CN102300182B - Short-message-based authentication method, system and device - Google Patents
Short-message-based authentication method, system and device Download PDFInfo
- Publication number
- CN102300182B CN102300182B CN 201110264451 CN201110264451A CN102300182B CN 102300182 B CN102300182 B CN 102300182B CN 201110264451 CN201110264451 CN 201110264451 CN 201110264451 A CN201110264451 A CN 201110264451A CN 102300182 B CN102300182 B CN 102300182B
- Authority
- CN
- China
- Prior art keywords
- current
- verification code
- server
- verification
- user information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000012795 verification Methods 0.000 claims abstract description 355
- 238000004364 calculation method Methods 0.000 claims abstract description 24
- 230000004083 survival effect Effects 0.000 claims description 87
- 239000000284 extract Substances 0.000 claims description 10
- 239000004973 liquid crystal related substance Substances 0.000 claims description 4
- 230000003247 decreasing effect Effects 0.000 claims 1
- 238000005516 engineering process Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 208000008918 voyeurism Diseases 0.000 description 1
Images
Landscapes
- Telephonic Communication Services (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开了一种基于短信的身份验证方法、系统和装置,涉及网络安全技术领域。所述身份验证系统包括服务器、客户端和手机,所述身份验证装置即所述服务器包括收发模块、存储模块、计数模块、判断模块、生成模块、验证模块、控制模块和计算模块。所述基于短信的身份验证方法由服务器生成验证码并记录生成验证码的时间,通过外带方式发送生成的验证码至用户手机,再由用户输入客户端,由客户端发送给服务器进行验证,可在一定程度上阻止中间人攻击,并且服务器产生的验证码具备时效性,过期作废。
The invention discloses a short message-based identity verification method, system and device, and relates to the technical field of network security. The identity verification system includes a server, a client and a mobile phone, and the identity verification device, that is, the server includes a transceiver module, a storage module, a counting module, a judgment module, a generation module, a verification module, a control module and a calculation module. In the short message-based identity verification method, the server generates a verification code and records the time when the verification code is generated, and sends the generated verification code to the user's mobile phone through an external mode, and then the user enters the client, and the client sends it to the server for verification. Man-in-the-middle attacks can be prevented to a certain extent, and the verification code generated by the server is time-sensitive and becomes invalid after expiration.
Description
技术领域 technical field
本发明涉及网络安全技术领域,特别涉及一种基于短信的身份验证方法、系统和装置。The invention relates to the technical field of network security, in particular to a short message-based identity verification method, system and device.
背景技术 Background technique
目前,用户通过客户端使用服务器端提供的有权限要求的软件或应用程序时,服务器通常通过客户端要求用户输入相应的密码和账号信息,以防止非法用户的进入,但是处于黑客软件盛行的网络环境下,常常会出现用户密码被盗取的现象,因此,严重侵害了合法用户使用服务器端提供的有权限要求的软件或应用程序的权益。At present, when a user uses the software or application program provided by the server with permission through the client, the server usually requires the user to enter the corresponding password and account information through the client to prevent illegal users from entering, but in a network where hacker software is prevalent In this environment, user passwords are often stolen, which seriously infringes the rights of legitimate users to use software or application programs with permission requirements provided by the server.
现有技术中常用的身份验证技术有:静态密码认证技术,其用用户的账号名和密码来认证和识别用户的合法性,其主要特点是用一个固定的密码去激活一个特定的账号,但由于密码和账号作为软性标识,静态不变,且在网络中传输,存在许多弊端和安全漏洞,针对它的破解技术在不断发展,产生了许多可以盗取账号密码的工具和方法,例如采取窃取、破译、偷窥、骗取等,此外对用户创建、记忆、修改口令的要求较高,口令设定太简单容易破解,设得太复杂,就容易被遗忘。Commonly used identity verification technologies in the prior art include: static password authentication technology, which uses the user's account name and password to authenticate and identify the legitimacy of the user. Its main feature is to activate a specific account with a fixed password, but due to Passwords and account numbers are soft identifiers, static and unchanged, and they are transmitted in the network. There are many disadvantages and security holes. The cracking technology for it is constantly developing, and many tools and methods can be used to steal account passwords, such as stealing , deciphering, peeping, defrauding, etc. In addition, there are high requirements for users to create, remember, and modify passwords. If the password setting is too simple and easy to crack, if it is too complicated, it is easy to be forgotten.
发明内容 Contents of the invention
针对上述现有技术的不足,本发明提供了一种基于短信的身份验证方法、系统和装置,身份验证信息传送保密度高,也无需配备专用认证设备。Aiming at the deficiencies of the above-mentioned prior art, the present invention provides a method, system and device for identity verification based on short messages. The transmission of identity verification information is highly confidential, and no special authentication equipment is required.
本发明采取的技术方案是,一种基于短信的身份验证装置包括:The technical solution adopted by the present invention is that a short message-based identity verification device includes:
第一收发模块,用于接收客户端发送来的用户信息、登录请求以及验证码并传输给验证模块,用于向客户端返回相应应答结果;还用于接收生成模块传输来的验证码并向与当前登录请求绑定的手机号发送包含验证码的短信;The first transceiver module is used to receive the user information, login request and verification code sent by the client and transmit them to the verification module, and to return the corresponding response result to the client; it is also used to receive the verification code transmitted by the generation module and send it to the verification module. Send a text message containing a verification code to the mobile phone number bound to the current login request;
存储模块,用于存储用户信息、手机号、起始参考时间、校验码生成时间、认证基数、时间戳、存活周期、用户密钥;The storage module is used to store user information, mobile phone number, initial reference time, verification code generation time, authentication base, timestamp, survival period, and user key;
计数模块,用于对认证基数进行计数,并将计数结果即当前认证基数传输给存储模块,用于对时间戳清零并将清零结果传输给存储模块;The counting module is used to count the authentication base, and transmit the counting result, that is, the current authentication base, to the storage module, for clearing the time stamp and transmitting the zeroing result to the storage module;
判断模块,用于判断当前时间戳是否为零,还用于判断当前时间戳是否超出存活周期;Judging module, used to judge whether the current timestamp is zero, and also used to judge whether the current timestamp exceeds the survival period;
生成模块,用于获取存储模块中的当前认证基数和用户密钥并生成验证码或校验码,用于将生成的验证码传输给第一收发模块,将生成的校验码传输给验证模块;A generation module, used to obtain the current authentication base and user key in the storage module and generate a verification code or verification code, for transmitting the generated verification code to the first transceiver module, and transmitting the generated verification code to the verification module ;
验证模块,用于接收第一收发模块传输来的验证码和生成模块传输来的校验码,并比对两者是否一致,并将比对结果传输给控制模块;还用于验证第一收发模块传输来的用户信息是否与存储模块中存储的用户信息一致,并将验证结果传输给控制模块;The verification module is used to receive the verification code transmitted by the first transceiver module and the verification code transmitted by the generation module, and compare whether the two are consistent, and transmit the comparison result to the control module; it is also used to verify the first transceiver module Whether the user information transmitted by the module is consistent with the user information stored in the storage module, and the verification result is transmitted to the control module;
控制模块,用于接收验证模块传输来的比对结果和验证结果,并根据比对结果向第一收发模块发送认证成功或失败的返回码,根据验证结果控制第一收发模块向客户端发送是否通过临时验证的应答;The control module is used to receive the comparison result and the verification result transmitted by the verification module, and send a return code of authentication success or failure to the first transceiver module according to the comparison result, and control the first transceiver module to send the verification result to the client according to the verification result. Responses passed provisional authentication;
计算模块,用于计算当前时间与起始参考时间的差值,用于根据差值和存活周期计算得到认证基数预增加的步长。The calculation module is used to calculate the difference between the current time and the initial reference time, and is used to calculate the pre-increment step size of the authentication base according to the difference and the life cycle.
所述存储模块还用于存储验证码,当存储模块接收到生成模块发送来的验证码则用所述接收到的验证码替换当前存储的验证码;所述生成模块还用于将生成的验证码传输给存储模块;所述验证模块还用于直接从存储模块获取验证码,并比对所述获取的验证码与接收到的第一收发模块传输来的验证码是否一致,并将比对结果传输给控制模块。The storage module is also used to store the verification code, and when the storage module receives the verification code sent by the generation module, it replaces the currently stored verification code with the received verification code; the generation module is also used to generate the generated verification code The code is transmitted to the storage module; the verification module is also used to directly obtain the verification code from the storage module, and compare whether the obtained verification code is consistent with the received verification code transmitted by the first transceiver module, and compare The result is transmitted to the control module.
一种基于短信的身份验证系统包括身份验证装置、客户端和手机,An identity verification system based on short messages includes an identity verification device, a client and a mobile phone,
所述身份验证装置,用于接收客户端传输来的用户登录请求和用户信息,用于产生验证码发送到用户手机,还用于接收客户端传输来的验证码,验证接收到的验证码是否正确并将验证结果返回给客户端;The identity verification device is used to receive the user login request and user information transmitted by the client, to generate a verification code and send it to the user's mobile phone, to receive the verification code transmitted by the client, and to verify whether the received verification code is Correct and return the verification result to the client;
所述客户端,用于接收用户输入的登录请求并将用户信息和所述登录请求发送给所述身份验证装置,用于接收用户输入的验证码并发送给所述身份验证装置以及接收所述身份验证装置返回的验证结果;The client is configured to receive a login request input by a user and send the user information and the login request to the identity verification device, to receive a verification code input by the user and send it to the identity verification device, and to receive the verification code input by the user. The verification result returned by the identity verification device;
所述手机,用于接收所述身份验证装置发送来的验证码并显示给用户。The mobile phone is used to receive the verification code sent by the identity verification device and display it to the user.
所述客户端包括:The clients include:
第二收发模块,用于接收用户输入的验证码及登录请求并发送给身份验证装置,用于接收所述身份验证装置返回的验证结果及是否通过临时验证的应答;The second transceiver module is used to receive the verification code and login request input by the user and send it to the identity verification device, and is used to receive the verification result returned by the identity verification device and the response of whether the temporary verification is passed;
液晶显示模块:用于显示所述第二收发模块接收到的所述身份验证装置返回的验证结果及是否通过临时验证的应答。Liquid crystal display module: used for displaying the verification result returned by the identity verification device received by the second transceiver module and the response of whether the temporary verification is passed.
所述手机包括:The handsets include:
第三收发模块,用于接收所述身份验证装置发送来的短信并传输给短信存储模块;The third transceiver module is used to receive the short message sent by the identity verification device and transmit it to the short message storage module;
短信存储模块,用于存储所述第三收发模块传输来的短信;A short message storage module, configured to store short messages transmitted by the third transceiver module;
显示模块,用于从所述短信存储模块获取短信并显示。The display module is used to obtain and display short messages from the short message storage module.
一种基于短信的身份验证方法,包括服务器生成验证码的过程和所述服务器验证接收到的验证码的过程;An identity verification method based on short messages, including a process of generating a verification code by a server and a process of verifying the received verification code by the server;
所述服务器生成验证码的过程包括以下步骤,The process of generating the verification code by the server includes the following steps,
步骤S1:服务器接收用户登录请求;Step S1: the server receives a user login request;
步骤S2:所述服务器判断当前时间戳是否为无效,是则执行步骤S3,否则执行步骤S4;Step S2: The server judges whether the current timestamp is invalid, if yes, execute step S3, otherwise execute step S4;
步骤S3:所述服务器生成验证码并更新当前时间戳,然后执行步骤S5;Step S3: the server generates a verification code and updates the current timestamp, and then executes step S5;
步骤S4:所述服务器判断当前时间是否超出存活周期,是则生成验证码然后执行下一步,否则生成验证码并更新当前时间戳然后执行下一步;具体为若当前时间的时间值大于当前时间戳加存活周期得到的时间值,则当前时间超出存活周期。Step S4: The server judges whether the current time exceeds the survival period, and if so, generates a verification code and then executes the next step, otherwise generates a verification code and updates the current timestamp and then executes the next step; specifically, if the time value of the current time is greater than the current timestamp If the time value obtained by adding the survival period is added, the current time exceeds the survival period.
步骤S5:所述服务器发送所述验证码到与所述用户登录请求绑定的手机号;Step S5: the server sends the verification code to the mobile phone number bound to the user's login request;
所述服务器验证接收到的验证码的过程包括以下步骤,The process of verifying the received verification code by the server includes the following steps,
步骤S6:所述服务器接收到验证码和第二用户信息,判断当前时间是否超出存活周期,是则认证失败,否则执行下一步;Step S6: The server receives the verification code and the second user information, and judges whether the current time exceeds the survival period, if yes, the authentication fails, otherwise, the next step is executed;
步骤S7:所述服务器生成校验码,将所述校验码与接收到的所述验证码进行比对,若一致则执行下一步,否则认证失败;Step S7: The server generates a verification code, compares the verification code with the received verification code, and if they are consistent, execute the next step, otherwise the authentication fails;
步骤S8:服务器将当前时间戳置为无效;Step S8: the server invalidates the current timestamp;
步骤S9:认证成功。Step S9: the authentication is successful.
所述步骤S1具体为:服务器接收到客户端发送来的用户登录请求,从中提取第一用户信息,在数据库中检索是否存在与所述第一用户信息相符的用户信息,若存在则通过临时验证,所述服务器从数据库中提取与所述第一用户信息绑定的手机号,若不存在则认证失败。所述步骤S6还包括所述服务器接收到所述验证码和所述第二用户信息,并判断所述第二用户信息是否与存储的所述第一用户信息一致,若一致则判断当前时间是否超出存活周期,否则认证失败。所述步骤S2之前包括:所述服务器从数据库中获取当前认证基数和当前时间戳;步骤S3所述服务器生成验证码并更新当前时间戳具体为所述服务器根据第一用户信息获取密钥,采用一次口令生成算法对所述密钥和当前认证基数进行计算生成验证码,并将当前时间戳更新为生成验证码的时间;步骤S4中所述若当前时间未超出存活周期则生成验证码具体为所述服务器根据第一用户信息获取密钥,采用一次口令生成算法对所述密钥和当前认证基数进行计算生成验证码;步骤S4中所述若当前时间超出存活周期则生成验证码并更新当前时间戳具体为:所述服务器将当前认证基数按预设规则计算并用计算结果更新当前认证基数;所述服务器根据第一用户信息获取密钥,所述服务器采用一次口令生成算法对所述密钥和当前认证基数进行计算生成验证码,将当前时间戳更新为生成所述验证码的时间。步骤S7所述服务器生成校验码具体为所述服务器获取当前认证基数,根据第二用户信息获取密钥,采用一次口令生成算法对所述密钥和当前认证基数进行计算生成校验码;The step S1 is specifically: the server receives the user login request sent by the client, extracts the first user information therefrom, searches the database for whether there is user information that matches the first user information, and if so, passes the temporary verification , the server extracts the mobile phone number bound to the first user information from the database, and if it does not exist, the authentication fails. The step S6 also includes the server receiving the verification code and the second user information, and judging whether the second user information is consistent with the stored first user information, and if they are consistent, judging whether the current time is If the survival period is exceeded, the authentication will fail. Before the step S2, it includes: the server acquires the current authentication base and the current timestamp from the database; in the step S3, the server generates a verification code and updates the current timestamp. Specifically, the server obtains the key according to the first user information, using The one-time password generation algorithm calculates the key and the current authentication base to generate a verification code, and updates the current timestamp to the time when the verification code is generated; if the current time in step S4 does not exceed the survival period, then the generation of the verification code is specifically The server obtains the key according to the first user information, and uses a one-time password generation algorithm to calculate the key and the current authentication base to generate a verification code; if the current time exceeds the survival period described in step S4, then generate a verification code and update the current The time stamp is specifically: the server calculates the current authentication base according to preset rules and updates the current authentication base with the calculation result; the server obtains the key according to the first user information, and the server uses a one-time password generation algorithm to Calculate with the current authentication base to generate a verification code, and update the current timestamp to the time when the verification code was generated. In step S7, the verification code generated by the server is specifically that the server obtains the current authentication base, obtains a key according to the second user information, and uses a one-time password generation algorithm to calculate the key and the current authentication base to generate a check code;
所述步骤S3或步骤S8还包括:服务器将当前认证基数按预设规则进行计算并记录计算结果,用计算结果更新当前认证基数。The step S3 or step S8 further includes: the server calculates the current authentication base according to preset rules, records the calculation result, and updates the current authentication base with the calculation result.
所述将当前认证基数按预设规则计算具体为将当前认证基数递增或递减预设步长。The calculating the current authentication base according to preset rules is specifically to increase or decrease the current authentication base by a preset step size.
步骤S6所述判断当前时间是否超出存活周期具体为判断当前时间的时间值是否大于当前时间戳加存活周期得到的时间值。The step S6 of judging whether the current time exceeds the survival period is specifically judging whether the time value of the current time is greater than the time value obtained by adding the current timestamp and the survival period.
步骤S8所述当前时间戳置为无效优选设置将当前时间戳清零。In step S8, the current time stamp is invalidated, preferably setting the current time stamp to zero.
所述步骤S2之前可以包括:所述服务器从数据库中获取起始参考时间、校验码生成时间、存活周期、当前认证基数和当前时间戳,从内部时钟源读取当前时间,所述服务器根据起始参考时间、当前时间、存活周期计算得到第一步长;步骤S3所述服务器生成验证码并更新当前时间戳包括:Before the step S2, it may include: the server obtains the initial reference time, check code generation time, survival period, current authentication base and current timestamp from the database, and reads the current time from the internal clock source, and the server according to The initial reference time, current time, and survival period are calculated to obtain the first step length; the server in step S3 generates a verification code and updates the current timestamp including:
步骤205:判断当前时间是否超出存活周期,是则执行步骤205-1,否则执行步骤205-1′;具体为判断当前时间是否超出校验码生成时间加存活周期得到的时间值。Step 205: Determine whether the current time exceeds the survival period, if yes, perform step 205-1, otherwise perform step 205-1'; specifically, determine whether the current time exceeds the time value obtained by adding the check code generation time plus the survival period.
步骤205-1′:将当前认证基数增加第二步长后得到的结果替换数据库中存储的当前认证基数,然后执行步骤205-1;Step 205-1': replace the current authentication base stored in the database with the result obtained by increasing the current authentication base by a second step, and then perform step 205-1;
步骤205-1:根据当前认证基数和第一步长计算得到第一计数值,然后执行步骤205-2;Step 205-1: Calculate the first count value according to the current authentication base number and the first step length, and then execute step 205-2;
步骤205-2:根据所述第一计数值生成验证码,将当前时间戳更新为生成验证码的时间;Step 205-2: Generate a verification code according to the first count value, and update the current timestamp to the time when the verification code was generated;
步骤S4中所述若当前时间未超出存活周期则生成验证码具体为:In step S4, if the current time does not exceed the survival period, the verification code is generated as follows:
所述服务器根据当前认证基数和第一步长计算得到第二计数值;The server calculates the second count value according to the current authentication base and the first step length;
所述服务器根据第一用户信息获取密钥,采用一次口令生成算法对所述密钥和所述第二计数值进行计算生成验证码;The server obtains a key according to the first user information, and uses a one-time password generation algorithm to calculate the key and the second count value to generate a verification code;
步骤S4中所述若当前时间超出存活周期则生成验证码并更新当前时间戳具体为:In step S4, if the current time exceeds the survival period, the verification code is generated and the current timestamp is updated as follows:
所述服务器根据当前认证基数和第一步长计算得到第二计数值;The server calculates the second count value according to the current authentication base and the first step length;
所述服务器根据第一用户信息获取密钥,采用一次口令生成算法对所述密钥和所述第二计数值进行计算生成验证码,所述服务器将当前时间戳更新为生成验证码的时间;The server obtains the key according to the first user information, and uses a one-time password generation algorithm to calculate the key and the second count value to generate a verification code, and the server updates the current timestamp to the time when the verification code is generated;
步骤S7所述服务器生成校验码具体为:The verification code generated by the server described in step S7 is specifically:
根据起始参考时间、当前时间、存活周期计算得到第三步长;Calculate the third step length according to the initial reference time, current time, and survival period;
服务器获取当前认证基数,根据当前认证基数和第三步长计算得到第三计数值;The server obtains the current authentication base, and calculates the third count value according to the current authentication base and the third step length;
所述服务器根据第二用户信息获取密钥,采用一次口令生成算法对所述密钥和所述第三计数值进行计算生成校验码;The server obtains a key according to the second user information, and uses a one-time password generation algorithm to calculate the key and the third count value to generate a check code;
步骤S8之前包括记录校验码生成时间。Before step S8, record the verification code generation time.
所述第一步长和第三步长的计算方法为将当前时间转换为一个相对值,所述相对值是指当前时间与起始参考时间的差值,用所述相对值除以存活周期并取整数部分。The calculation method of the first step and the third step is to convert the current time into a relative value, the relative value refers to the difference between the current time and the initial reference time, and divide the relative value by the survival period and take the integer part.
所述步骤S3可用步骤S3’替换,所述步骤S4可用步骤S4’替换,所述步骤S7可用步骤S7’替换,且Said step S3 may be replaced by step S3', said step S4 may be replaced by step S4', said step S7 may be replaced by step S7', and
所述步骤S3’为,所述服务器生成验证码并用所述生成的验证码更新数据库中存储的验证码,将当前时间戳更新为生成验证码的时间;The step S3' is that the server generates a verification code and uses the generated verification code to update the verification code stored in the database, and updates the current timestamp to the time when the verification code was generated;
所述步骤S4’为,所述服务器判断当前时间是否超出存活周期,然后执行下一步;The step S4' is that the server judges whether the current time exceeds the survival period, and then executes the next step;
若当前时间未超出存活周期则获取数据库中存储的验证码,若当前时间超出存活周期则所述服务器生成验证码并用所述生成的验证码更新数据库中存储的验证码,将当前时间戳更新为生成验证码的时间;If the current time does not exceed the survival period, then obtain the verification code stored in the database, if the current time exceeds the survival period, then the server generates a verification code and uses the generated verification code to update the verification code stored in the database, and the current timestamp is updated as The time when the verification code was generated;
所述步骤S7’为,所述服务器获取数据库中存储的验证码,所述服务器将接收到的验证码和获取的所述数据库中存储的验证码进行比对,若比对结果一致则执行下一步,否则认证失败。The step S7' is, the server obtains the verification code stored in the database, the server compares the received verification code with the obtained verification code stored in the database, and if the comparison results are consistent, execute the following step, otherwise authentication fails.
本发明具有如下有益效果:The present invention has following beneficial effects:
1.验证码由服务器产生,通过外带方式发送至用户,可在一定程度上阻止中间人攻击;1. The verification code is generated by the server and sent to the user through a takeaway method, which can prevent man-in-the-middle attacks to a certain extent;
2.验证码具备时效性,过期作废。2. The verification code is time-sensitive and becomes invalid after it expires.
附图说明 Description of drawings
图1是实施例1提供的一种基于短信的身份验证系统示意图;Fig. 1 is a kind of short message-based identity verification system schematic diagram that embodiment 1 provides;
图2是实施例2提供的一种基于短信的身份验证装置组成框图;Fig. 2 is a kind of composition block diagram based on short message authentication device that embodiment 2 provides;
图3是实施例3提供的一种基于短信的身份验证方法流程图;Fig. 3 is a kind of flow chart of the authentication method based on short message that embodiment 3 provides;
图4是实施例4提供的另一种基于短信的身份验证方法流程图;Fig. 4 is another kind of short message-based identity verification method flowchart that embodiment 4 provides;
图5是实施例4提供的又一种基于短信的身份验证方法流程图。FIG. 5 is a flow chart of another SMS-based identity verification method provided in Embodiment 4.
具体实施方式 Detailed ways
下面结合附图和具体实施例对本发明作进一步说明,但不作为对本发明的限定。The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments, but not as a limitation of the present invention.
实施例1Example 1
本实施例1提供了一种基于短信的身份验证系统,包括服务器10、客户端20、手机30,所述服务器10相当于一种身份验证装置,其中,Embodiment 1 provides an identity verification system based on short messages, including a server 10, a client 20, and a mobile phone 30. The server 10 is equivalent to an identity verification device, wherein,
所述服务器10用于接收客户端20传输来的用户登录请求和用户信息,用于产生验证码发送到用户手机30,还用于接收客户端20传输来的验证码,验证接收到的验证码是否正确并将验证结果返回给客户端20;The server 10 is used to receive the user login request and user information transmitted by the client 20, to generate a verification code and send it to the user's mobile phone 30, to receive the verification code transmitted by the client 20, and to verify the received verification code Whether it is correct and return the verification result to the client 20;
所述客户端20用于接收用户输入的登录请求并将用户信息和登录请求发送给服务器10,用于接收用户输入的验证码并发送给服务器10以及接收服务器10返回的验证结果;The client 20 is used to receive the login request input by the user and send the user information and the login request to the server 10, to receive the verification code input by the user and send it to the server 10 and to receive the verification result returned by the server 10;
所述手机30用于接收服务器10发送来的验证码并显示给用户。The mobile phone 30 is used to receive the verification code sent by the server 10 and display it to the user.
所述服务器10包括第一收发模块101、存储模块102、计数模块103、判断模块104、生成模块105、验证模块106、控制模块107和计算模块108;The server 10 includes a
第一收发模块101,用于收发客户端20与服务器10之间传输的数据,接收生成模块105传输来的验证码并向绑定的手机号发送包含验证码的短信;The
本实施例中,第一收发模块101具体用于接收客户端20发送来的用户信息、登录请求以及验证码并传输给验证模块106,用于向客户端20返回相应应答结果。In this embodiment, the
存储模块102,用于存储用户信息、手机号、起始参考时间、校验码生成时间、认证基数、时间戳、存活周期、用户密钥;The
所述存储模块102还可以用于存储验证码,当服务器接收到登录请求时,若当前时间戳不为零且当前时间未超出存活周期则所述服务器直接从存储模块102获取所述验证码发送给当前用户绑定的手机号;相应地当服务器接收到验证码时,直接从存储模块102获取当前存储的验证码与所述接收到的验证码进行比对得出验证结果。The
计数模块103,用于对认证基数进行计数,并将计数结果即当前认证基数传输给存储模块102,用于对时间戳清零并将清零结果传输给存储模块102;The
判断模块104,用于判断当前时间戳是否为零,判断当前时间是否超出存活周期;Judging
生成模块105,用于获取存储模块102中的当前认证基数和用户密钥,并根据所述当前认证基数和用户密钥生成验证码或校验码,并将生成的验证码传输给第一收发模块101,将生成的校验码传输给验证模块106;The
所述生成模块105还用于将生成的验证码传输给存储模块102。The
验证模块106,用于接收第一收发模块101传输来的验证码和生成模块105传输来的校验码,并比对两者是否一致,并将比对结果传输给控制模块107;用于验证第一收发模块101传输来的用户信息是否与存储模块102中存储的用户信息一致,并将验证结果传输给控制模块107;The
所述验证模块106还可以用于比对第一收发模块101传输来的验证码和从存储模块102中获取的验证码是否一致,并将比对结果传输给控制模块107;The
控制模块107,用于接收验证模块106传输来的比对结果和验证结果,并根据比对结果向第一收发模块101发送认证成功或失败的返回码,根据验证结果控制第一收发模块101向客户端20发送是否通过临时验证的应答;The
计算模块108:用于计算当前时间与起始参考时间的差值,用于根据差值和存活周期计算得到认证基数预增加的步长;Calculation module 108: used to calculate the difference between the current time and the initial reference time, and used to calculate the pre-increment step size of the authentication base according to the difference and the survival period;
所述计数模块103对认证基数进行计数时调用计算模块108计算得到的步长。The
所述客户端20包括第二收发模块201和液晶显示模块202,其中,The client 20 includes a second transceiver module 201 and a liquid crystal display module 202, wherein,
第二收发模块201,用于接收用户输入的验证码及登录请求并发送给服务器10,用于接收服务器10返回的验证结果及是否通过临时验证的应答;The second transceiver module 201 is used to receive the verification code and login request input by the user and send it to the server 10, and is used to receive the verification result returned by the server 10 and the response of whether the temporary verification is passed;
液晶显示模块202:用于显示第二收发模块201接收到的服务器10返回的验证结果及是否通过临时验证的应答;Liquid crystal display module 202: used to display the verification result returned by the server 10 received by the second transceiver module 201 and the response of whether the temporary verification is passed;
所述手机30包括第三收发模块301、短信存储模块302和显示模块303,其中The mobile phone 30 includes a third transceiver module 301, a short message storage module 302 and a display module 303, wherein
第三收发模块301,用于接收服务器10发送来的短信并传输给短信存储模块302;The third transceiver module 301 is used to receive the short message sent by the server 10 and transmit it to the short message storage module 302;
短信存储模块302,用于存储第三收发模块301传输来的短信;The short message storage module 302 is used for storing the short message transmitted by the third transceiver module 301;
显示模块303,用于从短信存储模块302获取短信并显示。The display module 303 is configured to acquire the short message from the short message storage module 302 and display it.
实施例2Example 2
如图2所示,本发明提出了一种基于短信的身份验证装置,所述装置包括第一收发模块1001、存储模块1002、计数模块1003、判断模块1004、生成模块1005、验证模块1006、控制模块1007和计算模块1008;As shown in Figure 2, the present invention proposes a kind of identity verification device based on short message, described device comprises
第一收发模块1001,用于收发客户端与服务器之间传输的数据,用于接收生成模块1005传输来的验证码并向与当前登录请求绑定的手机号发送包含验证码的短信;The
本实施例中,第一收发模块1001具体用于接收客户端发送来的用户信息、登录请求以及验证码并传输给验证模块1006,用于向客户端返回相应应答结果。In this embodiment, the
存储模块1002,用于存储用户信息、手机号、起始参考时间、校验码生成时间、认证基数、时间戳、存活周期、用户密钥;The storage module 1002 is used to store user information, mobile phone number, initial reference time, verification code generation time, authentication base, timestamp, survival period, and user key;
所述存储模块1002还可以用于存储验证码,当存储模块1002接收到生成模块1005发送来的验证码时则用新接收到的验证码替换当前存储的验证码。The storage module 1002 can also be used to store the verification code, and when the storage module 1002 receives the verification code sent by the generating module 1005, it replaces the currently stored verification code with the newly received verification code.
计数模块1003,用于对认证基数进行计数,并将计数结果即当前认证基数传输给存储模块1002存储,用于对时间戳清零并将清零结果传输给存储模块1002;The counting module 1003 is used to count the authentication base number, and transmit the counting result, that is, the current authentication base number, to the storage module 1002 for storage, and is used to clear the time stamp and transmit the zeroing result to the storage module 1002;
本实施例中,具体为每完成一次认证,认证基数按照预设步长递增或递减;例如,优选设置为认证基数的初始值为0,完成一次认证,认证基数加1。每完成一次认证,当前时间戳清零并记录在存储模块1002中。In this embodiment, specifically, each time the authentication is completed, the authentication base is incremented or decremented according to the preset step size; for example, it is preferably set that the initial value of the authentication base is 0, and after one authentication is completed, the authentication base is increased by 1. Every time the authentication is completed, the current time stamp is cleared and recorded in the storage module 1002 .
判断模块1004,用于判断当前时间戳是否为零,用于判断当前时间戳是否超出存活周期;Judging
生成模块1005,用于获取存储模块1002中的当前认证基数和用户密钥并生成验证码或校验码,用于将生成的验证码传输给第一收发模块1001,将生成的校验码传输给验证模块1006;The generating module 1005 is used to obtain the current authentication base and user key in the storage module 1002 and generate a verification code or verification code, which is used to transmit the generated verification code to the
所述生成模块1005还用于将生成的验证码传输给存储模块1002存储。The generating module 1005 is also configured to transmit the generated verification code to the storage module 1002 for storage.
验证模块1006,用于接收第一收发模块1001传输来的验证码和生成模块1005传输来的校验码,并比对两者是否一致,并将比对结果传输给控制模块1007;用于验证第一收发模块1001传输来的用户信息是否与存储模块1002中存储的用户信息一致,并将验证结果传输给控制模块1007;The verification module 1006 is used to receive the verification code transmitted by the
所述验证模块1006还用于直接从存储模块1002获取验证码,并比对所述获取的验证码与接收到的第一收发模块1001传输来的验证码是否一致,并将比对结果传输给控制模块1007。The verification module 1006 is also used to obtain the verification code directly from the storage module 1002, and compare whether the obtained verification code is consistent with the received verification code transmitted by the
控制模块1007,用于接收验证模块1006传输来的比对结果和验证结果,并根据比对结果向第一收发模块1001发送认证成功或失败的返回码,根据验证结果控制第一收发模块1001向客户端发送是否通过临时验证的应答。The
计算模块1008,用于计算当前时间与起始参考时间的差值,用于根据差值和存活周期计算得到认证基数预增加的步长。所述计数模块1003对认证基数进行计数时调用计算模块1008得到的步长。The calculation module 1008 is used to calculate the difference between the current time and the initial reference time, and is used to calculate the pre-increment step of the authentication base according to the difference and the lifetime. The step size obtained by calling the calculation module 1008 when the counting module 1003 counts the authentication base.
实施例3Example 3
本实施例提供了一种基于短信的身份验证方法,This embodiment provides a short message-based identity verification method,
其中服务器生成验证码的过程包括如下步骤:The process for the server to generate the verification code includes the following steps:
步骤S1:服务器接收用户登录请求;Step S1: the server receives a user login request;
步骤S2:所述服务器判断当前时间戳是否为无效,是则执行步骤S3,否则执行步骤S4;Step S2: The server judges whether the current timestamp is invalid, if yes, execute step S3, otherwise execute step S4;
步骤S3:所述服务器生成验证码并更新当前时间戳,然后执行步骤S5;Step S3: the server generates a verification code and updates the current timestamp, and then executes step S5;
步骤S4:所述服务器判断当前时间是否超出存活周期,是则生成验证码然后执行下一步,否则生成验证码并更新当前时间戳然后执行下一步;Step S4: The server judges whether the current time exceeds the survival period, if yes, generates a verification code and then executes the next step, otherwise generates a verification code and updates the current timestamp and then executes the next step;
步骤S5:所述服务器发送所述验证码到与所述用户登录请求绑定的手机号。Step S5: The server sends the verification code to the mobile phone number bound to the user's login request.
其中,服务器验证接收到的验证码的过程包括以下步骤:Wherein, the process of verifying the received verification code by the server includes the following steps:
步骤S6:所述服务器接收到验证码和第二用户信息,判断当前时间是否超出存活周期,是则认证失败,否则执行下一步;Step S6: The server receives the verification code and the second user information, and judges whether the current time exceeds the survival period, if yes, the authentication fails, otherwise, the next step is executed;
步骤S7:所述服务器生成校验码,将所述校验码与接收到的所述验证码进行比对,若一致则执行下一步,否则认证失败;Step S7: The server generates a verification code, compares the verification code with the received verification code, and if they are consistent, execute the next step, otherwise the authentication fails;
步骤S8:服务器将当前时间戳置为无效;Step S8: the server invalidates the current timestamp;
步骤S9:认证成功。实施例4Step S9: the authentication is successful. Example 4
本实施例是基于实施例3的一种基于短信的身份验证方法,如图3所示本实施例提出的方法包括以下步骤:This embodiment is based on a short message-based identity verification method of Embodiment 3, as shown in Figure 3. The method proposed by this embodiment includes the following steps:
步骤101:服务器接收登录请求,从中提取与登录请求绑定的手机号和第一用户信息;Step 101: the server receives the login request, and extracts the mobile phone number and first user information bound to the login request;
本实施例中,在步骤101之前包括:客户端接收到用户的登录请求,向服务器发送登录请求;In this embodiment, before
具体为,当客户端出现登录窗口时,用户通过在登录窗口输入第一用户信息的方式向客户端发送登录请求,客户端将接收到的登录请求发送给服务器。用户在登录窗口输入的第一用户信息可以具体为用户账号、密码或者两者的组合等。Specifically, when a login window appears on the client, the user sends a login request to the client by inputting first user information in the login window, and the client sends the received login request to the server. The first user information input by the user in the login window may specifically be a user account, a password, or a combination of both.
进一步的,客户端向服务器发送登录请求的同时将接收到的第一用户信息发送给服务器。Further, the client sends the received first user information to the server while sending the login request to the server.
所述步骤101具体为:服务器接收到客户端发送的第一用户信息,在数据库中对其进行检索,如果第一用户信息例如用户账号与服务器在数据库中检索到的信息相符,则通过临时验证,服务器提取与该用户账号绑定了的手机号。The
进一步的,服务器接收到登录请求后会存储当前登录用户的用户信息直至接收到客户端发送的退出登录请求。Further, after receiving the login request, the server will store the user information of the currently logged-in user until it receives the logout request sent by the client.
步骤102:服务器获取当前认证基数、当前时间戳;Step 102: the server acquires the current authentication base and the current timestamp;
当前认证基数记录在服务器的数据库中,是一个具体的数值,用于生成验证码;The current authentication base is recorded in the database of the server, which is a specific value used to generate the verification code;
当前时间戳记录在服务器的数据库中,是一个具体的时间值。The current timestamp is recorded in the database of the server and is a specific time value.
本实施例中,优选设置:服务器若是第一次接收到登录请求,则当前认证基数取值为0。In this embodiment, it is preferably set: if the server receives a login request for the first time, the current authentication base value is 0.
步骤103:服务器判断当前时间戳是否为无效,如果是则执行步骤106,否则执行步骤104;Step 103: the server judges whether the current timestamp is invalid, if yes, execute
在本实施例中,当前时间戳被置为无效优选设置将当前时间戳清零,相应的本步骤中,判断当前时间戳是否为无效是通过判断当前时间戳是否为零来判断的。In this embodiment, the current timestamp is set to be invalid. It is preferably set to clear the current timestamp. Correspondingly, in this step, judging whether the current timestamp is invalid is determined by judging whether the current timestamp is zero.
步骤104:服务器判断当前时间是否超出存活周期,若超出则执行步骤105,否则执行步骤107;Step 104: The server judges whether the current time exceeds the survival period, if so, execute
存活周期是一个具体的以时间为单位的数值,比如存活周期取值为600s;The survival period is a specific value in units of time, for example, the survival period is 600s;
当前时间是否超出存活周期的判断方法具体为:当前时间的时间值如果大于当前时间戳加存活周期得到的时间值,则当前时间超出了存活周期,例如,当前时间戳为1:20,存活周期为600s,则当前时间如果超出1:30则判断为当前时间超出存活周期。The method of judging whether the current time exceeds the survival period is as follows: if the time value of the current time is greater than the time value obtained by adding the current timestamp to the survival period, the current time exceeds the survival period. For example, the current timestamp is 1:20, and the survival period is 600s, if the current time exceeds 1:30, it is judged that the current time exceeds the survival period.
步骤105:将当前认证基数按预设规则计算并用计算结果更新当前认证基数;Step 105: Calculate the current certification base according to preset rules and update the current certification base with the calculation result;
本实施例中具体为服务器利用计数器对第一认证基数进行递增或递减的计算,并用计算结果更新当前认证基数。优选的,所述将当前认证基数按预设规则计算具体为对当前认证基数进行加1的计算。Specifically, in this embodiment, the server uses the counter to calculate the increment or decrement of the first authentication base, and uses the calculation result to update the current authentication base. Preferably, the calculation of the current authentication base according to preset rules is specifically the calculation of adding 1 to the current authentication base.
步骤106:根据当前认证基数生成验证码,将当前时间戳更新为生成验证码的时间,执行步骤108;Step 106: Generate a verification code according to the current authentication base, update the current timestamp to the time when the verification code was generated, and execute
本实施例中具体为:服务器根据当前存储的用户信息获取与当前用户绑定的密钥,服务器采用一次口令生成算法对所述密钥和当前认证基数进行计算得到验证码,并记录验证码的生成时间。将当前时间戳更新为生成验证码的时间则当前时间戳有效。Specifically in this embodiment: the server obtains the key bound to the current user according to the currently stored user information, the server uses a one-time password generation algorithm to calculate the key and the current authentication base to obtain a verification code, and records the verification code Generation time. If the current timestamp is updated to the time when the verification code is generated, the current timestamp is valid.
若当前时间戳等于生成验证码的时间则认为当前时间戳有效,则从步骤103跳转到执行步骤106是将当前时间戳置为有效的过程,从步骤103顺序执行到步骤106是将一个有效的当前时间戳更新的过程,更新后的时间戳仍有效。If the current time stamp is equal to the time when the verification code is generated, the current time stamp is considered valid, and then jumping from
步骤107:根据当前认证基数生成验证码;Step 107: Generate a verification code according to the current authentication base;
本实施例中具体为:服务器根据当前存储的用户信息获取与当前用户绑定的密钥,服务器采用一次口令生成算法对所述密钥和当前认证基数进行计算得到验证码。Specifically in this embodiment: the server obtains the key bound to the current user according to the currently stored user information, and the server uses a one-time password generation algorithm to calculate the key and the current authentication base to obtain a verification code.
步骤108:服务器以短信方式向与当前登录请求绑定的手机号发送验证码;Step 108: The server sends a verification code to the mobile phone number bound to the current login request by SMS;
步骤109:客户端接收用户输入的验证码,向服务器发送验证码和第二用户信息;Step 109: the client receives the verification code input by the user, and sends the verification code and the second user information to the server;
步骤110:服务器接收验证码和第二用户信息,并判断第二用户信息是否与存储的第一用户信息一致,若一致则执行步骤111,否则认证失败;Step 110: The server receives the verification code and the second user information, and judges whether the second user information is consistent with the stored first user information, and if they are consistent, execute
步骤111:服务器判断当前时间是否超出存活周期,如果超出则认证失败,否则执行步骤112;Step 111: The server judges whether the current time exceeds the survival period, if it exceeds, the authentication fails, otherwise, execute
具体为:服务器从内部时钟源读取当前时间,从数据库中获取当前时间戳,判断当前时间是否超出当前时间戳加存活周期得到的时间值,若超出则验证码失效,认证失败,若未超出则继续执行下一步;Specifically: the server reads the current time from the internal clock source, obtains the current timestamp from the database, and judges whether the current time exceeds the time value obtained by adding the current timestamp and the survival period. If it exceeds, the verification code will be invalid and the authentication will fail. Then proceed to the next step;
步骤112:服务器获取当前认证基数,根据当前认证基数计算生成校验码;Step 112: The server obtains the current authentication base, and calculates and generates a check code according to the current authentication base;
具体为:服务器根据第二用户信息获取与第二用户绑定的密钥,采用一次口令生成算法对所述密钥和当前认证基数进行计算得到校验码。Specifically, the server obtains the key bound to the second user according to the second user information, and uses a one-time password generation algorithm to calculate the key and the current authentication base to obtain a check code.
步骤113:服务器将接收到的验证码与生成的校验码进行比对,若比对结果一致则执行步骤114,否则认证失败;Step 113: The server compares the received verification code with the generated verification code, and if the comparison results are consistent, execute
步骤114:服务器将当前认证基数按预设规则进行计算并记录计算结果,用计算结果更新数据库中存储的当前认证基数;Step 114: The server calculates the current authentication base according to preset rules and records the calculation result, and uses the calculation result to update the current authentication base stored in the database;
所述预设规则与步骤105所述预设规则相同。The preset rule is the same as the preset rule in
进一步的,步骤114还可以调整到步骤103后执行,具体为当步骤103判断得出当前时间戳为无效时执行步骤114,然后再执行步骤106根据当前认证基数生成验证码,将当前时间戳更新为生成验证码的时间。Further, step 114 can also be adjusted to be executed after
步骤115:服务器将当前时间戳置为无效,认证成功。Step 115: the server invalidates the current timestamp, and the authentication is successful.
在本实施例中,服务器每成功认证一次,都会执行步骤114和115的操作,即更新当前认证基数,将当前时间戳置为无效,为下一次认证做准备。In this embodiment, every time the server authenticates successfully, it will perform the operations of
具体的,本实施例中认证完成后服务器会向客户端返回认证成功或认证失败的验证结果。Specifically, in this embodiment, after the authentication is completed, the server will return the authentication result of authentication success or authentication failure to the client.
进一步地,本实施例中上述步骤106、步骤107、步骤112和步骤113还可分别用步骤106′、步骤107′、步骤112′和步骤113′替换,具体如下:Further, the
步骤106′:根据当前认证基数生成验证码并用生成的验证码更新数据库中存储的验证码,将当前时间戳更新为生成验证码的时间,执行步骤108;Step 106': Generate a verification code according to the current authentication base and use the generated verification code to update the verification code stored in the database, update the current timestamp to the time when the verification code was generated, and execute
本实施例中具体的,服务器数据库中存储的验证码的更新时长等于存活周期;将当前时间戳更新为生成验证码的时间则当前时间戳有效。Specifically in this embodiment, the update duration of the verification code stored in the server database is equal to the survival period; if the current timestamp is updated to the time when the verification code is generated, the current timestamp is valid.
步骤107′:获取数据库中存储的验证码;Step 107': Obtain the verification code stored in the database;
具体地,在当前时间戳有效且当前时间未超出存活周期时直接从数据库中获取验证码。Specifically, when the current timestamp is valid and the current time has not exceeded the survival period, the verification code is directly obtained from the database.
步骤112′:服务器获取当前认证基数和当前数据库中存储的验证码;Step 112': the server acquires the current authentication base and the verification code stored in the current database;
步骤113′:服务器将接收到的验证码和获取的数据库中存储的验证码进行比对,若比对结果为二者一致则执行步骤114,否则认证失败。Step 113': The server compares the received verification code with the obtained verification code stored in the database, and if the comparison result is consistent, execute
实施例5Example 5
本实施例是基于实施例3的一种基于短信的身份验证方法,如图4所示本实施例提出的方法包括以下步骤:This embodiment is based on a short message-based identity verification method of Embodiment 3, as shown in Figure 4. The method proposed by this embodiment includes the following steps:
步骤201:服务器接收登录请求,从中提取与登录请求绑定的手机号和第一用户信息;Step 201: the server receives the login request, and extracts the mobile phone number and first user information bound to the login request;
步骤202:获取起始参考时间、校验码生成时间、存活周期、当前时间、当前认证基数、当前时间戳;Step 202: Obtain the initial reference time, check code generation time, survival period, current time, current authentication base, and current timestamp;
步骤203:根据起始参考时间、当前时间、存活周期计算得到第一步长;Step 203: Calculate the length of the first step according to the initial reference time, current time, and survival period;
本实施例中具体为:将当前时间转换为一个相对值,所述相对值是指当前时间与起始参考时间的差值,用所述相对值除以存活周期并取整数部分即得到第一步长。Specifically in this embodiment: convert the current time into a relative value, the relative value refers to the difference between the current time and the initial reference time, divide the relative value by the survival period and take the integer part to obtain the first step size.
步骤204:判断当前时间戳是否为无效,是则执行步骤205,否则执行步骤206;Step 204: Determine whether the current timestamp is invalid, if yes, execute step 205, otherwise execute
在本实施例中,当前时间戳被置为无效优选设置将当前时间戳清零,相应的本步骤中,判断当前时间戳是否为无效是通过判断当前时间戳是否为零来判断的。In this embodiment, the current timestamp is set to be invalid. It is preferably set to clear the current timestamp. Correspondingly, in this step, judging whether the current timestamp is invalid is determined by judging whether the current timestamp is zero.
步骤205:判断当前时间是否超出存活周期,是则执行步骤205-1,否则执行步骤205-1′,Step 205: Determine whether the current time exceeds the survival period, if yes, execute step 205-1, otherwise execute step 205-1',
本实施例中具体为:判断当前时间是否超出校验码生成时间加存活周期得到的时间值。In this embodiment, it is specifically: judging whether the current time exceeds the time value obtained by adding the check code generation time to the survival period.
步骤205-1′:利用当前认证基数增加第二步长后得到的结果替换数据库中存储的当前认证基数,返回执行步骤205-1;Step 205-1': replace the current authentication base stored in the database with the result obtained after the current authentication base is increased by the second step, and return to step 205-1;
所述第二步长是一个预设数值,例如,可以设置第二步长取值为1,则将当前认证基数更新为当前认证基数加1的计算结果;The second step is a preset value. For example, the second step can be set to a value of 1, and the current authentication base is updated to the calculation result of the current authentication base plus 1;
步骤205-1:根据当前认证基数和第一步长计算得到第一计数值,然后执行步骤205-2;Step 205-1: Calculate the first count value according to the current authentication base number and the first step length, and then execute step 205-2;
所述第一计数值是当前认证基数加第一步长计算得到的。The first count value is calculated by adding the current authentication base to the first step.
步骤205-2:根据第一计数值生成验证码,然后执行步骤207;Step 205-2: Generate a verification code according to the first count value, and then perform step 207;
本实施例中生成验证码的过程具体为:服务器根据第一用户信息获取与第一用户绑定的密钥,采用一次口令生成算法对所述密钥和所述第一计数值进行计算得到验证码。The process of generating the verification code in this embodiment is specifically: the server obtains the key bound to the first user according to the first user information, and uses a one-time password generation algorithm to calculate the key and the first count value to obtain verification code.
步骤206:根据当前认证基数和第一步长计算得到第二计数值,然后执行步骤206-1;Step 206: Calculate the second count value according to the current authentication base number and the first step length, and then perform step 206-1;
所述第二计数值是当前认证基数加第一步长计算得到的。The second count value is calculated by adding the first step to the current authentication base.
步骤206-1:根据所述第二计数值生成验证码;Step 206-1: Generate a verification code according to the second count value;
本实施例中生成验证码的过程与步骤205-2相同,在此不再赘述。The process of generating the verification code in this embodiment is the same as step 205-2, and will not be repeated here.
步骤206-2:判断当前时间是否超出存活周期,是则执行步骤207,否则执行步骤208;Step 206-2: Determine whether the current time exceeds the survival period, if yes, execute step 207, otherwise execute step 208;
所述当前时间是否超出存活周期的判断方法具体为:当前时间如果超出当前时间戳加存活周期得到的时间值,则当前时间超出了存活周期,例如,当前时间戳为1:20,存活周期为600s,则当前时间如果超出1:30则判断为当前时间超出存活周期。The method for judging whether the current time exceeds the survival period is specifically: if the current time exceeds the time value obtained by adding the current timestamp and the survival period, then the current time exceeds the survival period. For example, the current timestamp is 1:20, and the survival period is 600s, if the current time exceeds 1:30, it is judged that the current time exceeds the survival period.
步骤207:将当前时间戳更新为生成验证码的时间,然后执行步骤208;Step 207: update the current timestamp to the time when the verification code was generated, and then execute step 208;
本实施例中具体地,当前时间戳更新为生成验证码的时间时则当前时间戳有效。Specifically, in this embodiment, when the current timestamp is updated to the time when the verification code is generated, the current timestamp is valid.
步骤208:服务器以短信方式向所述手机号发送验证码;Step 208: the server sends a verification code to the mobile phone number by SMS;
所述手机号是步骤201获取的与登录请求绑定的手机号。The mobile phone number is the mobile phone number obtained in step 201 and bound to the login request.
步骤209:客户端接收用户输入的验证码,向服务器发送验证码和第二用户信息;Step 209: the client receives the verification code input by the user, and sends the verification code and the second user information to the server;
步骤210:服务器接收验证码和第二用户信息,判断第二用户信息是否与第一用户信息一致,是则执行步骤211,否则认证失败;Step 210: The server receives the verification code and the second user information, and judges whether the second user information is consistent with the first user information, if yes, execute step 211, otherwise the authentication fails;
本实施例中步骤209和步骤210具体为:客户端提示用户输入验证码和用户信息,客户端将接收到的验证码和用户信息发送给服务器,服务器验证当前接收到的用户信息是否与登录请求中获取的用户信息一致,若一致则执行步骤211,若不一致则认证失败。Steps 209 and 210 in this embodiment are specifically: the client prompts the user to input the verification code and user information, the client sends the received verification code and user information to the server, and the server verifies whether the currently received user information is consistent with the login request The user information acquired in is consistent, if consistent, execute step 211, if not consistent, authentication fails.
步骤211:服务器获取当前时间,判断当前时间是否超出存活周期,若是则认证失败,否则执行下一步;Step 211: the server obtains the current time, and judges whether the current time exceeds the survival period, if so, the authentication fails, otherwise, the next step is executed;
本实施例中判断当前时间是否超出存活周期具体为:判断当前时间是否超出步骤207记录的当前时间戳加存活周期得到的时间值,若超出则认证失败,否则执行步骤212。In this embodiment, judging whether the current time exceeds the survival period is specifically: judging whether the current time exceeds the time value obtained by adding the current timestamp recorded in step 207 to the survival period. If it exceeds, the authentication fails; otherwise, step 212 is performed.
步骤212:根据起始参考时间、当前时间、存活周期计算得到第三步长;Step 212: Calculate and obtain the third step length according to the initial reference time, the current time, and the lifetime;
本实施例中具体计算方法为:计算当前时间与起始参考时间的差值,用所述差值除以存活周期并取整数部分得到的结果即为第三步长;例如:起始参考时间为T0,当前时间距起始参考时间的相对秒数为S,存活周期为I,则第三步长等于S/I并取整数部分。The specific calculation method in this embodiment is: calculate the difference between the current time and the initial reference time, divide the difference by the survival period and take the integer part to obtain the third step length; for example: the initial reference time is T0, the relative seconds between the current time and the initial reference time is S, and the survival period is I, then the third step length is equal to S/I and takes the integer part.
所述当前时间为一个变量,起始参考时间和存活周期为常量。The current time is a variable, and the initial reference time and survival period are constants.
步骤213:服务器获取当前认证基数,根据当前认证基数和第三步长计算得到第三计数值;Step 213: The server acquires the current authentication base, and calculates the third count value according to the current authentication base and the third step;
步骤214:根据第三计数值生成校验码;Step 214: Generate a check code according to the third count value;
本实施例中具体为:服务器获取当前用户的密钥,采用一次口令生成算法对所述密钥和当前认证基数进行计算得到校验码。Specifically, in this embodiment, the server obtains the key of the current user, and uses a one-time password generation algorithm to calculate the key and the current authentication base to obtain a check code.
步骤215:比对步骤214生成的校验码和步骤210接收到的验证码,若一致则执行下一步,否则认证失败;Step 215: compare the verification code generated in step 214 with the verification code received in step 210, if they are consistent, then execute the next step, otherwise the authentication fails;
步骤216:记录步骤214所述校验码的生成时间;Step 216: record the generation time of the verification code described in step 214;
步骤217:将当前时间戳置为无效。Step 217: invalidate the current timestamp.
本实施例中将当前时间戳置为无效优选设置将当前时间戳清零。In this embodiment, setting the current time stamp as invalid is preferably set to clear the current time stamp to zero.
顺序执行至步骤217则认证成功,服务器向客户端返回认证成功的提示,客户端显示提示信息给用户以便执行其他操作。If the sequence is executed to step 217, the authentication is successful, and the server returns a prompt of successful authentication to the client, and the client displays a prompt message to the user to perform other operations.
进一步地,本实施例中上述步骤205-2可用步骤205-2′替换,具体如下:Further, the above step 205-2 in this embodiment can be replaced by step 205-2', specifically as follows:
步骤205-2′:根据第一计数值生成验证码并用生成的验证码更新数据库中存储的验证码,执行步骤207;Step 205-2': Generate a verification code according to the first count value and use the generated verification code to update the verification code stored in the database, and execute step 207;
本实施例中生成验证码的过程具体为:服务器根据第一用户信息获取与第一用户绑定的密钥,采用一次口令生成算法对所述密钥和所述第一计数值进行计算得到验证码。The process of generating the verification code in this embodiment is specifically: the server obtains the key bound to the first user according to the first user information, and uses a one-time password generation algorithm to calculate the key and the first count value to obtain verification code.
上述步骤206至步骤207可用图5所示方法替换,具体如下:Above-mentioned
步骤206′:判断当前时间是否超出存活周期,是则执行步骤206-1′,否则执行步骤206-3′;Step 206': Determine whether the current time exceeds the survival period, if yes, execute step 206-1', otherwise execute step 206-3';
步骤206-1′:根据当前认证基数计算得到第二计数值;然后执行步骤206-2′;Step 206-1': Calculate the second count value according to the current authentication base; then execute step 206-2';
所述第二计数值是当前认证基数加第一步长计算得到的。The second count value is calculated by adding the first step to the current authentication base.
步骤206-2′:根据所述第二计数值生成验证码并用生成的验证码更新数据库中存储的验证码,然后执行步骤207;Step 206-2': Generate a verification code according to the second count value and use the generated verification code to update the verification code stored in the database, and then perform step 207;
本实施例中生成验证码的过程与步骤205-2′相同,在此不再赘述。The process of generating the verification code in this embodiment is the same as step 205-2', and will not be repeated here.
步骤206-3′:获取数据库中存储的验证码;Step 206-3': Obtain the verification code stored in the database;
上述步骤214可用步骤214′替换,步骤215用步骤215′替换,同时,步骤212和213可以略去,执行完步骤211后直接执行步骤214′,具体如下:Above-mentioned step 214 can be replaced by step 214', and step 215 is replaced by step 215'. Meanwhile, steps 212 and 213 can be omitted, and step 214' is directly executed after step 211 is performed, as follows:
步骤214′:服务器获取当前数据库中存储的验证码;Step 214': the server obtains the verification code stored in the current database;
步骤215′:服务器将接收到的验证码和获取的数据库中存储的验证码进行比对,若比对结果为二者一致则执行步骤216,否则认证失败。Step 215': The server compares the received verification code with the obtained verification code stored in the database, and if the comparison result is consistent, execute step 216, otherwise the authentication fails.
以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明公开的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求的保护范围为准。The above is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto, any changes or variations that can be easily conceived by those skilled in the art within the technical scope disclosed in the present invention Replacement should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.
Claims (11)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110264451 CN102300182B (en) | 2011-09-07 | 2011-09-07 | Short-message-based authentication method, system and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110264451 CN102300182B (en) | 2011-09-07 | 2011-09-07 | Short-message-based authentication method, system and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102300182A CN102300182A (en) | 2011-12-28 |
| CN102300182B true CN102300182B (en) | 2013-08-14 |
Family
ID=45360283
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110264451 Active CN102300182B (en) | 2011-09-07 | 2011-09-07 | Short-message-based authentication method, system and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102300182B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104639505A (en) * | 2013-11-11 | 2015-05-20 | 中国移动通信集团辽宁有限公司 | Short message-based bidirectional safety authentication method and system |
Families Citing this family (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103581897B (en) * | 2012-08-07 | 2016-08-31 | 苏州简拔林网络科技有限公司 | A kind of phone number identification system and recognition methods |
| CN102984261B (en) * | 2012-12-04 | 2015-07-08 | 中国联合网络通信集团有限公司 | Network service login method, equipment and system based on mobile telephone terminal |
| CN103812854B (en) * | 2013-08-19 | 2015-03-18 | 深圳光启创新技术有限公司 | Identity authentication system, device and method and identity authentication requesting device |
| CN104468173A (en) * | 2013-09-25 | 2015-03-25 | 江苏智软信息科技有限公司 | Software system safety design method |
| CN103607400A (en) * | 2013-11-26 | 2014-02-26 | 深圳市掌众信息技术有限公司 | Improved mobile phone identity verification method and system |
| CN104767614B (en) * | 2014-01-03 | 2019-03-05 | 中国移动通信集团浙江有限公司 | A kind of information authentication method and device |
| CN104917726B (en) * | 2014-03-12 | 2019-03-05 | 北京新媒传信科技有限公司 | The method and apparatus of authentication |
| CN103840944B (en) * | 2014-03-18 | 2017-12-22 | 昆明理工大学 | A short message authentication method, server and system |
| CN104980393B (en) * | 2014-04-02 | 2018-11-13 | 阿里巴巴集团控股有限公司 | Method of calibration, system, server and terminal |
| CN103916831A (en) * | 2014-04-21 | 2014-07-09 | 河南理工大学 | Virtual number mapping method and system |
| CN104038346B (en) * | 2014-06-24 | 2018-06-26 | 五八同城信息技术有限公司 | A kind of verification method and system |
| CN105450403B (en) | 2014-07-02 | 2019-09-17 | 阿里巴巴集团控股有限公司 | Identity identifying method, device and server |
| CN104391870B (en) * | 2014-10-27 | 2017-09-05 | 小米科技有限责任公司 | Logistics information acquisition methods and device |
| CN104320767A (en) * | 2014-11-10 | 2015-01-28 | 吴东辉 | Short message verification system and method |
| KR20160061526A (en) * | 2014-11-21 | 2016-06-01 | 주식회사 홍인터내셔날 | Dart game server, dart game device for supporting log in and computer program thereof |
| CN105095727A (en) * | 2015-05-25 | 2015-11-25 | 深圳新创客电子科技有限公司 | Device administrator permission application method, server and system |
| CN105046506A (en) * | 2015-07-14 | 2015-11-11 | 哈尔滨德邦鼎立生物科技有限公司 | Feed additive self-service querying and tracing system and method |
| CN105099708B (en) * | 2015-08-28 | 2018-05-15 | 上海亿保健康管理有限公司 | A kind of auth method |
| CN105263126B (en) * | 2015-08-31 | 2019-01-04 | 小米科技有限责任公司 | Short-message verification method, apparatus and system |
| CN105246059A (en) * | 2015-10-21 | 2016-01-13 | 中国联合网络通信集团有限公司 | Time-efficient short message processing method, short message transmitting base station and time-efficient short message processing system |
| CN106790199B (en) * | 2016-12-31 | 2020-03-06 | 中国移动通信集团江苏有限公司 | Verification code processing method and device |
| CN107196977B (en) * | 2017-07-28 | 2020-11-03 | 杭州聪普智能科技有限公司 | Safety maintenance method for smart home |
| CN107241363B (en) * | 2017-08-10 | 2020-12-18 | 青岛网信信息科技有限公司 | Method and apparatus for automatically distinguishing between computer program input and human input |
| CN107579969B (en) * | 2017-08-31 | 2020-12-01 | 江西博瑞彤芸科技有限公司 | User information acquisition method |
| CN107888656B (en) * | 2017-10-09 | 2020-11-20 | 北京京东尚科信息技术有限公司 | Calling method and calling device of server-side interface |
| CN108200049A (en) * | 2017-12-29 | 2018-06-22 | 上海上讯信息技术股份有限公司 | A kind of method logged in based on character terminal short message certification |
| CN108462687B (en) * | 2018-01-08 | 2020-02-14 | 平安科技(深圳)有限公司 | Anti-swipe login method and device, terminal device and storage medium |
| CN110278176B (en) * | 2018-03-14 | 2021-09-14 | 腾讯科技(深圳)有限公司 | Login verification method and login server |
| CN109388924A (en) * | 2018-09-30 | 2019-02-26 | 武汉斗鱼网络科技有限公司 | A kind of auth method, device, server and storage medium |
| CN109818958A (en) * | 2019-01-28 | 2019-05-28 | 西安航空学院 | A computer network intelligent monitoring system |
| CN110721926A (en) * | 2019-10-09 | 2020-01-24 | 安徽宏实光机电高科有限公司 | Background management method and system for remote communication and remote monitoring based on Ethernet |
| CN110677431A (en) * | 2019-10-14 | 2020-01-10 | 云深互联(北京)科技有限公司 | Bidirectional verification method and device |
| CN111881461A (en) * | 2020-06-12 | 2020-11-03 | 福建亿能达信息技术股份有限公司 | Equipment maintenance work division accounting method, system, equipment and medium |
| CN114363034B (en) * | 2021-12-29 | 2024-02-02 | 上海众源网络有限公司 | Verification code generation and verification method and device, electronic equipment and storage medium |
| CN114466357B (en) * | 2022-02-28 | 2024-04-19 | 重庆长安汽车股份有限公司 | Vehicle-mounted NFC card key binding system and method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1832401A (en) * | 2006-04-06 | 2006-09-13 | 陈珂 | Method for protecting safety of account number cipher |
| CN1852095A (en) * | 2005-12-23 | 2006-10-25 | 华为技术有限公司 | Method, apparatus and system for verifying internet user identity |
| CN101166091A (en) * | 2006-10-19 | 2008-04-23 | 阿里巴巴公司 | A dynamic password authentication method and service end system |
| CN101453322A (en) * | 2007-11-29 | 2009-06-10 | 王谦 | Method and system for dynamic cipher code distribution and verification |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1249972C (en) * | 2000-06-05 | 2006-04-05 | 凤凰技术有限公司 | System, methods, and software for remote password authentication using multiple servers |
| US7020645B2 (en) * | 2001-04-19 | 2006-03-28 | Eoriginal, Inc. | Systems and methods for state-less authentication |
| CA2528451A1 (en) * | 2003-06-04 | 2005-01-06 | Mastercard International Incorporated | Customer authentication in e-commerce transactions |
-
2011
- 2011-09-07 CN CN 201110264451 patent/CN102300182B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852095A (en) * | 2005-12-23 | 2006-10-25 | 华为技术有限公司 | Method, apparatus and system for verifying internet user identity |
| CN1832401A (en) * | 2006-04-06 | 2006-09-13 | 陈珂 | Method for protecting safety of account number cipher |
| CN101166091A (en) * | 2006-10-19 | 2008-04-23 | 阿里巴巴公司 | A dynamic password authentication method and service end system |
| CN101453322A (en) * | 2007-11-29 | 2009-06-10 | 王谦 | Method and system for dynamic cipher code distribution and verification |
Non-Patent Citations (2)
| Title |
|---|
| 基于短信的动态口令系统方案;毛光灿 等;《计算机工程与设计》;20070930;第28卷(第17期);第4122-4123页,第4314页 * |
| 毛光灿 等.基于短信的动态口令系统方案.《计算机工程与设计》.2007,第28卷(第17期),第4122-4123页,第4314页. |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104639505A (en) * | 2013-11-11 | 2015-05-20 | 中国移动通信集团辽宁有限公司 | Short message-based bidirectional safety authentication method and system |
| CN104639505B (en) * | 2013-11-11 | 2018-06-26 | 中国移动通信集团辽宁有限公司 | A kind of short message bidirectional safe auth method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102300182A (en) | 2011-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102300182B (en) | Short-message-based authentication method, system and device | |
| US9641521B2 (en) | Systems and methods for network connected authentication | |
| EP3346660B1 (en) | Authentication information update method and device | |
| US8893243B2 (en) | Method and system protecting against identity theft or replication abuse | |
| CN107948204B (en) | One-key login method and system, related equipment and computer readable storage medium | |
| US8438382B2 (en) | Credential management system and method | |
| CN104426659B (en) | Dynamic password formation method, authentication method and system, relevant device | |
| WO2017059741A1 (en) | Authentication method and device based on authentication device | |
| CN107612889B (en) | Method for preventing user information leakage | |
| TW201914256A (en) | Identity verification method and device, electronic equipment | |
| KR20170139093A (en) | A method for a network access device to access a wireless network access point, a network access device, an application server, and a non-volatile computer readable storage medium | |
| CN107612940A (en) | A kind of identity identifying method and authentication device | |
| RU2011153984A (en) | TRUSTED AUTHORITY ADMINISTRATOR (TIM) | |
| CN102594803B (en) | Information safety devices and server time synchronous method | |
| CN104917740B (en) | A kind of password remapping method, method of password authentication and device | |
| CN102299930A (en) | Method for ensuring security of client software | |
| CN110659467A (en) | Remote user identity authentication method, device, system, terminal and server | |
| US10277405B2 (en) | Method for updating seed data in dynamic token | |
| CN104683354A (en) | A dynamic password system based on identification | |
| CN108259445B (en) | MS Windows desktop security login system based on smart phone and login method thereof | |
| WO2012037886A1 (en) | Method and system for secure access to protected resource | |
| CN104717063A (en) | Software security protection method of mobile terminal | |
| WO2018045802A1 (en) | Login authentication and login password modification authentication methods, terminal, and server | |
| KR20170066607A (en) | Security check method, device, terminal and server | |
| CN104717649A (en) | Method for remote control over wiping of software data of mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 17th floor, building B, Huizhi building, No.9, Xueqing Road, Haidian District, Beijing 100085 Patentee after: Feitian Technologies Co.,Ltd. Country or region after: China Address before: 100085 17th floor, block B, Huizhi building, No.9 Xueqing Road, Haidian District, Beijing Patentee before: Feitian Technologies Co.,Ltd. Country or region before: China |
|
| CP03 | Change of name, title or address | ||
| OL01 | Intention to license declared | ||
| OL01 | Intention to license declared |