A kind of service authentication method, system and server
Technical field
The application is related to the communications field, more particularly to a kind of service authentication method, system and server.
Background technology
, can be to clothes after the user account game server that terminal is inputted by user with the continuous development of the communication technology
Business device initiating business request.In order to verify the reliability of terminal, server is after service request is received, at locally generated one
Random number(Generally 6 random numbers), because server memory has stored up the binding relationship between user account and cell-phone number, because
This, the random number can be sent to the mobile phone bound with the user account by server by short message.
Input port input terminal of the user by the random number that mobile phone receives by terminal(If terminal is to user's exhibition
The page of random number can be inputted by showing, user inputs the random number in the input frame in the page), terminal inputs user
The random number reports server, server by the random number that terminal reports compared with locally generated random number, if
It is identical, it is determined that currently the cellie with user account binding is legitimate user, passes through the business initiated server
The certification of request, respond the service request.
But during the business authentication of reality, in fact it could happen that entered with the mobile phone of user account binding by Trojan software
Situations such as invading, or situations such as user of mobile phone is by swindle is bound with user account, cause server to be tied up to user account
The random number that fixed mobile phone issues illegally is usurped, if the random number illegally usurped is used for business authentication mistake by disabled user
Journey, then the reliability of business authentication cannot be guaranteed.
The content of the invention
The embodiment of the present application provides a kind of service authentication method, system and server, to solve to deposit in the prior art
Business authentication reliability it is low the problem of.
A kind of service authentication method, methods described include:
Server generates the first random number when receiving the service request of first terminal transmission, and according to described first
Random number generates the first check code with customizing messages according to preset rules, wherein, the customizing messages includes and described first
The terminal iidentification for the second terminal that user account used in terminal is bound;
First random number is sent to the first terminal, first check code is sent to second eventually by server
End;
Server receives the second random number, the terminal iidentification of the terminal of transmission second random number and the second verification
Code;
Server is it is determined that second random number is identical with first random number, second check code and described the
When one check code is identical, second in the terminal iidentification replacement customizing messages for the terminal that will send second random number is whole
The terminal iidentification at end, and the customizing messages after being replaced according to the preset rules according to terminal iidentification is given birth to second random number
Into the 3rd check code;
Server is matched the 3rd check code with second check code, and according to matching result to the industry
Business request is authenticated.
A kind of server, the server include:
Request receiving module, for receiving the service request of first terminal transmission;
Information generating module, for generating the first random number, and according to first random number and customizing messages according to
Preset rules generate the first check code, wherein, the customizing messages include with the first terminal used in user account
The terminal iidentification of the second terminal of binding;
Information sending module, for first random number to be sent into the first terminal, by first check code
It is sent to second terminal;
Information receiving module, for receive the second random number, send second random number terminal terminal iidentification and
Second check code;
Authentication module, for it is determined that second random number is identical with first random number, second check code
When identical with first check code, the terminal iidentification that will send the terminal of second random number is replaced in the customizing messages
Second terminal terminal iidentification, and the customizing messages after described information generation module is replaced according to terminal iidentification and described the
After two random numbers generate the 3rd check code according to the preset rules, the 3rd check code and second check code are carried out
Matching, is authenticated according to matching result to the service request.
A kind of service authentication system, the system include:
Server, the first random number, Yi Jigen are generated when receiving the service request of first terminal transmission for receiving
The first check code is generated according to preset rules according to first random number and customizing messages, wherein, the customizing messages includes
With the first terminal used in user account binding second terminal terminal iidentification, and will first random number transmission
Second terminal is sent to the first terminal, by first check code, and, receive the second random number, send described the
The terminal iidentification of the terminal of two random numbers and the second check code, it is determined that second random number and the first random number phase
With, second check code it is identical with first check code when, end of the terminal of second random number will be sent to itself
End mark replaces the terminal iidentification of the second terminal in the customizing messages, and the customizing messages after being replaced according to terminal iidentification with
Second random number generates the 3rd check code according to the preset rules, by the 3rd check code and the progress of the second check code
Match somebody with somebody, and the service request is authenticated according to matching result;
First terminal, for sending the service request to server, and receive that the server sends first with
Machine number, and return to the second check code to server;
Second terminal, the first check code sent for the reception server, and return to the second random number to server.
The application has the beneficial effect that:
In the scheme of the embodiment of the present application, the first random number is first sent to first terminal by server, by the first check code
Be sent to second terminal, afterwards, when receive with first the second random number of random number identical, it is and identical with the first check code
The second check code when, according to send the second random number terminal whether be that legal second terminal is identified, servicing
In the case that the first random number and the first check code that device issues illegally are usurped, do not have as long as second terminal is in a safe condition
It is illegally used, server just can recognize that to the terminal of itself the second random number of return be not second terminal, will not pass through
Certification to service request, improve the reliability of business authentication.
Brief description of the drawings
Fig. 1 is the step schematic diagram of service authentication method in the embodiment of the present application one;
Fig. 2 is the structural representation of server in the embodiment of the present application two;
Fig. 3 is the structural representation of service authentication system in the embodiment of the present application three.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
In accompanying drawing, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that reality described herein
It is some embodiments of the present application to apply example, rather than whole embodiments.Based on the embodiment in the application, the common skill in this area
The every other embodiment that art personnel are obtained under the premise of creative work is not made, belong to the model of the application protection
Enclose.
The random number issued to solve the terminal bound when server to user account causes business to be recognized by illegal usurp
The problem of reliability is low is demonstrate,proved, the embodiment of the present application proposes a kind of new business authentication scheme, and server is receiving first terminal
During the service request of transmission, generate the first random number and given birth to according to first random number and customizing messages according to preset rules
Into the first check code, then first random number is sent to first terminal, is sent to first check code and described
The second terminal that user account used in one terminal is bound, afterwards, if server receives the second random number, sends described the
The terminal iidentification of the terminal of two random numbers and the second check code, and second random number is identical with first random number, institute
State that the second check code is identical with first check code, then will send the terminal of second random number terminal iidentification replace it is special
Determine in information after the terminal iidentification of second terminal, the customizing messages after being replaced according to terminal iidentification and second random number according to
The preset rules generate the 3rd check code again, if the 3rd check code matches with the second check code, then it represents that are sent out to server
The terminal for sending the second random number is second terminal, and service request can pass through certification;Otherwise, service request can't pass certification.
Due in the scheme of the embodiment of the present application, the terminal that the second random number is reported to server being bound with user account
Second terminal be adapted to, even if the first random number and the first check code that server issues illegally are usurped, but as long as
Two terminals are in a safe condition not to be illegally used, and server just can recognize that the terminal that the second random number is returned to itself
It is not second terminal, the reliability of business authentication by the certification to service request, will not be improved.
The scheme of the application is described in detail below by specific embodiment.
Embodiment one:
The embodiment of the present application one describes a kind of service authentication method, as shown in figure 1, the service authentication method mainly wraps
Include following steps:
Step 101:First terminal sends service request to server.
The first terminal being related in the embodiment of the present application can be PC, can also the mobile terminal such as mobile phone, this Shen
Please embodiment the type of first terminal is not limited.
The server being related in the embodiment of the present application can be the server of any application type, as game website takes
It is engaged in paying server etc. of device, online banking service device, shopping website, the embodiment of the present application is not limited the type of server
It is fixed.
In this step 101, after user account game server registered in advance can be used in first terminal, then to the clothes
Business device initiates the service request for a certain business.It is PC with the first terminal, server is that online banking service device is
Example, the specific implementation process of this step 101 are:
After the PC establishes connection by internet and online banking service device, logging in online banks can be shown to user
The page of server, and receive the user account registered in advance that user is inputted by the input frame of login page(Such as user
Name and password).The user account is sent to online banking service device by the PC, when online banking service device passes through to institute
After the certification for stating user account, login process is completed.Afterwards, the PC can will receive the industry of user's input by displayed page
Business request(Such as transferred account service), and the service request is sent to the online banking service device.
Step 102:Server is that the service request generates the first random number, and according to first random number and spy
Determine information and generate the first check code according to preset rules.
The customizing messages include with the first terminal used in user account binding second terminal terminal
Mark so that the first check code of generation is related to the terminal iidentification of second terminal.
Can be the use of registration when user's registered user's account in server in the scheme of the embodiment of the present application
Family account binding second terminal, i.e., the binding recorded in server between user account and the terminal iidentification of second terminal are closed
System, server can according to corresponding to determining the user account that is used during first terminal login service device second terminal terminal mark
Know.The second terminal can be the mobile terminal such as PC or PDA, mobile phone, and the embodiment of the present application is not whole to second
The type at end limits.
The first terminal and the second terminal in the present embodiment can be two terminal devices independently, such as
First terminal is PC, and second terminal is mobile phone;The first terminal and the second terminal can also be same terminal devices,
If first terminal and second terminal are the parts in same mobile phone.When the first terminal and the second terminal refer to same end
During end equipment, the terminal device has as the first terminal and the functional part of the second terminal to perform this reality respectively
The step of applying example one.
First random number can be the random number or other any form of random numbers of 6 bit digitals,
As non-6 be the random number of bit digital, or the random number of non-pure digi-tal(Random number comprising numeral and letter), the application implementation
Example is not limited the form of the first random number.
Server can be added using default key to first random number and customizing messages according to MD5 algorithms
It is close, and encrypted result is generated into 6 the first check codes by HASH algorithms.Certainly, the embodiment of the present application is also not necessarily limited to pass through it
His algorithm is encrypted to first random number and customizing messages and generates the first check code.
In the customizing messages in addition to the terminal iidentification including the second terminal, can also include with first terminal to
First attribute information of the service request correlation that server is sent, such as:User account information and/or the first terminal are asked
Business parameter information.With the first terminal be PC, second terminal be mobile phone, server be online banking service device,
The service request that first terminal is sent is directed to exemplified by network transferred account service, the industry sent with first terminal to server
The first related attribute information of business request includes but is not limited to:
User name, transfer amounts, the user name for the other user that transfers accounts in the user account of logging in online banks server
Deng.
Because first attribute information related to the service request that first terminal is sent to server is and specific business
Request is related, therefore, also has certain associate with specific service request according to the first check code that customizing messages generates
System.
When the service request that first terminal is sent to server differs, server is authenticated to this service request
When used customizing messages content it is also different, therefore, first attribute information can be considered anti-to a certain extent
The customized information of business is reflected, the first check code is generated using the customizing messages comprising the first attribute information, can be according to it
Property advantage improve encryption generation the first check code security.
For example, when the service request that first terminal is sent to server is the transferred account service for bank, then will can transfer accounts
The amount of money is included in the customizing messages as the first attribute information of transferred account service;For another example work as first terminal to server
The service request of transmission is shopping at network business, then can be included merchant identification as the first attribute information of shopping at network business
In the customizing messages.
Above is determining the alternative of specific information content for type of service, the embodiment of the present application can also be according to not
Same user account sets the content of customizing messages respectively, in order to receive the service request of first terminal transmission when server
Afterwards, the content of customizing messages corresponding to the user account selection according to used in first terminal.Such as:Server is user account
Included in 1 setting customizing messages:The terminal iidentification for the second terminal bound with user account 1, the user name of user account 1;For
User account 2 sets in customizing messages and included:The terminal iidentification of second terminal bound with user account 2, institute's requested service
Dealing money.When server receives the service request that first terminal is sent using user account 1, it is defined as the service request
Used customizing messages includes when being authenticated:Terminal iidentification, the user account for the second terminal bound with user account 1
1 user name.When server receives the service request that first terminal is sent using user account 2, being defined as the business please
Used customizing messages when being authenticated is asked to include:Terminal iidentification, the trade gold for the second terminal bound with user account 2
Volume.
Step 103:First random number is sent to the first terminal by server, and first check code is sent out
Give the second terminal.
Server sends the mode of the first random number with sending the first verification to the second terminal to the first terminal
The mode of code is different.For example, be PC in the first terminal, when second terminal is mobile phone, server can by internet to
The first terminal sends the first random number, passes through downlink short message(Or other communications)Sent to the second terminal
First check code;For another example in the part during the first terminal and second terminal are same mobile phone, server still may be used
First random number is sent to the first terminal by internet, described first is sent to the second terminal by downlink short message
Check code.
Step 104:Server receives the second random number and sends the terminal iidentification of the terminal of second random number.
Server can receive second random number, and the identification from the uplink short message received by uplink short message
Send the terminal iidentification of the terminal of second random number.
Step 105:Server receives the second check code.
Server can receive second check code by internet.
It should be noted that server first receives the second random number in embodiment one, then receive the mode of the second check code
The preferred scheme for realizing the present embodiment one, the embodiment of the present invention is also not necessarily limited to first receive the second check code, then receive second with
The mode of machine number, or the second random number of parallel reception and the mode of the second check code.
Step 106:Whether server second random number and first random number identical, the second check code with
Whether first check code is identical;If all identical, step 107 is performed;Otherwise, it is impossible to by the certification to service request,
And terminate.
Step 107:Server replaces the terminal iidentification for the terminal that second random number is sent to itself described specific
The terminal iidentification of second terminal in information, and the customizing messages after being replaced according to terminal iidentification and second random number according to
The preset rules generate the 3rd check code.
Step 108:Server is matched the 3rd check code with the second check code, and according to matching result to the industry
Business request is authenticated.
Server is it is determined that the 3rd check code generated in step 107 and the second check code(That is, first check code)
With result it is identical when, represent step 104 in server send the second random number terminal be second terminal, can be by business
The certification of request;Server is it is determined that the matching result of the 3rd check code and the second check code generated in step 107 differs
When, represent step 104 in server send the second random number terminal be not second terminal, it is impossible to by service request
Certification.
In the scheme of this implementation one, the first random number is first sent to first terminal by server, and the first check code is sent out
Give second terminal, afterwards, when receive again with first the second random number of random number identical, it is and identical with the first check code
The second check code when, to sending the terminal of second random number to server according to whether being that legal second terminal is carried out
Identification, can be in the case where the first random number and the first check code that server issues be by illegal usurp, as long as at second terminal
It is not illegally used in safe condition, server just can recognize that to the terminal of itself the second random number of return be not second
Terminal, the reliability of business authentication by the certification to service request, will not be improved.
Further, when in the customizing messages in addition to the terminal iidentification including the second terminal, in addition to first
During the first attribute information of the service request correlation that terminal to server is sent, server can also enter advance according to service request
One step is demonstrate,proved.Specific verification step includes:
The first step:Server receives the second random number and sends the terminal iidentification of the terminal of second random number.
Second step:Server receives the second check code.
3rd step:Server receives second attribute information related to service request.
4th step:Whether server second random number and first random number identical, the second check code with
Whether first check code is identical;If all identical, step 107 is performed;Otherwise, it is impossible to by the certification to service request,
And terminate.
5th step:The terminal iidentification that server will send the terminal of second random number is replaced in the customizing messages
The terminal iidentification of second terminal, and the first attribute in second attribute information received the replacement customizing messages is believed
Breath, and according to the customizing messages after replacement and the check code of the second generating random number the 3rd.
6th step:Server is it is determined that the 3rd check code and the second check code that are generated in the 5th step(That is, first verifies
Code)Matching result it is identical when, the certification to service request can be passed through;Server is it is determined that the 3rd verification generated in the 5th step
When the matching result of code and the second check code differs, it is impossible to pass through the certification to service request.
By above-mentioned steps, even if second terminal does not change, but second terminal returns to the second random number and second
During identifying code, if the service request initiated changes, the second attribute information will necessarily also be sent out compared with the first attribute information
Changing, lead to not by checking, so as to further increase the reliability of business authentication.Such as when first terminal is first
Initiated in step be Taobao purchase commodity business, and server receive it is random with the first random number identical second
When number and first check code the second identifying code of identical, while the service request that the second attribute information received is reflected is
It is required that being supplemented with money to mobile phone, then it can not pass through checking.
Embodiment two:
The embodiment of the present application two also describes a kind of server belonged to embodiment one under same inventive concept, such as Fig. 2
Shown, the server includes request receiving module 11, information generating module 12, information sending module 13, information receiving module
14 and authentication module 15, wherein:
Request receiving module 11 is used for the service request for receiving first terminal transmission;
Information generating module 12 is used to generating the first random number, and according to first random number and customizing messages according to
Preset rules generate the first check code, wherein, the customizing messages include with the first terminal used in user account
The terminal iidentification of the second terminal of binding;
Information sending module 13 is used to first random number being sent to the first terminal, by first check code
It is sent to second terminal;
Information receiving module 14 be used to receiving the second random number, send second random number terminal terminal iidentification and
Second check code;
Authentication module 15 is used for it is determined that second random number is identical with first random number, second check code
When identical with first check code, the terminal iidentification that will send the terminal of second random number is replaced in the customizing messages
Second terminal terminal iidentification, and the customizing messages after described information generation module 12 is replaced according to terminal iidentification with it is described
After second random number generates the 3rd check code according to the preset rules, by the 3rd check code and second check code progress
Match somebody with somebody, the service request is authenticated according to matching result.
Preferably, described information sending module 13 is specifically used for random to first terminal transmission first by internet
Number, first check code is sent to the second terminal by downlink short message;
Described information receiving module 14 is specifically used for receiving the second random number by uplink short message, passes through internet reception the
Two check codes.
Server in the embodiment of the present application two also has in addition to comprising above-mentioned functional module and realizes that embodiment one is all
The functional module of function, here is omitted.
Embodiment three:
The embodiment of the present application three also describes a kind of service authentication system belonged to embodiment one under same inventive concept,
As shown in figure 3, the system includes server 21, first terminal 22 and second terminal 23, wherein:
Server 21 is used to receive generates the first random number when receiving the service request of the transmission of first terminal 22, and
First check code is generated according to preset rules according to first random number and customizing messages, wherein, wrapped in the customizing messages
Include with the first terminal used in user account binding second terminal terminal iidentification, and will first random number hair
Give the first terminal 22, first check code is sent to second terminal 23, and, receive the second random number, send
The terminal iidentification and the second check code of the terminal of second random number, it is determined that second random number with described first with
When machine number is identical, second check code is identical with first check code, the end of the terminal of second random number will be sent
End mark replaces the terminal iidentification of the second terminal in the customizing messages, and the customizing messages after being replaced according to terminal iidentification with
Second random number generates the 3rd check code according to the preset rules, by the 3rd check code and the progress of the second check code
Match somebody with somebody, and the service request is authenticated according to matching result;
First terminal 22 is used to send the service request to server 21, and receive that the server 21 sends the
One random number, and return to the second check code to server 21;
Second terminal 23 is used for the first check code that the reception server 21 is sent, and random to the return second of server 21
Number.
Preferably, the server 21 is specifically used for sending the first random number to the first terminal 22 by internet,
First check code is sent to the second terminal 23 by downlink short message, and it is random by uplink short message reception second
Number, the second check code is received by internet.
It should be noted that when the first random number that server issues is stolen, it is random to send second to server 21
Several terminals is not second terminal, therefore, in the system in the embodiment of the present application three is also included random to server transmission second
Several illegal terminals.
Server in the present embodiment three has the functional module shown in embodiment two, and here is omitted.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, the application can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the application can use the computer for wherein including computer usable program code in one or more
Usable storage medium(Including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)The computer program production of upper implementation
The form of product.
The application is with reference to method, the equipment according to the embodiment of the present application(System)And the flow of computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
In a typical configuration, the computer equipment includes one or more processors (CPU), input/output
Interface, network interface and internal memory.Internal memory may include the volatile memory in computer-readable medium, random access memory
The form such as device (RAM) and/or Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is to calculate
The example of machine computer-readable recording medium.Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be with
Realize that information stores by any method or technique.Information can be computer-readable instruction, data structure, the module of program or
Other data.The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM
(SRAM), dynamic random access memory (DRAM), other kinds of random access memory (RAM), read-only storage
(ROM), Electrically Erasable Read Only Memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc are read-only
Memory (CD-ROM), digital versatile disc (DVD) or other optical storages, magnetic cassette tape, tape magnetic rigid disk storage or
Other magnetic storage apparatus or any other non-transmission medium, the information that can be accessed by a computing device available for storage.According to
Herein defines, and computer-readable medium does not include the computer readable media (transitory media) of non-standing, such as
The data-signal and carrier wave of modulation.
Although having been described for the preferred embodiment of the application, those skilled in the art once know basic creation
Property concept, then can make other change and modification to these embodiments.So appended claims be intended to be construed to include it is excellent
Select embodiment and fall into having altered and changing for the application scope.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the application to the application
God and scope.So, if these modifications and variations of the application belong to the scope of the application claim and its equivalent technologies
Within, then the application is also intended to comprising including these changes and modification.