CN112019483A - Short message verification system and method for position authorization and verification of short message verification code - Google Patents

Short message verification system and method for position authorization and verification of short message verification code Download PDF

Info

Publication number
CN112019483A
CN112019483A CN201910463840.4A CN201910463840A CN112019483A CN 112019483 A CN112019483 A CN 112019483A CN 201910463840 A CN201910463840 A CN 201910463840A CN 112019483 A CN112019483 A CN 112019483A
Authority
CN
China
Prior art keywords
short message
verification
terminal
user
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910463840.4A
Other languages
Chinese (zh)
Inventor
孙正楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Yinzheng Technology Co ltd
Original Assignee
Hangzhou Yinzheng Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Yinzheng Technology Co ltd filed Critical Hangzhou Yinzheng Technology Co ltd
Priority to CN201910463840.4A priority Critical patent/CN112019483A/en
Publication of CN112019483A publication Critical patent/CN112019483A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a short message verification system and a method for authorizing and verifying the position of a short message verification code. The problem that the short message position detection in the prior art has no authorization verification or the authorization verification mode cannot meet the wide use requirement is solved. The system comprises a user authentication terminal, a user service terminal, a service server and a short message server. The short message server generates a position authorization verification code and sends the position authorization verification code to the user authentication terminal, position authorization verification is carried out according to feedback information of the service server after the short message verification code passes verification, position matching verification is carried out according to the obtained position of the user service terminal and the position information of the user authentication terminal after the position authorization verification passes, and the short message verification step is determined to be completed after the position matching verification passes. The invention adds position authorization verification while verifying the short message, further improves the safety, simplifies the process, does not need to sign an agreement and meets the requirement of wide use.

Description

Short message verification system and method for position authorization and verification of short message verification code
Technical Field
The invention relates to the technical field of information authentication, in particular to a short message verification system and a short message verification method for authorizing and verifying a short message verification code position.
Background
And the dynamic password authentication is that a dynamic verification code server side sends a short message verification code to a user mobile phone terminal, a user reads the short message verification code and inputs the short message verification code at a client side, the client side sends the short message verification code to the dynamic verification code server side, the dynamic verification code server side verifies the sent short message verification code and a returned verification code, if the verification is passed, the dynamic password authentication is successful, otherwise, the authentication is failed.
The existing technology for authenticating the dynamic password, the patent document with Chinese patent publication No. CN106209372A, discloses a system and a method for authenticating the dynamic password with position detection, which checks whether the short message verification code is intercepted by other people by matching the position of the mobile phone receiving the short message verification code with the position of the client, the system for authenticating the short message verification code needs the authorization of the client by using the position of the mobile phone receiving the short message verification code, but the patent does not disclose the authorization method for using the position of the mobile phone receiving the short message verification code.
Short message verification codes are widely used in online payment, and as viruses for intercepting short messages of a mobile phone intelligent terminal are spread on the mobile internet, fraud activities of stealing user funds due to the interception of the short message verification codes occur.
Because the short message verification code is observed and input by human eyes, whether the mobile phone verification code is intercepted or stolen by others can be judged by judging whether the position of the service operation and the position of the short message verification code mobile phone are in the visible range of human eyes. The position of the short message verification code is verified by using the position of the mobile phone, the position authorization of a user is required, and the existing position authorization method requires the user to sign an authorization protocol or the short message authorization and cannot meet the requirement of wide use of the short message verification code.
In a word, the existing short message verification code technology has the defect that deception authentication is difficult to prevent by using the short message verification code obtained by interception.
Disclosure of Invention
The invention mainly solves the problems that the position detection of a short message in the prior art has no authorization verification or the authorization verification mode cannot meet the requirement of wide use, and provides a short message verification system and a method for position authorization and verification of a short message verification code.
The technical problem of the invention is mainly solved by the following technical scheme: a short message verification system for position authorization and verification of a short message verification code is characterized in that: comprises a user authentication terminal, a user service terminal, a service server and a short message server,
the user service terminal is connected with the service server through a wireless or wired network and is used for inputting the short message verification code and the position authorization verification code and sending the short message verification code and the position authorization verification code to the service server; the user service terminal can be a personal computer, a mobile phone or a PDA with a browser and an APP program installed therein, an ATM or a POS machine and the like; the wireless or wired Network may be a DSL (DSL, Digital Subscriber Loop) access Network, a PON (PON, Passive Optical Networks) access Network, or a LAN (Local Area Network) access Network, or a WiFi wireless access Network, etc.;
the user authentication terminal is communicated with the short message server through a mobile communication network and receives the short message; the user authentication terminal receives and transmits the short message by using the number; the user authentication terminal can be a mobile phone or a PDA provided with a mobile phone SIM card and the like; the wireless network can be a 2G network such as GSM, CDMA and the like, and can also be a wireless network such as 3G, 4G, 5G and the like; the user service terminal and the user authentication terminal may be the same handset.
The service server is used for generating a short message verification code, sending the short message verification code to the user authentication terminal through the short message server, and receiving feedback information of the user service terminal to verify the short message verification code; the service server comprises a database, and the database stores the number of each user authentication terminal.
The short message server is used for generating a position authorization verification code and sending the position authorization verification code to the user authentication terminal, performing position authorization verification according to feedback information of the service server after the short message verification code passes verification, performing position matching verification according to the acquired position of the user service terminal and the position information of the user authentication terminal after the position authorization verification passes, and determining to complete the short message verification step after the position matching verification passes. The short message server comprises a position authentication unit, collects the position information of the user authentication terminal number, establishes the corresponding relation between the user authentication terminal number and the position information, receives the position verification request of the short message server to the user service terminal and the user authentication terminal, performs position matching on the position information of the user service terminal and the user authentication terminal, and sends the position matching result to the short message server.
The system can use the position information of the user authentication terminal to perform position matching authentication of the user authentication terminal and the user service terminal by the authorization short message server through the reply operation of the user to the position authorization verification code, and determines whether the short message verification code is intercepted or not by judging whether the user service terminal and the user authentication terminal are at the same position, thereby further improving the safety of the short message verification code authentication.
A short message verification method for authorizing and verifying the position of a short message verification code comprises,
the service server generates a short message verification code and sends the short message verification code to the user authentication terminal through the short message server, and the service server receives feedback information of the user service terminal to verify the short message verification code;
the short message server generates a position authorization verification code and sends the position authorization verification code to the user authentication terminal, the short message server conducts position authorization verification according to feedback information of the service server after the short message verification code passes verification, position matching verification is conducted according to the obtained position of the user service terminal and the position information of the user authentication terminal after the position authorization verification passes, and short message verification code verification is confirmed to be completed after the position matching verification passes.
The method can authorize the short message server to use the position information of the user authentication terminal to perform the position matching authentication of the user authentication terminal and the user service terminal through the reply operation of the user to the position authorization verification code, and determine whether the short message verification code is intercepted or not by judging whether the user service terminal and the user authentication terminal are at the same position, thereby further improving the safety of the short message verification code authentication.
Preferably, the location authorization verification process includes,
the service server receives the position authorization verification code fed back by the user service terminal, acquires the position information of the user service terminal after the short message verification code passes verification, and then sends a position verification request comprising the fed-back position authorization verification code, the number of the user authentication terminal and the position information of the user service terminal to the short message server;
the short message server compares whether the fed back position authorization verification code is matched with the sent position authorization verification code, if not, the short message server returns a position verification result that the user authentication terminal does not authorize to use the position of the user authentication terminal to the service server, if so, the short message server obtains the position information of the user authentication terminal, and performs position matching verification according to the position of the user service terminal and the position information of the user authentication terminal.
As a preferred scheme, the specific process of short message authentication includes,
the method comprises the steps that a service server receives a service request of a user service terminal, starts short message verification, sends an input request for inputting a short message verification code and a position authorization code to the user service terminal, generates the short message verification code at the same time, obtains a user authentication terminal number of a current user from a database, and sends the short message verification code and the user authentication terminal number to a short message server;
the short message server generates a position authorization verification code and sends a short message comprising the short message verification code and the position authorization verification code to the user authentication terminal;
the service server receives a short message verification code and a position authorization verification code fed back by the user service terminal, compares whether the fed back short message verification code is matched with the sent short message verification code, if not, the short message verification process fails, the short message verification is finished, if so, the position information of the user service terminal is obtained, and a position verification request comprising the position authorization verification code, the user authentication terminal number and the position of the user service terminal is sent to the short message server;
the short message server compares whether the fed back position authorization verification code is matched with the sent position authorization verification code, if not, the short message server returns a position verification result that the user authentication terminal does not authorize to use the position of the user authentication terminal to the service server, if so, the short message server obtains position information of the user authentication terminal, compares whether the position of the user service terminal is matched with the position of the user authentication terminal, if so, returns a position verification result which is successfully matched to the service server, and if not, returns a position verification result which is failed to be matched to the service server;
and the service server judges the short message verification result according to the position verification result, and the short message verification is finished. In the scheme, short message verification and position authorization verification are synchronously performed, the generated short message verification code and the generated position authorization verification code are sent to the user authentication terminal by the short message server together, the user service terminal needs to input the short message verification code and the position authorization verification code simultaneously, and the service server and the short message server respectively perform verification. According to the scheme, the position authorization verification is added while the short message verification is carried out, the user authorization verification is carried out dynamically, the safety is further improved, the position acquisition can be carried out only after the short message verification is authorized, the process is simplified, the signing protocol is not needed, and the requirement for wide use is met.
As a preferred scheme, before the short message server performs location matching verification on the location of the user service terminal and the location of the user authentication terminal, the method further comprises the following steps:
the short message server collects the number of the user authentication terminal and the paging area where the user authentication terminal is located, and establishes the corresponding relation between the number of the user authentication terminal, the paging area where the user authentication terminal is located and the geographic positions of all base stations in the paging area;
or the short message server collects the number of the user authentication terminal and the base station number connected with the user authentication terminal, and establishes the corresponding relation among the number of the user authentication terminal, the base station number connected with the user authentication terminal and the geographical position of the base station number.
As a preferred scheme, the process of acquiring the location information of the user service terminal by the service server includes:
a11. a user service terminal acquires longitude and latitude position information of the user service terminal;
a12. and the user service terminal sends the longitude and latitude position information to the service server, and the service server determines the position information of the user service terminal according to the longitude and latitude position information. In the scheme, the position of the user service terminal is determined by collecting longitude and latitude position information.
As a preferred scheme, the process of acquiring the location information of the user service terminal by the service server includes:
a21. a user service terminal acquires the information of a base station number connected with the user service terminal;
a22. the user service terminal sends the base station number information to the service server, and the service server determines the position information of the user service terminal according to the base station number information.
As a preferred scheme, the process of comparing whether the location of the user service terminal and the location of the user authentication terminal match at the short message server comprises,
b11. the short message server acquires a paging area where the user authentication terminal number is located, inquires the position information of any base station in the paging area, and calculates the distance S1 between the position of the base station and the position of the user service terminal;
b12. the short message server presets the farthest coverage radius value of the base station according to the type of the base station, compares the calculated distance S1 with the farthest coverage radius value of the base station, if the distance S1 is smaller than the farthest coverage radius value of the base station, judges that the base station covers the user service terminal, the position matching is successful, and if the distance S1 is larger than the farthest coverage radius value of the base station, the next step is carried out;
b13. whether the short message server traverses all base stations in the paging area or not is judged, if not, the position information of other base stations in the paging area is inquired, the distance S1 between the position of the base station and the position of the user service terminal is calculated, and the step b12 is returned; if so, all base stations in the paging area where the user authentication terminal is located cannot cover the user service terminal, and the position matching fails. The method adopts the paging area and the position of the user service terminal to carry out position matching, selects any base station in the paging area, and traverses all base stations in the paging area until the positions are matched or not matched.
As a preferred scheme, the process of comparing whether the location of the user service terminal and the location of the user authentication terminal match at the short message server comprises,
b21. the short message server acquires the longitude and latitude of the base station position connected with the user authentication terminal, and calculates the distance S2 between the longitude and latitude of the base station position and the longitude and latitude of the user service terminal position;
b22. the short message server presets the farthest coverage radius value of the base station according to the type of the base station, compares the calculated distance S2 with the farthest coverage radius value of the base station, judges that the base station covers the user service terminal if the distance S2 is smaller than the farthest coverage radius value of the base station, and fails to match the position if the distance S2 is larger than the farthest coverage radius value of the base station. According to the scheme, longitude and latitude information is adopted to carry out distance calculation and comparison to realize position matching.
As a preferred scheme, the process of comparing whether the location of the user service terminal and the location of the user authentication terminal match at the short message server comprises,
b31. the short message server acquires the position of a base station connected with the user authentication terminal, and calculates the distance S3 between the position of the base station and the position of the base station connected with the position of the user service terminal;
b32. the short message server respectively presets the farthest covering radius values of the two base stations according to the types of the two base stations, compares the calculated distance S3 with the sum of the farthest covering radii of the two base stations, judges that the base station covers the user service terminal if the distance S3 is smaller than the sum of the farthest covering radii of the two base stations, and then the position matching is successful, and fails if the distance S3 is larger than the sum of the farthest covering radii of the two base stations.
Therefore, the invention has the advantages that:
1. the position matching authentication of the user authentication terminal and the user service terminal is carried out by using the position information of the user authentication terminal through the reply operation of the user to the position authorization verification code by the user, and whether the short message verification code is intercepted or not is determined by judging whether the user service terminal and the user authentication terminal are at the same position, so that the safety of the short message verification code authentication is further improved.
2. The short message verification and the position authorization verification are synchronously carried out, the generated short message verification code and the generated position authorization verification code are sent to the user authentication terminal by the short message server together, the short message verification code and the position authorization verification code are required to be input by the user service terminal at the same time, the service server and the short message server respectively carry out verification, the position authorization verification is added while the short message verification is carried out, the user authorization verification is carried out dynamically, the safety is further improved, the position acquisition can be carried out only after the authorization, the process is simplified, the signing protocol is not required, and the requirement of wide use is met.
Drawings
FIG. 1 is a block diagram of one configuration of the present invention.
FIG. 2 is a schematic flow chart of the present invention.
1-user authentication terminal 2-user service terminal 3-service server 4-short message server.
Detailed Description
The technical scheme of the invention is further specifically described by the following embodiments and the accompanying drawings.
Example (b):
a short message verification system for authorizing and verifying a short message verification code position in this embodiment is shown in fig. 1, and includes a user authentication terminal 1, a user service terminal 2, a service server 3, and a short message server 4. The user service terminal is connected with the service server through a wired or wireless network, the service server is connected with the short message server through a wired or wireless network, and the user authentication terminal is connected with the short message server through a mobile communication network.
The user service terminal is used for inputting the short message verification code and the position authorization verification code and sending the short message verification code and the position authorization verification code to the service server, and also used for acquiring the position information of the user service terminal and sending the position information to the service server; the user service terminal can be a personal computer, a mobile phone or a PDA with a browser and an APP program installed therein, an ATM or a POS machine and the like; the wireless or wired Network may be a DSL (DSL, Digital Subscriber Loop) access Network, a PON (PON, Passive Optical Networks) access Network, or a LAN (Local Area Network) access Network, or may be a WiFi radio access Network, etc.;
the user authentication terminal receives the short message and sends and receives the short message by using the number; the user authentication terminal can be a mobile phone or a PDA provided with a mobile phone SIM card and the like; the mobile communication network can be a 2G network such as GSM, CDMA and the like, and can also be a wireless network such as 3G, 4G, 5G and the like; the user service terminal and the user authentication terminal may be the same handset.
And the service server is used for generating a short message verification code, sending the short message verification code to the user authentication terminal through the short message server, and receiving feedback information of the user service terminal to verify the short message verification code. The service server comprises a database, and the database stores the number of each user authentication terminal.
The short message server is used for generating a position authorization verification code and sending the position authorization verification code to the user authentication terminal, performing position authorization verification according to feedback information of the service server after the short message verification code passes verification, performing position matching verification according to the acquired position of the user service terminal and the position information of the user authentication terminal after the position authorization verification passes, and determining to complete the short message verification step after the position matching verification passes. The short message server comprises a position authentication unit, collects the position information of the user authentication terminal number, establishes the corresponding relation between the user authentication terminal number and the position information, receives the position verification request of the short message server to the user service terminal and the user authentication terminal, performs position matching on the position information of the user service terminal and the user authentication terminal, and sends the position matching result to the short message server.
The embodiment also comprises a short message verification method for authorizing and verifying the position of the short message verification code by adopting the system, which comprises the following steps,
the service server generates a short message verification code and sends the short message verification code to the user authentication terminal through the short message server, and the service server receives feedback information of the user service terminal to verify the short message verification code;
the short message server generates a position authorization verification code and sends the position authorization verification code to the user authentication terminal, the short message server conducts position authorization verification according to feedback information of the service server after the short message verification code passes verification, position matching verification is conducted according to the obtained position of the user service terminal and the position information of the user authentication terminal after the position authorization verification passes, and short message verification code verification is confirmed to be completed after the position matching verification passes.
Specifically, the location authorization verification process comprises the steps that the service server receives a location authorization verification code fed back by the user service terminal, acquires the location information of the user service terminal after the short message verification code passes verification, and then sends a location verification request comprising the fed-back location authorization verification code, the number of the user authentication terminal and the location information of the user service terminal to the short message server;
the short message server compares whether the fed back position authorization verification code is matched with the sent position authorization verification code, if not, the short message server returns a position verification result that the user authentication terminal does not authorize to use the position of the user authentication terminal to the service server, if so, the short message server obtains the position information of the user authentication terminal, and performs position matching verification according to the position of the user service terminal and the position information of the user authentication terminal.
The method adds position authorization verification in the position verification process of the short message verification, and the position authorization verification are synchronously performed, so that the short message verification process comprises,
the method comprises the steps that a service server receives a service request of a user service terminal, starts short message verification, sends an input request for inputting a short message verification code and a position authorization code to the user service terminal, generates the short message verification code at the same time, obtains a user authentication terminal number of a current user from a database, and sends the short message verification code and the user authentication terminal number to a short message server;
the short message server generates a position authorization verification code and sends a short message comprising the short message verification code and the position authorization verification code to the user authentication terminal;
the service server receives a short message verification code and a position authorization verification code fed back by the user service terminal, compares whether the fed back short message verification code is matched with the sent short message verification code, if not, the short message verification process fails, the short message verification is finished, if so, the position information of the user service terminal is obtained, and a position verification request comprising the position authorization verification code, the user authentication terminal number and the position of the user service terminal is sent to the short message server;
the short message server compares whether the fed back position authorization verification code is matched with the sent position authorization verification code, if not, the short message server returns a position verification result that the user authentication terminal does not authorize to use the position of the user authentication terminal to the service server, if so, the short message server obtains position information of the user authentication terminal, compares whether the position of the user service terminal is matched with the position of the user authentication terminal, if so, returns a position verification result which is successfully matched to the service server, and if not, returns a position verification result which is failed to be matched to the service server;
and the service server judges the short message verification result according to the position verification result, and the short message verification is finished.
The service server obtains the position information of the user service terminal in two modes, wherein the first process comprises the following steps:
a11. a user service terminal acquires longitude and latitude position information of the user service terminal;
a12. and the user service terminal sends the longitude and latitude position information to the service server, and the service server determines the position information of the user service terminal according to the longitude and latitude position information.
The second process comprises:
a21. a user service terminal acquires the information of a base station number connected with the user service terminal;
a22. the user service terminal sends the base station number information to the service server, and the service server determines the position information of the user service terminal according to the base station number information.
In addition, in the embodiment, the short message server compares whether the position of the user service terminal is matched with the position of the user authentication terminal in three modes. Before the short message server carries out position matching verification on the position of the user service terminal and the position of the user authentication terminal, the method further comprises the following steps:
the short message server collects the number of the user authentication terminal and the paging area where the user authentication terminal is located, and establishes the corresponding relation between the number of the user authentication terminal, the paging area where the user authentication terminal is located and the geographic positions of all base stations in the paging area;
or the short message server collects the number of the user authentication terminal and the base station number connected with the user authentication terminal, and establishes the corresponding relation among the number of the user authentication terminal, the base station number connected with the user authentication terminal and the geographical position of the base station number.
According to the number of the user authentication terminal, the corresponding relation between the paging area where the user authentication terminal is located and all base station geographic positions in the paging area, the first way process of comparing whether the user service terminal position and the user authentication terminal position are matched by the short message server is as follows:
b11. the short message server acquires a paging area where the user authentication terminal number is located, inquires the position information of any base station in the paging area, and calculates the distance S1 between the position of the base station and the position of the user service terminal;
b12. the short message server presets the farthest coverage radius value of the base station according to the type of the base station, compares the calculated distance S1 with the farthest coverage radius value of the base station, if the distance S1 is smaller than the farthest coverage radius value of the base station, judges that the base station covers the user service terminal, the position matching is successful, and if the distance S1 is larger than the farthest coverage radius value of the base station, the next step is carried out;
b13. whether the short message server traverses all base stations in the paging area or not is judged, if not, the position information of other base stations in the paging area is inquired, the distance S1 between the position of the base station and the position of the user service terminal is calculated, and the step b12 is returned; if so, all base stations in the paging area where the user authentication terminal is located cannot cover the user service terminal, and the position matching fails.
According to the number of the user authentication terminal, the corresponding relation between the base station number connected with the user authentication terminal and the geographical position of the base station number, the second mode process of comparing whether the position of the user service terminal is matched with the position of the user authentication terminal by the short message server is as follows:
b21. the short message server acquires the longitude and latitude of the base station position connected with the user authentication terminal, and calculates the distance S2 between the longitude and latitude of the base station position and the longitude and latitude of the user service terminal position;
b22. the short message server presets the farthest coverage radius value of the base station according to the type of the base station, compares the calculated distance S2 with the farthest coverage radius value of the base station, judges that the base station covers the user service terminal if the distance S2 is smaller than the farthest coverage radius value of the base station, and fails to match the position if the distance S2 is larger than the farthest coverage radius value of the base station.
According to the number of the user authentication terminal, the corresponding relation between the base station number connected with the user authentication terminal and the geographical position of the base station number, the third mode process of comparing whether the position of the user service terminal is matched with the position of the user authentication terminal by the short message server is as follows:
b31. the short message server acquires the position of a base station connected with the user authentication terminal, and calculates the distance S3 between the position of the base station and the position of the base station connected with the position of the user service terminal;
b32. the short message server respectively presets the farthest covering radius values of the two base stations according to the types of the two base stations, compares the calculated distance S3 with the sum of the farthest covering radii of the two base stations, judges that the base station covers the user service terminal if the distance S3 is smaller than the sum of the farthest covering radii of the two base stations, and then the position matching is successful, and fails if the distance S3 is larger than the sum of the farthest covering radii of the two base stations. .
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or ambit of the invention as defined in the appended claims.
Although terms such as user authentication terminal, user service terminal, service server, short message server, etc. are used more often herein, the possibility of using other terms is not excluded. These terms are used merely to more conveniently describe and explain the nature of the present invention; they are to be construed as being without limitation to any additional limitations that may be imposed by the spirit of the present invention.

Claims (10)

1. A short message verification system for position authorization and verification of a short message verification code is characterized in that: comprises a user authentication terminal, a user service terminal, a service server and a short message server,
the service server is used for generating a short message verification code, sending the short message verification code to the user authentication terminal through the short message server, and receiving feedback information of the user service terminal to verify the short message verification code;
the short message server is used for generating a position authorization verification code and sending the position authorization verification code to the user authentication terminal, performing position authorization verification according to feedback information of the service server after the short message verification code passes verification, performing position matching verification according to the acquired position of the user service terminal and the position information of the user authentication terminal after the position authorization verification passes, and determining to complete the short message verification step after the position matching verification passes.
2. A short message verification method for authorizing and verifying the position of a short message verification code, which adopts the system in claim 1 and is characterized in that: the method comprises the steps of (1) carrying out,
the service server generates a short message verification code and sends the short message verification code to the user authentication terminal through the short message server, and the service server receives feedback information of the user service terminal to verify the short message verification code;
the short message server generates a position authorization verification code and sends the position authorization verification code to the user authentication terminal, the short message server conducts position authorization verification according to feedback information of the service server after the short message verification code passes verification, position matching verification is conducted according to the obtained position of the user service terminal and the position information of the user authentication terminal after the position authorization verification passes, and short message verification code verification is confirmed to be completed after the position matching verification passes.
3. The short message authentication method of the position authorization and authentication of the short message authentication code as claimed in claim 2, wherein the position authorization authentication process comprises,
the service server receives the position authorization verification code fed back by the user service terminal, acquires the position information of the user service terminal after the short message verification code passes verification, and then sends a position verification request comprising the fed-back position authorization verification code, the number of the user authentication terminal and the position information of the user service terminal to the short message server;
the short message server compares whether the fed back position authorization verification code is matched with the sent position authorization verification code, if not, the short message server returns a position verification result that the user authentication terminal does not authorize to use the position of the user authentication terminal to the service server, if so, the short message server obtains the position information of the user authentication terminal, and performs position matching verification according to the position of the user service terminal and the position information of the user authentication terminal.
4. The short message authentication method of the authorization and authentication of the short message authentication code according to claim 2, wherein the specific process of the short message authentication includes,
the method comprises the steps that a service server receives a service request of a user service terminal, starts short message verification, sends an input request for inputting a short message verification code and a position authorization code to the user service terminal, generates the short message verification code at the same time, obtains a user authentication terminal number of a current user from a database, and sends the short message verification code and the user authentication terminal number to a short message server;
the short message server generates a position authorization verification code and sends a short message comprising the short message verification code and the position authorization verification code to the user authentication terminal;
the service server receives a short message verification code and a position authorization verification code fed back by the user service terminal, compares whether the fed back short message verification code is matched with the sent short message verification code, if not, the short message verification process fails, the short message verification is finished, if so, the position information of the user service terminal is obtained, and a position verification request comprising the position authorization verification code, the user authentication terminal number and the position of the user service terminal is sent to the short message server;
the short message server compares whether the fed back position authorization verification code is matched with the sent position authorization verification code, if not, the short message server returns a position verification result that the user authentication terminal does not authorize to use the position of the user authentication terminal to the service server, if so, the short message server obtains position information of the user authentication terminal, compares whether the position of the user service terminal is matched with the position of the user authentication terminal, if so, returns a position verification result which is successfully matched to the service server, and if not, returns a position verification result which is failed to be matched to the service server;
and the service server judges the short message verification result according to the position verification result, and the short message verification is finished.
5. A short message verification method for position authorization and verification of a short message verification code according to claim 2, 3 or 4, characterized in that before the short message server performs position matching verification on the position of the user service terminal and the position of the user authentication terminal, the method further comprises:
the short message server collects the number of the user authentication terminal and the paging area where the user authentication terminal is located, and establishes the corresponding relation between the number of the user authentication terminal, the paging area where the user authentication terminal is located and the geographic positions of all base stations in the paging area;
or the short message server collects the number of the user authentication terminal and the base station number connected with the user authentication terminal, and establishes the corresponding relation among the number of the user authentication terminal, the base station number connected with the user authentication terminal and the geographical position of the base station number.
6. The method as claimed in claim 5, wherein the process of the service server obtaining the location information of the user service terminal comprises:
a11. a user service terminal acquires longitude and latitude position information of the user service terminal;
a12. and the user service terminal sends the longitude and latitude position information to the service server, and the service server determines the position information of the user service terminal according to the longitude and latitude position information.
7. The method as claimed in claim 5, wherein the process of the service server obtaining the location information of the user service terminal comprises:
a21. a user service terminal acquires the information of a base station number connected with the user service terminal;
a22. the user service terminal sends the base station number information to the service server, and the service server determines the position information of the user service terminal according to the base station number information.
8. The short message verification method of the authorization and verification of the short message verification code position as claimed in claim 6, wherein the process of comparing the user service terminal position and the user authentication terminal position at the short message server includes,
b11. the short message server acquires a paging area where the user authentication terminal number is located, inquires the position information of any base station in the paging area, and calculates the distance S1 between the position of the base station and the position of the user service terminal;
b12. the short message server presets the farthest coverage radius value of the base station according to the type of the base station, compares the calculated distance S1 with the farthest coverage radius value of the base station, if the distance S1 is smaller than the farthest coverage radius value of the base station, judges that the base station covers the user service terminal, the position matching is successful, and if the distance S1 is larger than the farthest coverage radius value of the base station, the next step is carried out;
b13. whether the short message server traverses all base stations in the paging area or not is judged, if not, the position information of other base stations in the paging area is inquired, the distance S1 between the position of the base station and the position of the user service terminal is calculated, and the step b12 is returned; if so, all base stations in the paging area where the user authentication terminal is located cannot cover the user service terminal, and the position matching fails.
9. The short message verification method of the authorization and verification of the short message verification code position as claimed in claim 6, wherein the process of comparing the user service terminal position and the user authentication terminal position at the short message server includes,
b21. the short message server acquires the longitude and latitude of the base station position connected with the user authentication terminal, and calculates the distance S2 between the longitude and latitude of the base station position and the longitude and latitude of the user service terminal position;
b22. the short message server presets the farthest coverage radius value of the base station according to the type of the base station, compares the calculated distance S2 with the farthest coverage radius value of the base station, judges that the base station covers the user service terminal if the distance S2 is smaller than the farthest coverage radius value of the base station, and fails to match the position if the distance S2 is larger than the farthest coverage radius value of the base station.
10. The short message verification method of claim 7, wherein the process of comparing the user service terminal position and the user authentication terminal position at the short message server includes,
b31. the short message server acquires the position of a base station connected with the user authentication terminal, and calculates the distance S3 between the position of the base station and the position of the base station connected with the position of the user service terminal;
b32. the short message server respectively presets the farthest covering radius values of the two base stations according to the types of the two base stations, compares the calculated distance S3 with the sum of the farthest covering radii of the two base stations, judges that the base station covers the user service terminal if the distance S3 is smaller than the sum of the farthest covering radii of the two base stations, and then the position matching is successful, and fails if the distance S3 is larger than the sum of the farthest covering radii of the two base stations.
CN201910463840.4A 2019-05-30 2019-05-30 Short message verification system and method for position authorization and verification of short message verification code Pending CN112019483A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910463840.4A CN112019483A (en) 2019-05-30 2019-05-30 Short message verification system and method for position authorization and verification of short message verification code

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910463840.4A CN112019483A (en) 2019-05-30 2019-05-30 Short message verification system and method for position authorization and verification of short message verification code

Publications (1)

Publication Number Publication Date
CN112019483A true CN112019483A (en) 2020-12-01

Family

ID=73501202

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910463840.4A Pending CN112019483A (en) 2019-05-30 2019-05-30 Short message verification system and method for position authorization and verification of short message verification code

Country Status (1)

Country Link
CN (1) CN112019483A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113744471A (en) * 2021-09-03 2021-12-03 中国银行股份有限公司 Commemorative coin extracting method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113744471A (en) * 2021-09-03 2021-12-03 中国银行股份有限公司 Commemorative coin extracting method and device

Similar Documents

Publication Publication Date Title
US11002822B2 (en) Service enhancements using near field communication
CN106991317B (en) Security verification method, platform, device and system
US7565142B2 (en) Method and apparatus for secure immediate wireless access in a telecommunications network
US7212806B2 (en) Location-based transaction authentication of wireless terminal
US7590246B2 (en) Authentication between a cellular phone and an access point of a short-range network
US6023689A (en) Method for secure communication in a telecommunications system
US6393270B1 (en) Network authentication method for over the air activation
RU2411670C2 (en) Method to create and verify authenticity of electronic signature
CN1611032B (en) A method for using a service involving a certificate where requirements are set for the data content of the certificate
JP5178690B2 (en) Communication system, portable terminal of the system, and center of the system
JP2000269959A (en) Authentication method by updated key
CA2537455A1 (en) Method and system for enhanced security using location-based wireless authentication
GB2393073A (en) Certification scheme for hotspot services
CN111385274B (en) Cross-network service calling method and device, feature gateway and identity recognition system
US6665530B1 (en) System and method for preventing replay attacks in wireless communication
CN112019483A (en) Short message verification system and method for position authorization and verification of short message verification code
US8380574B2 (en) Method and system for validating a transaction, corresponding transactional terminal and program
JP2002528978A (en) Authentication method and system
CN107665428B (en) Mobile payment identity authentication method, server and system
US20050102519A1 (en) Method for authentication of a user for a service offered via a communication system
CN108271230B (en) Method and device for acquiring mobile management information and computer readable storage medium
CN1124766C (en) System and method for preventing replay attacks in wireless communication
KR20010092011A (en) An user authentication system and method using a mobile terminal
CN115379403B (en) Optimization method and system for identifying mobile phone short message verification code
EP1580936B1 (en) Subscriber authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20201201

WD01 Invention patent application deemed withdrawn after publication