the access times upper limit, particularly, the valid expiration date that can set the identification code that obtains was 1 week, or at most only can use 10 times.Thus, when carrying out abovementioned steps S12, certificate server is except can authenticating the corresponding relation of identification code and application program, more can judge the valid expiration date and/or the access times upper limit of identification code, that is, the judgement that certificate server can be made validity at the valid expiration date and/or the access times upper limit of identification code, and with this foundation of whether passing through as application authentication in the lump.
In like manner, when carrying out abovementioned steps S14, also can make by the application program of checking and setting, with the valid expiration date and/or the access times upper limit of setting identification code at the identification code that certificate server provides.
In order further to clearly demonstrate identity identifying method of the present invention, please consult Fig. 2 again, it has illustrated the sequential flow chart of identity identifying method of the present invention.
In step S21, but user a application programs b carries out initial start-up; At this moment, application program b promptly can begin to carry out self-trace routine, judging whether the having identification code that provides by certificate server c, and because user a is initial start-up application program b, application program b can find that identification code that is provided by certificate server c is not provided for it, shown in step S22.
Then, in step S23, application program b can guide user a input number of the account and/or password to give certificate server c, to carry out authentication; When checking is passed through, certificate server c can further provide exclusive identification code to application program b then, and open applications program b logins predetermined service server (not shown), uses the online service of being correlated with by application program b for the user in service server.In other embodiment,, then also can exempt the step of logining predetermined service server, and directly provide the user to serve by application program if this application program does not need can provide service by service server.
And the hypothesis user a relevant online service of finishing using, and application program b is closed, and desire starts application program once more or desire is logined predetermined service server to use relevant online service by this application program, at this moment, can start application program b once more, shown in step S31.
And in step S32, application program b similarly can carry out the oneself and detect, at this moment, because certificate server c offers application program b with exclusive identification code in abovementioned steps S24,, application program b has the identification code that is provided by certificate server c so promptly can judging it.
And then, in step S33, application program b can automatically utilize the identification code that determines to authenticate to certificate server c.And in step S34, certificate server c meeting application programs b and the identification code that is had thereof authenticate, and open applications program b logins predetermined service server behind authentication success, start application program for the user, or in service server, use relevant online service once more by application program b.
What deserves to be mentioned is, in step S24, the identification code that user a can synchronously be provided certificate server c is carried out the setting of the valid expiration date and/or the access times upper limit, therefore, follow-up in step S33, certificate server c more can further judge at the valid expiration date and/or the access times upper limit of identification code except can authenticating the corresponding relation of identification code and application program b, whether surpasses the number of times upper limit as the number of times that whether surpasses this valid expiration date or startup and/or login.
In sum, by identity identifying method of the present invention, the user only needs number of the account and/or password are offered third-party certificate server, provide specific identification code to application program by certificate server, when starting application program or desire and login service server by network by application program, do not need number of the account and/or password are inputed to application program, and directly authenticate at application program by certificate server, by the common higher information security specification that has of certificate server, can lower the risk that membership information leaks, and then reduce the probability that user's identity is falsely used.Moreover, because application program can store the identification code that certificate server provides, so in valid expiration date and/or during the no show of the access times upper limit, the user all can be after starting this application program, automatically allow the user login predetermined service server, than background technology, has better ease of use.
Above embodiment is only in order to illustrative principle of the present invention and effect, but not is used to limit the present invention.Any those skilled in the art all can be under spirit of the present invention and category, and the foregoing description is modified and changed.Therefore, the scope of the present invention should be listed as claims.
Claims (11)
1. an identity identifying method is applied to by between interconnective application program of network and the certificate server, and this identity identifying method may further comprise the steps:
1) make this application program judge whether to have the identification code that provides by this certificate server, if then proceed to step 2), if not, then make this application program verify, and make this certificate server provide identification code, proceed to step 3) again to application program by checking to this certificate server;
2) make this application program utilize this identification code to authenticate to this certificate server by this network, if authentication success, then proceed to step 3), if authentification failure, then make this application program verify to this certificate server, and make this certificate server provide identification code to application program by checking, proceed to step 3) again; And
3) make this application program that service is provided, and the process ends step.
2. identity identifying method according to claim 1 wherein, before this step 1), also comprises making this application program verify to this certificate server, provides the step of identification code to the application program of passing through checking to make this certificate server.
3. identity identifying method according to claim 2, wherein, before this step 1), when this certificate server provided identification code to the application program by checking, the identification code that makes this application program provide at this certificate server was set the valid expiration date and/or the access times upper limit; And in step 2) in, the identification code that makes this application program utilization have this valid expiration date and/or the access times upper limit authenticates to this certificate server.
4. identity identifying method according to claim 2, wherein, in this step 1) or 2) in the step that makes this application program verify to this certificate server, be to make this application program provide number of the account and/or password, by this number of the account and/or password this application program carried out authentication to make this certificate server to this certificate server.
5. identity identifying method according to claim 4, wherein, this password is static password or dynamic password.
6. identity identifying method according to claim 1 wherein, before this step 1), comprises the step that starts this application program.
7. identity identifying method according to claim 1, wherein, this step 3) also comprises makes this application program login service server by this network, provides service to make this service server by this application program.
8. identity identifying method according to claim 1, wherein, in this step 1) or 2) in the step that makes this application program verify to this certificate server, be to make this application program provide number of the account and/or password, by this number of the account and/or password this application program carried out authentication to make this certificate server to this certificate server.
9. identity identifying method according to claim 8, wherein, this password is static password or dynamic password.
10. identity identifying method according to claim 1, wherein, this step 1) or 2) comprise that also identification code that the application program of order by checking provides at this certificate server sets the step of the valid expiration date and/or the access times upper limit.
11. identity identifying method according to claim 1, wherein, this identification code is made up of numeral, letter, pattern, sound, image and/or symbol.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102073333A CN102291372A (en) | 2010-06-18 | 2010-06-18 | Identity authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102073333A CN102291372A (en) | 2010-06-18 | 2010-06-18 | Identity authentication method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102291372A true CN102291372A (en) | 2011-12-21 |
Family
ID=45337485
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102073333A Pending CN102291372A (en) | 2010-06-18 | 2010-06-18 | Identity authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102291372A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106331885A (en) * | 2015-06-15 | 2017-01-11 | 普罗通信股份有限公司 | Electronic device, communication system, and transmission method of audio and video data |
| CN107437196B (en) * | 2016-05-25 | 2021-02-12 | 韩国动运国际贸易有限公司 | System for providing instruction image content and advertisement of smart phone |
| CN113298509A (en) * | 2021-06-18 | 2021-08-24 | 中国农业银行股份有限公司 | K-order authentication equipment and identity verification method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006019451A1 (en) * | 2004-07-15 | 2006-02-23 | Anakam L.L.C. | System and method for blocking unauthorized network log in using stolen password |
| CN1885770A (en) * | 2005-06-24 | 2006-12-27 | 华为技术有限公司 | Authentication method |
| CN101067856A (en) * | 2007-06-28 | 2007-11-07 | 向亚峰 | Method and system for realizing network payment |
-
2010
- 2010-06-18 CN CN2010102073333A patent/CN102291372A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006019451A1 (en) * | 2004-07-15 | 2006-02-23 | Anakam L.L.C. | System and method for blocking unauthorized network log in using stolen password |
| CN1885770A (en) * | 2005-06-24 | 2006-12-27 | 华为技术有限公司 | Authentication method |
| CN101067856A (en) * | 2007-06-28 | 2007-11-07 | 向亚峰 | Method and system for realizing network payment |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106331885A (en) * | 2015-06-15 | 2017-01-11 | 普罗通信股份有限公司 | Electronic device, communication system, and transmission method of audio and video data |
| CN107437196B (en) * | 2016-05-25 | 2021-02-12 | 韩国动运国际贸易有限公司 | System for providing instruction image content and advertisement of smart phone |
| CN113298509A (en) * | 2021-06-18 | 2021-08-24 | 中国农业银行股份有限公司 | K-order authentication equipment and identity verification method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108804906B (en) | System and method for application login | |
| US11405380B2 (en) | Systems and methods for using imaging to authenticate online users | |
| JP5739008B2 (en) | Method, apparatus, and system for verifying a communication session | |
| CN111414599A (en) | Identity authentication method, device, terminal, server and readable storage medium | |
| US8438620B2 (en) | Portable device for clearing access | |
| US8429730B2 (en) | Authenticating users and on-line sites | |
| US10063538B2 (en) | System for secure login, and method and apparatus for same | |
| EP1836676A2 (en) | System and method for authenticating users for secure mobile electronic transactions | |
| EP3090377A1 (en) | A method and apparatus for providing client-side score-based authentication | |
| JP4334515B2 (en) | Service providing server, authentication server, and authentication system | |
| JP2023145552A (en) | Method and system for authenticating secure qualification information transfer to device | |
| US20210234705A1 (en) | Improved system and method for internet access age-verification | |
| US20070028105A1 (en) | Apparatus and method for providing security in computing and communication environments | |
| KR20100099773A (en) | System and method for log-in process | |
| CN101729252A (en) | System and method of identity authentication of network service user | |
| CN107645726A (en) | A kind of method and system for mobile terminal user identity certification | |
| CN102291372A (en) | Identity authentication method | |
| KR101879843B1 (en) | Authentication mehtod and system using ip address and short message service | |
| KR20040103581A (en) | Secondary Authentication and gateway System for Banking | |
| KR101333006B1 (en) | System and method of confirming a login | |
| CN103929310A (en) | Mobile phone client side password unified authentication method and system | |
| JP4914725B2 (en) | Authentication system, authentication program | |
| KR20140043071A (en) | Authentication system and method for device attempting connection | |
| CN101145916A (en) | Network secure authentication system | |
| TWI466527B (en) | System and method for generating a password according to an id code as well as a server of the system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20111221 |