CN110098933B - Automatic identity authentication method and system for mobile phone application - Google Patents

Automatic identity authentication method and system for mobile phone application Download PDF

Info

Publication number
CN110098933B
CN110098933B CN201810082623.6A CN201810082623A CN110098933B CN 110098933 B CN110098933 B CN 110098933B CN 201810082623 A CN201810082623 A CN 201810082623A CN 110098933 B CN110098933 B CN 110098933B
Authority
CN
China
Prior art keywords
information
mobile phone
user
authentication
uuid information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810082623.6A
Other languages
Chinese (zh)
Other versions
CN110098933A (en
Inventor
董庆军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aspire Digital Technologies Shenzhen Co Ltd
Original Assignee
Aspire Digital Technologies Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aspire Digital Technologies Shenzhen Co Ltd filed Critical Aspire Digital Technologies Shenzhen Co Ltd
Priority to CN201810082623.6A priority Critical patent/CN110098933B/en
Publication of CN110098933A publication Critical patent/CN110098933A/en
Application granted granted Critical
Publication of CN110098933B publication Critical patent/CN110098933B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/08Upper layer protocols
    • H04W80/12Application layer protocols, e.g. WAP [Wireless Application Protocol]

Abstract

The invention discloses a method and a system for automatically authenticating identity of mobile phone application. The method comprises the following steps: firstly, identity authentication of UUID information is completed in an authentication server; sending a service request carrying encrypted UUID information to a service platform through a communication module of a user mobile phone; the received encrypted UUID information is forwarded to an authentication server through a service platform, and is decoded by a private key preset in the authentication server; and the authentication server matches the decoded UUID information with the stored UUID information to finish the automatic application identity authentication of the mobile phone application. The method provided by the invention is based on the HTTP request, is efficient and controllable, and has good user experience; in addition, in the identity authentication process, only the WAP gateway is used when the identity authentication of the UUID information is completed, and any network access can be used subsequently, so that the application range is wide; in addition, the whole identity authentication process is automatically completed, manual operation of a user is not needed, the user does not feel, and the use experience is good.

Description

Automatic identity authentication method and system for mobile phone application
Technical Field
The invention relates to the technical field of mobile communication, in particular to a method and a system for automatically authenticating identity of mobile phone application.
Background
With the rapid development of the mobile internet, various mobile phone applications (APPs, abbreviated as "APPs") with rich functions are popular with users, and user identity authentication is regarded as an entry function of various applications and is valued by research and development personnel in the industry.
At present, the methods for authenticating the user of the mobile phone APP mainly include the following methods: 1, Wireless Application Protocol (WAP for short) gateway white list mode: the IP address of the server is configured in a WAP gateway white list of an operator, when a user APP accesses a server application through a mobile data network, the WAP gateway can add the mobile phone number of the user to an HTTP Header, and the server application obtains the mobile phone number of the user from the Header. 2, sending short messages through the mobile phone: the service end applies for an independent short message port, the mobile phone APP sends a short message to the short message port, the short message carries mobile phone number information, and the service end obtains the mobile phone number from the short message. And 3, manually inputting a mobile phone number by a user, and sending a short message verification code by the server: namely, the user manually registers and logs in the service platform, and the short message sent by the server is equivalent to the verification that the mobile phone number belongs to the current user. 4, the user manually inputs an email mailbox, and the server side sends a verification email mode: the user inputs the mailbox of the user in the registration page, the server sends the verification mail, and the user receives the mail and clicks and confirms the mail. And 5, the user manually inputs a user name for registration and verifies an email mailbox or a mobile phone number. In order to improve user experience, the first mode and the second mode are preferentially adopted in a platform of a mobile operator, the whole authentication process is automatically completed, and users do not need to participate.
However, in the identity authentication method, the WAP gateway white list authentication depends on the WAP gateway white list configuration of the operator, and is invalid for the wifi internet access of the mobile phone; the cost of sending the short message exists through the short message sending authentication of the mobile phone, and the short message is stored and forwarded, so that the time of the short message reaching the server is uncontrollable; others need to be done manually and the user experience is not good enough.
Disclosure of Invention
In order to solve the problems in the prior art, embodiments of the present invention provide a method and a system for automatically authenticating an identity of a mobile phone application. The technical scheme is as follows:
in one aspect, an embodiment of the present invention provides an automatic identity authentication method for a mobile phone application, where the method includes:
calculating Universal Unique Identifier (UUID) information of a user mobile phone through an authentication Software Development Kit (SDK), and encrypting the UUID information by using a preset public key;
sending encrypted UUID information and user mobile phone number information to an authentication server through a WAP gateway unit in a communication module, wherein the user mobile phone number information is added by the WAP gateway unit;
decoding the encrypted UUID information through a private key preset in an authentication server, matching the decoded UUID information and user mobile phone information with identity information registered by a user, and completing identity authentication of the UUID information, wherein the UUID information is respectively stored in the user mobile phone and the authentication server during identity authentication;
when a user logs in a mobile phone APP, UUID information stored in the mobile phone of the user is obtained through an authentication SDK, and the UUID information is encrypted by using a public key preset in the authentication SDK;
sending a service request carrying encrypted UUID information to a service platform through a communication module of a user mobile phone, wherein the communication module comprises: a WAP gateway unit and a WIFI unit;
the received encrypted UUID information is forwarded to an authentication server through a service platform, and is decoded by a private key preset in the authentication server;
matching the decoded UUID information with the stored UUID information through an authentication server, and acquiring corresponding user identity information;
feeding back corresponding user identity authentication information to the service platform to complete automatic authentication of the user identity, wherein the user identity authentication information comprises: the user identity authentication result and corresponding user identity information.
In the above method for automatically authenticating an identity of a mobile phone application according to the embodiment of the present invention, before sending a service request carrying encrypted UUID information to a service platform, the method further includes:
and detecting whether the running system of the mobile phone APP is a real mobile phone system or not through the authentication SDK.
In the above method for automatically authenticating an identity of a mobile phone application according to the embodiment of the present invention, before sending a service request carrying encrypted UUID information to a service platform, the method further includes:
and recalculating the current UUID information of the user mobile phone through the authentication SDK, and matching the current UUID information with the UUID information stored in the user mobile phone to judge whether the UUID information stored in the user mobile phone is available.
In the above method for automatically authenticating an identity of a mobile phone application according to an embodiment of the present invention, the method further includes:
and when the current UUID information of the user mobile phone is judged not to be matched with the UUID information stored in the user mobile phone, the authentication server is informed to abolish the stored UUID information, the identity authentication of the UUID information is completed again, and new available UUID information is stored.
In the above method for automatically authenticating an identity of a mobile phone application according to an embodiment of the present invention, the UUID information includes: mobile phone information and an integrated circuit card Identification code (ICCID) of a Subscriber Identity Module (SIM), where the mobile phone information includes: at least one of a serial Number of the Mobile phone, an International Mobile Subscriber identity Number (IMSI) of the Mobile phone, a WIFI MAC address, a Device _ ID, an Android _ ID, an indication ID, and an IMSI of the SIM card.
On the other hand, the embodiment of the invention provides an automatic identity authentication system for mobile phone application, which comprises: store user's cell-phone, authentication server, the business platform that has cell-phone APP, user's cell-phone includes: the authentication SDK and the communication module,
the authentication SDK is used for calculating UUID information of the user mobile phone and encrypting the UUID information by using a preset public key;
a communication module, comprising: the WAP gateway unit is used for sending encrypted UUID information and user mobile phone number information to the authentication server through the WAP gateway unit, and the user mobile phone number information is added by the WAP gateway;
the authentication server is used for decoding the encrypted UUID information through a preset private key, matching the decoded UUID information and the user mobile phone information with the identity information registered by the user, and finishing the identity authentication of the UUID information, wherein the UUID information is respectively stored in the user mobile phone and the authentication server during the identity authentication;
the authentication SDK is also used for acquiring UUID information stored in the mobile phone of the user when the user logs in the mobile phone APP, and encrypting the UUID information by using a preset public key;
the communication module also comprises a WIFI unit, and the WIFI unit is used for sending a service request carrying encrypted UUID information to the service platform through the WAP gateway unit or the WIFI unit;
the service platform is used for forwarding the received encrypted UUID information to the authentication server;
the authentication server is also used for decoding the received encrypted UUID by using a preset private key and matching the decoded UUID information with the stored UUID information to acquire corresponding user identity information;
the authentication server is further configured to feed back corresponding user identity authentication information to the service platform to complete automatic authentication of the user identity, where the user identity authentication information includes: the user identity authentication result and corresponding user identity information.
In the automatic identity authentication system for mobile phone application according to the embodiment of the present invention, before the SDK sends the service request carrying the encrypted UUID information to the service platform,
and the authentication SDK is also used for detecting whether the running system of the mobile phone APP is a real mobile phone system.
In the automatic identity authentication system for mobile phone application according to the embodiment of the present invention, before the SDK sends the service request carrying the encrypted UUID information to the service platform,
and the authentication SDK is also used for recalculating the current UUID information of the user mobile phone and matching the current UUID information with the UUID information stored in the user mobile phone so as to judge whether the UUID information stored in the user mobile phone is available.
In the automatic identity authentication system for mobile phone application according to the embodiment of the present invention, the authentication SDK is further configured to notify the authentication server to abolish the stored UUID information and restart the identity authentication of the new UUID information when it is determined that the current UUID information of the user mobile phone does not match the UUID information stored in the user mobile phone.
In the above automatic identity authentication system for mobile phone application according to the embodiment of the present invention, the UUID information includes: mobile phone information and an ICCID (identity identification of the SIM card), wherein the mobile phone information comprises: at least one of a serial number of the mobile phone, an IMEI (international mobile equipment identity), a WIFI (wireless fidelity) MAC (media access control) address, a Device _ ID, an Android _ ID, an insertion ID and an IMSI (international mobile subscriber identity) of the SIM card.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
the embodiment of the invention completes the identity authentication of UUID information in an authentication server, stores the UUID information, sends a service request carrying encrypted UUID information to a service platform through a communication module of a user mobile phone when a user logs in a mobile phone APP, then forwards the received encrypted UUID information to the authentication server through the service platform, decodes the encrypted UUID information by a private key preset in the authentication server, and finally matches the decoded UUID information with the stored UUID information through the authentication server and acquires corresponding user identity information to complete the automatic application identity authentication of the mobile phone. The mobile phone application automatic identity authentication method is based on the HTTP request, is efficient, reliable and controllable compared with a short message identity authentication method, and has better user experience; in addition, in the identity authentication process, only the WAP gateway is used when the identity authentication of the UUID information is completed, any network can be used for access subsequently, the WAP gateway in a mobile data network is not required to be relied on, and the application range is wide; in addition, the whole identity authentication process is completely and automatically completed, manual operation of a user is not needed, the user does not feel, and the use experience is good.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of an automatic identity authentication method for a mobile phone application according to an embodiment of the present invention;
fig. 2 is a flowchart of an automatic identity authentication method for a mobile phone application according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of an automatic identity authentication system for a mobile phone application according to a third embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Example one
The embodiment of the invention provides an automatic identity authentication method for a mobile phone application, which is suitable for automatically finishing identity authentication and automatically logging in when a user logs in a mobile phone APP (application), and referring to fig. 1, the method can comprise the following steps:
and step S11, the UUID information of the user mobile phone is calculated through the authentication SDK, and the UUID information is encrypted by using a preset public key.
In this embodiment, the UUID information may include: the mobile phone information and the ICCID of the SIM card, the mobile phone information comprises: at least one of a serial number of the mobile phone, an IMEI (international mobile equipment identity), a WIFI (wireless fidelity) MAC (media access control) address, a Device _ ID, an Android _ ID, an insertion ID and an IMSI (international mobile subscriber identity) of the SIM card. The user replaces the SIM card, or reinstalls the system, or replaces the mobile phone, and the calculated UUID values are different, so that the uniqueness of the UUID information can be effectively guaranteed, and the safety of the subsequent user identity authentication is guaranteed.
The calculation of the UUID may be performed by using SHA256 digest algorithm, and the UUID calculation is exemplified as follows:
IMEI of the mobile phone: 549355524028228, respectively;
the mobile phone serial number: 021YLJ212C 001879;
WIFI MAC address: A6-02-B9-7F-71-33;
the SIM card IMSI: 460001357924680, respectively;
UUID=SHA256("549355524028228"+"021YLJ212C001879"+"A6-02-B9-7F-71-33"+"460001357924680")
="159e23ba26338897215f47f7de8a6a8f0bb1046f2b43d727ded8a3dee5d670a1"
it should be noted that, the more the device attributes participating in the UUID calculation, the more secure the UUID information is, and in practical application, the corresponding UUID information may be calculated according to different security level requirements, which is not limited herein.
In addition, in this embodiment, asymmetric encryption (for example, RSA asymmetric encryption) is adopted for the UUID information, a public key is preset in the user handset, and a corresponding private key is preset in the authentication server, so as to ensure the security of the UUID information during transmission.
And step S12, sending the encrypted UUID information and the user mobile phone number information to the authentication server through the WAP gateway unit in the communication module, wherein the user mobile phone number information is added by the WAP gateway unit.
In this embodiment, the WAP gateway unit may add a mobile phone number field in the HTTP Header, so that the subsequent UUID information may be matched with the identity information registered by the user.
When the user logs in the mobile phone APP at ordinary times, the user can realize data transmission with the service platform through the WAP gateway unit or through the WIFI unit.
And step S13, decoding the encrypted UUID information through a private key preset in the authentication server, matching the decoded UUID information and the user mobile phone information with the identity information registered by the user, and completing the identity authentication of the UUID information, wherein the UUID information is respectively stored in the user mobile phone and the authentication server during the identity authentication.
In this embodiment, the authentication server matches the UUID information sent by the user's mobile phone through the WAP gateway unit with the identity information registered by the user, so as to facilitate the subsequent completion of automatic identity authentication through the UUID information.
Step S14, when the user logs in the mobile phone APP, the UUID information stored in the mobile phone of the user is obtained through the authentication SDK, and the UUID information is encrypted by using a public key preset in the authentication SDK.
In this embodiment, an API interface of the authentication SDK may be called to obtain UUID information stored in the user handset.
Step S15, a service request carrying encrypted UUID information is sent to a service platform through a communication module of a user mobile phone, and the communication module comprises: WAP gateway unit and WIFI unit.
In this embodiment, only the WAP gateway is used to complete the identity authentication of the UUID information, and any network can be subsequently used to access the service platform without relying on the WAP gateway in the mobile data network as in the prior art, which has a wide application range.
And step S16, forwarding the received encrypted UUID information to the authentication server through the service platform, and decoding the information by a private key preset in the authentication server.
In the embodiment, in the communication process of the mobile phone APP, the authentication server and the service platform, the data is encrypted by using an RSA asymmetric encryption scheme, namely the mobile phone APP encrypts the UUID by using a public key, the authentication server decrypts by using a private key, and the network link and the service platform cannot acquire the UUID plaintext in the whole transmission process, so that the UUID information can be decrypted and identified only by the authentication server, and the safety and reliability of automatic identity authentication are ensured.
And step S17, matching the decoded UUID information with the stored UUID information through the authentication server, and acquiring corresponding user identity information.
Step S18, feeding back corresponding user identity authentication information to the service platform, and completing automatic authentication of the user identity, where the user identity authentication information includes: the user identity authentication result and corresponding user identity information.
In this embodiment, the existing solution depends on the WAP gateway in the mobile data network, and the target IP address needs to be configured in the white list of the gateway; the mobile phone application automatic identity authentication method only needs to use the WAP gateway when the identity authentication of the UUID information is completed, and any network access can be used subsequently, so that the application range is wide; the existing scheme relies on the APP to send the short message to complete the identity authentication, the whole process relies on the forwarding efficiency of the short message, the time is uncontrollable, and the overtime is easy to occur; the automatic identity authentication method applied to the mobile phone is completely based on the HTTP request, is efficient, reliable and controllable, and has better user experience; other existing schemes require a user to manually complete an authentication process, and user experience is poor; the authentication process of the mobile phone application automatic identity authentication method is completely and automatically completed, the user does not feel, and the use experience is good.
The embodiment of the invention completes the identity authentication of UUID information in an authentication server, stores the UUID information, sends a service request carrying encrypted UUID information to a service platform through a communication module of a user mobile phone when a user logs in a mobile phone APP, then forwards the received encrypted UUID information to the authentication server through the service platform, decodes the encrypted UUID information by a private key preset in the authentication server, and finally matches the decoded UUID information with the stored UUID information through the authentication server and acquires corresponding user identity information to complete the automatic application identity authentication of the mobile phone. The mobile phone application automatic identity authentication method is based on the HTTP request, is efficient, reliable and controllable compared with a short message identity authentication method, and has better user experience; in addition, in the identity authentication process, only the WAP gateway is used when the identity authentication of the UUID information is completed, any network can be used for access subsequently, the WAP gateway in a mobile data network is not required to be relied on, and the application range is wide; in addition, the whole identity authentication process is completely and automatically completed, manual operation of a user is not needed, the user does not feel, and the use experience is good.
Example two
The embodiment of the invention provides an automatic identity authentication method for mobile phone application, referring to fig. 2, the method is different from the automatic identity authentication method for mobile phone application in the first embodiment in that a process of evaluating the safety of a mobile phone APP running environment and verifying the reliability of UUID information stored in a user mobile phone is added,
specifically, referring to fig. 2, before sending the service request carrying the encrypted UUID information to the service platform (i.e., between step S14 and step S15), the method may further include:
and step S21, detecting whether the running system of the mobile phone APP is a real mobile phone system or not through the authentication SDK.
In the embodiment, the authentication SDK detects the safety of the running environment of the system, ensures that the running environment is a real mobile phone system instead of a simulation environment, detects the running safety of the APP, prevents debugging, decompiling, running and other cracking means, and ensures the login safety of the mobile phone APP. If necessary, the step S21 may be performed before the step S11.
Step S22, recalculate the current UUID information of the user handset through the authentication SDK, and match the current UUID information stored in the user handset to determine whether the UUID information stored in the user handset is available.
In this embodiment, when it is determined that the current UUID information of the user handset does not match the UUID information stored in the user handset, the authentication server is notified to revoke the stored UUID information, and completes the identity authentication of the UUID information again, and stores new available UUID information (i.e., completes step S11 to step S13 again). And when the current UUID information of the user mobile phone is judged to be matched with the UUID information stored in the user mobile phone, informing the authentication server of refreshing the last verification time of the UUID according to the rule, and continuing to execute the step S15 downwards.
The embodiment of the invention completes the identity authentication of UUID information in an authentication server, stores the UUID information, sends a service request carrying encrypted UUID information to a service platform through a communication module of a user mobile phone when a user logs in a mobile phone APP, then forwards the received encrypted UUID information to the authentication server through the service platform, decodes the encrypted UUID information by a private key preset in the authentication server, and finally matches the decoded UUID information with the stored UUID information through the authentication server and acquires corresponding user identity information to complete the automatic application identity authentication of the mobile phone. The mobile phone application automatic identity authentication method is based on the HTTP request, is efficient, reliable and controllable compared with a short message identity authentication method, and has better user experience; in addition, in the identity authentication process, only the WAP gateway is used when the identity authentication of the UUID information is completed, any network can be used for access subsequently, the WAP gateway in a mobile data network is not required to be relied on, and the application range is wide; in addition, the whole identity authentication process is completely and automatically completed, manual operation of a user is not needed, the user does not feel, and the use experience is good.
In the third embodiment, the first step is that,
the embodiment of the invention provides a system for automatically authenticating identity of a mobile phone application, which realizes the methods of the first embodiment and the second embodiment, and referring to fig. 3, the system can comprise: the user mobile phone 100 storing the mobile phone APP, the authentication server 200, and the service platform 300, wherein the user mobile phone 100 includes: an authentication SDK101 and a communication module 102.
And the authentication SDK101 is used for calculating the UUID information of the user mobile phone and encrypting the UUID information by using a preset public key.
In this embodiment, the UUID information may include: the mobile phone information and the ICCID of the SIM card, the mobile phone information comprises: at least one of a serial number of the mobile phone, an IMEI (international mobile equipment identity), a WIFI (wireless fidelity) MAC (media access control) address, a Device _ ID, an Android _ ID, an insertion ID and an IMSI (international mobile subscriber identity) of the SIM card. The user replaces the SIM card, or reinstalls the system, or replaces the mobile phone, and the calculated UUID values are different, so that the uniqueness of the UUID information can be effectively guaranteed, and the safety of the subsequent user identity authentication is guaranteed.
The calculation of the UUID may be performed by using SHA256 digest algorithm, and the UUID calculation is exemplified as follows:
IMEI of the mobile phone: 549355524028228, respectively;
the mobile phone serial number: 021YLJ212C 001879;
WIFI MAC address: A6-02-B9-7F-71-33;
the SIM card IMSI: 460001357924680, respectively;
UUID=SHA256("549355524028228"+"021YLJ212C001879"+"A6-02-B9-7F-71-33"+"460001357924680")
="159e23ba26338897215f47f7de8a6a8f0bb1046f2b43d727ded8a3dee5d670a1"
it should be noted that, the more the device attributes participating in the UUID calculation, the more secure the UUID information is, and in practical application, the corresponding UUID information may be calculated according to different security level requirements, which is not limited herein.
In addition, in this embodiment, asymmetric encryption (for example, RSA asymmetric encryption) is adopted for the UUID information, a public key is preset in the user handset, and a corresponding private key is preset in the authentication server, so as to ensure the security of the UUID information during transmission.
A communication module 102, comprising: and the WAP gateway unit (not marked in the drawing) is used for sending the encrypted UUID information and the user mobile phone number information to the authentication server through the WAP gateway unit, and the user mobile phone number information is added by the WAP gateway.
In this embodiment, the WAP gateway unit may add a mobile phone number field in the HTTP Header, so that the subsequent UUID information may be matched with the identity information registered by the user.
When the user logs in the mobile phone APP at ordinary times, the user can realize data transmission with the service platform through the WAP gateway unit or through the WIFI unit.
And the authentication server 200 is configured to decode the encrypted UUID information through a preset private key, match the decoded UUID information and the user mobile phone information with the identity information registered by the user, and complete identity authentication of the UUID information, where the UUID information is stored in the user mobile phone and the authentication server during the identity authentication.
In this embodiment, the authentication server matches the UUID information sent by the user's mobile phone through the WAP gateway unit with the identity information registered by the user, so as to facilitate the subsequent completion of automatic identity authentication through the UUID information.
And the authentication SDK101 is also used for acquiring UUID information stored in the mobile phone of the user when the user logs in the mobile phone APP, and encrypting the UUID information by using a preset public key.
In this embodiment, an API interface of the authentication SDK may be called to obtain UUID information stored in the user handset.
The communication module 102 further includes a WIFI unit (not shown in the drawing), and is configured to send a service request carrying the encrypted UUID information to the service platform through the WAP gateway unit or the WIFI unit.
In this embodiment, only the WAP gateway is used to complete the identity authentication of the UUID information, and any network can be subsequently used to access the service platform without relying on the WAP gateway in the mobile data network as in the prior art, which has a wide application range.
And the service platform 300 is configured to forward the received encrypted UUID information to the authentication server 200.
The authentication server 200 is further configured to decode the received encrypted UUID by using a preset private key, and match the decoded UUID information with the stored UUID information to obtain corresponding user identity information.
In the embodiment, in the communication process of the mobile phone APP, the authentication server and the service platform, the data is encrypted by using an RSA asymmetric encryption scheme, namely the mobile phone APP encrypts the UUID by using a public key, the authentication server decrypts by using a private key, and the network link and the service platform cannot acquire the UUID plaintext in the whole transmission process, so that the UUID information can be decrypted and identified only by the authentication server, and the safety and reliability of automatic identity authentication are ensured.
The authentication server 200 is further configured to feed back corresponding user identity authentication information to the service platform, and complete automatic authentication of the user identity, where the user identity authentication information includes: the user identity authentication result and corresponding user identity information.
In this embodiment, the existing solution depends on the WAP gateway in the mobile data network, and the target IP address needs to be configured in the white list of the gateway; the mobile phone application automatic identity authentication method only needs to use the WAP gateway when the identity authentication of the UUID information is completed, and any network access can be used subsequently, so that the application range is wide; the existing scheme relies on the APP to send the short message to complete the identity authentication, the whole process relies on the forwarding efficiency of the short message, the time is uncontrollable, and the overtime is easy to occur; the automatic identity authentication method applied to the mobile phone is completely based on the HTTP request, is efficient, reliable and controllable, and has better user experience; other existing schemes require a user to manually complete an authentication process, and user experience is poor; the authentication process of the mobile phone application automatic identity authentication method is completely and automatically completed, the user does not feel, and the use experience is good.
Optionally, before the authentication SDK sends the service request carrying the encrypted UUID information to the service platform, the authentication SDK101 is further configured to detect whether the running system of the mobile phone APP is a real mobile phone system.
In the embodiment, the authentication SDK detects the safety of the running environment of the system, ensures that the running environment is a real mobile phone system instead of a simulation environment, detects the running safety of the APP, prevents debugging, decompiling, running and other cracking means, and ensures the login safety of the mobile phone APP.
Optionally, before the authentication SDK sends the service request carrying the encrypted UUID information to the service platform, the authentication SDK101 is further configured to recalculate the current UUID information of the user handset, and match the current UUID information with the UUID information stored in the user handset, so as to determine whether the UUID information stored in the user handset is available.
Further, the authentication SDK101 is further configured to notify the authentication server to abolish the stored UUID information and restart the identity authentication of new UUID information when it is determined that the current UUID information of the user handset does not match the UUID information stored in the user handset.
In this embodiment, when it is determined that the current UUID information of the user handset does not match the UUID information stored in the user handset, the authentication server is notified to abolish the stored UUID information, and completes the identity authentication of the UUID information again, and stores new available UUID information; and when the current UUID information of the user mobile phone is judged to be matched with the UUID information stored in the user mobile phone, informing the authentication server of refreshing the last verification time of the UUID according to the rule, and continuing to execute downwards.
The embodiment of the invention completes the identity authentication of UUID information in an authentication server, stores the UUID information, sends a service request carrying encrypted UUID information to a service platform through a communication module of a user mobile phone when a user logs in a mobile phone APP, then forwards the received encrypted UUID information to the authentication server through the service platform, decodes the encrypted UUID information by a private key preset in the authentication server, and finally matches the decoded UUID information with the stored UUID information through the authentication server and acquires corresponding user identity information to complete the automatic application identity authentication of the mobile phone. The mobile phone application automatic identity authentication system is based on the HTTP request, is efficient, reliable and controllable compared with a short message identity authentication method, and has better user experience; in addition, in the identity authentication process, only the WAP gateway is used when the identity authentication of the UUID information is completed, any network can be used for access subsequently, the WAP gateway in a mobile data network is not required to be relied on, and the application range is wide; in addition, the whole identity authentication process is completely and automatically completed, manual operation of a user is not needed, the user does not feel, and the use experience is good.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (10)

1. A method for automatically authenticating identity of a mobile phone application is characterized by comprising the following steps:
calculating UUID information of the user mobile phone through the authentication SDK, and encrypting the UUID information by using a preset public key;
sending encrypted UUID information and user mobile phone number information to an authentication server through a WAP gateway unit in a communication module, wherein the user mobile phone number information is added by the WAP gateway unit;
decoding the encrypted UUID information through a private key preset in an authentication server, matching the decoded UUID information and user mobile phone information with identity information registered by a user, and completing identity authentication of the UUID information, wherein the UUID information is respectively stored in the user mobile phone and the authentication server during identity authentication;
when a user logs in a mobile phone APP, UUID information stored in the mobile phone of the user is obtained through an authentication SDK, and the UUID information is encrypted by using a public key preset in the authentication SDK;
sending a service request carrying encrypted UUID information to a service platform through a communication module of a user mobile phone, wherein the communication module comprises: a WAP gateway unit and a WIFI unit;
the received encrypted UUID information is forwarded to an authentication server through a service platform, and is decoded by a private key preset in the authentication server;
matching the decoded UUID information with the stored UUID information through an authentication server, and acquiring corresponding user identity information;
feeding back corresponding user identity authentication information to the service platform to complete automatic authentication of the user identity, wherein the user identity authentication information comprises: the user identity authentication result and corresponding user identity information.
2. The method of claim 1, wherein before sending the service request carrying the encrypted UUID information to the service platform, the method further comprises:
and detecting whether the running system of the mobile phone APP is a real mobile phone system or not through the authentication SDK.
3. The method of claim 2, wherein before sending the service request carrying the encrypted UUID information to the service platform, the method further comprises:
and recalculating the current UUID information of the user mobile phone through the authentication SDK, and matching the current UUID information with the UUID information stored in the user mobile phone to judge whether the UUID information stored in the user mobile phone is available.
4. The method of claim 3, further comprising:
and when the current UUID information of the user mobile phone is judged not to be matched with the UUID information stored in the user mobile phone, the authentication server is informed to abolish the stored UUID information, the identity authentication of the UUID information is completed again, and new available UUID information is stored.
5. The method of any of claims 1-4, wherein the UUID information comprises: mobile phone information and an ICCID of the SIM card, wherein the mobile phone information comprises: at least one of a serial number of the mobile phone, an IMEI (international mobile equipment identity), a WIFI (wireless fidelity) MAC (media access control) address, a Device _ ID, an Android _ ID, an insertion ID and an IMSI (international mobile subscriber identity) of the SIM card.
6. An automatic identity authentication system for mobile phone applications, comprising: store user's cell-phone, authentication server, the business platform that has cell-phone APP, user's cell-phone includes: the authentication SDK and the communication module,
the authentication SDK is used for calculating UUID information of the user mobile phone and encrypting the UUID information by using a preset public key;
a communication module, comprising: the WAP gateway unit is used for sending encrypted UUID information and user mobile phone number information to the authentication server through the WAP gateway unit, and the user mobile phone number information is added by the WAP gateway;
the authentication server is used for decoding the encrypted UUID information through a preset private key, matching the decoded UUID information and the user mobile phone information with the identity information registered by the user, and finishing the identity authentication of the UUID information, wherein the UUID information is respectively stored in the user mobile phone and the authentication server during the identity authentication;
the authentication SDK is also used for acquiring UUID information stored in the mobile phone of the user when the user logs in the mobile phone APP, and encrypting the UUID information by using a preset public key;
the communication module also comprises a WIFI unit, and the WIFI unit is used for sending a service request carrying encrypted UUID information to the service platform through the WAP gateway unit or the WIFI unit;
the service platform is used for forwarding the received encrypted UUID information to the authentication server;
the authentication server is also used for decoding the received encrypted UUID by using a preset private key and matching the decoded UUID information with the stored UUID information to acquire corresponding user identity information;
the authentication server is further configured to feed back corresponding user identity authentication information to the service platform to complete automatic authentication of the user identity, where the user identity authentication information includes: the user identity authentication result and corresponding user identity information.
7. The system of claim 6 wherein, prior to the authentication SDK sending the service request carrying the encrypted UUID information to the service platform,
and the authentication SDK is also used for detecting whether the running system of the mobile phone APP is a real mobile phone system.
8. The system of claim 7 wherein, prior to the authentication SDK sending the service request carrying the encrypted UUID information to the service platform,
and the authentication SDK is also used for recalculating the current UUID information of the user mobile phone and matching the current UUID information with the UUID information stored in the user mobile phone so as to judge whether the UUID information stored in the user mobile phone is available.
9. The system of claim 8, wherein the authentication SDK is further configured to notify the authentication server to revoke the stored UUID information and restart the identity authentication of the new UUID information when it is determined that the current UUID information of the user handset does not match the UUID information stored in the user handset.
10. The system according to any of claims 6-9, wherein the UUID information comprises: mobile phone information and an ICCID (identity identification of the SIM card), wherein the mobile phone information comprises: at least one of a serial number of the mobile phone, an IMEI (international mobile equipment identity), a WIFI (wireless fidelity) MAC (media access control) address, a Device _ ID, an Android _ ID, an insertion ID and an IMSI (international mobile subscriber identity) of the SIM card.
CN201810082623.6A 2018-01-29 2018-01-29 Automatic identity authentication method and system for mobile phone application Active CN110098933B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810082623.6A CN110098933B (en) 2018-01-29 2018-01-29 Automatic identity authentication method and system for mobile phone application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810082623.6A CN110098933B (en) 2018-01-29 2018-01-29 Automatic identity authentication method and system for mobile phone application

Publications (2)

Publication Number Publication Date
CN110098933A CN110098933A (en) 2019-08-06
CN110098933B true CN110098933B (en) 2021-09-14

Family

ID=67442761

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810082623.6A Active CN110098933B (en) 2018-01-29 2018-01-29 Automatic identity authentication method and system for mobile phone application

Country Status (1)

Country Link
CN (1) CN110098933B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI807707B (en) * 2022-03-21 2023-07-01 中華電信股份有限公司 Secure software update system, method and computer readable medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103259667A (en) * 2013-06-07 2013-08-21 北京邮电大学 Method and system for eID authentication on mobile terminal
CN104052754A (en) * 2014-06-26 2014-09-17 北京思特奇信息技术股份有限公司 ID verification method and system for third-party App
CN104579657A (en) * 2013-10-11 2015-04-29 北大方正集团有限公司 Method and device for identity authentication
CN104753674A (en) * 2013-12-31 2015-07-01 中国移动通信集团公司 Application identity authentication method and device
CN105095696A (en) * 2015-06-25 2015-11-25 三星电子(中国)研发中心 Method, system and apparatus for carrying out safety authentication on application programs
CN105791262A (en) * 2015-12-30 2016-07-20 广东亿迅科技有限公司 APP real name authentication secure login system and method based on mobile phone IMSI

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130254858A1 (en) * 2012-03-26 2013-09-26 Computer Associates Think, Inc. Encoding an Authentication Session in a QR Code

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103259667A (en) * 2013-06-07 2013-08-21 北京邮电大学 Method and system for eID authentication on mobile terminal
CN104579657A (en) * 2013-10-11 2015-04-29 北大方正集团有限公司 Method and device for identity authentication
CN104753674A (en) * 2013-12-31 2015-07-01 中国移动通信集团公司 Application identity authentication method and device
CN104052754A (en) * 2014-06-26 2014-09-17 北京思特奇信息技术股份有限公司 ID verification method and system for third-party App
CN105095696A (en) * 2015-06-25 2015-11-25 三星电子(中国)研发中心 Method, system and apparatus for carrying out safety authentication on application programs
CN105791262A (en) * 2015-12-30 2016-07-20 广东亿迅科技有限公司 APP real name authentication secure login system and method based on mobile phone IMSI

Also Published As

Publication number Publication date
CN110098933A (en) 2019-08-06

Similar Documents

Publication Publication Date Title
CN106105295B (en) Method and system for configuring a system
EP3557895A1 (en) Method and apparatus for managing a profile of a terminal in a wireless communication system
TW201706900A (en) Method and device for authentication using dynamic passwords
WO2016127845A1 (en) Operating method for voice authentication system and device
US10841106B1 (en) Combined authentication and encryption
CN111050314A (en) Client registration method, device and system
JP2014016980A (en) Mobile communication terminal authentication method, service server executing the same, mobile communication terminal, and computer readable recording medium
US11838752B2 (en) Method and apparatus for managing a profile of a terminal in a wireless communication system
WO2016134657A1 (en) Operating method for push authentication system and device
CN111132305B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN107567017B (en) Wireless connection system, device and method
WO2011088658A1 (en) Method, server and system for authenticating identification information in domain name system (dns) messages
CN103210607A (en) Secure registration to a service provided by a web server
CN103973543B (en) Instant communicating method and device
KR101379711B1 (en) Method for file encryption and decryption using telephone number
CN110098933B (en) Automatic identity authentication method and system for mobile phone application
CN111093196B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
US10028141B2 (en) Method and system for determining that a SIM and a SIP client are co-located in the same mobile equipment
US11425561B2 (en) Access to a service with authentication based on a mobile terminal
CN109460647B (en) Multi-device secure login method
WO2014201783A1 (en) Encryption and authentication method, system and terminal for ad hoc network
JP5388088B2 (en) Communication terminal device, management device, communication method, management method, and computer program.
CN101483867B (en) User identity verification method, related device and system in WAP service
WO2018099407A1 (en) Account authentication login method and device
CN115150075A (en) Method, apparatus, device and medium for data communication based on shared secret key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant