CN106888090A - A kind of user authentication method, apparatus and system - Google Patents

A kind of user authentication method, apparatus and system Download PDF

Info

Publication number
CN106888090A
CN106888090A CN201510946410.XA CN201510946410A CN106888090A CN 106888090 A CN106888090 A CN 106888090A CN 201510946410 A CN201510946410 A CN 201510946410A CN 106888090 A CN106888090 A CN 106888090A
Authority
CN
China
Prior art keywords
user
information
terminal device
input
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510946410.XA
Other languages
Chinese (zh)
Other versions
CN106888090B (en
Inventor
栗志果
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201510946410.XA priority Critical patent/CN106888090B/en
Publication of CN106888090A publication Critical patent/CN106888090A/en
Application granted granted Critical
Publication of CN106888090B publication Critical patent/CN106888090B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs

Abstract

The application is related to Internet technical field, more particularly to a kind of user authentication method, apparatus and system, is used to solve the problems, such as that the user profile for being used in user's checking at present is prevented cracking mode and has that security is low, user's identification difficulty is big.A kind of user authentication method that the embodiment of the present application is provided includes:The user input progress msg that server sends according to terminal device, the prompt message of generation is sent to terminal device, and instruction user is directed to the input operation for being currently needed for performing and carries out the change operation that the server is specified;After the user's submission information for receiving terminal device transmission, information is submitted to verify the user, it is to indicate the user to be based on the information that the prompt message performs the operation for completing that the user submits information to.Adopt in this way, can well prevent the repetition Brute Force of machine, improve the security of user profile, also do not increase extra verification step, therefore improve user profile input efficiency.

Description

A kind of user authentication method, apparatus and system
Technical field
The application is related to Internet technical field, more particularly to a kind of user authentication method, apparatus and system.
Background technology
As user is more and more to the demand type of Internet service, demand is increasing, internet clothes The security of business also becomes more and more important.User is generally required for input to use when using Internet service Family information, such as when targeted website is logged in or using intended application, it is necessary to input login username and password. Username and password of the user in targeted website or application is cracked (such as to enter by way of Key Logger Row capture) after, unauthorized person may be related non-to password execution using the account with the name of the user Method is operated, so as to bring loss to user.
As shown in figure 1, it is to increase graphical verification code (Captcha) that conventional anti-violence cracks mode.It is this Mode reaches the purpose that machine can not be retried in batches by increasing picture to be identified, sound etc..Figure Identifying code increases picture in the use of picture through frequently with number of mechanisms such as the mixing of multiple figure layers, font deformations The difficulty of identification, although this mode can reduce the probability of machine Brute Force to a certain extent, when increasing Add user's identification difficulty, caused user to be detained webpage overlong time, waste Internet resources;On the other hand, The mode of graphical verification code typically uses a type of picture to serve as identifying code, the form of this fixation Be easy to be captured by hacker, it is only necessary to increase optical character identification (Optical Character Recognition, OCR) or manually picture recognition can just be cracked.
It can be seen that, current user profile is prevented cracking mode and there is a problem of that security is low, user's identification difficulty is big.
The content of the invention
The embodiment of the present application provides a kind of user authentication method, apparatus and system, is used to solve in current use The user profile that uses is prevented cracking mode and there is a problem of that security is low, user's identification difficulty is big in the checking of family.
A kind of user authentication method that the embodiment of the present application is provided, including:
The user input progress msg that server sends according to terminal device, sends to the terminal device and generates Prompt message, the user input progress msg is input into user for instruction user on the terminal device The progress of information, the prompt message is used to indicate the user to enter for the input operation for being currently needed for performing The change that the row server is specified is operated;
After user's submission information that the terminal device sends is received, information is submitted to test the user Card, wherein, it is to indicate the user to be based on the prompt message to perform the behaviour for completing that the user submits information to The information of work.
Alternatively, the server submits to information to verify the user, including:
The server is based on the carrying out user profile before changing for preserving, and the prompting for sending Information, it is determined that the correct operation information of the correspondence user;
According to the correct operation information of the correspondence user for determining, information is submitted to test the user Card.
Alternatively, the server is in the user input progress msg sent according to terminal device, to the end End equipment sends the prompt message of generation, including:
When the user input progress msg that the server sends according to terminal device, prompting is initiated in random selection The time point of information, and at the time point of selection, the prompt message of generation is sent to the terminal device.
Alternatively, the prompt message includes:
The conversion process specified to the character for being currently needed for input;And/or,
Perform other assigned operations in addition to input operation.
Another embodiment of the application provides a kind of user authentication method, including:
Terminal device sends user input progress msg to server, and the user input progress msg is used to refer to Show that user is input into the progress of user profile on the terminal device;
The terminal device receives the server and is based on the prompting letter that the user input progress msg sends Breath, and user is showed, the prompt message is used to indicate the user to be directed to the input for being currently needed for performing Operation carries out the change operation that the server is specified;
The terminal device sends user and submits information to the server, for the server to the use Family submits to information to be verified, wherein, the user submits information to indicate the user to be based on the prompting Information performs the information of the operation for completing.
Alternatively, the prompt message is showed the user by the terminal device, including:
The prompt message is showed the user by the terminal device in the way of combination graphical verification code.
The embodiment of the present application provides a kind of user authentication device, including:
Generation module, for the user input progress msg sent according to terminal device, generates prompt message; The user input progress msg is used for the progress that instruction user is input into user profile on the terminal device; The prompt message refers to for indicating the user to carry out server for the input operation for being currently needed for performing Fixed change operation;
Sending module, for sending the prompt message that the generation module is generated to the terminal device;
Authentication module, for after user's submission information that the terminal device sends is received, to the user Submission information verified, wherein, the user submits information to indicate the user to be based on the prompting letter Breath performs the information of the operation for completing.
Another embodiment of the application provides a kind of user authentication device, including:
First sending module, for sending user input progress msg, the user input progress to server Information is used for the progress that instruction user is input into user profile on the terminal device;
Receiver module, the prompting letter that the user input progress msg sends is based on for receiving the server Breath, and user is showed, the prompt message is used to indicate the user to be directed to the input for being currently needed for performing Operation carries out the change operation that the server is specified;
Second sending module, submits information to, for the server pair for sending user to the server The user submits to information to be verified, wherein, the user submits to information to be based on institute for the instruction user State the information that prompt message performs the operation for completing.
The embodiment of the present application provides a kind of subscriber authentication system, including:Server and terminal device;
The terminal device sends user input progress msg, the user input progress letter to the server Cease the progress for being input into user profile on the terminal device for instruction user;
The user input progress msg that the server sends according to the terminal device, generates prompt message, And the prompt message for generating is sent to the terminal device, the prompt message is used to indicate the user to be directed to The input operation for being currently needed for performing carries out the change operation that the server is specified;
The terminal device receives the prompt message that the server sends, and shows user;In user's base After the prompt message performs completion operation, send user to the server and submit information, the user to Submission information is to indicate the user to be based on the information that the prompt message performs the operation for completing;
The server is carried after user's submission information that the terminal device sends is received to the user Friendship information is verified.
In the embodiment of the present application, when user carries out user profile on the terminal device to be input into, server is initiated Prompt message, being directed to the input operation for being currently needed for performing for instruction user carries out the change that server is specified Operation, such as the conversion of the deformation process specified to the character for being currently needed for input, such as capital and small letter, so The operation that prompt message execution is based on to user afterwards is verified.Adopt in this way, due to each user The information of input is all unfixed, therefore can well prevent the repetition Brute Force of machine, and lifting is used The security of family information.Further, since the application does not have increases extra checking as input validation code Step, therefore user profile input efficiency is improve, improve Consumer's Experience.
Brief description of the drawings
Fig. 1 is using the schematic diagram of graphical verification code.
The verification method flow chart that Fig. 2 is provided for the embodiment of the present application;
Fig. 3 (a) is the schematic diagram for prompting " please press cap lock " occur;
Fig. 3 (b) is the schematic diagram for prompting " please pressing cap lock again " occur;
Fig. 3 (c) is the prompt message displaying schematic diagram with reference to graphical verification code;
The checking apparatus structure schematic diagram that Fig. 4 is provided for the embodiment of the present application;
The checking apparatus structure schematic diagram that Fig. 5 is provided for the embodiment of the present application;
The checking system structural representation that Fig. 6 is provided for the embodiment of the present application.
Specific embodiment
In the embodiment of the present application, input operation of the server to user on the terminal device is monitored, service Between device and terminal device can by website, using etc. set up connection, when user is carried out on the terminal device When user profile is input into, server initiates prompt message, is currently needed for performing for indicating the user to be directed to Input operation carry out the change that server specifies and operate, such as the character for being currently needed for input is specified Deformation process, such as capital and small letter conversion, then to user be based on the prompt message perform operation test Card.Adopt in this way, because the information of each user input is all unfixed, therefore can be well The repetition Brute Force of machine is prevented, the security of user profile is lifted.Further, since the application does not have Increase extra verification step as input validation code, therefore improve user profile input efficiency, lifted Consumer's Experience.
The embodiment of the present application is described in further detail with reference to Figure of description.
As shown in Fig. 2 the user authentication method flow chart provided for the embodiment of the present application, comprises the following steps:
S201:Terminal device sends user input progress msg, the user input progress msg to server The progress of user profile is input on the terminal device for instruction user.
In the embodiment of the present application, between server and terminal device can by website, using etc. set up data Connection, namely the server can be Website server, application server etc., server can be by terminal Webpage or apply upper input operation that monitoring of equipment user is presented in terminal device, specifically, can be set Once user above has input operation in website or application, terminal device sends the content of the input operation automatically To server, and the similar trigger action for clicking on send button is initiated without user, or, terminal device The information of the current input progress position of instruction user can be only sent, such as instruction user is currently inputted to 3rd character.The user profile can be user in website or using upper registration or any privacy for using Information, such as user name, password, address information etc..
Specifically, the user authentication method that the embodiment of the present application is provided can be used for Account Logon, website order The usage scenario of user profile confirmation, payment information confirmation etc., is stepped in the embodiment of the present application with account before generation Illustrated as a example by record.When user needs to log in, click on after logging in, terminal device sends to server and steps on Record request, login interface is fed back to terminal device by server, to be shown to user.User can log in Input user profile in corresponding input frame in interface, for example, input user name letter in the input frame of user name Breath, password is input in Password Input frame.During user carries out input information, terminal device is to clothes Business device sends user input information.
S202:The user input progress msg that server sends according to terminal device, generates prompt message;Institute State prompt message carries out the server for indicating the user to be directed to the input operation for being currently needed for performing The change specified is operated.
S203:The prompt message of generation is sent to terminal device, terminal device the reception server hair by server The prompt message sent, and user is showed, so that user is directed to the input operation for being currently needed for performing and is taken The change that business device is specified is operated.
Here, the prompt message can include:At the conversion specified to the character for being currently needed for input Manage, such as capital and small letter conversion, input space (namely instruction user is first defeated before character to be entered is input into Enter space), the character (spcial character such as specified) specified of input;Can also include:Perform except defeated Enter other assigned operations outside operation, such as overturn terminal device, dragging designated button, click on to specify and press Button etc..In specific implementation, server can also select to carry according to the type of the terminal device for detecting Show information, such as when terminal device is mobile phone, panel computer etc., the prompt message that can be selected includes turning over Turn the terminal, when for common computer, then do not select the prompt message.Prompt message is in terminal device On display location can be changed according to actual conditions, for example may be displayed on around input frame (top, the right side The orientation such as side), to facilitate user to see the prompt message of correlation.
In specific implementation, the user input progress msg that server can send according to terminal device, at random The time point that prompt message is initiated in selection sends prompt message to terminal device.Server can be it is determined that need When sending prompt message, according to the current input progress of user, input progress is corresponding carries with this for random generation Show information, prompt message here can at random be generated according to current input progress, such as user works as During preceding needs input letter, it is that prompting carries out capital and small letter conversion that can randomly choose, or prompting is input into space, Still other deformation operations etc. are pointed out.
Further, server can be random to initiate once or repeatedly to point out according to the input progress of user, Until user completes to be input into.User of the such as user when targeted website is registered entitled nickwang, such as Fig. 3 Shown in (a), after user input second letter i, there is prompting " cap lock please be press ", Ran Houyong Be input to the C that 3rd letter is changed to capitalization in current text box by family, such as shown in Fig. 3 (b), When user is ready for the 4th letter k, there is prompting " please pressing cap lock again ", now The K of user input capitalization.
In terminal equipment side, prompt message can be ejected by the form of prompting frame, can used in user input Ejected during the user profile such as name in an account book, password, address information.
In specific implementation, in order to further increase the security of prompt message, user terminal can will be prompted to Information shows the user in the way of combination graphical verification code.As shown in Fig. 3 (c), prompt message is " please when D is input into front frame ", " D " therein is represented in the way of graphical verification code.
S204:Terminal device sends user and submits information to server, and the user submits information to indicate institute State user and be based on the information that the prompt message performs the operation for completing.
As shown in Fig. 3 (a)~(c), user performs in the prompt message based on server and completes user profile After the input of (user name, password), click on login button and submitted to, terminal device is by user input Information submits to server.In specific implementation, if server further indicates user's execution in prompt message Other operations in addition to input operation, then the order of the various operations that terminal device is performed according to user, will refer to Show that user performs the information of operation for completing and is sent to server, such as user name nickwang, when with After family is input into second letter i, there is prompting " cap lock please be press ", after user input letter k, carry Show that user overturns terminal device, then after user has performed correct operation according to prompting, terminal device is notified Server user performs the operation for completing:Have input n, i, C, k, upset terminal device, have input w、a、n、g。
S205:Server is carried after user's submission information that the terminal device sends is received to the user Friendship information is verified.
Specifically, carry out of the server based on the preservation user profile before changing, and transmission is described Prompt message, it is determined that the correct operation information of the correspondence user;According to the correspondence user for determining just True operation information, submits to information to verify the user.
Here, when prompt message is sent to terminal device, also the corresponding user calculated after change believes server Breath, such as, user name was nickwang originally, and server after second character is transfused to, is pointed out successively " please press cap lock ", after the 3rd character is transfused to, points out " please pressing cap lock again ", then take After business device is calculated accordingly, confirm that user name is changed to niCKwang.
Server after change is determined, after the correct operation that user should perform, perform user is actual Correct operation after the change that the operation of completion is determined with server is compared checking.Such as Fig. 3 (a)~ C (), user performs the character that the operation for completing refers to user input, the correct operation that server determines is to refer to Character after the change for calculating.If user terminal input be niCKwang, then point out User logs in into Work(, continues to provide the user other servers, if that user terminal input is nickwang, not according to phase The prompting answered is changed, then this time login is unsuccessful, can prompt the user with and " please note the prompting of display Information ".
The embodiment of the present application has the advantages that:
The embodiment of the present application is during user carries out user profile input, and server is random by initiating Deformation process is pointed out, and carrying out the random of user profile for the current input progress of user obscures, such as can be with Change length (such as adding space), content (such as carry out alphabet size and write conversion), the word of user profile Symbol order (such as exchanging the input sequence of two neighboring character) etc., due to the deformational behavior be it is random, Point out occur time point be also it is random, therefore user be input into every time user profile be all it is not reproducible, Automatic collision storehouse in this case cannot be realized, while by Key Logger (keylogger) Mode can not capture real password, improve the security of user profile input.In addition, this Shen Please embodiment will be prompted to information and user normally input be combined togather, not as input validation code one Sample increases extra verification step, improves Consumer's Experience.Furthermore, the embodiment of the present application can also be by figure Shape identifying code display reminding information, combines by by verification process and graphical verification code, further increases use The security of family information input.Using the embodiment of the present application, system can also easily capture attack row For even attacker.
Additionally provided based on same inventive concept, in the embodiment of the present application a kind of corresponding with user authentication method User authentication device and system, due to the checking of the device and the principle and the embodiment of the present application of happiness solve problem Method is similar, therefore the implementation of the apparatus and system may refer to the implementation of method, repeats part and repeats no more.
As shown in figure 4, the user authentication device structural representation provided for the embodiment of the present application, including:
Generation module 41, for the user input progress msg sent according to terminal device, generates prompt message; The user input progress msg is used for the progress that instruction user is input into user profile on the terminal device; The prompt message refers to for indicating the user to carry out server for the input operation for being currently needed for performing Fixed change operation;
Sending module 42, for sending the prompt message that the generation module is generated to the terminal device;
Authentication module 43, for after user's submission information that the terminal device sends is received, to the use Family submits to information to be verified, wherein, the user submits information to indicate the user to be based on the prompting Information performs the information of the operation for completing.
Alternatively, authentication module 43 specifically for:
Based on the carrying out user profile before changing for preserving, and the prompt message for sending, it is determined that The correct operation information of the correspondence user;It is right according to the correct operation information of the correspondence user for determining The user submits to information to be verified.
Alternatively, sending module 42 specifically for:
According to the user input progress msg that terminal device sends, the time of prompt message is initiated in random selection Point, and at the time point of selection, prompt message is sent to the terminal device.
Alternatively, the prompt message includes:
The conversion process specified to the character for being currently needed for input;And/or,
Perform other assigned operations in addition to input operation.
As shown in figure 5, the user authentication device structural representation provided for another embodiment of the application, including:
First sending module 51, for sending user input progress msg to server, the user input is entered Degree information is used for the progress that instruction user is input into user profile on the terminal device;
Receiver module 52, the prompting that the user input progress msg sends is based on for receiving the server Information, and user is showed, the prompt message is currently needed for the defeated of execution for indicating the user to be directed to Entering operation carries out the change operation that the server is specified;
Second sending module 53, submits information to, for the server for sending user to the server Information is submitted to verify the user, wherein, the user submits information to indicate the user to be based on The prompt message performs the information of the operation for completing.
Alternatively, the prompt message includes:
The conversion process specified to the character for being currently needed for input;And/or,
Perform other assigned operations in addition to input operation.
Alternatively, receiver module 52 specifically for:
The prompt message is showed into the user in the way of combination graphical verification code.
As shown in fig. 6, the structural representation of subscriber authentication system 60 provided for the embodiment of the present application, including: Terminal device 61 and server 62.
User profile is input into the corresponding input frame of display interface in user and (for example input user name or password Etc. information) when, terminal device 61 sends user input progress msg, the user input to server 62 Progress msg is used for the progress that instruction user is input into user profile on the terminal device.
The user input progress msg that server 62 sends according to terminal device 61, generates prompt message, and The prompt message of generation is sent to terminal device 61, the prompt message is worked as indicating the user to be directed to The preceding input operation for needing to perform carries out the change operation that the server 62 is specified.
The prompt message that the reception server 62 of terminal device 61 is sent based on the user input progress msg, And show user;After user is based on prompt message execution completion operation, sent to server 62 User submits information to, and the user submits information to indicate the user to perform completion based on the prompt message Operation information.
Server 62 is submitted to after the user's submission information for receiving the transmission of terminal device 61 to the user Information is verified.
Alternatively, server 62 submits to information to verify the user according to following steps:
Based on the carrying out user profile before changing for preserving, and the prompt message for sending, it is determined that The correct operation information of the correspondence user;
According to the correct operation information of the correspondence user for determining, information is submitted to test the user Card.
Alternatively, server 62 sends prompt message according to following steps to the terminal device:
According to terminal device 61 send user input progress msg, random selection initiate prompt message when Between point, and selection the time point, to the terminal device send prompt message.
Alternatively, the prompt message includes:
The conversion process specified to the character for being currently needed for input;And/or,
Perform other assigned operations in addition to input operation.
Alternatively, the prompt message is showed the user by terminal device 61 according in the following manner:
The prompt message is showed into the user in the way of combination graphical verification code.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or meter Calculation machine program product.Therefore, the application can be using complete hardware embodiment, complete software embodiment or knot Close the form of the embodiment in terms of software and hardware.And, the application can be used and wherein wrapped at one or more Containing computer usable program code computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) on implement computer program product form.
The application is produced with reference to the method according to the embodiment of the present application, device (system) and computer program The flow chart and/or block diagram of product is described.It should be understood that can by computer program instructions realize flow chart and / or block diagram in each flow and/or the flow in square frame and flow chart and/or block diagram and/ Or the combination of square frame.These computer program instructions to all-purpose computer, special-purpose computer, insertion can be provided The processor of formula processor or other programmable data processing devices is producing a machine so that by calculating The instruction of the computing device of machine or other programmable data processing devices is produced for realizing in flow chart one The device of the function of being specified in individual flow or multiple one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or the treatment of other programmable datas to set In the standby computer-readable memory for working in a specific way so that storage is in the computer-readable memory Instruction produce include the manufacture of command device, the command device realization in one flow of flow chart or multiple The function of being specified in one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices, made Obtain and series of operation steps is performed on computer or other programmable devices to produce computer implemented place Reason, so as to the instruction performed on computer or other programmable devices is provided for realizing in flow chart one The step of function of being specified in flow or multiple one square frame of flow and/or block diagram or multiple square frames.
Although having been described for the preferred embodiment of the application, those skilled in the art once know base This creative concept, then can make other change and modification to these embodiments.So, appended right will Ask and be intended to be construed to include preferred embodiment and fall into having altered and changing for the application scope.
Obviously, those skilled in the art can carry out various changes and modification without deviating from this Shen to the application Spirit and scope please.So, if the application these modification and modification belong to the application claim and Within the scope of its equivalent technologies, then the application is also intended to comprising these changes and modification.

Claims (15)

1. a kind of user authentication method, it is characterised in that the method includes:
The user input progress msg that server sends according to terminal device, sends to the terminal device and generates Prompt message, the user input progress msg is input into user for instruction user on the terminal device The progress of information, the prompt message is used to indicate the user to enter for the input operation for being currently needed for performing The change that the row server is specified is operated;
After user's submission information that the terminal device sends is received, information is submitted to test the user Card, wherein, it is to indicate the user to be based on the prompt message to perform the behaviour for completing that the user submits information to The information of work.
2. the method for claim 1, it is characterised in that the server is submitted to the user Information verified, including:
The server is based on the carrying out user profile before changing for preserving, and the prompting for sending Information, it is determined that the correct operation information of the correspondence user;
According to the correct operation information of the correspondence user for determining, information is submitted to test the user Card.
3. the method for claim 1, it is characterised in that the server is according to terminal device The user input progress msg of transmission, the prompt message of generation is sent to the terminal device, including:
Prompting letter is initiated in the user input progress msg that the server sends according to terminal device, random selection The time point of breath, and at the time point of selection, the prompt message of generation is sent to the terminal device.
4. the method as described in claims 1 to 3 is any, it is characterised in that the prompt message includes:
The conversion process specified to the character for being currently needed for input;And/or,
Perform other assigned operations in addition to input operation.
5. a kind of user authentication method, it is characterised in that the method includes:
Terminal device sends user input progress msg to server, and the user input progress msg is used to refer to Show that user is input into the progress of user profile on the terminal device;
The terminal device receives the server and is based on the prompting letter that the user input progress msg sends Breath, and user is showed, the prompt message is used to indicate the user to be directed to the input for being currently needed for performing Operation carries out the change operation that the server is specified;
The terminal device sends user and submits information to the server, for the server to the use Family submits to information to be verified, wherein, the user submits information to indicate the user to be based on the prompting Information performs the information of the operation for completing.
6. method as claimed in claim 5, it is characterised in that the prompt message includes:
The conversion process specified to the character for being currently needed for input;And/or,
Perform other assigned operations in addition to input operation.
7. the method as described in claim 5 or 6, it is characterised in that the terminal device is carried described Show that information shows the user, including:
The prompt message is showed the user by the terminal device in the way of combination graphical verification code.
8. a kind of user authentication device, it is characterised in that the device includes:
Generation module, for the user input progress msg sent according to terminal device, generates prompt message; The user input progress msg is used for the progress that instruction user is input into user profile on the terminal device; The prompt message refers to for indicating the user to carry out server for the input operation for being currently needed for performing Fixed change operation;
Sending module, for sending the prompt message that the generation module is generated to the terminal device;
Authentication module, for after user's submission information that the terminal device sends is received, to the user Submission information verified, wherein, the user submits information to indicate the user to be based on the prompting letter Breath performs the information of the operation for completing.
9. device as claimed in claim 8, it is characterised in that the authentication module specifically for:
Based on the carrying out user profile before changing for preserving, and the prompt message for sending, it is determined that The correct operation information of the correspondence user;It is right according to the correct operation information of the correspondence user for determining The user submits to information to be verified.
10. device as claimed in claim 8, it is characterised in that the sending module specifically for:
According to the user input progress msg that terminal device sends, the time of prompt message is initiated in random selection Point, and at the time point of selection, the prompting letter that the generation module is generated is sent to the terminal device Breath.
11. device as described in claim 8~10 is any, it is characterised in that the prompt message includes:
The conversion process specified to the character for being currently needed for input;And/or,
Perform other assigned operations in addition to input operation.
12. a kind of user authentication devices, it is characterised in that the device includes:
First sending module, for sending user input progress msg, the user input progress to server Information is used for the progress that instruction user is input into user profile on the terminal device;
Receiver module, the prompting letter that the user input progress msg sends is based on for receiving the server Breath, and user is showed, the prompt message is used to indicate the user to be directed to the input for being currently needed for performing Operation carries out the change operation that the server is specified;
Second sending module, submits information to, for the server pair for sending user to the server The user submits to information to be verified, wherein, the user submits to information to be based on institute for the instruction user State the information that prompt message performs the operation for completing.
13. devices as claimed in claim 12, it is characterised in that the prompt message includes:
The conversion process specified to the character for being currently needed for input;And/or,
Perform other assigned operations in addition to input operation.
14. device as described in claim 12 or 13, it is characterised in that the receiver module is specifically used In:
The prompt message is showed into the user in the way of combination graphical verification code.
15. a kind of subscriber authentication systems, it is characterised in that the system includes:Server and terminal device;
The terminal device sends user input progress msg, the user input progress letter to the server Cease the progress for being input into user profile on the terminal device for instruction user;
The user input progress msg that the server sends according to the terminal device, generates prompt message, And the prompt message for generating is sent to the terminal device, the prompt message is used to indicate the user The change operation that the server is specified is carried out for the input operation for being currently needed for performing;
The terminal device receives the prompt message that the server sends, and shows user;In user's base After the prompt message performs completion operation, send user to the server and submit information, the user to Submission information is to indicate the user to be based on the information that the prompt message performs the operation for completing;
The server is carried after user's submission information that the terminal device sends is received to the user Friendship information is verified.
CN201510946410.XA 2015-12-16 2015-12-16 User verification method, device and system Active CN106888090B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510946410.XA CN106888090B (en) 2015-12-16 2015-12-16 User verification method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510946410.XA CN106888090B (en) 2015-12-16 2015-12-16 User verification method, device and system

Publications (2)

Publication Number Publication Date
CN106888090A true CN106888090A (en) 2017-06-23
CN106888090B CN106888090B (en) 2020-01-21

Family

ID=59176163

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510946410.XA Active CN106888090B (en) 2015-12-16 2015-12-16 User verification method, device and system

Country Status (1)

Country Link
CN (1) CN106888090B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103049259A (en) * 2012-12-07 2013-04-17 北京百度网讯科技有限公司 Method, device and equipment for presenting graphic object representing input progress
US20140365782A1 (en) * 2004-06-14 2014-12-11 Rodney Beatson Method and System for Providing Password-free, Hardware-rooted, ASIC-based Authentication of a Human to a Mobile Device using Biometrics with a Protected, Local Template to Release Trusted Credentials to Relying Parties
CN104301286A (en) * 2013-07-15 2015-01-21 中国移动通信集团黑龙江有限公司 User login authentication method and device
CN105099998A (en) * 2014-04-30 2015-11-25 杭州同盾科技有限公司 Identity information authentication method, device and system
EP3296908A1 (en) * 2012-06-12 2018-03-21 Square, Inc. Securely communicating between a card reader and a mobile device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140365782A1 (en) * 2004-06-14 2014-12-11 Rodney Beatson Method and System for Providing Password-free, Hardware-rooted, ASIC-based Authentication of a Human to a Mobile Device using Biometrics with a Protected, Local Template to Release Trusted Credentials to Relying Parties
EP3296908A1 (en) * 2012-06-12 2018-03-21 Square, Inc. Securely communicating between a card reader and a mobile device
CN103049259A (en) * 2012-12-07 2013-04-17 北京百度网讯科技有限公司 Method, device and equipment for presenting graphic object representing input progress
CN104301286A (en) * 2013-07-15 2015-01-21 中国移动通信集团黑龙江有限公司 User login authentication method and device
CN105099998A (en) * 2014-04-30 2015-11-25 杭州同盾科技有限公司 Identity information authentication method, device and system

Also Published As

Publication number Publication date
CN106888090B (en) 2020-01-21

Similar Documents

Publication Publication Date Title
AU2017203608B2 (en) Mobile human challenge-response test
US9923876B2 (en) Secure randomized input
US9756056B2 (en) Apparatus and method for authenticating a user via multiple user devices
CN106453209B (en) Identity verification method and device
TWI787211B (en) Verification method and device
CN104348612A (en) Third-party website login method based on mobile terminal and mobile terminal
US20160127134A1 (en) User authentication system and method
CN104077689A (en) Information verification method, relevant device and system
TWI525467B (en) Method and computer system for dynamically providing multi-dimensions based password/challenge authentication
KR101027228B1 (en) User-authentication apparatus for internet security, user-authentication method for internet security, and recorded medium recording the same
KR101267229B1 (en) Method and system for authenticating using input pattern
CN104079527A (en) Information processing method and electronic equipment
CN108182355B (en) Login verification method, server and computer readable storage medium
CN113973004B (en) Providing multi-factor authentication credentials via device notifications
CN106888090A (en) A kind of user authentication method, apparatus and system
WO2016202045A1 (en) Card exchange method, device and system
JP5176629B2 (en) Server apparatus, authentication method, and program
KR20150104667A (en) Authentication method
US20200242712A1 (en) Method, apparatus and system for self-service contract for mobile payments
JP6322549B2 (en) Authentication system, authentication method, and authentication program
KR101691163B1 (en) User authentication method and server performing the same
CN105721155A (en) Dynamic token data processing method and system
CN116055197A (en) System login method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1238031

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant