CN113381965A - Security authentication method, system and authentication service platform - Google Patents
Security authentication method, system and authentication service platform Download PDFInfo
- Publication number
- CN113381965A CN113381965A CN202010157049.3A CN202010157049A CN113381965A CN 113381965 A CN113381965 A CN 113381965A CN 202010157049 A CN202010157049 A CN 202010157049A CN 113381965 A CN113381965 A CN 113381965A
- Authority
- CN
- China
- Prior art keywords
- authentication
- terminal
- authenticated
- temporary number
- service platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000013507 mapping Methods 0.000 claims abstract description 44
- 238000004590 computer program Methods 0.000 claims description 10
- 230000008569 process Effects 0.000 abstract description 10
- 238000010295 mobile communication Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 20
- 238000012795 verification Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The invention discloses a security authentication method, a security authentication system and an authentication service platform, and relates to the technical field of mobile communication. The method comprises the following steps: receiving an authentication request sent by an application service system, wherein the authentication request comprises a terminal number to be authenticated; randomly generating an authentication key according to the authentication request; calculating a temporary number according to the authentication key, and establishing a mapping relation between the temporary number and the number of the terminal to be authenticated; sending the authentication key to a terminal to be authenticated through an application service system, generating a temporary number by the terminal to be authenticated according to the authentication key, and sending a call request according to the temporary number; and responding to the call request, judging whether the mapping relation exists between the terminal number to be authenticated and the temporary number, and if so, sending an authentication success message to the application server platform. The present disclosure improves the security of the authentication process.
Description
Technical Field
The present disclosure relates to the field of mobile communications technologies, and in particular, to a security authentication method, a security authentication system, and an authentication service platform.
Background
When the terminal is used for online payment or account login, the terminal needs to be subjected to security authentication so as to verify the validity of the user and protect the security of the user account.
In the related art, a user inputs a short message verification code issued by a website to perform terminal authentication. The android system is relatively open, so that after a mobile phone virus, a trojan or a malicious application steals the authority, the short message information can be read and intercepted, and the safety hazard exists in the authentication mode of the short message verification code.
Disclosure of Invention
The technical problem to be solved by the present disclosure is to provide a security authentication method, system and authentication service platform, which can improve the security of the authentication process.
According to an aspect of the present disclosure, a security authentication method is provided, including: receiving an authentication request sent by an application service system, wherein the authentication request comprises a terminal number to be authenticated; randomly generating an authentication key according to the authentication request; calculating a temporary number according to the authentication key, and establishing a mapping relation between the temporary number and the number of the terminal to be authenticated; sending the authentication key to a terminal to be authenticated through an application service system, generating a temporary number by the terminal to be authenticated according to the authentication key, and sending a call request according to the temporary number; and responding to the call request, judging whether the mapping relation exists between the terminal number to be authenticated and the temporary number, and if so, sending an authentication success message to the application server platform.
In some embodiments, after receiving a call request sent by a terminal to be authenticated, the number of the terminal to be authenticated is recorded and the call request is cut off.
In some embodiments, when the authentication key is sent to the application service system, an authentication timer is started; and deleting the mapping relation between the temporary number and the number of the terminal to be authenticated after the authentication timer expires.
In some embodiments, a pre-manufactured software development kit SDK is provided to the terminal to be authenticated, so that the terminal to be authenticated generates a temporary number corresponding to the authentication according to the authentication key by using the pre-manufactured SDK.
According to another aspect of the present disclosure, there is also provided an authentication service platform, including: the authentication request receiving unit is configured to receive an authentication request sent by an application service system, wherein the authentication request comprises a terminal number to be authenticated; an authentication key generation unit configured to randomly generate an authentication key according to the authentication request; a temporary number generation unit configured to calculate a temporary number from the authentication key; the number mapping establishing unit is configured to establish a mapping relation between the temporary number and the number of the terminal to be authenticated; the authentication key sending unit is configured to send the authentication key to the terminal to be authenticated through the application service system, the terminal to be authenticated generates a temporary number according to the authentication key, and sends a call request according to the temporary number; and the terminal number authentication unit is configured to respond to the call request, judge whether the mapping relation exists between the terminal number to be authenticated and the temporary number, and if so, send an authentication success message to the application server platform.
In some embodiments, the terminal number authentication unit is further configured to record the number of the terminal to be authenticated and cut off the call request after receiving the call request sent by the terminal to be authenticated.
In some embodiments, the timer starting unit is configured to start the authentication timer when the authentication key is transmitted to the application service system; and the mapping relation deleting unit is configured to delete the mapping relation between the temporary number and the terminal number to be authenticated after the authentication timer expires.
In some embodiments, the SDK sending unit is configured to provide a pre-established SDK to the terminal to be authenticated, so that the terminal to be authenticated generates a temporary number corresponding to the authentication according to the authentication key by using the pre-established SDK.
According to another aspect of the present disclosure, there is also provided an authentication service platform, including: a memory; and a processor coupled to the memory, the processor configured to perform the security authentication method as described above based on instructions stored in the memory.
According to another aspect of the present disclosure, there is also provided a security authentication system, including: the authentication service platform described above; the application server is configured to send an authentication request to the authentication service platform, wherein the authentication request comprises a terminal number to be authenticated, receive an authentication key sent by the authentication service platform, send the authentication key to the terminal to be authenticated and receive an authentication result sent by the authentication service platform; and the terminal to be authenticated is configured to generate a temporary number according to the received authentication key and send a call request to the authentication service platform according to the temporary number.
According to another aspect of the present disclosure, a computer-readable storage medium is also proposed, on which computer program instructions are stored, which instructions, when executed by a processor, implement the above-described security authentication method.
In the embodiment of the disclosure, the authentication service platform generates a random authentication key, generates a temporary number according to the authentication key, establishes a mapping relationship between the temporary number and a terminal number to be authenticated, sends the authentication key to the terminal to be authenticated through the application service system, generates the temporary number according to the authentication key by the terminal to be authenticated, sends a call request according to the temporary number, and if the authentication service platform can find out whether the mapping relationship exists between the number to be authenticated and the temporary number, confirms that the authentication is successful. Even if the authentication key is leaked in the transmission process, the pseudo terminal acquires the authentication key and generates a temporary number to call, and the authentication service platform does not store the mapping relation between the temporary number and the pseudo terminal number, so that the pseudo terminal cannot be authenticated, and the security of the authentication process is improved.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 is a flow diagram of some embodiments of a security authentication method of the present disclosure.
Fig. 2 is a schematic flow chart diagram illustrating further embodiments of the security authentication method of the present disclosure.
Fig. 3 is a schematic structural diagram of some embodiments of the authentication service platform of the present disclosure.
Fig. 4 is a schematic structural diagram of another embodiment of the authentication service platform according to the present disclosure.
Fig. 5 is a schematic structural diagram of another embodiment of the authentication service platform according to the present disclosure.
Fig. 6 is a schematic structural diagram of some embodiments of the security authentication system of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
Fig. 1 is a flow diagram of some embodiments of a security authentication method of the present disclosure. The steps of this embodiment are performed by an authentication service platform.
In step 110, an authentication request sent by the application service system is received, where the authentication request includes a terminal number to be authenticated.
For example, when receiving a payment request or an account login request sent by a terminal, an application service system first determines whether security authentication is required for a terminal number, and if so, sends an authentication request to an authentication service platform, wherein the authentication request includes a terminal number to be authenticated.
At step 120, an authentication key is randomly generated based on the authentication request.
In step 130, the temporary number is calculated according to the authentication key, and a mapping relationship between the temporary number and the number of the terminal to be authenticated is established.
In some embodiments, the authentication service platform may use various encryption and decryption algorithms to count the authentication keys, generate a temporary number for use in the current authentication, and bind the temporary number with the terminal number to be authenticated. The encryption algorithm is, for example, MD5 or the like.
In step 140, the authentication key is sent to the terminal to be authenticated through the application service system, and the terminal to be authenticated generates a temporary number according to the authentication key and sends a call request according to the temporary number.
In some embodiments, the terminal to be authenticated calculates a temporary number used in the authentication according to the authentication key by using the same algorithm as that of the authentication service platform, and sends a call request by using the temporary number as a called number.
In step 150, in response to the call request, it is determined whether a mapping relationship exists between the terminal number to be authenticated and the temporary number, and if so, an authentication success message is sent to the application server platform.
In the above embodiment, the authentication service platform generates a random authentication key, generates a temporary number according to the authentication key, establishes a mapping relationship between the temporary number and the number of the terminal to be authenticated, sends the authentication key to the terminal to be authenticated through the application service system, generates the temporary number according to the authentication key by the terminal to be authenticated, sends a call request according to the temporary number, and if the authentication service platform can find out whether the mapping relationship exists between the number to be authenticated and the temporary number, confirms that the authentication is successful. Even if the authentication key is leaked in the transmission process, the pseudo terminal acquires the authentication key and generates a temporary number to call, and the authentication service platform does not store the mapping relation between the temporary number and the pseudo terminal number, so that the pseudo terminal cannot be authenticated, and the security of the authentication process is improved.
Fig. 2 is a schematic flow chart diagram illustrating further embodiments of the security authentication method of the present disclosure.
In step 210, the application service system determines whether security authentication is required for the terminal number, if so, step 220 is executed, otherwise, the process is ended.
For example, when a user logs in a bank APP (application) using a number, the application service system receives a login request and determines whether security authentication is required for the user number.
In step 220, the application service system sends an authentication request to the authentication service platform, where the authentication request includes a terminal number to be authenticated.
At step 230, the authentication service platform randomly generates an authentication key according to the authentication request.
In step 240, the authentication service platform calculates a temporary number for the current authentication according to the authentication key, and establishes a mapping relationship between the temporary number and the number of the terminal to be authenticated.
In step 250, the authentication service platform sends the authentication number to the application service system and starts an authentication timer.
And after the authentication timer expires, deleting the mapping relation between the temporary number and the number of the terminal to be authenticated.
In step 260, the application service system transmits the authentication key to the terminal to be authenticated through the mobile internet.
In step 270, the terminal to be authenticated calculates the temporary number used in the authentication according to the authentication key by the preset SDK.
For example, the authentication service platform provides a pre-manufactured SDK (Software Development Kit) to the terminal in advance, and after receiving the authentication key, the terminal APP calculates a temporary number used for the current authentication according to the authentication key through the pre-manufactured SDK. Because the SDK is provided by the authentication service platform, the SDK can calculate the temporary number used in the authentication using the same algorithm as that of the authentication service platform.
Since the temporary number generated by the terminal is calculated according to the authentication key randomly generated by the authentication service platform, even if the authentication key is stolen, the pseudo terminal cannot generate the temporary number because the pseudo terminal does not know the temporary number generation rule.
In step 280, the terminal to be authenticated sends a call request to the authentication service platform with the temporary number as a called number. And the terminal to be authenticated sends a call request to the authentication service platform through the mobile network.
In step 290, after receiving the call request, the authentication service platform determines whether the timer expires, if not, performs step 2100, and if so, performs step 2130.
In step 2100, the authentication service platform hangs up the call request and records the number of the terminal to be authenticated.
In the related technology of using the short message verification code to perform terminal authentication, the success rate of the short message verification code authentication is not high due to user operation, a short message authentication platform and other reasons. For example, the success rate is about 30% to 40% for a certain treasure, which means that a large number of invalid short messages are repeatedly sent, resulting in a huge cost for the payment service provider. According to the method and the system, the authentication service system receives the call request and immediately hangs up, namely, the call is not connected, so that the communication cost of the terminal to be authenticated is not generated, and the communication cost of the security authentication is reduced.
In step 2110, the authentication service platform determines whether a mapping relationship exists between the terminal number to be authenticated and the temporary number, if yes, step 2120 is executed, otherwise, step 2130 is executed.
And the authentication service platform compares the calling number information in the call request with a mapping relation between the pre-stored terminal number to be authenticated and the temporary number.
At step 2120, the authentication service platform sends an authentication success message to the application service system.
At step 2130, the authentication service platform sends an authentication failure message to the application service system.
After the authentication timer expires, the authentication service system deletes the mapping relationship between the temporary number and the terminal number to be authenticated, so that the authentication service platform cannot inquire the mapping relationship between the temporary number and the terminal number to be authenticated, and then sends an authentication failure message to the application service system. Thus, the timeliness of the security authentication can be ensured.
In addition, even if the pseudo terminal steals the authentication key and the temporary number generation rule and calls based on the temporary number, the authentication service platform does not store the mapping relation between the number of the pseudo terminal and the temporary number, so that the authentication service platform cannot successfully authenticate the pseudo terminal.
In the embodiment, the terminal to be authenticated generates the temporary number according to the authentication key according to the SDK prefabricated by the authentication service platform, and initiates the authentication call to the authentication service platform, and the authentication service platform performs the security authentication on the terminal number to be authenticated according to the mapping relation between the stored temporary number and the terminal number to be authenticated, so that the security of the mobile internet application authentication process is improved, and the success rate of the mobile internet application security verification is improved. In addition, security authentication based on telephone calls also improves the cost-effectiveness ratio of security verification.
Fig. 3 is a schematic structural diagram of some embodiments of the authentication service platform of the present disclosure. The authentication service platform includes an authentication request receiving unit 310, an authentication key generating unit 320, a temporary number generating unit 330, a number mapping establishing unit 340, an authentication key transmitting unit 350, and a terminal number authenticating unit 360.
The authentication request receiving unit 310 is configured to receive an authentication request sent by an application service system, where the authentication request includes a terminal number to be authenticated.
For example, when receiving a payment request or an account login request sent by a terminal, an application service system first determines whether security authentication is required for a terminal number, and if so, sends an authentication request to an authentication service platform, wherein the authentication request includes a terminal number to be authenticated.
The authentication key generation unit 320 is configured to randomly generate an authentication key according to the authentication request.
The temporary number generation unit 330 is configured to calculate a temporary number from the authentication key.
In some embodiments, the authentication service platform may use various encryption and decryption algorithms to count the authentication keys and generate a temporary number for the authentication.
The number mapping establishing unit 340 is configured to establish a mapping relationship between the temporary number and the terminal number to be authenticated.
The authentication key transmission unit 350 is configured to transmit the authentication key to the terminal to be authenticated through the application service system, generate a temporary number from the authentication key by the terminal to be authenticated, and transmit a call request according to the temporary number.
In some embodiments, the terminal to be authenticated calculates a temporary number used in the authentication according to the authentication key by using the same algorithm as that of the authentication service platform, and sends a call request by using the temporary number as a called number.
In some embodiments, the authentication service platform may further include an SDK sending unit (not shown in the drawings), configured to provide a pre-established SDK to the terminal to be authenticated, so that the terminal to be authenticated generates a temporary number corresponding to the authentication according to the authentication key by using the pre-established SDK. Because the SDK is provided by the authentication service platform, the SDK can calculate the temporary number used in the authentication using the same algorithm as that of the authentication service platform.
The terminal number authentication unit 360 is configured to respond to the call request, determine whether a mapping relationship exists between the terminal number to be authenticated and the temporary number, and if so, send an authentication success message to the application server platform.
In the above embodiment, even if the authentication key is leaked in the transmission process, the pseudo terminal obtains the authentication key and generates the temporary number to call, because the authentication service platform does not store the mapping relationship between the temporary number and the pseudo terminal number, it may be determined that the pseudo terminal does not pass the authentication, thereby improving the security of the authentication process.
In some embodiments, the terminal number authentication unit 360 is further configured to record the number of the terminal to be authenticated and cut off the call request after receiving the call request sent by the terminal to be authenticated.
In this embodiment, since the authentication service system receives the call request and immediately hangs up, that is, does not connect the call, the terminal to be authenticated does not generate communication cost, thereby reducing the communication cost of the security authentication.
Fig. 4 is a schematic structural diagram of another embodiment of the authentication service platform according to the present disclosure. The authentication service platform further includes a timer starting unit 410 and a mapping relation deleting unit 420.
The timer starting unit 410 is configured to start an authentication timer when transmitting the authentication key to the application service system.
The mapping relation deleting unit 420 is configured to delete the mapping relation between the temporary number and the terminal number to be authenticated after the authentication timer expires.
The terminal number authentication unit 360 determines whether the timer expires after receiving the call request, and transmits an authentication failure message to the application service system if the timer expires.
After the authentication timer expires, the authentication service system deletes the mapping relationship between the temporary number and the terminal number to be authenticated, so that the authentication service platform cannot inquire the mapping relationship between the temporary number and the terminal number to be authenticated, and then sends an authentication failure message to the application service system. Thus, the timeliness of the security authentication can be ensured.
Fig. 5 is a schematic structural diagram of another embodiment of the authentication service platform according to the present disclosure. The authentication service platform includes a memory 510 and a processor 520. Wherein: the memory 510 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory is used to store instructions in the embodiments corresponding to fig. 1-2. Processor 520 is coupled to memory 510 and may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 520 is configured to execute instructions stored in memory.
In some embodiments, processor 520 is coupled to memory 510 by a BUS BUS 530. The authentication service platform 500 may also be connected to an external storage system 550 through a storage interface 540 to call external data, and may also be connected to a network or another computer system (not shown) through a network interface 560. And will not be described in detail herein.
In the embodiment, the data instruction is stored in the memory, and the instruction is processed by the processor, so that the safety, the success rate and the cost-effectiveness ratio of safety verification in the authentication process are improved.
Fig. 6 is a schematic structural diagram of some embodiments of the security authentication system of the present disclosure. The security authentication system includes an authentication service platform 610, an application server 620 and a terminal to be authenticated 630.
The authentication service platform 610, which has been described in detail in the above embodiments, receives the authentication request, generates the authentication key, generates the temporary number, establishes the relationship between the temporary number and the terminal number to be authenticated and the temporary number, and compares the numbers, and returns the authentication result to the application server 620.
The application server 620 is configured to send an authentication request to the authentication service platform, where the authentication request includes a number of the terminal to be authenticated, receive an authentication key sent by the authentication service platform 610, send the authentication key to the terminal to be authenticated, and receive an authentication result sent by the authentication service platform.
The terminal to be authenticated 630 is configured to generate a temporary number according to the received authentication key, and send a call request to the authentication service platform according to the temporary number.
In some embodiments, the terminal to be authenticated 630 communicates with the authentication service platform 610 through a mobile network, and communicates with the application service system through the internet.
In the embodiment, the existing network architecture is not changed, the interactive flow between the terminal and the network is basically followed, a safety authentication means can be provided for the mobile internet application, the problem of low safety of the short message verification code is solved, the safety of the internet application authentication process is improved, and the cost-effectiveness ratio and the authentication success rate of the mobile internet application safety authentication are improved.
In other embodiments, a computer-readable storage medium has stored thereon computer program instructions which, when executed by a processor, implement the steps of the method in the embodiments corresponding to fig. 1-2. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (11)
1. A security authentication method, comprising:
receiving an authentication request sent by an application service system, wherein the authentication request comprises a terminal number to be authenticated;
randomly generating an authentication key according to the authentication request;
calculating a temporary number according to the authentication key, and establishing a mapping relation between the temporary number and the number of the terminal to be authenticated;
sending the authentication key to a terminal to be authenticated through the application service system, generating a temporary number by the terminal to be authenticated according to the authentication key, and sending a call request according to the temporary number; and
and responding to the call request, judging whether the mapping relation exists between the terminal number to be authenticated and the temporary number, and if so, sending an authentication success message to the application server platform.
2. The secure authentication method of claim 1,
and after receiving the call request sent by the terminal to be authenticated, recording the number of the terminal to be authenticated and cutting off the call request.
3. The secure authentication method of claim 1, further comprising:
starting an authentication timer when the authentication key is sent to the application service system; and
and deleting the mapping relation between the temporary number and the number of the terminal to be authenticated after the authentication timer expires.
4. The secure authentication method of any one of claims 1 to 3, further comprising:
and providing a preset Software Development Kit (SDK) for the terminal to be authenticated so that the terminal to be authenticated can generate a temporary number corresponding to the authentication according to the authentication key by using the preset SDK.
5. An authentication service platform comprising:
the authentication request receiving unit is configured to receive an authentication request sent by an application service system, wherein the authentication request comprises a terminal number to be authenticated;
an authentication key generation unit configured to randomly generate an authentication key according to the authentication request;
a temporary number generation unit configured to calculate a temporary number from the authentication key;
the number mapping establishing unit is configured to establish a mapping relation between the temporary number and the number of the terminal to be authenticated;
the authentication key sending unit is configured to send the authentication key to a terminal to be authenticated through the application service system, the terminal to be authenticated generates a temporary number according to the authentication key, and sends a call request according to the temporary number; and
and the terminal number authentication unit is configured to respond to the call request, judge whether the mapping relationship exists between the terminal number to be authenticated and the temporary number, and if so, send an authentication success message to the application server platform.
6. The authentication service platform of claim 5,
the terminal number authentication unit is also configured to record the number of the terminal to be authenticated and cut off the call request after receiving the call request sent by the terminal to be authenticated.
7. The authentication service platform of claim 5, further comprising:
a timer starting unit configured to start an authentication timer when the authentication key is transmitted to the application service system; and
and the mapping relation deleting unit is configured to delete the mapping relation between the temporary number and the terminal number to be authenticated after the authentication timer expires.
8. The authentication service platform according to any one of claims 5 to 7, further comprising:
and the SDK sending unit is configured to provide a preset SDK for the terminal to be authenticated so that the terminal to be authenticated can generate a temporary number corresponding to the authentication according to the authentication key by using the preset SDK.
9. An authentication service platform comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the security authentication method of any of claims 1 to 4 based on instructions stored in the memory.
10. A security authentication system comprising:
an authentication service platform as claimed in any one of claims 5 to 9;
the application server is configured to send an authentication request to the authentication service platform, wherein the authentication request comprises a terminal number to be authenticated, receive an authentication key sent by the authentication service platform, send the authentication key to the terminal to be authenticated, and receive an authentication result sent by the authentication service platform; and
and the terminal to be authenticated is configured to generate a temporary number according to the received authentication key and send a call request to the authentication service platform according to the temporary number.
11. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the security authentication method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010157049.3A CN113381965A (en) | 2020-03-09 | 2020-03-09 | Security authentication method, system and authentication service platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010157049.3A CN113381965A (en) | 2020-03-09 | 2020-03-09 | Security authentication method, system and authentication service platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113381965A true CN113381965A (en) | 2021-09-10 |
Family
ID=77568383
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010157049.3A Pending CN113381965A (en) | 2020-03-09 | 2020-03-09 | Security authentication method, system and authentication service platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113381965A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005203901A (en) * | 2004-01-13 | 2005-07-28 | Nec Engineering Ltd | Ip telephone system |
| CN1747384A (en) * | 2004-09-08 | 2006-03-15 | 华为技术有限公司 | Authenticated key set |
| US20060233351A1 (en) * | 2005-03-25 | 2006-10-19 | Fujitsu Limited | Method and apparatus for managing telephone number, and computer product |
| US20100255825A1 (en) * | 2007-10-18 | 2010-10-07 | Nokia Siemens Networks Oy | Impersonal mobile communication for internet communities |
| CN106411812A (en) * | 2015-07-27 | 2017-02-15 | 阿里巴巴集团控股有限公司 | User identity verification method and system and verification server |
| CN106789851A (en) * | 2015-11-24 | 2017-05-31 | 阿里巴巴集团控股有限公司 | Auth method, system, service server and authentication server |
| US9894199B1 (en) * | 2016-04-05 | 2018-02-13 | State Farm Mutual Automobile Insurance Company | Systems and methods for authenticating a caller at a call center |
| CN107925703A (en) * | 2015-08-03 | 2018-04-17 | T移动美国公司 | Using temporary routing numbers audio call is originated from selected number |
-
2020
- 2020-03-09 CN CN202010157049.3A patent/CN113381965A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005203901A (en) * | 2004-01-13 | 2005-07-28 | Nec Engineering Ltd | Ip telephone system |
| CN1747384A (en) * | 2004-09-08 | 2006-03-15 | 华为技术有限公司 | Authenticated key set |
| US20060233351A1 (en) * | 2005-03-25 | 2006-10-19 | Fujitsu Limited | Method and apparatus for managing telephone number, and computer product |
| US20100255825A1 (en) * | 2007-10-18 | 2010-10-07 | Nokia Siemens Networks Oy | Impersonal mobile communication for internet communities |
| CN106411812A (en) * | 2015-07-27 | 2017-02-15 | 阿里巴巴集团控股有限公司 | User identity verification method and system and verification server |
| CN107925703A (en) * | 2015-08-03 | 2018-04-17 | T移动美国公司 | Using temporary routing numbers audio call is originated from selected number |
| CN106789851A (en) * | 2015-11-24 | 2017-05-31 | 阿里巴巴集团控股有限公司 | Auth method, system, service server and authentication server |
| US9894199B1 (en) * | 2016-04-05 | 2018-02-13 | State Farm Mutual Automobile Insurance Company | Systems and methods for authenticating a caller at a call center |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102307665B1 (en) | identity authentication | |
| CN107426235B (en) | Authority authentication method, device and system based on equipment fingerprint | |
| CN107086979B (en) | User terminal verification login method and device | |
| CN106790156A (en) | A kind of smart machine binding method and device | |
| CN112989426B (en) | Authorization authentication method and device, and resource access token acquisition method | |
| CN109729000B (en) | Instant messaging method and device | |
| CN106304264B (en) | Wireless network access method and device | |
| CN105577619B (en) | Client login method, client and system | |
| CN112995967A (en) | Identity information authentication method, client, charging pile, server and system | |
| CN107454035A (en) | A kind of identity authentication method and device | |
| KR20200003162A (en) | Identity authentication methods and devices, electronic devices | |
| CN111541715A (en) | Method and device for improving communication between traffic signal controller and upper computer | |
| CN112769789B (en) | Encryption communication method and system | |
| CN104009850B (en) | A kind of method for authenticating user identity and system | |
| CN108259436B (en) | User identity authentication processing method, application server and authentication system server | |
| CN110798432A (en) | Security authentication method, device and system and mobile terminal | |
| CN112437046A (en) | Communication method, system, electronic device and storage medium for preventing replay attack | |
| EP2981148B1 (en) | Device management method, apparatus and system | |
| CN113381965A (en) | Security authentication method, system and authentication service platform | |
| CN103107881A (en) | Access method, device and system of smart card | |
| CN112118209A (en) | Account number operation method and device of vehicle equipment | |
| CN112508482B (en) | Logistics express signing management method, system and storage medium based on block chain | |
| CN110381452B (en) | GMS short message sniffing prevention method, terminal and server | |
| CN114944921A (en) | Login authentication method and device, electronic equipment and storage medium | |
| CN107864136A (en) | A kind of stolen method of anti-locking system short message service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210910 |