CN109587683A - Method and system, application program and the terminal information database of the anti-monitoring of short message - Google Patents
Method and system, application program and the terminal information database of the anti-monitoring of short message Download PDFInfo
- Publication number
- CN109587683A CN109587683A CN201910006481.XA CN201910006481A CN109587683A CN 109587683 A CN109587683 A CN 109587683A CN 201910006481 A CN201910006481 A CN 201910006481A CN 109587683 A CN109587683 A CN 109587683A
- Authority
- CN
- China
- Prior art keywords
- code
- terminal
- short message
- plaintext
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
Abstract
The invention belongs to internet and the communications fields, are related to method, system, application program and the terminal information database of the anti-monitoring of short message.This method comprises: receiving plaintext relevant to accounting number users;It is random to generate encrypted code corresponding with plaintext, and plaintext is encrypted to obtain original cipher text code using encrypted code;The terminal iidentification for receiving the terminal of short message verification code is extracted, and the end message including terminal iidentification, encrypted code and original cipher text code is at least sent to terminal information database;Receive same plaintext and terminal iidentification that accounting number users input again;According to the terminal iidentification that accounting number users input, the encrypted code and original cipher text code nearest to the end message library inquiry time corresponding with terminal iidentification;And the plaintext inputted again according to accounting number users, plaintext is encrypted to obtain review ciphertext code using encrypted code;Judge whether to trust short message verification code according to original cipher text code and review ciphertext code.The safety that authentication is carried out by short message can be effectively ensured in it.
Description
Technical field
The invention belongs to internet and the communications fields, and in particular to the anti-monitoring of method, short message of the anti-monitoring of short message is
System, application program and terminal information database.
Background technique
As mobile phone identification policy becomes increasingly popular, more and more enterprises are using mobile phone note verification code as oneself protective screen
Barrier.The enterprises such as each Web bank, big bank, online shopping mall, group buying websites, ticketing service company use short-message verification, and selection passes through mobile phone
Short message carries out safety verification.Short message verification code becomes the main method of authentication now, utilizes mobile phone note verification code, user
It can be logged in, the operation such as Modify password, and directly or indirectly use application associated with fund.However, current short message
It is mainly transmitted by 2G network (GSM), there are serious safety defects for the unidirectional authentication that GSM is used, that is to say, that GSM is not encrypted
Transmission of message.
Base station can be with the legitimacy of authentication terminal (such as mobile phone), but terminal haves no right to identify the legitimacy of base station." pseudo- base
Stand " i.e. false base station, be generally made of host and laptop or mobile phone, as long as pseudo-base station can send it is similar with true base station
Signal, so that it may cheat mobile phone and access in its network, to carry out illegal activity.Using the loophole, criminal passes through pseudo- base
Station disguises oneself as the base station of operator, falsely uses other people terminals and sends the short messages such as swindle, ad promotions to user mobile phone by force;Even,
Cell-phone number and short message verification code are obtained by pseudo-base station and sniff equipment, searches the hand taken centered on it, within the scope of certain radius
Machine card information and short message carry out authentication using the short message camouflage user listened to, can bring problem very serious, such as
The payment class account information etc. for stealing user, the problem of bringing hidden danger to the fund security of user.
How to guarantee the safety verified by short message, becomes a technical problem to be solved urgently.
Summary of the invention
The technical problem to be solved by the present invention is to for above-mentioned deficiency in the prior art, provide a kind of anti-monitoring of short message
System, application program and the terminal information database of the anti-monitoring of method, short message, can be effectively ensured and carry out authentication by short message
Safety.
The method that technical solution used by present invention problem is the anti-monitoring of the short message is solved, is connect in application program
Before receiving short message verification code, further include the steps that verifying accounting number users:
Receive plaintext relevant to accounting number users;
It is random to generate encrypted code corresponding with the plaintext, and the plaintext is encrypted using the encrypted code
Obtain original cipher text code;
Extract the terminal iidentification for receiving the terminal of the short message verification code, and at least will include the terminal iidentification,
The end message of the encrypted code and the original cipher text code is sent to terminal information database;
Receive the same plaintext and the terminal iidentification that the accounting number users input again;
According to the terminal iidentification that the accounting number users input, Xiang Suoshu end message library inquiry and the terminal iidentification
The encrypted code and the original cipher text code of corresponding time recently;
And the plaintext inputted again according to the accounting number users, the plaintext is carried out using the encrypted code
Encryption obtains review ciphertext code;
It is whether consistent according to the original cipher text code and the review ciphertext code, judge whether to trust the short-message verification
Code.
Preferably, the plaintext is inputted by the accounting number users;
Alternatively, the plaintext is randomly generated by the application program that the accounting number users log according to pre-defined rule, and
The plaintext is back to the accounting number users.
Preferably, the information for being sent to the terminal information database further includes the application program for needing to log in
Title, version number, developer information.
Preferably, the plaintext is random character, accounting number users ID card No., accounting number users name, accounting number users
Any in a certain position in TOP10 contact person frequently made a phone call recently.
A kind of method of the anti-monitoring of short message further includes to account before application program receives the short message verification code
The step of user verifies:
Receive and save terminal iidentification, encrypted code and ciphertext code;
According to inquiry request, Xiang Suoshu application program returns to time corresponding with the terminal iidentification nearest encryption
Code and the original cipher text code.
It preferably, further include that terminal is recognized in terminal information database before being verified to accounting number users
The step of card and registration, comprising:
Operator's customer service password to the terminal that the accounting number users send the terminal by way of mobile switch net is believed
Database is ceased, the mode of the mobile switch net is including sending character message, voice SMS or dialing voice call;
The terminal information database identifies the corresponding terminal iidentification of the terminal, and it is close to extract operator's customer service
Code;
The terminal information database according to the terminal iidentification, inquire in the customer service system of operator with the terminal mark
Know corresponding operator's customer service password;
According to the whether consistent of operator's customer service password, judge whether the terminal is hacker's operation.
Preferably, according to the whether consistent of operator's customer service password, judge whether the terminal is hacker's operation
The step of, comprising:
If operator's customer service password is consistent, then it is assumed that be the business authentication and registration that the accounting number users carry out;
If operator's customer service password is consistent, then it is assumed that be business authentication that hacker pretends to be the accounting number users to carry out and
Registration.
Preferably, the information for being sent to the terminal information database further includes the application program for needing to log in
Title, version number, developer information.
A kind of application program comprising the verifying mould group for being verified to accounting number users, the verifying mould group include
Interface module, encrypting module, transmission module, review module and judgment module, in which:
The interface module, for receiving plaintext relevant to accounting number users;And to receive the accounting number users defeated again
The same plaintext entered and the terminal iidentification;
The encrypting module, for generating encrypted code corresponding with the plaintext at random, and using the encrypted code to institute
Text is stated clearly to be encrypted to obtain original cipher text code;
The transmission module for extracting the terminal iidentification for receiving the terminal of the short message verification code, and at least will
End message including the terminal iidentification, the encrypted code and the original cipher text code is sent to the end message data
Library;And the terminal iidentification for being also used to be inputted according to the accounting number users, Xiang Suoshu end message library inquiry and the end
End identifies the nearest encrypted code and the original cipher text code of corresponding time;
The plaintext is used institute by the review module, the plaintext for being inputted again according to the accounting number users
Encrypted code is stated to be encrypted to obtain review ciphertext code;
The judgment module, for according to the original cipher text code and the review ciphertext code it is whether consistent, judge whether
Trust the short message verification code.
A kind of terminal information database comprising memory module, enquiry module, in which:
The memory module, for receiving and saving terminal iidentification, encrypted code and ciphertext code;
The enquiry module, for according to inquiry request, Xiang Suoshu application program to return corresponding with the terminal iidentification
The encrypted code and the original cipher text code of time recently.
A kind of system of the anti-monitoring of short message comprising above-mentioned application program and above-mentioned terminal information database.
The beneficial effects of the present invention are:
System, application program and the end message data of the anti-monitoring of method, short message of the anti-monitoring of short message provided by the invention
Library can effectively take precautions against the harm of pseudo-base station bring, thoroughly solve to receive a large amount of refuse messages after existing mobile phone is connected into pseudo-base station
Or the transmission information of mobile phone is stolen by pseudo-base station, especially can solve pseudo-base station at present and can monitor short message identity is tested
The failure of card property, bringing problem very serious for example to steal payment class account information of the inside etc. leads to the fund security band of user
The problem of carrying out hidden danger avoids user from being connected to the harm of pseudo-base station bring, ensures the normal use and safety of user account.
Detailed description of the invention
Fig. 1 is the flow chart of the method for the anti-monitoring of short message in the embodiment of the present invention 1;
Fig. 2 is the structural block diagram of authentication module in application program in the embodiment of the present invention 1;
Fig. 3 is the flow chart of the method for the anti-monitoring of short message in the embodiment of the present invention 2;
Fig. 4 is the structural block diagram of terminal information database in the embodiment of the present invention 2;
Fig. 5 is the structural block diagram of the system of the anti-monitoring of short message in the embodiment of the present invention 3;
Fig. 6 is the flow chart of the method for the anti-monitoring of short message in the embodiment of the present invention 3;
In attached drawing mark:
1- verifies mould group;11- interface module;12- encrypting module;13- transmission module;14- review module;15- judges mould
Block;
2- terminal information database;21- memory module;22- enquiry module.
Specific embodiment
Technical solution in order to enable those skilled in the art to better understand the present invention, with reference to the accompanying drawing and specific embodiment party
Formula makees the system, application program and terminal information database of the anti-monitoring of method, short message of the anti-monitoring of short message of the present invention further
Detailed description.
Currently, being tested by the main identity that short message verification code is the network activities such as modification login password, modification payment cipher
Card mode, namely accounting number users identity can be confirmed as currently the only authentication factor by short message verification code.
Technical concept of the invention is: based on current authentication status, to the accounting number users body before short message verification code input
Part is verified, i.e., by increasing some implement for account owner in other words terminal owner very simply, still
The factor being difficultly also difficult to carry out very much for attacker, so that it is successfully general to reduce the attacker monitored by short message
Rate.
System, application program and the end message data of the anti-monitoring of method, short message of the anti-monitoring of short message provided by the invention
Library can effectively solve after existing terminal (such as mobile phone) is connected into pseudo-base station and receive a large amount of refuse messages or transmission information by pseudo-
Base station is stolen, and short message is monitored by pseudo-base station so that the problem of authentication is failed, avoids user from being connected to pseudo- base what is more
It stands, so that effectively prevention pseudo-base station bring harm, ensures the normal use and safety of user account.
Embodiment 1:
The present embodiment provides a kind of method of the anti-monitoring of short message and its corresponding application programs, can effectively realize application program
Accounting number users authentication before receiving short message verification code, ensures the safety of user account.
As shown in Figure 1, the method for the anti-monitoring of the short message is before application program receives short message verification code, it further include to account
The step of user verifies:
Step S11): receive plaintext relevant to accounting number users.
In this step, there are two types of acquisition patterns in plain text, first is that, it is inputted in plain text by accounting number users, that is, user is manual
It is input in application program.Second is that being randomly generated in plain text by the application program that accounting number users log according to pre-defined rule, and will be bright
Text is back to accounting number users.That is it is manually entered in plain text without user, using journey after user's instruction carries out verifying identity
Sequence, which automatically generates random plaintext and is sent to interface, informs user, this is to generate under both sides' treaty rule in plain text.Certainly, in plain text
The TOP10 that can frequently make a phone call recently for random character, accounting number users ID card No., accounting number users name, accounting number users
Any in a certain position in contact person.
Step S12): it is random to generate encrypted code corresponding with plaintext, and plaintext encryption encrypt using encrypted code
To original cipher text code.
In this step, encrypted code can be existing various Encryption Algorithm, here without limitation, in identity of user
Qualify Phase remains unchanged.
Step S13): the terminal iidentification for receiving the terminal of short message verification code is extracted, and at least will include terminal iidentification, encryption
The end message of code and original cipher text code is sent to terminal information database.
In this step, it is preferred that the information for being sent to terminal information database further includes the application journey for needing to log in
The title of sequence, version number, developer application information, in order to can preferably distinguish establish application program-encrypted code and
The correspondence of ciphertext code.
Step S14): receive same plaintext and terminal iidentification that accounting number users input again.
In this step, accounting number users need to be manually entered the plaintext or application program that it is inputted in step S11)
It is generated and returned to the plaintext of accounting number users.
Step S15): the terminal iidentification inputted according to accounting number users, it is corresponding with terminal iidentification to end message library inquiry
Time nearest encrypted code and original cipher text code.
In this step, encrypted code and original cipher text code are exchanged between application program and end message library by network.
Step S16): plaintext is encrypted using encrypted code and is checked by the plaintext inputted again according to accounting number users
Ciphertext code.
In this step, the simple plaintext being manually entered in step S14) according to account of application program, using in step
Rapid S12) used in encrypted code encrypted to obtain review ciphertext code.
Step S17): it is whether consistent according to original cipher text code and review ciphertext code, judge whether to trust short message verification code.
In this step, whether original cipher text code and review ciphertext code are consistent, determine application program to subsequently through 2G's
The degree of belief of the short message verification code of GSM network transmission.
By the above method, application program can all generate one before logging in each time by short message verification code and add at random
Password is twice to being encrypted in plain text and checked, since form is (no by way of mobile switch net for the accidental enciphering code
It is same as the channel GSM), in this way to the verifying of accounting number users before short message verification code, one of solid safety has also been erect in advance
Defence line avoids testing using monitored short message to guarantee receptible short message verification code to the authenticity of application program verification
Card code leads to account safety hidden danger.
Correspondingly, as shown in Fig. 2, the present embodiment also provides a kind of application program comprising for being carried out to accounting number users
The verifying mould group of verifying, verifying mould group 1 include interface module 11, encrypting module 12, transmission module 13, review module 14 and judgement
Module 15, in which:
Interface module 11, for receiving plaintext relevant to accounting number users;And receive accounting number users input again it is same
One plaintext and terminal iidentification;
Encrypting module 12 carries out plaintext encryption for generating encrypted code corresponding with plaintext at random, and using encrypted code
Encryption obtains original cipher text code;
Transmission module 13 for extracting the terminal iidentification of terminal, and at least will include terminal iidentification, encrypted code and original close
The end message of literary code is sent to terminal information database;And the terminal iidentification for being also used to be inputted according to accounting number users, to end
Client information library inquiry time corresponding with terminal iidentification nearest encrypted code and original cipher text code;
Plaintext encrypt using encrypted code by review module 14, the plaintext for being inputted again according to accounting number users
To review ciphertext code;
Judgment module 15, for according to original cipher text code and review ciphertext code it is whether consistent, judge whether trust short message test
Demonstrate,prove code.
On the basis of the above random plaintext, some other factors can also be increased, for example, the application journey as authentication
Sequence is further added by accounting number users identification card number except allowing the side of being verified to provide terminal and in the set time in addition to corresponding short message verification code
The a certain position in TOP10 contact person that code, accounting number users name or accounting number users are frequently made a phone call recently;As authentication
Application program can be by confirming the correctness of these information with telecom operators.These information for the side of being verified very
It is easy to provide, but for attacker, in addition to it can monitor short message verification code, other information are attacked as pseudo-base station
It is difficult to obtain for person, to guarantee the safety verified by short message.
In addition, step S14 in the above method)-step S16) it obtains from the original cipher text code in end message library and itself
The sequence for the review ciphertext code being calculated again without limitation, as long as original cipher text code can be obtained and review and carries out at ciphertext code
Comparison of coherence.
It should be understood that the functional component that verifying mould group can be used as application program is integrated in the application,
It can be stored on a memory with code form;It can also be used as an independent small routine independent operating, in application program
The small routine is associated with when having short-message verification demand calls realization to verify accounting number users;Alternatively, calling directly little Cheng
Sequence and the message synchronization for guaranteeing application program Yu the small routine directly receive the verification result returned after the completion of to be verified, here
Without limitation.
The method and application program of the anti-monitoring of this method short message, are suitably mounted to the APP of mobile terminal (such as mobile phone),
It is also applied for the Web page application program of the network-sides such as computer, notebook, here also without limitation.
The method and its corresponding application program of the anti-monitoring of the short message, the safety of energy effective guarantee verifying accounting number users.
Embodiment 2:
The present embodiment provides a kind of method of the anti-monitoring of short message and its corresponding terminal information databases, can effectively cooperate reality
Existing accounting number users authentication of the application program before receiving short message verification code, ensures the safety of user account.
As shown in figure 3, the method for the anti-monitoring of the short message is before application program receives short message verification code, it further include to account
The step of user verifies:
Step S21): receive and save terminal iidentification, encrypted code and ciphertext code.
In this step, the information for being sent to terminal information database further includes the application name for needing to log in, version
This number, the application information of developer, in order to can preferably distinguish pair for establishing application program-encrypted code and ciphertext code
It answers.
Step S22): according to inquiry request, time corresponding with terminal iidentification nearest encrypted code is returned to application program
With original cipher text code.
In this step, terminal information database returns to time corresponding with terminal iidentification nearest encryption to application program
Code and original cipher text code.
Preferably, further include step S20 before being verified to terminal using user): terminal is in end message number
According to the step of being authenticated and registered in library, comprising:
Accounting number users send operator's customer service password of terminal to terminal information database by way of mobile switch net,
The mode of mobile switch net is including sending character message, voice SMS or dialing voice call;
Terminal information database identifies and extracts the corresponding terminal iidentification of terminal and operator's customer service password;
Terminal information database inquires operation corresponding with terminal iidentification in the customer service system of operator according to terminal iidentification
Quotient's customer service password;
According to the whether correct of operator's customer service password, judge whether terminal is hacker's operation.Wherein, according to operator visitor
The whether correct of password is taken, the step of whether terminal is hacker's operation judged, comprising:
If operator's customer service password is correct, then it is assumed that be the business authentication and registration that accounting number users carry out;
If operator's customer service password mistake, then it is assumed that be the business authentication and registration that hacker pretends to be accounting number users to carry out.
Correspondingly, as shown in figure 4, the present embodiment also provides a kind of terminal information database 2 comprising memory module 21,
Enquiry module 22, in which:
Memory module 21, for receiving and saving terminal iidentification, encrypted code and ciphertext code;
Enquiry module 22 returns to the time corresponding with terminal iidentification recently to application program for according to inquiry request
Encrypted code and original cipher text code.
The method of the anti-monitoring of the short message and its corresponding terminal information database provide to verify the safety of accounting number users
Data supporting.
Embodiment 3:
The present embodiment provides a kind of systems of the anti-monitoring of short message, the end of application program and embodiment 2 based on embodiment 1
Client information database, the comprehensive method for realizing the anti-monitoring of short message, to realize account of the application program before receiving short message verification code
Number subscriber authentication, ensures the safety of user account.
When terminal selection as the side of being verified is verified, for example, it is when need to log in an application program or clear
When Lan Qi portal website, before selecting to be verified by transmission short message verification code, the true of reconciliation user is first carried out
The verifying of real identity.As shown in figure 5, the system of the anti-monitoring of the short message includes authentication module 1 and end message in application program
Database 2.It is anti-to short message below with reference to the method and corresponding structure of the anti-monitoring of short message that embodiment 1, embodiment 2 provide
The process of monitoring is described in detail, and flow chart please refers to Fig. 6.
Embodiment one:
Step S31): terminal is authenticated and is registered in terminal information database.
In this step, the concrete mode for authenticating and registering in terminal information database are as follows: the accounting number users pass through shifting
Request certification that the mode of dynamic switching network sends operator's customer service password including terminal and registration message are to end message data
Library, such as send character message, voice SMS or dial voice call.Terminal information database receives request certification and steps on
After remembering message, the corresponding terminal iidentification of terminal therein and operator's customer service password are identified and extract, and according to terminal mark
The customer service system in the support system on inquiry operator backstage is known, if operator's customer service password is correct, then it is assumed that be the account
The certification and registration of the business of user oneself application, rather than the certification and registration that hacker pretends to be accounting number users to carry out;If fortune
Seek quotient's customer service password mistake, then it is assumed that be the business authentication and registration that hacker pretends to be accounting number users to carry out.
Step S32): application program receives plaintext relevant to accounting number users.
In this step, accounting number users oneself one plaintext of stochastic inputs, such as " ABCDEFG " in the application.
Step S33): application program generate at random with corresponding encrypted code in plain text, and using encrypted code to encrypt in plain text into
Row encryption obtains original cipher text code.
In this step, application program generates a random encrypted code KEY1, then to the plaintext " ABCDEFG " first
It is secondary to be encrypted using encrypted code KEY1, obtain original cipher text code, such as " 1234567 ".
Step S34): application program extracts the terminal iidentification of terminal, and at least will include terminal iidentification, encrypted code and original
The end message of ciphertext code is sent to terminal information database;Correspondingly, terminal information database receive and save terminal iidentification,
Encrypted code and ciphertext code.
In this step, encrypted code KEY1 and ciphertext code " 1234567 " are sent to as the application program of authentication
Terminal information database carries out storage record.
Step S35): application program receives the same plaintext and terminal iidentification that accounting number users input again.
In this step, as the side of being verified accounting number users by oneself plaintext " ABCDEFG " and terminal iidentification (such as
Phone number) it is sent to application program as authentication again.
Step S36): the terminal iidentification that application program is inputted according to accounting number users, to end message library inquiry and terminal mark
Know nearest encrypted code and original cipher text code of corresponding time;Correspondingly, terminal information database is according to inquiry request, Xiang Yingyong
Program returns to time corresponding with terminal iidentification nearest encrypted code and original cipher text code.
In this step, the end is inquired to terminal information database according to the terminal iidentification as the application program of authentication
Hold corresponding encrypted code and ciphertext code.After terminal information database receives the inquiry request, by the encrypted code of oneself storage inside
KEY1 and ciphertext code " 1234567 " are sent to the application program.
Step S37): the plaintext that application program inputs again according to accounting number users encrypts plaintext using encrypted code
Obtain review ciphertext code.
In this step, application program uses " ABCDEFG " and encrypted code in plain text according to the algorithm made an appointment, second
KEY1 is calculated, and ciphertext code " 1234567 " are obtained.
Step S38): whether application program is consistent according to original cipher text code and review ciphertext code, judges whether to trust short message
Identifying code.
It in this step, is " 1234567 " if original cipher text code is consistent with review ciphertext code, then the verifying of ciphertext code is logical
It crosses, that is to say, that the accounting number users are the holder of the true terminal, and application program receives and trusts subsequent short message verification code;
If original cipher text code is consistent with review ciphertext code, application program distrusts subsequent short message verification code.
As the application program of authentication, in the short-message verification for receiving GSM network transmission of the accounting number users input by 2G
Before code, plaintext encrypted authentication ciphertext code is passed twice through, only the ciphertext code, which is verified, just confirms that the accounting number users are true
The terminal holder, then carry out the verifying of traditional short message verification code again.
Embodiment two:
Step S31): terminal is authenticated and is registered in terminal information database.
In this step, the concrete mode for authenticating and registering in terminal information database are as follows: the accounting number users pass through shifting
Request certification that the mode of dynamic switching network sends operator's customer service password including terminal and registration message are to end message data
Library, such as send character message, voice SMS or dial voice call.Terminal information database receives request certification and steps on
After remembering message, the corresponding terminal iidentification of terminal therein and operator's customer service password are identified and extract, and according to terminal mark
The customer service system in the support system on inquiry operator backstage is known, if operator's customer service password is correct, then it is assumed that be the account
The certification and registration of the business of user oneself application, rather than the certification and registration that hacker pretends to be accounting number users to carry out;If fortune
Seek quotient's customer service password mistake, then it is assumed that be the business authentication and registration that hacker pretends to be accounting number users to carry out.
Step S32): application program receives plaintext relevant to accounting number users.
In this step, the accounting number users of the terminal send checking request to the application program first, which receives
It to after the checking request, generates one section of random plaintext such as " ABCDEFG ", and is sent to the terminal interface and informs that account is used
Family.As long as the plaintext of plaintext both sides agreement here, in present embodiment by application program automatically generate without
The plaintext of terminal inputs, and directly active transmission is to the terminal interface.
Step S33): application program generate at random with corresponding encrypted code in plain text, and using encrypted code to encrypt in plain text into
Row encryption obtains original cipher text code.
In this step, application program generates a random encrypted code KEY1, and then to this, " ABCDEFG " is used in plain text
Encrypted code KEY1 is encrypted, and ciphertext code " 1234567 " are obtained.
Step S34): application program extracts the terminal iidentification of terminal, and at least will include terminal iidentification, encrypted code and original
The end message of ciphertext code is sent to terminal information database;Correspondingly, terminal information database receive and save terminal iidentification,
Encrypted code and ciphertext code.
In this step, it sends encrypted code KEY1 and ciphertext code " 1234567 " to as the application program of authentication
Storage record is carried out in terminal information database.It can also be with to avoid encrypted code and ciphertext code from being abused, in the message of transmission
Include the relevant informations such as the corresponding application name to need to log in, version number, developer.
Step S35): the terminal iidentification that application program is inputted according to accounting number users, to end message library inquiry and terminal mark
Know nearest encrypted code and original cipher text code of corresponding time;Correspondingly, terminal information database is according to inquiry request, Xiang Yingyong
Program returns to time corresponding with terminal iidentification nearest encrypted code and original cipher text code.
In this step, as the application program of authentication according to the terminal iidentification and including Apply Names, version number, open
The relevant information for sending out quotient etc., inquires the terminal and the corresponding encrypted code of application program and ciphertext code to terminal information database.Eventually
After client information database receives the inquiry request, by the nearest ciphertext code corresponding with the terminal iidentification of oneself storage inside
" 1234567 " are sent to the application program.
Step S36): application program receives the same plaintext and terminal iidentification that accounting number users input again.
In this step, the plaintext " ABCDEFG " and terminal mark received oneself as the accounting number users for the side of being verified
Know (such as phone number) and is sent to the application program as authentication again.
Step S37): the plaintext that application program inputs again according to accounting number users encrypts plaintext using encrypted code
Obtain review ciphertext code.
In this step, application program is according to the algorithm made an appointment, using " ABCDEFG " in plain text and encrypted code KEY1 into
Second of calculating of row, obtains ciphertext code " 1234567 ".
Step S38): whether application program is consistent according to original cipher text code and review ciphertext code, judges whether to trust short message
Identifying code.
It in this step, is " 1234567 " if original cipher text code is consistent with review ciphertext code, then the verifying of ciphertext code is logical
It crosses, that is to say, that the accounting number users are the holder of the true terminal, and application program receives and trusts subsequent short message verification code;
If original cipher text code is consistent with review ciphertext code, application program distrusts subsequent short message verification code.
As the application program of authentication, in the short-message verification for receiving GSM network transmission of the accounting number users input by 2G
Before code, plaintext encrypted authentication ciphertext code is passed twice through, only the ciphertext code, which is verified, just confirms that the accounting number users are true
The terminal holder, then carry out the verifying of traditional short message verification code again.
Embodiment three:
Step S31): terminal is authenticated and is registered in terminal information database.
In this step, the concrete mode for authenticating and registering in terminal information database are as follows: the accounting number users pass through shifting
Request certification that the mode of dynamic switching network sends operator's customer service password including terminal and registration message are to end message data
Library, such as send character message, voice SMS or dial voice call.Terminal information database receives request certification and steps on
After remembering message, the corresponding terminal iidentification of terminal therein and operator's customer service password are identified and extract, and according to terminal mark
The customer service system in the support system on inquiry operator backstage is known, if operator's customer service password is correct, then it is assumed that be the account
The certification and registration of the business of user oneself application, rather than the certification and registration that hacker pretends to be accounting number users to carry out;If fortune
Seek quotient's customer service password mistake, then it is assumed that be the business authentication and registration that hacker pretends to be accounting number users to carry out.
Step S32): application program receives plaintext relevant to accounting number users.
In this step, the accounting number users of the terminal send a plaintext challenge to the application program first, this applies journey
It after sequence receives the request, generates one section of random plaintext such as " ABCDEFG ", and is sent to the terminal interface and informs that account is used
Family.As long as the plaintext of plaintext both sides agreement here, can also be automatically generated by application program without terminal
Apply in plain text, direct active transmission to the terminal.
Step S33): application program generate at random with corresponding encrypted code in plain text, and using encrypted code to encrypt in plain text into
Row encryption obtains original cipher text code.
In this step, after application program receives the plaintext " ABCDEFG ", the identification verification function in terminal is called, is tested
It demonstrate,proves module and generates a random encrypted code KEY1, the plaintext " ABCDEFG " is encrypted using encrypted code KEY1 then, is obtained
To ciphertext code " 1234567 ".
Step S34): application program extracts the terminal iidentification of terminal, and at least will include terminal iidentification, encrypted code and original
The end message of ciphertext code is sent to terminal information database;Correspondingly, terminal information database receive and save terminal iidentification,
Encrypted code and ciphertext code.
In this step, as the application call terminal identity authentication function of authentication, authentication module is by the encryption
Code KEY1 and ciphertext code " 1234567 " are sent in terminal information database and carry out storage record.To avoid encrypted code and close
Literary code is abused, and also may include the corresponding application name to need to log in, version number, developer in the message of transmission
Etc. relevant informations.
Step S35): the terminal iidentification that application program is inputted according to accounting number users, to end message library inquiry and terminal mark
Know nearest encrypted code and original cipher text code of corresponding time;Correspondingly, terminal information database is according to inquiry request, Xiang Yingyong
Program returns to time corresponding with terminal iidentification nearest encrypted code and original cipher text code.
In this step, as the application call terminal identity authentication function of authentication, according to the terminal and including
The relevant information of Apply Names, version number, developer etc. inquire the terminal to terminal information database and application program are corresponding
Encrypted code and ciphertext code.After terminal information database receives the inquiry request, by the ciphertext code " 1234567 " of oneself storage inside
It is sent to authentication module.
Step S36): application program receives the same plaintext and terminal iidentification that accounting number users input again.
In this step, as the side of being verified accounting number users by oneself plaintext " ABCDEFG " and terminal iidentification (such as
Phone number) it is sent to application program as authentication again.
Step S37): the plaintext that application program inputs again according to accounting number users encrypts plaintext using encrypted code
Obtain review ciphertext code.
In this step, application program is according to the algorithm made an appointment, using " ABCDEFG " in plain text and encrypted code KEY1 into
Second of calculating of row, obtains ciphertext code " 1234567 "
Step S38): whether application program is consistent according to original cipher text code and review ciphertext code, judges whether to trust short message
Identifying code.
In this step, as the application call terminal identity authentication function of authentication, authentication module judges original
Whether ciphertext code and review ciphertext code are consistent, are " 1234567 " if original cipher text code is consistent with review ciphertext code, then ciphertext
Code is verified, that is to say, that the accounting number users are the holder of the true terminal, receive and trust subsequent short message verification code;
If original cipher text code is consistent with review ciphertext code, subsequent short message verification code is distrusted.Verification result returns to application program, and certainly
Determine level of application and situation is received to short message verification code.
As the application program of authentication, in the short-message verification for receiving GSM network transmission of the accounting number users input by 2G
Before code, plaintext encrypted authentication ciphertext code is passed twice through, only the ciphertext code, which is verified, just confirms that the accounting number users are true
The terminal holder, then carry out the verifying of traditional short message verification code again.
System, application program and the end message data of the anti-monitoring of method, short message of the anti-monitoring of short message provided by the invention
Library can effectively take precautions against the harm of pseudo-base station bring, thoroughly solve to receive a large amount of refuse messages after existing mobile phone is connected into pseudo-base station
Or the transmission information of mobile phone is stolen by pseudo-base station, especially can solve pseudo-base station at present and can monitor short message identity is tested
The failure of card property, bringing problem very serious for example to steal payment class account information of the inside etc. leads to the fund security band of user
The problem of carrying out hidden danger avoids user from being connected to the harm of pseudo-base station bring, ensures the normal use and safety of user account.
It is understood that embodiment of above is only principle to illustrate the invention and the exemplary embodiment party that uses
Formula, however the present invention is not limited thereto.For those skilled in the art, spirit of the invention is not being departed from
In the case where essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.
Claims (11)
1. a kind of method of the anti-monitoring of short message, which is characterized in that further include reconciliation before application program receives short message verification code
The step of number user verifies:
Receive plaintext relevant to accounting number users;
It is random to generate encrypted code corresponding with the plaintext, and the plaintext is encrypted to obtain using the encrypted code
Original cipher text code;
The terminal iidentification for receiving the terminal of the short message verification code is extracted, and at least will include the terminal iidentification, the encryption
The end message of code and the original cipher text code is sent to terminal information database;
Receive the same plaintext and the terminal iidentification that the accounting number users input again;
According to the terminal iidentification that the accounting number users input, Xiang Suoshu end message library inquiry is corresponding with the terminal iidentification
The time nearest encrypted code and the original cipher text code;
And the plaintext inputted again according to the accounting number users, the plaintext is encrypted using the encrypted code
Obtain review ciphertext code;
It is whether consistent according to the original cipher text code and the review ciphertext code, judge whether to trust the short message verification code.
2. the method for the anti-monitoring of short message according to claim 1, which is characterized in that the plaintext is defeated by the accounting number users
Enter;
Alternatively, the plaintext is randomly generated by the application program that the accounting number users log according to pre-defined rule, and by institute
It states text clearly and is back to the accounting number users.
3. the method for the anti-monitoring of short message according to claim 1, which is characterized in that be sent to the terminal information database
Information further include the title of the application program for needing to log in, version number, developer information.
4. the method for the anti-monitoring of short message according to claim 1-3, which is characterized in that the plaintext is random words
Certain in the TOP10 contact person that symbol, accounting number users ID card No., accounting number users name, accounting number users are frequently made a phone call recently
Any in one.
5. a kind of method of the anti-monitoring of short message, which is characterized in that further include reconciliation before application program receives short message verification code
The step of number user verifies:
Receive and save terminal iidentification, encrypted code and ciphertext code;
According to inquiry request, Xiang Suoshu application program return corresponding with terminal iidentification time nearest encrypted code and
The original cipher text code.
6. the method for the anti-monitoring of short message according to claim 5, which is characterized in that carrying out verifying it to accounting number users
Before, further include the steps that terminal is authenticated and registered in terminal information database, comprising:
The accounting number users send operator's customer service password of terminal to terminal information database by way of mobile switch net,
The mode of the mobile switch net is including sending character message, voice SMS or dialing voice call;
The terminal information database identifies the corresponding terminal iidentification of the terminal, and extracts operator's customer service password;
The terminal information database according to the terminal iidentification, inquire in the customer service system of operator with the terminal iidentification pair
The operator's customer service password answered;
According to the whether consistent of operator's customer service password, judge whether the terminal is hacker's operation.
7. the method for the anti-monitoring of short message according to claim 6, which is characterized in that according to operator's customer service password
It is whether consistent, the step of whether terminal is hacker's operation judged, comprising:
If operator's customer service password is consistent, then it is assumed that be the business authentication and registration that the accounting number users carry out;
If operator's customer service password is consistent, then it is assumed that be the business authentication and step on that hacker pretends to be the accounting number users to carry out
Note.
8. the method for the anti-monitoring of short message according to claim 5, which is characterized in that be sent to the terminal information database
Information further include the title of the application program for needing to log in, version number, developer information.
9. a kind of application program, which is characterized in that including the verifying mould group for being verified to accounting number users, the verifying mould
Group includes interface module, encrypting module, transmission module, review module and judgment module, in which:
The interface module, for receiving plaintext relevant to accounting number users;And receive what the accounting number users inputted again
The same plaintext and the terminal iidentification;
The encrypting module, for generating corresponding with plaintext encrypted code at random, and using the encrypted code to being stated clearly
Text is encrypted to obtain original cipher text code;
The transmission module for extracting the terminal iidentification for receiving the terminal of the short message verification code, and at least will include described
The end message of terminal iidentification, the encrypted code and the original cipher text code is sent to the terminal information database;And also
The terminal iidentification for being inputted according to the accounting number users, Xiang Suoshu end message library inquiry are corresponding with the terminal iidentification
The time nearest encrypted code and the original cipher text code;
The review module, the plaintext for being inputted again according to the accounting number users add the plaintext using described
Password is encrypted to obtain review ciphertext code;
The judgment module, for according to the original cipher text code and the review ciphertext code it is whether consistent, judge whether to trust
The short message verification code.
10. a kind of terminal information database, which is characterized in that including memory module, enquiry module, in which:
The memory module, for receiving and saving terminal iidentification, encrypted code and ciphertext code;
The enquiry module, for according to inquiry request, Xiang Suoshu application program to return to the time corresponding with the terminal iidentification
The nearest encrypted code and the original cipher text code.
11. a kind of system of the anti-monitoring of short message, which is characterized in that including application program and claim 10 described in claim 9
The terminal information database.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910006481.XA CN109587683B (en) | 2019-01-04 | 2019-01-04 | Method and system for preventing short message from being monitored, application program and terminal information database |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910006481.XA CN109587683B (en) | 2019-01-04 | 2019-01-04 | Method and system for preventing short message from being monitored, application program and terminal information database |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109587683A true CN109587683A (en) | 2019-04-05 |
CN109587683B CN109587683B (en) | 2022-04-26 |
Family
ID=65915983
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910006481.XA Active CN109587683B (en) | 2019-01-04 | 2019-01-04 | Method and system for preventing short message from being monitored, application program and terminal information database |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109587683B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109982274A (en) * | 2019-04-08 | 2019-07-05 | 上海载德信息科技有限公司 | A kind of information acquisition method, device, server and storage medium |
CN111770083A (en) * | 2020-06-28 | 2020-10-13 | 中国联合网络通信集团有限公司 | Method and device for sending short message verification code |
CN111885517A (en) * | 2020-07-20 | 2020-11-03 | 中国联合网络通信集团有限公司 | Short message verification code sniffing prevention method and device |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103458407A (en) * | 2013-07-29 | 2013-12-18 | 北京盛世光明软件股份有限公司 | Internet account number login management system and method based on short message |
CN106330862A (en) * | 2016-08-10 | 2017-01-11 | 武汉信安珞珈科技有限公司 | Secure transmission method and system for dynamic password |
CN106559419A (en) * | 2016-10-28 | 2017-04-05 | 北京奇虎科技有限公司 | The application and identification method and identification terminal of short message verification code |
US20170279776A1 (en) * | 2016-03-23 | 2017-09-28 | Getac Technology Corporation | Encrypting method and decrypting method of security short message and receiving apparatus for receiving security short message |
CN107615294A (en) * | 2016-03-04 | 2018-01-19 | 华为技术有限公司 | A kind of identifying code short message display method and mobile terminal |
CN107666469A (en) * | 2016-07-29 | 2018-02-06 | 华为终端(东莞)有限公司 | The processing method and terminal of identifying code short message |
CN107733838A (en) * | 2016-08-11 | 2018-02-23 | 中国移动通信集团安徽有限公司 | A kind of mobile terminal client terminal identity identifying method, device and system |
CN108600234A (en) * | 2018-04-27 | 2018-09-28 | 中国农业银行股份有限公司 | A kind of auth method, device and mobile terminal |
CN108599944A (en) * | 2018-05-04 | 2018-09-28 | 贵州大学 | A kind of identifying code short message transparent encryption method based on handset identities |
CN108667791A (en) * | 2017-12-18 | 2018-10-16 | 中国石油天然气股份有限公司 | Auth method |
CN108990059A (en) * | 2017-06-02 | 2018-12-11 | 阿里巴巴集团控股有限公司 | A kind of verification method and device |
-
2019
- 2019-01-04 CN CN201910006481.XA patent/CN109587683B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103458407A (en) * | 2013-07-29 | 2013-12-18 | 北京盛世光明软件股份有限公司 | Internet account number login management system and method based on short message |
CN107615294A (en) * | 2016-03-04 | 2018-01-19 | 华为技术有限公司 | A kind of identifying code short message display method and mobile terminal |
US20170279776A1 (en) * | 2016-03-23 | 2017-09-28 | Getac Technology Corporation | Encrypting method and decrypting method of security short message and receiving apparatus for receiving security short message |
CN107666469A (en) * | 2016-07-29 | 2018-02-06 | 华为终端(东莞)有限公司 | The processing method and terminal of identifying code short message |
CN106330862A (en) * | 2016-08-10 | 2017-01-11 | 武汉信安珞珈科技有限公司 | Secure transmission method and system for dynamic password |
CN107733838A (en) * | 2016-08-11 | 2018-02-23 | 中国移动通信集团安徽有限公司 | A kind of mobile terminal client terminal identity identifying method, device and system |
CN106559419A (en) * | 2016-10-28 | 2017-04-05 | 北京奇虎科技有限公司 | The application and identification method and identification terminal of short message verification code |
CN108990059A (en) * | 2017-06-02 | 2018-12-11 | 阿里巴巴集团控股有限公司 | A kind of verification method and device |
CN108667791A (en) * | 2017-12-18 | 2018-10-16 | 中国石油天然气股份有限公司 | Auth method |
CN108600234A (en) * | 2018-04-27 | 2018-09-28 | 中国农业银行股份有限公司 | A kind of auth method, device and mobile terminal |
CN108599944A (en) * | 2018-05-04 | 2018-09-28 | 贵州大学 | A kind of identifying code short message transparent encryption method based on handset identities |
Non-Patent Citations (2)
Title |
---|
张华: "隐式验证码的设计与实现", 《电信工程技术与标准化》 * |
李赛等: "基于加密短信验证码的移动安全支付解决方案", 《计算机应用》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109982274A (en) * | 2019-04-08 | 2019-07-05 | 上海载德信息科技有限公司 | A kind of information acquisition method, device, server and storage medium |
CN111770083A (en) * | 2020-06-28 | 2020-10-13 | 中国联合网络通信集团有限公司 | Method and device for sending short message verification code |
CN111770083B (en) * | 2020-06-28 | 2022-04-26 | 中国联合网络通信集团有限公司 | Method and device for sending short message verification code |
CN111885517A (en) * | 2020-07-20 | 2020-11-03 | 中国联合网络通信集团有限公司 | Short message verification code sniffing prevention method and device |
CN111885517B (en) * | 2020-07-20 | 2021-11-09 | 中国联合网络通信集团有限公司 | Short message verification code sniffing prevention method and device |
Also Published As
Publication number | Publication date |
---|---|
CN109587683B (en) | 2022-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9384479B2 (en) | Mobile phone takeover protection system and method | |
CN106304074B (en) | Auth method and system towards mobile subscriber | |
Lee et al. | An empirical study of wireless carrier authentication for {SIM} swaps | |
CN108684041A (en) | The system and method for login authentication | |
CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
CN102790674A (en) | Authentication method, equipment and system | |
US11403633B2 (en) | Method for sending digital information | |
KR20120099782A (en) | User authentication method, user authentication system, and portable communications terminal | |
CN105703910B (en) | Dynamic token verification method based on wechat service number | |
CN108418812A (en) | A kind of intelligent terminal security message method of servicing based on credible performing environment | |
CN109587683A (en) | Method and system, application program and the terminal information database of the anti-monitoring of short message | |
US10230721B2 (en) | Authentication server, authentication system and method | |
CN105868975A (en) | Electronic finance account management method and system, and mobile terminal | |
US20120284787A1 (en) | Personal Secured Access Devices | |
CN103401686A (en) | User Internet identity authentication system and application method thereof | |
CN101854357B (en) | Method and system for monitoring network authentication | |
KR100563544B1 (en) | Method for authenticating a user with one-time password | |
CN106778334A (en) | The guard method of account information and mobile terminal | |
KR101321829B1 (en) | Method and system for site visitor authentication | |
CN115767538A (en) | Information verification method, information processing method, device and equipment | |
CN105429986B (en) | A kind of system of genuine cyber identification verifying and secret protection | |
CN114553573A (en) | Identity authentication method and device | |
CN1932866B (en) | Network software payment method and system thereof | |
Xu | Security Enhancement for SMS Verification Code in Mobile Payment | |
US11089010B2 (en) | Method for transmitting digital information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |