CN106603571A - Safety authentication method and safety authentication device - Google Patents
Safety authentication method and safety authentication device Download PDFInfo
- Publication number
- CN106603571A CN106603571A CN201710014886.9A CN201710014886A CN106603571A CN 106603571 A CN106603571 A CN 106603571A CN 201710014886 A CN201710014886 A CN 201710014886A CN 106603571 A CN106603571 A CN 106603571A
- Authority
- CN
- China
- Prior art keywords
- user
- telephone number
- certification
- security service
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
Abstract
The invention discloses a safety authentication method and a safety authentication device to improve safety and verification efficiency of identity authentication, and reduce resource wastes in a verification process at the same time. The safety authentication method comprises the following steps: when performing identity authentication on a user, acquiring a safety authentication telephone number corresponding to the user; prompting the user to use the safety authentication telephone number to dial a safety service number; and under the condition that the telephone number used by the user for dialing the safety service number is determined to be identical to the safety authentication telephone number corresponding to the user, determining that the result of the identity authentication of the user is successful.
Description
Technical field
The present invention relates to safety verification technical field, more particularly to a kind of safety certifying method and device.
Background technology
In the registration of Web bank, online shopping mall, Mobile banking, mobile phone store, group buying websites and application program, user
Login account or when carrying out some sensitive operations, for example:Accounting payment or modification identity information and authority information, in order to carry
High security, these website big city carry out secondary checking to the identity of user, to guarantee that these sensitive operations are by user's sheet
What people initiated, at present, when the identity to user carries out secondary checking, mostly by short-message verification or the side of speech verification
Formula.
The mode of short-message verification, namely authentication server notifies identifying code to user in the form of short message, it is concrete come
Say, authentication server sends the short message of a carrying identifying code to the phone number that user reserves, user receives carrying checking
After the short message of code, need to fill in in the given time the identifying code included in short message being filled up to into client or webpage
The position of identifying code, verifies whether the identifying code that user fills in is consistent with the identifying code that it is sent to user by authentication server,
If consistent, it is proved to be successful, otherwise, authentication failed.
Under this kind of mode, authentication server is sent to the short message of user's carrying identifying code and belongs to plaintext transmission, is transmitted across
May easily leak through multiple transfer, identifying code in journey, for example:Identifying code is held as a hostage or is forged, and carries identifying code
Short message easily junk information is identified as by the fail-safe software in user terminal, so as to cause carry identifying code short message quilt
Fail-safe software in user terminal is intercepted, and needs to repeat to send short message, the wasting of resources is caused, in addition, user is in input validation
Also the problems such as wrong defeated or input time-out is susceptible to during code, safety certification is less efficient.
The mode of speech verification, namely authentication server notifies identifying code with speech form, to user, specifically, to test
The phone number that card server is reserved by a telephone number dialing user, after user answers, is led to by the form of voice
This carries out the identifying code of authentication to know user, and user will wrap in the given time after identifying code is known in short message
The identifying code for containing is filled up in client or webpage the position for needing to fill in identifying code, verifies what user filled in by authentication server
Whether the identifying code that identifying code notifies user with it is consistent, if unanimously, is proved to be successful, otherwise, authentication failed.
Under this kind of mode, authentication server dials phone to user easily by user's rejection or by user terminal
Fail-safe software intercept, and user need remember identifying code, and according to memory identifying code is filled up to exactly client or
The position for filling in identifying code is needed in webpage, user is easily inaccurate because remembering during input validation code, occur it is wrong defeated or
The problems such as person's input time-out, safety certification is less efficient.
In sum, in prior art short message certification mode, identifying code plaintext transmission, easily leakage, short message easily by with
Fail-safe software in the terminal of family is intercepted, and the mode of voice authentication, and authentication server dials phone to user easily by user
Rejection is intercepted by the fail-safe software in user terminal, and under causing the wasting of resources, and two ways, user is in input validation
During code, wrong defeated or input time-out problem, safety verification inefficiency are susceptible to.
The content of the invention
Embodiments provide a kind of safety certifying method and device, to improve authentication security and
Verification efficiency, while reducing the wasting of resources in verification process.
A kind of safety certifying method provided in an embodiment of the present invention, the method includes:When authentication is carried out to user,
Obtain the corresponding safety certification telephone number of the user;The user is pointed out to pacify using the safety certification telephone number dialing
Full service number;It is determined that the user dials the telephone number peace corresponding with the user that the security service number is used
Under the conditions of full certification telephone number identical, the identity authentication result for determining the user is certification success.
In said method provided in an embodiment of the present invention, when authentication is carried out to user, the corresponding peace of user is obtained
Full certification telephone number, points out user to use safety certification telephone number dialing security service number, and it is determined that user dials
Under the conditions of the telephone number that security service number is used safety certification telephone number identical corresponding with user, determine user's
Identity authentication result is certification success, and whole authentication process itself only needs user to use safety certification telephone number dialing safety
Service number, without plaintext transmission, improves the security of authentication, and without the need for user identifying code, memory identifying code are received
And fill in identifying code, it is to avoid and wrong defeated or input time-out problem, verification efficiency is improve, while without the need for sending to user
Short message dials subscriber phone, it is to avoid short message or phone are intercepted the money for causing by the fail-safe software in user terminal
Source wastes, namely reduces the wasting of resources in verification process.
It is described to obtain the user in said method provided in an embodiment of the present invention in a kind of possible embodiment
Corresponding safety certification telephone number, including:If the user is the user for registering, from the log-on message of the user
It is middle to obtain the corresponding safety certification telephone number of the user;And if the user is registered user, obtaining described
The identity of user, and the identity according to the user and the User Identity that prestores and safety certification electricity
The corresponding relation of words number, determines the corresponding safety certification telephone number of the user.
In a kind of possible embodiment, in said method provided in an embodiment of the present invention, it is determined that the user
Identity authentication result is that the method also includes after certification success:Default carrying is played to user by the security service number
Show sound, point out the authenticating user identification result to be certification success;And/or carry in the page presentation that authentication is carried out to user
Show information, point out the authenticating user identification result to be certification success.
In a kind of possible embodiment, in said method provided in an embodiment of the present invention, make the user is pointed out
After with the safety certification telephone number dialing security service number, the method also includes:Answering in by user terminal
User is carried out under conditions of authentication with program, call the dialing keyboard in the user terminal to dial the security service
Number;Or the checking page in by browser is carried out under conditions of authentication to user, in the checking page
Showing to user call the dialing keyboard in user terminal to dial the mark of the security service number for triggering, and points out institute
State user and scan the mark using user terminal.
In a kind of possible embodiment, in said method provided in an embodiment of the present invention, it is determined that the user dials
Beat the telephone number that uses of the security service number it is identical with the corresponding safety certification telephone number of the user after, it is determined that
The identity authentication result of the user is that the method also includes before certification success:Judge current time with the prompting user
Whether predetermined threshold value is less than using the time interval between the moment of the safety certification telephone number dialing security service number,
And when judging that current time uses the safety certification telephone number dialing security service number with the prompting user
Between time interval be that certification is successful less than the identity authentication result that determines the user under conditions of predetermined threshold value, is performed
Step.
A kind of safety certification device provided in an embodiment of the present invention, the device includes:Acquiring unit, for entering to user
During row authentication, the corresponding safety certification telephone number of the user is obtained;Tip element, for pointing out the user to use
The safety certification telephone number dialing security service number;Authentication unit, for it is determined that the user dials the safety
Under the conditions of the telephone number that service number is used safety certification telephone number identical corresponding with the user, the use is determined
The identity authentication result at family is certification success.
In said apparatus provided in an embodiment of the present invention, when authentication is carried out to user, the corresponding peace of user is obtained
Full certification telephone number, points out user to use safety certification telephone number dialing security service number, and it is determined that user dials
Under the conditions of the telephone number that security service number is used safety certification telephone number identical corresponding with user, determine user's
Identity authentication result is certification success, and whole authentication process itself only needs user to use safety certification telephone number dialing safety
Service number, without plaintext transmission, improves the security of authentication, and without the need for user identifying code, memory identifying code are received
And fill in identifying code, it is to avoid and wrong defeated or input time-out problem, verification efficiency is improve, while without the need for sending to user
Short message dials subscriber phone, it is to avoid short message or phone are intercepted the money for causing by the fail-safe software in user terminal
Source wastes, namely reduces the wasting of resources in verification process.
In a kind of possible embodiment, in said method provided in an embodiment of the present invention, the acquiring unit, specifically
For:If the user is the user for registering, the corresponding peace of the user is obtained from the log-on message of the user
Full certification telephone number;And if the user is registered user, obtains the identity of the user, and according to institute
The identity for stating user and the User Identity for prestoring and the corresponding relation of safety certification telephone number, determine institute
State the corresponding safety certification telephone number of user.
In a kind of possible embodiment, in said method provided in an embodiment of the present invention, the Tip element is also used
In:After it is determined that the identity authentication result of the user is certification success, played to user by the security service number
Default prompt tone, points out the authenticating user identification result to be certification success;And/or the page of authentication is being carried out to user
Show information, point out the authenticating user identification result to be certification success.
In a kind of possible embodiment, in said method provided in an embodiment of the present invention, the Tip element is also used
In:After the user is pointed out using the safety certification telephone number dialing security service number, by user terminal
In application program user is carried out under conditions of authentication, call the dialing keyboard in the user terminal to dial the peace
Full service number;Or after the user is pointed out using the safety certification telephone number dialing security service number,
User is carried out under conditions of authentication by the checking page in browser, show to user in the checking page and use
Call the dialing keyboard in user terminal to dial the mark of the security service number in triggering, and point out the user to use use
Identify described in the terminal scanning of family.
In a kind of possible embodiment, in said method provided in an embodiment of the present invention, the device also includes:Judge
Unit, for it is determined that the user dials the telephone number safety corresponding with the user that the security service number is used
After certification telephone number is identical, determine the user identity authentication result be certification success before, judge current time and
Point out whether the user uses the time interval between the moment of the safety certification telephone number dialing security service number
Less than predetermined threshold value;The then authentication unit, specifically for:It is determined that the user dials what the security service number was used
Telephone number is identical with the corresponding safety certification telephone number of the user, and current time is with to point out the user to use described
Time interval between the moment of safety certification telephone number dialing security service number is less than under conditions of predetermined threshold value, it is determined that
The identity authentication result of the user is certification success.
Description of the drawings
Fig. 1 is a kind of schematic flow diagram of safety certifying method provided in an embodiment of the present invention;
Fig. 2 is a kind of structural representation of safety certification device provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings, to a kind of safety certifying method provided in an embodiment of the present invention and the specific embodiment of device
It is described in detail.
A kind of safety certifying method provided in an embodiment of the present invention, as shown in figure 1, the method includes:
Step 102, when authentication is carried out to user, obtains the corresponding safety certification telephone number of user.
In the embodiment of the present invention, authentication is carried out to user, be register on line as user, identity in process of exchange
A kind of supplementary checking means of checking, are mainly used in application program, website online registration, transfer accounts and need during other sensitive operations
Want the scene of secondary checking user identity.For example:When user is paid the bill using payment software, secondary testing is carried out to the identity of user
The scene of card;Again for example:In user's registration Web bank, the scene of secondary checking is carried out to the identity of user.
In this step, when authentication is carried out to user, obtain the corresponding safety certification telephone number of user, including with
Lower two kinds of embodiments, specifically:
If embodiment one, user is the user for registering, user is obtained from the log-on message of user corresponding
Safety certification telephone number.
When being embodied as, if user is the user for registering, for example:Registering the user or of Web bank
The user of registration shopping website member, then need user to fill in registration for safety certification telephone number, user fills in
After for the telephone number of safety certification, the button for carrying out safety certification for triggering can be clicked on by user, in user's point
Hit is carried out after the button of safety certification for triggering, and the corresponding safety certification phone of user is obtained from the log-on message of user
The corresponding safety certification telephone number of user is obtained in number, namely the log-on message filled in from user.
More preferably, if user is the user for registering, if the result that authentication is carried out to user is certification
Success, then can also obtain the identity of user, for example:The user account that the ID card No. of user or registration are used,
And store the corresponding relation of the identity of user safety certification telephone number corresponding with user, subsequently to carry out to user
During authentication, directly from storage user identity safety certification telephone number corresponding with user corresponding relation
In, obtain the corresponding safety certification telephone number of user.
If embodiment two, user is registered user, the identity of user is obtained, and according to the identity of user
Mark and the User Identity for prestoring and the corresponding relation of safety certification telephone number, determine the corresponding safety of user
Certification telephone number.
When being embodied as, if user is registered user, when authentication is carried out to user, direct access user
Identity, for example:The user account that the ID card No. of user or registration are used, then according to the identity of user
And the User Identity for prestoring and the corresponding relation of safety certification telephone number, determine the corresponding safety certification of user
Telephone number.Wherein, the corresponding relation of User Identity and safety certification telephone number can be user registration success it
Store afterwards, or user reserves what is stored during safety certification telephone number, and the present invention is not limited this.
Step 104, points out user to use safety certification telephone number dialing security service number.
In the embodiment of the present invention, after the corresponding safety certification telephone number of user is got, then user is pointed out to use
Safety certification telephone number dialing security service number, wherein, security service number can be the clothes that enterprise is used for safety certification
Business number, for example:400 numbers or 800 number etc..
More preferably, in other embodiments of the present invention, the application program in by user terminal carries out body to user
Under conditions of part certification, after prompting user is using safety certification telephone number dialing security service number, may call upon
Dialing keyboard in user terminal dials security service number, so as to save the dialing time of user, improves the effect of safety certification
Rate.
More preferably, in other embodiments of the present invention, the checking page in by browser carries out identity to user
Under conditions of certification, after prompting user is using safety certification telephone number dialing security service number, can be with checking
Showing to user in the page call the dialing keyboard in user terminal to dial the mark of security service number for triggering, and points out
User uses user terminal scanning mark.When being embodied as, the dialing keyboard in user terminal is called to dial safety for triggering
The mark of service number, can be Quick Response Code or other bar codes etc., and user is scanned using user terminal and called for triggering
Dialing keyboard in user terminal is dialed after the mark of security service number, and dialing is called in triggering in the user terminal of user
Keyboard dials security service number, so as to save the dialing time of user, improves the efficiency of safety certification.
What deserves to be explained is, when being embodied as, in prompting user safety certification telephone number dialing security service number is used
During code, it is possible to use the mode of voice message, it is also possible to which, using the mode of text prompt, the present invention is not limited this.More
Preferably, when pointing out user to use safety certification telephone number dialing security service number, safety certification phone can be hidden
One-bit digital or long number in number, to improve the security of authentication process itself.For example:With the side of text prompt
When formula prompting user uses safety certification telephone number dialing security service number, the one-bit digital in safety certification telephone number
Or long number can use " * " to replace.
Step 106, it is determined that user dials the telephone number safety certification corresponding with user that security service number is used
Under the conditions of telephone number identical, the identity authentication result for determining user is certification success.
When being embodied as, after user dials security service number, only need to compare user and dial security service number makes
Whether telephone number safety certification telephone number corresponding with user is identical, you can the identity of user is authenticated, tool
For body, it is determined that user dials the telephone number safety certification phone number code-phase corresponding with user that security service number is used
With under conditions of, the identity authentication result for determining user is certification success;It is determined that user dials what security service number was used
Under conditions of telephone number safety certification telephone number corresponding with user is differed, determine the identity authentication result of user to recognize
Card failure.Wherein, compare user and dial the telephone number safety certification phone number corresponding with user that security service number is used
Whether code is identical, can adopt method of the prior art, and here is omitted.
Certainly, what deserves to be explained is, if the identity authentication result of user is authentification failure, user can also continue to dial
Security service number carries out authentication.But, when being embodied as, authentication is carried out to user generally there is ageing, example
Such as:30 minutes, namely only user utilizes safety certification telephone number dialing security service number in effective period of time, just really
The identity authentication result for determining user is certification success, therefore, more preferably, it is determined that user dials peace in the embodiment of the present invention
After telephone number that full service number is used is identical with the corresponding safety certification telephone number of user, the identity for determining user is recognized
Card result is that the method also includes before certification success:Judge that current time uses safety certification telephone number with prompting user
Whether the time interval dialed between the moment of security service number is less than predetermined threshold value, and is judging current time with prompting use
Family is less than the condition of predetermined threshold value using the time interval between the moment of safety certification telephone number dialing security service number
Under, the identity authentication result for performing determination user is the successful step of certification.
Wherein, the current time mentioned in the embodiment of the present invention refers to that determination user dials what security service number was used
At the telephone number safety certification telephone number identical moment corresponding with user, predetermined threshold value can be according to the effective of authentication
Time period is configured, for example:The effective period of time of authentication is 30 minutes, then predetermined threshold value is 30 minutes.
In method provided in an embodiment of the present invention, when authentication is carried out to user, obtain the corresponding safety of user and recognize
Card telephone number, points out user to use safety certification telephone number dialing security service number, and it is determined that user dials safety
Under the conditions of the telephone number that service number is used safety certification telephone number identical corresponding with user, the identity of user is determined
Authentication result is certification success, and whole authentication process itself only needs user to use safety certification telephone number dialing security service
Number, without plaintext transmission, improves the security of authentication, without the need for user receive identifying code, memory identifying code and
Fill in identifying code, it is to avoid wrong defeated or input time-out problem, verification efficiency is improve, while without the need for sending note to user
Breath dials subscriber phone, it is to avoid short message or phone are intercepted the resource wave for causing by the fail-safe software in user terminal
Take, namely reduce the wasting of resources in verification process.
What deserves to be explained is, there is no identifying code quilt in the whole authentication process itself of the embodiment of the present invention, ciphertext transmission
The problem kidnapped or leak, and whole authentication process itself, only need user to dial security service number, and judge that user dials
Whether identical beat the telephone number safety certification telephone number corresponding with user that used of security service number, you can to user
Identity verified that short-message verification mode is compared with speech verification mode in prior art, without the need for user send verify
Code, collects, recognizes, is input into and submits to identifying code without the need for user, without the need for comparing the identifying code of user's submission and being sent to user
Identifying code it is whether consistent, substantially increase the efficiency and serious forgiveness of authentication, in addition whole process need not pass through note
Or the form of voice sends identifying code to user, reduces the communications cost of authentication, there is no note or voice is exhaled
Situation about being intercepted by fail-safe software in user terminal is, the wasting of resources is reduced.
More preferably, in the embodiment of the present invention, after it is determined that the identity authentication result of user is certification success, the party
Method also includes:Default prompt tone is played to user by security service number, points out authenticating user identification result to be certification success;
And/or the page presentation information of authentication is being carried out to user, point out authenticating user identification result to be certification success.
In the embodiment of the present invention, when user dials security service number and carries out authentication, for convenience user is known
The result, on the one hand can play default prompt tone by security service number to user, point out recognizing for authenticating user identification
Card result, on the other hand can point out authenticating user identification to carry out the page presentation information of authentication to user
Authentication result.Certainly, in the specific implementation, only the certification knot of authenticating user identification can be pointed out by one way in which
Really, for example:Only default prompt tone is played to user by security service number, point out the authentication result of authenticating user identification;Again
For example:Only the page presentation information of authentication is being carried out to user, pointing out the authentication result of authenticating user identification, when
So, it is also possible to point out the authentication result of authenticating user identification by two ways, for example:Passing through security service number to user
Default prompt tone is played, while pointing out the authentication result of authenticating user identification, the page exhibition of authentication is being carried out to user
Show information, point out the authentication result of authenticating user identification.
Safety certifying method provided in an embodiment of the present invention, can pass through body of the application program in user terminal to user
Part be authenticated, it is also possible in flat board or PC ends the identity of user is authenticated by WEB page, with reference to two compared with
Safety certifying method provided in an embodiment of the present invention is described in detail for specific embodiment.
As more specific embodiment, the application program for payment is installed, for example in the user terminal of user:Pay
Treasured, user logs in Alipay using the account of registration, and user needs the identity to user to carry out when to other people's accounting payments
Secondary checking, then now Alipay obtains the identity of user, for example:The Alipay account of user, and propping up according to user
Precious account and user's Alipay account for prestoring and the corresponding relation of safety certification telephone number are paid, determines this user's
Safety certification telephone number, and point out user to use safety certification telephone number dialing safety clothes in Alipay client end interface
Business number carries out authentication, and only under the conditions of certification is successful, can just carry out accounting payment operation, while can be to
User to show and carry out the operation button of authentication for triggering, user click on this for triggering carry out the operation of authentication by
Button carries out authentication, application program can user click on this for triggering carry out the operation button of authentication after, directly
Connect and call the dialing keyboard of user terminal to dial the security service number of Alipay and be authenticated to the identity of user, application program
(or server) it is determined that the telephone number for dialing security service number is identical with the corresponding safety certification telephone number of user,
And under conditions of user dials time of security service number not less than effective proving time, determine the identity authentication result of user
For certification success, the through safety certification default prompt tone in service number, the result for pointing out user its authentication is certification
Success, and show that the result of authenticating user identification is certification success in Alipay client end interface, accounting payment behaviour can be carried out
Make.
As another more specific embodiment, after user does shopping in shopping website, using the online silver of certain bank
Row is paid the bill, then after user input Bank Account Number, when carrying out payment operation, need the identity to user to carry out secondary testing
Card, then now the server of Web bank obtains the identity of user, for example:Bank Account Number, and according to bank's account of user
Number and user's Bank Account Number for prestoring and the corresponding relation of safety certification telephone number, determine the safety certification of this user
Telephone number, and point out user to carry out using safety certification telephone number dialing security service number in the webpage of shopping website
Authentication, and only under the conditions of certification is successful, payment operation can be just carried out, while can show for touching to user
Sending out carries out the operation button of authentication and calls the dialing keyboard in user terminal to dial security service number for triggering
Quick Response Code, user click on this for triggering carry out the operation button of authentication and carry out authentication, user can call use
Dialing keyboard in the terminal of family dials security service number, it is also possible to directly scan Quick Response Code shown in webpage, for example:User
Call the dialing keyboard in user terminal to dial the Quick Response Code of security service number for triggering shown in scanning webpage, then exist
After scanning input Quick Response Code, triggering is called the dialing keyboard of user terminal to dial security service number and the identity of user is carried out
Certification, the server of Web bank is it is determined that the telephone number for dialing security service number safety certification phone corresponding with user
Under conditions of number is identical, and user dials time of security service number not less than effective proving time, the body of user is determined
Part authentication result is certification success, through safety certification the default prompt tone in service number, points out user its authentication
As a result it is certification success, and the result of displaying authenticating user identification is certification success in the webpage of shopping website, can be carried out
Payment operation.
A kind of safety certification device provided in an embodiment of the present invention, as shown in Fig. 2 the device includes:Acquiring unit 202,
For when authentication is carried out to user, obtaining the corresponding safety certification telephone number of user;Tip element 204, for carrying
Show that user uses safety certification telephone number dialing security service number;Authentication unit 206, for it is determined that user dials safety
Under the conditions of the telephone number that service number is used safety certification telephone number identical corresponding with user, the identity of user is determined
Authentication result is certification success.
In device provided in an embodiment of the present invention, when authentication is carried out to user, obtain the corresponding safety of user and recognize
Card telephone number, points out user to use safety certification telephone number dialing security service number, and it is determined that user dials safety
Under the conditions of the telephone number that service number is used safety certification telephone number identical corresponding with user, the identity of user is determined
Authentication result is certification success, and whole authentication process itself only needs user to use safety certification telephone number dialing security service
Number, without plaintext transmission, improves the security of authentication, without the need for user receive identifying code, memory identifying code and
Fill in identifying code, it is to avoid wrong defeated or input time-out problem, verification efficiency is improve, while without the need for sending note to user
Breath dials subscriber phone, it is to avoid short message or phone are intercepted the resource wave for causing by the fail-safe software in user terminal
Take, namely reduce the wasting of resources in verification process.
In a kind of possible embodiment, in method provided in an embodiment of the present invention, acquiring unit 202, specifically for:
If user is the user for registering, the corresponding safety certification telephone number of user is obtained from the log-on message of user;With
And if user is registered user, the identity of acquisition user, and the identity according to user and prestores
User Identity and safety certification telephone number corresponding relation, determine the corresponding safety certification telephone number of user.
In a kind of possible embodiment, in method provided in an embodiment of the present invention, Tip element 204 is additionally operable to:
The identity authentication result for determining user is after certification success, default prompt tone to be played to user by security service number, is carried
Show that authenticating user identification result is certification success;And/or the page presentation information of authentication is being carried out to user, point out
Authenticating user identification result is certification success.
In a kind of possible embodiment, in method provided in an embodiment of the present invention, Tip element 204 is additionally operable to:
Prompting user uses the application program pair after safety certification telephone number dialing security service number, in by user terminal
User is carried out under conditions of authentication, calls the dialing keyboard in user terminal to dial security service number;Or in prompting
Using after safety certification telephone number dialing security service number, the checking page in by browser enters user to user
Under conditions of row authentication, show to user in the checking page and call that the dialing keyboard in user terminal is dialed for triggering
The mark of security service number, and point out user to use user terminal scanning mark.
In a kind of possible embodiment, in method provided in an embodiment of the present invention, the device also includes:Judging unit
208, for it is determined that user dials the telephone number safety certification telephone number corresponding with user that security service number is used
After identical, the identity authentication result for determining user is before certification success, to judge that current time uses safety with prompting user
Whether the time interval between the moment of certification telephone number dialing security service number is less than predetermined threshold value;Then authentication unit
206, specifically for:It is determined that user dials the telephone number safety certification phone corresponding with user that security service number is used
Number is identical, and current time and prompting user were used between the moment of safety certification telephone number dialing security service number
Time interval is certification success less than the identity authentication result under conditions of predetermined threshold value, determining user.
Safety certification device provided in an embodiment of the present invention, can be with SDK (Software
Development Kit, SDK) form it is integrated in the application, or be integrated in Web bank, online shopping mall, mobile phone silver
In row, mobile phone store and group buying websites, in user's registration account or when carrying out the sensitive operations such as accounting payment, to
The identity at family is authenticated.Wherein, acquiring unit 202, authentication unit 206 and judging unit 208 can be using CPU process
Device etc., Tip element 204 can adopt loudspeaker or display etc..
In sum, a kind of safety certifying method provided in an embodiment of the present invention and device, recognize identity is carried out to user
During card, the corresponding safety certification telephone number of user is obtained, point out user to use safety certification telephone number dialing security service
Number, and it is determined that user dials the telephone number safety certification phone number code-phase corresponding with user that security service number is used
With under conditions of, the identity authentication result for determining user is certification success, and whole authentication process itself only needs user to use safety
Certification telephone number dialing security service number, without plaintext transmission, improves the security of authentication, connects without the need for user
Identifying code is received, identifying code is remembered and is filled in identifying code, it is to avoid wrong defeated or input time-out problem, improve checking effect
Rate, while short message or dial subscriber phone without the need for sending to user, it is to avoid short message or phone are by user terminal
Fail-safe software intercept the wasting of resources that causes, namely reduce the wasting of resources in verification process.
Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can be using complete hardware embodiment, complete software embodiment or with reference to the reality in terms of software and hardware
Apply the form of example.And, the present invention can be adopted and wherein include the computer of computer usable program code at one or more
The shape of the computer program implemented in usable storage medium (including but not limited to magnetic disc store and optical memory etc.)
Formula.
The present invention is the flow process with reference to method according to embodiments of the present invention, equipment (system) and computer program
Figure and/or block diagram are describing.It should be understood that can be by computer program instructions flowchart and/or each stream in block diagram
The combination of journey and/or square frame and flow chart and/or the flow process in block diagram and/or square frame.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced for reality by the instruction of computer or the computing device of other programmable data processing devices
The device of the function of specifying in present one flow process of flow chart or one square frame of multiple flow processs and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable data processing devices with spy
In determining the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory is produced to be included referring to
Make the manufacture of device, the command device realize in one flow process of flow chart or one square frame of multiple flow processs and/or block diagram or
The function of specifying in multiple square frames.
These computer program instructions also can be loaded in computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented process, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow process of flow chart or multiple flow processs and/or block diagram one
The step of function of specifying in individual square frame or multiple square frames.
Obviously, those skilled in the art can carry out the essence of various changes and modification without deviating from the present invention to the present invention
God and scope.So, if these modifications of the present invention and modification belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising these changes and modification.
Claims (10)
1. a kind of safety certifying method, it is characterised in that the method includes:
When authentication is carried out to user, the corresponding safety certification telephone number of the user is obtained;
The user is pointed out to use the safety certification telephone number dialing security service number;
It is determined that the user dials the telephone number safety certification corresponding with the user that the security service number is used
Under the conditions of telephone number identical, the identity authentication result for determining the user is certification success.
2. method according to claim 1, it is characterised in that the corresponding safety certification phone number of the acquisition user
Code, including:
If the user is the user for registering, the corresponding safety of the user is obtained from the log-on message of the user
Certification telephone number;And
If the user is registered user, the identity of the user is obtained, and according to the identity mark of the user
The User Identity known and prestore and the corresponding relation of safety certification telephone number, determine the corresponding peace of the user
Full certification telephone number.
3. method according to claim 1, it is characterised in that it is determined that the identity authentication result of the user be certification into
After work(, the method also includes:
Default prompt tone is played to user by the security service number, point out the authenticating user identification result be certification into
Work(;And/or
Carrying out the page presentation information of authentication to user, point out the authenticating user identification result be certification into
Work(.
4. the method according to any one of claim 1-3, it is characterised in that use the safety the user is pointed out
After certification telephone number dialing security service number, the method also includes:
Application program in by user terminal is carried out under conditions of authentication to user, in calling the user terminal
Dialing keyboard dials the security service number;Or
The checking page in by browser is carried out under conditions of authentication to user, to user in the checking page
Showing call the dialing keyboard in user terminal to dial the mark of the security service number for triggering, and points out the user
The mark is scanned using user terminal.
5. the method according to any one of claim 1-3, it is characterised in that it is determined that the user dials the safety
After the telephone number that service number is used is identical with the corresponding safety certification telephone number of the user, determine the user's
Identity authentication result is that the method also includes before certification success:
Judge that current time uses the moment of the safety certification telephone number dialing security service number with the prompting user
Between time interval whether be less than predetermined threshold value, and judging that current time uses the safety certification with the prompting user
Time interval between the moment of telephone number dialing security service number is performed described in determining less than under conditions of predetermined threshold value
The identity authentication result of user is the successful step of certification.
6. a kind of safety certification device, it is characterised in that the device includes:
Acquiring unit, for when authentication is carried out to user, obtaining the corresponding safety certification telephone number of the user;
Tip element, for pointing out the user to use the safety certification telephone number dialing security service number;
Authentication unit, for it is determined that the user dials telephone number and the user couple that the security service number is used
Under the conditions of the safety certification telephone number identical answered, the identity authentication result for determining the user is certification success.
7. device according to claim 6, it is characterised in that the acquiring unit, specifically for:
If the user is the user for registering, the corresponding safety of the user is obtained from the log-on message of the user
Certification telephone number;And
If the user is registered user, the identity of the user is obtained, and according to the identity mark of the user
The User Identity known and prestore and the corresponding relation of safety certification telephone number, determine the corresponding peace of the user
Full certification telephone number.
8. device according to claim 6, it is characterised in that the Tip element, is additionally operable to:
After it is determined that the identity authentication result of the user is certification success, played to user by the security service number
Default prompt tone, points out the authenticating user identification result to be certification success;And/or
Carrying out the page presentation information of authentication to user, point out the authenticating user identification result be certification into
Work(.
9. the device according to any one of claim 6-8, it is characterised in that the Tip element, is additionally operable to:
After the user is pointed out using the safety certification telephone number dialing security service number, by user terminal
In application program user is carried out under conditions of authentication, call the dialing keyboard in the user terminal to dial the peace
Full service number;Or
After the user is pointed out using the safety certification telephone number dialing security service number, in by browser
The checking page user is carried out under conditions of authentication, show to user and call use for triggering in the checking page
Dialing keyboard in the terminal of family dials the mark of the security service number, and points out the user to use user terminal to scan institute
State mark.
10. the device according to any one of claim 6-8, it is characterised in that the device also includes:
Judging unit, for it is determined that the user dials telephone number and the user couple that the security service number is used
After the safety certification telephone number answered is identical, the identity authentication result for determining the user is before certification success, to judge to work as
Front moment and the prompting user use the time between the moment of the safety certification telephone number dialing security service number
Whether interval is less than predetermined threshold value;
The then authentication unit, specifically for:
It is determined that the user dials the telephone number safety certification corresponding with the user that the security service number is used
Telephone number is identical, and current time uses the safety certification telephone number dialing security service number with the prompting user
Moment between time interval less than the identity authentication result under conditions of predetermined threshold value, determining the user be certification into
Work(.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710014886.9A CN106603571A (en) | 2017-01-09 | 2017-01-09 | Safety authentication method and safety authentication device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710014886.9A CN106603571A (en) | 2017-01-09 | 2017-01-09 | Safety authentication method and safety authentication device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106603571A true CN106603571A (en) | 2017-04-26 |
Family
ID=58583035
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710014886.9A Pending CN106603571A (en) | 2017-01-09 | 2017-01-09 | Safety authentication method and safety authentication device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106603571A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107369021A (en) * | 2017-06-28 | 2017-11-21 | 北京小米移动软件有限公司 | Information processing method, apparatus and system |
CN107454078A (en) * | 2017-08-02 | 2017-12-08 | 深圳市盛邦通信有限公司 | A kind of authentication processing method |
CN108040186A (en) * | 2017-11-15 | 2018-05-15 | 维沃移动通信有限公司 | The sending method and mobile terminal of a kind of dtmf signal |
WO2018233314A1 (en) * | 2017-06-24 | 2018-12-27 | 平安科技(深圳)有限公司 | Electronic device, ivr voice payment method, and computer-readable storage medium |
CN111178872A (en) * | 2019-12-31 | 2020-05-19 | 中国银行股份有限公司 | Mobile banking payment method and device without mobile phone verification code |
CN112788372A (en) * | 2021-01-28 | 2021-05-11 | 青岛海信传媒网络技术有限公司 | Media asset platform registration method, display device and server |
CN114578782A (en) * | 2020-12-01 | 2022-06-03 | 郑州宇通客车股份有限公司 | Automatic calibration method and system for integrated controller program |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1996839A (en) * | 2006-01-07 | 2007-07-11 | 孟庆川 | A low-cost and easy-to-distribute identity verification method and device |
CN101072105A (en) * | 2007-05-21 | 2007-11-14 | 腾讯科技(深圳)有限公司 | Network identity authenticating method and system |
CN101977117A (en) * | 2010-10-21 | 2011-02-16 | 中国电信股份有限公司 | Service charging method and system |
CN102006164A (en) * | 2009-09-02 | 2011-04-06 | 袁华 | Method for realizing authentication by utilizing communication network and mobile phone number |
CN102148684A (en) * | 2010-02-05 | 2011-08-10 | 深圳市联通万达科技有限公司 | Authentication method and system for mobile phone number login |
US20150207794A1 (en) * | 2014-01-20 | 2015-07-23 | Samsung Electronics Co., Ltd. | Electronic device for controlling an external device using a number and method thereof |
US20160205548A1 (en) * | 2015-01-14 | 2016-07-14 | Google Inc. | Security techniques for reconnecting to a conference session using a computing device |
-
2017
- 2017-01-09 CN CN201710014886.9A patent/CN106603571A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1996839A (en) * | 2006-01-07 | 2007-07-11 | 孟庆川 | A low-cost and easy-to-distribute identity verification method and device |
CN101072105A (en) * | 2007-05-21 | 2007-11-14 | 腾讯科技(深圳)有限公司 | Network identity authenticating method and system |
CN102006164A (en) * | 2009-09-02 | 2011-04-06 | 袁华 | Method for realizing authentication by utilizing communication network and mobile phone number |
CN102148684A (en) * | 2010-02-05 | 2011-08-10 | 深圳市联通万达科技有限公司 | Authentication method and system for mobile phone number login |
CN101977117A (en) * | 2010-10-21 | 2011-02-16 | 中国电信股份有限公司 | Service charging method and system |
US20150207794A1 (en) * | 2014-01-20 | 2015-07-23 | Samsung Electronics Co., Ltd. | Electronic device for controlling an external device using a number and method thereof |
US20160205548A1 (en) * | 2015-01-14 | 2016-07-14 | Google Inc. | Security techniques for reconnecting to a conference session using a computing device |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018233314A1 (en) * | 2017-06-24 | 2018-12-27 | 平安科技(深圳)有限公司 | Electronic device, ivr voice payment method, and computer-readable storage medium |
CN107369021A (en) * | 2017-06-28 | 2017-11-21 | 北京小米移动软件有限公司 | Information processing method, apparatus and system |
CN107454078A (en) * | 2017-08-02 | 2017-12-08 | 深圳市盛邦通信有限公司 | A kind of authentication processing method |
CN108040186A (en) * | 2017-11-15 | 2018-05-15 | 维沃移动通信有限公司 | The sending method and mobile terminal of a kind of dtmf signal |
CN108040186B (en) * | 2017-11-15 | 2021-02-09 | 维沃移动通信有限公司 | DTMF signal sending method and mobile terminal |
CN111178872A (en) * | 2019-12-31 | 2020-05-19 | 中国银行股份有限公司 | Mobile banking payment method and device without mobile phone verification code |
CN114578782A (en) * | 2020-12-01 | 2022-06-03 | 郑州宇通客车股份有限公司 | Automatic calibration method and system for integrated controller program |
CN114578782B (en) * | 2020-12-01 | 2023-08-25 | 宇通客车股份有限公司 | Automatic calibration method and system for integrated controller program |
CN112788372A (en) * | 2021-01-28 | 2021-05-11 | 青岛海信传媒网络技术有限公司 | Media asset platform registration method, display device and server |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106603571A (en) | Safety authentication method and safety authentication device | |
US10708257B2 (en) | Systems and methods for using imaging to authenticate online users | |
TWI449394B (en) | User authentication, verification and code generation system maintenance subsystem | |
US11856132B2 (en) | Validating automatic number identification data | |
JP5719871B2 (en) | Method and apparatus for preventing phishing attacks | |
EP1615097B1 (en) | Dual-path-pre-approval authentication method | |
US20090006254A1 (en) | Virtual prepaid or credit card and process and system for providing same and for electronic payments | |
US20120150748A1 (en) | System and method for authenticating transactions through a mobile device | |
US9009793B2 (en) | Dynamic pin dual factor authentication using mobile device | |
EP2652688A1 (en) | Authenticating transactions using a mobile device identifier | |
TW201314600A (en) | Transaction payment method and system | |
CN110392054A (en) | Log in method of calibration, device, system, equipment and readable storage medium storing program for executing | |
JP6625815B2 (en) | User authentication | |
US11403633B2 (en) | Method for sending digital information | |
CN103597806A (en) | Strong authentication by presentation of the number | |
KR100824743B1 (en) | Method for user authentication using mobile phone and system therefor | |
KR20100038990A (en) | Apparatus and method of secrity authenticate in network authenticate system | |
EP3599752B1 (en) | Contact centre user authentication | |
CN104270354A (en) | User account security verification method and device | |
CN107733838A (en) | A kind of mobile terminal client terminal identity identifying method, device and system | |
US20110246366A1 (en) | Authentication using telecommunications device | |
CN106230702B (en) | Identity information verification method, apparatus and system | |
CN110149629A (en) | A kind of method and system of fast registration and login application program based on mobile phone | |
KR20040103581A (en) | Secondary Authentication and gateway System for Banking | |
KR101071023B1 (en) | Apparatus and Method for User Certification using Mobile Phone |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170426 |