CN104079581B - Identity identifying method and equipment - Google Patents
Identity identifying method and equipment Download PDFInfo
- Publication number
- CN104079581B CN104079581B CN201410340397.9A CN201410340397A CN104079581B CN 104079581 B CN104079581 B CN 104079581B CN 201410340397 A CN201410340397 A CN 201410340397A CN 104079581 B CN104079581 B CN 104079581B
- Authority
- CN
- China
- Prior art keywords
- certification end
- security server
- phone number
- key
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention provides identity identifying method and equipment.The embodiment of the present invention receives the authentication information that service server sends by security server, the authentication information includes the phone number of identifying code and user to be certified, and then according to the phone number, obtain key corresponding with the phone number, using the key, the identifying code is encrypted, to obtain encrypted authentication information, enable that the security server sends the encrypted authentication information to the service server, to cause that the service server sends the encrypted authentication information according to the phone number with short message, because the content of identifying code is no longer plaintext, even if so that being intercepted and captured by lawless person, still identifying code cannot be decrypted, account safety problem caused by can avoiding being revealed due to identifying code, so as to improve the reliability of authentication.
Description
【Technical field】
The present invention relates to verification technique, more particularly to identity identifying method and equipment.
【Background technology】
With the development of the communication technology, terminal is integrated with increasing function, so that the systemic-function row of terminal
More and more corresponding applications (Application, APP) are contained in table.Terminal run these apply when, in certain situation
Under, for example, situations such as being paid is, it is necessary to the identifying code sent with short message using short message verification code, carries out authentication.
However, because the content of short message verification code is plaintext, after being intercepted and captured by lawless person, it is easy to utilize the short message
Identifying code successfully completes authentication, so as to result in the reduction of the reliability of authentication.
【The content of the invention】
Many aspects of the invention provide identity identifying method and equipment, are used to improve the reliability of authentication.
A kind of an aspect of of the present present invention, there is provided identity identifying method, including:
Security server receives the authentication information that service server sends, and the authentication information includes identifying code
With the phone number of user to be certified;
The security server obtains key corresponding with the phone number according to the phone number;
The security server utilizes the key, and the identifying code is encrypted, to obtain encrypted authentication letter
Breath;
The security server sends the encrypted authentication information to the service server, to cause the business service
Device sends the encrypted authentication information according to the phone number with short message.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, the safety clothes
Business device before obtaining key corresponding with the phone number, also includes according to the phone number:
The security server receives the first cryptographic Hash that certification end is sent with short message, and first cryptographic Hash is described
Certification end carries out Hash behaviour to the end message of the key, the identification information of the certification end and place terminal of random generation
Obtain;
The security server receives the certification end and is based on the key, the mark of the certification end that HTTPS sends
Information and the end message;
The security server carries out the Kazakhstan to the key, the identification information of the certification end and the end message
Uncommon operation, to obtain the second cryptographic Hash;
If second cryptographic Hash is consistent with first cryptographic Hash, the security server is to according to the short message institute
The phone number and the key, the identification information of the certification end and the end message for obtaining, are bound, with life
Into the corresponding relation of the phone number and the key, the identification information of the certification end and the end message.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, methods described is also
Including:
If second cryptographic Hash is consistent with first cryptographic Hash, the security server sends the to the certification end
One configured information, to indicate to set gesture password;
The security server is interacted with the certification end, to set the gesture password of the certification end.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, methods described is also
Including:
If second cryptographic Hash is consistent with first cryptographic Hash, the security server sends the to the certification end
Two configured informations, to indicate to verify gesture password;
The security server is interacted with the certification end, to verify the gesture password of the certification end.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, the identity is recognized
Card information also includes the service identification corresponding to the service server;The security server is obtained according to the phone number
Key corresponding with the phone number is obtained, including:
The security server obtains security configuration information corresponding with the phone number according to the phone number;
The security server obtains safety corresponding with the service identification and indicates letter according to the security configuration information
Breath;
If the safe configured information is the first safety indicating, the security server is obtained according to the phone number
Key corresponding with the phone number.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, methods described is also
Including:
If the safe configured information is the second safety indicating, the security server sends institute to the service server
State identifying code.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, the safety clothes
Business device before obtaining security configuration information corresponding with the phone number, also includes according to the phone number:
The security server receives the certification end and is based on the identification information of the certification end that HTTPS sends and described
Security configuration information;
The security server is obtained corresponding with the identification information of the certification end according to the identification information of the certification end
The phone number;
The security server is bound to the phone number and the security configuration information, to generate the mobile phone
The corresponding relation of number and security configuration information.
A kind of another aspect of the present invention, there is provided identity identifying method, including:
Certification end is breathed out by the end message of the key, the identification information of the certification end and place terminal of random generation
Uncommon operation, to obtain the first cryptographic Hash;
The certification end sends first cryptographic Hash with short message to security server;
The certification end is based on HTTPS, and the identification information of the key, the certification end is sent to the security server
With the end message, with cause the security server to the key, the identification information of the certification end and the terminal
Information carries out the hashing operation, to obtain the second cryptographic Hash;If second cryptographic Hash is consistent with first cryptographic Hash, institute
The phone number of the security server to being obtained according to the short message is stated to believe with the mark of the key, the certification end
Breath and the end message, are bound, with generate the phone number and the key, the identification information of the certification end and
The corresponding relation of the end message.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, the certification end
Based on HTTPS, to the security server send the key, the identification information of the certification end and the end message it
Afterwards, also include:
The certification end receives the first configured information that the security server sends, to indicate to set gesture password, institute
If it is that second cryptographic Hash security server consistent with first cryptographic Hash sends to state the first configured information;
The certification end interacts with the security server, to set the gesture password of the certification end.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, the certification end
Based on HTTPS, to the security server send the key, the identification information of the certification end and the end message it
Afterwards, also include:
The certification end receives the second configured information that the security server sends, to indicate to verify gesture password, institute
If it is that second cryptographic Hash security server consistent with first cryptographic Hash sends to state the first configured information;
The certification end interacts with the security server, to verify the gesture password of the certification end.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, the certification end
Based on HTTPS, to the security server send the key, the identification information of the certification end and the end message it
Afterwards, also include:
The certification end is based on HTTPS, and the identification information and the peace of the certification end are sent to the security server
Full configuration information, to cause that the security server, according to the identification information of the certification end, obtains the mark with the certification end
The corresponding phone number of knowledge information, binds to the phone number and the security configuration information, described to generate
The corresponding relation of phone number and security configuration information.
A kind of another aspect of the present invention, there is provided identity identifying method, including:
Certification end receives the encrypted authentication information that service server sends;
The certification end is decrypted treatment, to obtain identifying code using the key of storage to the encrypted authentication information;
The certification end represents the identifying code.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, the certification end
Represent the identifying code, including:
The certification end represents the identifying code with graphic form.
A kind of another aspect of the present invention, there is provided ID authentication device, including:
Receiving unit, the authentication information for receiving service server transmission, the authentication information includes testing
Card code and the phone number of user to be certified;
Obtaining unit, for according to the phone number, obtaining key corresponding with the phone number;
Ciphering unit, for utilizing the key, is encrypted to the identifying code, to obtain encrypted authentication letter
Breath;
Transmitting element, for sending the encrypted authentication information to the service server, to cause the business service
Device sends the encrypted authentication information according to the phone number with short message.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, the equipment is also
Including hash units and binding unit;Wherein,
The receiving unit, is additionally operable to receive the first cryptographic Hash that certification end is sent with short message, first cryptographic Hash
For the certification end is carried out to the end message of the key, the identification information of the certification end and place terminal of random generation
Hashing operation is obtained;
The receiving unit, is additionally operable to receive the certification end and is based on the key, the certification end that HTTPS sends
Identification information and the end message;
The hash units, for carrying out institute to the key, the identification information of the certification end and the end message
Hashing operation is stated, to obtain the second cryptographic Hash;
The binding unit, if consistent with first cryptographic Hash for second cryptographic Hash, to short being disappeared according to described
The phone number and the key, the identification information of the certification end and the end message that breath is obtained, are bound,
To generate the corresponding relation of the phone number and the key, the identification information of the certification end and the end message.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, the equipment is also
Including gesture unit;Wherein,
The transmitting element, if it is consistent with first cryptographic Hash to be additionally operable to second cryptographic Hash, to the certification end
The first configured information is sent, to indicate to set gesture password;
The setting unit, for being interacted with the certification end, to set the gesture password of the certification end.
Aspect as described above and any possible implementation, it is further provided a kind of implementation,
The transmitting element, if it is consistent with first cryptographic Hash to be additionally operable to second cryptographic Hash, to the certification end
The second configured information is sent, to indicate to verify gesture password;
The gesture unit, is additionally operable to be interacted with the certification end, to verify the gesture password of the certification end.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, the identity is recognized
Card information also includes the service identification corresponding to the service server;The obtaining unit, specifically for
According to the phone number, security configuration information corresponding with the phone number is obtained;
According to the security configuration information, safe configured information corresponding with the service identification is obtained;And
If the safe configured information is the first safety indicating, according to the phone number, obtain and the phone number
Corresponding key.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, the transmission list
Unit, is additionally operable to
If the safe configured information is the second safety indicating, the identifying code is sent to the service server.
Aspect as described above and any possible implementation, it is further provided a kind of implementation,
The receiving unit, is additionally operable to receive the identification information that the certification end is based on the certification end that HTTPS sends
With the security configuration information;
The obtaining unit, is additionally operable to the identification information according to the certification end, obtains and believes with the mark of the certification end
Cease the corresponding phone number;
The binding unit, is additionally operable to bind the phone number and the security configuration information, to generate
State the corresponding relation of phone number and security configuration information.
A kind of another aspect of the present invention, there is provided ID authentication device, including:
Hash units, for the end of the key, the identification information of the certification end and place terminal to random generation
Client information carries out hashing operation, to obtain the first cryptographic Hash;
Transmitting element, for short message, first cryptographic Hash being sent to security server;
The transmitting element, is additionally operable to, based on HTTPS, the key, the certification end be sent to the security server
Identification information and the end message, with cause the security server to the key, the identification information of the certification end
The hashing operation is carried out with the end message, to obtain the second cryptographic Hash;If second cryptographic Hash is breathed out with described first
Uncommon value is consistent, the security server to the phone number that is obtained according to the short message and the key, described recognize
The identification information and the end message at end are demonstrate,proved, is bound, to generate the phone number with the key, the certification end
Identification information and the end message corresponding relation.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, the equipment is also
Including:
Receiving unit, for receiving the first configured information that the security server sends, to indicate to set gesture password,
If first configured information is second cryptographic Hash, the security server consistent with first cryptographic Hash sends;
Gesture unit, for being interacted with the security server, to set the gesture password of the certification end.
Aspect as described above and any possible implementation, it is further provided a kind of implementation,
The receiving unit, is additionally operable to receive the second configured information that the security server sends, to indicate to verify hand
Gesture password, if first configured information is second cryptographic Hash security server hair consistent with first cryptographic Hash
Send;
The gesture unit, is additionally operable to be interacted with the security server, close with the gesture for verifying the certification end
Code.
Aspect as described above and any possible implementation, it is further provided a kind of implementation,
The transmitting element, is additionally operable to be sent to the security server based on HTTPS the identification information of the certification end
With the security configuration information, to cause the security server according to the identification information of the certification end, acquisition is recognized with described
The phone number corresponding to the identification information at end is demonstrate,proved, the phone number and the security configuration information are bound, with
Generate the corresponding relation of the phone number and security configuration information.
A kind of another aspect of the present invention, there is provided ID authentication device, including:
Receiving unit, the encrypted authentication information for receiving service server transmission;
Decryption unit, for the key using storage, is decrypted treatment, to be verified to the encrypted authentication information
Code;
Represent unit, for representing the identifying code.
Aspect as described above and any possible implementation, it is further provided a kind of implementation, it is described to represent list
Unit, specifically for
With graphic form, represent the identifying code.
As shown from the above technical solution, on the one hand, the embodiment of the present invention receives service server and sends out by security server
The authentication information sent, the authentication information includes the phone number of identifying code and user to be certified, and then according to institute
Phone number is stated, key corresponding with the phone number is obtained, using the key, place is encrypted to the identifying code
Reason, to obtain encrypted authentication information so that the security server can send the encrypted authentication to the service server
Information, to cause that the service server sends the encrypted authentication information according to the phone number with short message, due to testing
Demonstrate,prove code content be no longer plaintext so that even if being intercepted and captured by lawless person, still cannot decrypt identifying code, can avoid by
The account safety problem caused by identifying code leakage, so as to improve the reliability of authentication.
As shown from the above technical solution, on the other hand, the embodiment of the present invention passes through key, institute of the certification end to random generation
The end message of the identification information and place terminal of stating certification end carries out hashing operation, to obtain the first cryptographic Hash, and then with short
Message, first cryptographic Hash is sent to security server so that the certification end can be based on HTTPS, to the safety clothes
Business device sends the key, the identification information of the certification end and the end message, and so, the security server then can be with
The hashing operation is carried out to the key, the identification information of the certification end and the end message, to obtain the second Hash
Value, if second cryptographic Hash is consistent with first cryptographic Hash, the security server according to the short message to being obtained
The phone number and the key, the identification information of the certification end and the end message, bound, to generate
The corresponding relation of phone number and the key, the identification information of the certification end and the end message is stated, because key can
For the identifying code generated bound in encryption service server, therefore, the content of identifying code is no longer plaintext so that even if
Intercepted and captured by lawless person, still cannot decrypt identifying code, account safety is asked caused by can avoiding being revealed due to identifying code
Topic, so as to improve the reliability of authentication.
As shown from the above technical solution, on the other hand, the embodiment of the present invention receives service server and sends by certification end
Encrypted authentication information, and then using storage key, treatment is decrypted to the encrypted authentication information, to be verified
Code so that the certification end can represent the identifying code, because the content of identifying code is no longer plaintext so that even if by not
Method molecule is intercepted and captured, and still cannot decrypt identifying code, account safety problem caused by can avoiding being revealed due to identifying code, from
And improve the reliability of authentication.
【Brief description of the drawings】
Technical scheme in order to illustrate more clearly the embodiments of the present invention, below will be to embodiment or description of the prior art
Needed for the accompanying drawing to be used be briefly described, it should be apparent that, drawings in the following description are some realities of the invention
Example is applied, for those of ordinary skill in the art, without having to pay creative labor, can also be attached according to these
Figure obtains other accompanying drawings.
A kind of schematic flow sheet of identity identifying method that Fig. 1 is provided for one embodiment of the invention;
The schematic flow sheet of another identity identifying method that Fig. 2 is provided for another embodiment of the present invention;
The schematic flow sheet of another identity identifying method that Fig. 3 is provided for another embodiment of the present invention;
The flow of certification end initialization is illustrated in another identity identifying method that Fig. 4 is provided for another embodiment of the present invention
Figure;
The flow of identifying code treatment is illustrated in another identity identifying method that Fig. 5 is provided for another embodiment of the present invention
Figure;
A kind of structural representation of ID authentication device that Fig. 6 is provided for another embodiment of the present invention;
The structural representation of another ID authentication device that Fig. 7 is provided for another embodiment of the present invention;
The structural representation of another ID authentication device that Fig. 8 is provided for another embodiment of the present invention;
A kind of structural representation of ID authentication device that Fig. 9 is provided for another embodiment of the present invention;
The structural representation of another ID authentication device that Figure 10 is provided for another embodiment of the present invention;
The structural representation of another ID authentication device that Figure 11 is provided for another embodiment of the present invention.
【Specific embodiment】
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
It should be noted that terminal involved in the embodiment of the present invention can include but is not limited to mobile phone, individual digital
Assistant (Personal Digital Assistant, PDA), radio hand-held equipment, wireless networking sheet, PC, portable electricity
Brain, MP3 player, MP4 players etc..
In addition, the terms "and/or", a kind of only incidence relation for describing affiliated partner, expression there may be
Three kinds of relations, for example, A and/or B, can represent:Individualism A, while there is A and B, individualism B these three situations.Separately
Outward, character "/" herein, typicallys represent forward-backward correlation pair as if a kind of relation of "or".
A kind of schematic flow sheet of identity identifying method that Fig. 1 is provided for one embodiment of the invention, as shown in Figure 1.
101st, security server receives the authentication information that service server sends, and the authentication information includes testing
Card code and the phone number of user to be certified.
102nd, the security server obtains key corresponding with the phone number according to the phone number.
103rd, the security server utilizes the key, and the identifying code is encrypted, and is tested with obtaining encryption
Card information.
104th, the security server sends the encrypted authentication information to the service server, to cause the business
Server sends the encrypted authentication information according to the phone number with short message.
It should be noted that 101~104 executive agent is security server, network side is may be located at.
In the present embodiment, user can carry out the business that the application is provided by application.In some cases, for example,
Situations such as being paid using short message verification code, it is necessary to carry out authentication.Service server is according to the identifying code for pre-setting
Generation strategy, is that user generates identifying code for carrying out authentication.Now, service server is no longer directly with short message,
Identifying code is sent to the terminal that user to be certified is used, but the phone number of identifying code and user to be certified is sent to
Security server.
So, the authentication information that service server sends, the authentication information are received by security server
Phone number including identifying code and user to be certified, and then according to the phone number, obtain corresponding with the phone number
Key, using the key, the identifying code is encrypted, to obtain encrypted authentication information so that the safety
Server can send the encrypted authentication information to the service server, to cause the service server according to the hand
Machine number sends the encrypted authentication information with short message, because the content of identifying code is no longer plaintext so that even if by not
Method molecule is intercepted and captured, and still cannot decrypt identifying code, account safety problem caused by can avoiding being revealed due to identifying code, from
And improve the reliability of authentication.
Alternatively, in a possible implementation of the present embodiment, before 102, the security server may be used also
Further to receive the first cryptographic Hash that certification end is sent with short message, first cryptographic Hash is the certification end to random raw
Into the end message of the key, the identification information of the certification end and place terminal carry out hashing operation acquisition, Yi Jijie
Receive the certification end and be based on Secure Hypertext Transfer Protocol (Hypertext Transfer Protocol over Secure
Socket Layer, HTTPS) key, the identification information of the certification end and the end message that send.Wherein, institute
State the hashing operation that certification end is used, can include but is not limited to MD5, SHA1 or CRC32 scheduling algorithm, the present embodiment to this not
It is particularly limited.Then, the security server then can be to the key, the identification information of the certification end and the end
Client information carries out the hashing operation, to obtain the second cryptographic Hash.If second cryptographic Hash is consistent with first cryptographic Hash,
The security server then can be to the phone number obtained according to the short message and the key, the certification end
Identification information and the end message, bound, to generate the phone number with the key, the mark of the certification end
The corresponding relation of knowledge information and the end message, so that the security server is according to the corresponding relation, obtains and the hand
The corresponding key of machine number.Wherein, the hashing operation that the security server is used, the Hash used with the certification end
Operation, is identical hashing operation, can include but is not limited to MD5, SHA1 or CRC32 scheduling algorithm, and the present embodiment does not enter to this
Row is particularly limited to.
Wherein, the end message can include but is not limited to international mobile subscriber identity (International
Mobile Subscriber Identity, IMSI) and International Mobile Equipment Identity identification code (International Mobile
Equipment Identity, IMEI) at least one.
It should be noted that because time parameter has standard and uniqueness so that lawless person is not readily available and works as
Preceding time, the key, the identification information of the certification end and place that the certification end can also further to random generation
The end message of terminal, and temporal information carries out hashing operation together, to obtain the first cryptographic Hash.Correspondingly, certification end is also
First cryptographic Hash can be sent to security server further with short message, and will be described close based on HTTPS
Key, the identification information of the certification end and the end message, and temporal information are sent to security server, for the peace
Full server then can be to the key, the identification information of the certification end and the end message, and temporal information is together
Hashing operation is carried out, to obtain the second cryptographic Hash.
In the present embodiment, the key that certification end generates at random, for example, it may be string sequence for 128 bits etc., at some
In the case of, security server can also be updated operation to the key.Specifically, certification end specifically can based on HTTPS to
Security server sends the end of the key, the identification information of the certification end and place terminal that the certification end generates at random
Client information.Then, the security server then can be to the key, the identification information of the certification end and the end message
The hashing operation is carried out, to obtain the second cryptographic Hash.If received when second cryptographic Hash is with initialization described first
Cryptographic Hash is consistent, and the security server then can be according to the renewal rule for pre-setting for example, during the use of existing key
Between exceed and specify time etc., generate new key, and be sent to certification end.So, certification end can then utilize the new key,
The key of random generation before replacing it, to realize key updating.
It is understood that the identification information of the certification end is security server to be used to recognize certification end, if peace
Entirely between server and certification end, using the HTTPS based on the key corresponding to certification end, transmitting subscriber information, due to being based on
Escape way corresponding to the HTTPS of the key corresponding to certification end is one-to-one with certification end, therefore, certification end then without
The identification information of certification end need to be sent to security server.
It should be noted that the certification end, can be with plug-in unit or SDK (Software
Development Kit, SDK) etc. form be arranged on local application (Application, App) for example, in Alipay, or
Can also be arranged in terminal with single application program (nativeAPP).
It is understood that local application can be mounted in the application program (nativeAPP) in terminal, or also
Can be a webpage (webAPP) of the browser in terminal, as long as can realize that the objective reality form that business is provided all may be used
So that the present embodiment is not defined to this.
Still optionally further, if second cryptographic Hash is consistent with first cryptographic Hash, the security server then may be used
The first configured information is sent with to the certification end, to indicate to set gesture password.Then, the security server is recognized with described
Card end interacts, to set the gesture password of the certification end.
Specifically, if second cryptographic Hash is consistent with first cryptographic Hash, the security server is according to the electricity
Words number, determines that user, to use certification end first, for example, user downloads for the first time installs certification end, and begins to use, and then
The first configured information is sent to the certification end, to indicate to set gesture password.
So, certification end gathers the gesture of user input, and gesture password is generated according to gesture, and then according to gesture password,
Generate the cryptographic Hash of gesture password.Certification end can then be based on the Hash that HTTPS sends the gesture password to security server
Value, to cause that the security server, to phone number and the cryptographic Hash of the gesture password, is bound, to generate the hand
Machine number and the corresponding relation of the cryptographic Hash of the gesture password, so that the security server utilizes the corresponding relation, are carried out
The gesture checking of the certification end.
Further, certification end further by the contact number of user input can also be sent to safety based on HTTPS
Server, the security server is bound to the cryptographic Hash of phone number and the gesture password, and contact number,
To generate the phone number and the cryptographic Hash of the gesture password, the corresponding relation of contact number, for the safety clothes
Business device utilizes the corresponding relation, and the gesture password for carrying out the certification end resets.
The gesture password of certification end is set by security server so that even if lawless person is obtained in that carries certification
The terminal at end, cannot also start certification end, to use the encrypted authentication information transmitted by the decryption services server of certification end, can
Effectively improve the reliability of authentication.
In the present embodiment, the gesture password of the certification end set by certification end, user can also be actively close to the gesture
Code is updated operation.Specifically, certification end can specifically send the identification information and hand of the certification end to security server
Gesture resets and indicates.And then, the security server can then be obtained and the certification end according to the identification information of the certification end
Contact number corresponding to identification information.Then, the security server then can be according to the contact number, will be random
The new key of generation, is transmitted with short message.User can be input into terminal institute corresponding to contact number in certification end
The identifying code for representing, and certification end gathers the new gesture of user input, and new gesture password is generated according to new gesture, enters
And according to new gesture password, generate the cryptographic Hash of new gesture password.Certification end then can be based on HTTPS to security server
The cryptographic Hash of the identifying code and the new gesture password is sent, to cause that the security server is carried out to the identifying code
After being verified, to phone number and the cryptographic Hash of the new gesture password, bound, to generate the phone number
With the corresponding relation of the cryptographic Hash of the new gesture password, so that the security server utilizes the corresponding relation, institute is carried out
State the gesture checking of certification end.
It is understood that the identification information of the certification end is security server to be used to recognize certification end, if peace
It is complete that, using the HTTPS based on the key corresponding to certification end, transmission gesture resets and indicates between server and certification end, due to
Escape way corresponding to HTTPS based on the key corresponding to certification end is one-to-one with certification end, therefore, certification end
Then without the identification information to security server transmission certification end.
Still optionally further, if second cryptographic Hash is consistent with first cryptographic Hash, the security server then may be used
The second configured information is sent with to the certification end, to indicate to verify gesture password.Then, the security server is recognized with described
Card end interacts, to verify the gesture password of the certification end.
Specifically, if second cryptographic Hash is consistent with first cryptographic Hash, the security server is according to the electricity
Words number, determines that user uses certification end first for non-, for example, user once unloads certification end, downloads again and installs or weigh
It is new that certification end is installed, and begin to use, and then the second configured information is sent to the certification end, to indicate to verify gesture password.
So, certification end gathers the gesture of user input, and gesture password is generated according to gesture, and then according to gesture password,
Generate the cryptographic Hash of gesture password.Certification end can then be based on the Hash that HTTPS sends the gesture password to security server
Value, to cause that the security server is right with the cryptographic Hash of the gesture password using the phone number of bound generation
Should be related to, to the cryptographic Hash of the gesture password, be verified.
The gesture password of certification end is set by security server so that even if lawless person is obtained in that carries certification
The terminal at end, cannot also start certification end, to use the encrypted authentication information transmitted by the decryption services server of certification end, can
Effectively improve the reliability of authentication.
Alternatively, in a possible implementation of the present embodiment, in 101, the institute that security server is received
State authentication information and can further include service identification corresponding to the service server, for example, the mark of Alipay
Knowledge, mark of China Merchants Bank etc..Correspondingly, in 102, the security service implement body can be obtained according to the phone number
Security configuration information corresponding with the phone number, the security configuration information can include but is not limited to service identification and
Safe configured information.Wherein, first safety is indicated, for indicating to have turned on identifying code encryption function;Second safety
Indicate, for indicating non-open-authentication code encryption function.And then, the security server is obtained according to the security configuration information
Obtain safe configured information corresponding with the service identification.If the safe configured information is the first safety indicating, the safety
Server then can obtain key corresponding with the phone number according to the phone number.Wherein, described first refers to safely
Show, for indicating to have turned on identifying code encryption function.
Still optionally further, if the safe configured information be second safety indicate, the security server then directly to
The service server sends the identifying code, no longer carries out any operation to identifying code.Wherein, second safety is indicated,
For indicating non-open-authentication code encryption function.
Still optionally further, the security server obtain corresponding with phone number security configuration information it
Before, the identification information and the safety that can also further receive the certification end that the certification end is sent based on HTTPS are matched somebody with somebody
Confidence ceases, and then according to the identification information of the certification end, obtains the mobile phone corresponding with the identification information of the certification end
Number.Then, the security server can then be bound to the phone number and the security configuration information, to generate
The corresponding relation of the phone number and security configuration information, so that the security server is according to the corresponding relation, obtain with
The corresponding security configuration information of the phone number.Specifically, the security configuration information can include but is not limited to business mark
Know and safe configured information.Wherein, first safety is indicated, for indicating to have turned on identifying code encryption function;Described second
Safety is indicated, for indicating non-open-authentication code encryption function.
It is understood that the identification information of the certification end is security server to be used to recognize certification end, if peace
It is complete, using the HTTPS based on the key corresponding to certification end, to transmit security configuration information between server and certification end, due to
Escape way corresponding to HTTPS based on the key corresponding to certification end is one-to-one with certification end, therefore, certification end
Then without the identification information to security server transmission certification end.
It is understood that key involved in the present embodiment, in the storage mode of certification end, can use various sides
Formula, the present embodiment is not particularly limited to this.
For example, to the key of the random generation in certification end, being encrypted, then store in certification end.It is close for encrypting
The AES of key, can be realized in the form of C/C++ language development SO expansion modules.Specifically can will be used for encryption key
Key, segmentation breaks up, and stores in SO expansion modules.For the key of encryption key, can be with the end message of terminal
It is associated, is unique with the key for ensureing each terminal.
In the present embodiment, the authentication information that service server sends is received by security server, the identity is recognized
Card information includes the phone number of identifying code and user to be certified, and then according to the phone number, obtains and the cell-phone number
The corresponding key of code, using the key, is encrypted, to obtain encrypted authentication information so that institute to the identifying code
Stating security server can send the encrypted authentication information to the service server, with cause the service server according to
The phone number sends the encrypted authentication information with short message, because the content of identifying code is no longer plaintext so that i.e.
Make to be intercepted and captured by lawless person, still cannot decrypt identifying code, account safety caused by can avoiding being revealed due to identifying code
Problem, so as to improve the reliability of authentication.
The schematic flow sheet of another identity identifying method that Fig. 2 is provided for another embodiment of the present invention, as shown in Figure 2.
201st, certification end is entered to the end message of the key, the identification information of the certification end and place terminal of random generation
Row hashing operation, to obtain the first cryptographic Hash.
Wherein, the hashing operation that the certification end is used, can include but is not limited to the calculation such as MD5, SHA1 or CRC32
Method, the present embodiment is not particularly limited to this.
Wherein, the end message can include but is not limited to international mobile subscriber identity (International
Mobile Subscriber Identity, IMSI) and International Mobile Equipment Identity identification code (International Mobile
Equipment Identity, IMEI) at least one.
202nd, the certification end sends first cryptographic Hash with short message to security server.
203rd, the certification end is based on HTTPS, and the mark of the key, the certification end is sent to the security server
Information and the end message, to cause the security server to the key, the identification information of the certification end and described
End message carries out the hashing operation, to obtain the second cryptographic Hash;If second cryptographic Hash and first cryptographic Hash one
Cause, the security server is to the phone number that is obtained according to the short message and the key, the certification end
Identification information and the end message, are bound, to generate the phone number with the key, the mark of the certification end
The corresponding relation of information and the end message.
Wherein, the hashing operation that the security server is used, the hashing operation used with the certification end is phase
Same hashing operation, can include but is not limited to MD5, SHA1 or CRC32 scheduling algorithm, and the present embodiment is not limited especially this
It is fixed.
It should be noted that 201~203 executive agent authentication authorization and accounting end, can be with plug-in unit or SDK
Forms such as (Software Development Kit, SDK) is arranged on local application (Application, App) for example, branch
Fu Baozhong, or can also be arranged in terminal with single application program (nativeAPP).
It is understood that local application can be mounted in the application program (nativeAPP) in terminal, or also
Can be a webpage (webAPP) of the browser in terminal, as long as can realize that the objective reality form that business is provided all may be used
So that the present embodiment is not defined to this.
So, the terminal of the key, the identification information of the certification end and place terminal by certification end to generating at random
Information carries out hashing operation, to obtain the first cryptographic Hash, and then with short message, first Hash is sent to security server
Value so that the certification end can be based on HTTPS, and the mark of the key, the certification end is sent to the security server
Information and the end message, so, the security server then can to the key, the identification information of the certification end and
The end message carries out the hashing operation, to obtain the second cryptographic Hash, if second cryptographic Hash and first Hash
Value is consistent, and the security server is to the phone number obtained according to the short message and the key, the certification
The identification information at end and the end message, are bound, to generate the phone number and the key, the certification end
The corresponding relation of identification information and the end message, by key can be used for encrypting the checking that service server is generated
Code, therefore, the content of identifying code is no longer plaintext so that even if being intercepted and captured by lawless person, still cannot decrypt identifying code,
Account safety problem caused by can avoiding being revealed due to identifying code, so as to improve the reliability of authentication.
Alternatively, in a possible implementation of the present embodiment, after 203, the certification end can also be entered
One step receives the first configured information that the security server sends, to indicate to set gesture password, first configured information
If for second cryptographic Hash security server consistent with first cryptographic Hash sends.Then, the certification end and institute
State security server to interact, to set the gesture password of the certification end.
Specifically, if second cryptographic Hash is consistent with first cryptographic Hash, the security server is according to the electricity
Words number, determines that user, to use certification end first, for example, user downloads for the first time installs certification end, and begins to use, and then
The first configured information is sent to the certification end, to indicate to set gesture password.
So, certification end gathers the gesture of user input, and gesture password is generated according to gesture, and then according to gesture password,
Generate the cryptographic Hash of gesture password.Certification end can then be based on the Hash that HTTPS sends the gesture password to security server
Value, to cause that the security server, to phone number and the cryptographic Hash of the gesture password, is bound, to generate the hand
Machine number and the corresponding relation of the cryptographic Hash of the gesture password, so that the security server utilizes the corresponding relation, are carried out
The gesture checking of the certification end.
The gesture password of certification end is set by security server so that even if lawless person is obtained in that carries certification
The terminal at end, cannot also start certification end, to use the encrypted authentication information transmitted by the decryption services server of certification end, can
Effectively improve the reliability of authentication.
Alternatively, in a possible implementation of the present embodiment, after 203, the certification end can also be entered
One step receives the second configured information that the security server sends, to indicate to verify gesture password, first configured information
If for second cryptographic Hash security server consistent with first cryptographic Hash sends.Then, the certification end and institute
State security server to interact, to verify the gesture password of the certification end.
Specifically, if second cryptographic Hash is consistent with first cryptographic Hash, the security server is according to the electricity
Words number, determines that user uses certification end first for non-, for example, user once unloads certification end, downloads again and installs or weigh
It is new that certification end is installed, and begin to use, and then the second configured information is sent to the certification end, to indicate to verify gesture password.
So, certification end gathers the gesture of user input, and gesture password is generated according to gesture, and then according to gesture password,
Generate the cryptographic Hash of gesture password.Certification end can then be based on the Hash that HTTPS sends the gesture password to security server
Value, to cause that the security server is right with the cryptographic Hash of the gesture password using the phone number of bound generation
Should be related to, to the cryptographic Hash of the gesture password, be verified.
The gesture password of certification end is set by security server so that even if lawless person is obtained in that carries certification
The terminal at end, cannot also start certification end, to use the encrypted authentication information transmitted by the decryption services server of certification end, can
Effectively improve the reliability of authentication.
Alternatively, in a possible implementation of the present embodiment, after 203, the certification end can also be entered
One step is based on HTTPS, and the identification information and the security configuration information of the certification end are sent to the security server, so that
The security server according to the identification information of the certification end, obtain it is corresponding with the identification information of the certification end described in
Phone number, binds to the phone number and the security configuration information, is matched somebody with somebody with safety with generating the phone number
The corresponding relation of confidence breath, so that the security server is according to the corresponding relation, obtains peace corresponding with the phone number
Full configuration information.
The security configuration information can include but is not limited to service identification and safe configured information.Wherein, described first
Safety is indicated, for indicating to have turned on identifying code encryption function;Second safety is indicated, for indicating non-open-authentication code to add
Close function.
So, the security server according to the security configuration information, and then can just be sent out in conjunction with service server
Service identification in the authentication information sent corresponding to the included service server, obtains and the service identification
Corresponding safe configured information.If the safe configured information is the first safety indicating, the security server then can basis
The phone number, obtains key corresponding with the phone number.Wherein, first safety is indicated, for indicating to have opened
Open identifying code encryption function.The security server can utilize the key, and the identifying code that service server sends is carried out
Encryption, to obtain encrypted authentication information so that the security server can send described adding to the service server
Close checking information, to cause that the service server sends the encrypted authentication information according to the phone number with short message.
It is understood that the identification information of the certification end is security server to be used to recognize certification end, if peace
It is complete, using the HTTPS based on the key corresponding to certification end, to transmit security configuration information between server and certification end, due to
Escape way corresponding to HTTPS based on the key corresponding to certification end is one-to-one with certification end, therefore, certification end
Then without the identification information to security server transmission certification end.
It is understood that key involved in the present embodiment, in the storage mode of certification end, can use various sides
Formula, the present embodiment is not particularly limited to this.
For example, to the key of the random generation in certification end, being encrypted, then store in certification end.It is close for encrypting
The AES of key, can be realized in the form of C/C++ language development SO expansion modules.Specifically can will be used for encryption key
Key, segmentation breaks up, and stores in SO expansion modules.For the key of encryption key, can be with the end message of terminal
It is associated, is unique with the key for ensureing each terminal.
In the present embodiment, by certification end to the random key for generating, the identification information of the certification end and place terminal
End message carry out hashing operation, to obtain the first cryptographic Hash, and then with short message, described first is sent to security server
Cryptographic Hash so that the certification end can be based on HTTPS, the key, the certification end are sent to the security server
Identification information and the end message, so, the security server can be then believed the mark of the key, the certification end
Breath and the end message carry out the hashing operation, to obtain the second cryptographic Hash, if second cryptographic Hash and described first
Cryptographic Hash is consistent, and the security server is to the phone number that is obtained according to the short message and the key, described
The identification information of certification end and the end message, are bound, to generate the phone number with the key, the certification
The corresponding relation of the identification information at end and the end message, by key can be used for encrypting testing of being generated of service server
Card code, therefore, the content of identifying code is no longer plaintext so that even if being intercepted and captured by lawless person, still cannot decrypt checking
Code, account safety problem caused by can avoiding being revealed due to identifying code, so as to improve the reliability of authentication.
The schematic flow sheet of another identity identifying method that Fig. 3 is provided for another embodiment of the present invention, as shown in Figure 3.
301st, certification end receives the encrypted authentication information that service server sends.
302nd, the certification end is decrypted treatment, to be tested using the key of storage to the encrypted authentication information
Card code.
303rd, the certification end represents the identifying code.
It should be noted that 301~303 executive agent authentication authorization and accounting end, can be with plug-in unit or SDK
Forms such as (Software Development Kit, SDK) is arranged on local application (Application, App) for example, branch
Fu Baozhong, or can also be arranged in terminal with single application program (nativeAPP).
It is understood that local application can be mounted in the application program (nativeAPP) in terminal, or also
Can be a webpage (webAPP) of the browser in terminal, as long as can realize that the objective reality form that business is provided all may be used
So that the present embodiment is not defined to this.
So, the encrypted authentication information that service server sends is received by certification end, and then using the key of storage, it is right
The encrypted authentication information is decrypted treatment, to obtain identifying code so that the certification end can represent the identifying code, by
In the content of identifying code be no longer plaintext so that even if being intercepted and captured by lawless person, still cannot decrypt identifying code, can keep away
Account safety problem caused by exempting to be revealed due to identifying code, so as to improve the reliability of authentication.
Alternatively, in a possible implementation of the present embodiment, in 301, prison in real time is mainly responsible in certification end
Local short message is listened, the encrypted authentication information by encryption sent by service server can be intercepted and captured.
Alternatively, in a possible implementation of the present embodiment, in 303, the certification end specifically can be with
Graphic form, represents the identifying code.So, it is possible to reduce existence week of the clear content of identifying code in the region of memory of terminal
Phase, can further improve the reliability of authentication.
Alternatively, in a possible implementation of the present embodiment, after 303, user can provide checking
In application corresponding to the business of code, the identifying code that input authentication end is represented.And then, the application can then take to business
Business device sends the identifying code, to cause that the service server is verified to the identifying code, to complete authentication.
It is understood that key involved in the present embodiment, in the storage mode of certification end, can use various sides
Formula, the present embodiment is not particularly limited to this.
For example, to the key of the random generation in certification end, being encrypted, then store in certification end.It is close for encrypting
The AES of key, can be realized in the form of C/C++ language development SO expansion modules.Specifically can will be used for encryption key
Key, segmentation breaks up, and stores in SO expansion modules.For the key of encryption key, can be with the end message of terminal
It is associated, is unique with the key for ensureing each terminal.
In the present embodiment, the encrypted authentication information that service server sends is received by certification end, and then using storage
Key, is decrypted treatment, to obtain identifying code to the encrypted authentication information so that the certification end can represent described testing
Card code, because the content of identifying code is no longer plaintext so that even if being intercepted and captured by lawless person, still cannot decrypt checking
Code, account safety problem caused by can avoiding being revealed due to identifying code, so as to improve the reliability of authentication.
For cause method provided in an embodiment of the present invention it is clearer, below will using third party's business platform (TP) as act
Example.
The flow of certification end initialization is illustrated in another identity identifying method that Fig. 4 is provided for another embodiment of the present invention
Figure.
401st, certification end is to the random key for generating, the mark (IDentity, ID) of the certification end and place terminal
IMSI and IMEI carries out hashing operation, to obtain the first cryptographic Hash.
402nd, the certification end sends first cryptographic Hash with short message to security server.
So, the security server then can be according to the short message, and terminal where access authentication end is that user is made
With the phone number of terminal.
403rd, the certification end is based on HTTPS, to the security server send the key, the ID of the certification end,
The IMSI and IMEI of the terminal.
It is understood that the 402 and 403 no permanent order of execution, 402 can perform before 403, or might be used also
Performed simultaneously with 403, or can also be performed after 403, the present embodiment is not particularly limited to this.
404th, the security server is carried out to the key, the ID of the certification end, the IMSI of the terminal and IMEI
The hashing operation, to obtain the second cryptographic Hash.
Wherein, the hashing operation that the security server is used, the hashing operation used with the certification end is phase
Same hashing operation, can include but is not limited to MD5, SHA1 or CRC32 scheduling algorithm, and the present embodiment is not limited especially this
It is fixed.
If the 405, second cryptographic Hash is consistent with first cryptographic Hash, the security server according to described to short disappearing
The phone number that is obtained of breath and the key, the ID of the certification end, the IMSI and IMEI of the terminal, are tied up
It is fixed, closed with the key, the ID of the certification end, the corresponding of the IMSI of the terminal and IMEI with generating the phone number
System.
If second cryptographic Hash is consistent with first cryptographic Hash, the security server then terminates flow.
406th, the security server determines whether user is to use certification end first according to the telephone number.
If the 407, user to use certification end first, the security server sends first and indicates letter to the certification end
Breath, to indicate to set gesture password, and then the certification end interacts with the security server, to set the certification end
Gesture password.
If the 408, user uses certification end first for non-, the security server sends second and indicates letter to the certification end
Breath, to indicate to verify gesture password, and then the certification end interacts with the security server, to verify the certification end
Gesture password.
So far, the initialization flow of certification end is finished, and certification end then can in real time monitor the short message of place terminal,
To intercept and capture the encrypted authentication information by encryption sent by service server.
The flow of identifying code treatment is illustrated in another identity identifying method that Fig. 5 is provided for another embodiment of the present invention
Figure.User can carry out the business that the application is provided by application.In some cases, for example, situations such as being paid,
Need to carry out authentication using short message verification code.Service server, according to the identifying code generation strategy for pre-setting, is user
Generate the identifying code for carrying out authentication.Now, be sent to for identifying code and treat by service server no longer directly with short message
The terminal that certification user is used, but the phone number of identifying code and user to be certified is sent to security server.
501st, service server sends authentication information to security server, and the authentication information includes checking
Service identification corresponding to code, the phone number of user to be certified and the service server.
502nd, the security server obtains security configuration letter corresponding with the phone number according to the phone number
Breath, and then according to the security configuration information, obtain safe configured information corresponding with the service identification.
Specifically, the security configuration information can specifically include that the first safety is indicated and the second safety is indicated.Wherein, institute
State the first safety to indicate, for indicating to have turned on identifying code encryption function;Second safety is indicated, and is tested for indicating not opening
Card code encryption function.
Further, after certification end initialization flow is finished, and before 502, the certification end can be with
Further using the HTTPS based on the key corresponding to certification end, the security configuration information is sent to security server, and then
The phone number and the security configuration information of pair certification end corresponding with the escape way corresponding to the HTTS are tied up
It is fixed, to generate the corresponding relation of the phone number and security configuration information, so that the security server is closed according to the correspondence
System, obtains security configuration information corresponding with the phone number.
If the 503, the safe configured information be first safety indicate, the security server according to the phone number,
And the phone number of bound generation and the key, the ID of the certification end, the IMSI of the terminal and IMEI
Corresponding relation, obtains key corresponding with the phone number.
If the safe configured information is the second safety indicating, the security server is then directly to the service server
The identifying code is sent, any operation no longer is carried out to identifying code.So, service server is further according to normal flow, according to institute
Phone number is stated, the identifying code is sent with short message.Service server sends identifying code and terminal receives the detailed of identifying code
Thin description, may refer to related content of the prior art, and here is omitted.
504th, the security server utilizes the key, and the identifying code is encrypted, and is tested with obtaining encryption
Card information.
505th, the security server sends the encrypted authentication information to the service server.
506th, the service server sends the encrypted authentication information according to the phone number with short message.
So, certification end can intercept the encrypted authentication information of service server transmission.
507th, the certification end is decrypted treatment, to be tested using the key of storage to the encrypted authentication information
Card code.
508th, the certification end represents the identifying code with graphic form.
So far, identifying code handling process is finished, user can provide identifying code business corresponding to application in,
The identifying code that input authentication end is represented.And then, the application then can send the identifying code to service server, to cause
The service server is verified to the identifying code, to complete authentication., because the content of identifying code is no longer in plain text
So that even if being intercepted and captured by lawless person, identifying code still cannot be decrypted, caused by can avoiding being revealed due to identifying code
Account safety problem, so as to improve the reliability of authentication.
It should be noted that for foregoing each method embodiment, in order to be briefly described, therefore it is all expressed as a series of
Combination of actions, but those skilled in the art should know, the present invention not by described by sequence of movement limited because
According to the present invention, some steps can sequentially or simultaneously be carried out using other.Secondly, those skilled in the art should also know
Know, embodiment described in this description belongs to preferred embodiment, involved action and module is not necessarily of the invention
It is necessary.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not have the portion described in detail in certain embodiment
Point, may refer to the associated description of other embodiment.
A kind of structural representation of ID authentication device that Fig. 6 is provided for another embodiment of the present invention, as shown in Figure 6.This
The ID authentication device of embodiment can include receiving unit 61, obtaining unit 62, ciphering unit 63 and transmitting element 64.Its
In, receiving unit 61, the authentication information for receiving service server transmission, the authentication information includes identifying code
With the phone number of user to be certified;Obtaining unit 62, for according to the phone number, obtaining corresponding with the phone number
Key;Ciphering unit 63, for utilizing the key, is encrypted to the identifying code, to obtain encrypted authentication letter
Breath;Transmitting element 64, for sending the encrypted authentication information to the service server, to cause the service server root
The encrypted authentication information is sent with short message according to the phone number.
It should be noted that the ID authentication device that the present embodiment is provided, can be security server, net is may be located at
Network side.
The function of security server in the corresponding embodiments of Fig. 1~Fig. 5, the authentication that can be provided by the present embodiment
Equipment is realized.
Alternatively, as shown in fig. 7, another embodiment of the present invention can also provide another ID authentication device, with Fig. 6 pairs
The embodiment answered is compared, and can further include hash units 71 and binding unit 72.Wherein,
The receiving unit 61, can also be further used for receiving the first cryptographic Hash that certification end is sent with short message, institute
It is the certification end to the key of random generation, the identification information of the certification end and place terminal to state the first cryptographic Hash
End message carries out hashing operation acquisition;
The receiving unit 61, can also be further used for receiving the certification end be based on the key that HTTPS sends,
The identification information of the certification end and the end message;
The hash units 71, for being carried out to the key, the identification information of the certification end and the end message
The hashing operation, to obtain the second cryptographic Hash;Wherein, the hashing operation that the security server is used, with the certification
The used hashing operation in end, is identical hashing operation, can include but is not limited to MD5, SHA1 or CRC32 scheduling algorithm, this
Embodiment is not particularly limited to this.
The binding unit 72, if consistent with first cryptographic Hash for second cryptographic Hash, to according to described short
The phone number that message is obtained and the key, the identification information of the certification end and the end message, are tied up
It is fixed, to generate the corresponding relation of the phone number and the key, the identification information of the certification end and the end message.
Wherein, the end message can include but is not limited at least one in IMSI and IMEI.
It should be noted that because time parameter has standard and uniqueness so that lawless person is not readily available and works as
Preceding time, the key, the identification information of the certification end and place that the certification end can also further to random generation
The end message of terminal, and temporal information carries out hashing operation together, to obtain the first cryptographic Hash.Correspondingly, certification end is also
First cryptographic Hash can be sent to security server further with short message, and will be described close based on HTTPS
Key, the identification information of the certification end and the end message, and temporal information are sent to security server, for the peace
Full server then can be to the key, the identification information of the certification end and the end message, and temporal information is together
Hashing operation is carried out, to obtain the second cryptographic Hash.
Alternatively, as shown in figure 8, another embodiment of the present invention can also provide another ID authentication device, with Fig. 7 pairs
The embodiment answered is compared, and can further include gesture unit 81.Wherein,
The transmitting element 64, if it is consistent with first cryptographic Hash to be additionally operable to second cryptographic Hash, to the certification
End sends the first configured information, to indicate to set gesture password;
The gesture unit 81, for being interacted with the certification end, to set the gesture password of the certification end.
So, certification end gathers the gesture of user input, and gesture password is generated according to gesture, and then according to gesture password,
Generate the cryptographic Hash of gesture password.Certification end can then be based on the Hash that HTTPS sends the gesture password to security server
Value, so as to obtain gesture unit 81 to phone number and the cryptographic Hash of the gesture password, is bound, to generate the cell-phone number
Code and the corresponding relation of the cryptographic Hash of the gesture password, so that the gesture unit 81 utilizes the corresponding relation, are carried out described
The gesture checking of certification end.
The gesture password of certification end is set by security server so that even if lawless person is obtained in that carries certification
The terminal at end, cannot also start certification end, to use the encrypted authentication information transmitted by the decryption services server of certification end, can
Effectively improve the reliability of authentication.
Still optionally further, the transmitting element 64, if second cryptographic Hash can also be further used for described
One cryptographic Hash is consistent, and the second configured information is sent to the certification end, to indicate to verify gesture password;Correspondingly, the gesture
Unit 81, can also be further used for being interacted with the certification end, to verify the gesture password of the certification end.
So, certification end gathers the gesture of user input, and gesture password is generated according to gesture, and then according to gesture password,
Generate the cryptographic Hash of gesture password.Certification end can then be based on the Hash that HTTPS sends the gesture password to security server
Value, to cause that the gesture unit 81 is right with the cryptographic Hash of the gesture password using the phone number of bound generation
Should be related to, to the cryptographic Hash of the gesture password, be verified.
The gesture password of certification end is set by security server so that even if lawless person is obtained in that carries certification
The terminal at end, cannot also start certification end, to use the encrypted authentication information transmitted by the decryption services server of certification end, can
Effectively improve the reliability of authentication.
Alternatively, in a possible implementation of the present embodiment, the receiving unit 61 can also be used further
In the identification information and the security configuration information that receive the certification end that the certification end is sent based on HTTPS, the peace
Full configuration information can include but is not limited to service identification and safe configured information.Wherein, first safety is indicated, for referring to
Show and have turned on identifying code encryption function;Second safety is indicated, for indicating non-open-authentication code encryption function;The acquisition
Unit 62, can also be further used for the identification information according to the certification end, obtain the identification information pair with the certification end
The phone number answered;The binding unit, can also be further used for believing the phone number and the security configuration
Breath is bound, to generate the corresponding relation of the phone number and security configuration information.
It is understood that the identification information of the certification end is security server to be used to recognize certification end, if peace
It is complete, using the HTTPS based on the key corresponding to certification end, to transmit security configuration information between server and certification end, due to
Escape way corresponding to HTTPS based on the key corresponding to certification end is one-to-one with certification end, therefore, certification end
Then without the identification information to security server transmission certification end.
Alternatively, in a possible implementation of the present embodiment, the receiving unit 61, the body for being received
Part authentication information can further include the service identification corresponding to the service server;Correspondingly, the obtaining unit
62, specifically can be used for, according to the phone number, obtaining security configuration information corresponding with the phone number;According to described
Security configuration information, obtains safe configured information corresponding with the service identification;And if the safe configured information is the
One safety is indicated, and according to the phone number, obtains key corresponding with the phone number.Wherein, described first refers to safely
Show, for indicating to have turned on identifying code encryption function.
In addition, the transmitting element 64, if the safe configured information can also be further used for for the second safety is indicated,
The identifying code is sent to the service server.Wherein, second safety is indicated, for indicating non-open-authentication code encryption
Function.
In the present embodiment, the authentication information that service server sends is received by security server, the identity is recognized
Card information includes the phone number of identifying code and user to be certified, and then according to the phone number, obtains and the cell-phone number
The corresponding key of code, using the key, is encrypted, to obtain encrypted authentication information so that institute to the identifying code
Stating security server can send the encrypted authentication information to the service server, with cause the service server according to
The phone number sends the encrypted authentication information with short message, because the content of identifying code is no longer plaintext so that i.e.
Make to be intercepted and captured by lawless person, still cannot decrypt identifying code, account safety caused by can avoiding being revealed due to identifying code
Problem, so as to improve the reliability of authentication.
The structural representation of another ID authentication device that Fig. 9 is provided for another embodiment of the present invention, as shown in Figure 9.
The ID authentication device that the present embodiment is provided can include hash units 91 and transmitting element 92.Wherein, hash units 91, are used for
End message to the key, the identification information of the certification end and place terminal of random generation carries out hashing operation, with
Obtain the first cryptographic Hash;Transmitting element 92, for short message, first cryptographic Hash being sent to security server;The hair
Send unit 92, be additionally operable to based on HTTPS, to the security server send the key, the identification information of the certification end and
The end message, to cause that the security server is believed the key, the identification information of the certification end and the terminal
Breath carries out the hashing operation, to obtain the second cryptographic Hash;If second cryptographic Hash is consistent with first cryptographic Hash, described
Security server is to the phone number and the key, the identification information of the certification end that are obtained according to the short message
With the end message, bound, to generate the phone number with the key, the identification information of the certification end and institute
State the corresponding relation of end message.
Wherein, the end message can include but is not limited at least one in IMSI and IMEI.
Wherein, the hashing operation that the security server is used, the hashing operation used with the certification end is phase
Same hashing operation, can include but is not limited to MD5, SHA1 or CRC32 scheduling algorithm, and the present embodiment is not limited especially this
It is fixed.
It should be noted that the ID authentication device that the present embodiment is provided can be certification end, can be with plug-in unit or soft
The forms such as part development kit (Software Development Kit, SDK) be arranged on local application (Application,
App) for example, in Alipay, or can also be arranged in terminal with single application program (nativeAPP).
It is understood that local application can be mounted in the application program (nativeAPP) in terminal, or also
Can be a webpage (webAPP) of the browser in terminal, as long as can realize that the objective reality form that business is provided all may be used
So that the present embodiment is not defined to this.
The function of certification end in the corresponding embodiments of Fig. 1~Fig. 5, the ID authentication device that can be provided by the present embodiment
Realize.
Alternatively, as shown in Figure 10, another embodiment of the present invention can also provide another ID authentication device, with Fig. 9
Corresponding embodiment is compared, and can further include receiving unit 1001 and gesture unit 1002.
Receiving unit 1001, for receiving the first configured information that the security server sends, to indicate to set gesture
Password, if first configured information is second cryptographic Hash security server hair consistent with first cryptographic Hash
Send;
Gesture unit 1002, for being interacted with the security server, to set the gesture password of the certification end.
So, gesture unit gathers the gesture of user input, and gesture password is generated according to gesture, and then close according to gesture
Code, generates the cryptographic Hash of gesture password.Gesture unit can then be based on HTTPS and send the gesture password to security server
Cryptographic Hash, to cause that the security server, to phone number and the cryptographic Hash of the gesture password, is bound, to generate
The corresponding relation of phone number and the cryptographic Hash of the gesture password is stated, so that the security server utilizes the corresponding relation,
Carry out the gesture checking of the certification end.
The gesture password of certification end is set by security server so that even if lawless person is obtained in that carries certification
The terminal at end, cannot also start certification end, to use the encrypted authentication information transmitted by the decryption services server of certification end, can
Effectively improve the reliability of authentication.
Alternatively, in a possible implementation of the present embodiment, the receiving unit 1001 can also be further
For receiving the second configured information that the security server sends, to indicate to verify gesture password, first configured information
If for second cryptographic Hash security server consistent with first cryptographic Hash sends;The gesture unit 1002, also
Can be further used for being interacted with the security server, to verify the gesture password of the certification end.
So, gesture unit gathers the gesture of user input, and gesture password is generated according to gesture, and then close according to gesture
Code, generates the cryptographic Hash of gesture password.Gesture unit can then be based on HTTPS and send the gesture password to security server
Cryptographic Hash, to cause the security server using the phone number of bound generation and the cryptographic Hash of the gesture password
Corresponding relation, to the cryptographic Hash of the gesture password, verified.
The gesture password of certification end is set by security server so that even if lawless person is obtained in that carries certification
The terminal at end, cannot also start certification end, to use the encrypted authentication information transmitted by the decryption services server of certification end, can
Effectively improve the reliability of authentication.
Alternatively, in a possible implementation of the present embodiment, the transmitting element 92 can also be used further
In based on HTTPS, the identification information and the security configuration information of the certification end are sent to the security server, to cause
The security server obtains the hand corresponding with the identification information of the certification end according to the identification information of the certification end
Machine number, binds to the phone number and the security configuration information, to generate the phone number and security configuration
The corresponding relation of information.
The security configuration information can include but is not limited to service identification and safe configured information.Wherein, described first
Safety is indicated, for indicating to have turned on identifying code encryption function;Second safety is indicated, for indicating non-open-authentication code to add
Close function.
So, the security server according to the security configuration information, and then can just be sent out in conjunction with service server
Service identification in the authentication information sent corresponding to the included service server, obtains and the service identification
Corresponding safe configured information.If the safe configured information is the first safety indicating, the security server then can basis
The phone number, obtains key corresponding with the phone number.Wherein, first safety is indicated, for indicating to have opened
Open identifying code encryption function.The security server can utilize the key, and the identifying code that service server sends is carried out
Encryption, to obtain encrypted authentication information so that the security server can send described adding to the service server
Close checking information, to cause that the service server sends the encrypted authentication information according to the phone number with short message.
It is understood that the identification information of the certification end is security server to be used to recognize certification end, if peace
It is complete, using the HTTPS based on the key corresponding to certification end, to transmit security configuration information between server and certification end, due to
Escape way corresponding to HTTPS based on the key corresponding to certification end is one-to-one with certification end, therefore, certification end
Then without the identification information to security server transmission certification end.
In the present embodiment, by hash units to the random key for generating, the identification information of the certification end and place end
The end message at end carries out hashing operation, to obtain the first cryptographic Hash, and then by transmitting element with short message, to security server
Send first cryptographic Hash so that such that transmitting element is based on HTTPS, send described close to the security server
Key, the identification information of the certification end and the end message, so, the security server then can be to the key, institute
The identification information and the end message for stating certification end carry out the hashing operation, to obtain the second cryptographic Hash, if described second
Cryptographic Hash is consistent with first cryptographic Hash, and the security server is to the phone number that is obtained according to the short message
With the key, the identification information of the certification end and the end message, bound, to generate the phone number and institute
The corresponding relation of key, the identification information of the certification end and the end message is stated, because key can be used for encryption business
The identifying code that server is generated, therefore, the content of identifying code is no longer plaintext so that even if being intercepted and captured by lawless person, still
Identifying code cannot be so decrypted, account safety problem caused by can avoiding being revealed due to identifying code, so as to improve identity
The reliability of certification.
The structural representation of another ID authentication device that Figure 11 is provided for another embodiment of the present invention, such as Figure 11 institutes
Show.The ID authentication device that the present embodiment is provided can include receiving unit 1101, decryption unit 1102 and represent unit 1103.
Wherein, receiving unit 1101, the encrypted authentication information for receiving service server transmission;Decryption unit 1102, for utilizing
The key of storage, is decrypted treatment, to obtain identifying code to the encrypted authentication information;Represent unit 1103, for representing
The identifying code.
It should be noted that the ID authentication device that the present embodiment is provided can be certification end, can be with plug-in unit or soft
The forms such as part development kit (Software Development Kit, SDK) be arranged on local application (Application,
App) for example, in Alipay, or can also be arranged in terminal with single application program (nativeAPP).
It is understood that local application can be mounted in the application program (nativeAPP) in terminal, or also
Can be a webpage (webAPP) of the browser in terminal, as long as can realize that the objective reality form that business is provided all may be used
So that the present embodiment is not defined to this.
The function of certification end in the corresponding embodiments of Fig. 1~Fig. 5, the ID authentication device that can be provided by the present embodiment
Realize.
Alternatively, it is described to represent unit 1103 in a possible implementation of the present embodiment, specifically can be used for
With graphic form, represent the identifying code.So, it is possible to reduce existence of the clear content of identifying code in the region of memory of terminal
In the cycle, can further improve the reliability of authentication.
In the present embodiment, the encrypted authentication information that service server sends is received by receiving unit, so it is single by decryption
Unit is decrypted treatment, to obtain identifying code so that representing unit can using the key of storage to the encrypted authentication information
Represent the identifying code, because the content of identifying code is no longer plaintext so that even if being intercepted and captured by lawless person, still cannot solve
It is close go out identifying code, account safety problem caused by can avoiding being revealed due to identifying code can so as to improve authentication
By property.
It is apparent to those skilled in the art that, for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
In several embodiments provided by the present invention, it should be understood that disclosed system, apparatus and method can be with
Realize by another way.For example, device embodiment described above is only schematical, for example, the unit
Divide, only a kind of division of logic function there can be other dividing mode when actually realizing, for example multiple units or component
Can combine or be desirably integrated into another system, or some features can be ignored, or do not perform.It is another, it is shown or
The coupling each other for discussing or direct-coupling or communication connection can be the indirect couplings of device or unit by some interfaces
Close or communicate to connect, can be electrical, mechanical or other forms.
The unit that is illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit
The part for showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be according to the actual needs selected to realize the mesh of this embodiment scheme
's.
In addition, during each functional unit in each embodiment of the invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to which two or more units are integrated in a unit.Above-mentioned integrated list
Unit can both be realized in the form of hardware, it would however also be possible to employ hardware adds the form of SFU software functional unit to realize.
The above-mentioned integrated unit realized in the form of SFU software functional unit, can store and be deposited in an embodied on computer readable
In storage media.Above-mentioned SFU software functional unit storage is in a storage medium, including some instructions are used to so that a computer
Equipment (can be personal computer, server, or network equipment etc.) or processor (processor) perform the present invention each
The part steps of embodiment methods described.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (Read-
Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disc or CD etc. it is various
Can be with the medium of store program codes.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
The present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used
Modified with to the technical scheme described in foregoing embodiments, or equivalent is carried out to which part technical characteristic;
And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and
Scope.
Claims (20)
1. a kind of identity identifying method, it is characterised in that including:
Security server receives the authentication information that service server sends, and the authentication information includes identifying code and treats
The phone number of certification user;
The security server obtains key corresponding with the phone number according to the phone number;
The security server utilizes the key, the identifying code is encrypted, to obtain encrypted authentication information;
The security server sends the encrypted authentication information to the service server, to cause the service server root
The encrypted authentication information is sent with short message according to the phone number;Wherein,
The security server before obtaining key corresponding with the phone number, also includes according to the phone number:
The security server receives the first cryptographic Hash that certification end is sent with short message, and first cryptographic Hash is the certification
Hold the end message of the key, the identification information of the certification end and place terminal to generating at random to carry out hashing operation to obtain
;
The security server receives the certification end and is based on the key, the identification information of the certification end that HTTPS sends
With the end message;
The security server carries out the Hash behaviour to the key, the identification information of the certification end and the end message
Make, to obtain the second cryptographic Hash;
If second cryptographic Hash is consistent with first cryptographic Hash, the security server according to the short message to being obtained
The phone number and the key, the identification information of the certification end and the end message, bound, to generate
State the corresponding relation of phone number and the key, the identification information of the certification end and the end message.
2. method according to claim 1, it is characterised in that methods described also includes:
If second cryptographic Hash is consistent with first cryptographic Hash, the security server sends first and refers to the certification end
Show information, to indicate to set gesture password;
The security server is interacted with the certification end, to set the gesture password of the certification end.
3. method according to claim 2, it is characterised in that methods described also includes:
If second cryptographic Hash is consistent with first cryptographic Hash, the security server sends second and refers to the certification end
Show information, to indicate to verify gesture password;
The security server is interacted with the certification end, to verify the gesture password of the certification end.
4. the method according to claims 1 to 3 any claim, it is characterised in that the authentication information is also wrapped
Include the service identification corresponding to the service server;The security server is obtained and the hand according to the phone number
The corresponding key of machine number, including:
The security server obtains security configuration information corresponding with the phone number according to the phone number;
The security server obtains safe configured information corresponding with the service identification according to the security configuration information;
If the safe configured information is the first safety indicating, the security server is obtained and institute according to the phone number
State the corresponding key of phone number.
5. method according to claim 4, it is characterised in that methods described also includes:
If the safe configured information is the second safety indicating, the security server is tested to described in service server transmission
Card code.
6. method according to claim 4, it is characterised in that the security server is obtained according to the phone number
Before security configuration information corresponding with the phone number, also include:
The security server receives the identification information and the safety that the certification end is based on the certification end that HTTPS sends
Configuration information;
The security server obtains the institute corresponding with the identification information of the certification end according to the identification information of the certification end
State phone number;
The security server is bound to the phone number and the security configuration information, to generate the phone number
With the corresponding relation of security configuration information.
7. a kind of identity identifying method, it is characterised in that including:
Certification end carries out Hash behaviour to the end message of the key, the identification information of the certification end and place terminal of random generation
Make, to obtain the first cryptographic Hash;
The certification end sends first cryptographic Hash with short message to security server;
The certification end is based on HTTPS, and the key, the identification information of the certification end and institute are sent to the security server
End message is stated, to cause the security server to the key, the identification information of the certification end and the end message
The hashing operation is carried out, to obtain the second cryptographic Hash;If second cryptographic Hash is consistent with first cryptographic Hash, the peace
Full server is to the phone number that is obtained according to the short message and the key, the identification information of the certification end and described
End message, is bound, to generate the phone number with the key, the identification information of the certification end and the terminal
The corresponding relation of information.
8. method according to claim 7, it is characterised in that the certification end is based on HTTPS, to the security server
Send after the key, the identification information of the certification end and the end message, also include:
The certification end receives the first configured information that the security server sends, to indicate to set gesture password, described the
If a configured information is second cryptographic Hash, the security server consistent with first cryptographic Hash sends;
The certification end interacts with the security server, to set the gesture password of the certification end.
9. method according to claim 8, it is characterised in that the certification end is based on HTTPS, to the security server
Send after the key, the identification information of the certification end and the end message, also include:
The certification end receives the second configured information that the security server sends, to indicate to verify gesture password, described the
If a configured information is second cryptographic Hash, the security server consistent with first cryptographic Hash sends;
The certification end interacts with the security server, to verify the gesture password of the certification end.
10. the method according to claim 7~9 any claim, it is characterised in that the certification end is based on HTTPS,
After to the security server transmission key, the identification information of the certification end and the end message, also include:
The certification end is based on HTTPS, and the identification information and the safety for sending the certification end to the security server are matched somebody with somebody
Confidence ceases, to cause that the security server, according to the identification information of the certification end, is obtained and believed with the mark of the certification end
The corresponding phone number is ceased, the phone number and the security configuration information are bound, to generate the mobile phone
The corresponding relation of number and security configuration information.
A kind of 11. ID authentication devices, it is characterised in that including:
Receiving unit, the authentication information for receiving service server transmission, the authentication information includes identifying code
With the phone number of user to be certified;
Obtaining unit, for according to the phone number, obtaining key corresponding with the phone number;
Ciphering unit, for utilizing the key, is encrypted, to obtain encrypted authentication information to the identifying code;
Transmitting element, for sending the encrypted authentication information to the service server, to cause the service server root
The encrypted authentication information is sent with short message according to the phone number;Wherein,
The equipment also includes hash units and binding unit;Wherein,
The receiving unit, is additionally operable to receive the first cryptographic Hash that certification end is sent with short message, and first cryptographic Hash is institute
State certification end carries out Hash to the end message of the key, the identification information of the certification end and place terminal of random generation
Operation is obtained;
The receiving unit, is additionally operable to receive the key, the mark of the certification end that the certification end is based on HTTPS transmissions
Information and the end message;
The hash units, for carrying out the Kazakhstan to the key, the identification information of the certification end and the end message
Uncommon operation, to obtain the second cryptographic Hash;
The binding unit, if consistent with first cryptographic Hash for second cryptographic Hash, to according to the short message institute
The phone number and the key, the identification information of the certification end and the end message for obtaining, are bound, with life
Into the corresponding relation of the phone number and the key, the identification information of the certification end and the end message.
12. equipment according to claim 11, it is characterised in that the equipment also includes gesture unit;Wherein,
The transmitting element, if it is consistent with first cryptographic Hash to be additionally operable to second cryptographic Hash, sends to the certification end
First configured information, to indicate to set gesture password;
The gesture unit, for being interacted with the certification end, to set the gesture password of the certification end.
13. equipment according to claim 12, it is characterised in that
The transmitting element, if it is consistent with first cryptographic Hash to be additionally operable to second cryptographic Hash, sends to the certification end
Second configured information, to indicate to verify gesture password;
The gesture unit, is additionally operable to be interacted with the certification end, to verify the gesture password of the certification end.
14. equipment according to claim 11~13 any claim, it is characterised in that the authentication information is also
Including the service identification corresponding to the service server;The obtaining unit, specifically for
According to the phone number, security configuration information corresponding with the phone number is obtained;
According to the security configuration information, safe configured information corresponding with the service identification is obtained;And
If the safe configured information is the first safety indicating, according to the phone number, obtain corresponding with the phone number
Key.
15. equipment according to claim 14, it is characterised in that the transmitting element, are additionally operable to
If the safe configured information is the second safety indicating, the identifying code is sent to the service server.
16. equipment according to claim 14, it is characterised in that
The receiving unit, is additionally operable to receive identification information and institute that the certification end is based on the certification end that HTTPS sends
State security configuration information;
The obtaining unit, is additionally operable to the identification information according to the certification end, obtains the identification information pair with the certification end
The phone number answered;
The binding unit, is additionally operable to bind the phone number and the security configuration information, to generate the hand
The corresponding relation of machine number and security configuration information.
A kind of 17. ID authentication devices, it is characterised in that including:
Hash units, the end message for key, the identification information of certification end and place terminal to random generation is breathed out
Uncommon operation, to obtain the first cryptographic Hash;
Transmitting element, for short message, first cryptographic Hash being sent to security server;
The transmitting element, is additionally operable to be sent to the security server based on HTTPS the mark of the key, the certification end
Knowledge information and the end message, to cause the security server to the key, the identification information of the certification end and institute
Stating end message carries out the hashing operation, to obtain the second cryptographic Hash;If second cryptographic Hash and first cryptographic Hash
Unanimously, the security server is to the phone number and the key, the mark of the certification end that are obtained according to the short message
Knowledge information and the end message, are bound, and are believed with the mark of the key, the certification end with generating the phone number
The corresponding relation of breath and the end message.
18. equipment according to claim 17, it is characterised in that the equipment also includes:
Receiving unit, it is described to indicate to set gesture password for receiving the first configured information that the security server sends
If the first configured information is second cryptographic Hash, the security server consistent with first cryptographic Hash sends;
Gesture unit, for being interacted with the security server, to set the gesture password of the certification end.
19. equipment according to claim 18, it is characterised in that
The receiving unit, is additionally operable to receive the second configured information that the security server sends, to indicate checking gesture close
Code, if first configured information is second cryptographic Hash, the security server consistent with first cryptographic Hash sends;
The gesture unit, is additionally operable to be interacted with the security server, to verify the gesture password of the certification end.
20. equipment according to claim 17~19 any claim, it is characterised in that
The transmitting element, is additionally operable to based on HTTPS, and identification information and the institute of the certification end are sent to the security server
Security configuration information is stated, to cause that the security server, according to the identification information of the certification end, is obtained and the certification end
The phone number corresponding to identification information, the phone number and the security configuration information are bound, to generate
The corresponding relation of the phone number and security configuration information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410340397.9A CN104079581B (en) | 2014-07-16 | 2014-07-16 | Identity identifying method and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410340397.9A CN104079581B (en) | 2014-07-16 | 2014-07-16 | Identity identifying method and equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104079581A CN104079581A (en) | 2014-10-01 |
CN104079581B true CN104079581B (en) | 2017-07-11 |
Family
ID=51600623
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410340397.9A Active CN104079581B (en) | 2014-07-16 | 2014-07-16 | Identity identifying method and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104079581B (en) |
Families Citing this family (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105635040B (en) * | 2014-10-27 | 2018-12-28 | 阿里巴巴集团控股有限公司 | A kind of verification method, equipment and system |
CN104599124A (en) * | 2015-01-06 | 2015-05-06 | 宇龙计算机通信科技(深圳)有限公司 | Protection method and device of mobile payment information and mobile payment system |
CN105992204A (en) * | 2015-02-03 | 2016-10-05 | 北京神州泰岳信息安全技术有限公司 | Access authentication method of applications of mobile intelligent terminal and device |
CN105516969B (en) * | 2015-12-15 | 2019-03-05 | 中卓信(北京)科技有限公司 | A kind of SMS safe verification method |
KR101637863B1 (en) * | 2016-01-05 | 2016-07-08 | 주식회사 코인플러그 | Security system and method for transmitting a password |
CN106101064A (en) * | 2016-05-27 | 2016-11-09 | 深圳市永兴元科技有限公司 | Account login method and device |
CN106060098B (en) * | 2016-08-09 | 2019-07-09 | 北京小米支付技术有限公司 | Processing method, processing unit and the processing system of identifying code |
CN106330862A (en) * | 2016-08-10 | 2017-01-11 | 武汉信安珞珈科技有限公司 | Secure transmission method and system for dynamic password |
CN106412862B (en) * | 2016-10-13 | 2020-01-31 | 上海众人网络安全技术有限公司 | short message reinforcement method, device and system |
CN106454800B (en) * | 2016-11-21 | 2018-07-27 | 北京小米移动软件有限公司 | Auth method, apparatus and system |
CN111683103B (en) * | 2016-12-21 | 2022-08-30 | 创新先进技术有限公司 | Information interaction method and device |
CN108090768A (en) * | 2017-11-14 | 2018-05-29 | 阿里巴巴集团控股有限公司 | The method and device that a kind of business performs |
CN107896218A (en) * | 2017-11-29 | 2018-04-10 | 郑州云海信息技术有限公司 | A kind of method and system of automatic detection identifying code passback logic leak |
CN109005196A (en) * | 2018-09-10 | 2018-12-14 | 北京旷视科技有限公司 | Data transmission method, data decryption method, device and electronic equipment |
CN109672664B (en) * | 2018-11-13 | 2021-06-18 | 视联动力信息技术股份有限公司 | Authentication method and system for video networking terminal |
CN110941805B (en) * | 2019-11-21 | 2022-06-10 | 北京达佳互联信息技术有限公司 | Identity authentication method and device |
CN112990927B (en) * | 2021-04-27 | 2024-03-08 | 中国工商银行股份有限公司 | Payment verification method, system, device, computer system and storage medium |
CN115001756B (en) * | 2022-05-16 | 2024-01-26 | 李愿军 | Network-based identity verification method and system |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1136961A1 (en) * | 2000-03-24 | 2001-09-26 | Banco Bilbao Vizcaya Argentaria S.A. | System and process for remote payments and transactions in real time by mobile telephone |
WO2003096615A1 (en) * | 2002-05-07 | 2003-11-20 | Wireless Applicatoins Pty Ltd | Method for authenticating and verifying sms communications |
US7011245B1 (en) * | 2004-11-05 | 2006-03-14 | Michael Hu | Pedigree code enabling authentification through computer generated unbroken chain reflective coding including transaction party data |
CN1811813A (en) * | 2006-03-02 | 2006-08-02 | 韩林 | Two-factor dynamic cipher verification method and system |
CN1838141A (en) * | 2006-02-05 | 2006-09-27 | 刘亚威 | Technology for improving security of accessing computer application system by mobile phone |
CN101262349A (en) * | 2008-04-17 | 2008-09-10 | 华为技术有限公司 | SMS-based identity authentication method and device |
CN101944216A (en) * | 2009-07-07 | 2011-01-12 | 财团法人资讯工业策进会 | Two-factor online transaction safety authentication method and system |
CN101957858A (en) * | 2010-09-27 | 2011-01-26 | 中兴通讯股份有限公司 | Data comparison method and device |
-
2014
- 2014-07-16 CN CN201410340397.9A patent/CN104079581B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1136961A1 (en) * | 2000-03-24 | 2001-09-26 | Banco Bilbao Vizcaya Argentaria S.A. | System and process for remote payments and transactions in real time by mobile telephone |
WO2003096615A1 (en) * | 2002-05-07 | 2003-11-20 | Wireless Applicatoins Pty Ltd | Method for authenticating and verifying sms communications |
CN1653746A (en) * | 2002-05-07 | 2005-08-10 | 无线应用软件有限公司 | Method for authenticating and verifying sms communications |
US7011245B1 (en) * | 2004-11-05 | 2006-03-14 | Michael Hu | Pedigree code enabling authentification through computer generated unbroken chain reflective coding including transaction party data |
CN1838141A (en) * | 2006-02-05 | 2006-09-27 | 刘亚威 | Technology for improving security of accessing computer application system by mobile phone |
CN1811813A (en) * | 2006-03-02 | 2006-08-02 | 韩林 | Two-factor dynamic cipher verification method and system |
CN101262349A (en) * | 2008-04-17 | 2008-09-10 | 华为技术有限公司 | SMS-based identity authentication method and device |
CN101944216A (en) * | 2009-07-07 | 2011-01-12 | 财团法人资讯工业策进会 | Two-factor online transaction safety authentication method and system |
CN101957858A (en) * | 2010-09-27 | 2011-01-26 | 中兴通讯股份有限公司 | Data comparison method and device |
Also Published As
Publication number | Publication date |
---|---|
CN104079581A (en) | 2014-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104079581B (en) | Identity identifying method and equipment | |
CN103812871B (en) | Development method and system based on mobile terminal application program security application | |
CN105207774B (en) | The cryptographic key negotiation method and device of verification information | |
CN104301115B (en) | Mobile phone and Bluetooth key signature verification ciphertext communication method | |
CN105101183B (en) | The method and system that privacy content on mobile terminal is protected | |
CN104199657B (en) | The call method and device of open platform | |
CN106412862A (en) | Short message reinforcement method, apparatus and system | |
CN104283688B (en) | A kind of USBKey security certification systems and safety certifying method | |
CN110417797A (en) | Authenticate the method and device of user | |
CN109286599A (en) | Data security protection method, smart machine, server and readable storage medium storing program for executing | |
CN101621794A (en) | Method for realizing safe authentication of wireless application service system | |
CN110401629A (en) | A kind of method and relevant apparatus of activation authorization | |
CN103812651B (en) | Method of password authentication, apparatus and system | |
CN105142139B (en) | The acquisition methods and device of verification information | |
CN107135077B (en) | Software protecting method and device | |
CN105447715A (en) | Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party | |
WO2015003503A1 (en) | Network device, terminal device and information security improving method | |
CN109412812A (en) | Data safe processing system, method, apparatus and storage medium | |
CN103974248A (en) | Terminal security protection method, device and system in ability open system | |
CN106789024A (en) | A kind of remote de-locking method, device and system | |
CN107026823A (en) | Applied to the access authentication method and terminal in WLAN WLAN | |
CN107483388A (en) | A kind of safety communicating method and its terminal and high in the clouds | |
CN102404337A (en) | Data encryption method and device | |
CN106559386B (en) | A kind of authentication method and device | |
CN105634884B (en) | A kind of control instruction wiring method, intelligent home furnishing control method and relevant apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |