CN110098933A - A kind of mobile phone application automatic identity authentication method and system - Google Patents

A kind of mobile phone application automatic identity authentication method and system Download PDF

Info

Publication number
CN110098933A
CN110098933A CN201810082623.6A CN201810082623A CN110098933A CN 110098933 A CN110098933 A CN 110098933A CN 201810082623 A CN201810082623 A CN 201810082623A CN 110098933 A CN110098933 A CN 110098933A
Authority
CN
China
Prior art keywords
information
uuid
mobile phone
user
uuid information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810082623.6A
Other languages
Chinese (zh)
Other versions
CN110098933B (en
Inventor
董庆军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aspire Digital Technologies Shenzhen Co Ltd
Original Assignee
Aspire Digital Technologies Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aspire Digital Technologies Shenzhen Co Ltd filed Critical Aspire Digital Technologies Shenzhen Co Ltd
Priority to CN201810082623.6A priority Critical patent/CN110098933B/en
Publication of CN110098933A publication Critical patent/CN110098933A/en
Application granted granted Critical
Publication of CN110098933B publication Critical patent/CN110098933B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/08Upper layer protocols
    • H04W80/12Application layer protocols, e.g. WAP [Wireless Application Protocol]

Abstract

The invention discloses a kind of mobile phone application automatic identity authentication method and systems.The described method includes: first completing the authentication of UUID information in certificate server;The service request for carrying encryption UUID information is sent to business platform by the communication module of user mobile phone;The encryption UUID information received is forwarded to certificate server by business platform, and it is decoded by private key preset in certificate server;By certificate server to the UUID information matches of decoded UUID information and storage, authentication should be employed certainly to complete mobile phone.Method provided by the invention is based on HTTP request, and efficiently, controllably, user experience is good;And WAP gateway is used when only needing to be performed the authentication of UUID information in authentication procedures, and it is subsequent that any network can be used to access, it is applied widely;In addition, entire authentication procedures are automatically performed, without user's manual operations, user's unaware, usage experience is good.

Description

A kind of mobile phone application automatic identity authentication method and system
Technical field
The present invention relates to mobile communication technology field, in particular to a kind of mobile phone application automatic identity authentication method and it is System.
Background technique
With the rapid development of mobile Internet, types of functionality mobile phone application (Application, abbreviation abundant " APP ") welcome by user, inlet function of the user identity authentication as types of applications, by the weight for researching and developing occurrences in human life in the industry Depending on.
Currently, the mode of cell phone application user authentication is mainly include the following types: 1, Wireless Application Protocol (Wireless Application Protocol, referred to as " WAP ") gateway white list mode: server ip address is configured to the WAP net of operator It closes in white list, when user APP accesses server-side in application, WAP gateway can be the cell-phone number of user by mobile data network Code is added in HTTP Header, and server-side is applied and obtains subscriber phone number from Header.2, it is sent by mobile phone The mode of short message: independent short message port is applied in server-side application, and cell phone application sends the SMS to the short message port, meeting in short message Carrying mobile phone number information, server-side obtain phone number from short message.3, user's craft input handset number, server-side is sent Short message verification code mode: i.e. user hand workforce accreditation, log on to business platform, the short message that server-side is sent is equivalent to verifying cell-phone number Code belongs to active user.4, user manually enters email mailbox, and server-side sends verifying lettergram mode: user is registering The mailbox of oneself is inputted in the page, server-side sends verifying mail, and user, which mails, clicks confirmation.5, user is defeated by hand The registration of access customer name, verifies email mailbox or phone number.In order to promote user experience, in the platform of mobile operator Preferentially using the first, the second way, entire verification process is automatically performed, and does not need user's participation.
But in above-mentioned identity identifying method, the WAP gateway white list that the certification of WAP gateway white list relies on operator is matched It sets, it is invalid to surf the Internet for mobile phone wifi;It authenticates to exist by sending short message by mobile phone and sends short message cost, and short message is using storage Pass-through mode, the time for reaching server are uncontrollable;Other needs have been manually done, and user experience is not good enough.
Summary of the invention
In order to solve problems in the prior art, the embodiment of the invention provides a kind of mobile phone application automatic identity authentication methods And system.The technical solution is as follows:
On the one hand, the embodiment of the invention provides a kind of mobile phone application automatic identity authentication methods, which comprises
User hand is calculated by certification Software Development Kit (Software Development Kit, referred to as " SDK ") Universally Unique Identifier (Universally Unique Identifier, referred to as " UUID ") information of machine, and utilize preset Public key encrypts UUID information;
The UUID information and user mobile phone number of encryption are sent to certificate server by the WAP gateway unit in communication module Code information, the subscriber phone number information are added by the WAP gateway unit;
It is decoded by the UUID information of private key pair encryption preset in certificate server, and decoded UUID is believed The identity information of breath, user mobile phone information and user's registration matches, and completes the authentication of UUID information, the UUID information It is separately stored in user mobile phone and certificate server in authentication;
When user logs in cell phone application, the UUID information stored in user mobile phone is obtained by certification SDK, and utilize and recognize Preset public key encrypts UUID information in card SDK;
The service request for carrying encryption UUID information is sent to business platform by the communication module of user mobile phone, it is described Communication module includes: WAP gateway unit and WIFI unit;
The encryption UUID information received is forwarded to certificate server by business platform, and by pre- in certificate server If private key it is decoded;
By certificate server to the UUID information matches of decoded UUID information and storage, and obtain corresponding user Identity information;
Corresponding user's ID authentication information is fed back to business platform, completes the automated validation of user identity, the user Authentication information includes: user identity authentication result and corresponding subscriber identity information.
In the above-mentioned mobile phone application automatic identity authentication method of the embodiment of the present invention, carried to business platform transmission Before the service request for encrypting UUID information, the method also includes:
Detect whether the operating system of cell phone application is true cell phone system by certification SDK.
In the above-mentioned mobile phone application automatic identity authentication method of the embodiment of the present invention, carried to business platform transmission Before the service request for encrypting UUID information, the method also includes:
The current UUID information of user mobile phone is recalculated by authenticating SDK, and is believed with the UUID stored in user mobile phone Manner of breathing matching, to judge whether the UUID information stored in user mobile phone can be used.
In the above-mentioned mobile phone application automatic identity authentication method of the embodiment of the present invention, the method also includes:
When the UUID information stored in the current UUID information and user mobile phone for judging user mobile phone does not match that, notice Certificate server abolishes the UUID information of storage, and completes the authentication of UUID information again, stores new available UUID letter Breath.
In the above-mentioned mobile phone application automatic identity authentication method of the embodiment of the present invention, the UUID information includes: mobile phone The integrated circuit card of information and subscriber identification card (Subscriber Identification Module, referred to as " SIM ") Identification code (Integrate circuit card identity, referred to as " ICCID "), the cellphone information include: mobile phone series Number, international mobile subscriber identity (the International Mobile Subscriber Identification of mobile phone Number, referred to as " IMSI "), WIFI MAC Address, Device_ID, Android_ID, Installtion ID, SIM card At least one of IMSI.
On the other hand, the embodiment of the invention provides a kind of mobile phone application automatic identity authentication systems, comprising: stores hand User mobile phone, certificate server, the business platform of machine APP, the user mobile phone include: to authenticate SDK and communication module,
SDK is authenticated, UUID information is added for calculating the UUID information of user mobile phone, and using preset public key It is close;
Communication module, comprising: WAP gateway unit, for sending encryption to certificate server by WAP gateway unit UUID information and subscriber phone number information, the subscriber phone number information are added by the WAP gateway;
Certificate server, for being decoded by the UUID information of preset private key pair encryption, and will be decoded The identity information of UUID information, user mobile phone information and user's registration matches, and completes the authentication of UUID information, described UUID information is separately stored in user mobile phone and certificate server in authentication;
SDK is authenticated, is also used to obtain the UUID information stored in user mobile phone, and utilize when user logs in cell phone application Preset public key encrypts UUID information;
Communication module further includes WIFI unit, for being taken by WAP gateway unit or WIFI unit to business platform transmission Service request with encryption UUID information;
Business platform, the encryption UUID information for will receive are forwarded to certificate server;
Certificate server is also used to be decoded the encryption UUID received using preset private key, and will be after decoding UUID information and the UUID information of storage match, to obtain corresponding subscriber identity information;
Certificate server is also used to feed back corresponding user's ID authentication information to business platform, completes user identity Automated validation, the user's ID authentication information include: user identity authentication result and corresponding subscriber identity information.
In the above-mentioned mobile phone application automatic identity authentication system of the embodiment of the present invention, sent out in certification SDK to business platform Before sending the service request for carrying encryption UUID information,
SDK is authenticated, whether the operating system for being also used to detect cell phone application is true cell phone system.
In the above-mentioned mobile phone application automatic identity authentication system of the embodiment of the present invention, sent out in certification SDK to business platform Before sending the service request for carrying encryption UUID information,
Authenticate SDK, be also used to recalculate the current UUID information of user mobile phone, and with the UUID that is stored in user mobile phone Information matches, to judge whether the UUID information stored in user mobile phone can be used.
In the above-mentioned mobile phone application automatic identity authentication system of the embodiment of the present invention, the certification SDK is also used to work as and sentence When the UUID information stored in the current UUID information and user mobile phone of disconnected user mobile phone does not match that, notice certificate server is useless Except the UUID information of storage, and reopen the authentication of new UUID information.
In the above-mentioned mobile phone application automatic identity authentication system of the embodiment of the present invention, the UUID information includes: mobile phone Information and SIM card ICCID mark, the cellphone information include: mobile phone series number, mobile phone IMEI, WIFI MAC Address, At least one of Device_ID, Android_ID, Installtion ID, the IMSI of SIM card.
Technical solution provided in an embodiment of the present invention has the benefit that
The embodiment of the present invention stores UUID letter by first completing the authentication of UUID information in certificate server Breath carries encryption UUID information to business platform transmission by the communication module of user mobile phone when user logs in cell phone application Service request then the encryption UUID information received is forwarded to by certificate server by business platform, and taken by certification Preset private key is decoded it in business device, finally by certificate server to the UUID of decoded UUID information and storage Information matches, and corresponding subscriber identity information is obtained, authentication should be employed certainly to complete mobile phone.The mobile phone is applied leaves certainly Identity authentication method is based on HTTP request, and relative to short message identity identifying method, efficiently, reliably, controllably, user experience is more preferably;And It is subsequent that any network can be used and using WAP gateway when only needing to be performed the authentication of UUID information in authentication procedures Access, it is applied widely without relying on the WAP gateway in mobile data network;In addition, entire authentication procedures are fully automated It completes, without user's manual operations, user's unaware, usage experience is good.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.
Fig. 1 is a kind of mobile phone application automatic identity authentication method flow diagram that the embodiment of the present invention one provides;
Fig. 2 is a kind of mobile phone application automatic identity authentication method flow diagram provided by Embodiment 2 of the present invention;
Fig. 3 is a kind of structural schematic diagram for mobile phone application automatic identity authentication system that the embodiment of the present invention three provides.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention Formula is described in further detail.
Embodiment one
The embodiment of the invention provides a kind of mobile phone application automatic identity authentication methods, are suitable for user and log in cell phone application When be automatically performed authentication and automated log on, referring to Fig. 1, this method may include:
Step S11 calculates the UUID information of user mobile phone by certification SDK, and using preset public key to UUID information It is encrypted.
In the present embodiment, UUID information may include: the ICCID of cellphone information and SIM card, and cellphone information includes: hand Machine series number, IMEI, WIFI MAC Address of mobile phone, Device_ID, Android_ID, Installtion ID, SIM card At least one of IMSI.User replaces SIM card, perhaps resets system or replacement mobile phone, and calculated UUID value is all different, The uniqueness of energy effective guarantee UUID information in this way, has ensured the safety of subsequent user authentication.
The calculating of UUID can be calculated using SHA256 digest algorithm, and UUID sample calculation is as follows:
The IMEI:549355524028228 of mobile phone;
Handset serial: 021YLJ212C001879;
WIFI MAC Address: A6-02-B9-7F-71-33;
SIM card IMSI:460001357924680;
UUID=SHA256 (" 549355524028228 "+" 021YLJ212C001879 "+" A6-02-B9-7F-71-33 " +"460001357924680")
=" 159e23ba26338897215f47f7de8a6a8f0bb1046f2b43d727ded8a3de e5d670a1 "
Needing instruction sheet is, the device attribute for participating in UUID calculating is more, and UUID information is safer, in practical applications may be used To calculate corresponding UUID information according to different security level demands, here with no restrictions.
In addition, in the present embodiment, asymmetric encryption (such as RSA asymmetric encryption) is used to UUID information, with Public key is preset in the mobile phone of family, and presets corresponding private key in certificate server, to ensure the peace of UUID information on the way in transmission Quan Xing.
Step S12 sends the UUID information and use of encryption by the WAP gateway unit in communication module to certificate server Family phone number information, subscriber phone number information are added by WAP gateway unit.
In the present embodiment, phone number field can be increased in HTTP Header by WAP gateway unit, after being convenient for The identity information of continuous UUID information and user's registration matches.
Need to illustrate when, only it is in need in certificate server complete UUID information authentication (i.e. with user infuse The identity information of volume matches) when, it just needs to transmit UUID information by WAP gateway unit and adds subscriber phone number letter It ceases (needing to be switched to mobile data network), can be by WAP gateway unit when usually user logs in cell phone application, it can also be with Data transmission is realized with business platform by WIFI unit.
Step S13 is decoded by the UUID information of private key pair encryption preset in certificate server, and will be after decoding UUID information, user mobile phone information and user's registration identity information match, complete the authentication of UUID information, UUID Information is separately stored in user mobile phone and certificate server in authentication.
In the present embodiment, UUID information and use that certificate server sends user mobile phone by WAP gateway unit The identity information of family registration matches, convenient for completing automatic identity authentication subsequently through UUID information.
Step S14 obtains the UUID information stored in user mobile phone by certification SDK when user logs in cell phone application, And UUID information is encrypted using preset public key in certification SDK.
In the present embodiment, the api interface of certification SDK can be called to obtain the UUID information stored in user mobile phone.
Step S15 sends the business for carrying encryption UUID information by the communication module of user mobile phone to business platform Request, communication module includes: WAP gateway unit and WIFI unit.
In the present embodiment, it is only necessary to using WAP gateway when completing the authentication of UUID information, it is subsequent can be used it is any Network accesses business platform, applied widely without relying on the WAP gateway in mobile data network as the prior art.
The encryption UUID information received is forwarded to certificate server by business platform, and is taken by certification by step S16 Preset private key is decoded it in business device.
In the present embodiment, in cell phone application and certificate server and business platform communication process, add using RSA is asymmetric Close scheme encrypts data, i.e., cell phone application encrypts UUID using public key, and certificate server is decrypted using private key, Network link and business platform can not obtain UUID in plain text in entire transmission process, ensure that UUID information only has authentication service Device can decrypt identification, it is ensured that the safety and reliability of automatic identity authentication.
Step S17 by certificate server to the UUID information matches of decoded UUID information and storage, and obtains phase The subscriber identity information answered.
Step S18 feeds back corresponding user's ID authentication information to business platform, completes the automated validation of user identity, User's ID authentication information includes: user identity authentication result and corresponding subscriber identity information.
In the present embodiment, existing scheme relies on the WAP gateway in mobile data network, and target ip address needs to configure In the white list of gateway;Use when the mobile phone application automatic identity authentication method only needs to be performed the authentication of UUID information WAP gateway, it is subsequent that any network can be used to access, it is applied widely;Existing scheme relies on APP transmission short message completion identity and recognizes Card, whole process rely on the forward efficiency of short message, and the time is uncontrollable, it is easy to time-out;The mobile phone application automatic identity authentication Method is based entirely on HTTP request, and efficiently, reliably, controllably, user experience is more preferably;Other existing schemes need user to have been manually done Verification process, user experience are bad;The fully automated completion of verification process of the mobile phone application automatic identity authentication method, Yong Huwu Perception, usage experience are good.
The embodiment of the present invention stores UUID letter by first completing the authentication of UUID information in certificate server Breath carries encryption UUID information to business platform transmission by the communication module of user mobile phone when user logs in cell phone application Service request then the encryption UUID information received is forwarded to by certificate server by business platform, and taken by certification Preset private key is decoded it in business device, finally by certificate server to the UUID of decoded UUID information and storage Information matches, and corresponding subscriber identity information is obtained, authentication should be employed certainly to complete mobile phone.The mobile phone is applied leaves certainly Identity authentication method is based on HTTP request, and relative to short message identity identifying method, efficiently, reliably, controllably, user experience is more preferably;And It is subsequent that any network can be used and using WAP gateway when only needing to be performed the authentication of UUID information in authentication procedures Access, it is applied widely without relying on the WAP gateway in mobile data network;In addition, entire authentication procedures are fully automated It completes, without user's manual operations, user's unaware, usage experience is good.
Embodiment two
The embodiment of the invention provides a kind of mobile phone application automatic identity authentication methods, referring to fig. 2, this method and embodiment Mobile phone application automatic identity authentication method in one, the difference is that be added to cell phone application running environment safety evaluation and The UUID information reliability verification process stored in user mobile phone,
Specifically, referring to fig. 2, (exist before sending the service request for carrying encryption UUID information to business platform Between step S14 and step S15), this method can also include:
Step S21 detects whether the operating system of cell phone application is true cell phone system by certification SDK.
In the present embodiment, the safety of SDK detection system running environment is authenticated, it is ensured that it is true cell phone system, and It is not simulated environment, detects APP safety in operation, prevents from being debugged, decompiling operation etc. cracks means, it is ensured that cell phone application is stepped on The safety of record.Need to illustrate when, above-mentioned steps S21 can also be carried out before step S11.
Step S22 recalculates the current UUID information of user mobile phone by authenticating SDK, and with stored in user mobile phone UUID information match, to judge whether the UUID information stored in user mobile phone can be used.
In the present embodiment, when the UUID information that stores is not in the current UUID information and user mobile phone for judging user mobile phone When matching, notice certificate server abolishes the UUID information of storage, and completes the authentication of UUID information again, and storage is new Available UUID information (i.e. again complete step S11 to step be 13).When the current UUID information for judging user mobile phone and use When the UUID information stored in the mobile phone of family matches, when notice refreshes the last verifying of UUID according to rule notice certificate server Between, and continue to execute downwards, i.e. execution step S15.
The embodiment of the present invention stores UUID letter by first completing the authentication of UUID information in certificate server Breath carries encryption UUID information to business platform transmission by the communication module of user mobile phone when user logs in cell phone application Service request then the encryption UUID information received is forwarded to by certificate server by business platform, and taken by certification Preset private key is decoded it in business device, finally by certificate server to the UUID of decoded UUID information and storage Information matches, and corresponding subscriber identity information is obtained, authentication should be employed certainly to complete mobile phone.The mobile phone is applied leaves certainly Identity authentication method is based on HTTP request, and relative to short message identity identifying method, efficiently, reliably, controllably, user experience is more preferably;And It is subsequent that any network can be used and using WAP gateway when only needing to be performed the authentication of UUID information in authentication procedures Access, it is applied widely without relying on the WAP gateway in mobile data network;In addition, entire authentication procedures are fully automated It completes, without user's manual operations, user's unaware, usage experience is good.
Embodiment three,
The embodiment of the invention provides a kind of mobile phone application automatic identity authentication systems, realize described in embodiment one and two Method, referring to Fig. 3, the system may include: store cell phone application user mobile phone 100, certificate server 200, business it is flat Platform 300, user mobile phone 100 include: certification SDK101 and communication module 102.
SDK101 is authenticated, UUID information is carried out for calculating the UUID information of user mobile phone, and using preset public key Encryption.
In the present embodiment, UUID information may include: the ICCID of cellphone information and SIM card, and cellphone information includes: hand Machine series number, IMEI, WIFI MAC Address of mobile phone, Device_ID, Android_ID, Installtion ID, SIM card At least one of IMSI.User replaces SIM card, perhaps resets system or replacement mobile phone, and calculated UUID value is all different, The uniqueness of energy effective guarantee UUID information in this way, has ensured the safety of subsequent user authentication.
The calculating of UUID can be calculated using SHA256 digest algorithm, and UUID sample calculation is as follows:
The IMEI:549355524028228 of mobile phone;
Handset serial: 021YLJ212C001879;
WIFI MAC Address: A6-02-B9-7F-71-33;
SIM card IMSI:460001357924680;
UUID=SHA256 (" 549355524028228 "+" 021YLJ212C001879 "+" A6-02-B9-7F-71-33 " +"460001357924680")
=" 159e23ba26338897215f47f7de8a6a8f0bb1046f2b43d727ded8a3de e5d670a1 "
Needing instruction sheet is, the device attribute for participating in UUID calculating is more, and UUID information is safer, in practical applications may be used To calculate corresponding UUID information according to different security level demands, here with no restrictions.
In addition, in the present embodiment, asymmetric encryption (such as RSA asymmetric encryption) is used to UUID information, with Public key is preset in the mobile phone of family, and presets corresponding private key in certificate server, to ensure the peace of UUID information on the way in transmission Quan Xing.
Communication module 102, comprising: WAP gateway unit (does not indicate) in attached drawing, for passing through WAP gateway unit to certification Server sends the UUID information and subscriber phone number information of encryption, and subscriber phone number information is added by WAP gateway.
In the present embodiment, phone number field can be increased in HTTP Header by WAP gateway unit, after being convenient for The identity information of continuous UUID information and user's registration matches.
Need to illustrate when, only it is in need in certificate server complete UUID information authentication (i.e. with user infuse The identity information of volume matches) when, it just needs to transmit UUID information by WAP gateway unit and adds subscriber phone number letter It ceases (needing to be switched to mobile data network), can be by WAP gateway unit when usually user logs in cell phone application, it can also be with Data transmission is realized with business platform by WIFI unit.
Certificate server 200, for being decoded by the UUID information of preset private key pair encryption, and will be decoded The identity information of UUID information, user mobile phone information and user's registration matches, and completes the authentication of UUID information, UUID letter Breath is separately stored in user mobile phone and certificate server in authentication.
In the present embodiment, UUID information and use that certificate server sends user mobile phone by WAP gateway unit The identity information of family registration matches, convenient for completing automatic identity authentication subsequently through UUID information.
SDK101 is authenticated, is also used to obtain the UUID information stored in user mobile phone when user logs in cell phone application, and UUID information is encrypted using preset public key.
In the present embodiment, the api interface of certification SDK can be called to obtain the UUID information stored in user mobile phone.
Communication module 102 further includes WIFI unit (not indicating in attached drawing), for mono- by WAP gateway unit or WIFI Member sends the service request for carrying encryption UUID information to business platform.
In the present embodiment, it is only necessary to using WAP gateway when completing the authentication of UUID information, it is subsequent can be used it is any Network accesses business platform, applied widely without relying on the WAP gateway in mobile data network as the prior art.
Business platform 300, the encryption UUID information for will receive are forwarded to certificate server 200.
Certificate server 200 is also used to be decoded the encryption UUID received using preset private key, and will decoding The UUID information of UUID information and storage afterwards matches, to obtain corresponding subscriber identity information.
In the present embodiment, in cell phone application and certificate server and business platform communication process, add using RSA is asymmetric Close scheme encrypts data, i.e., cell phone application encrypts UUID using public key, and certificate server is decrypted using private key, Network link and business platform can not obtain UUID in plain text in entire transmission process, ensure that UUID information only has authentication service Device can decrypt identification, it is ensured that the safety and reliability of automatic identity authentication.
Certificate server 200 is also used to feed back corresponding user's ID authentication information to business platform, completes user identity Automated validation, user's ID authentication information includes: user identity authentication result and corresponding subscriber identity information.
In the present embodiment, existing scheme relies on the WAP gateway in mobile data network, and target ip address needs to configure In the white list of gateway;Use when the mobile phone application automatic identity authentication method only needs to be performed the authentication of UUID information WAP gateway, it is subsequent that any network can be used to access, it is applied widely;Existing scheme relies on APP transmission short message completion identity and recognizes Card, whole process rely on the forward efficiency of short message, and the time is uncontrollable, it is easy to time-out;The mobile phone application automatic identity authentication Method is based entirely on HTTP request, and efficiently, reliably, controllably, user experience is more preferably;Other existing schemes need user to have been manually done Verification process, user experience are bad;The fully automated completion of verification process of the mobile phone application automatic identity authentication method, Yong Huwu Perception, usage experience are good.
Optionally, before certification SDK sends the service request for carrying encryption UUID information to business platform, certification SDK101, whether the operating system for being also used to detect cell phone application is true cell phone system.
In the present embodiment, the safety of SDK detection system running environment is authenticated, it is ensured that it is true cell phone system, and It is not simulated environment, detects APP safety in operation, prevents from being debugged, decompiling operation etc. cracks means, it is ensured that cell phone application is stepped on The safety of record.
Optionally, before certification SDK sends the service request for carrying encryption UUID information to business platform, certification SDK101, is also used to recalculate the current UUID information of user mobile phone, and with the UUID information phase that is stored in user mobile phone Match, to judge whether the UUID information stored in user mobile phone can be used.
Further, SDK101 is authenticated, is also used to store up when in the current UUID information and user mobile phone for judging user mobile phone When the UUID information deposited does not match that, notice certificate server abolishes the UUID information of storage, and reopens new UUID letter The authentication of breath.
In the present embodiment, when the UUID information that stores is not in the current UUID information and user mobile phone for judging user mobile phone When matching, notice certificate server abolishes the UUID information of storage, and completes the authentication of UUID information again, and storage is new Available UUID information;When the UUID information stored in the current UUID information and user mobile phone for judging user mobile phone matches When, notice refreshes the last verification time of UUID according to rule notice certificate server, and continues to execute downwards.
The embodiment of the present invention stores UUID letter by first completing the authentication of UUID information in certificate server Breath carries encryption UUID information to business platform transmission by the communication module of user mobile phone when user logs in cell phone application Service request then the encryption UUID information received is forwarded to by certificate server by business platform, and taken by certification Preset private key is decoded it in business device, finally by certificate server to the UUID of decoded UUID information and storage Information matches, and corresponding subscriber identity information is obtained, authentication should be employed certainly to complete mobile phone.The mobile phone is applied leaves certainly Part Verification System, is based on HTTP request, and relative to short message identity identifying method, efficiently, reliably, controllably, user experience is more preferably;And It is subsequent that any network can be used and using WAP gateway when only needing to be performed the authentication of UUID information in authentication procedures Access, it is applied widely without relying on the WAP gateway in mobile data network;In addition, entire authentication procedures are fully automated It completes, without user's manual operations, user's unaware, usage experience is good.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.

Claims (10)

1. a kind of mobile phone application automatic identity authentication method characterized by comprising
The UUID information of user mobile phone is calculated by certification SDK, and UUID information is encrypted using preset public key;
The UUID information and subscriber phone number letter of encryption are sent to certificate server by the WAP gateway unit in communication module Breath, the subscriber phone number information are added by the WAP gateway unit;
Be decoded by the UUID information of private key pair encryption preset in certificate server, and by decoded UUID information, The identity information of user mobile phone information and user's registration matches, and completes the authentication of UUID information, and the UUID information exists It is separately stored in user mobile phone and certificate server when authentication;
When user logs in cell phone application, the UUID information stored in user mobile phone is obtained by certification SDK, and utilize certification SDK In preset public key UUID information is encrypted;
The service request for carrying encryption UUID information, the communication are sent to business platform by the communication module of user mobile phone Module includes: WAP gateway unit and WIFI unit;
The encryption UUID information received is forwarded to certificate server by business platform, and by preset in certificate server Private key is decoded it;
By certificate server to the UUID information matches of decoded UUID information and storage, and obtain corresponding user identity Information;
Corresponding user's ID authentication information is fed back to business platform, completes the automated validation of user identity, the user identity Authentication information includes: user identity authentication result and corresponding subscriber identity information.
2. the method according to claim 1, wherein carrying encryption UUID information sending to business platform Before service request, the method also includes:
Detect whether the operating system of cell phone application is true cell phone system by certification SDK.
3. according to the method described in claim 2, it is characterized in that, carrying encryption UUID information sending to business platform Before service request, the method also includes:
Recalculate the current UUID information of user mobile phone by authenticating SDK, and with the UUID information phase that is stored in user mobile phone Matching, to judge whether the UUID information stored in user mobile phone can be used.
4. according to the method described in claim 3, it is characterized in that, the method also includes:
When the UUID information stored in the current UUID information and user mobile phone for judging user mobile phone does not match that, notice certification Server abolishes the UUID information of storage, and completes the authentication of UUID information again, stores new available UUID information.
5. method according to claim 1-4, which is characterized in that the UUID information include: cellphone information and The ICCID of SIM card, the cellphone information include: mobile phone series number, IMEI, WIFI MAC Address of mobile phone, Device_ID, At least one of Android_ID, Installtion ID, IMSI of SIM card.
6. a kind of mobile phone application automatic identity authentication system characterized by comprising store the user mobile phone of cell phone application, recognize Server, business platform are demonstrate,proved, the user mobile phone includes: to authenticate SDK and communication module,
SDK is authenticated, UUID information is encrypted for calculating the UUID information of user mobile phone, and using preset public key;
Communication module, comprising: WAP gateway unit, for the UUID letter of encryption to be sent to certificate server by WAP gateway unit Breath and subscriber phone number information, the subscriber phone number information are added by the WAP gateway;
Certificate server for being decoded by the UUID information of preset private key pair encryption, and decoded UUID is believed The identity information of breath, user mobile phone information and user's registration matches, and completes the authentication of UUID information, the UUID information It is separately stored in user mobile phone and certificate server in authentication;
SDK is authenticated, is also used to obtain the UUID information stored in user mobile phone when user logs in cell phone application, and utilize default Public key UUID information is encrypted;
Communication module further includes WIFI unit, for being carried by WAP gateway unit or WIFI unit to business platform transmission Encrypt the service request of UUID information;
Business platform, the encryption UUID information for will receive are forwarded to certificate server;
Certificate server is also used to be decoded the encryption UUID received using preset private key, and will be decoded UUID information and the UUID information of storage match, to obtain corresponding subscriber identity information;
Certificate server is also used to feed back corresponding user's ID authentication information to business platform, completes the automatic of user identity Certification, the user's ID authentication information includes: user identity authentication result and corresponding subscriber identity information.
7. system according to claim 6, which is characterized in that carry encryption to business platform transmission in certification SDK Before the service request of UUID information,
SDK is authenticated, whether the operating system for being also used to detect cell phone application is true cell phone system.
8. system according to claim 7, which is characterized in that carry encryption to business platform transmission in certification SDK Before the service request of UUID information,
Authenticate SDK, be also used to recalculate the current UUID information of user mobile phone, and with the UUID information that is stored in user mobile phone Match, to judge whether the UUID information stored in user mobile phone can be used.
9. system according to claim 8, which is characterized in that the certification SDK is also used to judge working as user mobile phone When the UUID information stored in preceding UUID information and user mobile phone does not match that, notice certificate server abolishes the UUID letter of storage Breath, and reopen the authentication of new UUID information.
10. according to the described in any item systems of claim 6-9, which is characterized in that the UUID information include: cellphone information and SIM card ICCID mark, the cellphone information include: mobile phone series number, IMEI, WIFI MAC Address of mobile phone, Device_ID, At least one of Android_ID, Installtion ID, IMSI of SIM card.
CN201810082623.6A 2018-01-29 2018-01-29 Automatic identity authentication method and system for mobile phone application Active CN110098933B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810082623.6A CN110098933B (en) 2018-01-29 2018-01-29 Automatic identity authentication method and system for mobile phone application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810082623.6A CN110098933B (en) 2018-01-29 2018-01-29 Automatic identity authentication method and system for mobile phone application

Publications (2)

Publication Number Publication Date
CN110098933A true CN110098933A (en) 2019-08-06
CN110098933B CN110098933B (en) 2021-09-14

Family

ID=67442761

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810082623.6A Active CN110098933B (en) 2018-01-29 2018-01-29 Automatic identity authentication method and system for mobile phone application

Country Status (1)

Country Link
CN (1) CN110098933B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI807707B (en) * 2022-03-21 2023-07-01 中華電信股份有限公司 Secure software update system, method and computer readable medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103259667A (en) * 2013-06-07 2013-08-21 北京邮电大学 Method and system for eID authentication on mobile terminal
US20130254858A1 (en) * 2012-03-26 2013-09-26 Computer Associates Think, Inc. Encoding an Authentication Session in a QR Code
CN104052754A (en) * 2014-06-26 2014-09-17 北京思特奇信息技术股份有限公司 ID verification method and system for third-party App
CN104579657A (en) * 2013-10-11 2015-04-29 北大方正集团有限公司 Method and device for identity authentication
CN104753674A (en) * 2013-12-31 2015-07-01 中国移动通信集团公司 Application identity authentication method and device
CN105095696A (en) * 2015-06-25 2015-11-25 三星电子(中国)研发中心 Method, system and apparatus for carrying out safety authentication on application programs
CN105791262A (en) * 2015-12-30 2016-07-20 广东亿迅科技有限公司 APP real name authentication secure login system and method based on mobile phone IMSI

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130254858A1 (en) * 2012-03-26 2013-09-26 Computer Associates Think, Inc. Encoding an Authentication Session in a QR Code
CN103259667A (en) * 2013-06-07 2013-08-21 北京邮电大学 Method and system for eID authentication on mobile terminal
CN104579657A (en) * 2013-10-11 2015-04-29 北大方正集团有限公司 Method and device for identity authentication
CN104753674A (en) * 2013-12-31 2015-07-01 中国移动通信集团公司 Application identity authentication method and device
CN104052754A (en) * 2014-06-26 2014-09-17 北京思特奇信息技术股份有限公司 ID verification method and system for third-party App
CN105095696A (en) * 2015-06-25 2015-11-25 三星电子(中国)研发中心 Method, system and apparatus for carrying out safety authentication on application programs
CN105791262A (en) * 2015-12-30 2016-07-20 广东亿迅科技有限公司 APP real name authentication secure login system and method based on mobile phone IMSI

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI807707B (en) * 2022-03-21 2023-07-01 中華電信股份有限公司 Secure software update system, method and computer readable medium

Also Published As

Publication number Publication date
CN110098933B (en) 2021-09-14

Similar Documents

Publication Publication Date Title
KR102018971B1 (en) Method for enabling network access device to access wireless network access point, network access device, application server and non-volatile computer readable storage medium
US9954687B2 (en) Establishing a wireless connection to a wireless access point
US8214649B2 (en) System and method for secure communications between at least one user device and a network entity
CN105450403B (en) Identity identifying method, device and server
CN105847245B (en) Electronic mailbox login authentication method and device
CN107241339B (en) Identity authentication method, identity authentication device and storage medium
US20100197293A1 (en) Remote computer access authentication using a mobile device
CN107086979B (en) User terminal verification login method and device
CN103210607B (en) The method and apparatus that the service provided by WEB server is carried out secure registration
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
WO2016115807A1 (en) Wireless router access processing method and device, and wireless router access method and device
DK2924944T3 (en) Presence authentication
US8943567B2 (en) Authentication of personal data over telecommunications system
CN103905194A (en) Identity traceability authentication method and system
CN109729000B (en) Instant messaging method and device
WO2017088548A1 (en) Communication method based on social identity, and server
CN105516054A (en) User authentication method and user authentication device
WO2018099407A1 (en) Account authentication login method and device
CN110098933A (en) A kind of mobile phone application automatic identity authentication method and system
CN101483867B (en) User identity verification method, related device and system in WAP service
CN109150661A (en) A kind of method for discovering equipment and device
US8990349B2 (en) Identifying a location of a server
CN103414707B (en) message access processing method and device
CN102811146A (en) Method and device for detecting message processing environment
Zefferer et al. Harnessing electronic signatures to improve the security of SMS-based services

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant