CN104202162A - System for login based on mobile phone and login method - Google Patents
System for login based on mobile phone and login method Download PDFInfo
- Publication number
- CN104202162A CN104202162A CN201410395338.1A CN201410395338A CN104202162A CN 104202162 A CN104202162 A CN 104202162A CN 201410395338 A CN201410395338 A CN 201410395338A CN 104202162 A CN104202162 A CN 104202162A
- Authority
- CN
- China
- Prior art keywords
- user
- login
- information system
- client
- mobile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention relates to a system for login based on a mobile phone and a login method. The login method comprises the following steps that when a user utilizes a client to visit an information system which is not logged in, the information system returns a random code to the client of the user; the user starts a mobile login client in the mobile phone to utilize an identity credential in the information system and/or the returned random code to complete login authentication for the information system on the mobile login system; after the login authentication is completed, the user utilizes the client to continue visiting the information system; and the information system affirms whether the user completes the login authentication for login of the information system through searching the mobile login system, if yes, the user is allowed to visit the information system, and otherwise, the user is required to log in. In addition, the random code is divided into two parts to be respectively returned to the client and transmitted to the mobile phone, so that safety of the method is further improved. Through the system for login based on the mobile phone and the login method, the user can safely log in the information system in the public environment, such as an Internet bar, by utilizing a computer.
Description
Technical field
The invention belongs to field of information security technology, particularly a kind of system and login method based on mobile phone login (Logon or Login).
Background technology
Many people have to the experience of public Internet bar online.In Internet bar online, if be only to browse news, your what worry of I'm afraid not, if login Net silver, QQ or game account, you are bound to worry your Account Security, some people even lives through the stolen situation the online account of Internet bar.Why there is this worry or occur this situation, this is because public Internet bar is the environment of an opening, on computer, various wooden horses, virus may be hidden, they can steal your account name and password, even if you adopt this relatively safe password mode of dynamic password also cannot avoid the generation of this situation.
Have again, some information system account (as Net silver account) will adopt USB Key hardware encryption device to login, as used the USB Key that deposits digital certificate and private key thereof, but in public Internet bar, the USB interface of computer is conventionally sealed up for safekeeping or is unloaded, therefore, you cannot use USB Key to carry out register at all.
Summary of the invention
The object of the invention is to propose a kind of can be at system and the login method based on mobile phone login of public Internet bar secure log information system.
To achieve these goals, the technical solution adopted in the present invention is:
Based on a system for mobile phone login, described system comprises the following component of a system:
Information system: one provides the system of function services by network;
Information system client a: user is used for the user side program of visit information system; Described information system client comprises private client and the general client of browser;
Mobile login system a: user to log-on message system logins the assembly of differentiating the information system of processing or the system that is independent of information system;
Mobile phone: user's mobile communications device; Program in described mobile phone can be accessed mobile login system by data network;
Mobile login client: one operate in user mobile phone, for carry out the program of information system register in mobile login system;
In the time that user uses information system client-access information system, the identity documents (Credential) of user in information system, completes the operation of log-on message system in mobile login system by the mobile login client in mobile phone;
Described identity documents refers to the electronic data for online mark and discriminating user, form (as account name and password, digital certificate and private key, IBC mark and private key, account name and the SMS random code of differentiating for user) by subscriber identity data and secret authentication data; User is or comprises the account name of user in information system in the subscriber identity data of the identity documents of information system.
The login method that the described system based on mobile phone login adopts can be one of following scheme.
Scheme one:
The first step: user uses information system client-access not yet to login the information system of (Logon or Login);
Second step: information system returns to client the prompting that user not yet logins;
The 3rd step: user selects to login with mobile phone by information system client, inputs the account name in information system, and by information system client, the account name of the selection of selecting mobile phone to login and input is submitted to information system;
The 4th step: information system receives selecting after the selection and account name that mobile phone logins that user submits to, verify by accounts database, confirm whether user account exists, checking, after confirming to pass through, generate a random code (i.e. a random string), then inspection message system whether preserved the random code of account name and the generation submitted to user identical treat login user record, if have, regenerate random code, again inspection message system whether preserved the random code of account name and the generation submitted to user identical treat login user record, repeat this process, until the random code of the account name that treating of having preserved do not submitted to user in login user record and generation not identical treat login user record, then the account name that information system is submitted user to and the random code of generation are as treating the preservation of login user record, and the account name of user's submission and the random code of generation are saved in to (associated with random code with user's account name with the session connection between client by information system) in the session data of information system with the session connection between information system client, then random code is turned back to information system client,
Described in information system preservation, treat that login user record has time limit, the request record to be identified in overtime time limit is removed or is deleted by information system;
The 5th step: user starts mobile login client in mobile phone and connects mobile login system (if mobile login client has started and connected mobile login system, without restarting, connecting), and login client user by movement and carry out the operation of log-on message system in the identity documents of information system in mobile login system; Carry out in the operating process of log-on message system in mobile login system in use identity documents, or complete after the operation of log-on message system (login differentiates successfully after) in mobile login system, the random code that information system is turned back to information system client by user is input to movement login client and is submitted to mobile login system;
Mobile login system completes user's login is differentiated to rear (being that user logins discriminating by rear) in the identity documents based on user, and the random code that the user who obtains from user identity voucher is submitted to account name and the user of information system is as the preservation of logged-in user record;
The 6th step: user uses mobile login client to complete after register in mobile login system, continues visit information system by information system client;
The 7th step: information system receives after the continuation access request of client, the random code of utilizing the user account names of preserving in the session data with the session connection between client and return to user is to mobile login system inquiry, confirm whether user completes the login for information system in mobile login system, if being user, Query Result completes login, information system is the user who has completed login by user label in session data, removing or deletion are with the account name in the session data of the session connection of information system client and the corresponding login user record (login user for the treatment of with same account name and random code records) for the treatment of of random code, allow user to continue access, otherwise, return to the prompting that requires user to login to information system client, and again return to random code (with identical or different before random code) to client, if the random code of again returning to client from return before different, upgrade account name and the corresponding login user record for the treatment of of random code in the session data of session connection of same information system client, and upgrade the random code of preserving in the session data with the session connection of information system client.
Scheme two:
The first step: user uses information system client-access not yet to login the information system of (Logon or Login);
Second step: information system returns to client the prompting that user not yet logins;
The 3rd step: user selects to login with mobile phone by information system client, inputs the account name in information system, and by information system client, the account name of the selection of selecting mobile phone to login and input is submitted to information system;
The 4th step: information system receives after employing the mobile phone selection and account name of logining that user submits to, verify, confirm by accounts database whether user account exists, after checking, confirmation are passed through, generate a random code, then the account name of user being submitted to and the random code of generation are submitted to mobile login system, and request utilizes this random code to login discriminating to the corresponding user of account name, if the result that mobile login system is returned instruction login is differentiated request and is submitted to successfully, the account name that information system is submitted user to and the random code of generation are saved in the session data of information system with the session connection between client, then the random code of generation are turned back to client, if the result that mobile login system is returned instruction login is differentiated request and is submitted to unsuccessfully, failed reason is that random code repeats, information system regenerates a random code, and then the account name that user is submitted to is submitted to mobile login system with the random code regenerating, request utilizes random code to login discriminating to the corresponding user of account name again, repeat this process, until differentiating, the login of resubmiting asks successfully, the account name that after success, information system is submitted user to and the random code of generation are saved in the session data of the session connection between same client, then the random code of generation is turned back to client, or there is the failure that other reasons causes, end login process,
Mobile login system receives information system submission user is logined after the request of differentiating, judges whether to preserve the request record to be identified with same account name and random code, and if so, returning to the also misdirection reason of makeing mistakes is that random code repeats; Otherwise mobile login system is preserved the account name receiving and random code as request record to be identified;
The request record described to be identified that mobile login system is preserved has time limit, and the request record to be identified in overtime time limit is moved login system and removes or delete;
The 5th step: user starts mobile login client in mobile phone and connects mobile login system (if mobile login client has started and connected mobile login system, without restarting, connecting), and login client user by movement and carry out the operation of log-on message system in the identity documents of information system in mobile login system; Using identity documents to carry out in the operating process of log-on message system in mobile login system, the random code that information system is turned back to information system client by user is input to mobile login client and is submitted to mobile login system;
Mobile login system user is logined differentiate process in, whether identical with the random code that account name in user identity voucher and user submit to the random code of first utilizing the user that obtains from user identity voucher to submit to account name and the user of information system, check and whether preserve the request record to be identified corresponding to same account name and random code (being account name in request record to be identified with random code); If have, continue user to login discriminating, otherwise, prompting mistake;
Mobile login system completes user's login is differentiated to rear (being that user logins discriminating by rear) in the identity documents based on user, remove or delete request to be identified record corresponding to active user (user who is operating) (being that account name and random code are respectively the request records to be identified of the random code submitted to of the account name that obtains in user identity voucher and user), the random code that the user who obtains from user identity voucher is submitted to account name and the user of information system is preserved as logged-in user record;
The 6th step: user uses mobile login client to complete after register in mobile login system, continues visit information system by information system client;
The 7th step: information system receives after the continuation access request of client, utilize the user account names of preserving in the session data with the session connection between client and the random code that returns to user to inquire about, confirm to mobile login system whether user completes the login for information system in mobile login system, if being user, Query Result completes login, information system is the user who has completed login by user label in session data, allows user to continue access; Otherwise, return to the prompting that requires user to login to information system client, and again return to random code (with identical or different before random code) to information system client; If the random code of again returning to client from return before different, upgrade be submitted to mobile login system, with the account name in the session data of the session connection of information system client and the corresponding request record to be identified of random code (with new submit to replace it submit), and upgrade the random code of preserving in the session data with the session connection of information system client.
In above scheme one and two, when logining client by movement, user uses in the identity documents of information system in the time that mobile login system is carried out the operation of log-on message system, if it is account name, password that the user who adopts logins identification method, account name, password that described mobile login system is submitted to according to user are completed user's login are differentiated by the user account database of inquiry information system; If it is account name, dynamic password that the user who adopts logins identification method, account name, the password that described mobile login system is submitted to according to user also completed user's login differentiated by verifying dynamic password server; If it is that biological characteristic is differentiated that the user who adopts logins identification method, the biological characteristic that described mobile login system is submitted to by mobile phone according to user is completed user's login is differentiated to (biological characteristic is differentiated or checking) by inquiry biological characteristic identification system or biological characteristic storage system; Be scheme based on public-key technology (as digital certificate, the cryptographic technique of IBC based on mark) if the user who adopts logins identification method, according to user's the identity documents based on public-key technology and identity documents, with user, the binding between the account of information system or corresponding relation complete user's login are differentiated described mobile login system.
In above scheme one and two, when logining client by movement, user uses in the identity documents of information system in the time that mobile login system is carried out the operation of log-on message system, if desired user's key carries out crypto-operation, and described movement logined the crypto module in client call mobile phone and use the user key of preserving in mobile phone to complete crypto-operation by crypto module; Described key comprises the symmetric key of symmetric key cipher algorithm and the PKI of asymmetric key cipher algorithm and private key (as digital certificate and private key, or IBC PKI and private key).
In above scheme one and two, logged-in user record is removed as follows or is deleted:
The described logged-in user record that mobile login system is preserved has time limit, and the logged-in user record in overtime time limit is moved login system and removes or delete;
Information system is inquired about and confirms that user completes after the login for information system in mobile login system in mobile login system, by mobile login system by the user's who completes login who preserves in mobile login system logged-in user record purge or deletion;
When using mobile login client, user completes after the register for information system in mobile login system, if mobile login client exits the session connection (user initiatively exits or is connected overtime nothing and causes alternately mobile login client or mobile login system to exit) with mobile login system, the logged-in user record for active user of preservation is removed or deleted to mobile login system immediately, or exceed after there is valid expiration date and remove or delete (fixed according to concrete enforcement demand) by mobile login system at the logged-in user record for active user.
In above scheme one and two, if described mobile login system is a system for user's login that is independent of information system and supports multiple information systems simultaneously,, when user is in the time that mobile login system is carried out register, login by movement the information system that client is selected or input will be logined.
Further, the login method for the above based on mobile phone, can also carry out in the following way random code and reset:
When using mobile login client, user completes (i.e. login is differentiated by rear) after the register for information system in mobile login system, before mobile login client exits the session connection with mobile login system, user is logined client input message system and is turned back to the new random code of client by movement, request resets the random code of log-on message system; Mobile login system receives after the request that resets random code of mobile login client submission, check the logged-in user record of whether preserving corresponding to active user log-on message system, if have, the random code in the new random code replacement user's that user submits to logged-in user record; Otherwise, for user creates and preserves logged-in user record for information system (before mobile login client exits the session connection with mobile login system, mobile login system has recorded the account name of user in the information system that will login, therefore without inputting account name again).
In addition, as follows to the boosting of scheme one and scheme two:
In described the 4th step and the 7th step, the random code of generation is divided into two parts by information system, and a part turns back to information system client, and a part sends to user mobile phone with short message mode;
In described the 5th step, carry out in the operating process of log-on message system in mobile login system in use identity documents, or complete in mobile login system after the operation of log-on message system, user turns back to information system client by information system and merges and be input to mobile login client and be submitted to mobile login system with two parts random code that sends to user mobile phone, or user turns back to information system client by information system and is input to respectively mobile login client with two parts random code that sends to mobile phone, after being merged by mobile login client, be submitted to mobile login system,
In addition, in the user account database of information system, account's binding of user has user's phone number, and information system inquires about, obtains the phone number of user account binding for sending random code to user mobile phone in user account database according to user's account name;
Other operations of scheme are constant.
If the login method based on mobile phone is the method for enhancement mode, carrying out random code while resetting, user turns back to information system client by information system and merges and be input to mobile login client and be submitted to mobile login system with two parts random code that sends to user mobile phone, or user turns back to information system client by information system and is input to respectively mobile login client with the random code that sends to mobile phone, by being submitted to mobile login system after the merging of mobile login client.
In addition, the random code that information system turns back to information system client can be returned in the mode of bar code or Quick Response Code.If information system turns back to the random code of information system client and returns in the mode of bar code or Quick Response Code, user uses mobile telephone scanning bar code or Quick Response Code, and the random code that bar code or Quick Response Code are represented is input to mobile login client.
Can see from above summary of the invention, adopt the system and method based on mobile phone login of the present invention, user can pass through a mobile phone completion system register carry out information system login during in Internet bar.If user adopts account name, password mode log-on message system, user in the time carrying out register without input password in Internet bar's computer, therefore, even if exist in Internet bar's computer, wooden horse, oracle listener also cannot be tackled, the password of monitoring users, thereby also just there will not be the stolen situation of account's password.Even if wooden horse has been intercepted the random code that turns back to client, but this random code only plays correlation, and hacker cannot obtain the secret authentication data (as password) of user in the identity documents of information system, therefore be also safe, further, can adopt random code is turned back to client with the form of picture, wooden horse, virus are also difficult to obtain random code like this.Further, if adopt the method based on mobile phone login of enhancement mode,, because hacker cannot tackle, forge two parts random code that turns back to client and send to user mobile phone simultaneously, therefore, the fail safe of method further improves.
If user login information system need to be used hardware encryption device and privacy key wherein (as digital certificate private key) to carry out register, the mobile phone of the user in the present invention is just equivalent to a hardware encryption device of preserving user's privacy key.
Brief description of the drawings
Fig. 1 is the schematic diagram of system and method for the present invention.
Embodiment
Below in conjunction with drawings and Examples, the invention will be further described.
Enforcement of the present invention is uncomplicated, than being easier to, wherein more crucial place comprises: how information system preserves, the session data of session connection and user's account name and the random code of maintenance and client, how information system to preserve, safeguard that the user's that will login treats login user record, the request record to be identified that how mobile login system preserves, maintenance information system is submitted to, the logged-in user record of logged-in user is preserved, safeguarded to mobile login system how, and how information system inquires about logged-in user record.
If information system is a system (being the system of C/S framework) that adopts private client, information system is safeguarded the session object (Session Object) of TCP join dependency with client connection, and the account name that user is submitted to and the random code that turns back to subscription client are kept in this session object joining with TCP join dependency.If information system is the Web information system (being the system of B/S framework) of a general client of employing browser, the account name that information system is submitted user to is saved in (as Cookie, Java session object, ASP.NET session object etc.) in the http session object being connected for client session with the random code that turns back to subscription client.
Information system can be kept at a login user record for the treatment of that will carry out user's (treating login user) of register in an internal memory chained list or in database, eachly treat that login user is to there being one to treat login user record data object or data-base recording, and each treat login user treat there is a time limit field in login user record data object or data record, for indicating the life period time limit of this data object or data record.In information system timing scan internal memory or database, treat login user record data object or data record, if certain treats that login user record data object or data record have exceeded the life period time limit, it deleted from internal memory chained list or database or remove.
The mode of the request record to be identified that mobile login system is preserved, maintenance information system is submitted to is preserved, is safeguarded and treat that the mode of login user record is similar with information system, request to be identified record can be kept in an internal memory chained list or database, when respective user after mobile login system completes login and differentiates or request to be identified request record to be identified is deleted or removing from internal memory chained list or database after recording the overtime term of validity.
Similarly, mobile login system preserves, safeguards that the mode of logged-in user record preserves, safeguards and treat that the mode of login user record is similar with information system, logged-in user record can be kept in an internal memory chained list or database, after logged-in user records the overtime term of validity, logged-in user record be deleted or removed from internal memory chained list or database.
If mobile login system is a system component of information system, information system can directly be accessed mobile login system and is kept at logged-in user record data object or the data record in internal memory chained list or in database, determine whether some users have completed register, if so, this user's logged-in user record data object or data record are deleted or removed from internal memory chained list or database; Or, the calling interface that information system can provide by mobile login system is inquired about, is confirmed whether some users have completed register, and in the input parameter of interface interchange, there is special parameter to be used to indicate when inquiry, to confirm that a user has completed after login discriminating, calling interface on the one hand returns to user has completed the state information of login, on the other hand this user's logged-in user record data object or data record is deleted or is removed from internal memory chained list or database.
If mobile login system is a system that is independent of information system, mobile login system provides the mode of safe remote inquiry, as far call interface RMI (Remote Method Invocation), Web Services, XML-RPC, Web API etc., whether complete register for information system inquiring user, and the inquiry instruction of submitting to according to information system, after confirmation user has completed register, the logged-in user record data object of the user in internal memory chained list or database or data record are deleted or removed.The mode of described safe remote inquiry will ensure the logged-in user record of the system ability inquiring user that only has mandate, and logged-in user record is deleted in instruction.
If what user differentiated employing in the login of information system is PKI digital certificate, user can adopt following scheme the account of information system with the binding between digital certificate:
In the certificate holder name (certificate subject name) of customer digital certificate, include the account name (such as certificate common name be account name) of user in information system; When user uses digital certificate in the time that mobile login system is logined, mobile login system first differentiates user by digital certificate, differentiate by after from certificate holder name, obtain again user's account name, complete the login process to user; Or, from certificate holder name, obtain after user account names the further user account database of inquiry information system, determine whether user account exists and effectively, if so, complete the login process to user.
If what user differentiated employing in the login of information system is IBC (Identity Based Cryptography) identification cipher technology (a kind of public-key technology), user's PKI, mark, can be the account name of user in information system.When user uses when being identified at mobile login system and logining, mobile login system is first differentiated user by user ID (PKI), after discriminating is passed through, user's mark (PKI) is the account name of user in information system, completes the login process to user; Or the user account database of user's the further inquiry information system of mark, determines whether user account exists and effectively, if so, completes the login process to user.
If mobile login system is an assembly of information system, treat that login user record only needs one with request record to be identified, even they can be the same records with different conditions with logged-in user record.
If information system adopts, random code is divided into two parts, a part turns back to client, and a part sends to the mode of user mobile phone, can realize random code by various Mobile Phone Short Message Services and send.
At other specific embodiment party faces, mobile login system and mobile login client can adopt C/S framework, and the TCP that can adopt alternately between them connects and self-defining agreement.Mobile login client can adopt the development technique exploitation (as J2ME etc.) that is suitable for mobile phone.Mobile login system can adopt any suitable development of information system technology (as J2EE, ASP.NET).
In addition, if information system or mobile login system have adopted the deployment way of redundancy, load balancing, be every kind of function system disposed two cover or two cover more than, treat that login user record, request to be identified or logged-in user record should be consistent between redundant system, or adopt the mode of database storage.
Other unaccounted concrete technology are implemented, and are well-known, self-explantory for those skilled in the relevant art.
Claims (10)
1. the system based on mobile phone login, is characterized in that: described system comprises the following component of a system:
Information system: one provides the system of function services by network;
Information system client a: user is used for the user side program of visit information system; Described information system client comprises private client and the general client of browser;
Mobile login system a: user to log-on message system logins the assembly of differentiating the information system of processing or the system that is independent of information system;
Mobile phone: user's mobile communications device; Program in described mobile phone can be accessed mobile login system by data network;
Mobile login client: one operate in user mobile phone, for carry out the program of information system register in mobile login system;
In the time that user uses information system client-access information system, the identity documents of user in information system, completes the operation of log-on message system in mobile login system by the mobile login client in mobile phone;
Described identity documents refers to for online mark and discriminating user's electronic data, is made up of subscriber identity data and secret authentication data; User is or comprises the account name of user in information system in the subscriber identity data of the identity documents of information system.
2. the login method that utilizes the system based on mobile phone login described in claim 1, is characterized in that: described method comprises:
The first step: the information system that user uses information system client-access not yet to login;
Second step: information system returns to client the prompting that user not yet logins;
The 3rd step: user selects to login with mobile phone by information system client, inputs the account name in information system, and by information system client, the account name of the selection of selecting mobile phone to login and input is submitted to information system;
The 4th step: information system receives selecting after the selection and account name that mobile phone logins that user submits to, verify by accounts database, confirm whether user account exists, checking, after confirming to pass through, generate a random code, then inspection message system whether preserved the random code of account name and the generation submitted to user identical treat login user record, if have, regenerate random code, again inspection message system whether preserved the random code of account name and the generation submitted to user identical treat login user record, repeat this process, until the random code of the account name that treating of having preserved do not submitted to user in login user record and generation not identical treat login user record, then the account name that information system is submitted user to and the random code of generation are as treating the preservation of login user record, and the account name of user's submission and the random code of generation are saved in the session data of information system with the session connection between information system client, then random code is turned back to information system client,
Described in described information system preservation, treat that login user record has time limit, the request record to be identified in overtime time limit is removed or is deleted by information system;
The 5th step: the mobile login client that user starts in mobile phone connects mobile login system, and logins client user by movement and carry out the operation of log-on message system in the identity documents of information system in mobile login system; Carry out in the operating process of log-on message system in mobile login system in use identity documents, or complete in mobile login system after the operation of log-on message system, the random code that information system is turned back to information system client by user is input to mobile login client and is submitted to mobile login system;
Mobile login system is after the identity documents based on user completes user's login discriminating, and the random code that the user who obtains from user identity voucher is submitted to account name and the user of information system is preserved as logged-in user record;
The 6th step: user uses mobile login client to complete after register in mobile login system, continues visit information system by information system client;
The 7th step: information system receives after the continuation access request of client, the random code of utilizing the user account names of preserving in the session data with the session connection between client and return to user is to mobile login system inquiry, confirm whether user completes the login for information system in mobile login system, if being user, Query Result completes login, information system is the user who has completed login by user label in session data, removing or deletion are with account name and the corresponding login user record for the treatment of of random code in the session data of the session connection of information system client, allow user to continue access, otherwise, return to the prompting that requires user to login to information system client, and again return to random code to client, if the random code of again returning to client from return before different, upgrade account name and the corresponding login user record for the treatment of of random code in the session data of session connection of same information system client, and upgrade the random code of preserving in the session data with the session connection of information system client.
3. the login method that utilizes the system based on mobile phone login described in claim 1, is characterized in that: described login method comprises:
The first step: the information system that user uses information system client-access not yet to login;
Second step: information system returns to client the prompting that user not yet logins;
The 3rd step: user selects to login with mobile phone by information system client, inputs the account name in information system, and by information system client, the account name of the selection of selecting mobile phone to login and input is submitted to information system;
The 4th step: information system receives after employing the mobile phone selection and account name of logining that user submits to, verify, confirm by accounts database whether user account exists, after checking, confirmation are passed through, generate a random code, then the account name of user being submitted to and the random code of generation are submitted to mobile login system, and request utilizes this random code to login discriminating to the corresponding user of account name, if the result that mobile login system is returned instruction login is differentiated request and is submitted to successfully, the account name that information system is submitted user to and the random code of generation are saved in the session data of information system with the session connection between client, then the random code of generation are turned back to client, if the result that mobile login system is returned instruction login is differentiated request and is submitted to unsuccessfully, failed reason is that random code repeats, information system regenerates a random code, and then the account name that user is submitted to is submitted to mobile login system with the random code regenerating, request utilizes random code to login discriminating to the corresponding user of account name again, repeat this process, until differentiating, the login of resubmiting asks successfully, the account name that after success, information system is submitted user to and the random code of generation are saved in the session data of the session connection between same client, then the random code of generation is turned back to client, or there is the failure that other reasons causes, end login process,
Described mobile login system receives information system submission user is logined after the request of differentiating, judge whether to preserve the request record to be identified with same account name and random code, if so, returning to the also misdirection reason of makeing mistakes is that random code repeats; Otherwise mobile login system is preserved the account name receiving and random code as request record to be identified;
The request record described to be identified that described mobile login system is preserved has time limit, and the request record to be identified in overtime time limit is moved login system and removes or delete;
The 5th step: the mobile login client that user starts in mobile phone connects mobile login system, and logins client user by movement and carry out the operation of log-on message system in the identity documents of information system in mobile login system; Using identity documents to carry out in the operating process of log-on message system in mobile login system, the random code that information system is turned back to information system client by user is input to mobile login client and is submitted to mobile login system;
Described mobile login system user is logined differentiate process in, the random code of first utilizing the user who obtains from user identity voucher to submit to account name and the user of information system, checks the request record to be identified of whether preserving corresponding to same account name and random code; If have, continue user to login discriminating, otherwise, prompting mistake;
Described mobile login system is after the identity documents based on user completes user's login discriminating, be user login differentiate pass through after, remove or delete the request record to be identified corresponding to active user, the random code that the user who obtains from user identity voucher is submitted to account name and the user of information system is preserved as logged-in user record;
The 6th step: user uses mobile login client to complete after register in mobile login system, continues visit information system by information system client;
The 7th step: information system receives after the continuation access request of client, utilize the user account names of preserving in the session data with the session connection between client and the random code that returns to user to inquire about, confirm to mobile login system whether user completes the login for information system in mobile login system, if being user, Query Result completes login, information system is the user who has completed login by user label in session data, allows user to continue access; Otherwise, return to the prompting that requires user to login to information system client, and again return to random code to information system client; If the random code of again returning to client from return before different, upgrade be submitted to mobile login system, with account name and the corresponding request record to be identified of random code in the session data of the session connection of information system client, and upgrade the random code of preserving in the session data with the session connection of information system client.
4. according to the login method of the system based on mobile phone login described in claim 2 or 3, it is characterized in that:
When logining client by movement, user uses in the identity documents of information system in the time that mobile login system is carried out the operation of log-on message system, if it is account name, password that the user who adopts logins identification method, account name, password that described mobile login system is submitted to according to user are completed user's login are differentiated by the user account database of inquiry information system; If it is account name, dynamic password that the user who adopts logins identification method, account name, the password that described mobile login system is submitted to according to user also completed user's login differentiated by verifying dynamic password server; If it is that biological characteristic is differentiated that the user who adopts logins identification method, the biological characteristic that described mobile login system is submitted to by mobile phone according to user is completed user's login is differentiated by inquiry biological characteristic identification system or biological characteristic storage system; If the user who adopts to login identification method be the scheme based on public-key technology, according to user's the identity documents based on public-key technology and identity documents, with user, the binding between the account of information system or corresponding relation complete user's login are differentiated described mobile login system.
5. according to the login method of the system based on mobile phone login described in claim 2 or 3, it is characterized in that:
When logining client by movement, user uses in the identity documents of information system in the time that mobile login system is carried out the operation of log-on message system, if desired user's key carries out crypto-operation, and described movement logined the crypto module in client call mobile phone and use the user key of preserving in mobile phone to complete crypto-operation by crypto module; Described key comprises the symmetric key of symmetric key cipher algorithm and PKI and the private key of asymmetric key cipher algorithm.
6. according to the login method of the system based on mobile phone login described in claim 2 or 3, it is characterized in that:
The described logged-in user record that mobile login system is preserved has time limit, and the logged-in user record in overtime time limit is moved login system and removes or delete;
Information system is inquired about and confirms that user completes after the login for information system in mobile login system in mobile login system, by mobile login system by the user's who completes login who preserves in mobile login system logged-in user record purge or deletion;
When using mobile login client, user completes after the register for information system in mobile login system, if mobile login client exits the session connection with mobile login system, the logged-in user record for active user of preservation is removed or deleted to mobile login system immediately, or exceed after there is valid expiration date and removed or deleted by mobile login system at the logged-in user record for active user.
7. according to the login method of the system based on mobile phone login described in claim 2 or 3, it is characterized in that:
If described mobile login system is a system for user's login that is independent of information system and supports multiple information systems simultaneously,, when user is in the time that mobile login system is carried out register, login by movement the information system that client is selected or input will be logined.
8. according to the login method of the system based on mobile phone login described in claim 2 or 3, it is characterized in that: reset method for the random code of described login method as follows:
When using mobile login client, user completes after the register for information system in mobile login system, before mobile login client exits the session connection with mobile login system, user is logined client input message system and is turned back to the new random code of client by movement, request resets the random code of log-on message system; Mobile login system receives after the request that resets random code of mobile login client submission, check the logged-in user record of whether preserving corresponding to active user log-on message system, if have, the random code in the new random code replacement user's that user submits to logged-in user record; Otherwise, for user creates and preserves the logged-in user record for information system.
9. according to the login method of the system based on mobile phone login described in claim 2 or 3, it is characterized in that:
If in described the 4th step and the 7th step, the random code of generation is divided into two parts by information system, a part turns back to information system client, and a part sends to user mobile phone with short message mode:
In described the 5th step, carry out in the operating process of log-on message system in mobile login system in use identity documents, or complete in mobile login system after the operation of log-on message system, user turns back to information system client by information system and merges and be input to mobile login client and be submitted to mobile login system with two parts random code that sends to user mobile phone, or user turns back to information system client by information system and is input to respectively mobile login client with two parts random code that sends to user mobile phone, after being merged by mobile login client, be submitted to mobile login system,
In the user account database of information system, account's binding of user has user's phone number, and information system inquires about, obtains the phone number of user account binding for sending random code to user mobile phone in user account database according to user's account name.
10. according to the login method of the system based on mobile phone login described in claim 2 or 3, it is characterized in that:
If information system turns back to the random code of information system client and returns in the mode of bar code or Quick Response Code, user uses mobile telephone scanning bar code or Quick Response Code, and the random code that bar code or Quick Response Code are represented is input to mobile login client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410395338.1A CN104202162B (en) | 2014-08-12 | 2014-08-12 | A kind of system logged in based on mobile phone and login method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410395338.1A CN104202162B (en) | 2014-08-12 | 2014-08-12 | A kind of system logged in based on mobile phone and login method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104202162A true CN104202162A (en) | 2014-12-10 |
| CN104202162B CN104202162B (en) | 2017-09-22 |
Family
ID=52087392
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410395338.1A Active CN104202162B (en) | 2014-08-12 | 2014-08-12 | A kind of system logged in based on mobile phone and login method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104202162B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683354A (en) * | 2015-03-24 | 2015-06-03 | 武汉理工大学 | Dynamic password system based on label |
| CN104917755A (en) * | 2015-05-05 | 2015-09-16 | 武汉理工大学 | Login method based on mobile communication terminal and short message |
| CN105141577A (en) * | 2015-07-07 | 2015-12-09 | 武汉理工大学 | Asynchronous login method for information system |
| CN105141624A (en) * | 2015-09-17 | 2015-12-09 | 网易(杭州)网络有限公司 | Login method, account management server and client system |
| CN105162773A (en) * | 2015-08-04 | 2015-12-16 | 武汉理工大学 | Mobile terminal based shortcut login method for Web system |
| CN105281902A (en) * | 2015-12-03 | 2016-01-27 | 武汉理工大学 | Web system safety login method based on mobile terminal |
| CN105282150A (en) * | 2015-09-16 | 2016-01-27 | 武汉理工大学 | Log-in assistant system for Web system |
| CN105391727A (en) * | 2015-11-26 | 2016-03-09 | 武汉理工大学 | System login method based on mobile terminal |
| CN105868213A (en) * | 2015-01-22 | 2016-08-17 | U3D有限公司 | Late binding identity method used for account |
| CN106454830A (en) * | 2016-10-10 | 2017-02-22 | 武汉理工大学 | Method for establishing connection with program in mobile terminal and system |
| CN107196925A (en) * | 2017-05-09 | 2017-09-22 | 北京同余科技有限公司 | The private data guard method and system of access time self-regulation |
| CN107733838A (en) * | 2016-08-11 | 2018-02-23 | 中国移动通信集团安徽有限公司 | A kind of mobile terminal client terminal identity identifying method, device and system |
| CN109508520A (en) * | 2018-11-10 | 2019-03-22 | 南昌科悦企业管理咨询有限公司 | A kind of Security Login System of computer |
| CN112154634A (en) * | 2018-05-18 | 2020-12-29 | 瑞典爱立信有限公司 | Application access control |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006019451A1 (en) * | 2004-07-15 | 2006-02-23 | Anakam L.L.C. | System and method for blocking unauthorized network log in using stolen password |
| CN101699892A (en) * | 2009-10-30 | 2010-04-28 | 北京神州付电子支付科技有限公司 | Method and device for generating dynamic passwords and network system |
| CN102130918A (en) * | 2011-04-01 | 2011-07-20 | 张仁平 | Account binding system for network logon authentication |
| CN102510378A (en) * | 2011-10-31 | 2012-06-20 | 福建天晴数码有限公司 | Method for logging in online game through mobile equipment |
-
2014
- 2014-08-12 CN CN201410395338.1A patent/CN104202162B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006019451A1 (en) * | 2004-07-15 | 2006-02-23 | Anakam L.L.C. | System and method for blocking unauthorized network log in using stolen password |
| CN101699892A (en) * | 2009-10-30 | 2010-04-28 | 北京神州付电子支付科技有限公司 | Method and device for generating dynamic passwords and network system |
| CN102130918A (en) * | 2011-04-01 | 2011-07-20 | 张仁平 | Account binding system for network logon authentication |
| CN102510378A (en) * | 2011-10-31 | 2012-06-20 | 福建天晴数码有限公司 | Method for logging in online game through mobile equipment |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105868213A (en) * | 2015-01-22 | 2016-08-17 | U3D有限公司 | Late binding identity method used for account |
| CN104683354A (en) * | 2015-03-24 | 2015-06-03 | 武汉理工大学 | Dynamic password system based on label |
| CN104683354B (en) * | 2015-03-24 | 2017-09-22 | 武汉理工大学 | A kind of dynamic password system based on mark |
| CN104917755B (en) * | 2015-05-05 | 2018-05-18 | 武汉理工大学 | A kind of login method based on mobile communication terminal and short message |
| CN104917755A (en) * | 2015-05-05 | 2015-09-16 | 武汉理工大学 | Login method based on mobile communication terminal and short message |
| CN105141577B (en) * | 2015-07-07 | 2019-08-20 | 武汉理工大学 | A kind of asynchronous login method of oriented of Information System |
| CN105141577A (en) * | 2015-07-07 | 2015-12-09 | 武汉理工大学 | Asynchronous login method for information system |
| CN105162773A (en) * | 2015-08-04 | 2015-12-16 | 武汉理工大学 | Mobile terminal based shortcut login method for Web system |
| CN105162773B (en) * | 2015-08-04 | 2018-05-15 | 武汉理工大学 | A kind of convenient login method of Web system based on mobile terminal |
| CN105282150B (en) * | 2015-09-16 | 2019-08-20 | 武汉理工大学 | A kind of login assistant system of web oriented system |
| CN105282150A (en) * | 2015-09-16 | 2016-01-27 | 武汉理工大学 | Log-in assistant system for Web system |
| CN105141624B (en) * | 2015-09-17 | 2018-09-25 | 网易(杭州)网络有限公司 | Login method, account management server and FTP client FTP |
| CN105141624A (en) * | 2015-09-17 | 2015-12-09 | 网易(杭州)网络有限公司 | Login method, account management server and client system |
| CN105391727A (en) * | 2015-11-26 | 2016-03-09 | 武汉理工大学 | System login method based on mobile terminal |
| CN105391727B (en) * | 2015-11-26 | 2018-03-02 | 武汉理工大学 | A kind of system login method based on mobile terminal |
| CN105281902A (en) * | 2015-12-03 | 2016-01-27 | 武汉理工大学 | Web system safety login method based on mobile terminal |
| CN105281902B (en) * | 2015-12-03 | 2018-04-20 | 武汉理工大学 | A kind of Web system safe login method based on mobile terminal |
| CN107733838A (en) * | 2016-08-11 | 2018-02-23 | 中国移动通信集团安徽有限公司 | A kind of mobile terminal client terminal identity identifying method, device and system |
| CN106454830A (en) * | 2016-10-10 | 2017-02-22 | 武汉理工大学 | Method for establishing connection with program in mobile terminal and system |
| CN106454830B (en) * | 2016-10-10 | 2020-01-14 | 武汉理工大学 | Method and system for establishing connection with program in mobile terminal |
| CN107196925A (en) * | 2017-05-09 | 2017-09-22 | 北京同余科技有限公司 | The private data guard method and system of access time self-regulation |
| CN107196925B (en) * | 2017-05-09 | 2020-07-28 | 睿智合创(北京)科技有限公司 | Private data protection method with self-adjustment of access time |
| CN112154634A (en) * | 2018-05-18 | 2020-12-29 | 瑞典爱立信有限公司 | Application access control |
| US11785013B2 (en) | 2018-05-18 | 2023-10-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Application program access control |
| CN109508520A (en) * | 2018-11-10 | 2019-03-22 | 南昌科悦企业管理咨询有限公司 | A kind of Security Login System of computer |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104202162B (en) | 2017-09-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104202162A (en) | System for login based on mobile phone and login method | |
| CN104270338B (en) | Method and its system that a kind of electronic identity registration and certification are logged in | |
| US20180295137A1 (en) | Techniques for dynamic authentication in connection within applications and sessions | |
| CN105024819B (en) | A kind of multiple-factor authentication method and system based on mobile terminal | |
| CN107251035B (en) | Account recovery protocol | |
| US8869238B2 (en) | Authentication using a turing test to block automated attacks | |
| US9344896B2 (en) | Method and system for delivering a command to a mobile device | |
| WO2018064881A1 (en) | Method and system for saving user login state for use in ios client terminal | |
| CN103888255A (en) | Identity authentication method, device and system | |
| CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
| CN104094270A (en) | Protecting user credentials from a computing device | |
| JP2012530965A (en) | Multi-factor authentication for shared registration system | |
| CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
| KR101238687B1 (en) | User authentication system using biometric one-time password | |
| WO2019226115A1 (en) | Method and apparatus for user authentication | |
| JP2007264835A (en) | Authentication method and system | |
| CN103944877A (en) | Method and system for safely logging on bank website based on two-dimension code | |
| JP4334515B2 (en) | Service providing server, authentication server, and authentication system | |
| JP2006311529A (en) | Authentication system and authentication method therefor, authentication server and authentication method therefor, recording medium, and program | |
| JP2009282561A (en) | User authentication system, user authentication method and program | |
| CN109889518A (en) | A kind of encryption storage method | |
| CN102143131A (en) | User logout method and authentication server | |
| EP2775658A2 (en) | A password based security method, systems and devices | |
| CN108924149B (en) | Token-based identity validity verification method and system | |
| WO2017029708A1 (en) | Personal authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |