CN110098933A - A kind of mobile phone application automatic identity authentication method and system - Google Patents
A kind of mobile phone application automatic identity authentication method and system Download PDFInfo
- Publication number
- CN110098933A CN110098933A CN201810082623.6A CN201810082623A CN110098933A CN 110098933 A CN110098933 A CN 110098933A CN 201810082623 A CN201810082623 A CN 201810082623A CN 110098933 A CN110098933 A CN 110098933A
- Authority
- CN
- China
- Prior art keywords
- information
- uuid
- mobile phone
- user
- uuid information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/08—Upper layer protocols
- H04W80/12—Application layer protocols, e.g. WAP [Wireless Application Protocol]
Abstract
The invention discloses a kind of mobile phone application automatic identity authentication method and systems.The described method includes: first completing the authentication of UUID information in certificate server;The service request for carrying encryption UUID information is sent to business platform by the communication module of user mobile phone;The encryption UUID information received is forwarded to certificate server by business platform, and it is decoded by private key preset in certificate server;By certificate server to the UUID information matches of decoded UUID information and storage, authentication should be employed certainly to complete mobile phone.Method provided by the invention is based on HTTP request, and efficiently, controllably, user experience is good;And WAP gateway is used when only needing to be performed the authentication of UUID information in authentication procedures, and it is subsequent that any network can be used to access, it is applied widely;In addition, entire authentication procedures are automatically performed, without user's manual operations, user's unaware, usage experience is good.
Description
Technical field
The present invention relates to mobile communication technology field, in particular to a kind of mobile phone application automatic identity authentication method and it is
System.
Background technique
With the rapid development of mobile Internet, types of functionality mobile phone application (Application, abbreviation abundant
" APP ") welcome by user, inlet function of the user identity authentication as types of applications, by the weight for researching and developing occurrences in human life in the industry
Depending on.
Currently, the mode of cell phone application user authentication is mainly include the following types: 1, Wireless Application Protocol (Wireless
Application Protocol, referred to as " WAP ") gateway white list mode: server ip address is configured to the WAP net of operator
It closes in white list, when user APP accesses server-side in application, WAP gateway can be the cell-phone number of user by mobile data network
Code is added in HTTP Header, and server-side is applied and obtains subscriber phone number from Header.2, it is sent by mobile phone
The mode of short message: independent short message port is applied in server-side application, and cell phone application sends the SMS to the short message port, meeting in short message
Carrying mobile phone number information, server-side obtain phone number from short message.3, user's craft input handset number, server-side is sent
Short message verification code mode: i.e. user hand workforce accreditation, log on to business platform, the short message that server-side is sent is equivalent to verifying cell-phone number
Code belongs to active user.4, user manually enters email mailbox, and server-side sends verifying lettergram mode: user is registering
The mailbox of oneself is inputted in the page, server-side sends verifying mail, and user, which mails, clicks confirmation.5, user is defeated by hand
The registration of access customer name, verifies email mailbox or phone number.In order to promote user experience, in the platform of mobile operator
Preferentially using the first, the second way, entire verification process is automatically performed, and does not need user's participation.
But in above-mentioned identity identifying method, the WAP gateway white list that the certification of WAP gateway white list relies on operator is matched
It sets, it is invalid to surf the Internet for mobile phone wifi;It authenticates to exist by sending short message by mobile phone and sends short message cost, and short message is using storage
Pass-through mode, the time for reaching server are uncontrollable;Other needs have been manually done, and user experience is not good enough.
Summary of the invention
In order to solve problems in the prior art, the embodiment of the invention provides a kind of mobile phone application automatic identity authentication methods
And system.The technical solution is as follows:
On the one hand, the embodiment of the invention provides a kind of mobile phone application automatic identity authentication methods, which comprises
User hand is calculated by certification Software Development Kit (Software Development Kit, referred to as " SDK ")
Universally Unique Identifier (Universally Unique Identifier, referred to as " UUID ") information of machine, and utilize preset
Public key encrypts UUID information;
The UUID information and user mobile phone number of encryption are sent to certificate server by the WAP gateway unit in communication module
Code information, the subscriber phone number information are added by the WAP gateway unit;
It is decoded by the UUID information of private key pair encryption preset in certificate server, and decoded UUID is believed
The identity information of breath, user mobile phone information and user's registration matches, and completes the authentication of UUID information, the UUID information
It is separately stored in user mobile phone and certificate server in authentication;
When user logs in cell phone application, the UUID information stored in user mobile phone is obtained by certification SDK, and utilize and recognize
Preset public key encrypts UUID information in card SDK;
The service request for carrying encryption UUID information is sent to business platform by the communication module of user mobile phone, it is described
Communication module includes: WAP gateway unit and WIFI unit;
The encryption UUID information received is forwarded to certificate server by business platform, and by pre- in certificate server
If private key it is decoded;
By certificate server to the UUID information matches of decoded UUID information and storage, and obtain corresponding user
Identity information;
Corresponding user's ID authentication information is fed back to business platform, completes the automated validation of user identity, the user
Authentication information includes: user identity authentication result and corresponding subscriber identity information.
In the above-mentioned mobile phone application automatic identity authentication method of the embodiment of the present invention, carried to business platform transmission
Before the service request for encrypting UUID information, the method also includes:
Detect whether the operating system of cell phone application is true cell phone system by certification SDK.
In the above-mentioned mobile phone application automatic identity authentication method of the embodiment of the present invention, carried to business platform transmission
Before the service request for encrypting UUID information, the method also includes:
The current UUID information of user mobile phone is recalculated by authenticating SDK, and is believed with the UUID stored in user mobile phone
Manner of breathing matching, to judge whether the UUID information stored in user mobile phone can be used.
In the above-mentioned mobile phone application automatic identity authentication method of the embodiment of the present invention, the method also includes:
When the UUID information stored in the current UUID information and user mobile phone for judging user mobile phone does not match that, notice
Certificate server abolishes the UUID information of storage, and completes the authentication of UUID information again, stores new available UUID letter
Breath.
In the above-mentioned mobile phone application automatic identity authentication method of the embodiment of the present invention, the UUID information includes: mobile phone
The integrated circuit card of information and subscriber identification card (Subscriber Identification Module, referred to as " SIM ")
Identification code (Integrate circuit card identity, referred to as " ICCID "), the cellphone information include: mobile phone series
Number, international mobile subscriber identity (the International Mobile Subscriber Identification of mobile phone
Number, referred to as " IMSI "), WIFI MAC Address, Device_ID, Android_ID, Installtion ID, SIM card
At least one of IMSI.
On the other hand, the embodiment of the invention provides a kind of mobile phone application automatic identity authentication systems, comprising: stores hand
User mobile phone, certificate server, the business platform of machine APP, the user mobile phone include: to authenticate SDK and communication module,
SDK is authenticated, UUID information is added for calculating the UUID information of user mobile phone, and using preset public key
It is close;
Communication module, comprising: WAP gateway unit, for sending encryption to certificate server by WAP gateway unit
UUID information and subscriber phone number information, the subscriber phone number information are added by the WAP gateway;
Certificate server, for being decoded by the UUID information of preset private key pair encryption, and will be decoded
The identity information of UUID information, user mobile phone information and user's registration matches, and completes the authentication of UUID information, described
UUID information is separately stored in user mobile phone and certificate server in authentication;
SDK is authenticated, is also used to obtain the UUID information stored in user mobile phone, and utilize when user logs in cell phone application
Preset public key encrypts UUID information;
Communication module further includes WIFI unit, for being taken by WAP gateway unit or WIFI unit to business platform transmission
Service request with encryption UUID information;
Business platform, the encryption UUID information for will receive are forwarded to certificate server;
Certificate server is also used to be decoded the encryption UUID received using preset private key, and will be after decoding
UUID information and the UUID information of storage match, to obtain corresponding subscriber identity information;
Certificate server is also used to feed back corresponding user's ID authentication information to business platform, completes user identity
Automated validation, the user's ID authentication information include: user identity authentication result and corresponding subscriber identity information.
In the above-mentioned mobile phone application automatic identity authentication system of the embodiment of the present invention, sent out in certification SDK to business platform
Before sending the service request for carrying encryption UUID information,
SDK is authenticated, whether the operating system for being also used to detect cell phone application is true cell phone system.
In the above-mentioned mobile phone application automatic identity authentication system of the embodiment of the present invention, sent out in certification SDK to business platform
Before sending the service request for carrying encryption UUID information,
Authenticate SDK, be also used to recalculate the current UUID information of user mobile phone, and with the UUID that is stored in user mobile phone
Information matches, to judge whether the UUID information stored in user mobile phone can be used.
In the above-mentioned mobile phone application automatic identity authentication system of the embodiment of the present invention, the certification SDK is also used to work as and sentence
When the UUID information stored in the current UUID information and user mobile phone of disconnected user mobile phone does not match that, notice certificate server is useless
Except the UUID information of storage, and reopen the authentication of new UUID information.
In the above-mentioned mobile phone application automatic identity authentication system of the embodiment of the present invention, the UUID information includes: mobile phone
Information and SIM card ICCID mark, the cellphone information include: mobile phone series number, mobile phone IMEI, WIFI MAC Address,
At least one of Device_ID, Android_ID, Installtion ID, the IMSI of SIM card.
Technical solution provided in an embodiment of the present invention has the benefit that
The embodiment of the present invention stores UUID letter by first completing the authentication of UUID information in certificate server
Breath carries encryption UUID information to business platform transmission by the communication module of user mobile phone when user logs in cell phone application
Service request then the encryption UUID information received is forwarded to by certificate server by business platform, and taken by certification
Preset private key is decoded it in business device, finally by certificate server to the UUID of decoded UUID information and storage
Information matches, and corresponding subscriber identity information is obtained, authentication should be employed certainly to complete mobile phone.The mobile phone is applied leaves certainly
Identity authentication method is based on HTTP request, and relative to short message identity identifying method, efficiently, reliably, controllably, user experience is more preferably;And
It is subsequent that any network can be used and using WAP gateway when only needing to be performed the authentication of UUID information in authentication procedures
Access, it is applied widely without relying on the WAP gateway in mobile data network;In addition, entire authentication procedures are fully automated
It completes, without user's manual operations, user's unaware, usage experience is good.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is a kind of mobile phone application automatic identity authentication method flow diagram that the embodiment of the present invention one provides;
Fig. 2 is a kind of mobile phone application automatic identity authentication method flow diagram provided by Embodiment 2 of the present invention;
Fig. 3 is a kind of structural schematic diagram for mobile phone application automatic identity authentication system that the embodiment of the present invention three provides.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention
Formula is described in further detail.
Embodiment one
The embodiment of the invention provides a kind of mobile phone application automatic identity authentication methods, are suitable for user and log in cell phone application
When be automatically performed authentication and automated log on, referring to Fig. 1, this method may include:
Step S11 calculates the UUID information of user mobile phone by certification SDK, and using preset public key to UUID information
It is encrypted.
In the present embodiment, UUID information may include: the ICCID of cellphone information and SIM card, and cellphone information includes: hand
Machine series number, IMEI, WIFI MAC Address of mobile phone, Device_ID, Android_ID, Installtion ID, SIM card
At least one of IMSI.User replaces SIM card, perhaps resets system or replacement mobile phone, and calculated UUID value is all different,
The uniqueness of energy effective guarantee UUID information in this way, has ensured the safety of subsequent user authentication.
The calculating of UUID can be calculated using SHA256 digest algorithm, and UUID sample calculation is as follows:
The IMEI:549355524028228 of mobile phone;
Handset serial: 021YLJ212C001879;
WIFI MAC Address: A6-02-B9-7F-71-33;
SIM card IMSI:460001357924680;
UUID=SHA256 (" 549355524028228 "+" 021YLJ212C001879 "+" A6-02-B9-7F-71-33 "
+"460001357924680")
=" 159e23ba26338897215f47f7de8a6a8f0bb1046f2b43d727ded8a3de e5d670a1 "
Needing instruction sheet is, the device attribute for participating in UUID calculating is more, and UUID information is safer, in practical applications may be used
To calculate corresponding UUID information according to different security level demands, here with no restrictions.
In addition, in the present embodiment, asymmetric encryption (such as RSA asymmetric encryption) is used to UUID information, with
Public key is preset in the mobile phone of family, and presets corresponding private key in certificate server, to ensure the peace of UUID information on the way in transmission
Quan Xing.
Step S12 sends the UUID information and use of encryption by the WAP gateway unit in communication module to certificate server
Family phone number information, subscriber phone number information are added by WAP gateway unit.
In the present embodiment, phone number field can be increased in HTTP Header by WAP gateway unit, after being convenient for
The identity information of continuous UUID information and user's registration matches.
Need to illustrate when, only it is in need in certificate server complete UUID information authentication (i.e. with user infuse
The identity information of volume matches) when, it just needs to transmit UUID information by WAP gateway unit and adds subscriber phone number letter
It ceases (needing to be switched to mobile data network), can be by WAP gateway unit when usually user logs in cell phone application, it can also be with
Data transmission is realized with business platform by WIFI unit.
Step S13 is decoded by the UUID information of private key pair encryption preset in certificate server, and will be after decoding
UUID information, user mobile phone information and user's registration identity information match, complete the authentication of UUID information, UUID
Information is separately stored in user mobile phone and certificate server in authentication.
In the present embodiment, UUID information and use that certificate server sends user mobile phone by WAP gateway unit
The identity information of family registration matches, convenient for completing automatic identity authentication subsequently through UUID information.
Step S14 obtains the UUID information stored in user mobile phone by certification SDK when user logs in cell phone application,
And UUID information is encrypted using preset public key in certification SDK.
In the present embodiment, the api interface of certification SDK can be called to obtain the UUID information stored in user mobile phone.
Step S15 sends the business for carrying encryption UUID information by the communication module of user mobile phone to business platform
Request, communication module includes: WAP gateway unit and WIFI unit.
In the present embodiment, it is only necessary to using WAP gateway when completing the authentication of UUID information, it is subsequent can be used it is any
Network accesses business platform, applied widely without relying on the WAP gateway in mobile data network as the prior art.
The encryption UUID information received is forwarded to certificate server by business platform, and is taken by certification by step S16
Preset private key is decoded it in business device.
In the present embodiment, in cell phone application and certificate server and business platform communication process, add using RSA is asymmetric
Close scheme encrypts data, i.e., cell phone application encrypts UUID using public key, and certificate server is decrypted using private key,
Network link and business platform can not obtain UUID in plain text in entire transmission process, ensure that UUID information only has authentication service
Device can decrypt identification, it is ensured that the safety and reliability of automatic identity authentication.
Step S17 by certificate server to the UUID information matches of decoded UUID information and storage, and obtains phase
The subscriber identity information answered.
Step S18 feeds back corresponding user's ID authentication information to business platform, completes the automated validation of user identity,
User's ID authentication information includes: user identity authentication result and corresponding subscriber identity information.
In the present embodiment, existing scheme relies on the WAP gateway in mobile data network, and target ip address needs to configure
In the white list of gateway;Use when the mobile phone application automatic identity authentication method only needs to be performed the authentication of UUID information
WAP gateway, it is subsequent that any network can be used to access, it is applied widely;Existing scheme relies on APP transmission short message completion identity and recognizes
Card, whole process rely on the forward efficiency of short message, and the time is uncontrollable, it is easy to time-out;The mobile phone application automatic identity authentication
Method is based entirely on HTTP request, and efficiently, reliably, controllably, user experience is more preferably;Other existing schemes need user to have been manually done
Verification process, user experience are bad;The fully automated completion of verification process of the mobile phone application automatic identity authentication method, Yong Huwu
Perception, usage experience are good.
The embodiment of the present invention stores UUID letter by first completing the authentication of UUID information in certificate server
Breath carries encryption UUID information to business platform transmission by the communication module of user mobile phone when user logs in cell phone application
Service request then the encryption UUID information received is forwarded to by certificate server by business platform, and taken by certification
Preset private key is decoded it in business device, finally by certificate server to the UUID of decoded UUID information and storage
Information matches, and corresponding subscriber identity information is obtained, authentication should be employed certainly to complete mobile phone.The mobile phone is applied leaves certainly
Identity authentication method is based on HTTP request, and relative to short message identity identifying method, efficiently, reliably, controllably, user experience is more preferably;And
It is subsequent that any network can be used and using WAP gateway when only needing to be performed the authentication of UUID information in authentication procedures
Access, it is applied widely without relying on the WAP gateway in mobile data network;In addition, entire authentication procedures are fully automated
It completes, without user's manual operations, user's unaware, usage experience is good.
Embodiment two
The embodiment of the invention provides a kind of mobile phone application automatic identity authentication methods, referring to fig. 2, this method and embodiment
Mobile phone application automatic identity authentication method in one, the difference is that be added to cell phone application running environment safety evaluation and
The UUID information reliability verification process stored in user mobile phone,
Specifically, referring to fig. 2, (exist before sending the service request for carrying encryption UUID information to business platform
Between step S14 and step S15), this method can also include:
Step S21 detects whether the operating system of cell phone application is true cell phone system by certification SDK.
In the present embodiment, the safety of SDK detection system running environment is authenticated, it is ensured that it is true cell phone system, and
It is not simulated environment, detects APP safety in operation, prevents from being debugged, decompiling operation etc. cracks means, it is ensured that cell phone application is stepped on
The safety of record.Need to illustrate when, above-mentioned steps S21 can also be carried out before step S11.
Step S22 recalculates the current UUID information of user mobile phone by authenticating SDK, and with stored in user mobile phone
UUID information match, to judge whether the UUID information stored in user mobile phone can be used.
In the present embodiment, when the UUID information that stores is not in the current UUID information and user mobile phone for judging user mobile phone
When matching, notice certificate server abolishes the UUID information of storage, and completes the authentication of UUID information again, and storage is new
Available UUID information (i.e. again complete step S11 to step be 13).When the current UUID information for judging user mobile phone and use
When the UUID information stored in the mobile phone of family matches, when notice refreshes the last verifying of UUID according to rule notice certificate server
Between, and continue to execute downwards, i.e. execution step S15.
The embodiment of the present invention stores UUID letter by first completing the authentication of UUID information in certificate server
Breath carries encryption UUID information to business platform transmission by the communication module of user mobile phone when user logs in cell phone application
Service request then the encryption UUID information received is forwarded to by certificate server by business platform, and taken by certification
Preset private key is decoded it in business device, finally by certificate server to the UUID of decoded UUID information and storage
Information matches, and corresponding subscriber identity information is obtained, authentication should be employed certainly to complete mobile phone.The mobile phone is applied leaves certainly
Identity authentication method is based on HTTP request, and relative to short message identity identifying method, efficiently, reliably, controllably, user experience is more preferably;And
It is subsequent that any network can be used and using WAP gateway when only needing to be performed the authentication of UUID information in authentication procedures
Access, it is applied widely without relying on the WAP gateway in mobile data network;In addition, entire authentication procedures are fully automated
It completes, without user's manual operations, user's unaware, usage experience is good.
Embodiment three,
The embodiment of the invention provides a kind of mobile phone application automatic identity authentication systems, realize described in embodiment one and two
Method, referring to Fig. 3, the system may include: store cell phone application user mobile phone 100, certificate server 200, business it is flat
Platform 300, user mobile phone 100 include: certification SDK101 and communication module 102.
SDK101 is authenticated, UUID information is carried out for calculating the UUID information of user mobile phone, and using preset public key
Encryption.
In the present embodiment, UUID information may include: the ICCID of cellphone information and SIM card, and cellphone information includes: hand
Machine series number, IMEI, WIFI MAC Address of mobile phone, Device_ID, Android_ID, Installtion ID, SIM card
At least one of IMSI.User replaces SIM card, perhaps resets system or replacement mobile phone, and calculated UUID value is all different,
The uniqueness of energy effective guarantee UUID information in this way, has ensured the safety of subsequent user authentication.
The calculating of UUID can be calculated using SHA256 digest algorithm, and UUID sample calculation is as follows:
The IMEI:549355524028228 of mobile phone;
Handset serial: 021YLJ212C001879;
WIFI MAC Address: A6-02-B9-7F-71-33;
SIM card IMSI:460001357924680;
UUID=SHA256 (" 549355524028228 "+" 021YLJ212C001879 "+" A6-02-B9-7F-71-33 "
+"460001357924680")
=" 159e23ba26338897215f47f7de8a6a8f0bb1046f2b43d727ded8a3de e5d670a1 "
Needing instruction sheet is, the device attribute for participating in UUID calculating is more, and UUID information is safer, in practical applications may be used
To calculate corresponding UUID information according to different security level demands, here with no restrictions.
In addition, in the present embodiment, asymmetric encryption (such as RSA asymmetric encryption) is used to UUID information, with
Public key is preset in the mobile phone of family, and presets corresponding private key in certificate server, to ensure the peace of UUID information on the way in transmission
Quan Xing.
Communication module 102, comprising: WAP gateway unit (does not indicate) in attached drawing, for passing through WAP gateway unit to certification
Server sends the UUID information and subscriber phone number information of encryption, and subscriber phone number information is added by WAP gateway.
In the present embodiment, phone number field can be increased in HTTP Header by WAP gateway unit, after being convenient for
The identity information of continuous UUID information and user's registration matches.
Need to illustrate when, only it is in need in certificate server complete UUID information authentication (i.e. with user infuse
The identity information of volume matches) when, it just needs to transmit UUID information by WAP gateway unit and adds subscriber phone number letter
It ceases (needing to be switched to mobile data network), can be by WAP gateway unit when usually user logs in cell phone application, it can also be with
Data transmission is realized with business platform by WIFI unit.
Certificate server 200, for being decoded by the UUID information of preset private key pair encryption, and will be decoded
The identity information of UUID information, user mobile phone information and user's registration matches, and completes the authentication of UUID information, UUID letter
Breath is separately stored in user mobile phone and certificate server in authentication.
In the present embodiment, UUID information and use that certificate server sends user mobile phone by WAP gateway unit
The identity information of family registration matches, convenient for completing automatic identity authentication subsequently through UUID information.
SDK101 is authenticated, is also used to obtain the UUID information stored in user mobile phone when user logs in cell phone application, and
UUID information is encrypted using preset public key.
In the present embodiment, the api interface of certification SDK can be called to obtain the UUID information stored in user mobile phone.
Communication module 102 further includes WIFI unit (not indicating in attached drawing), for mono- by WAP gateway unit or WIFI
Member sends the service request for carrying encryption UUID information to business platform.
In the present embodiment, it is only necessary to using WAP gateway when completing the authentication of UUID information, it is subsequent can be used it is any
Network accesses business platform, applied widely without relying on the WAP gateway in mobile data network as the prior art.
Business platform 300, the encryption UUID information for will receive are forwarded to certificate server 200.
Certificate server 200 is also used to be decoded the encryption UUID received using preset private key, and will decoding
The UUID information of UUID information and storage afterwards matches, to obtain corresponding subscriber identity information.
In the present embodiment, in cell phone application and certificate server and business platform communication process, add using RSA is asymmetric
Close scheme encrypts data, i.e., cell phone application encrypts UUID using public key, and certificate server is decrypted using private key,
Network link and business platform can not obtain UUID in plain text in entire transmission process, ensure that UUID information only has authentication service
Device can decrypt identification, it is ensured that the safety and reliability of automatic identity authentication.
Certificate server 200 is also used to feed back corresponding user's ID authentication information to business platform, completes user identity
Automated validation, user's ID authentication information includes: user identity authentication result and corresponding subscriber identity information.
In the present embodiment, existing scheme relies on the WAP gateway in mobile data network, and target ip address needs to configure
In the white list of gateway;Use when the mobile phone application automatic identity authentication method only needs to be performed the authentication of UUID information
WAP gateway, it is subsequent that any network can be used to access, it is applied widely;Existing scheme relies on APP transmission short message completion identity and recognizes
Card, whole process rely on the forward efficiency of short message, and the time is uncontrollable, it is easy to time-out;The mobile phone application automatic identity authentication
Method is based entirely on HTTP request, and efficiently, reliably, controllably, user experience is more preferably;Other existing schemes need user to have been manually done
Verification process, user experience are bad;The fully automated completion of verification process of the mobile phone application automatic identity authentication method, Yong Huwu
Perception, usage experience are good.
Optionally, before certification SDK sends the service request for carrying encryption UUID information to business platform, certification
SDK101, whether the operating system for being also used to detect cell phone application is true cell phone system.
In the present embodiment, the safety of SDK detection system running environment is authenticated, it is ensured that it is true cell phone system, and
It is not simulated environment, detects APP safety in operation, prevents from being debugged, decompiling operation etc. cracks means, it is ensured that cell phone application is stepped on
The safety of record.
Optionally, before certification SDK sends the service request for carrying encryption UUID information to business platform, certification
SDK101, is also used to recalculate the current UUID information of user mobile phone, and with the UUID information phase that is stored in user mobile phone
Match, to judge whether the UUID information stored in user mobile phone can be used.
Further, SDK101 is authenticated, is also used to store up when in the current UUID information and user mobile phone for judging user mobile phone
When the UUID information deposited does not match that, notice certificate server abolishes the UUID information of storage, and reopens new UUID letter
The authentication of breath.
In the present embodiment, when the UUID information that stores is not in the current UUID information and user mobile phone for judging user mobile phone
When matching, notice certificate server abolishes the UUID information of storage, and completes the authentication of UUID information again, and storage is new
Available UUID information;When the UUID information stored in the current UUID information and user mobile phone for judging user mobile phone matches
When, notice refreshes the last verification time of UUID according to rule notice certificate server, and continues to execute downwards.
The embodiment of the present invention stores UUID letter by first completing the authentication of UUID information in certificate server
Breath carries encryption UUID information to business platform transmission by the communication module of user mobile phone when user logs in cell phone application
Service request then the encryption UUID information received is forwarded to by certificate server by business platform, and taken by certification
Preset private key is decoded it in business device, finally by certificate server to the UUID of decoded UUID information and storage
Information matches, and corresponding subscriber identity information is obtained, authentication should be employed certainly to complete mobile phone.The mobile phone is applied leaves certainly
Part Verification System, is based on HTTP request, and relative to short message identity identifying method, efficiently, reliably, controllably, user experience is more preferably;And
It is subsequent that any network can be used and using WAP gateway when only needing to be performed the authentication of UUID information in authentication procedures
Access, it is applied widely without relying on the WAP gateway in mobile data network;In addition, entire authentication procedures are fully automated
It completes, without user's manual operations, user's unaware, usage experience is good.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware
It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of mobile phone application automatic identity authentication method characterized by comprising
The UUID information of user mobile phone is calculated by certification SDK, and UUID information is encrypted using preset public key;
The UUID information and subscriber phone number letter of encryption are sent to certificate server by the WAP gateway unit in communication module
Breath, the subscriber phone number information are added by the WAP gateway unit;
Be decoded by the UUID information of private key pair encryption preset in certificate server, and by decoded UUID information,
The identity information of user mobile phone information and user's registration matches, and completes the authentication of UUID information, and the UUID information exists
It is separately stored in user mobile phone and certificate server when authentication;
When user logs in cell phone application, the UUID information stored in user mobile phone is obtained by certification SDK, and utilize certification SDK
In preset public key UUID information is encrypted;
The service request for carrying encryption UUID information, the communication are sent to business platform by the communication module of user mobile phone
Module includes: WAP gateway unit and WIFI unit;
The encryption UUID information received is forwarded to certificate server by business platform, and by preset in certificate server
Private key is decoded it;
By certificate server to the UUID information matches of decoded UUID information and storage, and obtain corresponding user identity
Information;
Corresponding user's ID authentication information is fed back to business platform, completes the automated validation of user identity, the user identity
Authentication information includes: user identity authentication result and corresponding subscriber identity information.
2. the method according to claim 1, wherein carrying encryption UUID information sending to business platform
Before service request, the method also includes:
Detect whether the operating system of cell phone application is true cell phone system by certification SDK.
3. according to the method described in claim 2, it is characterized in that, carrying encryption UUID information sending to business platform
Before service request, the method also includes:
Recalculate the current UUID information of user mobile phone by authenticating SDK, and with the UUID information phase that is stored in user mobile phone
Matching, to judge whether the UUID information stored in user mobile phone can be used.
4. according to the method described in claim 3, it is characterized in that, the method also includes:
When the UUID information stored in the current UUID information and user mobile phone for judging user mobile phone does not match that, notice certification
Server abolishes the UUID information of storage, and completes the authentication of UUID information again, stores new available UUID information.
5. method according to claim 1-4, which is characterized in that the UUID information include: cellphone information and
The ICCID of SIM card, the cellphone information include: mobile phone series number, IMEI, WIFI MAC Address of mobile phone, Device_ID,
At least one of Android_ID, Installtion ID, IMSI of SIM card.
6. a kind of mobile phone application automatic identity authentication system characterized by comprising store the user mobile phone of cell phone application, recognize
Server, business platform are demonstrate,proved, the user mobile phone includes: to authenticate SDK and communication module,
SDK is authenticated, UUID information is encrypted for calculating the UUID information of user mobile phone, and using preset public key;
Communication module, comprising: WAP gateway unit, for the UUID letter of encryption to be sent to certificate server by WAP gateway unit
Breath and subscriber phone number information, the subscriber phone number information are added by the WAP gateway;
Certificate server for being decoded by the UUID information of preset private key pair encryption, and decoded UUID is believed
The identity information of breath, user mobile phone information and user's registration matches, and completes the authentication of UUID information, the UUID information
It is separately stored in user mobile phone and certificate server in authentication;
SDK is authenticated, is also used to obtain the UUID information stored in user mobile phone when user logs in cell phone application, and utilize default
Public key UUID information is encrypted;
Communication module further includes WIFI unit, for being carried by WAP gateway unit or WIFI unit to business platform transmission
Encrypt the service request of UUID information;
Business platform, the encryption UUID information for will receive are forwarded to certificate server;
Certificate server is also used to be decoded the encryption UUID received using preset private key, and will be decoded
UUID information and the UUID information of storage match, to obtain corresponding subscriber identity information;
Certificate server is also used to feed back corresponding user's ID authentication information to business platform, completes the automatic of user identity
Certification, the user's ID authentication information includes: user identity authentication result and corresponding subscriber identity information.
7. system according to claim 6, which is characterized in that carry encryption to business platform transmission in certification SDK
Before the service request of UUID information,
SDK is authenticated, whether the operating system for being also used to detect cell phone application is true cell phone system.
8. system according to claim 7, which is characterized in that carry encryption to business platform transmission in certification SDK
Before the service request of UUID information,
Authenticate SDK, be also used to recalculate the current UUID information of user mobile phone, and with the UUID information that is stored in user mobile phone
Match, to judge whether the UUID information stored in user mobile phone can be used.
9. system according to claim 8, which is characterized in that the certification SDK is also used to judge working as user mobile phone
When the UUID information stored in preceding UUID information and user mobile phone does not match that, notice certificate server abolishes the UUID letter of storage
Breath, and reopen the authentication of new UUID information.
10. according to the described in any item systems of claim 6-9, which is characterized in that the UUID information include: cellphone information and
SIM card ICCID mark, the cellphone information include: mobile phone series number, IMEI, WIFI MAC Address of mobile phone, Device_ID,
At least one of Android_ID, Installtion ID, IMSI of SIM card.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810082623.6A CN110098933B (en) | 2018-01-29 | 2018-01-29 | Automatic identity authentication method and system for mobile phone application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810082623.6A CN110098933B (en) | 2018-01-29 | 2018-01-29 | Automatic identity authentication method and system for mobile phone application |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110098933A true CN110098933A (en) | 2019-08-06 |
CN110098933B CN110098933B (en) | 2021-09-14 |
Family
ID=67442761
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810082623.6A Active CN110098933B (en) | 2018-01-29 | 2018-01-29 | Automatic identity authentication method and system for mobile phone application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110098933B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI807707B (en) * | 2022-03-21 | 2023-07-01 | 中華電信股份有限公司 | Secure software update system, method and computer readable medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103259667A (en) * | 2013-06-07 | 2013-08-21 | 北京邮电大学 | Method and system for eID authentication on mobile terminal |
US20130254858A1 (en) * | 2012-03-26 | 2013-09-26 | Computer Associates Think, Inc. | Encoding an Authentication Session in a QR Code |
CN104052754A (en) * | 2014-06-26 | 2014-09-17 | 北京思特奇信息技术股份有限公司 | ID verification method and system for third-party App |
CN104579657A (en) * | 2013-10-11 | 2015-04-29 | 北大方正集团有限公司 | Method and device for identity authentication |
CN104753674A (en) * | 2013-12-31 | 2015-07-01 | 中国移动通信集团公司 | Application identity authentication method and device |
CN105095696A (en) * | 2015-06-25 | 2015-11-25 | 三星电子(中国)研发中心 | Method, system and apparatus for carrying out safety authentication on application programs |
CN105791262A (en) * | 2015-12-30 | 2016-07-20 | 广东亿迅科技有限公司 | APP real name authentication secure login system and method based on mobile phone IMSI |
-
2018
- 2018-01-29 CN CN201810082623.6A patent/CN110098933B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130254858A1 (en) * | 2012-03-26 | 2013-09-26 | Computer Associates Think, Inc. | Encoding an Authentication Session in a QR Code |
CN103259667A (en) * | 2013-06-07 | 2013-08-21 | 北京邮电大学 | Method and system for eID authentication on mobile terminal |
CN104579657A (en) * | 2013-10-11 | 2015-04-29 | 北大方正集团有限公司 | Method and device for identity authentication |
CN104753674A (en) * | 2013-12-31 | 2015-07-01 | 中国移动通信集团公司 | Application identity authentication method and device |
CN104052754A (en) * | 2014-06-26 | 2014-09-17 | 北京思特奇信息技术股份有限公司 | ID verification method and system for third-party App |
CN105095696A (en) * | 2015-06-25 | 2015-11-25 | 三星电子(中国)研发中心 | Method, system and apparatus for carrying out safety authentication on application programs |
CN105791262A (en) * | 2015-12-30 | 2016-07-20 | 广东亿迅科技有限公司 | APP real name authentication secure login system and method based on mobile phone IMSI |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI807707B (en) * | 2022-03-21 | 2023-07-01 | 中華電信股份有限公司 | Secure software update system, method and computer readable medium |
Also Published As
Publication number | Publication date |
---|---|
CN110098933B (en) | 2021-09-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102018971B1 (en) | Method for enabling network access device to access wireless network access point, network access device, application server and non-volatile computer readable storage medium | |
US9954687B2 (en) | Establishing a wireless connection to a wireless access point | |
US8214649B2 (en) | System and method for secure communications between at least one user device and a network entity | |
CN105450403B (en) | Identity identifying method, device and server | |
CN105847245B (en) | Electronic mailbox login authentication method and device | |
CN107241339B (en) | Identity authentication method, identity authentication device and storage medium | |
US20100197293A1 (en) | Remote computer access authentication using a mobile device | |
CN107086979B (en) | User terminal verification login method and device | |
CN103210607B (en) | The method and apparatus that the service provided by WEB server is carried out secure registration | |
TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
WO2016115807A1 (en) | Wireless router access processing method and device, and wireless router access method and device | |
DK2924944T3 (en) | Presence authentication | |
US8943567B2 (en) | Authentication of personal data over telecommunications system | |
CN103905194A (en) | Identity traceability authentication method and system | |
CN109729000B (en) | Instant messaging method and device | |
WO2017088548A1 (en) | Communication method based on social identity, and server | |
CN105516054A (en) | User authentication method and user authentication device | |
WO2018099407A1 (en) | Account authentication login method and device | |
CN110098933A (en) | A kind of mobile phone application automatic identity authentication method and system | |
CN101483867B (en) | User identity verification method, related device and system in WAP service | |
CN109150661A (en) | A kind of method for discovering equipment and device | |
US8990349B2 (en) | Identifying a location of a server | |
CN103414707B (en) | message access processing method and device | |
CN102811146A (en) | Method and device for detecting message processing environment | |
Zefferer et al. | Harnessing electronic signatures to improve the security of SMS-based services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |