Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1 is a flowchart of a method according to an embodiment of a short message verification method according to the present application. Although the present application provides method operational steps or apparatus configurations as illustrated in the following examples or figures, more or fewer operational steps or modular units may be included in the methods or apparatus based on conventional or non-inventive efforts. In the case of steps or structures which do not logically have the necessary cause and effect relationship, the execution sequence of the steps or the module structure of the apparatus is not limited to the execution sequence or the module structure shown in the embodiment or the drawings of the present application. When the described method or module structure is applied to a practical device or an end product, the method or module structure according to the embodiment or the figures may be executed sequentially or executed in parallel (for example, in the environment of parallel processors or multi-thread processing, or even in the environment of distributed processing).
A specific implementation application scenario is shown in fig. 1, and an embodiment of a short message verification method provided by the present application may include:
s1: the service server adds a preset check symbol in the initial short message content to be issued to the target object to generate the service short message, wherein the preset check symbol is generated according to the preset associated data of the target object in a first encryption mode.
In the embodiment of the present application, a service server that needs to issue a notification message, a push message, etc. to a target object may add a preset check mark for user identification and verification in an initial short message content (which may also be referred to as an original short message content) to be issued. The preset check mark can be generated by the server according to the preset associated data of the target object in a first encryption mode selected/designed in advance. At present, short message notification, promotion and the like are mainly processed by taking a mobile phone number as an object, and in an application scenario of an embodiment of the present application, the target object may be a mobile phone number, such as a mobile phone number assigned by a mobile, telecom or unicom operator of 11-digit arabic numbers in China to a user. The business servers in different industry scenes can send notification, promotion messages and the like to target objects through mobile phone numbers, for example, the business server of a Chinese industrial and commercial bank in a certain area can broadcast and send a notification short message with an expired point year to the mobile phone number of a registered and reserved user, or a merchant sends the notification short message contents that the merchant has sent a delivery notice to check to the contact number of a receiver filled in by the user, and the like.
The target object may be a mobile phone number generally assigned to the user by the mobile communication operator, and this application does not exclude that, the target object may be another short message receiving object, for example, the target object may also be an identity or an equipment identification code of the user in another manner. For example, in an application scenario, the identification code in the enterprise lan may be a flower name identifier assigned to the employee, and may include a combination of chinese and english, and the enterprise may send an enterprise notification short message to the employee terminal that can receive the broadcast through the broadcasting device.
The service server can add a preset check symbol in the initial short message content sent to the target object. The preset check symbol may be generated by the service server, or may include corresponding processing and generation performed by a dedicated server or a third-party server. The preset check symbol added in the embodiment of the application can be generated according to the preset associated data of the target object in a certain encryption mode. The preset associated data may include one or more preset associated data, such as short message content, an identification number, a user identifier, and the like, that is specified for the target object, and the preset check mark is generated by using the one or more associated data in a preset encryption manner.
After the preset associated data of the target object is obtained, a preset check symbol can be generated according to a preset first encryption mode, and then the preset check symbol can be added to the content of the initial short message to generate the service short message to be sent to the target object in the embodiment. In an embodiment of the present application, the target object may be a subscriber identification number allocated to the subscriber by a communication operator, for example, 11 in china is an arabic number. That is, in one embodiment, the preset association data may include: the content of the initial short message and the identification code of the target object. The identification code of the target object can be a mobile phone number, or the target object is a mobile phone number, and the identification code can be the mobile phone number itself.
In a specific application scenario, for example, the initial short message content C1 issued by the service server S of a certain payment application a to the user through the mobile phone number is:
please login www.xxxpay.com for real name authentication. "
The user1 and the mobile phone number 186XXXX6666 of the client perform service registration through the payment application a, and need to receive the short message of the service server S. At this time, the service server may generate a string of check symbols according to the initial short message content and the mobile phone number to be issued to the user1 this time in the selected first encryption manner: l4IEK4KA5S 1. The specific adopted first encryption mode can be selected by a designer according to an application scene, or the encryption mode can be set by self-definition. The check character "L4 IEK4KA5S 1" may be used as a preset check character, and then the preset check character for the initial short message content and the mobile phone number may be added to the initial short message content to generate the service short message:
"Please log in www.xxxpay.com for real name authentication [ L4IEK4KA5S1 ]. "
In other embodiments, the first encryption manner may also use an md5 digest algorithm, that is, md5 may be generated according to the short message content + the identification code, and a character of md5 is taken as a check symbol according to a preset value-taking manner.
In the embodiment of the application, the service server can add a preset check symbol in the initial short message content to be issued to the target object to generate the service short message. The preset check mark may be generated according to preset associated data of the target object in a first encryption manner.
S2: and the service server sends the service short message.
After generating the service short message added with the preset check symbol, the service server can send out the service short message. Generally, the service server may be a server of a communication operator such as china mobile and china telecom, and the service short message content may be transmitted to a specified base station through the corresponding server, and then the base station sends the service short message content to the terminal user accessing to the cell of the base station through broadcasting. Of course, the service server may also be a service server for each enterprise application, such as the service server for the payment application a, or a service server for a chinese industrial and commercial bank. The business servers of these enterprise applications do not exclude that in some embodiments, the business short messages may be sent through their own private base stations, and the general business users may send the business short messages to the target object through the base station of the communication operator.
S3: and after receiving the service short message of the target object, the client sends the terminal association data of the target object to the verification server.
The client may generally include a terminal device where the target object is located, such as a mobile communication terminal (e.g., a mobile phone) installed with a SIM card of a mobile phone number. Generally, one client may include one target object, and other embodiments may also include a plurality of target objects, for example, two mobile phone numbers may be used simultaneously by a dual-card dual standby that can be implemented in a current mobile phone. The terminal related data of the target object may include one or more pieces of related data of the target object specified on a preset client, such as information content of a service short message of the target object received by the client, or a device identifier of the client where the target object is located, or other specified related data. Generally, the terminal related data may be the same as the parameter/attribute type specified by the preset related data, and for example, both may include short message content or a mobile phone number. This application does not exclude that in some other embodiments the type of terminal-related data that the client sends to the authentication server may be different or partly the same. Specifically, in an application scenario where the service server S of a certain payment application a issues the initial short message content C1 to the user through the mobile phone number in this embodiment, the terminal-related data may be set to include: the service short message and the identification code of the target object for receiving the service short message.
When the user' S mobile phone receives "please log in www.xxxpay.com for real name authentication L4IEK4KA5S 1". When the service short message is received, the mobile phone can automatically send the content of the service short message and the terminal associated data of the mobile phone number 186XXXX6666 for receiving the service short message to a specified verification server together to verify the authenticity of the short message.
In an embodiment of the present application, the verification server may include a server logically separated from the service server and separately configured for verifying the authenticity of the short message. Specifically, the authentication server may belong to the same merchant or under the service system as the service server, or may be an authentication server of a partner. In another embodiment of the present application, the authentication server and the service server may also be the same server, and may belong to different service processing modules. For example, a service server S of a certain payment application may send a notification short message to a target object, and may also receive terminal-related data sent by a client where the target object is located, and perform corresponding verification processing. Therefore, in an embodiment of the method described in the present application, the service server and the authentication server are configured to adopt any one of the following implementation manners:
the service server and the verification server are the same server;
the service server and the verification server are different servers in logic positions. The difference in the logical positions may include that the physical positions belong to different processing servers of the same machine room or the same service system.
In the embodiment of the application, after receiving the service short message of the target object, the client can send the terminal association data of the target object to the verification server. The terminal association data may specify in advance one or more association data for setting association of a target object at the client.
S4: and the verification server generates a terminal check symbol according to a second encryption mode based on the received terminal associated data.
The verification server can open corresponding interface service, receive the terminal associated data transmitted from the client and is used for verifying the authenticity of the client service short message. The verification server may perform verification according to the terminal related data of the target object, and in this embodiment, a selected second encryption manner may be adopted to generate a terminal check mark corresponding to the terminal related data.
In an embodiment, the second encryption manner may be the same as the first encryption manner used when the preset check symbol is generated, for example, terminal-related data of the same type as the preset-related data may be obtained (for example, check symbols are generated according to the short message content and the mobile phone number), and the verification server generates the terminal check symbol from the terminal-related data (the short message content uploaded by the terminal and the mobile phone number of the user) uploaded by the client in the second encryption manner that is the same as the first encryption manner. Of course, in other embodiments of the present application, the second encryption manner may also be different from the first encryption manner, for example, the second encryption manner may set some other processing manners or change some parameters based on the first encryption manner according to the specific content items included in the terminal related data.
S5: and the verification server judges whether the terminal check symbol is matched with a preset check symbol in the terminal associated data, and determines a verification result of the service short message corresponding to the terminal associated data according to the judgment result.
The verification server can extract the terminal associated data of the target object uploaded by the client and acquire the preset check symbol in the terminal associated data. The authentication server may determine whether the terminal check symbol generated according to the terminal-related data in the second encryption manner matches a terminal check symbol included in the terminal-related data.
The matching may include an implementation that the terminal check symbol is the same as the preset check symbol, or may include that the terminal check symbol and the preset check symbol conform to a preset correspondence/mapping relationship. For example, if both of the short message content and the mobile phone number are used as the associated data for generating the check mark, and the encryption method is the same. Then, the verification server can compare whether the terminal check symbol generated according to the terminal associated data is the same as the preset check symbol carried in the service short message or not, if so, the verification is passed, which indicates that the service short message received by the client is transmitted by the real service server; otherwise, the verification is not passed.
It should be noted that, if the verification server does not extract the preset check symbol from the terminal-related data uploaded by the client, in an implementation manner, it may be directly determined that the service short message verification corresponding to the terminal-related data fails, for example, some fraudsters do not know that the service system implementing the short message verification function of the present scheme is implemented. In some application scenarios, if a service short message is sent from a real service server, the service short message may include information of a preset check symbol. The terminal associated data uploaded to the verification server by the client at this time also contains the information of the preset check symbol, so that the verification server can verify the authenticity of the service short message. When the client receives some service short messages without the preset check symbols, the client can also send corresponding terminal associated data, such as short message content and mobile phone numbers, to the verification server. The verification server detects that no preset check symbol exists in the received terminal associated data, so that the service short message can be directly judged to be a fraud short message and the like, and the verification fails. Of course, even if the uploaded terminal related data includes the preset check mark, the verification server cannot generate the terminal check mark matched with the preset check mark according to the short message content, the mobile phone number and the like because the processing of the related data and the encryption mode is different, and the verification cannot pass.
After the verifying server verifies the authenticity of the corresponding business object according to the terminal association data uploaded by the client, the method can also comprise
S6: and returning the verification result to the corresponding client.
Fig. 2 is a schematic method flow diagram of another embodiment of a short message verification method according to the present application. At this time, the client can execute corresponding operation according to the verification result, for example, if the service short message verification result fails, the client application prompts the message warning information to the user; if the verification is passed, the service short message can be set as an official short message, or the default prompt information does not appear when the verification is passed.
Fig. 3 is a schematic diagram of an application scenario of a short message verification method according to the present application. As shown in fig. 3, the service provider of each application may send the service short message to the client via the base station of the communication operator through the internet, and the client may upload the service short message or the terminal-related data including the receiving time to the verification server of the application after receiving the service short message. And the verification server performs verification to identify the authenticity of the service short message. Through the embodiment of the application, the service server can add the preset check symbol in the service short message sent to the user, and the user can send the terminal associated data of the short message content to the verification server to verify the authenticity of the service short message after receiving the service short message, so that the pseudo base station attack is prevented, the safety of the short message information is improved, and the property safety of the user is guaranteed.
Based on the above, the present application further provides a short message verification method that can be used on the server side, so as to add a preset check symbol to a service short message that is sent to a client side from the bottom, and verify the authenticity of the service short message of the client side according to data uploaded by the client side. Specifically, as shown in fig. 4, fig. 4 is a schematic method flow diagram of an embodiment of a short message verification method provided in the present application, where in the short message verification method provided in the present application, the method may include:
s11: adding a preset check symbol in initial short message content to be issued to a target object to generate a service short message, wherein the preset check symbol is generated according to preset associated data of the target object in a first encryption mode;
s22: sending the service short message;
s33: receiving terminal associated data sent by a client, and generating a terminal check symbol according to a second encryption mode based on the received terminal associated data;
s44: and judging whether the terminal check mark is matched with a preset check mark in the terminal associated data, and determining a verification result of the service short message corresponding to the terminal associated data according to the judgment result.
As described above, in an embodiment of the method of the present application, an md5 digest algorithm may be used to process the check code added in the short message. And providing verification service on the application service open platform, and providing the service for verifying the authenticity of the short message for the accessed application, such as the client application of the application service open platform or the client application of a cooperative friend. Specifically, in an embodiment of the short message verification method according to the present application, the first encryption manner and the second encryption manner may be set as follows:
s110: generating a first source check character string by adopting a preset encryption algorithm based on preset associated data; taking the character in the designated position of the first source check character string as a preset check symbol according to a preset value-taking mode;
generating a second source check character string by adopting a preset encryption algorithm based on the terminal associated data; and taking the character in the designated position of the second source check character string as a terminal check character according to a preset value-taking mode.
The content of the initial short message sent to the mobile phone number 186XXXX6666 is "please log in www.xxxpay.com for real name authentication. In the application scenario processing, if the md5 digest algorithm is adopted, a 32-bit md5 source check character string can be generated: 742D07543B0DFED86255296AC6EEE3DC, then the characters in which the bit segments 2, 4, 8, 16, 32 are specified can be taken as check symbols: 4D 48C. In the process of processing the service short message, the check symbol can be added to the initial short message content as a preset check symbol, and the final service short message is generated as follows:
"Please log in www.xxxpay.com for real name authentication [4D48C ]. "
If the short message is in the short message verification processing result stage, the verification server can extract the content of the service short message in the terminal-associated data, "please log in www.xxxpay.com for real name authentication [4D48C ]. Then, the user mobile phone number 186XXXX6666 is added, and the terminal check mark is generated by the second encryption method. The finally generated terminal check character can generate the terminal check character "4D 48C" if the first encryption method and the second encryption method use the same encryption algorithm. If a different encryption algorithm is used, other terminal check symbols may be generated. Generally, if different encryption algorithms are adopted for the first encryption mode and the second encryption mode, the generated check symbols are usually different, and at this time, the first encryption mode and the second encryption mode can be adopted to have a corresponding relationship, so that the terminal check symbol generated by the second encryption mode can be compared, matched and the like with the preset check symbol generated by the first encryption mode, and the authenticity of the short message is verified.
In another embodiment of the method described in the present application,
s220: the preset associated data comprises the initial short message content and an identification code of a target object; the terminal associated data comprises the service short message and an identification code of a target object for receiving the service short message;
in a specific implementation process, the short message content and the mobile phone number can be used as associated data for generating the check symbol, and the same encryption algorithm is adopted when the preset check symbol and the terminal check symbol are generated, for example, an md5 digest algorithm is used to obtain a 5-bit character at a specified position.
In another embodiment of the short message verification method, different check symbol value taking modes can be set according to identification codes of different users. In another embodiment of the method described herein, therefore,
s330: the preset encryption algorithm can be set to be a preset value-taking mode of characters in at least two source check symbols according to the identification code; and when the identification code of the target object is acquired, selecting a corresponding preset value-taking mode according to the identification code to generate a preset check symbol/terminal check symbol.
Setting at least two specific self-definable rules of preset value modes of characters in the source check character according to the identification code, for example, setting different value modes for different number segments, or setting different value modes for different ending source check character strings, and even each identification code can correspond to a unique value mode. For example, in the application scenario where the short message content + mobile phone number adopts the md5 digest algorithm, if the mobile phone number segment is 186, the method may be configured to take the 2 nd, 4 th, 8 th, 16 th, and 32 th characters of the source check character string as the check characters; if the cell number segment is 139, it can be configured to take the characters of 1 st, 3 rd, 9 th, 17 th, 31 st of the source check character string as the check character. Of course, other preset value-taking modes can be designed to increase the security of the encryption of the check symbol by adopting different value-taking modes according to the identification code.
In another embodiment of the method, the key of the target object can be added for processing when the preset check symbol is generated, so that the safety of the check symbol is further enhanced, and the unavailability of the whole service system caused by leakage of some encrypted information is avoided. Specifically, in another embodiment of the short message verification method according to the present application,
s440: the preset associated data also comprises a dynamic key of the target object, the dynamic key is set to generate a key set according to the identification code of the target object, and a key in the key set corresponding to the processing time of the target object is selected according to the processing time of the service short message to serve as the dynamic key for generating the preset check symbol;
the terminal associated data also comprises the receiving time of the client terminal for receiving the service short message;
correspondingly, the method may further include, after receiving the terminal association data:
s441: acquiring a verification key corresponding to the receiving time of a target object receiving the service short message;
and the generating the terminal check symbol according to the second encryption mode comprises: and generating a terminal check symbol according to the terminal associated data and the check key and a second encryption mode.
For example, in the application scenario of the above embodiment, md5 may be generated in a manner of short message content + mobile phone number + key, and then a 5-bit character at the specified position is taken as a preset check character according to a preset value-taking manner. In an implementation manner of this embodiment, the identification code of the target object may be a subscriber identification number assigned to the subscriber by the communications carrier, and then the key in the key set may be generated by a character at a specified position according to the subscriber identification number.
In the specific implementation process, different keys can be set according to the last few digits of the mobile phone number, and the situation that short message verification service of a user is unavailable after a certain key is leaked is avoided. For example, the last 6 digits of a mobile phone number can be adopted, and 100 ten thousand keys can be generated from 000000 to 999999. If the 6-bit character is taken in conjunction with the 32-bit md5, there can be as many as 6 billion combinations. Each mobile phone number can generate a key set, and keys in the key set can be designed to use different keys at different time points. If the key is changed every 30 seconds, the key corresponding to the current system time is selected from the key set corresponding to the mobile phone number of the user according to the current system time of the current processing service time to be used as a dynamic key, and then the dynamic key is further processed.
And the client can simultaneously upload the time for receiving the service short message when uploading the terminal associated data. The authentication server extracts the key used at the time point according to the receiving time of the service short message, and then performs authentication by using the key.
As described above, in one aspect of the method of the present application, the identification code of the target object may be a subscriber identification number assigned to the subscriber by a communication carrier, and the key in the key set may be generated by a character at a specified position according to the subscriber identification number.
Further, after verifying the authenticity of the service short message corresponding to the received terminal association data according to the check symbol, the verification server may return the verification result to the corresponding client. Fig. 5 is a schematic method flow diagram of another embodiment of a short message to-be-verified method provided by the present application. The client side can perform corresponding processing according to the verification result, for example, if the verification fails, a prompt message that the service short message is a fraud short message is sent to the user. Therefore, the security of the short message received by the client user can be guaranteed based on the verification result of the server, and in an embodiment of the short message verification method, after the verification result of the service short message corresponding to the terminal associated data is determined, the method may further include:
s55: and returning the verification result to the corresponding client.
In each embodiment of the short message verification method for the server side, a specific implementation manner may refer to related descriptions of other embodiments of the present application, and details are not described herein. By using the short message verification method provided by the embodiment of the application, the server can add the preset check symbol in the service short message sent to the user, and the user can send the terminal associated data of the short message content to the verification server to verify the authenticity of the service short message after receiving the service short message, so that the pseudo base station attack is prevented, the safety of the short message information is improved, and the property safety of the user is guaranteed.
Furthermore, the application also provides a short message verification method for the client side, so that the client side can identify the authenticity of the received short message, the client user is prevented from being attacked by the pseudo base station, and the property of the client user is guaranteed. Fig. 6 is a schematic method flow diagram of an embodiment of a short message to-be-verified method provided by the present application. Specifically, as shown in fig. 6, in an embodiment, the method may include:
s301: and receiving a service short message of a service server, wherein the service short message is generated by adding a preset check symbol in the initial short message content to be issued to a target object by the service server. The preset check mark may be generated according to preset associated data of the target object in a first encryption manner.
S302: and sending the terminal associated data of the target object corresponding to the service short message to a verification server.
As mentioned above, in an embodiment, the terminal-related data may include the service short message and an identification code of a target object receiving the service short message, so that the verification server generates the terminal check mark according to the content of the service short message and the identification code.
In another embodiment, the terminal-related data may further include: and receiving the receiving time of the service short message, so that the verification server acquires a verification key corresponding to the target object receiving the service short message at the receiving time according to the receiving time, and generates a terminal verification symbol according to the verification key.
In one embodiment, to prevent the hacking, the server side is provided with a key that is updated at a certain period. For the client side, the short message receiving time can be uploaded simultaneously when the short message is uploaded, and then the server verifies the short message by using the key of the short message receiving time, so that the safety and reliability of short message verification are greatly improved.
Based on the short message verification method, the application provides a short message verification device. The short message verification device can be used in a server, realizes the verification of the authenticity of the short message of the client service, prevents the attack of a pseudo base station, provides the safety of the short message service and ensures the property safety of a user. Fig. 7 is a schematic block structure diagram of an embodiment of a short message verification apparatus provided in the present application, and as shown in fig. 7, the apparatus may include:
the service processing module 101 may be configured to add a preset check symbol to an initial short message content to be delivered to a target object, and generate a service short message, where the preset check symbol is generated according to preset associated data of the target object in a first encryption manner;
the communication module 102 may be configured to send a service short message and receive terminal-related data sent by a client;
the verification processing module 103 may be configured to generate a terminal check indicator according to a second encryption manner based on the received terminal related data; the method and the device can also be used for judging whether the terminal check mark is matched with a preset check mark in the terminal associated data, and determining a verification result of the service short message corresponding to the terminal associated data according to the judgment result.
Referring to the foregoing method implementation, in another embodiment of the short message authentication device provided in the present application, the first encryption manner and the second encryption manner are set as follows:
generating a first source check character string by adopting a preset encryption algorithm based on preset associated data; taking the character in the designated position of the first source check character string as a preset check symbol according to a preset value-taking mode;
generating a second source check character string by adopting a preset encryption algorithm based on the terminal associated data; and taking the character in the designated position of the second source check character string as a terminal check character according to a preset value-taking mode.
The preset associated data and the terminal associated data can be defined and set according to a service scene or a short message verification mode. In an embodiment provided by the present application, the preset associated data includes the content of the initial short message and an identification code of a target object; the terminal associated data comprises the service short message and an identification code of a target object for receiving the service short message.
In another embodiment of the device of the present application, different check symbol value-taking modes can be set according to identification codes of different users. Therefore, in another embodiment of the apparatus of the present application, the verification processing module 103 may include:
the value taking rule module 1031 may be configured to store value taking manners of characters in at least two source check symbols set according to the identification code;
the value taking mode determining module 1032 may be configured to determine, when the identification code of the target object is obtained, a value taking mode of a character in the source check symbol according to the identification code;
the check symbol generation module 1033 may be configured to generate a preset check symbol/terminal check symbol according to a value mode of a character in the source check symbol.
Fig. 8 is a schematic block diagram of an embodiment of the verification processing module 103 provided in the present application. Setting at least two specific self-definable rules of preset value modes of characters in the source check character according to the identification code, for example, setting different value modes for different number segments, or setting different value modes for different ending source check character strings, and even each identification code can correspond to a unique value mode. The source check symbol may be a first source check symbol generated according to preset associated data when the preset check symbol is generated, and correspondingly, in the terminal check symbol generation stage, the source check symbol may be a second source check symbol generated according to terminal associated data.
In another embodiment of the short message verification device, a key of the target object can be added for processing when the preset check symbol is generated, so that the safety of the check symbol is further enhanced, and the unavailability of the whole service system caused by leakage of some encrypted information is avoided. Therefore, in another embodiment of the short message verification apparatus, the preset association data may further include a dynamic key of the target object, where the dynamic key is configured to generate a key set according to an identification code of the target object, and select a key in the key set corresponding to the processing time of the target object according to the processing time of the service short message as the dynamic key for generating the preset check mark;
the terminal associated data also comprises the receiving time of the client terminal for receiving the service short message;
correspondingly, after receiving the terminal association data, the verification processing module further includes:
acquiring a verification key corresponding to the receiving time of a target object receiving the service short message; and the number of the first and second groups,
the generating the terminal check symbol according to the second encryption mode comprises: and generating a terminal check symbol according to the terminal associated data and the check key and a second encryption mode.
By utilizing the short message verification device provided by the embodiment of the application, the server can add the preset check symbol in the service short message sent to the user, and the user can send the terminal associated data of the short message content to the verification server to verify the authenticity of the service short message after receiving the service short message, so that the pseudo base station attack is prevented, the safety of the short message information is improved, and the property safety of the user is guaranteed.
The method or the device can be used in a server to realize the authenticity verification of the client service short message and prevent the attack of a pseudo base station. Therefore, the present application further provides a short message verification server, fig. 9 is a schematic diagram of a module structure of an embodiment of the short message verification server provided in the present application, and as shown in fig. 9, the server may include:
the service processing unit 100 may be configured to add a preset check symbol to an initial short message content to be delivered to a target object, and generate a service short message, where the preset check symbol is generated according to a first encryption manner according to preset associated data of the target object;
the communication module 110 may be configured to send a service short message and receive terminal-related data sent by a client;
the verification processing unit 120 may be configured to generate a terminal check indicator in a second encryption manner based on the received terminal related data; and the verification module is also used for judging whether the terminal check mark is matched with a preset check mark in the terminal associated data or not and determining a verification result of the service short message corresponding to the terminal associated data according to the judgment result.
Of course, referring to the foregoing description, the first encryption manner and the second encryption manner may be set as follows:
generating a first source check character string by adopting a preset encryption algorithm based on preset associated data; taking the character in the designated position of the first source check character string as a preset check symbol according to a preset value-taking mode;
generating a second source check character string by adopting a preset encryption algorithm based on the terminal associated data; and taking the character in the designated position of the second source check character string as a terminal check character according to a preset value-taking mode.
Further, in another embodiment, the preset encryption algorithm may be further configured to set a preset value-taking mode of characters in at least two source check symbols according to the identification code; and when the identification code of the target object is acquired, selecting a corresponding preset value-taking mode according to the identification code to generate a preset check symbol/terminal check symbol.
The preset associated data and the terminal associated data can also be set by users. In an embodiment, the server obtains the preset associated data, where the preset associated data may include the content of the initial short message and an identification code of a target object; the terminal associated data may include the service short message and an identification code of a target object receiving the service short message. Certainly, in other embodiments, a key may also be added to implement dynamic update of the key, and further enhance the short message verification.
For each embodiment of the short message verification apparatus for the server side, possible implementation manners of the target object, and other implementation manners of the reference apparatus and method for returning the verification result to the corresponding client, reference may be specifically made to relevant descriptions of other embodiments of the present application, which are not described herein again.
By utilizing the short message verification server provided by the embodiment of the application, the preset check symbol can be added in the service short message sent to the user, and the user can send the terminal associated data of the short message content to the verification server to verify the authenticity of the service short message after receiving the service short message, so that the pseudo base station attack is prevented, the safety of the short message information is improved, and the property safety of the user is guaranteed.
The application also provides a short message verification device which can be used for the client side corresponding to the client side, wherein the device can comprise a short message communication module. In one embodiment, the short message communication module can be configured to,
the short message service system can be used for receiving a service short message of a service server, wherein the service short message is generated by adding a preset check symbol in the initial short message content to be issued to a target object by the service server; and the method can also be used for sending the terminal associated data of the target object corresponding to the service short message to the verification server.
The short message verification device can be used for a client, such as a payment application of a certain enterprise in the client. When the client installed with the payment application receives the service short message, the service short message can be sent to the verification server for verification so as to identify whether the service short message is from the real service server. Therefore, the present application further provides a client, including a communication module, in an embodiment, the communication module is configured to be used for receiving a service short message of a service server, where the service short message is generated by adding a preset check symbol to an initial short message content to be sent to a target object by the service server; and the terminal association data of the target object corresponding to the service short message is sent to the verification server.
The implementation modes of the short message verification method, the short message verification device, the server, the client and the like can be applied to true and false verification of the mobile phone short message. Based on the above, the application also provides a short message verification system, which can verify the authenticity of the short message, prevent the attack of a pseudo base station and provide the safety of the short message service. Fig. 10 is a schematic diagram of a short message verification system according to an implementation scenario in the present application, as shown in fig. 1, the short message verification system may include:
the service server 1 may be configured to add a preset check symbol to an initial short message content to be delivered to a target object, and generate a service short message, where the preset check symbol is generated according to a first encryption manner according to preset associated data of the target object; the method can also be used for sending the service short message;
the client 2 can be used for receiving a service short message of a target object and sending terminal associated data of the target object to a verification server;
the authentication server 3 may be configured to receive the terminal related data sent by the client, and generate a terminal check mark in a second encryption manner based on the received terminal related data; and the verification module is also used for judging whether the terminal check mark is matched with a preset check mark in the terminal associated data or not and determining a verification result of the service short message corresponding to the terminal associated data according to the judgment result.
The service server and the authentication server in the authentication system provided by the above embodiment may be logically separated servers. Of course, in another embodiment of the short message verification system provided in the present application, the service server and the verification server may be the same processing server. Fig. 11 is a schematic diagram of a structure of another implementation scenario of a short message verification system provided in the present application, as shown in fig. 11, in another embodiment of the short message verification system provided in the present application, the system may include:
the server can be used for adding a preset check symbol in the initial short message content to be issued to a target object to generate a service short message, wherein the preset check symbol is generated according to the preset associated data of the target object in a first encryption mode; the method can also be used for sending the service short message; the terminal verification device can also be used for receiving terminal associated data sent by the client and generating a terminal verification symbol according to a second encryption mode based on the received terminal associated data; the verification module can be further used for judging whether the terminal check mark is matched with a preset check mark in the terminal associated data, and determining a verification result of the service short message corresponding to the terminal associated data according to the judgment result; the system can also be used for sending the verification result to a corresponding client;
the client side can be used for receiving the service short message of the target object and sending the terminal association data of the target object to the verification server; and the method can also be used for receiving a verification result of the service short message returned by the server and executing a corresponding operation instruction according to the verification result.
If the verification result of the service short message received by the client is that the verification fails, the client application can prompt the short message warning information to the user; if the verification is passed, the service short message can be set as an official short message, or the default prompt information does not appear when the verification is passed.
By utilizing the short message verification system provided by the embodiment of the application, the preset check symbol can be added in the service short message sent to the user, and the user can send the terminal associated data of the short message content to the verification server to verify the authenticity of the service short message after receiving the service short message, so that the pseudo base station attack is prevented, the safety of the short message information is improved, and the property safety of the user using the terminal application is guaranteed.
Although the description of the information interaction method, data encryption, associated data definition, and the like, such as the information interaction between the service server/client/authentication server, the implementation of the mobile phone number as the target object, the MD5 digest algorithm, the encryption/generation method of the mobile phone number as the last 6 generation key, the preset check character, and the terminal check character, and the like, is mentioned in the present application, the present application is not limited to the case of the information communication standard, the identification encryption algorithm, the industry conventional/same data definition/setting method, or the like. Certain industry standards, or implementations modified slightly from those described using custom modes or examples, may also achieve the same, equivalent, or similar, or other, contemplated implementations of the above-described examples. Examples of data acquisition, interaction, determination, definition, etc. using these modifications or variations may still fall within the scope of alternative embodiments of the present application.
Although the present application provides method steps as described in an embodiment or flowchart, more or fewer steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or end product executes, it may execute sequentially or in parallel (e.g., parallel processors or multi-threaded environments, or even distributed data processing environments) according to the method shown in the embodiment or the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded.
The units, devices, modules, etc. set forth in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, in implementing the present application, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of a plurality of sub-modules or sub-units, and the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, or the like, and includes several instructions for enabling a computer device (which may be a personal computer, a mobile terminal, a server, or a network device) to execute the method according to the embodiments or some parts of the embodiments of the present application.
The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The application is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
While the present application has been described with examples, those of ordinary skill in the art will appreciate that there are numerous variations and permutations of the present application without departing from the spirit of the application, and it is intended that the appended claims encompass such variations and permutations without departing from the spirit of the application.