CN104917730B - A kind of method for authenticating and system, authentication server - Google Patents

A kind of method for authenticating and system, authentication server Download PDF

Info

Publication number
CN104917730B
CN104917730B CN201410090752.1A CN201410090752A CN104917730B CN 104917730 B CN104917730 B CN 104917730B CN 201410090752 A CN201410090752 A CN 201410090752A CN 104917730 B CN104917730 B CN 104917730B
Authority
CN
China
Prior art keywords
user
authentication
authentication values
values
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410090752.1A
Other languages
Chinese (zh)
Other versions
CN104917730A (en
Inventor
蔡伟林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Tencent Cloud Computing Beijing Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201410090752.1A priority Critical patent/CN104917730B/en
Publication of CN104917730A publication Critical patent/CN104917730A/en
Application granted granted Critical
Publication of CN104917730B publication Critical patent/CN104917730B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Abstract

The embodiment of the invention discloses a kind of method for authenticating and system, authentication server, which includes: authentication server, service server, user terminal;Service server is used to receive the operation data of the user's operation of user terminal transmission and the authentication values of user's operation, and the authentication values of user's operation are sent to authentication server;Authentication server is used to determine whether user's operation passes through authentication according to the authentication values of user's operation, and authenticating result is sent to service server;Service server is also used to be handled according to operation data of the authenticating result to user's operation.The legitimacy for judging user's operation using authentication values by authentication server can effectively avoid simply and effectively realizing the judgement to the legitimacy of user's operation because of the problems such as repeatedly inputting account and password bring processing time length and the wasting of resources.

Description

A kind of method for authenticating and system, authentication server
Technical field
The present invention relates to mobile communication system more particularly to a kind of method for authenticating and systems, authentication server.
Background technique
When user uses data service, in order to ensure the safety of user's operation, need to the legitimacy of user's operation into Row judgement, in the prior art, the judgement to user's operation legitimacy are largely to be in log in state based on user, wherein logging in State refers to that user inputs after account and password, does not have to the state for repeating input account and password whithin a period of time, with Family is in log in state in the case where, when executing certain special operations and for example transferring accounts, remit money, pay etc., system can be wanted user Account and password will be inputted when user being asked to execute the generic operation every time, to ensure the legitimacy of user's operation, however pass through use It is multiple that the mode that family repeatedly inputs the legitimacy of account and cryptographic check user's operation needs server to carry out the same account Judgement, and it is long to handle the time, consumes system resource, user experience is bad, and user account cannot be introduced into and log in state Special screne can not carry out validity judgement to user's operation.
Summary of the invention
The embodiment of the invention provides a kind of method for authenticating and systems, authentication server, for solving by repeatedly inputting The problems such as account and the mode of password judge that the user's operation legitimacy bring processing time is long, the wasting of resources, can be effective The legitimacy of user's operation is judged.
The embodiment of the invention provides a kind of right discriminating systems, comprising:
Authentication server, service server, user terminal;
The service server is used to receiving the operation data and user's operation for the user's operation that the user terminal is sent Authentication values, and the authentication values of the user's operation are sent to the authentication server;
The authentication server is used to determine whether the user's operation passes through mirror according to the authentication values of the user's operation Power, and authenticating result is sent to the service server;
The service server is also used to be handled according to operation data of the authenticating result to the user's operation.
A kind of method for authenticating is provided in the embodiment of the present invention, comprising:
Authentication server receives the authentication values for the user's operation that service server is sent;
The authentication values table saved is searched, judges whether the authentication values for having saved the user's operation, the authentication values table In be corresponding relationship between authentication values that the user's operation generates comprising user's operation and the authentication server;
If the authentication values of the user's operation for having saved the authentication values of the user's operation, and having received with saved The authentication values of the user's operation are identical, it is determined that the user's operation passes through authentication.
The embodiment of the invention also provides a kind of authentication servers, comprising:
Receiving unit, the authentication values of the user's operation for receiving service server transmission;
Searching unit is searched and have been saved for after the authentication values that the receiving unit receives the user's operation Authentication values table, judges whether the authentication values for having saved the user's operation, in the authentication values table comprising user's operation with it is described Authentication server is the corresponding relationship between the authentication values that the user's operation generates;
Processing unit, if the authentication values for having saved the user's operation, and the mirror of the user's operation received Weight is identical as the authentication values of the user's operation saved, it is determined that the user's operation passes through authentication.
As can be seen from the above technical solutions, the embodiment of the present invention has the advantage that
Right discriminating system includes authentication server, service server and user terminal, wherein service server is for receiving user The operation data of the user's operation sent and the authentication values of user's operation are held, and the authentication values of the user's operation are sent to authentication Server, authentication server be used to according to the authentication values of user's operation determine whether the user's operation passes through authentication, specifically can be with Are as follows: the authentication values table saved is searched, if the user for having saved the authentication values of the user's operation in authentication server, and having received The authentication values of operation are identical as the authentication values of the user's operation saved, it is determined that the user's operation passes through authentication.Wherein, it reflects The corresponding relationship between authentication values generated in weight table comprising user's operation and authentication server for the user's operation.Authentication clothes Business device is also used to authenticating result being sent to service server, so that service server can be according to authenticating result to user's operation Operation data is handled.The legitimacy of user's operation is judged by authentication values, can effectively be avoided because repeatedly inputting account Number and the problems such as the password bring processing time is long and the wasting of resources, simply and effectively realize to the legitimacy of user's operation Judgement.
Detailed description of the invention
Fig. 1 is the right discriminating system structure chart in the embodiment of the present invention;
Fig. 2 is the schematic diagram that right discriminating system generates authentication values and the method authenticated in the embodiment of the present invention;
Fig. 3 is an a kind of schematic diagram of method for authenticating in the embodiment of the present invention;
Fig. 4 is another schematic diagram of method for authenticating in the embodiment of the present invention;
Fig. 5 is the schematic diagram of the structure of authentication server in the embodiment of the present invention;
Fig. 6 is another schematic diagram of the structure of authentication server in the embodiment of the present invention;
Fig. 7 is another schematic diagram of authentication server structure in the embodiment of the present invention.
Specific embodiment
The embodiment of the invention provides a kind of method for authenticating and systems, authentication server, for solving by repeatedly inputting The problems such as account and the mode of password judge that the user's operation legitimacy bring processing time is long, the wasting of resources, can be effective The legitimacy of user's operation is judged.
Referring to Fig. 1, for the right discriminating system structure chart in the embodiment of the present invention, including authentication server, service server And user terminal, wherein data interaction can be carried out between service server and user terminal, and service server can also be with authentication service Device carries out data interaction.
Wherein, service server is used to receive the operation data of the user's operation of user terminal transmission and the authentication of user's operation Value, and the authentication values of user's operation are sent to authentication server, which is then used for the authentication according to user's operation Whether value determines whether user's operation passes through authentication, i.e., legal, and authenticating result is sent service server, then service server It is also used to be handled according to operation data of the authenticating result to user's operation.
Wherein, authentication server is also used to generate authentication values for user's operation, and service server is receiving user terminal After user's operation request, the authentication values that user's operation is sent to authentication server are generated into request, authentication server is then also used In the authentication values according to the authentication values of the user's operation generation request generation user's operation, and user's operation and the user are grasped The authentication values of work are saved into authentication values table, and the authentication values of user's operation of the authentication server for will additionally generate are sent to industry Business server, then service server is also used to for the business datum that the authentication values of the user's operation and user's operation are requested being sent to User terminal.
Right discriminating system in embodiment in order to better understand the present invention will introduce right discriminating system respectively below and generate authentication The method for being worth and being authenticated, referring to Fig. 2, the side for generating authentication values for right discriminating system in the embodiment of the present invention and being authenticated Method, comprising:
201, service server generates request to the authentication values that authentication server sends user's operation;
In embodiments of the present invention, user terminal is after sending user's operation request to service server, in order to ensure rear Continuous user's operation is legal, and the authentication values that service server can send user's operation to authentication server generate request, with request Authentication server is that the user's operation generates authentication values.Alternatively, service server is in the abnormal use of account for detecting user Or after logging in, in order to ensure the account number safety of user, the authentication values that active is sent user's operation to authentication server are raw At request, so that the legitimacy to user's operation judges.
202, authentication server generates the authentication values that request generates user's operation according to the authentication values of user's operation;
203, the corresponding relationship of user's operation and the authentication values of the user's operation is saved in authentication values table by authentication server In;
In embodiments of the present invention, authentication server will generate the authentication values of the user's operation for user's operation, and should The corresponding relationship of the authentication values of user's operation and the user's operation is saved in authentication values table, so as to subsequent to the user's operation When being authenticated, determine whether using the authentication values of the user's operation through authentication, if illustrating user's operation by authentication It is legal, if not illustrating that user's operation is illegal by authentication.
204, the authentication values of user's operation are sent to service server by authentication server;
Authentication server is after completing the generation and preservation of authentication values of user's operation, by the authentication values of the user's operation It is sent to service server.
205, the business datum that the authentication values of user's operation and user's operation are requested is sent to user terminal by service server;
206, user terminal handles business datum, obtains the operation data of user's operation;
207, the authentication values of operation data and user's operation are sent to service server;
Service server is after receiving the authentication values of user's operation, by the authentication values and user's operation of the user's operation The business datum of request is sent to user terminal, is handled by user terminal business datum, obtains the operation data of user's operation, And the authentication values of the operation data of user's operation and user's operation are sent to service server by user terminal.
208, service server sends the authentication values of user's operation to authentication server;
In embodiments of the present invention, service server sends the authentication values of user's operation to authentication server.
209, authentication server determines whether the user's operation passes through authentication according to the authentication values of user's operation;
210, authenticating result is sent to service server by authentication server;
211, service server is handled according to operation data of the authenticating result to user's operation.
In embodiments of the present invention, authentication server receive service server transmission user's operation authentication values it Afterwards, it will determine whether the user's operation passes through authentication according to the authentication values of the user's operation, and authenticating result be sent to business Server enables service server to be handled according to authenticating result the equal operation data of user's operation, such as: if mirror Power server determines user's operation by authentication, then service server determines that the operation data of user's operation is legal, to the operation Data are handled, if authentication server determines that user's operation does not pass through authentication, service server abandons the user's operation Operation data.
In embodiments of the present invention, the authentication server in right discriminating system passes through the mirror to user's operation generation user's operation Weight, and determine whether user's operation passes through authentication using the authentication values of the user's operation, it can effectively avoid defeated because repeating The problems such as entering account and password bring processing time length and the wasting of resources, simply and effectively realizes to the legal of user's operation The judgement of property.
The process that authentication server is authenticated in embodiment in order to better understand the present invention, referring to Fig. 3, being this hair A kind of embodiment of method for authenticating in bright embodiment, comprising:
301, authentication server receives the authentication values for the user's operation that service server is sent;
In embodiments of the present invention, service server will receive user terminal and be handled to obtain to the business datum of request User's operation operation data and user's operation authentication values, the authentication values of the user's operation are sent to mirror by service server Server is weighed, after authentication server receives the authentication values of the user's operation, is determined using the authentication values of the user's operation The legitimacy of the user's operation.
302, the authentication values table saved is searched, judges whether the authentication values for having saved user's operation;
In embodiments of the present invention, authentication values table has been saved in authentication server, contains user in the authentication values table Operation and authentication server are the one-to-one relationship between the authentication values that user's operation generates, and wherein user's operation includes Account, action type, operating time of user etc..
In embodiments of the present invention, the authentication values that authentication server can receive the user's operation that service server is sent generate Request, and after the authentication values for receiving the user's operation generate request, the user's operation will be generated according to the authentication request Authentication values, and save the user's operation and the user's operation authentication values corresponding relationship into authentication values table, so as to rear The user's operation is authenticated in continuous treatment process.
In embodiments of the present invention, authentication server receive service server transmission user's operation authentication values it Afterwards, authentication values table lookup saved, judges whether the authentication values for having saved the user's operation.Specifically, authentication server The user's operation will be searched in authentication values table, if finding the user's operation, it is determined that saved the authentication of the user's operation Value.
If the authentication values for the user's operation for 303, having saved the authentication values of user's operation, and having received and the user saved The authentication values of operation are identical, it is determined that user's operation passes through authentication.
In embodiments of the present invention, if the authentication values for the user's operation for having saved the authentication values of user's operation, and having received It is identical as the authentication values of the user's operation saved, it is determined that the user's operation passes through authentication.
In embodiments of the present invention, if authentication server does not save the authentication values of the user's operation, it is determined that user's operation Authentication is not passed through.
In embodiments of the present invention, if authentication server has saved the authentication values of user's operation, and the user behaviour received The authentication values of work are not identical as the authentication values of the user's operation saved, it is determined that user does not pass through authentication.
It should be noted that authentication server is sent to service server after obtaining authenticating result, by authenticating result, Service server carries out subsequent processing according to authenticating result, wherein authenticating result is by authenticating or not passing through authentication.
In embodiments of the present invention, authentication server receives the authentication values for the user's operation that processor background system is sent, And the authentication values table saved is searched, if the user for having saved the authentication values of the user's operation in authentication server, and having received The authentication values of operation are identical as the authentication values of the user's operation saved, it is determined that the user's operation passes through mirror by authentication Weight judges the legitimacy of user's operation, can effectively avoid long because repeatedly inputting account and password bring processing time And the problems such as wasting of resources, simply and effectively realize the judgement to the legitimacy of user's operation.
In embodiments of the present invention, authentication server can receive the authentication values life of the user's operation of service server transmission At request, and the authentication values of the user's operation are generated, the user's operation is authenticated so as to subsequent, determines the conjunction of user's operation Method, for a better understanding, referring to Fig. 4, being the embodiment of method for authenticating in the embodiment of the present invention, comprising:
401, the authentication values that authentication server receives the user's operation that service server is sent generate request;
In embodiments of the present invention, if user needs to be implemented user's operation in user terminal, user terminal will be to service server Request user executes the service request of business datum required for the user's operation, includes user's operation in service request, and should User's operation includes account, action type and the operating time of user, and service server is after receiving the service request Ensure to judge the legitimacy of user's operation, the generation of authentication values that the user's operation is sent to authentication server is asked It asks.
Alternatively, service server, which checks user account, exception occurs, user is needed to execute user's operation to ensure safety, And in order to ensure the legitimacy of user's operation, request actively can be generated to the authentication values that authentication server sends the user's operation.
In embodiments of the present invention, the authentication values that authentication server can receive the user's operation that service server is sent generate Request.
402, authentication server generates the authentication values that request generates user's operation according to the authentication values of user's operation;
In embodiments of the present invention, authentication server is after the authentication values for receiving user's operation generate request, by root The authentication values that request generates the user's operation are generated according to the authentication values of user's operation.
Wherein, user's operation includes the account, action type and operating time of user, and authentication server is according to user's operation Authentication values generate request generate user's operation authentication values be specifically as follows: for user's operation generate an authentication values, authentication User account, action type and the operating time of value and user's operation have one-to-one relationship;Such as: authentication server exists After receiving authentication request, an authentication values are generated at random, and establish the corresponding relationship of the authentication values Yu the user's operation.Or Person, authentication server can generate the mirror of user's operation according to user account, action type and the operating time that user's operation includes The size of weight, the authentication values is related with user's operation, and authentication server will also establish the authentication values and user's operation generated Between corresponding relationship.Such as: select character string to constitute the user from the account of the user, action type and in the operating time The authentication values of operation.
403, the corresponding relationship of user's operation and the authentication values of user's operation is saved in authentication values table, and user is grasped The authentication values of work feed back to service server.
In embodiments of the present invention, authentication server is by the corresponding relationship of the user's operation and the authentication values of the user's operation It is saved in authentication values table, so that authentication server is authenticated using the authentication values table saved.
In addition, the authentication values of the user's operation are also fed back to service server by authentication server, service server should The business datum and the authentication values of the user's operation of user's operation request feed back to user terminal, by user terminal to the business datum into The operation data of user's operation is obtained after row processing, and user terminal is by the operation of the authentication values of the user's operation and user's operation Data are sent to service server, and after service server receives the processing result, the user is obtained from the processing result The authentication values of operation, the authentication values for the user's operation that will acquire are sent to authentication server, and authentication server will execute shown in Fig. 3 Step 301 in embodiment is to 303, to determine whether the user's operation passes through authentication.
It should be noted that in embodiments of the present invention, user terminal can be the terminal that user executes user's operation, or It is the mailbox etc. with the binding of the account of user, herein without limitation.
In embodiments of the present invention, the authentication values generation that authentication server receives the user's operation that service server is sent is asked It asks, and generates the authentication values that request generates user's operation according to the authentication values of the user's operation, by the authentication values of the user's operation And the corresponding relationship of the user's operation is saved in authentication values table, and the authentication values of user's operation are fed back to service server, So that the authentication values for the business datum and the user's operation that the user's operation is requested can be fed back to user terminal by service server, by The authentication values of operation data and user's operation that user terminal obtains after being handled the business datum are sent to business clothes The authentication values of user's operation are sent to authentication server by business device, service server, and authentication server grasps user The problems such as being authenticated, user is avoided to repeatedly input account and password bring processing time length and the wasting of resources, simply has The judgement of effect realized to the legitimacy of user's operation.
Two specific application scenarios are explained below in technical solution in embodiment in order to better understand the present invention.
After user's shopping, when needing using mobile-phone payment, which is user terminal, and mobile phone will be asked to service server The page for opening mobile-phone payment is sought, after service server receives the service request of the user's operation of the execution mobile-phone payment, The account for the user for including in user's operation, the user's operation of mobile-phone payment and operating time are sent to authentication server, Authentication server generates the authentication values of the user's operation, for example, 11, and the authentication values 11 that user executes mobile-phone payment are fed back To service server, the page which executes the authentication values 11 of mobile-phone payment and user requests is fed back to hand by service server The information such as machine, the amount of money that user to be paid according to the page determination of display and account, and the operation data of user and user are grasped The authentication values of work feed back to service server, and the authentication values 11 that user executes mobile-phone payment are fed back to authentication clothes by service server Business device, authentication server search the authentication values table saved, and determining that the user saved executes the authentication values of mobile-phone payment is 11, It then determines that the user executes mobile-phone payment by authentication, and result is fed back into service server, service server is somebody's turn to do determining In the case that user's execution mobile-phone payment is legal, payment process is completed, to realize the mobile-phone payment of user.
Another application scenarios that authentication server is authenticated are as follows: service server in the treatment process to business, Determine that the QQ of user A may be stolen, the user's operation for needing that user A is reminded to execute resetting password, then service server will be to mirror The authentication values for weighing the user's operation that server sends user A resetting password generate request, and authentication server will generate user A resetting The authentication values 13 of the user's operation of password, the wherein operation and industry of the QQ number code in user's operation comprising user A, resetting password It is engaged in time of the server to authentication server transmission authentication request.The user A of generation is reset the user of password by authentication server The authentication values 13 of operation feed back to service server, the determining postal with the account of the user A with binding relationship of service server Case number (CN) code, and the link of user A resetting password and the authentication values 13 of user A resetting password are sent to the mailbox number, if user A The mail is viewed, then can execute the operation of resetting password by clickthrough, and by the password of resetting and QQ number code, user A The authentication values 13 for resetting the user's operation of password are sent to service server, and user A therein is reset password by service server The authentication values 13 of user's operation feed back to authentication server, authentication server is according to the QQ of the user A for including in user's operation The use that number, the operation for resetting password and service server have been saved to the time lookup that authentication server sends authentication request The authentication values of family operation, if the authentication values of the user's operation saved are 13, and the user's operation sent with service server Authentication values 13 it is identical, it is determined that the user's operation by authentication, service server will save user A resetting password and account Between corresponding relationship, realize password resetting.
Referring to Fig. 5, for the schematic diagram of the structure of authentication server in the embodiment of the present invention, comprising:
Receiving unit 501, the authentication values of the user's operation for receiving service server transmission;
Searching unit 502, for searching the mirror saved after the authentication values that receiving unit 501 receives user's operation Weight table judges whether the authentication values for having saved user's operation, takes in the authentication values table comprising user's operation and the authentication Corresponding relationship between the authentication values that device is user's operation generation of being engaged in;
Processing unit 503, if the authentication values for having saved user's operation, and the authentication values of the user's operation received with The authentication values of the user's operation saved are identical, it is determined that user's operation passes through authentication.
In embodiments of the present invention, after the authentication values for the user's operation that the reception of receiving unit 501 service server is sent, The authentication values table saved will be searched by searching unit 502, judges whether the authentication values for having saved user's operation;And if having saved The authentication values of user's operation, and the authentication values of the user's operation received are identical as the authentication values of the user's operation saved, then Processing unit 503 determines that user's operation passes through authentication.
In embodiments of the present invention, authentication server receives the authentication values for the user's operation that processor background system is sent, And the authentication values table saved is searched, if the user for having saved the authentication values of the user's operation in authentication server, and having received The authentication values of operation are identical as the authentication values of the user's operation saved, it is determined that the user's operation passes through mirror by authentication Weight judges the legitimacy of user's operation, can effectively avoid long because repeatedly inputting account and password bring processing time And the problems such as wasting of resources, simply and effectively realize the judgement to the legitimacy of user's operation.
Authentication server in embodiment in order to better understand the present invention, referring to Fig. 6, to reflect in the embodiment of the present invention Weigh the schematic diagram of the structure of server, comprising:
Receiving unit 501 described in embodiment as shown in Figure 5, searching unit 502, processing unit 503, and with Fig. 4 institute Show that content described in embodiment is similar, herein without limitation.
In embodiments of the present invention, if processing unit 503 is also used to not save the authentication values of user's operation, it is determined that user Operation does not pass through authentication.
And if the authentication of user's operation that processing unit 503 is also used to save the authentication values of user's operation, and receives Value is not identical as the authentication values of the user's operation saved, it is determined that user does not pass through authentication.
In embodiments of the present invention, receiving unit 501 is also used to receive the authentication of the user's operation of service server transmission Value generates request;
Then authentication server further include:
Generation unit 601, for receiving unit 501 receive user's operation authentication values generate request after, according to The authentication values of family operation generate the authentication values that request generates user's operation;
Save and transmission unit 602, for generation unit 601 generate user's operation authentication values after, by the use Family operation and the corresponding relationship of the authentication values of the user's operation are saved in the authentication values table, and by the authentication of user's operation Value feeds back to service server, so that in the business datum that service server requests the authentication values of user's operation and user's operation It is sent to user terminal, user terminal is by the mirror of the operation data of the user's operation operated to business datum and user's operation Weight is sent to the service server, and the authentication values of service server user's operation feed back to authentication server, is taken by authentication Business device is authenticated.
In embodiments of the present invention, user's operation includes the account, action type and operating time of user;
Then generation unit 601 be specifically used for receiving unit receive user's operation authentication values generate request after, for User account, action type and the operating time of family operation one authentication values of generation, authentication values and user's operation have an a pair The relationship answered;Alternatively, generating the authentication of user's operation according to user account, action type and the operating time that user's operation includes Value.
In embodiments of the present invention, if receiving unit 501 receives the authentication values of the user's operation of service server transmission Request is generated, then generation unit 601 generates the authentication values that request generates user's operation according to the authentication values of user's operation;Specifically : generation unit 601 is that user's operation generates an authentication values, the user account of authentication values and user's operation, action type and Operating time has one-to-one relationship;Alternatively, generation unit 601 include according to user's operation user account, operation class Type and operating time generate the authentication values of user's operation.Generation unit 601 generate user's operation authentication values after, save and The corresponding relationship of user's operation and the authentication values of user's operation is saved in authentication values table, and user is grasped by transmission unit 602 The authentication values of work feed back to service server, so that the industry that service server requests the authentication values of user's operation and user's operation User terminal, the operation data and user's operation of the user's operation that user terminal obtains the processing of business datum are sent in business data Authentication values be sent to service server, the authentication values of user's operation are fed back to authentication server by service server, by authenticating Server is authenticated.
In embodiments of the present invention, if receiving unit 501 receive service server send user's operation authentication values it Afterwards, the authentication values table saved will be searched by searching unit 502, judges whether the authentication values for having saved user's operation;And if Save the authentication values of user's operation, and the authentication values phase of the authentication values of the user's operation received and the user's operation saved Together, then processing unit 503 determines user's operation by authentication, alternatively, if saved the authentication values of user's operation, and receive The authentication values of user's operation are not identical as the authentication values of the user's operation saved, then processing unit 503 determines that user does not pass through Authentication.Alternatively, processing unit 503 determines that user's operation does not pass through authentication if not saving the authentication values of user's operation.
In embodiments of the present invention, the authentication values generation that authentication server receives the user's operation that service server is sent is asked It asks, and generates the authentication values that request generates user's operation according to the authentication values of the user's operation, by the authentication values of the user's operation And the user's operation is saved in authentication values table, and the authentication values of user's operation are fed back to service server, so that business takes The authentication values for the business datum and the user's operation that the user's operation is requested can be fed back to user terminal by business device, will be right by user terminal The authentication values of operation data and user's operation that the business datum obtains after being handled are sent to service server, business clothes The authentication values of user's operation are sent to authentication server by business device, and authentication server authenticates user's operation, The problems such as user repeatedly inputs account and the password bring processing time is long and the wasting of resources is avoided, is simply and effectively realized pair The judgement of the legitimacy of user's operation.
Referring to Fig. 7, for the schematic diagram of the structure of authentication server in the embodiment of the present invention, comprising:
Processor 701, reception device 702, sending device 703, memory 704;
Wherein, reception device 702 is used to receive the authentication values of the user's operation of service server transmission;
Processor 701 is used for after the authentication values that reception device 702 receives the user's operation that service server is sent, and is looked into The authentication values table saved is looked for, judges whether the authentication values for having saved the user's operation, includes user in the authentication values table Operation and the authentication server are the corresponding relationship between the authentication values that the user's operation generates;If having saved the user The authentication values of operation, and the authentication values phase of the authentication values of the user's operation received and the user's operation saved Together, it is determined that the user's operation passes through authentication.
Transmission unit 703 is used to authenticating result feeding back to service server.
In embodiments of the present invention, user's operation can be authenticated, can be effectively kept away by using authentication server Exempt from the problems such as user repeatedly inputs account and the password bring processing time is long and the wasting of resources, simply and effectively realize to The judgement of the legitimacy of family operation.
Those of ordinary skill in the art will appreciate that implement the method for the above embodiments be can be with Relevant hardware is instructed to complete by program, the program can store in a kind of computer readable storage medium, on Stating the storage medium mentioned can be read-only memory, disk or CD etc..
A kind of method for authenticating provided by the present invention and system, authentication server are described in detail above, for Those of ordinary skill in the art, thought according to an embodiment of the present invention, have in specific embodiments and applications Change place, in conclusion the contents of this specification are not to be construed as limiting the invention.

Claims (9)

1. a kind of right discriminating system characterized by comprising
Authentication server, service server, user terminal;
The authentication values that the service server is used to send user's operation to the authentication server generate request, and user is grasped The authentication values for making the user's operation of the business datum requested and authentication server return are sent to the user terminal;Also For receiving operation data and the user of the user's operation operated to the business datum that the user terminal is sent The authentication values of operation, and the authentication values of the user's operation are sent to the authentication server;
The authentication server is used to generate the authentication values that request generates user's operation according to the authentication values of the user's operation, will The corresponding relationship of the authentication values of the user's operation and the user's operation is saved in authentication values table, and by the user's operation Authentication values be sent to the service server;The authentication values for the user's operation for being also used to be sent according to the service server are true Whether the fixed user's operation passes through authentication, and authenticating result is sent to the service server;
The service server is also used to be handled according to operation data of the authenticating result to the user's operation.
2. a kind of method for authenticating is applied to authentication server characterized by comprising
When the authentication values generation request for the user's operation for receiving service server transmission, according to the authentication of the user's operation Value generates the authentication values that request generates user's operation, by the corresponding relationship of the user's operation and the authentication values of the user's operation It is saved in authentication values table, and the authentication values of the user's operation is sent to the service server, so as to business clothes The authentication values of the business datum that user's operation is requested and the user's operation that the authentication server returns are sent to use by business device Family end;
When receiving the authentication values for the user's operation that service server is sent, the authentication values table saved is searched, is judged whether It saves the authentication values of the user's operation, comprising user's operation and the authentication server is the user in the authentication values table Operate the corresponding relationship between the authentication values generated;If the use for having saved the authentication values of the user's operation, and having received The authentication values of family operation are identical as the authentication values of the user's operation saved, it is determined that the user's operation passes through authentication;
Authenticating result is sent to the service server, so as to the service server according to the authenticating result pair with it is described The operation data for the user's operation that the business datum is operated that the authentication values of user's operation receive simultaneously into Row processing.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
If the authentication server does not save the authentication values of the user's operation, it is determined that the user's operation does not pass through authentication.
4. according to the method described in claim 2, it is characterized in that, the method also includes:
If the authentication values for the user's operation for having saved the authentication values of the user's operation, and having received with saved it is described The authentication values of user's operation are not identical, it is determined that the user does not pass through authentication.
5. according to the method described in claim 2, it is characterized in that, the user's operation includes the account of user, action type And the operating time;
Then the authentication server generates the authentication values that request generates the user's operation according to the authentication values of the user's operation Include:
An authentication values, user account, the action type of the authentication values and the user's operation are generated for the user's operation And the operating time has one-to-one relationship;
Alternatively,
The user account, action type and the operating time that include according to the user's operation generate the authentication of the user's operation Value.
6. a kind of authentication server characterized by comprising
Generation unit, the authentication values for receiving the user's operation sent by service server in receiving unit generate request Afterwards, the authentication values that request generates the user's operation are generated according to the authentication values of the user's operation;
It saves and transmission unit, for after the authentication values that the generation unit generates the user's operation, by the user Operation and the corresponding relationship of the authentication values of the user's operation are saved in authentication values table, and by the authentication values of the user's operation The service server is fed back to, so that the service server asks the authentication values of the user's operation and the user's operation The business datum asked is sent to user terminal, the user's operation that the user terminal will operate the business datum Operation data and the authentication values of the user's operation be sent to the service server, the service server is by the user The authentication values of operation feed back to the authentication server;
Receiving unit, for receiving the authentication values for the user's operation that the service server is sent;
Searching unit, for searching the authentication saved after the authentication values that the receiving unit receives the user's operation It is worth table, judges whether the authentication values for having saved the user's operation, include user's operation and the authentication in the authentication values table Server is the corresponding relationship between the authentication values that the user's operation generates;
Processing unit, if the authentication values for having saved the user's operation, and the authentication values of the user's operation received It is identical as the authentication values of the user's operation saved, it is determined that the user's operation is sent authenticating result by authentication To the service server, so as to the service server according to the authenticating result to the operation data of the user's operation into Row processing.
7. authentication server according to claim 6, which is characterized in that if processing unit is also used to not save the user The authentication values of operation, it is determined that the user's operation does not pass through authentication.
8. authentication server according to claim 6, which is characterized in that if the processing unit be also used to save it is described The authentication values of user's operation, and the authentication values of the authentication values of the user's operation received and the user's operation saved It is not identical, it is determined that the user does not pass through authentication.
9. authentication server according to claim 6, which is characterized in that the user's operation includes the account of user, behaviour Make type and operating time;
Then the generation unit is specifically used for after the authentication values that the receiving unit receives the user's operation generate request, An authentication values, user account, action type and the behaviour of the authentication values and the user's operation are generated for the user's operation Make the time with one-to-one relationship;Alternatively, when the user account for including according to the user's operation, action type and operation Between generate the authentication values of the user's operation.
CN201410090752.1A 2014-03-12 2014-03-12 A kind of method for authenticating and system, authentication server Active CN104917730B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410090752.1A CN104917730B (en) 2014-03-12 2014-03-12 A kind of method for authenticating and system, authentication server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410090752.1A CN104917730B (en) 2014-03-12 2014-03-12 A kind of method for authenticating and system, authentication server

Publications (2)

Publication Number Publication Date
CN104917730A CN104917730A (en) 2015-09-16
CN104917730B true CN104917730B (en) 2019-04-26

Family

ID=54086443

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410090752.1A Active CN104917730B (en) 2014-03-12 2014-03-12 A kind of method for authenticating and system, authentication server

Country Status (1)

Country Link
CN (1) CN104917730B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106559385B (en) * 2015-09-25 2019-10-18 阿里巴巴集团控股有限公司 A kind of data authentication method and apparatus
CN115175183B (en) * 2022-05-09 2023-09-19 中移互联网有限公司 Authentication method and authentication device based on 5G message

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1933650A (en) * 2005-09-12 2007-03-21 北京三星通信技术研究有限公司 CDMA2000 unified authentication platform service access method and system
CN102111379A (en) * 2009-12-24 2011-06-29 中国移动通信集团公司 Authentication system, method and device
CN102377756A (en) * 2010-08-23 2012-03-14 中国移动通信有限公司 Service access method and system, authentication method and system, client and authentication server
CN103581154A (en) * 2012-08-08 2014-02-12 中国移动通信集团公司 Authentication method and device in system of Internet of Things

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1933650A (en) * 2005-09-12 2007-03-21 北京三星通信技术研究有限公司 CDMA2000 unified authentication platform service access method and system
CN102111379A (en) * 2009-12-24 2011-06-29 中国移动通信集团公司 Authentication system, method and device
CN102377756A (en) * 2010-08-23 2012-03-14 中国移动通信有限公司 Service access method and system, authentication method and system, client and authentication server
CN103581154A (en) * 2012-08-08 2014-02-12 中国移动通信集团公司 Authentication method and device in system of Internet of Things

Also Published As

Publication number Publication date
CN104917730A (en) 2015-09-16

Similar Documents

Publication Publication Date Title
CN106101258B (en) Interface calling method, device and system of hybrid cloud
CN111917773B (en) Service data processing method and device and server
US10255626B2 (en) Methods, devices, and systems for sending and receiving virtual goods
CN104601641B (en) Application link sharing method, apparatus and system
JP6800147B2 (en) Methods, devices, terminals and servers for verifying the security of service operations
US10313126B2 (en) Barcode security authentication method
JP2017509936A5 (en)
CN103001975A (en) Method, system and device used for controlling login and based on two-dimensional code
CN108111554B (en) Control method and device for access queue
CN107688733B (en) Service interface calling method, device, user terminal and readable storage medium
CA2960162C (en) Verification method and apparatus
AU2016373251A1 (en) Method for performing inter-system service operation, service platform, and target system
CN109120548B (en) Flow control method and device
CN102223354A (en) Network payment authentication method, server and system
WO2018183042A1 (en) Secure scannable code systems and methods
WO2015101171A1 (en) Method, device, and system for updating authentication informatoin
WO2015188780A1 (en) Method and apparatus for processing account information
CN105871785B (en) Service processing method, device and system
CN104917730B (en) A kind of method for authenticating and system, authentication server
US20140081873A1 (en) Online payment interactive processing method and online payment interactive processing system
CN109426961B (en) Card binding risk control method and device
CN111343177B (en) Method, device, equipment and medium for supervising lightweight node
CN115018612A (en) Business processing method and device based on bank counter
CN109818915A (en) A kind of information processing method and device, server and readable storage medium storing program for executing
CN114461912A (en) Information processing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20190730

Address after: Shenzhen Futian District City, Guangdong province 518044 Zhenxing Road, SEG Science Park 2 East Room 403

Co-patentee after: Tencent cloud computing (Beijing) limited liability company

Patentee after: Tencent Technology (Shenzhen) Co., Ltd.

Address before: Shenzhen Futian District City, Guangdong province 518000 Zhenxing Road, SEG Science Park 2 East Room 403

Patentee before: Tencent Technology (Shenzhen) Co., Ltd.

TR01 Transfer of patent right