CN109587683A - Method and system, application program and the terminal information database of the anti-monitoring of short message - Google Patents

Method and system, application program and the terminal information database of the anti-monitoring of short message Download PDF

Info

Publication number
CN109587683A
CN109587683A CN201910006481.XA CN201910006481A CN109587683A CN 109587683 A CN109587683 A CN 109587683A CN 201910006481 A CN201910006481 A CN 201910006481A CN 109587683 A CN109587683 A CN 109587683A
Authority
CN
China
Prior art keywords
code
terminal
short message
plaintext
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910006481.XA
Other languages
Chinese (zh)
Other versions
CN109587683B (en
Inventor
田新雪
马书惠
肖征荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201910006481.XA priority Critical patent/CN109587683B/en
Publication of CN109587683A publication Critical patent/CN109587683A/en
Application granted granted Critical
Publication of CN109587683B publication Critical patent/CN109587683B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]

Abstract

The invention belongs to internet and the communications fields, are related to method, system, application program and the terminal information database of the anti-monitoring of short message.This method comprises: receiving plaintext relevant to accounting number users;It is random to generate encrypted code corresponding with plaintext, and plaintext is encrypted to obtain original cipher text code using encrypted code;The terminal iidentification for receiving the terminal of short message verification code is extracted, and the end message including terminal iidentification, encrypted code and original cipher text code is at least sent to terminal information database;Receive same plaintext and terminal iidentification that accounting number users input again;According to the terminal iidentification that accounting number users input, the encrypted code and original cipher text code nearest to the end message library inquiry time corresponding with terminal iidentification;And the plaintext inputted again according to accounting number users, plaintext is encrypted to obtain review ciphertext code using encrypted code;Judge whether to trust short message verification code according to original cipher text code and review ciphertext code.The safety that authentication is carried out by short message can be effectively ensured in it.

Description

Method and system, application program and the terminal information database of the anti-monitoring of short message
Technical field
The invention belongs to internet and the communications fields, and in particular to the anti-monitoring of method, short message of the anti-monitoring of short message is System, application program and terminal information database.
Background technique
As mobile phone identification policy becomes increasingly popular, more and more enterprises are using mobile phone note verification code as oneself protective screen Barrier.The enterprises such as each Web bank, big bank, online shopping mall, group buying websites, ticketing service company use short-message verification, and selection passes through mobile phone Short message carries out safety verification.Short message verification code becomes the main method of authentication now, utilizes mobile phone note verification code, user It can be logged in, the operation such as Modify password, and directly or indirectly use application associated with fund.However, current short message It is mainly transmitted by 2G network (GSM), there are serious safety defects for the unidirectional authentication that GSM is used, that is to say, that GSM is not encrypted Transmission of message.
Base station can be with the legitimacy of authentication terminal (such as mobile phone), but terminal haves no right to identify the legitimacy of base station." pseudo- base Stand " i.e. false base station, be generally made of host and laptop or mobile phone, as long as pseudo-base station can send it is similar with true base station Signal, so that it may cheat mobile phone and access in its network, to carry out illegal activity.Using the loophole, criminal passes through pseudo- base Station disguises oneself as the base station of operator, falsely uses other people terminals and sends the short messages such as swindle, ad promotions to user mobile phone by force;Even, Cell-phone number and short message verification code are obtained by pseudo-base station and sniff equipment, searches the hand taken centered on it, within the scope of certain radius Machine card information and short message carry out authentication using the short message camouflage user listened to, can bring problem very serious, such as The payment class account information etc. for stealing user, the problem of bringing hidden danger to the fund security of user.
How to guarantee the safety verified by short message, becomes a technical problem to be solved urgently.
Summary of the invention
The technical problem to be solved by the present invention is to for above-mentioned deficiency in the prior art, provide a kind of anti-monitoring of short message System, application program and the terminal information database of the anti-monitoring of method, short message, can be effectively ensured and carry out authentication by short message Safety.
The method that technical solution used by present invention problem is the anti-monitoring of the short message is solved, is connect in application program Before receiving short message verification code, further include the steps that verifying accounting number users:
Receive plaintext relevant to accounting number users;
It is random to generate encrypted code corresponding with the plaintext, and the plaintext is encrypted using the encrypted code Obtain original cipher text code;
Extract the terminal iidentification for receiving the terminal of the short message verification code, and at least will include the terminal iidentification, The end message of the encrypted code and the original cipher text code is sent to terminal information database;
Receive the same plaintext and the terminal iidentification that the accounting number users input again;
According to the terminal iidentification that the accounting number users input, Xiang Suoshu end message library inquiry and the terminal iidentification The encrypted code and the original cipher text code of corresponding time recently;
And the plaintext inputted again according to the accounting number users, the plaintext is carried out using the encrypted code Encryption obtains review ciphertext code;
It is whether consistent according to the original cipher text code and the review ciphertext code, judge whether to trust the short-message verification Code.
Preferably, the plaintext is inputted by the accounting number users;
Alternatively, the plaintext is randomly generated by the application program that the accounting number users log according to pre-defined rule, and The plaintext is back to the accounting number users.
Preferably, the information for being sent to the terminal information database further includes the application program for needing to log in Title, version number, developer information.
Preferably, the plaintext is random character, accounting number users ID card No., accounting number users name, accounting number users Any in a certain position in TOP10 contact person frequently made a phone call recently.
A kind of method of the anti-monitoring of short message further includes to account before application program receives the short message verification code The step of user verifies:
Receive and save terminal iidentification, encrypted code and ciphertext code;
According to inquiry request, Xiang Suoshu application program returns to time corresponding with the terminal iidentification nearest encryption Code and the original cipher text code.
It preferably, further include that terminal is recognized in terminal information database before being verified to accounting number users The step of card and registration, comprising:
Operator's customer service password to the terminal that the accounting number users send the terminal by way of mobile switch net is believed Database is ceased, the mode of the mobile switch net is including sending character message, voice SMS or dialing voice call;
The terminal information database identifies the corresponding terminal iidentification of the terminal, and it is close to extract operator's customer service Code;
The terminal information database according to the terminal iidentification, inquire in the customer service system of operator with the terminal mark Know corresponding operator's customer service password;
According to the whether consistent of operator's customer service password, judge whether the terminal is hacker's operation.
Preferably, according to the whether consistent of operator's customer service password, judge whether the terminal is hacker's operation The step of, comprising:
If operator's customer service password is consistent, then it is assumed that be the business authentication and registration that the accounting number users carry out;
If operator's customer service password is consistent, then it is assumed that be business authentication that hacker pretends to be the accounting number users to carry out and Registration.
Preferably, the information for being sent to the terminal information database further includes the application program for needing to log in Title, version number, developer information.
A kind of application program comprising the verifying mould group for being verified to accounting number users, the verifying mould group include Interface module, encrypting module, transmission module, review module and judgment module, in which:
The interface module, for receiving plaintext relevant to accounting number users;And to receive the accounting number users defeated again The same plaintext entered and the terminal iidentification;
The encrypting module, for generating encrypted code corresponding with the plaintext at random, and using the encrypted code to institute Text is stated clearly to be encrypted to obtain original cipher text code;
The transmission module for extracting the terminal iidentification for receiving the terminal of the short message verification code, and at least will End message including the terminal iidentification, the encrypted code and the original cipher text code is sent to the end message data Library;And the terminal iidentification for being also used to be inputted according to the accounting number users, Xiang Suoshu end message library inquiry and the end End identifies the nearest encrypted code and the original cipher text code of corresponding time;
The plaintext is used institute by the review module, the plaintext for being inputted again according to the accounting number users Encrypted code is stated to be encrypted to obtain review ciphertext code;
The judgment module, for according to the original cipher text code and the review ciphertext code it is whether consistent, judge whether Trust the short message verification code.
A kind of terminal information database comprising memory module, enquiry module, in which:
The memory module, for receiving and saving terminal iidentification, encrypted code and ciphertext code;
The enquiry module, for according to inquiry request, Xiang Suoshu application program to return corresponding with the terminal iidentification The encrypted code and the original cipher text code of time recently.
A kind of system of the anti-monitoring of short message comprising above-mentioned application program and above-mentioned terminal information database.
The beneficial effects of the present invention are:
System, application program and the end message data of the anti-monitoring of method, short message of the anti-monitoring of short message provided by the invention Library can effectively take precautions against the harm of pseudo-base station bring, thoroughly solve to receive a large amount of refuse messages after existing mobile phone is connected into pseudo-base station Or the transmission information of mobile phone is stolen by pseudo-base station, especially can solve pseudo-base station at present and can monitor short message identity is tested The failure of card property, bringing problem very serious for example to steal payment class account information of the inside etc. leads to the fund security band of user The problem of carrying out hidden danger avoids user from being connected to the harm of pseudo-base station bring, ensures the normal use and safety of user account.
Detailed description of the invention
Fig. 1 is the flow chart of the method for the anti-monitoring of short message in the embodiment of the present invention 1;
Fig. 2 is the structural block diagram of authentication module in application program in the embodiment of the present invention 1;
Fig. 3 is the flow chart of the method for the anti-monitoring of short message in the embodiment of the present invention 2;
Fig. 4 is the structural block diagram of terminal information database in the embodiment of the present invention 2;
Fig. 5 is the structural block diagram of the system of the anti-monitoring of short message in the embodiment of the present invention 3;
Fig. 6 is the flow chart of the method for the anti-monitoring of short message in the embodiment of the present invention 3;
In attached drawing mark:
1- verifies mould group;11- interface module;12- encrypting module;13- transmission module;14- review module;15- judges mould Block;
2- terminal information database;21- memory module;22- enquiry module.
Specific embodiment
Technical solution in order to enable those skilled in the art to better understand the present invention, with reference to the accompanying drawing and specific embodiment party Formula makees the system, application program and terminal information database of the anti-monitoring of method, short message of the anti-monitoring of short message of the present invention further Detailed description.
Currently, being tested by the main identity that short message verification code is the network activities such as modification login password, modification payment cipher Card mode, namely accounting number users identity can be confirmed as currently the only authentication factor by short message verification code. Technical concept of the invention is: based on current authentication status, to the accounting number users body before short message verification code input Part is verified, i.e., by increasing some implement for account owner in other words terminal owner very simply, still The factor being difficultly also difficult to carry out very much for attacker, so that it is successfully general to reduce the attacker monitored by short message Rate.
System, application program and the end message data of the anti-monitoring of method, short message of the anti-monitoring of short message provided by the invention Library can effectively solve after existing terminal (such as mobile phone) is connected into pseudo-base station and receive a large amount of refuse messages or transmission information by pseudo- Base station is stolen, and short message is monitored by pseudo-base station so that the problem of authentication is failed, avoids user from being connected to pseudo- base what is more It stands, so that effectively prevention pseudo-base station bring harm, ensures the normal use and safety of user account.
Embodiment 1:
The present embodiment provides a kind of method of the anti-monitoring of short message and its corresponding application programs, can effectively realize application program Accounting number users authentication before receiving short message verification code, ensures the safety of user account.
As shown in Figure 1, the method for the anti-monitoring of the short message is before application program receives short message verification code, it further include to account The step of user verifies:
Step S11): receive plaintext relevant to accounting number users.
In this step, there are two types of acquisition patterns in plain text, first is that, it is inputted in plain text by accounting number users, that is, user is manual It is input in application program.Second is that being randomly generated in plain text by the application program that accounting number users log according to pre-defined rule, and will be bright Text is back to accounting number users.That is it is manually entered in plain text without user, using journey after user's instruction carries out verifying identity Sequence, which automatically generates random plaintext and is sent to interface, informs user, this is to generate under both sides' treaty rule in plain text.Certainly, in plain text The TOP10 that can frequently make a phone call recently for random character, accounting number users ID card No., accounting number users name, accounting number users Any in a certain position in contact person.
Step S12): it is random to generate encrypted code corresponding with plaintext, and plaintext encryption encrypt using encrypted code To original cipher text code.
In this step, encrypted code can be existing various Encryption Algorithm, here without limitation, in identity of user Qualify Phase remains unchanged.
Step S13): the terminal iidentification for receiving the terminal of short message verification code is extracted, and at least will include terminal iidentification, encryption The end message of code and original cipher text code is sent to terminal information database.
In this step, it is preferred that the information for being sent to terminal information database further includes the application journey for needing to log in The title of sequence, version number, developer application information, in order to can preferably distinguish establish application program-encrypted code and The correspondence of ciphertext code.
Step S14): receive same plaintext and terminal iidentification that accounting number users input again.
In this step, accounting number users need to be manually entered the plaintext or application program that it is inputted in step S11) It is generated and returned to the plaintext of accounting number users.
Step S15): the terminal iidentification inputted according to accounting number users, it is corresponding with terminal iidentification to end message library inquiry Time nearest encrypted code and original cipher text code.
In this step, encrypted code and original cipher text code are exchanged between application program and end message library by network.
Step S16): plaintext is encrypted using encrypted code and is checked by the plaintext inputted again according to accounting number users Ciphertext code.
In this step, the simple plaintext being manually entered in step S14) according to account of application program, using in step Rapid S12) used in encrypted code encrypted to obtain review ciphertext code.
Step S17): it is whether consistent according to original cipher text code and review ciphertext code, judge whether to trust short message verification code.
In this step, whether original cipher text code and review ciphertext code are consistent, determine application program to subsequently through 2G's The degree of belief of the short message verification code of GSM network transmission.
By the above method, application program can all generate one before logging in each time by short message verification code and add at random Password is twice to being encrypted in plain text and checked, since form is (no by way of mobile switch net for the accidental enciphering code It is same as the channel GSM), in this way to the verifying of accounting number users before short message verification code, one of solid safety has also been erect in advance Defence line avoids testing using monitored short message to guarantee receptible short message verification code to the authenticity of application program verification Card code leads to account safety hidden danger.
Correspondingly, as shown in Fig. 2, the present embodiment also provides a kind of application program comprising for being carried out to accounting number users The verifying mould group of verifying, verifying mould group 1 include interface module 11, encrypting module 12, transmission module 13, review module 14 and judgement Module 15, in which:
Interface module 11, for receiving plaintext relevant to accounting number users;And receive accounting number users input again it is same One plaintext and terminal iidentification;
Encrypting module 12 carries out plaintext encryption for generating encrypted code corresponding with plaintext at random, and using encrypted code Encryption obtains original cipher text code;
Transmission module 13 for extracting the terminal iidentification of terminal, and at least will include terminal iidentification, encrypted code and original close The end message of literary code is sent to terminal information database;And the terminal iidentification for being also used to be inputted according to accounting number users, to end Client information library inquiry time corresponding with terminal iidentification nearest encrypted code and original cipher text code;
Plaintext encrypt using encrypted code by review module 14, the plaintext for being inputted again according to accounting number users To review ciphertext code;
Judgment module 15, for according to original cipher text code and review ciphertext code it is whether consistent, judge whether trust short message test Demonstrate,prove code.
On the basis of the above random plaintext, some other factors can also be increased, for example, the application journey as authentication Sequence is further added by accounting number users identification card number except allowing the side of being verified to provide terminal and in the set time in addition to corresponding short message verification code The a certain position in TOP10 contact person that code, accounting number users name or accounting number users are frequently made a phone call recently;As authentication Application program can be by confirming the correctness of these information with telecom operators.These information for the side of being verified very It is easy to provide, but for attacker, in addition to it can monitor short message verification code, other information are attacked as pseudo-base station It is difficult to obtain for person, to guarantee the safety verified by short message.
In addition, step S14 in the above method)-step S16) it obtains from the original cipher text code in end message library and itself The sequence for the review ciphertext code being calculated again without limitation, as long as original cipher text code can be obtained and review and carries out at ciphertext code Comparison of coherence.
It should be understood that the functional component that verifying mould group can be used as application program is integrated in the application, It can be stored on a memory with code form;It can also be used as an independent small routine independent operating, in application program The small routine is associated with when having short-message verification demand calls realization to verify accounting number users;Alternatively, calling directly little Cheng Sequence and the message synchronization for guaranteeing application program Yu the small routine directly receive the verification result returned after the completion of to be verified, here Without limitation.
The method and application program of the anti-monitoring of this method short message, are suitably mounted to the APP of mobile terminal (such as mobile phone), It is also applied for the Web page application program of the network-sides such as computer, notebook, here also without limitation.
The method and its corresponding application program of the anti-monitoring of the short message, the safety of energy effective guarantee verifying accounting number users.
Embodiment 2:
The present embodiment provides a kind of method of the anti-monitoring of short message and its corresponding terminal information databases, can effectively cooperate reality Existing accounting number users authentication of the application program before receiving short message verification code, ensures the safety of user account.
As shown in figure 3, the method for the anti-monitoring of the short message is before application program receives short message verification code, it further include to account The step of user verifies:
Step S21): receive and save terminal iidentification, encrypted code and ciphertext code.
In this step, the information for being sent to terminal information database further includes the application name for needing to log in, version This number, the application information of developer, in order to can preferably distinguish pair for establishing application program-encrypted code and ciphertext code It answers.
Step S22): according to inquiry request, time corresponding with terminal iidentification nearest encrypted code is returned to application program With original cipher text code.
In this step, terminal information database returns to time corresponding with terminal iidentification nearest encryption to application program Code and original cipher text code.
Preferably, further include step S20 before being verified to terminal using user): terminal is in end message number According to the step of being authenticated and registered in library, comprising:
Accounting number users send operator's customer service password of terminal to terminal information database by way of mobile switch net, The mode of mobile switch net is including sending character message, voice SMS or dialing voice call;
Terminal information database identifies and extracts the corresponding terminal iidentification of terminal and operator's customer service password;
Terminal information database inquires operation corresponding with terminal iidentification in the customer service system of operator according to terminal iidentification Quotient's customer service password;
According to the whether correct of operator's customer service password, judge whether terminal is hacker's operation.Wherein, according to operator visitor The whether correct of password is taken, the step of whether terminal is hacker's operation judged, comprising:
If operator's customer service password is correct, then it is assumed that be the business authentication and registration that accounting number users carry out;
If operator's customer service password mistake, then it is assumed that be the business authentication and registration that hacker pretends to be accounting number users to carry out.
Correspondingly, as shown in figure 4, the present embodiment also provides a kind of terminal information database 2 comprising memory module 21, Enquiry module 22, in which:
Memory module 21, for receiving and saving terminal iidentification, encrypted code and ciphertext code;
Enquiry module 22 returns to the time corresponding with terminal iidentification recently to application program for according to inquiry request Encrypted code and original cipher text code.
The method of the anti-monitoring of the short message and its corresponding terminal information database provide to verify the safety of accounting number users Data supporting.
Embodiment 3:
The present embodiment provides a kind of systems of the anti-monitoring of short message, the end of application program and embodiment 2 based on embodiment 1 Client information database, the comprehensive method for realizing the anti-monitoring of short message, to realize account of the application program before receiving short message verification code Number subscriber authentication, ensures the safety of user account.
When terminal selection as the side of being verified is verified, for example, it is when need to log in an application program or clear When Lan Qi portal website, before selecting to be verified by transmission short message verification code, the true of reconciliation user is first carried out The verifying of real identity.As shown in figure 5, the system of the anti-monitoring of the short message includes authentication module 1 and end message in application program Database 2.It is anti-to short message below with reference to the method and corresponding structure of the anti-monitoring of short message that embodiment 1, embodiment 2 provide The process of monitoring is described in detail, and flow chart please refers to Fig. 6.
Embodiment one:
Step S31): terminal is authenticated and is registered in terminal information database.
In this step, the concrete mode for authenticating and registering in terminal information database are as follows: the accounting number users pass through shifting Request certification that the mode of dynamic switching network sends operator's customer service password including terminal and registration message are to end message data Library, such as send character message, voice SMS or dial voice call.Terminal information database receives request certification and steps on After remembering message, the corresponding terminal iidentification of terminal therein and operator's customer service password are identified and extract, and according to terminal mark The customer service system in the support system on inquiry operator backstage is known, if operator's customer service password is correct, then it is assumed that be the account The certification and registration of the business of user oneself application, rather than the certification and registration that hacker pretends to be accounting number users to carry out;If fortune Seek quotient's customer service password mistake, then it is assumed that be the business authentication and registration that hacker pretends to be accounting number users to carry out.
Step S32): application program receives plaintext relevant to accounting number users.
In this step, accounting number users oneself one plaintext of stochastic inputs, such as " ABCDEFG " in the application.
Step S33): application program generate at random with corresponding encrypted code in plain text, and using encrypted code to encrypt in plain text into Row encryption obtains original cipher text code.
In this step, application program generates a random encrypted code KEY1, then to the plaintext " ABCDEFG " first It is secondary to be encrypted using encrypted code KEY1, obtain original cipher text code, such as " 1234567 ".
Step S34): application program extracts the terminal iidentification of terminal, and at least will include terminal iidentification, encrypted code and original The end message of ciphertext code is sent to terminal information database;Correspondingly, terminal information database receive and save terminal iidentification, Encrypted code and ciphertext code.
In this step, encrypted code KEY1 and ciphertext code " 1234567 " are sent to as the application program of authentication Terminal information database carries out storage record.
Step S35): application program receives the same plaintext and terminal iidentification that accounting number users input again.
In this step, as the side of being verified accounting number users by oneself plaintext " ABCDEFG " and terminal iidentification (such as Phone number) it is sent to application program as authentication again.
Step S36): the terminal iidentification that application program is inputted according to accounting number users, to end message library inquiry and terminal mark Know nearest encrypted code and original cipher text code of corresponding time;Correspondingly, terminal information database is according to inquiry request, Xiang Yingyong Program returns to time corresponding with terminal iidentification nearest encrypted code and original cipher text code.
In this step, the end is inquired to terminal information database according to the terminal iidentification as the application program of authentication Hold corresponding encrypted code and ciphertext code.After terminal information database receives the inquiry request, by the encrypted code of oneself storage inside KEY1 and ciphertext code " 1234567 " are sent to the application program.
Step S37): the plaintext that application program inputs again according to accounting number users encrypts plaintext using encrypted code Obtain review ciphertext code.
In this step, application program uses " ABCDEFG " and encrypted code in plain text according to the algorithm made an appointment, second KEY1 is calculated, and ciphertext code " 1234567 " are obtained.
Step S38): whether application program is consistent according to original cipher text code and review ciphertext code, judges whether to trust short message Identifying code.
It in this step, is " 1234567 " if original cipher text code is consistent with review ciphertext code, then the verifying of ciphertext code is logical It crosses, that is to say, that the accounting number users are the holder of the true terminal, and application program receives and trusts subsequent short message verification code; If original cipher text code is consistent with review ciphertext code, application program distrusts subsequent short message verification code.
As the application program of authentication, in the short-message verification for receiving GSM network transmission of the accounting number users input by 2G Before code, plaintext encrypted authentication ciphertext code is passed twice through, only the ciphertext code, which is verified, just confirms that the accounting number users are true The terminal holder, then carry out the verifying of traditional short message verification code again.
Embodiment two:
Step S31): terminal is authenticated and is registered in terminal information database.
In this step, the concrete mode for authenticating and registering in terminal information database are as follows: the accounting number users pass through shifting Request certification that the mode of dynamic switching network sends operator's customer service password including terminal and registration message are to end message data Library, such as send character message, voice SMS or dial voice call.Terminal information database receives request certification and steps on After remembering message, the corresponding terminal iidentification of terminal therein and operator's customer service password are identified and extract, and according to terminal mark The customer service system in the support system on inquiry operator backstage is known, if operator's customer service password is correct, then it is assumed that be the account The certification and registration of the business of user oneself application, rather than the certification and registration that hacker pretends to be accounting number users to carry out;If fortune Seek quotient's customer service password mistake, then it is assumed that be the business authentication and registration that hacker pretends to be accounting number users to carry out.
Step S32): application program receives plaintext relevant to accounting number users.
In this step, the accounting number users of the terminal send checking request to the application program first, which receives It to after the checking request, generates one section of random plaintext such as " ABCDEFG ", and is sent to the terminal interface and informs that account is used Family.As long as the plaintext of plaintext both sides agreement here, in present embodiment by application program automatically generate without The plaintext of terminal inputs, and directly active transmission is to the terminal interface.
Step S33): application program generate at random with corresponding encrypted code in plain text, and using encrypted code to encrypt in plain text into Row encryption obtains original cipher text code.
In this step, application program generates a random encrypted code KEY1, and then to this, " ABCDEFG " is used in plain text Encrypted code KEY1 is encrypted, and ciphertext code " 1234567 " are obtained.
Step S34): application program extracts the terminal iidentification of terminal, and at least will include terminal iidentification, encrypted code and original The end message of ciphertext code is sent to terminal information database;Correspondingly, terminal information database receive and save terminal iidentification, Encrypted code and ciphertext code.
In this step, it sends encrypted code KEY1 and ciphertext code " 1234567 " to as the application program of authentication Storage record is carried out in terminal information database.It can also be with to avoid encrypted code and ciphertext code from being abused, in the message of transmission Include the relevant informations such as the corresponding application name to need to log in, version number, developer.
Step S35): the terminal iidentification that application program is inputted according to accounting number users, to end message library inquiry and terminal mark Know nearest encrypted code and original cipher text code of corresponding time;Correspondingly, terminal information database is according to inquiry request, Xiang Yingyong Program returns to time corresponding with terminal iidentification nearest encrypted code and original cipher text code.
In this step, as the application program of authentication according to the terminal iidentification and including Apply Names, version number, open The relevant information for sending out quotient etc., inquires the terminal and the corresponding encrypted code of application program and ciphertext code to terminal information database.Eventually After client information database receives the inquiry request, by the nearest ciphertext code corresponding with the terminal iidentification of oneself storage inside " 1234567 " are sent to the application program.
Step S36): application program receives the same plaintext and terminal iidentification that accounting number users input again.
In this step, the plaintext " ABCDEFG " and terminal mark received oneself as the accounting number users for the side of being verified Know (such as phone number) and is sent to the application program as authentication again.
Step S37): the plaintext that application program inputs again according to accounting number users encrypts plaintext using encrypted code Obtain review ciphertext code.
In this step, application program is according to the algorithm made an appointment, using " ABCDEFG " in plain text and encrypted code KEY1 into Second of calculating of row, obtains ciphertext code " 1234567 ".
Step S38): whether application program is consistent according to original cipher text code and review ciphertext code, judges whether to trust short message Identifying code.
It in this step, is " 1234567 " if original cipher text code is consistent with review ciphertext code, then the verifying of ciphertext code is logical It crosses, that is to say, that the accounting number users are the holder of the true terminal, and application program receives and trusts subsequent short message verification code; If original cipher text code is consistent with review ciphertext code, application program distrusts subsequent short message verification code.
As the application program of authentication, in the short-message verification for receiving GSM network transmission of the accounting number users input by 2G Before code, plaintext encrypted authentication ciphertext code is passed twice through, only the ciphertext code, which is verified, just confirms that the accounting number users are true The terminal holder, then carry out the verifying of traditional short message verification code again.
Embodiment three:
Step S31): terminal is authenticated and is registered in terminal information database.
In this step, the concrete mode for authenticating and registering in terminal information database are as follows: the accounting number users pass through shifting Request certification that the mode of dynamic switching network sends operator's customer service password including terminal and registration message are to end message data Library, such as send character message, voice SMS or dial voice call.Terminal information database receives request certification and steps on After remembering message, the corresponding terminal iidentification of terminal therein and operator's customer service password are identified and extract, and according to terminal mark The customer service system in the support system on inquiry operator backstage is known, if operator's customer service password is correct, then it is assumed that be the account The certification and registration of the business of user oneself application, rather than the certification and registration that hacker pretends to be accounting number users to carry out;If fortune Seek quotient's customer service password mistake, then it is assumed that be the business authentication and registration that hacker pretends to be accounting number users to carry out.
Step S32): application program receives plaintext relevant to accounting number users.
In this step, the accounting number users of the terminal send a plaintext challenge to the application program first, this applies journey It after sequence receives the request, generates one section of random plaintext such as " ABCDEFG ", and is sent to the terminal interface and informs that account is used Family.As long as the plaintext of plaintext both sides agreement here, can also be automatically generated by application program without terminal Apply in plain text, direct active transmission to the terminal.
Step S33): application program generate at random with corresponding encrypted code in plain text, and using encrypted code to encrypt in plain text into Row encryption obtains original cipher text code.
In this step, after application program receives the plaintext " ABCDEFG ", the identification verification function in terminal is called, is tested It demonstrate,proves module and generates a random encrypted code KEY1, the plaintext " ABCDEFG " is encrypted using encrypted code KEY1 then, is obtained To ciphertext code " 1234567 ".
Step S34): application program extracts the terminal iidentification of terminal, and at least will include terminal iidentification, encrypted code and original The end message of ciphertext code is sent to terminal information database;Correspondingly, terminal information database receive and save terminal iidentification, Encrypted code and ciphertext code.
In this step, as the application call terminal identity authentication function of authentication, authentication module is by the encryption Code KEY1 and ciphertext code " 1234567 " are sent in terminal information database and carry out storage record.To avoid encrypted code and close Literary code is abused, and also may include the corresponding application name to need to log in, version number, developer in the message of transmission Etc. relevant informations.
Step S35): the terminal iidentification that application program is inputted according to accounting number users, to end message library inquiry and terminal mark Know nearest encrypted code and original cipher text code of corresponding time;Correspondingly, terminal information database is according to inquiry request, Xiang Yingyong Program returns to time corresponding with terminal iidentification nearest encrypted code and original cipher text code.
In this step, as the application call terminal identity authentication function of authentication, according to the terminal and including The relevant information of Apply Names, version number, developer etc. inquire the terminal to terminal information database and application program are corresponding Encrypted code and ciphertext code.After terminal information database receives the inquiry request, by the ciphertext code " 1234567 " of oneself storage inside It is sent to authentication module.
Step S36): application program receives the same plaintext and terminal iidentification that accounting number users input again.
In this step, as the side of being verified accounting number users by oneself plaintext " ABCDEFG " and terminal iidentification (such as Phone number) it is sent to application program as authentication again.
Step S37): the plaintext that application program inputs again according to accounting number users encrypts plaintext using encrypted code Obtain review ciphertext code.
In this step, application program is according to the algorithm made an appointment, using " ABCDEFG " in plain text and encrypted code KEY1 into Second of calculating of row, obtains ciphertext code " 1234567 "
Step S38): whether application program is consistent according to original cipher text code and review ciphertext code, judges whether to trust short message Identifying code.
In this step, as the application call terminal identity authentication function of authentication, authentication module judges original Whether ciphertext code and review ciphertext code are consistent, are " 1234567 " if original cipher text code is consistent with review ciphertext code, then ciphertext Code is verified, that is to say, that the accounting number users are the holder of the true terminal, receive and trust subsequent short message verification code; If original cipher text code is consistent with review ciphertext code, subsequent short message verification code is distrusted.Verification result returns to application program, and certainly Determine level of application and situation is received to short message verification code.
As the application program of authentication, in the short-message verification for receiving GSM network transmission of the accounting number users input by 2G Before code, plaintext encrypted authentication ciphertext code is passed twice through, only the ciphertext code, which is verified, just confirms that the accounting number users are true The terminal holder, then carry out the verifying of traditional short message verification code again.
System, application program and the end message data of the anti-monitoring of method, short message of the anti-monitoring of short message provided by the invention Library can effectively take precautions against the harm of pseudo-base station bring, thoroughly solve to receive a large amount of refuse messages after existing mobile phone is connected into pseudo-base station Or the transmission information of mobile phone is stolen by pseudo-base station, especially can solve pseudo-base station at present and can monitor short message identity is tested The failure of card property, bringing problem very serious for example to steal payment class account information of the inside etc. leads to the fund security band of user The problem of carrying out hidden danger avoids user from being connected to the harm of pseudo-base station bring, ensures the normal use and safety of user account.
It is understood that embodiment of above is only principle to illustrate the invention and the exemplary embodiment party that uses Formula, however the present invention is not limited thereto.For those skilled in the art, spirit of the invention is not being departed from In the case where essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.

Claims (11)

1. a kind of method of the anti-monitoring of short message, which is characterized in that further include reconciliation before application program receives short message verification code The step of number user verifies:
Receive plaintext relevant to accounting number users;
It is random to generate encrypted code corresponding with the plaintext, and the plaintext is encrypted to obtain using the encrypted code Original cipher text code;
The terminal iidentification for receiving the terminal of the short message verification code is extracted, and at least will include the terminal iidentification, the encryption The end message of code and the original cipher text code is sent to terminal information database;
Receive the same plaintext and the terminal iidentification that the accounting number users input again;
According to the terminal iidentification that the accounting number users input, Xiang Suoshu end message library inquiry is corresponding with the terminal iidentification The time nearest encrypted code and the original cipher text code;
And the plaintext inputted again according to the accounting number users, the plaintext is encrypted using the encrypted code Obtain review ciphertext code;
It is whether consistent according to the original cipher text code and the review ciphertext code, judge whether to trust the short message verification code.
2. the method for the anti-monitoring of short message according to claim 1, which is characterized in that the plaintext is defeated by the accounting number users Enter;
Alternatively, the plaintext is randomly generated by the application program that the accounting number users log according to pre-defined rule, and by institute It states text clearly and is back to the accounting number users.
3. the method for the anti-monitoring of short message according to claim 1, which is characterized in that be sent to the terminal information database Information further include the title of the application program for needing to log in, version number, developer information.
4. the method for the anti-monitoring of short message according to claim 1-3, which is characterized in that the plaintext is random words Certain in the TOP10 contact person that symbol, accounting number users ID card No., accounting number users name, accounting number users are frequently made a phone call recently Any in one.
5. a kind of method of the anti-monitoring of short message, which is characterized in that further include reconciliation before application program receives short message verification code The step of number user verifies:
Receive and save terminal iidentification, encrypted code and ciphertext code;
According to inquiry request, Xiang Suoshu application program return corresponding with terminal iidentification time nearest encrypted code and The original cipher text code.
6. the method for the anti-monitoring of short message according to claim 5, which is characterized in that carrying out verifying it to accounting number users Before, further include the steps that terminal is authenticated and registered in terminal information database, comprising:
The accounting number users send operator's customer service password of terminal to terminal information database by way of mobile switch net, The mode of the mobile switch net is including sending character message, voice SMS or dialing voice call;
The terminal information database identifies the corresponding terminal iidentification of the terminal, and extracts operator's customer service password;
The terminal information database according to the terminal iidentification, inquire in the customer service system of operator with the terminal iidentification pair The operator's customer service password answered;
According to the whether consistent of operator's customer service password, judge whether the terminal is hacker's operation.
7. the method for the anti-monitoring of short message according to claim 6, which is characterized in that according to operator's customer service password It is whether consistent, the step of whether terminal is hacker's operation judged, comprising:
If operator's customer service password is consistent, then it is assumed that be the business authentication and registration that the accounting number users carry out;
If operator's customer service password is consistent, then it is assumed that be the business authentication and step on that hacker pretends to be the accounting number users to carry out Note.
8. the method for the anti-monitoring of short message according to claim 5, which is characterized in that be sent to the terminal information database Information further include the title of the application program for needing to log in, version number, developer information.
9. a kind of application program, which is characterized in that including the verifying mould group for being verified to accounting number users, the verifying mould Group includes interface module, encrypting module, transmission module, review module and judgment module, in which:
The interface module, for receiving plaintext relevant to accounting number users;And receive what the accounting number users inputted again The same plaintext and the terminal iidentification;
The encrypting module, for generating corresponding with plaintext encrypted code at random, and using the encrypted code to being stated clearly Text is encrypted to obtain original cipher text code;
The transmission module for extracting the terminal iidentification for receiving the terminal of the short message verification code, and at least will include described The end message of terminal iidentification, the encrypted code and the original cipher text code is sent to the terminal information database;And also The terminal iidentification for being inputted according to the accounting number users, Xiang Suoshu end message library inquiry are corresponding with the terminal iidentification The time nearest encrypted code and the original cipher text code;
The review module, the plaintext for being inputted again according to the accounting number users add the plaintext using described Password is encrypted to obtain review ciphertext code;
The judgment module, for according to the original cipher text code and the review ciphertext code it is whether consistent, judge whether to trust The short message verification code.
10. a kind of terminal information database, which is characterized in that including memory module, enquiry module, in which:
The memory module, for receiving and saving terminal iidentification, encrypted code and ciphertext code;
The enquiry module, for according to inquiry request, Xiang Suoshu application program to return to the time corresponding with the terminal iidentification The nearest encrypted code and the original cipher text code.
11. a kind of system of the anti-monitoring of short message, which is characterized in that including application program and claim 10 described in claim 9 The terminal information database.
CN201910006481.XA 2019-01-04 2019-01-04 Method and system for preventing short message from being monitored, application program and terminal information database Active CN109587683B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910006481.XA CN109587683B (en) 2019-01-04 2019-01-04 Method and system for preventing short message from being monitored, application program and terminal information database

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910006481.XA CN109587683B (en) 2019-01-04 2019-01-04 Method and system for preventing short message from being monitored, application program and terminal information database

Publications (2)

Publication Number Publication Date
CN109587683A true CN109587683A (en) 2019-04-05
CN109587683B CN109587683B (en) 2022-04-26

Family

ID=65915983

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910006481.XA Active CN109587683B (en) 2019-01-04 2019-01-04 Method and system for preventing short message from being monitored, application program and terminal information database

Country Status (1)

Country Link
CN (1) CN109587683B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109982274A (en) * 2019-04-08 2019-07-05 上海载德信息科技有限公司 A kind of information acquisition method, device, server and storage medium
CN111770083A (en) * 2020-06-28 2020-10-13 中国联合网络通信集团有限公司 Method and device for sending short message verification code
CN111885517A (en) * 2020-07-20 2020-11-03 中国联合网络通信集团有限公司 Short message verification code sniffing prevention method and device

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103458407A (en) * 2013-07-29 2013-12-18 北京盛世光明软件股份有限公司 Internet account number login management system and method based on short message
CN106330862A (en) * 2016-08-10 2017-01-11 武汉信安珞珈科技有限公司 Secure transmission method and system for dynamic password
CN106559419A (en) * 2016-10-28 2017-04-05 北京奇虎科技有限公司 The application and identification method and identification terminal of short message verification code
US20170279776A1 (en) * 2016-03-23 2017-09-28 Getac Technology Corporation Encrypting method and decrypting method of security short message and receiving apparatus for receiving security short message
CN107615294A (en) * 2016-03-04 2018-01-19 华为技术有限公司 A kind of identifying code short message display method and mobile terminal
CN107666469A (en) * 2016-07-29 2018-02-06 华为终端(东莞)有限公司 The processing method and terminal of identifying code short message
CN107733838A (en) * 2016-08-11 2018-02-23 中国移动通信集团安徽有限公司 A kind of mobile terminal client terminal identity identifying method, device and system
CN108600234A (en) * 2018-04-27 2018-09-28 中国农业银行股份有限公司 A kind of auth method, device and mobile terminal
CN108599944A (en) * 2018-05-04 2018-09-28 贵州大学 A kind of identifying code short message transparent encryption method based on handset identities
CN108667791A (en) * 2017-12-18 2018-10-16 中国石油天然气股份有限公司 Auth method
CN108990059A (en) * 2017-06-02 2018-12-11 阿里巴巴集团控股有限公司 A kind of verification method and device

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103458407A (en) * 2013-07-29 2013-12-18 北京盛世光明软件股份有限公司 Internet account number login management system and method based on short message
CN107615294A (en) * 2016-03-04 2018-01-19 华为技术有限公司 A kind of identifying code short message display method and mobile terminal
US20170279776A1 (en) * 2016-03-23 2017-09-28 Getac Technology Corporation Encrypting method and decrypting method of security short message and receiving apparatus for receiving security short message
CN107666469A (en) * 2016-07-29 2018-02-06 华为终端(东莞)有限公司 The processing method and terminal of identifying code short message
CN106330862A (en) * 2016-08-10 2017-01-11 武汉信安珞珈科技有限公司 Secure transmission method and system for dynamic password
CN107733838A (en) * 2016-08-11 2018-02-23 中国移动通信集团安徽有限公司 A kind of mobile terminal client terminal identity identifying method, device and system
CN106559419A (en) * 2016-10-28 2017-04-05 北京奇虎科技有限公司 The application and identification method and identification terminal of short message verification code
CN108990059A (en) * 2017-06-02 2018-12-11 阿里巴巴集团控股有限公司 A kind of verification method and device
CN108667791A (en) * 2017-12-18 2018-10-16 中国石油天然气股份有限公司 Auth method
CN108600234A (en) * 2018-04-27 2018-09-28 中国农业银行股份有限公司 A kind of auth method, device and mobile terminal
CN108599944A (en) * 2018-05-04 2018-09-28 贵州大学 A kind of identifying code short message transparent encryption method based on handset identities

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张华: "隐式验证码的设计与实现", 《电信工程技术与标准化》 *
李赛等: "基于加密短信验证码的移动安全支付解决方案", 《计算机应用》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109982274A (en) * 2019-04-08 2019-07-05 上海载德信息科技有限公司 A kind of information acquisition method, device, server and storage medium
CN111770083A (en) * 2020-06-28 2020-10-13 中国联合网络通信集团有限公司 Method and device for sending short message verification code
CN111770083B (en) * 2020-06-28 2022-04-26 中国联合网络通信集团有限公司 Method and device for sending short message verification code
CN111885517A (en) * 2020-07-20 2020-11-03 中国联合网络通信集团有限公司 Short message verification code sniffing prevention method and device
CN111885517B (en) * 2020-07-20 2021-11-09 中国联合网络通信集团有限公司 Short message verification code sniffing prevention method and device

Also Published As

Publication number Publication date
CN109587683B (en) 2022-04-26

Similar Documents

Publication Publication Date Title
US9384479B2 (en) Mobile phone takeover protection system and method
CN106304074B (en) Auth method and system towards mobile subscriber
Lee et al. An empirical study of wireless carrier authentication for {SIM} swaps
CN108684041A (en) The system and method for login authentication
CN107113613B (en) Server, mobile terminal, network real-name authentication system and method
CN102790674A (en) Authentication method, equipment and system
US11403633B2 (en) Method for sending digital information
KR20120099782A (en) User authentication method, user authentication system, and portable communications terminal
CN105703910B (en) Dynamic token verification method based on wechat service number
CN108418812A (en) A kind of intelligent terminal security message method of servicing based on credible performing environment
CN109587683A (en) Method and system, application program and the terminal information database of the anti-monitoring of short message
US10230721B2 (en) Authentication server, authentication system and method
CN105868975A (en) Electronic finance account management method and system, and mobile terminal
US20120284787A1 (en) Personal Secured Access Devices
CN103401686A (en) User Internet identity authentication system and application method thereof
CN101854357B (en) Method and system for monitoring network authentication
KR100563544B1 (en) Method for authenticating a user with one-time password
CN106778334A (en) The guard method of account information and mobile terminal
KR101321829B1 (en) Method and system for site visitor authentication
CN115767538A (en) Information verification method, information processing method, device and equipment
CN105429986B (en) A kind of system of genuine cyber identification verifying and secret protection
CN114553573A (en) Identity authentication method and device
CN1932866B (en) Network software payment method and system thereof
Xu Security Enhancement for SMS Verification Code in Mobile Payment
US11089010B2 (en) Method for transmitting digital information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant