CN105592005B - Security verification method, device and system - Google Patents

Security verification method, device and system Download PDF

Info

Publication number
CN105592005B
CN105592005B CN201410568196.4A CN201410568196A CN105592005B CN 105592005 B CN105592005 B CN 105592005B CN 201410568196 A CN201410568196 A CN 201410568196A CN 105592005 B CN105592005 B CN 105592005B
Authority
CN
China
Prior art keywords
verification
user
verification code
terminal equipment
terminal device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410568196.4A
Other languages
Chinese (zh)
Other versions
CN105592005A (en
Inventor
董梁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201410568196.4A priority Critical patent/CN105592005B/en
Publication of CN105592005A publication Critical patent/CN105592005A/en
Application granted granted Critical
Publication of CN105592005B publication Critical patent/CN105592005B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A security authentication method, comprising: when a request of a user for performing preset operation is received, a first verification code is generated and sent to a user reserved terminal device, the reserved terminal device is requested to report first geographical position information, a second verification code input by the user currently verified is obtained, the terminal device currently verified is requested to report second geographical position information, the distance between the reserved terminal device and the terminal device currently verified is calculated according to the first geographical position information and the second geographical position information, and if the distance is smaller than or equal to a preset value, verification of the second verification code is passed. In addition, the invention also provides a safety verification device. The security verification method and the security verification device can effectively improve the security of user operation and reduce the success rate of malicious operation caused by verification code leakage.

Description

Security verification method, device and system
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a security verification method, apparatus, and system.
Background
Identity authentication is also called "authentication" and "authentication", which means that the user identity is confirmed by a certain means. From the current internet development form, with the continuous improvement of an account system, more and more login and consumption operations need to carry out identity verification on an operator through a verification code.
In the prior art, short message type verification information is usually sent to user operation equipment, the type of verification information belongs to a semi-fixed verification mode and is not associated with the operation equipment, if the verification information is stolen by a person by using a mobile phone Trojan, correct verification information can be easily obtained, identity verification is successfully completed, and the safety of user information is reduced.
Disclosure of Invention
In view of this, the present invention provides a security verification method, device and system, which can improve the security of user operation and reduce the risk of user information theft through the verification of the geographic location.
The safety verification method provided by the embodiment of the invention comprises the following steps:
when a request of a user for performing preset operation is received, generating a first verification code, sending the first verification code to a reserved terminal device corresponding to a user account of the user, and requesting the reserved terminal device to report first geographical position information; acquiring a second verification code input by a currently verified user, and requesting the currently verified terminal equipment to report second geographical location information; calculating the distance between the reserved terminal equipment and the currently verified terminal equipment according to the first geographical position information and the second geographical position information; and judging whether the distance is smaller than or equal to a preset value, if so, not intercepting the verification of the second verification code.
The safety verification device provided by the embodiment of the invention comprises:
the device comprises a generating unit, a verification unit and a verification unit, wherein the generating unit is used for generating a first verification code when a request of a user for performing preset operation is received; a sending unit, configured to send the first verification code to a reserved terminal device corresponding to the user account of the user; the request unit is used for requesting the reserved terminal equipment to report first geographical position information; the acquisition unit is used for acquiring a second verification code input by a currently verified user; the request unit is further configured to request the currently verified terminal device to report second geographic location information; a calculating unit, configured to calculate, according to the first geographical location information and the second geographical location information, a distance between the reserved terminal device and the currently verified terminal device; and the processing unit is used for not intercepting the verification of the second verification code if the distance is less than or equal to a preset value.
The safety verification system provided by the embodiment of the invention comprises:
the server reserves the terminal equipment and the currently verified terminal equipment;
the server is used for generating a first verification code when receiving a request of a user for performing preset operation, sending the first verification code to the reserved terminal equipment corresponding to a user account of the user, requesting the reserved terminal equipment to report first geographical position information, acquiring a second verification code input by the currently verified user, requesting the currently verified terminal equipment to report second geographical position information, calculating a distance between the reserved terminal equipment and the currently verified terminal equipment according to the first geographical position information and the second geographical position information, judging whether the distance is smaller than or equal to a preset value, and if so, not intercepting verification of the second verification code; the reserved terminal device is used for reporting the first geographical location information to the server; and the currently verified terminal equipment is used for reporting the second geographical location information to the server.
The safety verification method, the device and the system provided by the embodiment of the invention can acquire the geographical position information reported by the user reserved terminal equipment requesting the preset operation and the geographical position information reported by the terminal equipment used for the current verification by the user who verifies, compare the distance between the reserved terminal equipment and the current verification terminal equipment, determine that the user himself carries out the verification when the distance is less than a certain value, pass the verification of the verification code, and improve the safety of the user operation by combining the double verification of the verification code and the geographical position information, thereby greatly reducing the success rate of malicious operation caused by the leakage of the verification code.
In order to make the aforementioned and other objects, features and advantages of the invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
Fig. 1 is a schematic diagram of a verification code verification system according to a first embodiment of the present invention.
Fig. 2 shows a block diagram of a server.
Fig. 3 shows a block diagram of a mobile terminal.
Fig. 4 is a flowchart illustrating a security verification method according to a second embodiment.
Fig. 5 is a schematic flowchart of a security verification method according to a third embodiment.
Fig. 6 is a schematic flowchart of a security verification method according to a fourth embodiment.
Fig. 7 is a schematic diagram of a security authentication device according to a fifth embodiment.
Fig. 8 is a schematic diagram of a security verification apparatus according to a sixth embodiment.
Detailed Description
To further illustrate the technical means and effects of the present invention adopted to achieve the predetermined objects, the following detailed description of the embodiments, structures, features and effects according to the present invention will be made with reference to the accompanying drawings and preferred embodiments.
The embodiment of the invention provides a safety verification method, which can effectively improve the safety of user operation and greatly reduce the success rate of malicious operation caused by verification code leakage when a user performs specific operation through mobile terminal equipment.
Referring to fig. 1, fig. 1 is a schematic diagram of a verification code verification system according to an embodiment of the present invention.
The server 10 is connected to the terminal device 20 through a network.
The terminal device 20 is a mobile terminal device with a touch screen, such as a smart phone, a palm computer, and a tablet computer. The number of the reserved terminal devices is only one, that is, the reserved terminal devices used when the user performs the preset operation, the reserved terminal devices are the verification devices which are reserved in the system for verifying the identity when the user registers the user account, for example, the user can reserve a mobile phone number in the system, when the user performs the preset operation through the user account, the system interacts with the reserved terminal devices corresponding to the mobile phone number, for example, the server sends a verification code for identity verification to the reserved terminal devices, and the user obtains the related authorization of the server after inputting the verification code, so as to complete the related verification of the user identity.
The terminal device 20 may have two cases. One is that the user uses a terminal device other than the reserved terminal device to perform the preset operation, but the distance between the reserved terminal device and the currently used terminal device is small. And the other is that the illegal user steals the verification code and then verifies the verification code through other terminal equipment, and the distance between the other currently verified terminal equipment and the reserved terminal equipment is larger.
Specifically, the user performs a preset operation through the terminal device, where the preset operation generally refers to operations requiring higher security such as login and payment, and may be that the user opens an Application (APP) of the device on the mobile terminal to implement the preset operation in the APP, or opens a webpage through the mobile terminal device to implement the preset operation on the webpage. The mobile terminal device sends the request of the user for the preset operation to the server, the server receives the request of the user for the preset operation, the preset operation is confirmed to need to verify the verification code of the user so as to confirm the legal identity of the user, and further operation can be carried out after the verification is successful. To verify the identity of the user, a first verification code is generated, which may be a string of numbers, such as 254780. And inquiring reserved terminal equipment corresponding to the user account of the user, and sending the first verification code to the reserved terminal equipment, so that the reserved terminal equipment displays the first verification code to the user. For example, the content of "254780" as the verification code is sent to the mobile phone number reserved by the user in the form of short message.
And simultaneously requesting the reserved terminal equipment to report first geographical location information, wherein the first geographical location information refers to various information which can represent the geographical location of the reserved terminal equipment. Specifically, the first geographical location information may include: location Based Service (LBS) information of the reserved terminal device, or index information for finding the first geographical Location of the reserved terminal device. For example, the reserved terminal device is currently located in an office building, the geographic location of the office building has a fixed identifier in the geographic location system, that is, the first geographic location information may not be a specific address, but may be a fixed identifier of a specific address, and a corresponding specific geographic location may be found in the database by using the fixed identifier, so that the identifier of the specific geographic location may be the index information.
Furthermore, LBS information of the reserved terminal device, such as its geographic coordinates or geodetic coordinates, may also be actively acquired through a telecommunications network (e.g. GSM network, CDMA network) of a telecommunications mobile operator or an external positioning means (e.g. global positioning system).
When a user who performs current verification inputs a second verification code in a verification code input position of an operation interface of a terminal device used by the user, the server acquires the second verification code and requests the current verified terminal device to report second geographic position information, wherein the second geographic position information is current geographic position information of the current verified terminal device, and the second geographic position information may include: LBS information of the currently authenticated terminal device, or index information for finding the second geographic location of the currently authenticated terminal device.
And calculating the distance between the reserved terminal equipment and the currently verified terminal equipment according to the first geographical position information and the second geographical position information, and judging whether the calculated distance is less than or equal to a preset value, wherein the preset value is set by a system, and can be 10 meters, for example. If the calculated distance is less than or equal to the preset value, it indicates that the distance between the currently verified terminal device and the reserved terminal device is short, even the distance is zero, that is, the same terminal device is obtained, the currently verified user can be confirmed to be the user who performs the preset operation before, the verification of the second verification code input by the user is passed, that is, after the currently verified user is confirmed to be the user, the verification of the second verification code is not intercepted, then the second verification code is verified, and whether the second verification code is the same as the first verification code or not is judged. If the calculated distance is greater than the preset value, it is indicated that the distance between the currently verified terminal device and the reserved terminal device is far, it can be determined that the currently verified user is not the user who previously performed the preset operation, and the currently verified user is an illegal user, the verification of the second verification code is intercepted, whether the second verification code is correct is not verified, and whether the second verification code is the first verification code issued before is not judged. In order to prevent the interception of the verification of the legal user by mistake, whether the user currently performing the verification is the legal user needs to be further confirmed, a calling device is used for calling the currently verified terminal device to confirm whether the user initiating the current verification is the legal user, namely whether the user is the user or a person authorized by the user, if so, the verification of the second verification code is passed, and if not, the verification of the second verification code is intercepted.
Further, after the verification of the second verification code is passed, whether the first verification code sent to the reserved terminal device of the user requesting the preset operation is the same as the second verification code input by the currently verified user is judged, if so, the input of the second verification code currently verified is confirmed to be correct, and the user can continue the preset operation through verification.
The terminal device 20 reports the first geographical location information and the second geographical location information to the server 10.
For the specific details of the server 10 and the terminal device 20 executing the above technical solutions in the embodiments of the security verification system, reference is made to the following description of each embodiment.
In this embodiment, the geographic position information reported by the user reservation terminal device requesting the preset operation is acquired while the verification code is issued, the geographic position information reported by the user reservation terminal device requesting the preset operation and used for the verification of the current verification terminal device by the verification user are compared, when the distance is smaller than a certain value, the user is determined to perform the verification this time, the verification of the verification code is released, and the security of the user operation can be improved by combining the verification code and the dual verification of the geographic position information, so that the success rate of malicious operation caused by the leakage of the verification code is greatly reduced.
Fig. 2 is a block diagram of an embodiment of the server 10. As shown in FIG. 2, the server 10 may vary significantly due to configuration or performance, and may include one or more Central Processing Units (CPUs) 122 (e.g., one or more processors) and memory 132, one or more storage media 130 (e.g., one or more mass storage devices) storing applications 142 or data 144. Memory 132 and storage medium 130 may be, among other things, transient or persistent storage. The program stored in the storage medium 130 may include one or more modules (not shown), each of which may include a series of instruction operations for the server. Still further, the central processor 122 may be configured to communicate with the storage medium 130 to execute a series of instruction operations in the storage medium 130 on the server 10. The server 10 may also include one or more power supplies 126, one or more wired or wireless network interfaces 150, one or more input-output interfaces 158, and/or one or more operating systems 141, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and so forth. The steps performed by the server 10 described in the embodiments below may be based on the server architecture shown in fig. 2.
Fig. 3 shows a block diagram of a mobile terminal device. As shown in fig. 3, the mobile terminal device 20 may include a memory 202, a memory controller 204, one or more processors (only one shown) 206, a peripheral interface 208, a radio frequency module 210, and a touch screen 212. These components communicate with one another via one or more communication buses/signal lines 222.
It is to be understood that the structure shown in fig. 3 is only an illustration and does not limit the structure of the mobile terminal device 20. For example, the mobile terminal device 20 may also include more or fewer components than shown in FIG. 3, or have a different configuration than shown in FIG. 3. The components shown in fig. 3 may be implemented in hardware, software, or a combination thereof.
The memory 202 may be used to store software programs and modules, such as program instructions/modules corresponding to the character input method and apparatus in the terminal device in the embodiment of the present invention, and the processor 206 executes various functional applications and data processing by running the software programs and modules stored in the memory 204, so as to implement the instant messaging message playing method described above.
The memory 202 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 202 may further include memory located remotely from the processor 206, which may be connected to the mobile terminal device 20 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. Access to the memory 202 by the processor 206, and possibly other components, may be under the control of the memory controller 204.
The peripheral interface 208 couples various input/output devices to the CPU and to the memory 202. Processor 206 executes various software, instructions within memory 202 to perform various functions of terminal device 20 and to perform data processing.
In some embodiments, the peripheral interface 208, the processor 206, and the memory controller 204 may be implemented in a single chip. In other examples, they may be implemented separately from the individual chips.
The rf module 210 is used for receiving and transmitting electromagnetic waves, and implementing interconversion between the electromagnetic waves and electrical signals, so as to communicate with a communication network or other devices. The rf module 210 may include various existing circuit elements for performing these functions, such as an antenna, an rf transceiver, a digital signal processor, an encryption/decryption chip, a Subscriber Identity Module (SIM) card, memory, and so forth. The rf module 210 may communicate with various networks such as the internet, an intranet, a wireless network, or with other devices via a wireless network. The wireless network may comprise a cellular telephone network, a wireless local area network, or a metropolitan area network. The Wireless network may use various Communication standards, protocols, and technologies, including, but not limited to, Global System for Mobile Communication (GSM), Enhanced Mobile Communication (Enhanced Data GSM Environment, EDGE), wideband Code division multiple Access (W-CDMA), Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), bluetooth, Wireless Fidelity (WiFi) (e.g., Institute of Electrical and Electronics Engineers (IEEE) standard IEEE802.11 a, IEEE802.11 b, IEEE802.1 g, and/or IEEE802.1 n), Voice over internet protocol (VoIP), world wide mail for internet, Wi-Max, and any other suitable protocol for instant messaging, including, but not limited to, Wireless systems for Mobile Communication (GSM), Enhanced Data GSM, EDGE, wideband Code division multiple Access (W-CDMA), Wireless Fidelity, WiFi (e.g., IEEE802.11 a, IEEE802.11 b), VoIP, and/or IEEE802.1 n), Voice over internet telephony (VoIP), Wireless mail Access (Wi-Max), and any other suitable protocol for instant messaging, and may even include those protocols that have not yet been developed.
The touch screen 212 provides both an output and an input interface between the first terminal 20 and the user. In particular, the touch screen 212 displays video output to the user, the content of which may include text, graphics, video, and any combination thereof. Some of the output results are for some of the user interface objects. The touch screen 212 also receives user inputs, such as user clicks, swipes, and other gesture operations, so that the user interface objects respond to these user inputs. The technique of detecting user input may be based on resistive, capacitive, or any other possible touch detection technique. Specific examples of touch screen 212 display units include, but are not limited to, liquid crystal displays or light emitting polymer displays.
Referring to fig. 4, a security verification method according to a second embodiment includes:
401. when a request of a user for carrying out preset operation is received, generating a first verification code;
the user performs preset operation through the terminal device, and the preset operation generally refers to operations requiring higher security such as login and payment. The user realizes the preset operation through opening the APP of the equipment on the mobile terminal, or the webpage is opened through the mobile terminal equipment, and the preset operation is realized on the webpage. And the mobile terminal equipment sends the request of the user for the preset operation to the server.
The server receives the request of the user for the preset operation, confirms that the preset operation needs to verify the verification code of the user so as to confirm the legal identity of the user, and can perform further operation after the verification is successful. To verify the identity of the user, a first verification code is generated, which may be a string of numbers, such as "2547", or a plurality of Chinese characters, such as "lemon tree", or other forms that facilitate verification.
402. Sending the first verification code to a reserved terminal device corresponding to the user account of the user, and requesting the reserved terminal device to report first geographical position information;
and inquiring reserved terminal equipment corresponding to the user account of the user, and sending the first verification code to the reserved terminal equipment, so that the reserved terminal equipment displays the first verification code to the user. For example, the content of "2547" as the verification code is sent to the mobile phone number reserved by the user in the form of a short message.
And simultaneously requesting the reserved terminal equipment to report first geographical location information, wherein the first geographical location information refers to various information which can represent the geographical location of the reserved terminal equipment. Specifically, the first geographical location information may include: LBS information of the reserved terminal device, or index information for finding the first geographical location of the reserved terminal device. For example, the reserved terminal device is currently located in an office building, the geographic location of the office building has a fixed identifier in the geographic location system, that is, the first geographic location information may not be a specific address, but may be a fixed identifier of a specific address, and a corresponding specific geographic location may be found in the database by using the fixed identifier, so that the identifier of the specific geographic location may be the index information.
The server requests the reserved terminal device to report the first geographical location information, the reserved terminal device obtains its own geographical location information through a built-in positioning module for reporting, further, the server can also actively obtain LBS information of the reserved terminal device through a radio communication network (such as a GSM network, a CDMA network) or an external positioning mode (such as a global positioning system) of a telecom mobile operator, for example, obtain its geographical coordinates or geodetic coordinates.
403. Acquiring a second verification code input by a currently verified user, and requesting the currently verified terminal equipment to report second geographical location information;
when a user who carries out current verification inputs a second verification code in a verification code input position of an operation interface of the terminal equipment used by the user, the server acquires the second verification code and requests the current verified terminal equipment to report second geographic position information.
The second geographical location information is current geographical location information of the currently verified terminal device, and the second geographical location information may include: LBS information of the currently authenticated terminal device, or index information for finding the second geographic location of the currently authenticated terminal device.
404. Calculating the distance between the reserved terminal equipment and the current verified terminal equipment according to the first geographical position information and the second geographical position information;
according to the first geographical location information and the second geographical location information, the distance between the first geographical location and the second geographical location, that is, the distance between the reserved terminal device and the currently verified terminal device, may be calculated.
405. And judging whether the distance is less than or equal to a preset value, and if so, passing the verification of the second verification code.
And judging whether the distance between the reserved terminal equipment and the currently verified terminal equipment is less than or equal to a preset value or not. The preset value is set by the system and may be, for example, 10 meters.
If the distance is smaller than or equal to the preset value, the distance between the currently verified terminal device and the reserved terminal device is indicated to be close, wherein when the distance is equal to the preset value, the distance between the currently verified terminal device and the reserved terminal device is indicated to be zero, namely the same terminal device is obtained, the currently verified user can be confirmed to be the user who performs the preset operation before, the verification of a second verification code input by the user is passed, namely after the currently verified user is confirmed to be the user himself, the verification of the second verification code is not intercepted, then the second verification code is verified, and whether the second verification code is the same as the first verification code or not is judged.
In the embodiment of the invention, the geographic position information reported by the user reserved terminal equipment requesting the preset operation is acquired while the verification code is issued, the geographic position information reported by the terminal equipment used for performing the current verification by the user performing the verification is acquired, the distance between the reserved terminal equipment and the terminal equipment currently performing the verification is compared, when the distance is less than a certain value, the user is determined to perform the verification for the user himself, the verification of the verification code is released, and the double verification of the verification code and the geographic position information is combined, so that the safety of the user operation can be improved, and the success rate of malicious operation caused by the leakage of the verification code is greatly reduced.
Referring to fig. 5, a security verification method according to a third embodiment includes:
501. when a request of a user for carrying out preset operation is received, generating a first verification code;
the user performs preset operation through the terminal device, and the preset operation generally refers to operations requiring higher security such as login and payment. And the mobile terminal equipment sends the request of the user for the preset operation to the server. The server receives the request of the user for the preset operation, confirms that the preset operation needs to verify the verification code of the user so as to confirm the legal identity of the user, and can perform further operation after the verification is successful. To verify the identity of a user, a first verification code is generated
502. Sending the first verification code to a reserved terminal device corresponding to the user account of the user, and requesting the reserved terminal device to report first geographical position information;
and inquiring reserved terminal equipment corresponding to the user account of the user, and sending the first verification code to the reserved terminal equipment, so that the reserved terminal equipment displays the first verification code to the user.
And simultaneously requesting the reserved terminal equipment to report first geographical location information, wherein the first geographical location information refers to various information which can represent the geographical location of the reserved terminal equipment. Specifically, the first geographical location information may include: LBS information of the reserved terminal device, or index information for finding the first geographical location of the reserved terminal device.
503. Acquiring a second verification code input by a currently verified user, and requesting the currently verified terminal equipment to report second geographical location information;
when a user who carries out current verification inputs a second verification code in a verification code input position of an operation interface of the terminal equipment used by the user, the server acquires the second verification code and requests the current verified terminal equipment to report second geographic position information.
The second geographical location information is current geographical location information of the currently verified terminal device, and the second geographical location information may include: LBS information of the currently authenticated terminal device, or index information for finding the second geographic location of the currently authenticated terminal device.
504. Calculating the distance between the reserved terminal equipment and the current verified terminal equipment according to the first geographical position information and the second geographical position information;
505. judging whether the distance is less than or equal to a preset value;
and judging whether the distance between the reserved terminal equipment and the currently verified terminal equipment is less than or equal to a preset value or not.
If yes, go to step 506, otherwise go to step 507.
506. Passing the verification of the second verification code;
if the distance is less than or equal to the preset value, it indicates that the distance between the currently verified terminal device and the reserved terminal device is short, wherein when the distance is equal to the preset value, it indicates that the distance between the currently verified terminal device and the reserved terminal device is zero, that is, the same terminal device is obtained, and it can be determined that the currently verified user is the user who previously performed the preset operation. The verification of the second verification code input by the user is passed, that is, after the user who performs the verification currently is the user himself is confirmed, the verification of the second verification code is not intercepted, and then the second verification code is verified, and whether the second verification code is the same as the first verification code or not is judged.
507. Intercepting the verification of the second verification code;
if the calculated distance is greater than the preset value, it indicates that the distance between the currently verified terminal device and the reserved terminal device is far, and it can be determined that the currently verified user is not the user who previously performed the preset operation, and is an illegal user. Then the verification of the second verification code is intercepted, namely whether the second verification code is correct or not is not verified any more, and whether the second verification code is the first verification code issued before or not is judged.
508. Calling the currently verified terminal equipment by calling equipment to confirm whether the user initiating the current verification is a legal user.
If yes, go to step 506, pass the verification of the second verification code, otherwise go to step 507, intercept the verification of the second verification code.
After the system intercepts the verification of the second verification code, in order to prevent false interception, calling equipment is called to call the currently verified terminal equipment so as to confirm whether the user initiating the current verification is a legal user, wherein the legal user refers to the user himself or a person authorized by the user. Specifically, the method may include initiating an outbound service to a reserved terminal of the user through a manual customer service to call a currently verified terminal device, knowing in detail whether the operation is performed by the user himself or is completed by a user authorized related person, if so, passing through the verification of the second verification code, and if not, intercepting the verification of the second verification code. The accuracy of the user identity confirmation can be further improved.
In the embodiment of the invention, the geographic position information reported by the user reserved terminal equipment requesting the preset operation is acquired while the verification code is issued, the geographic position information reported by the terminal equipment used for performing the current verification by the user performing the verification is acquired, the distance between the reserved terminal equipment and the terminal equipment currently performing the verification is compared, when the distance is less than a certain value, the user is determined to perform the verification for the user himself, the verification of the verification code is released, and the double verification of the verification code and the geographic position information is combined, so that the safety of the user operation can be improved, and the success rate of malicious operation caused by the leakage of the verification code is greatly reduced.
Referring to fig. 6, fig. 6 is a security verification method provided by a fourth embodiment, where a reserved terminal device and a currently verified terminal device in fig. 6 may be the same terminal device, or may be two different terminal devices, and in order to describe the technical solution, fig. 6 takes the reserved terminal device and the currently verified terminal device as two different terminal devices for example to describe, the method includes:
601. the server generates a first verification code;
when a request of a user for performing preset operation is received, the server generates a first verification code.
602. The server sends the first verification code to the reserved terminal equipment and requests the reserved terminal equipment to report first geographical position information;
and the server sends the generated first verification code to a reserved terminal device corresponding to the user account of the user and requests the reserved terminal device to report first geographical position information.
603. The reserved terminal equipment reports the first geographical position information to the server;
and the server receives the first geographical position information reported by the reserved terminal equipment.
604. Acquiring a second verification code input by a currently verified user, and requesting the currently verified terminal equipment to report second geographical location information;
and the currently verified user inputs the second verification code through the currently verified terminal equipment to verify the preset operation. And the server acquires a second verification code input by the currently verified user and requests the currently verified terminal equipment to report second geographic position information.
605. The current verified terminal device reports the second geographical location information to the server;
and the server receives the second geographical location information reported by the currently verified terminal equipment.
606. And calculating the distance between the reserved terminal equipment and the currently verified terminal equipment according to the first geographical position information and the second geographical position information, judging whether the distance is less than or equal to a preset value, and if so, passing the verification of the second verification code.
In the embodiment of the invention, the geographic position information reported by the user reserved terminal equipment requesting the preset operation is acquired while the verification code is issued, the geographic position information reported by the terminal equipment used for performing the current verification by the user performing the verification is acquired, the distance between the reserved terminal equipment and the terminal equipment currently performing the verification is compared, when the distance is less than a certain value, the user is determined to perform the verification for the user himself, the verification of the verification code is released, and the double verification of the verification code and the geographic position information is combined, so that the safety of the user operation can be improved, and the success rate of malicious operation caused by the leakage of the verification code is greatly reduced.
Referring to fig. 7, a security authentication apparatus according to a fifth embodiment can be applied to the server 10 in fig. 1, and the security authentication apparatus includes:
a generating unit 71, configured to generate a first verification code when a request for a user to perform a preset operation is received;
a sending unit 72, configured to send the first verification code to a reserved terminal device corresponding to the user account of the user;
a requesting unit 73, configured to request the reserved terminal device to report first geographical location information;
an obtaining unit 74, configured to obtain a second verification code input by a currently verified user;
the requesting unit 73 is further configured to request the currently verified terminal device to report the second geographic location information;
a calculating unit 75, configured to calculate a distance between the reserved terminal device and the currently verified terminal device according to the first geographic location information and the second geographic location information;
and the processing unit 76 is configured to not intercept the verification of the second verification code if the distance is less than or equal to a preset value.
For a specific process of each unit executing its function in the embodiment of the present invention, refer to the description of the embodiment shown in fig. 1 to 6, which is not described herein again.
In the embodiment of the invention, the geographic position information reported by the user reserved terminal equipment requesting the preset operation is acquired while the verification code is issued, the geographic position information reported by the terminal equipment used for performing the current verification by the user performing the verification is acquired, the distance between the reserved terminal equipment and the terminal equipment currently performing the verification is compared, when the distance is less than a certain value, the user is determined to perform the verification for the user himself, the verification of the verification code is released, and the double verification of the verification code and the geographic position information is combined, so that the safety of the user operation can be improved, and the success rate of malicious operation caused by the leakage of the verification code is greatly reduced.
Referring to fig. 8, a security authentication apparatus provided in a sixth embodiment can be applied to the server 10 in fig. 1, and the security authentication apparatus includes:
a generating unit 81 for generating a first verification code when a request for a user to perform a preset operation is received;
a sending unit 82, configured to send the first verification code to a reserved terminal device corresponding to the user account of the user;
a requesting unit 83, configured to request the reserved terminal device to report first geographical location information;
an obtaining unit 84, configured to obtain a second verification code input by a currently verified user;
the requesting unit 83 is further configured to request the currently verified terminal device to report the second geographic location information;
a calculating unit 85, configured to calculate a distance between the reserved terminal device and the currently verified terminal device according to the first geographic location information and the second geographic location information;
the processing unit 86 is configured to not intercept the verification of the second verification code if the distance is less than or equal to a preset value.
Wherein the first geographical location information comprises: the reserved terminal device is based on location-based service information, or index information used for searching the first geographic location;
the second geographical location information includes: location based service information of the currently authenticated terminal device, or index information for finding the second geographic location.
The processing unit 86 is further configured to intercept the verification of the second verification code if the distance between the reserved terminal device and the currently verified terminal device is greater than the preset value.
The apparatus still further comprises:
a confirming unit 87, configured to invoke a calling device to call the currently verified terminal device, so as to confirm whether the user initiating the current verification is a valid user;
further, the processing unit 86 is further configured to not intercept the verification of the second verification code if the confirming unit 87 confirms that the user initiating the current verification is a legal user, and intercept the verification of the second verification code if the user initiating the current verification is not a legal user.
For a specific process of each unit executing its function in the embodiment of the present invention, refer to the description of the embodiment shown in fig. 1 to 6, which is not described herein again.
In the embodiment of the invention, the geographic position information reported by the user reserved terminal equipment requesting the preset operation is acquired while the verification code is issued, the geographic position information reported by the terminal equipment used for performing the current verification by the user performing the verification is acquired, the distance between the reserved terminal equipment and the terminal equipment currently performing the verification is compared, when the distance is less than a certain value, the user is determined to perform the verification for the user himself, the verification of the verification code is released, and the double verification of the verification code and the geographic position information is combined, so that the safety of the user operation can be improved, and the success rate of malicious operation caused by the leakage of the verification code is greatly reduced.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
Although the present invention has been described with reference to a preferred embodiment, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (12)

1. A security authentication method, comprising:
when a request of a user for performing preset operation is received, generating a first verification code, sending the first verification code to a reserved terminal device corresponding to a user account of the user, and requesting the reserved terminal device to report first geographical position information;
acquiring a second verification code input by a currently verified user, and requesting the currently verified terminal equipment to report second geographical location information;
calculating the distance between the reserved terminal equipment and the currently verified terminal equipment according to the first geographical position information and the second geographical position information;
and judging whether the distance is smaller than or equal to a preset value, if so, not intercepting the verification of the second verification code.
2. The method of claim 1, wherein the first geographic location information comprises: the reserved terminal device is based on location-based service information, or index information for searching the first geographical location.
3. The method of claim 1 or 2, wherein the second geolocation information comprises: the location-based service information of the currently verified terminal device, or index information for searching the second geographic location.
4. The method of claim 3, further comprising:
and if the distance between the reserved terminal equipment and the currently verified terminal equipment is greater than the preset value, intercepting the verification of the second verification code.
5. The method of claim 4, wherein intercepting the validation of the second validation code further comprises:
calling the currently verified terminal equipment by calling equipment to confirm whether the user initiating the current verification is a legal user or not;
if so, not intercepting the verification of the second verification code, and if not, intercepting the verification of the second verification code.
6. A security authentication method, comprising:
when a request of a user for carrying out preset operation is received, a server generates a first verification code;
sending the first verification code to reserved terminal equipment corresponding to a user account of the user, and requesting the reserved terminal equipment to report first geographical position information;
the reserved terminal equipment reports the first geographical position information to the server;
acquiring a second verification code input by a currently verified user, and requesting the currently verified terminal equipment to report second geographical location information;
the current verified terminal equipment reports the second geographical position information to the server;
the server calculates the distance between the reserved terminal equipment and the currently verified terminal equipment according to the received first geographical position information and the received second geographical position information;
and judging whether the distance is smaller than or equal to a preset value, if so, not intercepting the verification of the second verification code.
7. A security authentication apparatus, comprising:
the device comprises a generating unit, a verification unit and a verification unit, wherein the generating unit is used for generating a first verification code when a request of a user for performing preset operation is received;
a sending unit, configured to send the first verification code to a reserved terminal device corresponding to the user account of the user;
the request unit is used for requesting the reserved terminal equipment to report first geographical position information;
the acquisition unit is used for acquiring a second verification code input by a currently verified user;
the request unit is further configured to request the currently verified terminal device to report second geographic location information;
a calculating unit, configured to calculate, according to the first geographical location information and the second geographical location information, a distance between the reserved terminal device and the currently verified terminal device;
and the processing unit is used for not intercepting the verification of the second verification code if the distance is less than or equal to a preset value.
8. The apparatus of claim 7,
the first geographical location information includes: the reserved terminal device is based on location-based service information, or index information used for searching the first geographic location;
the second geographical location information includes: the location-based service information of the currently verified terminal device, or index information for searching the second geographic location.
9. The apparatus according to claim 7 or 8,
the processing unit is further configured to intercept the verification of the second verification code if the distance between the reserved terminal device and the currently verified terminal device is greater than the preset value.
10. The apparatus of claim 9,
the device further comprises:
a confirming unit, configured to call the currently verified terminal device by using a calling device, so as to confirm whether the user initiating the current verification is a valid user;
the processing unit is further configured to not intercept the verification of the second verification code if the user initiating the current verification is determined to be a valid user by the determining unit, and intercept the verification of the second verification code if the user initiating the current verification is not a valid user.
11. A security verification system, comprising:
the server reserves the terminal equipment and the currently verified terminal equipment;
the server is used for generating a first verification code when receiving a request of a user for performing preset operation, sending the first verification code to the reserved terminal equipment corresponding to a user account of the user, requesting the reserved terminal equipment to report first geographical position information, acquiring a second verification code input by the currently verified user, requesting the currently verified terminal equipment to report second geographical position information, calculating a distance between the reserved terminal equipment and the currently verified terminal equipment according to the first geographical position information and the second geographical position information, judging whether the distance is smaller than or equal to a preset value, and if so, not intercepting verification of the second verification code;
the reserved terminal device is used for reporting the first geographical location information to the server;
and the currently verified terminal equipment is used for reporting the second geographical location information to the server.
12. A storage medium storing a computer program which, when executed by a processor, implements the security authentication method of any one of claims 1 to 5 or the security authentication method of claim 6.
CN201410568196.4A 2014-10-22 2014-10-22 Security verification method, device and system Active CN105592005B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410568196.4A CN105592005B (en) 2014-10-22 2014-10-22 Security verification method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410568196.4A CN105592005B (en) 2014-10-22 2014-10-22 Security verification method, device and system

Publications (2)

Publication Number Publication Date
CN105592005A CN105592005A (en) 2016-05-18
CN105592005B true CN105592005B (en) 2020-06-12

Family

ID=55931228

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410568196.4A Active CN105592005B (en) 2014-10-22 2014-10-22 Security verification method, device and system

Country Status (1)

Country Link
CN (1) CN105592005B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106101125B (en) * 2016-07-01 2020-09-22 龙官波 Verification processing method, device and system
CN107633403A (en) * 2016-07-18 2018-01-26 北京网际威信科技有限公司 Status verification method
CN107241362B (en) * 2017-08-10 2020-11-24 青岛网信信息科技有限公司 Method and device for identifying identity of verification code input user
CN108600215A (en) * 2018-04-20 2018-09-28 中国联合网络通信集团有限公司 Identifying code is anti-to steal method, apparatus and the network equipment
CN113468508B (en) * 2021-05-31 2024-05-28 北京达佳互联信息技术有限公司 Information verification method, device, server and storage medium
CN115759649B (en) * 2022-11-22 2024-03-29 北京丹灵云科技有限责任公司 Police material character interconnection safety control method
CN116340930B (en) * 2023-05-31 2023-08-15 一汽解放汽车有限公司 Method, device, equipment and medium for confirming system change

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007049344A1 (en) * 2005-10-26 2007-05-03 Mitsubishi Denki Kabushiki Kaisha Food product tracer, food product tracing system, and food product tracing method
CN103064594B (en) * 2012-12-21 2016-10-26 北京瑞星国际软件有限公司 A kind of method of authentication, device and terminal
CN103679460A (en) * 2013-12-10 2014-03-26 阮桂芳 Secure network transaction method
CN103971239A (en) * 2014-05-28 2014-08-06 中国农业银行股份有限公司 Verification method and device

Also Published As

Publication number Publication date
CN105592005A (en) 2016-05-18

Similar Documents

Publication Publication Date Title
CN105592005B (en) Security verification method, device and system
US11700529B2 (en) Methods and systems for validating mobile devices of customers via third parties
US11002822B2 (en) Service enhancements using near field communication
US9961088B2 (en) Systems and methods for geolocation-based authentication and authorization
CN105306204B (en) Security verification method, device and system
US9326091B2 (en) Near field communication automatic self-provisioning
AU2015323425B2 (en) Systems and methods for identifying mobile devices
US10237272B2 (en) Methods, apparatus, and systems for identity authentication
US9690926B2 (en) User authentication based on established network activity
US9426161B2 (en) Device-based authentication for secure online access
US20180295514A1 (en) Method and apparatus for facilitating persistent authentication
CN104333530B (en) Information credibility verification method and device
CN105825377A (en) Secure payment verification method, payment verification device, server and system
CN105577375A (en) Identity authentication method and device
US20140215582A1 (en) Verification system and verification method
US8712378B1 (en) Authorization method for location based services
KR102261789B1 (en) Smishing message monitoring method and smishing level determination method
CN105574375B (en) Safe operation method and device
CN113132925B (en) Short message authentication method, system, short message gateway equipment and terminal equipment
WO2016179860A1 (en) Method and apparatus for protecting position information in multi-operating system terminal, and terminal
JP6911303B2 (en) Authentication system and authentication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant