TW202113717A - Information authentication method and system thereof, authentication module and user terminal - Google Patents
Information authentication method and system thereof, authentication module and user terminal Download PDFInfo
- Publication number
- TW202113717A TW202113717A TW109128196A TW109128196A TW202113717A TW 202113717 A TW202113717 A TW 202113717A TW 109128196 A TW109128196 A TW 109128196A TW 109128196 A TW109128196 A TW 109128196A TW 202113717 A TW202113717 A TW 202113717A
- Authority
- TW
- Taiwan
- Prior art keywords
- token
- authentication
- mobile phone
- phone number
- request
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
本發明涉及通訊技術,具體地涉及一種用於識別用戶身份的資訊認證方法以及資訊認證系統。The present invention relates to communication technology, in particular to an information authentication method and an information authentication system for identifying a user's identity.
目前,對於很多APP(應用)產品,在帳號註冊、帳號登錄、轉帳等場景下,需要輸入手機號碼,此時往往需要通過簡訊驗證碼的形式對輸入的手機號碼進行驗證。At present, for many APP (application) products, in account registration, account login, transfer and other scenarios, it is necessary to enter a mobile phone number. At this time, it is often necessary to verify the entered mobile phone number in the form of a SMS verification code.
例如,在專利文獻1(CN104243157A)中提出一種用戶身份認證方法和裝置。該身份認證方法主要包括下述步驟:For example, patent document 1 (CN104243157A) proposes a user identity authentication method and device. The identity authentication method mainly includes the following steps:
在伺服器端生成驗證碼;Generate a verification code on the server side;
在需要用戶身份認證的業務應用場景中向用戶顯示驗證碼;Display verification codes to users in business application scenarios that require user identity authentication;
接收由用戶通過應用場景以外的其他應用伺服器發送的所顯示的驗證碼;Receive the displayed verification code sent by the user through other application servers outside the application scenario;
將來自用戶的驗證碼與伺服器生成的驗證碼進行比對;以及Compare the verification code from the user with the verification code generated by the server; and
根據比對結果確定是否通過身份認證。Determine whether to pass the identity authentication according to the comparison result.
在該專利文獻1中,APP登錄時,APP會顯示驗證碼,用戶通過編輯簡訊訊息發送驗證碼至伺服器,伺服器對比APP顯示的驗證碼與簡訊訊息發送的驗證碼是否一致,從而通過上行簡訊發送驗證碼資訊並進行驗證。因此,用戶在APP登錄時,需要用戶將驗證碼通過編輯簡訊訊息發送至伺服器,即將原來的下行簡訊訊息的簡訊驗證碼方式變化為上行簡訊訊息的簡訊驗證碼方式,用戶仍然需要進行驗證碼的輸入操作。In this
又,例如在專利文獻2(CN104767614A)中提出一種用戶身份認證方法和裝置。該方法包括下述步驟:In addition, for example, Patent Document 2 (CN104767614A) proposes a user identity authentication method and device. The method includes the following steps:
1、用戶A訪問P門戶,門戶P判斷用戶A為未登錄狀態,重定向到統一認證系統的登錄頁面;1. User A accesses the P portal, and the portal P judges that user A is not logged in, and is redirected to the login page of the unified authentication system;
2、統一認證系統根據登錄認證請求,生成一個隨機碼並返回給用戶A;2. The unified authentication system generates a random code according to the login authentication request and returns it to user A;
3、用戶A的手機流覽器返回到嵌入『簡訊快速登錄』標記的登錄頁面,用戶A點擊『簡訊快速登錄(無密碼)』連結,手機流覽器調用簡訊發送模組,向指定埠(如10086)發送上行特定格式的簡訊;3. User A’s mobile browser returns to the login page with the "SMS quick login" mark embedded, and user A clicks the "SMS quick login (without password)" link, the mobile browser invokes the SMS sending module and sends it to the designated port ( Such as 10086) Send a short message in a specific format in the uplink;
4、簡訊門戶收到用戶A上行的簡訊後,提取上行簡訊中的手機號碼,統一認證系統中的伺服器建立手機號碼與隨機碼的關聯資訊並保存到暫存伺服器;4. After the SMS portal receives the upstream SMS from user A, it extracts the mobile phone number in the upstream SMS, and the server in the unified authentication system creates the associated information of the mobile phone number and the random code and saves it to the temporary storage server;
5、用戶點擊『簡訊快速登錄』標記跳轉到登錄等待頁面,向統一認證系統發出簡訊快速登錄的請求,統一認證系統從簡訊登錄處理位址的請求中提取出隨機碼,並在關聯資訊中根據隨機碼查詢手機號碼,應用伺服器返回手機號碼給統一認證系統;根據查詢到的手機號碼進行自動登錄。5. The user clicks on the "SMS Quick Login" mark to jump to the login waiting page, and sends a request for the quick login of the short message to the unified authentication system. The unified authentication system extracts the random code from the request for the short message login processing address and bases it on the associated information The mobile phone number is inquired by the random code, and the application server returns the mobile phone number to the unified authentication system; automatic login is performed according to the inquired mobile phone number.
然而,專利文獻2所公開的方法是需要通過簡訊門戶與應用伺服器建立手機號碼與隨機碼的對應關係,該過程為通過簡訊訊息中提取手機號碼和隨機碼完成,效率較低,並且,需要通過統一認證系統在簡訊訊息位址中提取驗證碼發送至應用伺服器查詢手機號碼。該過程是通過簡訊平臺實現的,驗證效率低。However, the method disclosed in Patent Document 2 needs to establish the correspondence between the mobile phone number and the random code through the SMS portal and the application server. This process is completed by extracting the mobile phone number and the random code from the SMS message, which is inefficient and requires The verification code is extracted from the SMS message address through the unified authentication system and sent to the application server to query the mobile phone number. This process is realized through the newsletter platform, and the verification efficiency is low.
鑒於上述問題,本發明旨在提出一種無需使用簡訊平臺並且用戶也無需輸入驗證碼的資訊認證方法以及資訊認證系統。In view of the above problems, the present invention aims to provide an information authentication method and an information authentication system that does not require the use of a short message platform and the user does not need to enter a verification code.
本發明的一方面的資訊認證方法,其中,由應用模組、認證模組、認證系統以及運營商系統實現,包括:The information authentication method of one aspect of the present invention, which is implemented by an application module, an authentication module, an authentication system, and an operator system, includes:
Token獲取請求步驟,應用模組生成Token獲取請求並發送到認證模組,其中,所述Token獲取請求中至少包含由應用模組獲取的SIM卡設備號;In the Token obtaining request step, the application module generates a Token obtaining request and sends it to the authentication module, wherein the Token obtaining request includes at least the SIM card device number obtained by the application module;
Token請求轉發步驟,認證模組將所述Token獲取請求通過認證系統轉發到運營商系統;In the Token request forwarding step, the authentication module forwards the Token acquisition request to the operator system through the authentication system;
Token生成步驟,運營商系統根據所述Token獲取請求中的所述SIM卡設備號獲得對應的手機號碼並且基於所述手機號碼生成對應的Token,將生成的Token通過認證系統返回給認證模組儲存,同時運營商系統儲存所述手機號碼與Token的對應關係;In the Token generation step, the operator system obtains the corresponding mobile phone number according to the SIM card device number in the Token acquisition request, generates a corresponding Token based on the mobile phone number, and returns the generated Token to the authentication module through the authentication system for storage At the same time, the operator system stores the corresponding relationship between the mobile phone number and the Token;
認證請求發起步驟,應用模組基於被輸入的手機號碼發起用於進行資訊認證的認證請求並且將認證請求發送到認證模組,其中,所述認證請求中至少包含手機號碼;In the authentication request initiating step, the application module initiates an authentication request for information authentication based on the entered mobile phone number and sends the authentication request to the authentication module, wherein the authentication request includes at least the mobile phone number;
認證請求轉發步驟,認證模組在所述認證請求中添加認證模組已儲存的Token後通過認證系統發送到運營商系統;以及In the authentication request forwarding step, the authentication module adds the Token stored by the authentication module to the authentication request and then sends it to the operator system through the authentication system; and
認證請求驗證步驟,運營商系統驗證所述認證請求中包含手機號碼和Token的關係與已儲存的所述對應關係是否一致,並且當兩者一致的情況下,判斷認證成功。In the authentication request verification step, the operator system verifies whether the relationship between the mobile phone number and the Token contained in the authentication request is consistent with the stored corresponding relationship, and when the two are consistent, it determines that the authentication is successful.
本發明的一方面的資訊認證方法,其中,包括下述步驟:The information authentication method of one aspect of the present invention includes the following steps:
Token獲取請求步驟,生成Token獲取請求並發送,其中,所述Token獲取請求中至少包含SIM卡設備號,其中,所述SIM卡設備號被用於獲得對應的手機號碼,進一步基於所述手機號碼被用於生成對應的Token並且手機號碼與被生成的Token具有對應關係;The Token acquisition request step is to generate and send a Token acquisition request, where the Token acquisition request includes at least a SIM card device number, where the SIM card device number is used to obtain a corresponding mobile phone number, which is further based on the mobile phone number. It is used to generate the corresponding Token and the mobile phone number has a corresponding relationship with the generated Token;
Token儲存步驟,接收並儲存基於所述手機號碼被生成的對應的Token;Token storing step, receiving and storing the corresponding Token generated based on the mobile phone number;
認證請求發起步驟,基於被輸入的手機號碼發起用於進行資訊認證的認證請求並且在所述認證請求中添加已儲存的Token;以及The authentication request initiation step is to initiate an authentication request for information authentication based on the entered mobile phone number and add the stored Token to the authentication request; and
認證結果接收步驟,接收認證結果,其中,所述認證結果表示驗證所述認證請求中包含手機號碼和Token之間的關係與所述對應關係是否一致的結果,並且當兩者一致的情況下,判斷認證成功。The authentication result receiving step is to receive the authentication result, where the authentication result represents the result of verifying whether the relationship between the mobile phone number and the Token contained in the authentication request is consistent with the corresponding relationship, and when the two are consistent, Judging that the authentication is successful.
可選地,所述Token獲取請求步驟包括:Optionally, the Token obtaining request step includes:
判斷是否具有Token獲取條件;以及Determine whether there are Token acquisition conditions; and
獲取SIM卡設備號生成Token獲取請求並發送。Obtain the SIM card device number, generate a token acquisition request and send it.
可選地,所述判斷是否具有Token獲取條件包括:Optionally, the judging whether there is a Token obtaining condition includes:
判斷是否具有SIM卡;以及Determine whether you have a SIM card; and
判斷是否利用當前SIM卡的資料流程量聯網。Determine whether to use the current SIM card data flow volume to network.
可選地,重複進行所述Token獲取請求步驟和所述Token儲存步驟,直到儲存有N個Token,所述N個Token構成Token佇列,其中,N為自然數。Optionally, repeat the Token acquisition request step and the Token storage step until N Tokens are stored, and the N Tokens form a Token queue, where N is a natural number.
可選地,判斷所述Token佇列中是否存在無效Token,若存在無效Token則重複進行所述Token獲取請求生成步驟和所述Token儲存步驟,直到儲存有N個有效的Token。Optionally, it is determined whether there is an invalid Token in the Token queue, and if there is an invalid Token, the Token acquisition request generation step and the Token storage step are repeated until N valid Tokens are stored.
可選地,基於Token時效判斷所述Token佇列中是否存在無效Token。Optionally, determine whether there is an invalid Token in the Token queue based on the validity of the Token.
可選地,在所述Token獲取請求步驟中,所述Token獲取請求中進一步包含用於獲取SIM卡設備號的應用模組的應用標識,其中,所述SIM卡設備號被用於獲得對應的手機號碼,進一步基於所述手機號碼被用於生成對應的Token並且手機號碼、應用標識與Token具有對應關係,Optionally, in the Token obtaining request step, the Token obtaining request further includes the application identifier of the application module used to obtain the SIM card device number, wherein the SIM card device number is used to obtain the corresponding The mobile phone number is further based on that the mobile phone number is used to generate the corresponding Token and the mobile phone number, the application identifier and the Token have a corresponding relationship,
在所述Token儲存步驟中,接收並儲存基於所述手機號碼、應用標識被生成的對應的Token,In the Token storing step, receiving and storing the corresponding Token generated based on the mobile phone number and application identifier,
在所述認證請求發起步驟,基於被輸入的手機號碼以及應用標識發起用於進行資訊認證的認證請求並且在所述認證請求中添加已儲存的Token。In the authentication request initiating step, an authentication request for information authentication is initiated based on the input mobile phone number and application identifier, and the stored Token is added to the authentication request.
可選地,在所述Token獲取請求步驟中,所述Token獲取請求中進一步包含用於獲取SIM卡設備號的應用模組的應用標識以及用於發起認證請求的認證模組的認證模組標識,其中,所述SIM卡設備號被用於獲得對應的手機號碼,進一步基於所述手機號碼被用於生成對應的Token並且手機號碼、應用標識、認證模組標識與Token具有對應關係,Optionally, in the Token obtaining request step, the Token obtaining request further includes the application identifier of the application module used to obtain the SIM card device number and the authentication module identifier of the authentication module used to initiate the authentication request , Wherein the SIM card device number is used to obtain the corresponding mobile phone number, further based on the mobile phone number being used to generate the corresponding Token, and the mobile phone number, application identification, authentication module identification and the Token have a corresponding relationship,
在所述Token儲存步驟中,接收並儲存基於所述手機號碼、應用標識以及認證模組標識被生成的對應的Token,In the Token storing step, receiving and storing the corresponding Token generated based on the mobile phone number, application identification and authentication module identification,
在所述認證請求發起步驟,基於被輸入的手機號碼、應用標識以及認證模組標識發起用於進行資訊認證的認證請求並且在所述認證請求中添加已儲存的Token。In the authentication request initiating step, an authentication request for information authentication is initiated based on the input mobile phone number, application ID, and authentication module ID, and a stored Token is added to the authentication request.
可選地,在所述Token獲取請求步驟中,所述Token獲取請求中進一步包含用於獲取SIM卡設備號的應用模組的應用標識、用於發起認證請求的認證模組的認證模組標識以及認證模組KEY,其中,所述SIM卡設備號被用於獲得對應的手機號碼,進一步基於所述手機號碼被用於生成對應的Token並且手機號碼、應用標識、認證模組標識以及認證模組KEY與Token具有對應關係,其中,所述認證模組KEY基於所述認證模組標識產生,Optionally, in the Token obtaining request step, the Token obtaining request further includes the application identifier of the application module used to obtain the SIM card device number, and the authentication module identifier of the authentication module used to initiate the authentication request. And the authentication module KEY, wherein the SIM card device number is used to obtain the corresponding mobile phone number, and is further used to generate the corresponding Token based on the mobile phone number, and the mobile phone number, application identification, authentication module identification, and authentication module The group KEY and Token have a corresponding relationship, wherein the authentication module KEY is generated based on the authentication module identifier,
在所述Token儲存步驟中,接收並儲存基於所述手機號碼、應用標識、認證模組標識以及認證模組KEY被生成的對應的Token,In the Token storing step, receiving and storing the corresponding Token generated based on the mobile phone number, application ID, authentication module ID, and authentication module KEY,
在所述認證請求發起步驟,基於被輸入的手機號碼、應用標識、認證模組標識以及認證模組KEY發起用於進行資訊認證的認證請求並且在所述認證請求中添加已儲存的Token。In the authentication request initiating step, an authentication request for information authentication is initiated based on the input mobile phone number, application ID, authentication module ID, and authentication module KEY, and a stored Token is added to the authentication request.
可選地,在所述認證結果接收步驟中,當被判斷為兩者不一致的情況下,該資訊認證方法進一步包括:Optionally, in the authentication result receiving step, when it is determined that the two are inconsistent, the information authentication method further includes:
手機簡訊驗證步驟,利用向手機發送簡訊進行驗證。The mobile phone message verification step is to send a message to the mobile phone for verification.
本發明的資訊認證方法,其中,包括下述步驟:The information authentication method of the present invention includes the following steps:
Token生成步驟,根據Token獲取請求中包含的SIM卡設備號獲得對應的手機號碼,基於所述手機號碼生成對應的Token,並且將生成的Token返回給Token獲取請求的發送端,同時儲存所述手機號碼與Token的對應關係;以及In the Token generation step, the corresponding mobile phone number is obtained according to the SIM card device number contained in the Token obtaining request, the corresponding Token is generated based on the mobile phone number, and the generated Token is returned to the sender of the Token obtaining request, and the mobile phone is stored at the same time Correspondence between number and Token; and
認證請求驗證步驟,接收認證請求,驗證所述認證請求中包含的手機號碼和Token的對應關係與已儲存的所述對應關係是否一致,並且當兩者一致的情況下,判斷認證成功。The authentication request verification step is to receive the authentication request, verify whether the correspondence between the mobile phone number and the Token contained in the authentication request is consistent with the stored correspondence, and when the two are consistent, determine that the authentication is successful.
本發明的資訊認證方法,其中,由應用模組、認證模組、應用後臺系統,認證系統、運營商系統實現,包括下述步驟:The information authentication method of the present invention, which is implemented by the application module, the authentication module, the application background system, the authentication system, and the operator system, includes the following steps:
Token獲取請求步驟,應用模組生成Token獲取請求並發送到認證模組,其中,所述Token獲取請求中至少包含由應用模組獲取的SIM卡設備號;In the Token obtaining request step, the application module generates a Token obtaining request and sends it to the authentication module, wherein the Token obtaining request includes at least the SIM card device number obtained by the application module;
Token請求轉發步驟,認證模組將所述Token獲取請求通過認證系統轉發到運營商系統;In the Token request forwarding step, the authentication module forwards the Token acquisition request to the operator system through the authentication system;
Token生成步驟,運營商系統根據所述Token獲取請求中的所述SIM卡設備號獲得對應的手機號碼,基於所述手機號碼生成對應的Token,並且將Token通過認證系統以及認證模組返回給到應用模組,同時運營商系統儲存所述手機號碼與Token的對應關係;In the Token generation step, the operator system obtains the corresponding mobile phone number according to the SIM card device number in the Token acquisition request, generates the corresponding Token based on the mobile phone number, and returns the Token to the authentication system and the authentication module through the authentication system and the authentication module. Application module, while the operator system stores the corresponding relationship between the mobile phone number and the Token;
Token轉發步驟,應用模組將收到的Token轉發到應用後臺系統並由應用後臺系統儲存;In the Token forwarding step, the application module forwards the received Token to the application background system and stores it by the application background system;
認證請求發起步驟,應用模組基於被輸入的手機號碼發起用於進行資訊認證的認證請求並且將認證請求發送到應用後臺系統,其中,所述認證請求中至少包含手機號碼;In the authentication request initiating step, the application module initiates an authentication request for information authentication based on the entered mobile phone number and sends the authentication request to the application background system, wherein the authentication request includes at least the mobile phone number;
認證請求轉發步驟,應用後臺系統在所述認證請求中添加已儲存的Token後發送到運營商系統;以及In the authentication request forwarding step, the application background system adds the stored Token to the authentication request and sends it to the operator system; and
認證請求驗證步驟,運營商系統驗證所述認證請求中包含手機號碼和Token的關係與已儲存的所述對應關係是否一致,並且當兩者一致的情況下,判斷認證成功。In the authentication request verification step, the operator system verifies whether the relationship between the mobile phone number and the Token contained in the authentication request is consistent with the stored corresponding relationship, and when the two are consistent, it determines that the authentication is successful.
本發明的一方面的資訊認證系統,其中,具備:用戶終端、認證系統以及運營商系統,The information authentication system of one aspect of the present invention includes: a user terminal, an authentication system, and an operator system,
其中,所述應用模組用於獲取手機號碼以及SIM卡設備號並提交到所述認證模組,Wherein, the application module is used to obtain a mobile phone number and a SIM card device number and submit them to the authentication module,
所述認證模組在獲取Token的過程中用於基於從所述應用模組獲得SIM卡設備號向所述認證系統發起Token獲取請求並且用於儲存從所述認證系統返回的Token,另一方面,在進行手機號碼認證的過程中用於在從所述應用模組獲得的手機號碼的基礎上添加已儲存的Token並向所述認證系統發起認證請求並且接收從所述認證系統返回的認證結果,In the process of acquiring the Token, the authentication module is used to initiate a Token acquisition request to the authentication system based on the SIM card device number obtained from the application module and to store the Token returned from the authentication system. On the other hand, In the process of performing mobile phone number authentication, it is used to add the stored Token based on the mobile phone number obtained from the application module and initiate an authentication request to the authentication system and receive the authentication result returned from the authentication system ,
所述認證系統用於將Token獲取請求以及認證請求轉發到所述運營商系統,並且接收所述運營商系統返回的Token以及認證結果並轉發到所述認證模組,The authentication system is configured to forward the Token acquisition request and the authentication request to the operator system, and receive the Token and the authentication result returned by the operator system and forward them to the authentication module,
所述運營商系統在獲取Token的過程中根據SIM卡設備號獲得手機號碼後生成Token並返回給所述認證系統,同時儲存手機號碼和Token的對應關係,另一方面,在進行手機號碼認證的過程中用於判斷從所述認證系統接收到的認證請求中的手機號碼和Token的關係是否和與已儲存的手機號碼和Token的對應關係一致,若兩者一致,則判斷認證成功。In the process of obtaining the Token, the operator system generates the Token after obtaining the mobile phone number according to the SIM card device number and returns it to the authentication system. At the same time, the corresponding relationship between the mobile phone number and the Token is stored. In the process, it is used to determine whether the relationship between the mobile phone number and the Token in the authentication request received from the authentication system is consistent with the stored corresponding relationship between the mobile phone number and the Token, and if the two are consistent, the authentication is determined to be successful.
可選地,所述認證模組具備:Optionally, the authentication module includes:
第一請求單元,在獲取Token的過程中用於基於從所述應用模組獲得的SIM卡設備號向所述認證系統發起Token獲取請求;The first request unit is used to initiate a token acquisition request to the authentication system based on the SIM card device number obtained from the application module in the process of acquiring the Token;
儲存單元,用於儲存從所述認證系統返回的Token;以及A storage unit for storing the Token returned from the authentication system; and
第二請求單元,在進行手機號碼認證的過程中用於在從所述應用模組獲得的手機號碼的基礎上添加所述儲存單元中已儲存的Token並向所述認證系統發起認證請求並且接收從所述認證系統返回的認證結果並將認證結果返回到所述應用模組,The second request unit is used to add the Token stored in the storage unit on the basis of the mobile phone number obtained from the application module in the process of performing mobile phone number authentication, and initiate an authentication request to the authentication system and receive The authentication result returned from the authentication system and the authentication result is returned to the application module,
所述運營商系統具備:The operator system has:
Token生成單元,在獲取Token的過程中根據SIM卡設備號獲得手機號碼再根據手機號碼生產Token,並且將生成的Token返回給所述認證系統;The Token generating unit obtains the mobile phone number according to the SIM card device number in the process of obtaining the Token, then produces the Token according to the mobile phone number, and returns the generated Token to the authentication system;
Token儲存單元,用於儲存手機號碼和Token的對應關係;以及The Token storage unit is used to store the correspondence between the mobile phone number and the Token; and
Token認證單元,在進行手機號碼認證的過程中用於判斷從所述認證系統接收到的認證請求中的手機號碼和Token的關係是否和與已儲存的手機號碼和Token的對應關係一致,若兩者一致,則判斷認證成功。The Token authentication unit is used to determine whether the relationship between the mobile phone number and the Token in the authentication request received from the authentication system is consistent with the stored mobile phone number and the corresponding relationship with the Token during the process of mobile phone number authentication. If they are consistent, it is judged that the authentication is successful.
本發明的一方面的認證模組,其中,具備:The authentication module of one aspect of the present invention includes:
第一請求單元,在獲取Token的過程中用於基於獲得SIM卡設備號發起Token獲取請求;The first request unit is used to initiate a Token acquisition request based on the SIM card device number in the process of acquiring the Token;
儲存單元,用於儲存從返回的Token;以及The storage unit is used to store the returned tokens; and
第二請求單元,在進行手機號碼認證的過程中用於在獲得的手機號碼的基礎上添加所述儲存單元中已儲存的Token並發起認證請求並且接收返回的認證結果並將認證結果返回。The second request unit is used to add the Token stored in the storage unit on the basis of the obtained mobile phone number and initiate an authentication request and receive the returned authentication result and return the authentication result during the process of mobile phone number authentication.
可選地,所述第一請求單元在獲取Token的過程中判斷是否具有Token獲取條件,並且獲取SIM卡設備號並生成和發送Token獲取請求。Optionally, the first request unit determines whether there is a Token acquisition condition in the process of acquiring the Token, and acquires the SIM card device number, and generates and sends a Token acquisition request.
可選地,所述第一請求單元在獲取Token的過程中線判斷是否具有Token獲取條件。Optionally, the first request unit judges online whether there is a Token acquisition condition during the process of acquiring the Token.
可選地,所述有Token獲取條件包括:Optionally, the Token acquisition conditions include:
判斷是否具有SIM卡;以及Determine whether you have a SIM card; and
判斷是否利用當前SIM卡的資料流程量聯網。Determine whether to use the current SIM card data flow volume to network.
可選地,所述第一請求單元重複發起所述Token獲取請求,直到所述儲存單元儲存有N個Token,所述N個Token構成Token佇列,其中,N為自然數。Optionally, the first request unit repeatedly initiates the token acquisition request until the storage unit stores N tokens, and the N tokens form a token queue, where N is a natural number.
可選地,所述第一請求單元判斷所述Token佇列中是否存在無效Token,若存在無效Token則重複發起Token獲取請求,所述儲存單元儲存有N個有效的Token。Optionally, the first request unit determines whether there is an invalid Token in the Token queue, and if there is an invalid Token, it repeatedly initiates a Token acquisition request, and the storage unit stores N valid Tokens.
可選地,所述第一請求單元在發起Token獲取請求時,在所述Token獲取請求中進一步包含用於獲得SIM設備號的應用模組的應用標識,其中,所述SIM卡設備號被用於獲得對應的手機號碼,進一步基於所述手機號碼被用於生成對應的Token並且手機號碼、應用標識與Token具有對應關係。Optionally, when the first request unit initiates the Token acquisition request, the Token acquisition request further includes the application identifier of the application module used to obtain the SIM device number, wherein the SIM card device number is used In order to obtain the corresponding mobile phone number, the mobile phone number is further used to generate the corresponding Token and the mobile phone number, the application identifier and the Token have a corresponding relationship.
本發明的一方面的運營商系統,其中,具備:The operator system of one aspect of the present invention includes:
Token生成單元,在獲取Token的過程中根據SIM卡設備號獲得手機號碼再根據手機號碼生成Token;The Token generation unit obtains the mobile phone number according to the SIM card device number in the process of obtaining the Token, and then generates the Token according to the mobile phone number;
Token儲存單元,用於儲存手機號碼和Token的對應關係;以及The Token storage unit is used to store the correspondence between the mobile phone number and the Token; and
Token認證單元,在進行手機號碼認證的過程中用於判斷接收到的認證請求中的手機號碼和Token的關係是否和與所述Token儲存單元已儲存的手機號碼和Token的對應關係一致,若兩者一致,則判斷認證成功。The Token authentication unit is used to determine whether the relationship between the mobile phone number and the Token in the received authentication request is consistent with the corresponding relationship between the mobile phone number and the Token stored in the Token storage unit during the process of mobile phone number authentication. If they are consistent, it is judged that the authentication is successful.
本發明的一方面的資訊認證系統,其中,具備:用戶終端、認證系統、應用後臺系統以及運營商系統,The information authentication system of one aspect of the present invention includes: a user terminal, an authentication system, an application background system, and an operator system,
所述應用模組用於發起Token獲取請求以及認證請求並提交到所述認證模組,其中所述Token獲取請求中至少包括SIM卡設備號,所述認證請求中至少包括手機號碼,The application module is used to initiate a Token acquisition request and an authentication request and submit them to the authentication module, wherein the Token acquisition request includes at least a SIM card device number, and the authentication request includes at least a mobile phone number,
所述認證模組在獲取Token的過程中將所述Token獲取請求轉發到所述認證系統並且用於將獲取的Token返回到所述應用模組,The authentication module forwards the Token acquisition request to the authentication system in the process of acquiring the Token and is used to return the acquired Token to the application module,
所述認證系統在獲取Token的過程中用於將Token獲取請求轉發到所述運營商系統並且將獲取的Token轉發到所述認證模組,另一方面在進行手機號碼認證的過程中接收來自所述應用後臺系統的認證請求在並且接收所述運營商系統返回的認證結果並轉發到所述應用後臺系統,The authentication system is used to forward the Token acquisition request to the operator system and the acquired Token to the authentication module in the process of acquiring the Token. The authentication request of the application background system is present and the authentication result returned by the operator system is received and forwarded to the application background system,
所述應用後臺系統在獲取Token的過程中用於儲存從所述應用模組發送來的Token,另一方面在進行手機號碼認證的過程中用於在從應用模組所述獲得的手機號碼的基礎上添加已儲存的Token並向所述認證系統發起認證請求並且接收從所述認證系統返回的認證結果,The application background system is used to store the Token sent from the application module in the process of acquiring the Token, and on the other hand, is used to store the mobile phone number obtained from the application module in the process of mobile phone number authentication. On the basis of adding the stored Token and initiating an authentication request to the authentication system and receiving the authentication result returned from the authentication system,
所述運營商系統在獲取Token的過程中SIM卡設備號獲得手機號碼再生成Token,將生成的Token根據並返回給SIM卡設備號認證系統,同時儲存手機號碼和Token的對應關係,另一方面,在進行手機號碼認證的過程中用於判斷從所述認證系統接收到的認證請求中的手機號碼和Token的關係是否和與已儲存的手機號碼和Token的對應關係一致,若兩者一致,則判斷認證成功。In the process of acquiring the Token, the operator system obtains the SIM card device number to obtain the mobile phone number and then generates the Token, and then returns the generated Token to the SIM card device number authentication system, and stores the corresponding relationship between the mobile phone number and the Token. On the other hand, In the process of performing mobile phone number authentication, it is used to determine whether the relationship between the mobile phone number and the Token in the authentication request received from the authentication system is consistent with the corresponding relationship between the stored mobile phone number and the Token. If the two are consistent, Then it is judged that the authentication is successful.
本發明的一方面的應用後臺系統,其中,具備:The application background system of one aspect of the present invention includes:
儲存單元,在獲取Token的過程中用於儲存從外部獲得的Token;The storage unit is used to store the Token obtained from the outside in the process of obtaining the Token;
請求單元,在進行手機號碼認證的過程中用於在獲得的手機號碼的基礎上添加所述儲存單元已儲存的Token並發起認證請求並且接收返回的認證結果。The request unit is used to add the Token stored in the storage unit on the basis of the obtained mobile phone number in the process of performing mobile phone number authentication, initiate an authentication request, and receive the returned authentication result.
本發明的一方面的運營商系統,其中,具備:The operator system of one aspect of the present invention includes:
Token生成單元,在獲取Token的過程中根據用戶的手機號碼生成Token並發送;The Token generation unit generates and sends the Token according to the user's mobile phone number in the process of obtaining the Token;
Token儲存單元,儲存手機號碼和生成的Token的對應關係;以及The Token storage unit stores the correspondence between the mobile phone number and the generated Token; and
Token認證單元,在進行手機號碼認證的過程中用於判斷接收到的認證請求中的手機號碼和Token的關係是否和與所述Token儲存單元已儲存的手機號碼和Token的對應關係一致,若兩者一致,則判斷認證成功。The Token authentication unit is used to determine whether the relationship between the mobile phone number and the Token in the received authentication request is consistent with the corresponding relationship between the mobile phone number and the Token stored in the Token storage unit during the process of mobile phone number authentication. If they are consistent, it is judged that the authentication is successful.
本發明一方面的電腦可讀介質,其上儲存有電腦程式,其中,A computer-readable medium according to one aspect of the present invention has a computer program stored thereon, wherein:
該電腦程式被處理器執行時實現上述的資訊認證方法。When the computer program is executed by the processor, the above-mentioned information authentication method is realized.
本發明一方面的電腦設備,包括記憶體、處理器以及儲存在記憶體上並可在處理器上運行的電腦程式,其中,所述處理器執行所述電腦程式時上述的資訊認證方法。A computer device in one aspect of the present invention includes a memory, a processor, and a computer program that is stored on the memory and can run on the processor, wherein the processor executes the computer program when the computer program is executed by the above-mentioned information authentication method.
如上所述,根據本發明的資訊認證方法以及資訊認證系統,需要輸入簡訊驗證碼,只要用戶輸入自己的手機號碼就能夠進行認證,能夠減少用戶的APP操作時間,提高操作速度和效果。As described above, according to the information authentication method and information authentication system of the present invention, it is necessary to input the short message verification code, and authentication can be performed as long as the user enters his mobile phone number, which can reduce the user's APP operation time and improve the operation speed and effect.
下面介紹的是本發明的多個實施例中的一些,旨在提供對本發明的基本瞭解。並不旨在確認本發明的關鍵或決定性的要素或限定所要保護的範圍。Introduced below are some of the multiple embodiments of the present invention, intended to provide a basic understanding of the present invention. It is not intended to confirm the key or decisive elements of the present invention or limit the scope of protection.
出於簡潔和說明性目的,本文主要參考其示範實施例來描述本發明的原理。For brevity and illustrative purposes, this document mainly refers to its exemplary embodiments to describe the principles of the present invention.
但是,本領域技術人員將容易地認識到,相同的原理可等效地應用於所有類型的用於識別銀行卡的影像處理方法以及影像處理方法,並且可以在其中實施這些相同的原理,以及任何此類變化不背離本專利申請的真實精神和範圍。However, those skilled in the art will readily recognize that the same principles can be equally applied to all types of image processing methods and image processing methods for recognizing bank cards, and these same principles can be implemented therein, as well as any Such changes do not depart from the true spirit and scope of this patent application.
而且,在下文描述中,參考了附圖,這些附圖圖示特定的示範實施例。在不背離本發明的精神和範圍的前提下可以對這些實施例進行電、機械、邏輯和結構上的更改。此外,雖然本發明的特徵是結合若干實施/實施例的僅其中之一來公開的,但是如針對任何給定或可識別的功能可能是期望和/或有利的,可以將此特徵與其他實施/實施例的一個或多個其他特徵進行組合。因此,下文描述不應視為在限制意義上的,並且本發明的範圍由所附請求項及其等效物來定義。Moreover, in the following description, reference is made to the accompanying drawings, which illustrate specific exemplary embodiments. Electrical, mechanical, logical, and structural changes can be made to these embodiments without departing from the spirit and scope of the present invention. In addition, although the feature of the present invention is disclosed in conjunction with only one of several implementations/embodiments, if it may be desired and/or advantageous for any given or identifiable function, this feature can be combined with other implementations. One or more other features of the embodiment are combined. Therefore, the following description should not be considered in a limiting sense, and the scope of the present invention is defined by the appended claims and their equivalents.
諸如“具備”和“包括”之類的用語表示除了具有在說明書和請求項中有直接和明確表述的單元和步驟以外,本發明的技術方案也不排除具有未被直接或明確表述的其它單元和步驟的情形。Terms such as "have" and "include" mean that in addition to the units and steps that are directly and clearly stated in the specification and claims, the technical solution of the present invention does not exclude other units that are not directly or clearly stated. And the situation of the steps.
本發明的資訊認證方法旨在通過匹配手機終端(後文也稱用戶終端)通過SIM卡設備號獲得的手機號碼與用戶輸入的手機號碼而實現資訊認證,由此,只需要用戶輸入手機號碼而不需要用戶輸入簡訊驗證碼就能夠實現資訊認證,這樣,可以實現所謂的無感認證(不需要進行簡訊驗證碼的輸入)。The information authentication method of the present invention aims to realize information authentication by matching the mobile phone number obtained by the mobile phone terminal (hereinafter also referred to as the user terminal) through the SIM card device number with the mobile phone number entered by the user. Therefore, the user only needs to enter the mobile phone number. Information authentication can be realized without the user inputting the SMS verification code. In this way, the so-called non-inductive authentication can be realized (the input of the SMS verification code is not required).
圖1是表示本發明第一方面的資訊認證方法的流程圖。Fig. 1 is a flowchart showing the information authentication method of the first aspect of the present invention.
如圖1所示,本發明第一方面的資訊認證方法由應用模組、認證模組、認證系統以及運營商系統實現。本發明第一方面的資訊認證方法包括下述步驟:As shown in FIG. 1, the information authentication method of the first aspect of the present invention is implemented by an application module, an authentication module, an authentication system, and an operator system. The information authentication method of the first aspect of the present invention includes the following steps:
步驟S1::獲取資訊,包括:用戶打開應用模組(例如打開APP)並初始化認證模組以及認證模組從應用模組獲取手機的SIM卡設備號;Step S1: Obtaining information, including: the user opens the application module (for example, opens the APP) and initializes the authentication module, and the authentication module obtains the SIM card device number of the mobile phone from the application module;
步驟S2:從認證模組向認證系統發起獲取Token(即標記,本發明中指手機號碼對應的識別字)的請求,其中,該請求中包含用戶的SIM卡設備號;Step S2: Initiate a request to obtain a Token (i.e., the identification word corresponding to the mobile phone number in the present invention) from the authentication module to the authentication system, where the request includes the user's SIM card device number;
步驟S3:認證系統將Token獲取請求轉發到運營商系統;Step S3: The authentication system forwards the Token acquisition request to the operator system;
步驟S4:運營商系統根據SIM卡設備號找到對應的手機號碼再基於手機號碼生成Token,並將生成的返回給認證系統,同時運營商系統儲存手機號碼和Token的對應關係;Step S4: The operator system finds the corresponding mobile phone number according to the SIM card device number, then generates a Token based on the mobile phone number, and returns the generated Token to the authentication system. At the same time, the operator system stores the corresponding relationship between the mobile phone number and the Token;
步驟S5:認證系統將接收到的Token返回到認證模組並由認證模組進行儲存;Step S5: The authentication system returns the received Token to the authentication module and stores it by the authentication module;
步驟S6:當需要進行手機號碼認證時,從應用模組發起認證請求到認證模組,其中該認證請求中至少包括用戶的手機號碼,例如由用戶將手機號碼輸入到應用模組;Step S6: When mobile phone number authentication is required, an authentication request is initiated from the application module to the authentication module, where the authentication request includes at least the user's mobile phone number, for example, the user inputs the mobile phone number into the application module;
步驟S7:認證模組在接收到的認證請求中添加Token之後轉發到認證系統;Step S7: The authentication module adds the Token to the received authentication request and forwards it to the authentication system;
步驟S8:認證系統將認證請求轉發到運營商系統;Step S8: The authentication system forwards the authentication request to the operator system;
步驟S9:運營商系統判斷從認證系統接收到的認證請求中的手機號碼和Token的關係是否和與運營商系統已儲存的手機號碼和Token的對應關係一致,若兩者一致,則判斷認證成功(不需要簡訊驗證步驟),如果兩者不一致的情況下判斷為認證失敗,在認證失敗的情況下也可以增加簡訊驗證步驟或者也可以增加簡訊驗證步驟,並且運營商系統將認證結果返回到認證系統;Step S9: The operator system judges whether the relationship between the mobile phone number and the Token in the authentication request received from the authentication system is consistent with the corresponding relationship between the mobile phone number and the Token stored in the operator system, and if the two are consistent, the authentication is judged to be successful (No need for SMS verification step), if the two are inconsistent, it is judged that the authentication has failed, in the case of authentication failure, you can also add the SMS verification step or you can also add the SMS verification step, and the operator system will return the authentication result to the authentication system;
步驟S10:認證系統將認證結果返回認證模組;以及Step S10: the authentication system returns the authentication result to the authentication module; and
步驟S11:認證模組將認證結果返回到應用模組。Step S11: The authentication module returns the authentication result to the application module.
這裡,作為應用模組,例如可以是某個APP。作為認證模組,可以是集成在應用模組中,例如應用模組是某個APP的情況下,認證模組是集成在其中的SDK(Software Development Kit,軟體開發套件,用於提供服務的軟體集成工具包)。當然,認證模組也可以不設置在應用模組中而單獨作為一個部件構成。Here, as an application module, for example, it may be a certain APP. As an authentication module, it can be integrated in an application module. For example, when the application module is a certain APP, the authentication module is an SDK (Software Development Kit, software development kit) integrated in it, which is the software used to provide services. Integrated toolkit). Of course, the authentication module may not be provided in the application module, but may be constituted as a separate component.
作為可選方式,在步驟S2中可以在發起獲取Token請求之前可以進一步進行是否滿足Token獲取條件的判定,例如:自檢設備有效性, 它包括:網路檢查、SIM卡檢查等。As an optional way, in step S2, before initiating the Token acquisition request, it is possible to further determine whether the Token acquisition condition is satisfied, for example, the validity of the self-checking device, which includes: network check, SIM card check, etc.
在獲取Token的過程中(步驟S1到步驟S5),作為可選方式,可以重複步驟S2到步驟S5以獲取多個Token,這樣在認證模組中建立Token佇列,保存若干個獲取的Token,並在Token時效時迴圈補充Token,設定迴圈補充Token的結束點,保障認證過程的穩定和安全。In the process of acquiring tokens (steps S1 to S5), as an optional way, you can repeat steps S2 to S5 to obtain multiple Tokens. In this way, a Token queue is established in the authentication module and several acquired Tokens are stored. And replenish the Token in a loop when the Token expires, and set the end point of the replenishment Token to ensure the stability and security of the authentication process.
在進行手機號碼認證的過程中(步驟S6到步驟S9),在這裡說明了由終端(即認證模組)發起的情況,另外作為替換方式也可以是由應用模組的後臺系統發起認證情況。In the process of mobile phone number authentication (step S6 to step S9), the case initiated by the terminal (ie, the authentication module) is described here, and as an alternative, the authentication case can also be initiated by the background system of the application module.
圖2是表示本發明第一方面的資訊認證系統的結構方塊圖。Fig. 2 is a block diagram showing the structure of the information authentication system of the first aspect of the present invention.
如圖2所示,本發明第一方面的資訊認證系統包括:用戶終端10、認證系統20以及運營商系統30。其中,用戶終端10包括應用模組11和認證模組12。As shown in FIG. 2, the information authentication system of the first aspect of the present invention includes: a
應用模組11用於獲取相關於手機號碼的資訊,具體地,在獲取Token的過程中用於獲取SIM卡設備號,在手機號碼認證過程中獲取手機號碼,將獲取的SIM卡設備號或者手機號碼提交到認證模組12。The
認證模組12在獲取Token的過程中用於基於從應用模組11獲得的SIM卡設備號向認證系統20發起Token獲取請求並且用於儲存從認證系統20返回的Token,另一方面,認證模組12在進行手機號碼認證的過程中用於在從應用模組11獲得的手機號碼的基礎上添加儲存的Token並向認證系統20發起認證請求並且接收從認證系統20返回的認證結果。In the process of acquiring the Token, the
認證系統20用於將Token獲取請求轉發到運營商系統30,並且接收運營商系統30返回的認證結果並轉發到認證模組12。The
運營商系統30在獲取Token的過程中根據用戶的手機號碼生成Token並返回給認證系統20,同時儲存手機號碼和Token的對應關係,另一方面,在進行手機號碼認證的過程中用於判斷從認證系統20接收到的認證請求中的手機號碼和Token的關係是否和與已儲存的手機號碼和Token的對應關係一致,若兩者一致,則判斷認證成功。The
這裡,在圖2中雖然表示為應用模組11和認證模組12為兩個構成部件,但是也可以是認證模組12集成在應用模組11中。Here, although it is shown in FIG. 2 that the
圖3是表示本發明第二方面的資訊認證方法的流程圖。Fig. 3 is a flowchart showing the information authentication method of the second aspect of the present invention.
如圖3所示,本發明第二方面的資訊認證方法由應用模組、認證模組、應用後臺系統、認證系統以及運營商系統實現。本發明第二方面的資訊認證方法包括下述步驟:As shown in FIG. 3, the information authentication method of the second aspect of the present invention is implemented by an application module, an authentication module, an application background system, an authentication system, and an operator system. The information authentication method of the second aspect of the present invention includes the following steps:
步驟S11::獲取資訊,包括:用戶打開應用模組(例如打開APP)並初始化認證模組以及認證模組從應用模組獲取SIM卡設備號;Step S11: Obtaining information, including: the user opens the application module (for example, opens the APP) and initializes the authentication module, and the authentication module obtains the SIM card device number from the application module;
步驟S12:從認證模組向認證系統發起Token獲取請求,其中,該請求中包含SIM卡設備號;Step S12: Initiate a token acquisition request from the authentication module to the authentication system, where the request includes the SIM card device number;
步驟S13:認證系統將Token獲取請求轉發到運營商系統;Step S13: The authentication system forwards the Token acquisition request to the operator system;
步驟S14:運營商系統根據SIM卡設備號找到對應的用戶的手機號碼並生成Token,將生成的Token返回給認證系統,同時運營商系統儲存手機號碼和Token的對應關係;Step S14: The operator system finds the mobile phone number of the corresponding user according to the SIM card device number and generates a Token, and returns the generated Token to the authentication system. At the same time, the operator system stores the corresponding relationship between the mobile phone number and the Token;
步驟S15:認證系統將接收到的Token返回到認證模組;Step S15: The authentication system returns the received Token to the authentication module;
步驟S16:認證模組接收到Token後將Token發送到應用模組;Step S16: After receiving the Token, the authentication module sends the Token to the application module;
步驟S17:應用模組將接收到的Token發送到應用後臺系統,並由應用後臺系統儲存;Step S17: The application module sends the received Token to the application background system, and the application background system stores it;
步驟S18:當需要進行手機號碼認證時,從應用模組發起認證請求到應用後臺系統,其中認證請求中至少包括用戶的手機號碼;Step S18: When mobile phone number authentication is required, an authentication request is initiated from the application module to the application background system, where the authentication request includes at least the user's mobile phone number;
步驟S19:應用後臺系統在接收到的認證請求之後在其中添加了其儲存的Token之後轉發到認證系統;Step S19: After receiving the authentication request, the application background system adds its stored Token and forwards it to the authentication system;
步驟S20:認證系統將認證請求發送到運營商系統;Step S20: the authentication system sends the authentication request to the operator system;
步驟S21:運營商系統判斷從認證系統接收到的認證請求中的手機號碼和Token的關係是否和與運營商系統已儲存的手機號碼和Token的對應關係一致,若兩者一致,則判斷認證成功(不需要簡訊驗證步驟),如果兩者不一致的情況下判斷為認證失敗,在認證失敗的情況下也可以增加簡訊驗證步驟,並且運營商系統將認證結果返回到認證系統;Step S21: The operator system determines whether the relationship between the mobile phone number and the Token in the authentication request received from the authentication system is consistent with the corresponding relationship between the mobile phone number and the Token stored in the operator system, and if the two are consistent, the authentication is judged to be successful (No SMS verification step is required), if the two are inconsistent, it is judged that the authentication has failed, and the SMS verification step can be added in the case of authentication failure, and the operator system will return the authentication result to the authentication system;
步驟S22:認證系統將認證結果返回到應用後臺系統;以及Step S22: the authentication system returns the authentication result to the application background system; and
步驟S23:應用後臺系統將認證結果返回到應用模組。Step S23: The application background system returns the authentication result to the application module.
這裡,在進行手機號碼認證的過程中(步驟S16到步驟S23)是由應用模組的應用後臺系統發起認證請求的。Here, in the process of performing mobile phone number authentication (step S16 to step S23), the authentication request is initiated by the application background system of the application module.
其中,作為應用模組,例如可以是某個APP。作為認證模組,可以是集成在應用模組中,例如應用模組是某個APP的情況下,認證模組是集成在其中的SDK。當然,認證模組也可以不設置在應用模組中而單獨作為一個部件構成。本發明對此不進行限定。Among them, as an application module, for example, it may be a certain APP. As the authentication module, it can be integrated in the application module. For example, when the application module is an APP, the authentication module is the SDK integrated in it. Of course, the authentication module may not be provided in the application module, but may be constituted as a separate component. The present invention does not limit this.
作為可選方式,在步驟S12中可以在發起獲取Token請求之前可以進一步進行是否滿足Token獲取條件的判定,例如:自檢設備有效性, 它包括:網路檢查、SIM卡檢查等。As an optional way, in step S12, before initiating the Token acquisition request, it is possible to further determine whether the Token acquisition condition is satisfied, for example, the validity of the self-checking device, which includes: network check, SIM card check, etc.
圖4是表示本發明第二方面的資訊認證系統的結構方塊圖。Fig. 4 is a block diagram showing the structure of the information authentication system of the second aspect of the present invention.
如圖4所示,本發明第二方面的資訊認證系統包括:用戶終端40、認證系統50、應用後臺系統60以及運營商系統70。其中,用戶終端40包括應用模組41和認證模組42。As shown in FIG. 4, the information authentication system of the second aspect of the present invention includes: a
應用模組41用於獲取相關於手機號碼的資訊,具體地,在獲取Token的過程中用於獲取SIM卡設備號,在手機號碼認證過程中獲取手機號碼,將獲取的SIM卡設備號或者手機號碼提交到認證模組42。The
認證模組42在獲取Token的過程中用於基於從應用模組41獲得的SIM卡設備號向認證系統50發起Token獲取請求並且用於將獲取的Token返回到應用模組41。In the process of acquiring the Token, the
認證系統50在獲取Token的過程中用於將Token獲取請求轉發到運營商系統70並且將獲取的Token轉發到認證模組42,另一方面進行手機號碼認證的過程中接收來自應用後臺系統60的認證請求在並且接收運營商系統70返回的認證結果並轉發到應用後臺系統60。The
應用後臺系統60在獲取Token的過程中用於儲存從應用模組41發送來的Token,另一方面在進行手機號碼認證的過程中用於在從應用模組41獲得的手機號碼或者SIM卡設備號的基礎上添加已儲存的Token並向認證系統60發起認證請求並且接收從認證系統60返回的認證結果。The
運營商系統70在獲取Token的過程中根據用戶的手機號碼生成Token並返回給認證系統50,同時儲存手機號碼和Token的對應關係,另一方面,在進行手機號碼認證的過程中用於判斷從認證系統50接收到的認證請求中的手機號碼和Token的關係是否和與已儲存的手機號碼和Token的對應關係一致,若兩者一致,則判斷認證成功。The
這裡,在圖4中雖然表示為應用模組41和認證模組42為兩個構成部件,但是也可以是認證模組42集成在應用模組41中。Here, although it is shown in FIG. 4 that the
接著,對於本發明的資訊認證方法以及資訊認證系統的具體實施方式進行說明。Next, specific implementations of the information authentication method and information authentication system of the present invention will be described.
首先,說明本發明第一實施方式的資訊認證方法以及資訊認證系統。First, the information authentication method and information authentication system of the first embodiment of the present invention will be explained.
圖5是表示本發明第一實施方式的資訊認證方法的流程圖。Fig. 5 is a flowchart showing the information authentication method according to the first embodiment of the present invention.
接著,參照圖5說明本發明第一實施方式的資訊認證方法。Next, the information authentication method according to the first embodiment of the present invention will be described with reference to FIG. 5.
如圖5所示,本發明第一實施方式的資訊認證方法包括下述步驟:As shown in FIG. 5, the information authentication method of the first embodiment of the present invention includes the following steps:
1-2:用戶打開應用模組(例如打開某個APP),應用模組隨即調用認證模組並向認證模組發送Token獲取請求。該Token獲取請求中將要調取的Token對應於手機中當前使用資料流程量的SIM卡設備號。1-2: The user opens the application module (for example, opens an APP), the application module then calls the authentication module and sends a token acquisition request to the authentication module. The Token to be retrieved in the Token obtaining request corresponds to the SIM card device number of the current usage data flow in the mobile phone.
3-4、認證模組初始化後,判斷是否滿足Token獲取條件,其中,應用模組和認證模組設置在用戶的用戶終端(即手持終端,作為一個示例為手機),則判斷該用戶終端是否滿足Token獲取條件,例如包括:3-4. After the authentication module is initialized, it is judged whether the Token acquisition conditions are met. Among them, the application module and the authentication module are set in the user's user terminal (ie a handheld terminal, as an example, a mobile phone), then it is judged whether the user terminal is Meet the Token acquisition conditions, for example:
(1)判斷是否具備SIM卡,如果有則進行(2),如果沒有則返回應答碼例如“11111”和應答碼提示“未插SIM卡”。(1) Judge whether there is a SIM card, if yes, proceed to (2), if not, return a response code such as "11111" and the response code prompts "SIM card not inserted".
(2)判斷手持終端是否聯網,如果有則進行4,如果沒有則返回應答碼例如“11112”和應答碼提示“未開資料網路”。(2) Determine whether the handheld terminal is connected to the Internet, if yes, proceed to 4. If not, return a response code such as "11112" and the response code prompts "No data network opened".
5、認證模組向認證系統發送Token獲取請求。5. The authentication module sends a token acquisition request to the authentication system.
6、認證系統向運營商系統發送Token獲取請求。6. The authentication system sends a token acquisition request to the operator system.
7、運營商系統收到Token獲取請求後,根據SIM卡設備號查詢對應的手機號碼,根據手機號碼生成對應的Token,然後返回Token獲取應答。7. After receiving the Token obtaining request, the operator system queries the corresponding mobile phone number according to the SIM card device number, generates the corresponding Token according to the mobile phone number, and then returns the Token to obtain a response.
8、認證系統收到Token後,向認證模組返回Token獲取應答。8. After receiving the Token, the authentication system returns the Token to the authentication module to obtain a response.
這裡,作為一個可選方式,認證模組中的Token獲取請求會一直發送,直到Token佇列被填滿,比如Token佇列長度為3,則在Token獲取正常的情況下,會連續獲取3個Token,當然也可以不是3個,例如可以是N個,N為自然數。Here, as an optional method, the Token acquisition request in the authentication module will be sent until the Token queue is filled. For example, the Token queue length is 3, and if the token acquisition is normal, 3 consecutively will be acquired Token, of course, may not be three, for example, it may be N, and N is a natural number.
獲取多個Token的好處在於,比如在短時間內需要進行多次資訊認證的情況(例如有多筆支付需要進手機號碼確認的情況)下,或者短時間內既要支付又要修改密碼等,可以直接用佇列中的Token,而不需要重新獲取,由此能夠節省時間,提高效率。The advantage of obtaining multiple Tokens is that, for example, when multiple information authentication is required in a short period of time (for example, when there are multiple payments that need to be confirmed by the mobile phone number), or in a short period of time, both payment and password modification are required. The Tokens in the queue can be used directly without reacquiring, which can save time and improve efficiency.
其中,如果發送Token獲取請求一定次數(比如3次),均返回Token獲取失敗提示,則不再發送Token獲取請求;或者在發送Token獲取請求一定時間(比如10秒)後,仍無資訊回饋,則返回獲取失敗提示。Among them, if a token acquisition request is sent a certain number of times (such as 3 times), and a Token acquisition failure prompt is returned, then the Token acquisition request will not be sent; or after a certain period of time (such as 10 seconds) the Token acquisition request is sent, there is still no information feedback. Then return to get failure prompt.
9、用戶輸入手機號碼,由此發起認證請求,用戶需要進行手機號碼認證的場景,例如包含但不限於以下:9. The user enters the mobile phone number to initiate an authentication request, and the user needs to perform mobile phone number authentication scenarios, for example, including but not limited to the following:
(1)帳號註冊,在應用模組(APP)中註冊手機帳號,需要進行手機號碼認證;(1) Account registration, to register a mobile account in the application module (APP), mobile phone number authentication is required;
(2)帳號登錄,使用手機帳號登錄應用模組(APP),需要進行手機號碼認證;(2) Account login, use mobile phone account to log in to the application module (APP), and mobile phone number authentication is required;
(3)綁卡,在應用模組(APP)中綁定銀行卡,需要進行銀行預留手機號碼認證;(3) To bind the card, bind the bank card in the application module (APP), and verify the mobile phone number reserved by the bank;
(4)轉帳,需要進行手機號碼認證;(4) For transfer, mobile phone number authentication is required;
(5)其他需要手機號碼認證的場景。(5) Other scenarios that require mobile phone number authentication.
10、應用模組向認證模組發起認證請求。10. The application module initiates an authentication request to the authentication module.
11、認證模組檢查Token佇列中是否有無效Token,如果有則剔除佇列,重新發送Token獲取請求獲取新Token,直到Token佇列中的Token均為有效。檢查方法為判斷Token時效,比如Token時效為10分鐘,若Token存續時間超過10分鐘則代表失效。這樣,能夠保障後續多次使用Token的場景時(每一次只用一個Token),可以直接使用已有的Token,而不需要重新獲取Token。11. The authentication module checks whether there is an invalid Token in the Token queue. If there is an invalid Token, remove the queue and resend the Token acquisition request to obtain a new Token until the Tokens in the Token queue are all valid. The checking method is to judge the validity of the token. For example, the validity of the token is 10 minutes. If the token lasts for more than 10 minutes, it means it is invalid. In this way, it can be ensured that when the token is used multiple times in the future (only one token is used at a time), the existing token can be used directly without the need to obtain the token again.
12、認證模組組裝報文,向認證系統發起認證請求,其中,報文內容例如包括:交易唯一標識(8位元接入機構編碼+13位元發送時間戳記+8位元接收機構編碼+12位元發送機構IP+4位元請求交易碼+8位元亂數,比如M000000120190315111213U0000001192168001010900215689674)、接收機構編碼(指認證系統編碼,比如U0000001)、ivd(用於確定哪類應用模組(APP)發起認證請求,比如1721512431502201903)、認證模組標識(7221855241809201903)、認證模組KEY(A822BA3DFF4D3FFEA97003FF84359E03)、接入機構IP(190162240133)、交易碼(9002)、版本號(1.0)、接入機構編碼(確定APP機構,M0000001)、交易子類(01)、交易時間戳記(1542180453000)、手機平臺標識(1,代表安卓或IOS)、手機號碼(13912345678)、應用模組識別字(例如,com.unionpay,代表“雲閃付”)、Token(12345678901)。12. The authentication module assembles a message and initiates an authentication request to the authentication system. The content of the message includes, for example, a unique transaction identifier (8-bit access agency code + 13-bit sending time stamp + 8-bit receiving agency code + 12-bit sending institution IP + 4-bit request transaction code + 8-bit random number, such as M000000120190315111213U0000001192168001010900215689674), receiving institution code (refers to the authentication system code, such as U0000001), ivd (used to determine which type of application module (APP)) Initiate an authentication request, such as 1721512431502201903), authentication module identification (7221855241809201903), authentication module KEY (A822BA3DFF4D3FFEA97003FF84359E03), access agency IP (190162240133), transaction code (9002), version number (1.0), access agency code (OK APP organization, M0000001), transaction sub-category (01), transaction timestamp (1542180453000), mobile phone platform identification (1, representing Android or IOS), mobile phone number (13912345678), application module identifier (for example, com.unionpay, Represents "Cloud QuickPass"), Token (12345678901).
其中,認證模組標識、認證模組KEY(認證模組KEY是對認證模組標識的加密運算後的結果)和應用模組識別字是用來確定是哪個應用模組發起了手機號碼認證請求,以防範不法機構盜用手機號碼認證服務。判斷方法為接收到的應用模組識別字與認證模組標識、認證模組KEY是否與認證系統中保存的對應關係一致,若一致則繼續服務,若不一致,則終止服務。Among them, the authentication module identification, authentication module KEY (the authentication module KEY is the result of the encrypted operation of the authentication module identification) and the application module identifier are used to determine which application module initiated the mobile phone number authentication request , To prevent illegal organizations from embezzling mobile phone number authentication services. The judging method is whether the received application module identifier, the authentication module ID, and the authentication module KEY are consistent with the corresponding relationship stored in the authentication system. If they are consistent, the service will continue; if they are inconsistent, the service will be terminated.
13、認證系統將認證請求中的相關報文發送至運營商系統,發送的認證請求資訊至少包括手機號碼(13912345678)、Token(12345678901)。13. The authentication system sends the relevant messages in the authentication request to the operator system. The authentication request information sent includes at least the mobile phone number (13912345678) and Token (12345678901).
14、運營商系統收到手機號碼(13912345678)和Token(12345678901)後,驗證手機號碼與Token是否一致,即驗證收到的手機號碼(13912345678)和Token(12345678901)的關係與預先已儲存的手機號碼與Token的對應關係是否一致,若一致,則返回一致認證結果,即表示認證成功。14. After the operator system receives the mobile phone number (13912345678) and Token (12345678901), it verifies whether the mobile phone number is consistent with the Token, that is, verifies the relationship between the received mobile phone number (13912345678) and Token (12345678901) and the mobile phone stored in advance Whether the corresponding relationship between the number and the Token is consistent, if they are consistent, a consistent authentication result is returned, which means that the authentication is successful.
15-16、認證系統接收認證結果後,返回認證結果至認證模組,認證模組再將認證結果返回應用模組。應用模組接收到一致驗證結果,則直接通過認證,無需再進行簡訊驗證碼驗證。15-16. After receiving the authentication result, the authentication system returns the authentication result to the authentication module, and the authentication module returns the authentication result to the application module. If the application module receives a consistent verification result, it will pass the verification directly, without the need for SMS verification code verification.
圖6是表示本發明第一實施方式的資訊認證系統的結構方塊圖。6 is a block diagram showing the structure of the information authentication system according to the first embodiment of the present invention.
如圖6所示,第一實施方式的資訊認證系統包括:用戶終端100、認證系統200以及運營商系統300。其中,用戶終端100包括應用模組110和認證模組120。As shown in FIG. 6, the information authentication system of the first embodiment includes: a
應用模組110在獲取Token的過程中用於獲取SIM卡設備號並提交到認證模組120以及在進行手機號碼認證的過程中用於獲取用戶的手機號碼並提交到認證模組120。The
認證模組120具備:The
第一請求單元121,在獲取Token的過程中用於基於從應用模組110獲得的SIM卡設備號向認證系統200發起Token獲取請求;The
儲存單元122,用於儲存從認證系統200返回的Token;以及The
第二請求單元123,在進行手機號碼認證的過程中用於在從應用模組110獲得的手機號碼的基礎上添加在所述儲存單元中已儲存的Token並向認證系統200發起認證請求並且接收從認證系統200返回的認證結果並將認證結果返回到應用模組110。The
這裡,雖然將第一請求單元121和第二請求單元123作為分開的部件進行說明,它們兩者也可以是集成在一個單元中實現。Here, although the
認證系統200用於將Token獲取請求轉發到運營商系統300,並且接收運營商系統300返回的認證結果並轉發到認證模組120。The
運營商系統300具備:The
Token生成單元310,在獲取Token的過程中根據用戶的手機號碼生成Token並返回給認證系統200;The
Token儲存單元320,用於儲存手機號碼和Token的對應關係;以及The
Token認證單元330,在進行手機號碼認證的過程中用於判斷從認證系統200接收到的認證請求中的手機號碼和Token的關係是否和與已儲存的手機號碼和Token的對應關係一致,若兩者一致,則判斷認證成功。The
這裡,在圖6中雖然表示為應用模組110和認證模組120為兩個構成部件,但是也可以是認證模組120集成在應用模組110中。Here, although it is shown in FIG. 6 that the
在該實施方式中,第一請求單元121在獲取Token的過程中判斷是否具有Token獲取條件並且獲取SIM卡設備號生成Token獲取請求並發送。進一步,第一請求單元121在獲取Token的過程中先判斷是否具有Token獲取條件。其中,所述有Token獲取條件包括:判斷是否具有SIM卡;以及判斷是否利用當前SIM卡的資料流程量聯網。In this embodiment, the
進一步,第一請求單元121重複發起所述Token獲取請求,直到所述儲存單元儲存有N個Token,所述N個Token構成Token佇列,其中,N為自然數。Further, the
而且,第一請求單元121判斷所述Token佇列中是否存在無效Token,若存在無效Token則重複發起Token獲取請求,所述儲存單元儲存有N個有效的Token。Moreover, the
可選地,第一請求單元121在發起Token獲取請求時,在所述Token獲取請求中進一步包含用於獲得SIM設備號的應用模組110的應用標識,其中,所述SIM卡設備號被用於獲得對應的手機號碼,進一步基於所述手機號碼被用於生成對應的Token並與手機號碼、應用標識與Token具有對應關係。Optionally, when the
接著,說明本發明第二實施方式的資訊認證方法以及資訊認證系統。Next, the information authentication method and information authentication system of the second embodiment of the present invention will be described.
在第二實施方式中,與第一實施方式不同的是,由應用模組的應用後臺系統組裝報文發起認證請求(第一實施方式中是由應用模組通過調取認證模組組裝報文發起認證請求)。兩者的區別在於,在打開應用模組(APP)的階段,應用模組會將獲取到的Token發給應用後臺系統。在輸入手機號碼階段,應用模組(APP)直接向應用後臺系統發起認證請求,由應用後臺系統組裝報文發起認證請求,其他處理邏輯與第一實施方式相同。In the second embodiment, different from the first embodiment, the authentication request is initiated by the application backend system assembly message of the application module (in the first embodiment, the application module assembles the message by calling the authentication module). Initiate an authentication request). The difference between the two is that when the application module (APP) is opened, the application module will send the obtained token to the application backend system. In the phase of entering the mobile phone number, the application module (APP) directly initiates an authentication request to the application background system, and the application background system assembles a message to initiate the authentication request. The other processing logic is the same as the first embodiment.
圖7是表示本發明第二實施方式的資訊認證方法的流程圖。FIG. 7 is a flowchart showing the information authentication method according to the second embodiment of the present invention.
如圖7所示,本發明第二實施方式的資訊認證方法包括下述步驟:As shown in FIG. 7, the information authentication method of the second embodiment of the present invention includes the following steps:
1-2:用戶打開應用模組(例如打開某個APP),應用模組隨即調用認證模組並向認證模組發送Token獲取請求。該Token獲取請求中將要調取的Token對應於手機中當前使用資料流程量的SIM卡設備號。1-2: The user opens the application module (for example, opens an APP), the application module then calls the authentication module and sends a token acquisition request to the authentication module. The Token to be retrieved in the Token obtaining request corresponds to the SIM card device number of the current usage data flow in the mobile phone.
3-4、認證模組初始化後,判斷是否滿足Token獲取條件,其中,應用模組和認證模組設置在用戶的用戶終端(即手持終端,作為一個示例為手機),則判斷該用戶終端是否滿足Token獲取條件,例如包括:3-4. After the authentication module is initialized, it is judged whether the Token acquisition conditions are met. Among them, the application module and the authentication module are set in the user's user terminal (ie a handheld terminal, as an example, a mobile phone), then it is judged whether the user terminal is Meet the Token acquisition conditions, for example:
(1)判斷是否具備SIM卡,如果有則進行(2),如果沒有則返回應答碼例如“11111”和應答碼提示“未插SIM卡”。(1) Judge whether there is a SIM card, if yes, proceed to (2), if not, return a response code such as "11111" and the response code prompts "SIM card not inserted".
(2)判斷手持終端是否聯網,如果有則進行4,如果沒有則返回應答碼例如“11112”和應答碼提示“未開資料網路”。(2) Determine whether the handheld terminal is connected to the Internet, if yes, proceed to 4. If not, return a response code such as "11112" and the response code prompts "No data network opened".
5、認證模組向認證系統發送Token獲取請求。5. The authentication module sends a token acquisition request to the authentication system.
6、認證系統向運營商系統發送Token獲取請求。6. The authentication system sends a token acquisition request to the operator system.
7、運營商系統收到Token獲取請求後,根據SIM卡設備號查詢對應的手機號碼,根據手機號碼生成對應的Token,然後返回Token獲取應答(即包含有Token)。7. After receiving the Token obtaining request, the operator system queries the corresponding mobile phone number according to the SIM card device number, generates the corresponding Token according to the mobile phone number, and then returns the Token to obtain a response (that is, the Token is included).
8、認證系統收到Token後,向認證模組返回Token獲取應答。8. After receiving the Token, the authentication system returns the Token to the authentication module to obtain a response.
9、認證模組將Token獲取應答返回到應用模組。9. The authentication module returns the Token acquisition response to the application module.
10、應用模組將Token獲取應答中的Token發送到應用後臺系統。10. The application module sends the Token in the Token acquisition response to the application background system.
這裡,作為一個可選方式,認證模組中的Token獲取請求會一直發送,直到應用後臺系統的Token佇列被填滿。其中,如果發送Token獲取請求一定次數(比如3次),均返回Token獲取失敗提示,則不再發送Token獲取請求;或者在發送Token獲取請求一定時間(比如10秒)後,仍無資訊回饋,則返回獲取失敗提示。Here, as an optional method, the token acquisition request in the authentication module will be sent until the token queue of the application background system is filled. Among them, if a token acquisition request is sent a certain number of times (for example, 3 times), and a Token acquisition failure prompt is returned, then the Token acquisition request will not be sent; or after a certain period of time (such as 10 seconds) the Token acquisition request is sent, there is still no information feedback. Then return to get failure prompt.
11、當需要進行手機號碼認證時,用戶輸入手機號碼,由應用模組認證請求。11. When mobile phone number verification is required, the user enters the mobile phone number and the application module verifies the request.
12、應用模組向應用後臺系統發送認證請求。12. The application module sends an authentication request to the application background system.
13、應用後臺系統檢查Token佇列中是否有無效Token,如果有則剔除佇列,重新發送Token獲取請求獲取新Token,直到Token佇列中的Token均為有效。檢查方法為判斷Token時效,比如Token時效為10分鐘,若Token存續時間超過10分鐘則代表失效。這樣,能夠保障後續多次使用Token的場景時(每一次只用一個Token),可以直接使用已有的Token,而不需要重新獲取Token。13. The application background system checks whether there is an invalid Token in the Token queue. If there is an invalid Token, the queue is removed, and the Token acquisition request is sent again to obtain a new Token until the Tokens in the Token queue are all valid. The checking method is to judge the validity of the token. For example, the validity of the token is 10 minutes. If the token lasts for more than 10 minutes, it means it is invalid. In this way, it can be ensured that when the token is used multiple times in the future (only one token is used at a time), the existing token can be used directly without the need to obtain the token again.
14、應用後臺系統組裝報文,向認證系統發起認證請求。14. The application background system assembles the message and initiates an authentication request to the authentication system.
15、認證系統將認證請求中的相關報文發送至運營商系統,發送的認證請求資訊至少包括手機號碼和Token。運營商系統收到手機號碼和Token後,驗證手機號碼與Token是否一致,即驗證收到的手機號碼和Token的關係與預先已儲存的手機號碼與Token的對應關係是否一致,若一致,則返回一致認證結果,即表示認證成功。15. The authentication system sends the relevant messages in the authentication request to the operator system, and the authentication request information sent includes at least the mobile phone number and Token. After the operator system receives the mobile phone number and the Token, it verifies whether the mobile phone number is consistent with the Token, that is, verifies whether the relationship between the received mobile phone number and the Token is consistent with the corresponding relationship between the pre-stored mobile phone number and the Token. If they are consistent, return A consistent authentication result means that the authentication is successful.
16、運營商系統將認證結果返回到認證系統。16. The operator system returns the authentication result to the authentication system.
17、認證系統將認證結果返回到應後臺系統;17. The authentication system returns the authentication result to the backend system;
18、應用後臺系統將認證結果返回到應用模組。18. The application background system returns the authentication result to the application module.
圖8是表示本發明第二實施方式的資訊認證系統的結構方塊圖。FIG. 8 is a block diagram showing the structure of the information authentication system according to the second embodiment of the present invention.
如圖8所示,本發明第二方面的資訊認證系統包括:用戶終端400、認證系統500、應用後臺系統600以及運營商系統700。其中,用戶終端400包括應用模組410和認證模組420。As shown in FIG. 8, the information authentication system of the second aspect of the present invention includes: a
應用模組410在獲取Token的過程中用於獲取SIM卡設備號並提交到認證模組420以及在進行手機號碼認證的過程中用於獲取用戶的手機號碼並提交到認證模組420。The application module 410 is used to obtain the SIM card device number and submit it to the
認證模組420在獲取Token的過程中用於基於從應用模組410獲得的手機號碼或者SIM卡設備號向認證系統500發起Token獲取請求並且用於將獲取的Token返回到應用模組410。In the process of acquiring the Token, the
認證系統500在獲取Token的過程中用於將Token獲取請求轉發到運營商系統700並且將獲取的Token轉發到認證模組420,另一方面進行手機號碼認證的過程中接收來自應用後臺系統600的認證請求在並且接收運營商系統700返回的認證結果並轉發到應用後臺系統600。The
應用後臺系統600具備:The
儲存單元620,在獲取Token的過程中用於儲存從應用模組410發送來的Token;The
請求單元610,在進行手機號碼認證的過程中用於在從應用模組410獲得的手機號碼或者SIM卡設備號的基礎上添加已儲存的Token並向認證系統600發起認證請求並且接收從認證系統600返回的認證結果。The
運營商系統700具備:The
Token生成單元710,在獲取Token的過程中根據用戶的手機號碼生成Token並返回給認證系統500;The
Token儲存單元720,儲存手機號碼和Token的對應關係;以及The
Token認證單元730,在進行手機號碼認證的過程中用於判斷從認證系統500接收到的認證請求中的手機號碼和Token的關係是否和與Token儲存單元720已儲存的手機號碼和Token的對應關係一致,若兩者一致,則判斷認證成功。The Token authentication unit 730 is used to determine whether the relationship between the mobile phone number and the Token in the authentication request received from the
這裡,在圖8中雖然表示為應用模組410和認證模組420為兩個構成部件,但是也可以是認證模組420集成在應用模組410中。Here, although it is shown in FIG. 8 that the application module 410 and the
在該實施方式中認證模組420在獲取Token的過程中判斷是否具有Token獲取條件並且獲取SIM卡設備號生成Token獲取請求並發送。進一步,認證模組420在獲取Token的過程中先判斷是否具有Token獲取條件。其中,所述有Token獲取條件包括:判斷是否具有SIM卡;以及判斷是否利用當前SIM卡的資料流程量聯網。In this embodiment, the
進一步,認證模組420重複發起所述Token獲取請求,直到所述儲存單元儲存有N個Token,所述N個Token構成Token佇列,其中,N為自然數。Further, the
在該實施方式中,獲取的Token是儲存在應用後臺系統600,因此,在應用後臺系統600向認證系統500發起認證請求的情況下,應用後臺系統600判斷所述Token佇列中是否存在無效Token,若存在無效Token則重複發起Token獲取請求,所述儲存單元620儲存有N個有效的Token。In this embodiment, the acquired Token is stored in the
作為其他變換方式,認證模組420在發起Token獲取請求時, 在所述Token獲取請求中可以進一步包含用於獲得SIM設備號的應用模組的應用標識、認證模組標識以及認證模組KEY(對於認證模組標識進行加密運算得到的金鑰),當獲得Token以後,將應用標識、認證模組標識以及認證模組KEY與Token的對應關係儲存在應用後臺系統600中,Token與手機號碼的對應關係儲存在運營商系統700中,因此,在進行認證的情況下,可以由應用後臺系統600對於應用標識、認證模組標識以及認證模組KEY與Token的對應關係進行驗證,由運營商系統700對於手機號碼與Token的對應關係進行驗證。As another conversion method, when the
如上所述,根據本發明的資訊認證方法以及資訊認證系統,需要輸入簡訊驗證碼,只要用戶輸入自己的手機號碼就能夠進行認證,能夠減少用戶的APP操作時間,提高操作速度和效果。具體地,相對於專利文獻1本發明無需用戶進行任何驗證碼輸入操作,節省了用戶APP操作時間,提高了操作效率。而且,相對於專利文獻2,本發明將手機號碼Token化,無需使用簡訊平臺,直接通過Token驗證手機號碼,能夠提高手機號碼的認證效率。As described above, according to the information authentication method and information authentication system of the present invention, it is necessary to input the short message verification code, and authentication can be performed as long as the user enters his mobile phone number, which can reduce the user's APP operation time and improve the operation speed and effect. Specifically, compared to
本發明還提供一種電腦可讀介質,其上儲存有電腦程式,其中,該電腦程式被處理器執行時實現上述的資訊認證方法。The present invention also provides a computer-readable medium on which a computer program is stored, wherein the computer program is executed by a processor to implement the above-mentioned information authentication method.
本發明還提供一種電腦設備,包括記憶體、處理器以及儲存在記憶體上並可在處理器上運行的電腦程式,其中,所述處理器執行所述電腦程式時實現上述的資訊認證方法。The present invention also provides a computer device, including a memory, a processor, and a computer program stored on the memory and running on the processor, wherein the processor implements the above-mentioned information authentication method when the computer program is executed.
以上例子主要說明了本發明的資訊認證系統以及資訊認證方法。儘管只對其中一些本發明的具體實施方式進行了描述,但是本領域普通技術人員應當瞭解,本發明可以在不偏離其主旨與範圍內以許多其他的形式實施。因此,所展示的例子與實施方式被視為示意性的而非限制性的,在不脫離如所附各請求項所定義的本發明精神及範圍的情況下,本發明可能涵蓋各種的修改與替換。The above examples mainly illustrate the information authentication system and information authentication method of the present invention. Although only some of the specific embodiments of the present invention have been described, those of ordinary skill in the art should understand that the present invention can be implemented in many other forms without departing from its spirit and scope. Therefore, the presented examples and implementations are regarded as illustrative rather than restrictive. Without departing from the spirit and scope of the present invention as defined by the appended claims, the present invention may cover various modifications and replace.
10:用戶終端 11:應用模組 12:認證模組 20:認證系統 30:經營商系統 40:用戶終端 41:應用模組 42:認證模組 50:認證系統 60:應用後臺系統 70:經營商系統 100:用戶終端 110:應用模組 120:認證模組 121:第一請求單元 122:儲存單元 123:第二請求單元 200:認證系統 300:經營商系統 310:Token生成單元 320:Token儲存單元 330:Token認證單元 400:用戶終端 410:應用模組 420:認證模組 500:認證系統 600:應用後臺系統 610:請求單元 620:儲存單元 700:經營商系統 710:Token生成單元 720:Token儲存單元 730:Token認證單元10: User terminal 11: Application module 12: Authentication module 20: authentication system 30: Operator system 40: User terminal 41: Application Module 42: authentication module 50: authentication system 60: Application background system 70: Operator System 100: User terminal 110: Application Module 120: authentication module 121: The first request unit 122: storage unit 123: The second request unit 200: authentication system 300: Operator System 310: Token generation unit 320: Token storage unit 330: Token authentication unit 400: User terminal 410: Application Module 420: authentication module 500: authentication system 600: Application background system 610: request unit 620: storage unit 700: Operator System 710: Token generation unit 720: Token storage unit 730: Token authentication unit
本發明之其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是表示本發明第一方面的資訊認證方法的流程圖; 圖2是表示本發明第一方面的資訊認證系統的結構方塊圖; 圖3是表示本發明第二方面的資訊認證方法的流程圖; 圖4是表示本發明第二方面的資訊認證系統的結構方塊圖; 圖5是表示本發明第一實施方式的資訊認證方法的流程圖; 圖6是表示本發明第一實施方式的資訊認證系統的結構方塊圖; 圖7是表示本發明第二實施方式的資訊認證方法的流程;及 圖8是表示本發明第二實施方式的資訊認證系統的結構方塊圖。Other features and effects of the present invention will be clearly presented in the embodiments with reference to the drawings, in which: Figure 1 is a flowchart showing the information authentication method of the first aspect of the present invention; 2 is a block diagram showing the structure of the information authentication system of the first aspect of the present invention; Figure 3 is a flowchart showing the information authentication method of the second aspect of the present invention; 4 is a block diagram showing the structure of the information authentication system of the second aspect of the present invention; 5 is a flowchart showing the information authentication method of the first embodiment of the present invention; 6 is a block diagram showing the structure of the information authentication system according to the first embodiment of the present invention; FIG. 7 is a flowchart showing the information authentication method according to the second embodiment of the present invention; and FIG. 8 is a block diagram showing the structure of the information authentication system according to the second embodiment of the present invention.
Claims (29)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910892546.5A CN111010363B (en) | 2019-09-20 | 2019-09-20 | Information authentication method and system, authentication module and user terminal |
| CN201910892546.5 | 2019-09-20 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW202113717A true TW202113717A (en) | 2021-04-01 |
| TWI842944B TWI842944B (en) | 2024-05-21 |
Family
ID=
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021052034A1 (en) | 2021-03-25 |
| CN111010363A (en) | 2020-04-14 |
| CN111010363B (en) | 2022-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021052034A1 (en) | Information authentication method and system thereof, authentication module and user terminal | |
| US9083680B2 (en) | Systems, methods, and computer readable media for application-level authentication of messages in a telecommunications network | |
| US9596237B2 (en) | System and method for initiating transactions on a mobile device | |
| EP1615097B1 (en) | Dual-path-pre-approval authentication method | |
| CN103001975B (en) | Log-in control method based on Quick Response Code, system and device | |
| CN102088353B (en) | Two-factor authentication method and system based on mobile terminal | |
| US9009793B2 (en) | Dynamic pin dual factor authentication using mobile device | |
| WO2008089684A1 (en) | Method and system for security authenticating through short message in communication terminal | |
| CN109308416B (en) | Business service data processing method, device, system, storage medium and equipment | |
| CN103905194B (en) | Identity traceability authentication method and system | |
| CN112351015A (en) | Gateway control method based on API | |
| JP2015537399A (en) | Application system for mobile payment and method for providing and using mobile payment means | |
| CN108650098B (en) | Method and device for user-defined verification mode | |
| CN111371725A (en) | Method for improving security of session mechanism, terminal equipment and storage medium | |
| US20130046689A1 (en) | System and Method for Facilitating Transactions | |
| CN106559384A (en) | A kind of utilization public number realizes the method and device for logging in | |
| CN113824628B (en) | User identity authentication method, device, server and storage medium based on IM | |
| CN110838010A (en) | Service processing method, device, terminal, server and storage medium | |
| CN110149629A (en) | A kind of method and system of fast registration and login application program based on mobile phone | |
| CN113190724A (en) | User bank information query method, mobile terminal and server | |
| CN111355730A (en) | Platform login method, device, equipment and computer readable storage medium | |
| CN111404965B (en) | Method for realizing mobile terminal application safety verification | |
| TWI842944B (en) | Information authentication method and system, authentication module, user terminal, computer readable medium and computer device | |
| CN104301285B (en) | Login method for web system | |
| US20120066128A1 (en) | Data communication method and system for providing a financial transaction |