CN104394136A - Authentication method and authentication device based on mobile phone - Google Patents
Authentication method and authentication device based on mobile phone Download PDFInfo
- Publication number
- CN104394136A CN104394136A CN201410659622.5A CN201410659622A CN104394136A CN 104394136 A CN104394136 A CN 104394136A CN 201410659622 A CN201410659622 A CN 201410659622A CN 104394136 A CN104394136 A CN 104394136A
- Authority
- CN
- China
- Prior art keywords
- authentication
- user
- mobile phone
- management platform
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
Abstract
The invention provides an authentication method based on a mobile phone. A management platform performs authentication on whether a bound mobile phone is adopted according to user information sent by an APP client in the mobile phone. The invention also provides an authentication device based on the mobile phone. The authentication method and the authentication device based on the mobile phone are capable of better preserving a user password and enhancing the safety level.
Description
Technical field
The present invention relates to identity validation technology field, be specifically related to a kind of method and apparatus carrying out authentication based on mobile phone.
Background technology
Along with informationalized development, the privacy of personal information is challenged, and individual account information becomes no longer safe, has the possibility of loss at any time, and this loss can not Timeliness coverage, and adopts remedial measures, and risk is strengthened day by day.At this moment, mobile phone becomes a kind of possible solution.If use mobile phone to carry personal information, the personal secrets grade of personal information will be strengthened, and no longer easily loses, even and if after losing, also can Timeliness coverage, and make remedial measure, risk management and control has just possessed real-time feature.
Summary of the invention
To achieve these goals, the present invention proposes a kind of method of carrying out authentication based on mobile phone, user cipher can be taken care of better, strengthen the safe class of personal information.Described method comprises:
S1: user uses PC to pass through the management platform of web page access network side;
S2: the management platform of network side has detected that user accesses, uses the generation of Quick Response Code generating solution parser about the 2 D code information of this access session;
S3: the 2 D code information of generation is sent to client personal computer end and is presented in webpage by management platform;
S4: the APP client scan in user mobile phone obtains described 2 D code information, decodes to described 2 D code information, and the information will obtained after decoding, the user profile of preserving in user mobile phone is sent to the management platform of network side together;
S5: management platform performs authentication.
Especially:
Management platform described in described step S5 performs authentication and is specially: whether management platform authentication of users uses the mobile phone of binding to perform described authentication.
Especially:
The information obtained after decoding described in described step S4 is described access session mark.
Especially:
Also comprise the step S0 that user performs registration and handset binding before described step S1, described step S0 comprises:
S01: user is by the APP client input username and password on mobile phone;
S02: described APP client stochastic generation and the device-dependent authentication secret of user mobile phone are also kept in user mobile phone;
S03: the described user name that user inputs by described APP client, password and described authentication secret are sent to the management platform of network side, complete registration.
Wherein said user name, password and authentication secret preserve portion in described mobile phone.
Especially:
Described user profile comprises user name, password and described authentication secret;
Described step S5 is specially: management platform is according to described user name, password and authentication secret, and whether authentication of users uses the mobile phone of binding to perform described authentication.
Especially:
S6: after being verified, management platform is by the web displaying authentication success of client personal computer end.
A kind of equipment carrying out authentication based on mobile phone that the present invention proposes, comprising:
The management platform of network side, for when having detected that user uses management platform described in web page access by PC, use the generation of Quick Response Code generating solution parser about the 2 D code information of this access session, and described 2 D code information is sent to the PC of user, by web displaying to user;
For receiving the information sent by the APP client in mobile phone;
For performing described authentication;
APP client in user mobile phone, for scanning the described 2 D code information obtaining and be presented in webpage, described 2 D code information is decoded, and the information will obtained after decoding, the user profile of preserving in user mobile phone is sent to the management platform of network side together.
Especially:
The described authentication that management platform performs is specially: whether management platform authentication of users uses the mobile phone of binding to perform described authentication.
Especially:
Described user profile is: in the authentication secret for handset binding of user name, password and described APP client stochastic generation that registration phase user inputs.
Especially:
The described authentication that management platform performs is specially: management platform is according to described user name, password and authentication secret, and whether authentication of users uses the mobile phone of binding to perform described authentication.
The invention has the beneficial effects as follows: use mobile phone as the authentication instrument of individual, user cipher can be taken care of better, enhance safe class.Mobile phone certificate is convenient to mobile carrying, and Consumer's Experience is bound apparently higher than the certificate of computer end.Mobile phone A PP can in order to avoid exit, and so each webpage logs in has abandoned complicated user name, Password Input process, and login process is more convenient.
Accompanying drawing explanation
Accompanying drawing 1 is the equipment principle block diagram carrying out authentication based on mobile phone that the present invention proposes.
Accompanying drawing 2 is that the mobile phone A PP that the present invention proposes registers and handset binding flow chart.
Accompanying drawing 3 is method flow diagrams carrying out authentication based on mobile phone that the present invention proposes.
Embodiment
Below in conjunction with accompanying drawing, the scheme that the present invention proposes is described in detail.
See accompanying drawing 1, the equipment carrying out authentication based on mobile phone that the present invention proposes mainly comprises mobile phone A PP client, the management platform of network side and Quick Response Code generating solution parser.Wherein management platform is core, is the supplier of subscriber management service and other services; Quick Response Code generating solution parser is also deployed among this management platform.When user holds this platform of web page access by PC (PC), this platform will use Quick Response Code generating solution parser generate Quick Response Code and show user.The Quick Response Code of this generation accesses action generation based on this time of user, comprising the session information of this access, and such as session identification ID.
The major function of mobile phone A PP client is assisted user registration and logs in and resolve the Quick Response Code that page end presents, and userspersonal information is fed back to the management platform of network side.This APP client requirements carries out handset binding, and such as cell-phone number binding, even if user name, password loss can not log at other mobile phone like this.
See accompanying drawing 2, it illustrates user's registration and handset binding flow chart, comprise the steps:
S1: user opens the APP client on mobile phone;
S2: user selects registration option by APP client;
S3:APP Client-Prompt user inputs username and password, and simultaneously APP client automatically performs handset binding, is specially: APP client stochastic generation and the device-dependent authentication secret of user mobile phone are also kept at user mobile phone.
S4: judge whether user confirms registration by APP client; If so, the user name that user is inputted by communication network by APP client, password and the authentication secret being used for handset binding are sent to the management platform of network side, complete registration, and enter step S5; Otherwise, point out registration failure to user, and return step S3.After completing registration, the user name that user inputs, password and authentication secret preserve portion in user mobile phone.
S5: prompting user registration success, flow process terminates.
See accompanying drawing 3, it illustrates the method flow diagram carrying out authentication based on mobile phone that the present invention proposes, comprise the steps:
S21: user uses PC PC to open webpage, the management platform of accesses network side.In this step, the web page access management platform that user can be held by PC.
S22: the management platform of network side has detected that user accesses, use the generation of Quick Response Code generating solution parser about the Quick Response Code of this session, this Quick Response Code comprises the information of this session, such as session identification ID.The Quick Response Code of generation is sent to user PC and holds and be presented in webpage by management platform.The same prior art of Quick Response Code generation technique in this step, repeats no more.
S23: user opens mobile phone A PP client.
S24: user selects the login option in APP client.
S25:APP Client-Prompt scanning input user PC holds the Quick Response Code that webpage shows.
S26: if scan successfully, performs decoding to the Quick Response Code that scanning obtains, by the information obtained after decoding, such as described session identification ID, the user name of preserving in user mobile phone, password and the authentication secret for handset binding are sent to the management platform of network side together, perform checking by management platform.Management platform can according to user name, password and authentication secret, guarantee that user uses the mobile phone of binding to perform this register, the information obtained after the Quick Response Code decoding received then is used for session to be labeled as to log in, and such PC holds webpage can carry out other operations.
If scan unsuccessful, then point out scanning input failure, and return step S25.
The same prior art of Quick Response Code coding/decoding method described in this step, repeats no more.
S27: management platform holds webpage prompting user to login successfully by PC, and flow process terminates.
Certainly; the present invention also can have other various embodiments; when not deviating from the present invention's spirit and essence thereof; those of ordinary skill in the art are when making various corresponding change and distortion according to the present invention, but these change accordingly and are out of shape the protection range that all should belong to claim of the present invention.
Claims (10)
1. carry out a method for authentication based on mobile phone, it is characterized in that, comprise the steps:
S1: user uses PC to pass through the management platform of web page access network side;
S2: the management platform of network side has detected that user accesses, uses the generation of Quick Response Code generating solution parser about the 2 D code information of this access session;
S3: the 2 D code information of generation is sent to client personal computer end and is presented in webpage by management platform;
S4: the APP client scan in user mobile phone obtains described 2 D code information, decodes to described 2 D code information, and the information will obtained after decoding, the user profile of preserving in user mobile phone is sent to the management platform of network side together;
S5: management platform performs authentication.
2. the method for claim 1, is characterized in that:
Management platform described in described step S5 performs authentication and is specially: whether management platform authentication of users uses the mobile phone of binding to perform described authentication.
3. method as claimed in claim 2, is characterized in that:
The information obtained after decoding described in described step S4 is described access session mark.
4. the method as described in any one of claim 1-3, is characterized in that:
Also comprise the step S0 that user performs registration and handset binding before described step S1, described step S0 comprises:
S01: user is by the APP client input username and password on mobile phone;
S02: described APP client stochastic generation and the device-dependent authentication secret of user mobile phone are also kept in user mobile phone;
S03: the described user name that user inputs by described APP client, password and described authentication secret are sent to the management platform of network side, complete registration;
Wherein said user name, password and authentication secret preserve portion in described mobile phone.
5. method as claimed in claim 4, is characterized in that:
Described user profile comprises user name, password and described authentication secret;
Described step S5 is specially: management platform is according to described user name, password and authentication secret, and whether authentication of users uses the mobile phone of binding to perform described authentication.
6. method as claimed in claim 5, is characterized in that, also comprise step after step S5:
S6: after being verified, management platform is by the web displaying authentication success of client personal computer end.
7. carry out an equipment for authentication based on mobile phone, it is characterized in that, comprising:
The management platform of network side, for when having detected that user uses management platform described in web page access by PC, use the generation of Quick Response Code generating solution parser about the 2 D code information of this access session, and described 2 D code information is sent to the PC of user, by web displaying to user;
For receiving the information sent by the APP client in mobile phone;
For performing described authentication;
APP client in user mobile phone, for scanning the described 2 D code information obtaining and be presented in webpage, described 2 D code information is decoded, and the information will obtained after decoding, the user profile of preserving in user mobile phone is sent to the management platform of network side together.
8. equipment as claimed in claim 7, is characterized in that:
The described authentication that management platform performs is specially: whether management platform authentication of users uses the mobile phone of binding to perform described authentication.
9. equipment as claimed in claim 8, is characterized in that:
Described user profile is: in the authentication secret for handset binding of user name, password and described APP client stochastic generation that registration phase user inputs.
10. equipment as claimed in claim 9, is characterized in that:
The described authentication that management platform performs is specially: management platform is according to described user name, password and authentication secret, and whether authentication of users uses the mobile phone of binding to perform described authentication.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410659622.5A CN104394136A (en) | 2014-11-18 | 2014-11-18 | Authentication method and authentication device based on mobile phone |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410659622.5A CN104394136A (en) | 2014-11-18 | 2014-11-18 | Authentication method and authentication device based on mobile phone |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104394136A true CN104394136A (en) | 2015-03-04 |
Family
ID=52611972
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410659622.5A Pending CN104394136A (en) | 2014-11-18 | 2014-11-18 | Authentication method and authentication device based on mobile phone |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104394136A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105577643A (en) * | 2015-11-23 | 2016-05-11 | 清华大学 | Identity authentication method and identity authentication system based on smart glasses |
CN108259445A (en) * | 2016-12-29 | 2018-07-06 | 上海格尔软件股份有限公司 | MS windows desktops Security Login System and its login method based on smart mobile phone |
CN110995416A (en) * | 2019-10-12 | 2020-04-10 | 武汉信安珞珈科技有限公司 | Method for associating mobile terminal with client |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2498472A1 (en) * | 2011-03-10 | 2012-09-12 | France Telecom | Method and system for granting access to a secured website |
CN103023918A (en) * | 2012-12-26 | 2013-04-03 | 百度在线网络技术(北京)有限公司 | Method, system and device for uniformly providing login for multiple network services |
CN103973652A (en) * | 2013-02-01 | 2014-08-06 | 深圳市天时通科技有限公司 | Login method and login system |
-
2014
- 2014-11-18 CN CN201410659622.5A patent/CN104394136A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2498472A1 (en) * | 2011-03-10 | 2012-09-12 | France Telecom | Method and system for granting access to a secured website |
CN103023918A (en) * | 2012-12-26 | 2013-04-03 | 百度在线网络技术(北京)有限公司 | Method, system and device for uniformly providing login for multiple network services |
CN103973652A (en) * | 2013-02-01 | 2014-08-06 | 深圳市天时通科技有限公司 | Login method and login system |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105577643A (en) * | 2015-11-23 | 2016-05-11 | 清华大学 | Identity authentication method and identity authentication system based on smart glasses |
CN108259445A (en) * | 2016-12-29 | 2018-07-06 | 上海格尔软件股份有限公司 | MS windows desktops Security Login System and its login method based on smart mobile phone |
CN108259445B (en) * | 2016-12-29 | 2021-12-10 | 格尔软件股份有限公司 | MS Windows desktop security login system based on smart phone and login method thereof |
CN110995416A (en) * | 2019-10-12 | 2020-04-10 | 武汉信安珞珈科技有限公司 | Method for associating mobile terminal with client |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104717218B (en) | A kind of Wifi Verification Systems and method | |
CN106161359B (en) | It authenticates the method and device of user, register the method and device of wearable device | |
CN103888451B (en) | Authorization method, the apparatus and system of certification | |
CN103986720B (en) | A kind of login method and device | |
CN103957522B (en) | A kind of intelligent communication method, terminal and system | |
CN105515783B (en) | Identity identifying method, server and certification terminal | |
CN105337740B (en) | A kind of auth method, client, trunking and server | |
ATE527797T1 (en) | USER AUTHENTICATION METHOD AND FACILITIES | |
CN103905400B (en) | A kind of service authentication method, apparatus and system | |
CN104253801B (en) | Realize the methods, devices and systems of login authentication | |
CN105871864B (en) | Mobile terminal authentication method and device | |
CN103037368A (en) | Method, device and system for identity authentication | |
CN105657695A (en) | Method, terminal and system for connecting to Wi-Fi | |
CN104468108A (en) | User identity authentication system and user identity authentication method based on barcode | |
JP2015201844A5 (en) | ||
CN103905200A (en) | Identity authentication method and system based on sound wave communications | |
CN104853350B (en) | A kind of public wireless environment online authentication method and equipment based on wechat | |
CN103778528B (en) | The processing method and system and device of payment | |
CN106203021B (en) | A kind of more certification modes are integrated to apply login method and system | |
CN105813060A (en) | Method and device for obtaining virtual user identity | |
CN104394136A (en) | Authentication method and authentication device based on mobile phone | |
CN103701586A (en) | Method and device for acquiring secret key | |
CN104936177B (en) | A kind of access authentication method and access authentication system | |
CN104618356A (en) | Identity verification method and device | |
CN104301116B (en) | A kind of method and system of NFC wireless routers private certification mode |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150304 |
|
RJ01 | Rejection of invention patent application after publication |