CN105516969B - A kind of SMS safe verification method - Google Patents
A kind of SMS safe verification method Download PDFInfo
- Publication number
- CN105516969B CN105516969B CN201510934958.2A CN201510934958A CN105516969B CN 105516969 B CN105516969 B CN 105516969B CN 201510934958 A CN201510934958 A CN 201510934958A CN 105516969 B CN105516969 B CN 105516969B
- Authority
- CN
- China
- Prior art keywords
- mobile phone
- code
- sdk
- safety
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of SMS safe verification methods, directly issued by mobile phone SDK invoking server interface requests safety verification code, server generates binary verification code and to safety verification code encryption, it is issued on verifying mobile phone by binary message channel, mobile phone SDK directly receives safety verification code and is decrypted, and SDK re-encrypts the identifying code after decryption, submits server authentication, server returns to verification result, directly shows verification result by mobile phone SDK.While the present invention promotes user experience, short message inbox is avoided, reminds user security state, the financial operations safety such as Internetbank, transaction, payment for protecting identifying code to carry out on mobile phone comprehensively in time.
Description
Technical field
The present invention relates to a kind of SMS safe verification methods.
Background technique
Identifying code is many kinds of, and purpose contributes to the verifying of user identity.Mobile phone identifying code is verified by sending
Code arrives mobile phone, and large-scale website especially shopping website is provided with mobile phone note verification code function, can relatively more accurate and safety
Ground guarantees the safety of shopping, verifies the correctness of user, is most effective verification code system.With phone number system of real name
Implement, mobile phone note verification code is associated with binding with phone number, and identifying code is located on phone number, relative to other verifyings
Code, is more able to verify that user identity.Therefore the identifying code issued by SMS channel is in correlations such as mobile-phone payment, telecommunication securities
Important authentication scene has more prior application extensively.
The security situations such as current phone payment, telecommunication fraud become increasingly complex, and numerous mobile phone users are using mobile-phone payment
In the process, the moment to pay attention to short message verification code safety.On mobile phone, identifying code short message is most important one during network payment
A safety verification link, short message verification code substituted sometimes bank card it is close become last safety verification means, have identifying code,
Hacker can steal the important informations such as user's Internetbank without restraint.
Regular handset short message verification code sends identifying code by interface and issues request to server, and server issues at random
Into mobile phone, short message inbox is received and is shown for number or letter.User reads identifying code, inserts in APP and is authenticated.It is i.e. general
Logical mobile phone note verification code operating process is as follows: user initiates identifying code verifying;User's input handset number;Mobile phone calling is commonly tested
Card code issues;Server receives instruction, issues ordinary authentication code;SMS case receives identifying code and in short message inbox
Display;User obtains identifying code and inserting in APP and is authenticated that (ordinary authentication code can also be read into short message case, other programs
It obtains).Regular handset identifying code shows that other programs are also easy to intercept and capture, crack and read in short message inbox.Identifying code quilt
Other program is intercepted and captured, cracks, is read, and the mobile phone safe and wealth that will result directly in user incur loss.
A large amount of mobile phone user's report claim it by short message fraud, and the cheated amount of money is mostly ten hundreds of, is all finally because of user
After infecting, identifying code is stealthily forwarded in criminal's mobile phone by wooden horse.
Once user, which is defrauded of, is mounted with Trojan software, the Trojan software will in the backstage continuous service of user mobile phone,
And monitor the payment verification code short message from bank.Once user mobile phone receives the payment verification code short message from bank, the wood
Horse will intercept short message, and the short message silence is forwarded on the cell-phone number that criminal specifies, by swindling plus virus
Method allows user to be taken in, and the mobile phone information safety and wealth for finally directly resulting in user incur loss.
Mobile phone normal short message identifying code is mostly text SMS, and enters short message inbox, is easily intercepted and captured and reads by other programs,
There are some potential safety problemss.
In conclusion normal short message identifying code safe verification method has the disadvantage in that
(1) verification operation process is relatively complicated: must re-enter identifying code in short message case after user's input handset number
Into APP, the cumbersome influence user experience of process;
(2) ordinary authentication code does not encrypt, and faces certain security risks;
(3) ordinary authentication code is easy to be intercepted and captured and stolen by other programs into mobile phone inbox;
(4) ordinary authentication code may be put into dustbin as refuse messages.
Summary of the invention
The present invention is directed to be encrypted using binary message identifying code and the characteristics of not into short message inbox, guarantee identifying code
It is not stolen by the intercepting and capturing of other program, to improve the safety of mobile phone identifying code, reduces identifying code and crack the risk stolen.
To solve the above-mentioned problems, the present invention provides a kind of SMS safe verification methods, comprising the following steps:
Step 1: user initiates safety verification code checking request by cell phone application and inputs this hand set in cell phone application
Number;
Step 2: mobile phone SDK calls directly server interface, and request safety verification code issues;
Step 3: issuing the request of safety verification code for mobile phone SDK, server to safety verification code carry out encryption and under
It is dealt into verifying mobile phone;
Step 4: mobile phone SDK directly receives the safety verification code of the binary message form after server for encrypting, to guarantee
Safety verification code is not cracked, intercepts and captures and is read by other program;
Step 5: mobile phone SDK decrypts the safety verification code received, and the safety verification code after decryption is re-encrypted, and mentions
It hands over to server authentication;
Step 6: server returns to verification result, and verification result is directly shown in mobile phone by mobile phone SDK.
According to a kind of above-mentioned SMS safe verification method, wherein server is issued by binary message channel to be added
Close safety verification code.
According to a kind of above-mentioned SMS safe verification method, wherein safety verification code is binary verification code.
According to a kind of above-mentioned SMS safe verification method, wherein binary verification code is not into inbox, not in addressee
It is shown in case.
According to a kind of above-mentioned SMS safe verification method, wherein mobile phone SDK is shown in mobile phone within a preset time
Verification result.
According to a kind of above-mentioned SMS safe verification method, wherein preset time is the several seconds.
Beneficial effect
The invention discloses a kind of SMS safe verification methods, are directly asked by mobile phone SDK invoking server interface
Safety verification code is asked to issue, server generates binary verification code and to safety verification code encryption, passes through binary message channel
It is issued on verifying mobile phone, mobile phone SDK directly receives safety verification code and is decrypted, and SDK adds the identifying code after decryption again
It is close, server authentication is submitted, server returns to verification result, directly shows verification result by mobile phone SDK.The present invention, which is promoted, to be used
While family is experienced, short message inbox is avoided, user security state is reminded in time, protects identifying code to carry out on mobile phone comprehensively
The financial operations safety such as Internetbank, transaction, payment.
In summary: there are following advantages by the present invention:
1, verification process is easy to operate: user only needs input handset number (do not need user and input verifying in APP), school
It tests result and directly shows that whole process is all automatically performed on mobile phone, be not necessarily to manual intervention, the user experience is improved.
2, promote the safety guarantee of safety verification code: mobile phone binary message safety verification code passes through under binary message
Hair, but not into short message case, be not easy to be intercepted and captured by other program, all processes all encrypt (and being by encrypting twice), other
Program, which will not intercept, to be also not easy to crack, and the anti-of identifying code can be greatly improved under the premise of not influencing user experience and is cracked
Power effectively increases the safety of user's checking, solves the safety problem of current phone banking system and e-commerce system,
The threat for not only preventing trojan horse program, also prevents the deception of " fishing website ", while avoiding current SMS dynamic
The problem of leakage of the plaintext of password.
3, system and security software will not all intercept mobile phone binary message safety verification code, will not be as ordinary authentication code one
Sample may be put into dustbin as refuse messages.
Detailed description of the invention
Fig. 1 is a kind of SMS safe verification method flow chart disclosed by the invention.
Specific embodiment
Present invention is further described in detail in the following with reference to the drawings and specific embodiments, but not as to limit of the invention
It is fixed.
Fig. 1 is a kind of SMS safe verification method flow chart disclosed by the invention, as shown in Figure 1, the present invention provides
A kind of SMS safe verification method, comprising the following steps:
Step 1: user initiates safety verification code checking request (S01) by cell phone application and inputs this in cell phone application
Hand set number (S02), when cell phone application operation needs to verify user identity, user, which clicks, initiates the verifying of safety verification code;
Step 2: mobile phone SDK is embedded in cell phone application, and mobile phone SDK calls directly server interface, requests safety verification
Code issues (S03);
Step 3: issuing the request of safety verification code for mobile phone SDK, server to safety verification code carry out encryption and under
It is dealt into verifying mobile phone (S04), the safety verification code issued is by server specific coding technology secrecy;
Step 4: mobile phone SDK directly receives the safety verification code of the binary message form after server for encrypting, binary system
Short message safety verification code does not enter short message inbox, does not show in inbox, to guarantee safety verification code not by other program
Crack, intercept and capture and read (S05);
Step 5: mobile phone SDK decrypts the safety verification code received, and the safety verification code after decryption is re-encrypted, and mentions
It hands over to server authentication (S06), identifying code is inconsistent unanimously then by verifying, verifies and does not pass through;
Step 6: server returns to verification result, and verification result (S07) is shown directly in mobile phone by mobile phone SDK.
According to a kind of above-mentioned SMS safe verification method, wherein server is issued by binary message channel to be added
Close safety verification code.
According to a kind of above-mentioned SMS safe verification method, wherein safety verification code is binary verification code.
According to a kind of above-mentioned SMS safe verification method, wherein according to a kind of above-mentioned SMS safety verification side
Method, wherein mobile phone SDK shows verification result in mobile phone within a preset time.
According to a kind of above-mentioned SMS safe verification method, wherein preset time is the several seconds.
The above is only the preferable embodiment of the present invention, not does in any form to technical solution of the present invention
Limitation.Any simple modification, form variation and modification are made to above embodiments according to the technical essence of the invention, fallen
Enter protection scope of the present invention.
Claims (4)
1. a kind of SMS safe verification method, it is characterised in that: the described method comprises the following steps:
Step 1: user initiates safety verification code checking request by cell phone application and inputs the machine cell-phone number in cell phone application
Code;
Step 2: mobile phone SDK calls directly server interface, and request safety verification code issues;
Step 3: issuing the request of safety verification code for mobile phone SDK, and server is encrypted and is issued to safety verification code
Verify mobile phone;
Step 4: mobile phone SDK directly receives the safety verification code of the binary message form after server for encrypting, to guarantee safety
Identifying code is not cracked, intercepts and captures and is read by other program;
Step 5: mobile phone SDK decrypts the safety verification code received, and the safety verification code after decryption is re-encrypted, and is committed to
Server authentication;
Step 6: server returns to verification result, and verification result is directly shown in mobile phone by mobile phone SDK;
Wherein, the mobile phone SDK is embedded in cell phone application;
Wherein the binary verification code is not shown not into inbox in inbox.
2. a kind of SMS safe verification method according to claim 1, it is characterised in that: the server passes through two
System short message channel issues encryption safe identifying code.
3. a kind of SMS safe verification method according to claim 1, it is characterised in that: the mobile phone SDK is pre-
If showing verification result in mobile phone in the time.
4. a kind of SMS safe verification method according to claim 3, it is characterised in that: the preset time is number
Second.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510934958.2A CN105516969B (en) | 2015-12-15 | 2015-12-15 | A kind of SMS safe verification method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510934958.2A CN105516969B (en) | 2015-12-15 | 2015-12-15 | A kind of SMS safe verification method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105516969A CN105516969A (en) | 2016-04-20 |
| CN105516969B true CN105516969B (en) | 2019-03-05 |
Family
ID=55724534
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510934958.2A Active CN105516969B (en) | 2015-12-15 | 2015-12-15 | A kind of SMS safe verification method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105516969B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106027501B (en) * | 2016-05-06 | 2017-08-01 | 北京芯盾时代科技有限公司 | A kind of system and method for being traded safety certification in a mobile device |
| CN106060791B (en) * | 2016-07-05 | 2021-01-12 | Tcl科技集团股份有限公司 | Method and system for sending and obtaining short message verification code |
| CN106060098B (en) * | 2016-08-09 | 2019-07-09 | 北京小米支付技术有限公司 | Processing method, processing unit and the processing system of identifying code |
| CN106529944A (en) * | 2016-10-21 | 2017-03-22 | 维沃移动通信有限公司 | Payment safety guarantee reminding method and mobile terminal |
| CN106911564B (en) * | 2017-02-23 | 2018-08-21 | 中卓信(北京)科技有限公司 | The identification of binary format information and execution method |
| CN107071752A (en) * | 2017-03-20 | 2017-08-18 | 唐承龙 | Industry short message is counter to swindle anti-leakage system platform |
| CN109510797A (en) * | 2017-09-14 | 2019-03-22 | 中兴通讯股份有限公司 | Message forwarding method, system, server and computer readable storage medium |
| CN110234082B (en) * | 2019-05-30 | 2021-10-22 | 深圳市梦网科技发展有限公司 | Addressing method and device of mobile terminal, storage medium and server |
| CN110830930B (en) * | 2019-11-19 | 2021-09-24 | 东北石油大学 | Verification code anti-sniffing processing method and device |
| CN113032753B (en) * | 2021-04-15 | 2023-09-12 | 维沃移动通信有限公司 | Identity verification method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102447696A (en) * | 2011-11-17 | 2012-05-09 | 盛大计算机(上海)有限公司 | One-key registration and login verification method and system used in mobile equipment |
| CN102567198A (en) * | 2010-12-30 | 2012-07-11 | 中国移动通信集团公司 | System and method for testing application program in physical system environment |
| CN103595769A (en) * | 2013-10-29 | 2014-02-19 | 北京奇虎科技有限公司 | Method and device for achieving file uploading through SDK |
| CN104079581A (en) * | 2014-07-16 | 2014-10-01 | 金红宇 | Identity authentication method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110217994A1 (en) * | 2010-03-03 | 2011-09-08 | Boku, Inc. | Systems and Methods to Automate Transactions via Mobile Devices |
-
2015
- 2015-12-15 CN CN201510934958.2A patent/CN105516969B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102567198A (en) * | 2010-12-30 | 2012-07-11 | 中国移动通信集团公司 | System and method for testing application program in physical system environment |
| CN102447696A (en) * | 2011-11-17 | 2012-05-09 | 盛大计算机(上海)有限公司 | One-key registration and login verification method and system used in mobile equipment |
| CN103595769A (en) * | 2013-10-29 | 2014-02-19 | 北京奇虎科技有限公司 | Method and device for achieving file uploading through SDK |
| CN104079581A (en) * | 2014-07-16 | 2014-10-01 | 金红宇 | Identity authentication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105516969A (en) | 2016-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105516969B (en) | A kind of SMS safe verification method | |
| Reaves et al. | Mo (bile) money, mo (bile) problems: Analysis of branchless banking applications | |
| Wang et al. | Mobile payment security, threats, and challenges | |
| US9998441B2 (en) | Client authentication using social relationship data | |
| WO2017032263A1 (en) | Identity authentication method and apparatus | |
| CN109039652B (en) | Digital certificate generation and application method | |
| CN106027501B (en) | A kind of system and method for being traded safety certification in a mobile device | |
| US20150237201A1 (en) | Telephone Caller Authentication | |
| CN104065621A (en) | Identify verification method for third-party service, client and system | |
| CN103778728A (en) | Method and system for realizing transaction without bank card through automatic teller machine | |
| CN102880960A (en) | Short message payment method and system based on fingerprint identifying mobile phone | |
| US8312288B2 (en) | Secure PIN character retrieval and setting using PIN offset masking | |
| CN202854880U (en) | SMS payment system based on fingerprint identification mobile phone | |
| CN109412812A (en) | Data safe processing system, method, apparatus and storage medium | |
| CN102694780A (en) | Digital signature authentication method, payment method containing the same and payment system | |
| Yoo et al. | Case study of the vulnerability of OTP implemented in internet banking systems of South Korea | |
| CN111210287A (en) | Tax UKey-based invoicing method and system | |
| CN107566413B (en) | Smart card security authentication method and system based on data short message technology | |
| CN103200009A (en) | System and method for fingerprint encryption and decryption | |
| CN106101064A (en) | Account login method and device | |
| WO2017084569A1 (en) | Method for acquiring login credential in smart terminal, smart terminal, and operating systems | |
| CN105184557A (en) | Payment authentication method and system | |
| CN111181960A (en) | Safety credit granting and signature system based on terminal equipment block chain application | |
| Haupert et al. | Paying the price for disruption: How a FinTech allowed account takeover | |
| CN104463584A (en) | Method for achieving mobile terminal App safety payment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220617 Address after: Room 403-030, 4th floor, building 6, yard 1, Shangdi 10th Street, Haidian District, Beijing 100085 Patentee after: Beijing zhongyingtong Information Technology Co.,Ltd. Address before: Room 204, zone a, floor 2, No. 12, Shangdi Information Road, Haidian District, Beijing 100085 Patentee before: ZHONGZHUOXIN (BEIJING) TECHNOLOGY CO.,LTD. |
|
| TR01 | Transfer of patent right |