CN105099708B - A kind of auth method - Google Patents

A kind of auth method Download PDF

Info

Publication number
CN105099708B
CN105099708B CN201510540195.3A CN201510540195A CN105099708B CN 105099708 B CN105099708 B CN 105099708B CN 201510540195 A CN201510540195 A CN 201510540195A CN 105099708 B CN105099708 B CN 105099708B
Authority
CN
China
Prior art keywords
check information
user
background server
checking request
sent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510540195.3A
Other languages
Chinese (zh)
Other versions
CN105099708A (en
Inventor
李洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai hundred million health care health Management Co., Ltd
Original Assignee
Shanghai Hundred Million Health Care Health Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Hundred Million Health Care Health Management Co Ltd filed Critical Shanghai Hundred Million Health Care Health Management Co Ltd
Priority to CN201510540195.3A priority Critical patent/CN105099708B/en
Publication of CN105099708A publication Critical patent/CN105099708A/en
Application granted granted Critical
Publication of CN105099708B publication Critical patent/CN105099708B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a kind of auth method, for user by realizing authentication between client and background server, user sends checking request to background server first, after background server receives the checking request that user sends, search whether that there are corresponding check information, if there is corresponding check information, then the check information is read;If without corresponding check information, new check information is generated, and preserve;Then the check information is sent to user by background server, after user receives check information, the check information received is sent to background server, background server compares the check information received at user and the check information locally preserved, it is verified if consistent, corresponding check information is removed, otherwise authentication failed.The bad situation of user experience caused by the method for the present invention can effectively avoid data collision.

Description

A kind of auth method
Technical field
The invention belongs to computer security technique field, more particularly to a kind of auth method.
Background technology
With the popularization of the development of internet, and smart mobile phone, mobile Internet initially enters daily life. Since mobile terminal is easier to lose, the mobile terminal of loss is easily by other people using come the Internet, applications account of login user Number.Therefore present the Internet, applications are both provided with the link of subscriber authentication, by verifying user identity and cell-phone number family The association of owner identification, confirmation are that user is using.
The process for carrying out authentication at present usually transmit a request to background server, background server generation by client Identifying code, is sent to user, such as short message, mail, wechat etc., after user receives identifying code, in client by diversified forms Input validation code is sent to background server on end, and background server receives the identifying code that client is sent, by comparing hair Whether the identifying code come and the identifying code that background server generates are consistent, to determine whether being that user is using.
But at present this mode to be sent to rate relatively low, using repeatedly/multipath verification customer information when, can be mutual between scheme Data collision is mutually produced, causes to reduce user experience.Such as after background server one identifying code of generation is sent to user, such as Fruit user does not receive at the appointed time, and client can then send request again, and background server regenerates another verification Code is sent to user, previous identifying code failure.And at this time if user receives and fills in first identifying code, it can cause to test Mistake is demonstrate,proved, background server can again generate and send the 3rd identifying code.
Obviously after user lives through multiple authentication mistake, user experience can be reduced.
The content of the invention
The object of the present invention is to provide a kind of auth method, to avoid occurring data collision in the prior art, causes The problem of reducing user experience.
To achieve these goals, technical solution of the present invention is as follows:
A kind of auth method, it is described for user by realizing authentication between client and background server Method includes:
User sends checking request to background server;
After background server receives the checking request that user sends, search whether there are corresponding check information, if There are corresponding check information, then reads the check information;If without corresponding check information, new verification letter is generated Breath, and preserve;
The check information is sent to user by background server;
After user receives check information, the check information received is sent to background server;
Background server compares the check information received at user and the check information locally preserved, if consistent It is verified, removes corresponding check information, otherwise authentication failed.
Further, the check information is additionally provided with the corresponding term of validity, and the background server receives user's hair After the checking request come, search whether there are corresponding check information, be to look for whether there is corresponding effective check information.
Further, it is described if there is corresponding check information, then after reading the check information, further include step:
Extend the term of validity of the check information, and the check information for extending the term of validity is preserved.
It is further, described that to remove corresponding check information be that to set the term of validity of the check information be failure.
Checking request of the present invention further includes channel pattern used by check information is sent, and the channel pattern includes Short message mode, mail mode, wechat pattern.
Further, after the background server receives the checking request that user sends, step is further included:
The channel pattern that checking request includes is obtained, corresponding check information is searched according to channel pattern or is generated newly Check information.
Further, the check information is sent to user by the background server, is included by checking request Channel pattern send check information.
Check information of the present invention preserves in the buffer, which can be the caching of background server local, also may be used To be the caching system being connected with background server.
A kind of auth method proposed by the present invention, by storing check information in the buffer, is receiving user's After checking request, corresponding check information is searched, there are during effective check information, is directly sent out using effective check information User is given, the bad situation of user experience caused by can effectively avoiding data collision.
Brief description of the drawings
Fig. 1 is a kind of auth method flow chart of the present invention.
Embodiment
Technical solution of the present invention is described in further details with reference to the accompanying drawings and examples, following embodiments are not formed Limitation of the invention.
Authentication is that the last time stored by check information more input by user and background server verifies letter Whether breath is consistent, to judge that the user currently logged in is strictly the validated user of registration.Usually pass through short message, mail, wechat etc. Channel pattern realizes verification, its essence is judging that the user that currently logs in is strictly the user of some related information, is, for example, The householder for the phone number registered during registration, or registration when register addresses of items of mail, the householder of WeChat ID.
The present embodiment is by taking short message sending check information (generally identifying code) as an example, to be said to the method for the present invention It is bright, it is equally applicable for the user's checking of wechat, Email Channel pattern.
As shown in Figure 1, a kind of auth method, includes the following steps:
F1, user send checking request to background server.
User is taken when logging in the Internet, applications, or when needing to carry out subscriber authentication by client to backstage Business device sends checking request.Client is the equipment that user is used for logging in and accessing the Internet, applications, can be mounted with client Hold mobile phone, tablet computer, common PC of software etc..
After F2, background server receive the checking request that user sends, search whether there are corresponding check information, such as Fruit then reads the check information there are corresponding check information;If without corresponding check information, new verification letter is generated Breath, and preserve.
The check information of the present embodiment preserves in the buffer, and caching can be the caching of background server local, can also It is the caching system being connected with background server, the invention is not restricted to the concrete form of caching.
After background server receives the checking request that user sends, corresponding test is searched according to the ID of user in the buffer Demonstrate,prove information.
If the check information is read, so that background server is provided with this there are corresponding check information in caching Check information.If there is no corresponding check information in caching, new check information is generated, and the check information is synchronized to Caching, preserves in the buffer.
It can be seen that by this step, auth method of the invention can effectively avoid user from not receiving at the appointed time To check information, and repeat the problem of background server caused by sending checking request regenerates another check information.When with Family does not receive check information at the appointed time, and repeats to send checking request, and the method for the present embodiment is to look into the buffer Corresponding check information is looked for, is to search whether exist in the buffer first when background server receives checking request for the second time The corresponding check information of the user, since the check information of first time checking request generation is not eliminated, will search To the check information, so that the check information is sent to user, second check information will not be regenerated.Also would not occur User receives first check information after second of checking request is sent, and inputs caused by the check information of first time and verifies Failure problem, that is, eliminate the possibility of data collision, improves the efficiency of verification.
Can be above-mentioned caching it should be noted that the present invention is not limited to the medium that check information preserves, can also It is the memory of server, directly preserves check information in the database.And the form that check information preserves in the buffer is led to Chang Weiyi bars record, which includes check information, User ID, easy to search corresponding check information according to User ID.
The check information of the present embodiment is additionally provided with the corresponding term of validity, is, for example, 30 minutes, the term of validity is higher than permission User does not receive the duration that check information sends checking request again.When being not provided with the term of validity, check information is in the buffer It is permanently effective.When check information is permanently effective, when other reasons cause authentication failed, the check information in caching has for a long time Effect so that check information has the risk of leakage, is easily utilized by illegal user.The term of validity is set effectively to avoid this feelings Condition, in the case that other reasons cause authentication failed, the check information is also expired quickly, it is necessary to regenerate, and promotes Check information upgrades in time, avoids being utilized by illegal user.
Further, when background server is searched whether there are during corresponding check information in the buffer, if found Corresponding effective check information, then further include step:
Extend the term of validity of the check information, and the check information for extending the term of validity is synchronized to caching, caching Middle preservation.
The term of validity of the check information of the present embodiment acquiescence is 30 minutes, and extends the term of validity of check information, and being ought The term of validity of preceding check information is again set at 30 minutes.It is easily understood that background server testing of receiving that user sends After card request, search whether there are corresponding check information, be to look for whether there is corresponding effective check information, for failure Check information no longer in limit of consideration, which is not described herein again.
Check information is sent to user by F3, background server.
After background server reads check information or newly-generated check information, i.e., check information is sent to user, this Embodiment is sent by way of SMS.
After F4, user receive check information, the check information received is sent to background server.
After user receives check information by SMS, by check information by client be sent to background server into Row authentication.
F5, background server compare the check information received at user and the check information locally preserved, if one Cause is then verified, and removes corresponding check information, otherwise authentication failed.
After background server receives check information input by user, compared with the check information that step F2 is obtained, Represent that user is to obtain check information by legal means if consistent, user is validated user, is verified;Otherwise recognize For user's input error, authentication failed.
After being verified, corresponding check information in caching is also removed, can directly be deleted, or sets its term of validity to be Failure.As it can be seen that in verification in the case of, check information can be all eliminated, and check information is in this case The term of validity is provided with, what is not influenced.And when user's input error causes authentication failed, check information will not be clear Remove, continue to verify if user stopped, which is retained, and easily is used to log in by other people.Therefore this implementation Example is provided with the term of validity for check information, is usually 30 minutes, after the term of validity, check information failure.And background server The checking request of user is being received, the check information in being cached by searching for discovery has failed, then regenerates new school Information is tested, extends its term of validity if also without failure, check information is issued into user.
In conclusion the auth method of the present invention, by storing check information in the buffer, is receiving user's After checking request, corresponding check information is searched, carrys out the bad situation of user experience caused by effectively avoiding data collision.
Due to that can realize the transmission of check information by channel patterns such as short message mode, mail mode, wechats, verification Information is usually check code, therefore the checking request of the present embodiment further includes channel pattern, and background server receives checking request Afterwards, corresponding check information is searched according to channel pattern or generates new check information, and pass through the passage in subsequent step Pattern sends check information.It can not include when Internet application system only supports a kind of channel pattern, in checking request logical Road pattern.
The above embodiments are merely illustrative of the technical solutions of the present invention rather than is limited, without departing substantially from essence of the invention In the case of refreshing and its essence, those skilled in the art make various corresponding changes and become in accordance with the present invention Shape, but these corresponding changes and deformation should all belong to the protection domain of appended claims of the invention.

Claims (6)

1. a kind of auth method, for user by realizing authentication between client and background server, its feature It is, the described method includes:
User sends checking request to background server;
After background server receives the checking request that user sends, search whether there are corresponding check information, if there is Corresponding check information, then read the check information;If without corresponding check information, new check information is generated, and Preserve;
The check information of reading or newly-generated check information are sent to user by background server;
After user receives check information, the check information received is sent to background server;
Background server compares the check information received at user and the check information locally preserved, is verified if consistent By removing corresponding check information, otherwise authentication failed;
Wherein, the check information is additionally provided with the corresponding term of validity, and the background server receives the verification that user sends After request, search whether there are corresponding check information, be to look for whether there is corresponding effective check information;
It is described if there is corresponding check information, then after reading the check information, further include step:
Extend the term of validity of the check information, and the check information for extending the term of validity is preserved.
2. auth method according to claim 1, it is characterised in that described to remove corresponding check information be to set The term of validity of the check information is failure.
3. auth method according to claim 1, it is characterised in that the checking request further includes check information hair Used channel pattern is sent, the channel pattern includes short message mode, mail mode, wechat pattern.
4. auth method according to claim 3, it is characterised in that the background server receives user and sends Checking request after, further include step:
The channel pattern that checking request includes is obtained, corresponding check information is searched according to channel pattern or generates new verification Information.
5. auth method according to claim 4, it is characterised in that the background server is by the check information User is sent to, is that the channel pattern included by checking request sends check information.
6. according to the auth method described in claim 1-5 any claims, it is characterised in that the check information is protected Deposit in the buffer.
CN201510540195.3A 2015-08-28 2015-08-28 A kind of auth method Active CN105099708B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510540195.3A CN105099708B (en) 2015-08-28 2015-08-28 A kind of auth method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510540195.3A CN105099708B (en) 2015-08-28 2015-08-28 A kind of auth method

Publications (2)

Publication Number Publication Date
CN105099708A CN105099708A (en) 2015-11-25
CN105099708B true CN105099708B (en) 2018-05-15

Family

ID=54579340

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510540195.3A Active CN105099708B (en) 2015-08-28 2015-08-28 A kind of auth method

Country Status (1)

Country Link
CN (1) CN105099708B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411922A (en) * 2016-10-31 2017-02-15 四川长虹电器股份有限公司 Security identity authentication method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102300182A (en) * 2011-09-07 2011-12-28 飞天诚信科技股份有限公司 Short-message-based authentication method, system and device
CN103002415A (en) * 2011-09-15 2013-03-27 阿里巴巴集团控股有限公司 Method and device for transmitting verification codes via short messages
CN104320767A (en) * 2014-11-10 2015-01-28 吴东辉 Short message verification system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102300182A (en) * 2011-09-07 2011-12-28 飞天诚信科技股份有限公司 Short-message-based authentication method, system and device
CN103002415A (en) * 2011-09-15 2013-03-27 阿里巴巴集团控股有限公司 Method and device for transmitting verification codes via short messages
CN104320767A (en) * 2014-11-10 2015-01-28 吴东辉 Short message verification system and method

Also Published As

Publication number Publication date
CN105099708A (en) 2015-11-25

Similar Documents

Publication Publication Date Title
CN103905194B (en) Identity traceability authentication method and system
CN105024986A (en) Account login method, device and system
CN104967622B (en) Based on the means of communication of vocal print, device and system
CN103840944A (en) Short message authentication method, server and system
CN105184567B (en) Processing method, processing unit and the mobile terminal of information
Kang et al. Security considerations for smart phone smishing attacks
US9077538B1 (en) Systems and methods for verifying user identities
CN110087241B (en) Service authorization method, device and system
CN105723373A (en) Method for encoding an access to a computer resource
CN105993156B (en) Server access verification method and device
CN104660401A (en) Authentication method, authentication system and terminal
US20160171801A1 (en) Apparatus and method for processing a plurality of logging policies
CN106850693A (en) The method and real-name authentication system of a kind of real-name authentication
CN113656780A (en) Cross-link access control method and device
CN110222085B (en) Processing method and device for certificate storage data and storage medium
CN108600259B (en) Authentication and binding method of equipment, computer storage medium and server
CN113852639B (en) Data processing method, device, electronic equipment and computer readable storage medium
CN106559386A (en) A kind of authentication method and device
CN108132948A (en) Handle the method and apparatus for crawling webpage
CN107294981B (en) Authentication method and equipment
CN105099708B (en) A kind of auth method
CN109088872A (en) Application method, device, electronic equipment and the medium of cloud platform with service life
CN113179282A (en) Method and device for merging account numbers and server
CN101257518B (en) Method and system for preventing lawless ordering without through charging gateway in WAP platform
CN109145543B (en) Identity authentication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20160129

Address after: 201802, room 6, No. 688, Lane 2115, Jia Jia Road, Shanghai, Jiading District

Applicant after: Shanghai hundred million health care health Management Co., Ltd

Address before: 201802 Shanghai City, Jiading District Road No. 88 Chen 6 Building 4 floor A room 4094

Applicant before: SHANGHAI JIANBAO HEALTH CO., LTD.

GR01 Patent grant
GR01 Patent grant