WO2013013367A1 - Method and device for authenticating identity of mobile terminal - Google Patents

Method and device for authenticating identity of mobile terminal Download PDF

Info

Publication number
WO2013013367A1
WO2013013367A1 PCT/CN2011/077492 CN2011077492W WO2013013367A1 WO 2013013367 A1 WO2013013367 A1 WO 2013013367A1 CN 2011077492 W CN2011077492 W CN 2011077492W WO 2013013367 A1 WO2013013367 A1 WO 2013013367A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile terminal
password
location information
module
identity verification
Prior art date
Application number
PCT/CN2011/077492
Other languages
French (fr)
Chinese (zh)
Inventor
李治国
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Priority to PCT/CN2011/077492 priority Critical patent/WO2013013367A1/en
Publication of WO2013013367A1 publication Critical patent/WO2013013367A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals

Definitions

  • the present invention relates to the field of mobile terminals, and in particular, to an identity verification method and apparatus for a mobile terminal.
  • the identity verification of the mobile terminal is implemented by verifying whether the user name and password of the mobile terminal are correct.
  • the user name and password of the mobile terminal respectively match the preset user name and password, It is determined that the identity of the mobile terminal is correct, and the Internet service scheduled by the mobile terminal can be used.
  • the mobile terminal's authentication information is easily stolen by Trojans or hackers, making the mobile terminal less secure when logging in to use the mobile Internet service. .
  • Embodiments of the present invention provide a method and apparatus for authenticating a mobile terminal, which improves security when a mobile terminal logs in using a mobile Internet service.
  • a method for authenticating a mobile terminal includes:
  • the mobile terminal If the identity verification of the mobile terminal passes, the mobile terminal is allowed to log in to the network server and use the network service scheduled by the mobile terminal.
  • a server comprising:
  • An identity verification unit configured to perform a risk on the identity of the mobile terminal according to the user name, the password of the mobile terminal, and the geographical location information of the mobile terminal;
  • a login unit configured to allow the mobile terminal to log in to the network server when the identity verification unit determines that the identity verification of the mobile terminal is passed, and use the network service scheduled by the mobile terminal Business.
  • the method and device for verifying the identity of the mobile terminal provided by the embodiment of the present invention, when performing identity verification on the mobile terminal, according to the user name and password of the mobile terminal and the geographical location information of the location where the mobile terminal is registered, to the mobile terminal
  • the identity of the mobile terminal is verified, and the geographical location information of the mobile terminal is not easily stolen by the Trojan or the hacker.
  • the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. In comparison, the security of the mobile terminal when using the mobile Internet service is improved.
  • FIG. 1 is a flowchart of an identity verification method of a mobile terminal according to Embodiment 1 of the present invention
  • FIG. 2 is a flowchart of an identity verification method of a mobile terminal according to Embodiment 2 of the present invention.
  • FIG. 3 is a flowchart of an identity verification method of a mobile terminal according to Embodiment 3 of the present invention.
  • Embodiment 4 is a block diagram showing the composition of a server in Embodiment 4 of the present invention.
  • FIG. 5 is a block diagram showing the composition of another server in Embodiment 4 of the present invention.
  • FIG. 6 is a block diagram showing the composition of another server in Embodiment 4 of the present invention.
  • Figure 7 is a block diagram showing the composition of another server in Embodiment 4 of the present invention.
  • An embodiment of the present invention provides a method for authenticating a mobile terminal. As shown in FIG. 1, the method includes: 1 01. Verify the identity of the mobile terminal according to the username, password, and geographic location information of the mobile terminal.
  • the network server sends a prompt message to the mobile terminal whether to log in to use the network service only after receiving the network service registration request sent by the mobile terminal, if the user determines Only when the login service is used to register the network service, the geographical location information registered by the mobile terminal is obtained, and the registered geographical location information will not be modified once determined.
  • the geographic location information of the mobile terminal can be obtained by the server through the GPS. However, the embodiment of the present invention does not limit this, and may be acquired by the mobile terminal and sent to the server.
  • the mobile terminal If the identity verification of the mobile terminal passes, the mobile terminal is allowed to log in to the network server, and uses the network service scheduled by the mobile terminal.
  • the identity of the mobile terminal is verified according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal registration, and the mobile terminal The geographical location information of the registered place is not easily stolen by the Trojan or the hacker.
  • the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. Security when using mobile internet services.
  • the embodiment of the invention provides an identity verification method for a mobile terminal. As shown in FIG. 2, the method includes:
  • the mobile terminal when the mobile terminal first performs the registration network service, after receiving the network service registration request sent by the mobile terminal, the mobile terminal sends a prompt message to the mobile terminal whether to log in to use the network service only at the registered location, So that the user can determine the mode of logging in to use the web service.
  • the location information of the mobile terminal registration location is obtained; and according to the geographic location The set information and the predetermined rule set the range of the geographic location of the mobile terminal.
  • the obtaining the geographical location information registered by the mobile terminal may be obtained by the server through the GPS, but the embodiment of the present invention does not limit this, and may also be acquired by the mobile terminal and sent to the server.
  • the predetermined rule is a defined rule of the range of the location value, and may be specifically set according to the needs of the user, which is not limited by the embodiment of the present invention, for example, within 50 meters or around the specific geographical location where the mobile terminal is registered. Within 100 meters.
  • the request may be a request triggered by an operation of the terminal in any form, for example, a request that is triggered after the login of the network service login user name and password.
  • the embodiment of the present invention is not limited thereto, and may also be when the network login interface is opened. The request that was triggered.
  • the obtaining the user name and password of the mobile terminal may be implemented by, but not limited to, receiving the user name and password sent by the mobile terminal; when the mobile terminal sends the user name and password, the user may input the user name and the password. After the password is sent to the network server, the user name and password input by the user are sent to the network server. The default user name and password in the default login mode are directly sent to the network server when the login interface is opened. .
  • step 205 Perform identity verification on the mobile terminal according to the username and password. If the username and password respectively match the corresponding username and password of the preset value of the mobile terminal, perform step 206; If the name and password respectively do not match the corresponding user name and password of the preset value of the mobile terminal, step 210 is performed.
  • the user is authenticated according to the user name and password, and the user name and password are respectively matched with the corresponding user name and password of the preset value of the mobile terminal.
  • the obtaining of the geographic location information of the mobile terminal may be obtained by the server through the GPS. However, the embodiment of the present invention does not limit this, and may be acquired by the mobile terminal and sent to the server. 207.
  • the obtained geographical location information is compared with the geographical location information of the mobile terminal to be registered. If the geographical difference value obtained by the comparison is within the geographic location wide value range, step 208 is performed; If the geographical difference value obtained by the comparison is not within the range of the geographic location, step 209 is performed.
  • the user name and password input to the mobile terminal are incorrect. Please re-enter the notification message of the user name and password.
  • the identity of the mobile terminal is verified according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal registration, and the mobile terminal The geographical location information of the registered place is not easily stolen by the Trojan or the hacker.
  • the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. Security when using mobile internet services.
  • the embodiment of the invention provides an identity verification method for a mobile terminal. As shown in FIG. 3, the method includes:
  • the mobile terminal when the mobile terminal first performs the registration network service, after receiving the network service registration request sent by the mobile terminal, the mobile terminal sends a prompt message to the mobile terminal whether to log in to use the network service only at the registered location, So that the user can determine the mode of logging in to use the web service.
  • the location information of the mobile terminal registration location is obtained; and according to the geographic location
  • the set information and the predetermined rule set the range of the geographic location of the mobile terminal.
  • the obtaining the geographical location information registered by the mobile terminal may be obtained by the server through the GPS, but the embodiment of the present invention does not limit this, and may also be acquired by the mobile terminal and sent to the server.
  • the predetermined rule is a defined rule of the range of the location value, and may be specifically set according to the requirements of the user, which is not limited by the embodiment of the present invention, for example, within 50 meters or around the specific geographical location where the mobile terminal is registered. Within 100 meters.
  • the request may be a request triggered by an operation of the terminal in any form, for example, a request that is triggered after the login of the network service login user name and password.
  • the embodiment of the present invention is not limited thereto, and may also be when the network login interface is opened. The request that was triggered.
  • the obtaining of the geographic location information of the mobile terminal may be obtained by the server through the GPS.
  • the embodiment of the present invention does not limit the mobile terminal, and may be acquired by the mobile terminal and sent to the server.
  • step 306 is performed; If the geographical difference value obtained by the comparison is not within the range of the geographic location, step 309 is performed.
  • the obtaining the user name and password of the mobile terminal may be implemented by, but not limited to, receiving the user name and password sent by the mobile terminal; when the mobile terminal sends the user name and password, the user may input the user name and the password. After the password is sent to the network server, the user name and password input by the user are sent to the network server. The default user name and password in the default login mode are directly sent to the network server when the login interface is opened. .
  • Step 307 Perform identity verification on the mobile terminal according to the username and password. If the username and password respectively match the corresponding username and password of the mobile terminal preset value, perform Step 308: If the user name and password respectively do not match the corresponding user name and password of the preset value of the mobile terminal, step 309 is performed.
  • the user name and password input to the mobile terminal are incorrect. Please re-enter the notification message of the user name and password.
  • the identity of the mobile terminal is verified according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal registration, and the mobile terminal The geographical location information of the registered place is not easily stolen by the Trojan or the hacker.
  • the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. Security when using mobile internet services.
  • the mobile terminal after receiving the request for logging in to the network server sent by the mobile terminal, acquiring geographical location information of the mobile terminal, and pre-setting the geographic location information with the mobile terminal Comparing the geographical value range, when the compared geographical difference is within the range of the geographic value, the mobile terminal is authenticated according to the username and password, and the geographical difference is compared. When the value is not in the range of the location value, the mobile terminal is not authenticated according to the username and password, which avoids unnecessary verification operations of the server and saves operating resources of the server.
  • the embodiment of the invention provides a server.
  • the server includes: an identity verification unit 41 and a login unit 42.
  • the identity verification unit 41 is configured to verify the identity of the mobile terminal according to the username, password, and geographic location information of the mobile terminal.
  • the login unit 42 is configured to allow the mobile terminal to log in to the network server when the identity verification unit 41 determines that the identity verification of the mobile terminal passes, and use the network service scheduled by the mobile terminal.
  • the identity verification unit 41 includes: a first receiving module 41 1 , a first obtaining module 412 , a first identity verifying module 41 3 , a second acquiring module 414 , and a first comparing module 415 .
  • the first receiving module 411 is configured to receive a request sent by the mobile terminal to log in to the network server.
  • the first obtaining module 412 is configured to obtain a username and a password of the mobile terminal.
  • the first identity verification module 41 3 is configured to perform identity verification on the mobile terminal according to the username and password obtained by the first obtaining module 412.
  • the second obtaining module 414 is configured to determine, in the first identity verification module 41 3, that the user name and password acquired by the first obtaining module 412 are respectively matched with corresponding user names and passwords of the preset value of the mobile terminal. And acquiring geographic location information of the mobile terminal.
  • the first comparison module 415 is configured to compare the geographical location information acquired by the second obtaining module 414 with a geographical location information range of the mobile terminal registration.
  • the first determining module 416 is configured to determine, when the geographical difference value obtained by the first comparison module 415 is within the range of the geographic location, determine the identity verification of the mobile terminal.
  • the sending module 417 is configured to send, to the mobile terminal, a notification message that the mobile terminal fails to log in to the network server when the geographical difference value obtained by the first comparison module 415 is not within the geographical range.
  • the ID card unit 41 includes: a second receiving module 418, a third obtaining module 419, a second comparing unit 4110, a fourth obtaining module 4111, and a second identity verification module. 4112.
  • the second determining module 411 3.
  • the second receiving module 418 is configured to receive a request sent by the mobile terminal to log in to the network server.
  • the third obtaining module 419 is configured to obtain geographic location information of the mobile terminal.
  • the second comparing unit 4110 is configured to compare the geographic location information acquired by the third acquiring module 419 with geographic location information of the mobile terminal registration location.
  • the fourth obtaining module 4111 is configured to acquire the username and password of the mobile terminal when the geographically significant difference value obtained by the second comparing unit 4110 is within the range of the geographic location.
  • the second identity verification module 412 is configured to perform identity verification on the mobile terminal according to the user name and password obtained by the fourth obtaining module 4111.
  • the second determining module 4113 is configured to determine, when the second identity verification module 4112 determines that the username and password respectively match the corresponding username and password of the preset value of the mobile terminal, determine the identity of the mobile terminal. Verification passed.
  • the sending module 4114 is configured to send, to the mobile terminal, a notification message that the mobile terminal fails to log in to the network server when the geographical difference value obtained by the second comparison module 4110 is not within the geographical range.
  • the server further includes: a sending unit 43, an obtaining unit 44, and a setting unit 45.
  • the sending unit 43 is configured to receive the mobile terminal before the identity verification unit authenticates the identity of the mobile terminal according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal. After the network service registration request, the mobile terminal is sent a prompt message indicating whether to log in to use the network service only at the registered place.
  • the obtaining unit 44 is configured to: after receiving the response information that the user determines to log in to use the prompt information of the network service only, to obtain the geographical location information of the mobile terminal registration place.
  • a setting unit 45 configured to set a range of geographic location values of the mobile terminal according to the geographic location information acquired by the obtaining unit 44 and a predetermined rule;
  • the predetermined rule is a defined rule of a geographic location wide value range, and According to the specific needs of the user, the embodiment of the present invention does not limit this, for example, within 50 meters or within 100 meters of the specific geographical location where the mobile terminal is registered.
  • the identity of the mobile terminal is verified according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal registration, and the mobile terminal The geographical location information of the registered place is not easily stolen by the Trojan or the hacker.
  • the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. Security when using mobile internet services.
  • the mobile terminal after receiving the request for logging in to the network server sent by the mobile terminal, acquiring geographical location information of the mobile terminal, and pre-setting the geographic location information with the mobile terminal Comparing the geographical value range, when the compared geographical difference is within the range of the geographic value, the mobile terminal is authenticated according to the username and password, and the geographical difference is compared. When the value is not in the range of the location value, the mobile terminal is not authenticated according to the username and password, which avoids unnecessary verification operations of the server and saves operating resources of the server.
  • the embodiment of the present invention can be applied in any application scenario that needs to be kept secret.
  • a user performs a login service on a mobile terminal such as a mobile phone, such as synchronizing, uploading, or transmitting data that is very private to the user
  • the security requirement is high or Users with strong privacy only want to log in and use at home. Therefore, when the user can only log in locally, the hacker in the field can steal the user's username and password, and the hacker cannot know the user registration.
  • the geographical location information greatly increases security.
  • the present invention can be implemented by means of software plus necessary general hardware, and of course, by hardware, but in many cases, the former is a better implementation. .
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a readable storage medium, such as a floppy disk of a computer.
  • a hard disk or optical disk or the like includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.

Abstract

The present invention relates to the field of mobile terminals. Disclosed in an embodiment of the present invention are a method and device for authenticating the identity of a mobile terminal, improving the security when the mobile terminal logs into and uses a mobile internet service. The method of the present invention comprises: authenticating the identity of the mobile terminal according to the user name and password of the mobile terminal, and the current geographic location information of the mobile terminal; if the identity authentication of the mobile terminal is approved, then the mobile terminal is allowed to log into a network server and use the network service ordered by the mobile terminal. The embodiment of the present invention is mainly used in the identity authentication process of the mobile terminal.

Description

移动终端的身份验证方法及装置 技术领域  Mobile terminal identity verification method and device
本发明涉及移动终端领域, 尤其涉及一种移动终端的身份验证方法及装 置。  The present invention relates to the field of mobile terminals, and in particular, to an identity verification method and apparatus for a mobile terminal.
背景技术 Background technique
在现有移动终端使用互联网服务时, 对移动终端的身份验证, 是通过验 证移动终端的用户名和密码是否正确实现的, 当确定移动终端的用户名和密 码分别与预设的用户名和密码相匹配时, 确定移动终端的身份是正确的, 可 以使用该移动终端预定的互联网服务。 但是, 通过验证移动终端的用户名和 密码是否正确实现对移动终端的身份验证时, 移动终端的身份验证信息很容 易被木马或黑客所窃取, 使得移动终端登录使用移动互联网服务时的安全性 较低。  When the existing mobile terminal uses the Internet service, the identity verification of the mobile terminal is implemented by verifying whether the user name and password of the mobile terminal are correct. When it is determined that the user name and password of the mobile terminal respectively match the preset user name and password, It is determined that the identity of the mobile terminal is correct, and the Internet service scheduled by the mobile terminal can be used. However, when verifying that the mobile terminal's username and password are correctly authenticated to the mobile terminal, the mobile terminal's authentication information is easily stolen by Trojans or hackers, making the mobile terminal less secure when logging in to use the mobile Internet service. .
发明内容 Summary of the invention
本发明的实施例提供一种移动终端的身份验证方法及装置, 提高了移动 终端登录使用移动互联网服务时的安全性。  Embodiments of the present invention provide a method and apparatus for authenticating a mobile terminal, which improves security when a mobile terminal logs in using a mobile Internet service.
为达到上述目的, 本发明的实施例釆用如下技术方案:  In order to achieve the above object, embodiments of the present invention use the following technical solutions:
一种移动终端的身份验证方法, 包括:  A method for authenticating a mobile terminal includes:
根据移动终端的用户名、 密码以及所述移动终端注册地的地理位置信息, 对所述移动终端的身份进行验证;  Verifying the identity of the mobile terminal according to the username, password, and geographic location information of the mobile terminal;
若所述移动终端的身份验证通过, 则允许所述移动终端登录网络服务器, 并使用所述移动终端预定的网络服务。  If the identity verification of the mobile terminal passes, the mobile terminal is allowed to log in to the network server and use the network service scheduled by the mobile terminal.
一种服务器, 包括:  A server, comprising:
身份验证单元, 用于根据移动终端的用户名、 密码以及所述移动终端注 册地的地理位置信息, 对所述移动终端的身份进行险证;  An identity verification unit, configured to perform a risk on the identity of the mobile terminal according to the user name, the password of the mobile terminal, and the geographical location information of the mobile terminal;
登录单元, 用于在所述身份验证单元确定所述移动终端的身份验证通过 时, 允许所述移动终端登录网络服务器, 并使用所述移动终端预定的网络服 务。 a login unit, configured to allow the mobile terminal to log in to the network server when the identity verification unit determines that the identity verification of the mobile terminal is passed, and use the network service scheduled by the mobile terminal Business.
本发明实施例提供的移动终端的身份验证方法及装置, 在对移动终端进 行身份验证时, 是根据移动终端的用户名、 密码以及所述移动终端注册地的 地理位置信息, 对所述移动终端的身份进行验证, 而该移动终端注册地的地 理位置信息不容易被木马或黑客所窃取, 与现有技术中仅通过容易被木马或 黑客所窃取移动终端的用户名和密码对移动终端进行身份验证相比, 提高了 移动终端登录使用移动互联网服务时的安全性。  The method and device for verifying the identity of the mobile terminal provided by the embodiment of the present invention, when performing identity verification on the mobile terminal, according to the user name and password of the mobile terminal and the geographical location information of the location where the mobile terminal is registered, to the mobile terminal The identity of the mobile terminal is verified, and the geographical location information of the mobile terminal is not easily stolen by the Trojan or the hacker. In the prior art, the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. In comparison, the security of the mobile terminal when using the mobile Internet service is improved.
附图说明 DRAWINGS
为了更清楚地说明本发明实施例中的技术方案, 下面将对实施例或现有 技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面描述中的附 图仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创 造性劳动的前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the embodiments or the prior art description will be briefly described below. It is obvious that the drawings in the following description are only the present invention. For some embodiments, other drawings may be obtained from those of ordinary skill in the art without departing from the drawings.
图 1为本发明实施例 1中移动终端的身份验证方法流程图;  1 is a flowchart of an identity verification method of a mobile terminal according to Embodiment 1 of the present invention;
图 2为本发明实施例 2中移动终端的身份验证方法流程图;  2 is a flowchart of an identity verification method of a mobile terminal according to Embodiment 2 of the present invention;
图 3为本发明实施例 3中移动终端的身份验证方法流程图;  3 is a flowchart of an identity verification method of a mobile terminal according to Embodiment 3 of the present invention;
图 4为本发明实施例 4中一种服务器的组成框图;  4 is a block diagram showing the composition of a server in Embodiment 4 of the present invention;
图 5为本发明实施例 4中另一种服务器的组成框图;  Figure 5 is a block diagram showing the composition of another server in Embodiment 4 of the present invention;
图 6为本发明实施例 4中另一种服务器的组成框图;  6 is a block diagram showing the composition of another server in Embodiment 4 of the present invention;
图 7为本发明实施例 4中另一种服务器的组成框图。  Figure 7 is a block diagram showing the composition of another server in Embodiment 4 of the present invention.
具体实施方式 detailed description
下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进行 清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而 不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有作 出创造性劳动前提下所获得的所有其他实施例 , 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
实施例 1  Example 1
本发明实施例提供一种移动终端的身份验证方法, 如图 1 所示, 该方法 包括: 1 01、 根据移动终端的用户名、 密码以及所述移动终端注册地的地理位置 信息, 对所述移动终端的身份进行验证。 An embodiment of the present invention provides a method for authenticating a mobile terminal. As shown in FIG. 1, the method includes: 1 01. Verify the identity of the mobile terminal according to the username, password, and geographic location information of the mobile terminal.
其中, 在移动终端首次进行注册网络服务时, 网络服务器在接收到移动 终端发送的网络服务注册请求后, 向所述移动终端发送是否仅在注册地进行 登录使用网络服务的提示信息, 若用户确定仅在注册地进行登录使用网络服 务, 则获取移动终端注册的地理位置信息, 该注册的地理位置信息一旦确定 将不再修改。 所述移动终端注册地的地理位置信息可以由服务器通过 GPS 获 取, 但本发明实施例对此不进行限制, 也可以由该移动终端获取并将其发送 给服务器。  When the mobile terminal first performs the registration network service, the network server sends a prompt message to the mobile terminal whether to log in to use the network service only after receiving the network service registration request sent by the mobile terminal, if the user determines Only when the login service is used to register the network service, the geographical location information registered by the mobile terminal is obtained, and the registered geographical location information will not be modified once determined. The geographic location information of the mobile terminal can be obtained by the server through the GPS. However, the embodiment of the present invention does not limit this, and may be acquired by the mobile terminal and sent to the server.
1 02、 若所述移动终端的身份验证通过, 则允许所述移动终端登录网络服 务器, 并使用所述移动终端预定的网络服务。  1 02. If the identity verification of the mobile terminal passes, the mobile terminal is allowed to log in to the network server, and uses the network service scheduled by the mobile terminal.
本发明实施例中, 在对移动终端进行身份验证时, 是根据移动终端的用 户名、 密码以及所述移动终端注册地的地理位置信息, 对所述移动终端的身 份进行验证, 而该移动终端注册地的地理位置信息不容易被木马或黑客所窃 取, 与现有技术中仅通过容易被木马或黑客所窃取移动终端的用户名和密码 对移动终端进行身份验证相比, 提高了移动终端登录使用移动互联网服务时 的安全性。  In the embodiment of the present invention, when authenticating the mobile terminal, the identity of the mobile terminal is verified according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal registration, and the mobile terminal The geographical location information of the registered place is not easily stolen by the Trojan or the hacker. Compared with the prior art, the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. Security when using mobile internet services.
实施例 2  Example 2
本发明实施例提供一种移动终端的身份验证方法, 如图 2 所示, 该方法 包括:  The embodiment of the invention provides an identity verification method for a mobile terminal. As shown in FIG. 2, the method includes:
201、 在接收到所述移动终端发送的网络服务注册请求后, 向所述移动终 端发送是否仅在注册地进行登录使用网络服务的提示信息。  201. After receiving the network service registration request sent by the mobile terminal, send, to the mobile terminal, prompt information for whether to log in to use the network service only at the registered location.
其中, 需要说明的是, 在移动终端首次进行注册网络服务时, 在接收到 移动终端发送的网络服务注册请求后, 向所述移动终端发送是否仅在注册地 进行登录使用网络服务的提示信息, 以便用户确定登录使用网络服务的模式。  It should be noted that, when the mobile terminal first performs the registration network service, after receiving the network service registration request sent by the mobile terminal, the mobile terminal sends a prompt message to the mobile terminal whether to log in to use the network service only at the registered location, So that the user can determine the mode of logging in to use the web service.
202、 当接收到用户确定仅在注册地进行登录使用网络服务的提示信息的 应答信息后, 获取所述移动终端注册地的地理位置信息; 并根据所述地理位 置信息和预定的规则设置所述移动终端的地理位置阔值范围。 202. After receiving the response information that the user determines to log in to use the prompt information of the network service only, the location information of the mobile terminal registration location is obtained; and according to the geographic location The set information and the predetermined rule set the range of the geographic location of the mobile terminal.
其中, 获取所述移动终端注册的地理位置信息可以由服务器通过 GPS 获 取, 但本发明实施例对此不进行限制, 也可以由该移动终端获取并将其发送 给服务器。  The obtaining the geographical location information registered by the mobile terminal may be obtained by the server through the GPS, but the embodiment of the present invention does not limit this, and may also be acquired by the mobile terminal and sent to the server.
另外, 该预定的规则为地理位置阔值范围的限定规则, 可以根据用户的 需求具体设置, 本发明实施例对此不进行限定, 例如移动终端注册地所在具 体地理位置的周围 50米以内或者周围 100米以内。  In addition, the predetermined rule is a defined rule of the range of the location value, and may be specifically set according to the needs of the user, which is not limited by the embodiment of the present invention, for example, within 50 meters or around the specific geographical location where the mobile terminal is registered. Within 100 meters.
203、 接收所述移动终端发送的登录所述网络服务器的请求。  203. Receive a request sent by the mobile terminal to log in to the network server.
其中, 所述请求可以为终端任意形式的操作触发的请求, 例如, 在输入 网络服务登录用户名和密码后触发的请求; 本发明实施例并不局限于此, 还 可以为在打开网络登录界面时触发的请求。  The request may be a request triggered by an operation of the terminal in any form, for example, a request that is triggered after the login of the network service login user name and password. The embodiment of the present invention is not limited thereto, and may also be when the network login interface is opened. The request that was triggered.
204、 获取所述移动终端的用户名和密码。  204. Obtain a username and password of the mobile terminal.
其中, 获取所述移动终端的用户名和密码可以通过但不局限于以下的方 式实现, 包括接收所述移动终端发送的用户名和密码; 该移动终端在发送用 户名和密码时, 可以在用户输入用户名和密码后向网络服务器发送用户输入 的所述用户名和密码; 也可以在打开登录界面时, 将默认登录方式下默认的 用户名和密码直接发送给网络服务器; 具体的本发明实施例对此不进行限制。  The obtaining the user name and password of the mobile terminal may be implemented by, but not limited to, receiving the user name and password sent by the mobile terminal; when the mobile terminal sends the user name and password, the user may input the user name and the password. After the password is sent to the network server, the user name and password input by the user are sent to the network server. The default user name and password in the default login mode are directly sent to the network server when the login interface is opened. .
205、 根据所述用户名和密码对所述移动终端进行身份验证; 若所述用户 名和密码分别与所述移动终端预设值的对应的用户名和密码相匹配, 则执行 步骤 206;若所述用户名和密码分别与所述移动终端预设值的对应的用户名和 密码不相匹配, 则执行步骤 210。  205. Perform identity verification on the mobile terminal according to the username and password. If the username and password respectively match the corresponding username and password of the preset value of the mobile terminal, perform step 206; If the name and password respectively do not match the corresponding user name and password of the preset value of the mobile terminal, step 210 is performed.
其中, 所述根据用户名和密码对所述移动终端进行身份验证, 即将所述 用户名和密码分别与所述移动终端预设值的对应的用户名和密码进行匹配。  The user is authenticated according to the user name and password, and the user name and password are respectively matched with the corresponding user name and password of the preset value of the mobile terminal.
206、 获取所述移动终端的地理位置信息。  206. Obtain geographic location information of the mobile terminal.
其中, 所述移动终端的地理位置信息的获取, 可以由服务器通过 GPS 获 取, 但本发明实施例对此不进行限制, 也可以由该移动终端获取并将其发送 给服务器。 207、 将所述获取的地理位置信息与所述移动终端注册地的地理位置信息 进行比较; 若所述比较得到的地理位置差值在所述地理位置阔值范围内, 则 执行步骤 208 ; 若所述比较得到的地理位置差值不在所述地理位置阔值范围 内, 则执行步骤 209。 The obtaining of the geographic location information of the mobile terminal may be obtained by the server through the GPS. However, the embodiment of the present invention does not limit this, and may be acquired by the mobile terminal and sent to the server. 207. The obtained geographical location information is compared with the geographical location information of the mobile terminal to be registered. If the geographical difference value obtained by the comparison is within the geographic location wide value range, step 208 is performed; If the geographical difference value obtained by the comparison is not within the range of the geographic location, step 209 is performed.
208、 确定所述移动终端的身份验证通过, 允许所述移动终端登录网络服 务器, 并使用所述移动终端预定的网络服务; 结束本次移动终端的登录。  208. Determine that the identity verification of the mobile terminal passes, allow the mobile terminal to log in to the network server, and use the network service scheduled by the mobile terminal; and end the login of the current mobile terminal.
209、 向所述移动终端发送移动终端登录网络服务器失败的通知消息; 结 束本次移动终端的登录。  209. Send a notification message that the mobile terminal fails to log in to the network server to the mobile terminal; and end the login of the mobile terminal.
210、 向所述移动终端发送输入的用户名和密码错误, 请重新输入用户名 和密码的通知消息。  210. The user name and password input to the mobile terminal are incorrect. Please re-enter the notification message of the user name and password.
211、 接收所述移动终端再一次输入的密码, 并执行步骤 205。  211. Receive a password that is input by the mobile terminal again, and perform step 205.
本发明实施例中, 在对移动终端进行身份验证时, 是根据移动终端的用 户名、 密码以及所述移动终端注册地的地理位置信息, 对所述移动终端的身 份进行验证, 而该移动终端注册地的地理位置信息不容易被木马或黑客所窃 取, 与现有技术中仅通过容易被木马或黑客所窃取移动终端的用户名和密码 对移动终端进行身份验证相比, 提高了移动终端登录使用移动互联网服务时 的安全性。  In the embodiment of the present invention, when authenticating the mobile terminal, the identity of the mobile terminal is verified according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal registration, and the mobile terminal The geographical location information of the registered place is not easily stolen by the Trojan or the hacker. Compared with the prior art, the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. Security when using mobile internet services.
实施例 3  Example 3
本发明实施例提供一种移动终端的身份验证方法, 如图 3 所示, 该方法 包括:  The embodiment of the invention provides an identity verification method for a mobile terminal. As shown in FIG. 3, the method includes:
301、 在接收所述移动终端的网络服务注册请求后, 向所述移动终端发送 是否仅在注册地进行登录使用网络服务的提示信息。  301. After receiving the network service registration request of the mobile terminal, send, to the mobile terminal, prompt information for whether to log in to use the network service only at the registered location.
其中, 需要说明的是, 在移动终端首次进行注册网络服务时, 在接收到 移动终端发送的网络服务注册请求后, 向所述移动终端发送是否仅在注册地 进行登录使用网络服务的提示信息, 以便用户确定登录使用网络服务的模式。  It should be noted that, when the mobile terminal first performs the registration network service, after receiving the network service registration request sent by the mobile terminal, the mobile terminal sends a prompt message to the mobile terminal whether to log in to use the network service only at the registered location, So that the user can determine the mode of logging in to use the web service.
302、 当接收到用户确定仅在注册地进行登录使用网络服务的提示信息的 应答信息后, 获取所述移动终端注册地的地理位置信息; 并根据所述地理位 置信息和预定的规则设置所述移动终端的地理位置阔值范围。 302. After receiving, by the user, the response information of the prompt information for logging in to use the network service, the location information of the mobile terminal registration location is obtained; and according to the geographic location The set information and the predetermined rule set the range of the geographic location of the mobile terminal.
其中, 获取所述移动终端注册的地理位置信息可以由服务器通过 GPS 获 取, 但本发明实施例对此不进行限制, 也可以由该移动终端获取并将其发送 给服务器。  The obtaining the geographical location information registered by the mobile terminal may be obtained by the server through the GPS, but the embodiment of the present invention does not limit this, and may also be acquired by the mobile terminal and sent to the server.
其中, 该预定的规则为地理位置阔值范围的限定规则, 可以根据用户的 需求具体设置, 本发明实施例对此不进行限定, 例如移动终端注册地所在具 体地理位置的周围 50米以内或者周围 100米以内。  The predetermined rule is a defined rule of the range of the location value, and may be specifically set according to the requirements of the user, which is not limited by the embodiment of the present invention, for example, within 50 meters or around the specific geographical location where the mobile terminal is registered. Within 100 meters.
303、 接收所述移动终端发送的登录所述网络服务器的请求。  303. Receive a request sent by the mobile terminal to log in to the network server.
其中, 所述请求可以为终端任意形式的操作触发的请求, 例如, 在输入 网络服务登录用户名和密码后触发的请求; 本发明实施例并不局限于此, 还 可以为在打开网络登录界面时触发的请求。  The request may be a request triggered by an operation of the terminal in any form, for example, a request that is triggered after the login of the network service login user name and password. The embodiment of the present invention is not limited thereto, and may also be when the network login interface is opened. The request that was triggered.
304、 获取所述移动终端的地理位置信息。  304. Obtain geographic location information of the mobile terminal.
其中, 所述移动终端的地理位置信息的获取, 可以由服务器通过 GPS 获 取, 但本发明实施例对此不进行限制, 也可以由该移动终端获取并将其发送 给服务器。  The obtaining of the geographic location information of the mobile terminal may be obtained by the server through the GPS. However, the embodiment of the present invention does not limit the mobile terminal, and may be acquired by the mobile terminal and sent to the server.
305、 将所述获取的地理位置信息与所述移动终端注册地的地理位置信息 进行比较; 若所述比较得到的地理位置差值在所述地理位置阔值范围内, 则 执行步骤 306 ; 若所述比较得到的地理位置差值不在所述地理位置阔值范围 内, 则执行步骤 309。  305. The obtained geographical location information is compared with the geographical location information of the mobile terminal registration location; if the geographical difference value obtained by the comparison is within the geographic location wide value range, step 306 is performed; If the geographical difference value obtained by the comparison is not within the range of the geographic location, step 309 is performed.
306、 获取所述移动终端的用户名和密码。  306. Obtain a username and password of the mobile terminal.
其中, 获取所述移动终端的用户名和密码可以通过但不局限于以下的方 式实现, 包括接收所述移动终端发送的用户名和密码; 该移动终端在发送用 户名和密码时, 可以在用户输入用户名和密码后向网络服务器发送用户输入 的所述用户名和密码; 也可以在打开登录界面时, 将默认登录方式下默认的 用户名和密码直接发送给网络服务器; 具体的本发明实施例对此不进行限制。  The obtaining the user name and password of the mobile terminal may be implemented by, but not limited to, receiving the user name and password sent by the mobile terminal; when the mobile terminal sends the user name and password, the user may input the user name and the password. After the password is sent to the network server, the user name and password input by the user are sent to the network server. The default user name and password in the default login mode are directly sent to the network server when the login interface is opened. .
307、 根据所述用户名和密码对所述移动终端进行身份验证; 若所述用户 名和密码分别与所述移动终端预设值的对应的用户名和密码相匹配, 则执行 步骤 308;若所述用户名和密码分别与所述移动终端预设值的对应的用户名和 密码不相匹配, 则执行步骤 309。 307. Perform identity verification on the mobile terminal according to the username and password. If the username and password respectively match the corresponding username and password of the mobile terminal preset value, perform Step 308: If the user name and password respectively do not match the corresponding user name and password of the preset value of the mobile terminal, step 309 is performed.
308、 确定所述移动终端的身份验证通过, 允许所述移动终端登录网络服 务器, 并使用所述移动终端预定的网络服务; 结束本次移动终端的登录。  308. Determine that the identity verification of the mobile terminal passes, allow the mobile terminal to log in to the network server, and use the network service scheduled by the mobile terminal; and end the login of the current mobile terminal.
309、 向所述移动终端发送输入的用户名和密码错误, 请重新输入用户名 和密码的通知消息。  309. The user name and password input to the mobile terminal are incorrect. Please re-enter the notification message of the user name and password.
310、 接收所述移动终端再一次输入的密码, 并执行步骤 306。  310. Receive a password that is input by the mobile terminal again, and perform step 306.
311、 向所述移动终端发送移动终端登录网络服务器失败的通知消息; 结 束本次移动终端的登录。  311. Send a notification message that the mobile terminal fails to log in to the network server to the mobile terminal; and end the login of the mobile terminal.
本发明实施例中, 在对移动终端进行身份验证时, 是根据移动终端的用 户名、 密码以及所述移动终端注册地的地理位置信息, 对所述移动终端的身 份进行验证, 而该移动终端注册地的地理位置信息不容易被木马或黑客所窃 取, 与现有技术中仅通过容易被木马或黑客所窃取移动终端的用户名和密码 对移动终端进行身份验证相比, 提高了移动终端登录使用移动互联网服务时 的安全性。  In the embodiment of the present invention, when authenticating the mobile terminal, the identity of the mobile terminal is verified according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal registration, and the mobile terminal The geographical location information of the registered place is not easily stolen by the Trojan or the hacker. Compared with the prior art, the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. Security when using mobile internet services.
并且, 本发明实施例中, 在接收到移动终端发送的登录所述网络服务器 的请求后, 先获取所述移动终端的地理位置信息, 并将所述地理位置信息与 所述移动终端预设置的地理位置阔值范围进行比较, 在比较得到的地理位置 差值在所述地理位置阔值范围内时, 才根据所述用户名和密码对所述移动终 端进行身份验证, 在比较得到的地理位置差值不在所述地理位置阔值范围内 时, 不执行根据所述用户名和密码对所述移动终端进行身份验证, 避免了服 务器不必要的验证操作, 节省了服务器的操作资源。  And, in the embodiment of the present invention, after receiving the request for logging in to the network server sent by the mobile terminal, acquiring geographical location information of the mobile terminal, and pre-setting the geographic location information with the mobile terminal Comparing the geographical value range, when the compared geographical difference is within the range of the geographic value, the mobile terminal is authenticated according to the username and password, and the geographical difference is compared. When the value is not in the range of the location value, the mobile terminal is not authenticated according to the username and password, which avoids unnecessary verification operations of the server and saves operating resources of the server.
实施例 4  Example 4
本发明实施例提供一种服务器, 如图 4 所示, 该服务器包括: 身份验证 单元 41、 登录单元 42。  The embodiment of the invention provides a server. As shown in FIG. 4, the server includes: an identity verification unit 41 and a login unit 42.
身份验证单元 41 , 用于根据移动终端的用户名、 密码以及所述移动终端 注册地的地理位置信息, 对所述移动终端的身份进行验证。 登录单元 42 ,用于在所述身份验证单元 41确定所述移动终端的身份验证 通过时, 允许所述移动终端登录网络服务器, 并使用所述移动终端预定的网 络服务。 The identity verification unit 41 is configured to verify the identity of the mobile terminal according to the username, password, and geographic location information of the mobile terminal. The login unit 42 is configured to allow the mobile terminal to log in to the network server when the identity verification unit 41 determines that the identity verification of the mobile terminal passes, and use the network service scheduled by the mobile terminal.
进一步的, 如图 5所示, 所述身份验证单元 41包括: 第一接收模块 41 1、 第一获取模块 412、 第一身份验证模块 41 3、 第二获取模块 414、 第一比较模 块 415、 第一确定模块 416、 发送模块 417。  Further, as shown in FIG. 5, the identity verification unit 41 includes: a first receiving module 41 1 , a first obtaining module 412 , a first identity verifying module 41 3 , a second acquiring module 414 , and a first comparing module 415 . The first determining module 416 and the sending module 417.
第一接收模块 411 ,用于接收所述移动终端发送的登录所述网络服务器的 请求。  The first receiving module 411 is configured to receive a request sent by the mobile terminal to log in to the network server.
第一获取模块 412 , 用于获取所述移动终端的用户名和密码。  The first obtaining module 412 is configured to obtain a username and a password of the mobile terminal.
第一身份验证模块 41 3 ,用于根据所述第一获取模块 412获取的所述用户 名和密码对所述移动终端进行身份验证。  The first identity verification module 41 3 is configured to perform identity verification on the mobile terminal according to the username and password obtained by the first obtaining module 412.
第二获取模块 414 ,用于在所述第一身份验证模块 41 3确定所述第一获取 模块 412 获取的所述用户名和密码分别与所述移动终端预设值的对应的用户 名和密码相匹配时, 获取所述移动终端的地理位置信息。  The second obtaining module 414 is configured to determine, in the first identity verification module 41 3, that the user name and password acquired by the first obtaining module 412 are respectively matched with corresponding user names and passwords of the preset value of the mobile terminal. And acquiring geographic location information of the mobile terminal.
第一比较模块 415 ,用于将所述第二获取模块 414获取的所述地理位置信 息与所述移动终端注册地的地理位置信息范围进行比较。  The first comparison module 415 is configured to compare the geographical location information acquired by the second obtaining module 414 with a geographical location information range of the mobile terminal registration.
第一确定模块 416 ,用于在所述第一比较模块 415比较得到的地理位置差 值在所述地理位置阔值范围内时, 确定所述移动终端的身份验证通过。  The first determining module 416 is configured to determine, when the geographical difference value obtained by the first comparison module 415 is within the range of the geographic location, determine the identity verification of the mobile terminal.
发送模块 417 ,用于在所述第一比较模块 415比较得到的地理位置差值不 在所述地理位置阔值范围内时, 向所述移动终端发送移动终端登录网络服务 器失败的通知消息。  The sending module 417 is configured to send, to the mobile terminal, a notification message that the mobile terminal fails to log in to the network server when the geographical difference value obtained by the first comparison module 415 is not within the geographical range.
进一步可选的,如图 6所示,所述身份证单元 41包括:第二接收模块 418、 第三获取模块 419、 第二比较单元 41 10、 第四获取模块 411 1、 第二身份验证 模块 4112、 第二确定模块 411 3、 发送模块 4114。  Further, as shown in FIG. 6, the ID card unit 41 includes: a second receiving module 418, a third obtaining module 419, a second comparing unit 4110, a fourth obtaining module 4111, and a second identity verification module. 4112. The second determining module 411 3. The sending module 4114.
第二接收模块 418 ,用于接收所述移动终端发送的登录所述网络服务器的 请求。  The second receiving module 418 is configured to receive a request sent by the mobile terminal to log in to the network server.
第三获取模块 419 , 用于获取所述移动终端的地理位置信息。 第二比较单元 4110 , 用于将所述第三获取模块 419获取的所述地理位置 信息与所述移动终端注册地的地理位置信息进行比较。 The third obtaining module 419 is configured to obtain geographic location information of the mobile terminal. The second comparing unit 4110 is configured to compare the geographic location information acquired by the third acquiring module 419 with geographic location information of the mobile terminal registration location.
第四获取模块 4111 ,用于在所述第二比较单元 4110比较得到的地理位置 差值在所述地理位置阔值范围内时, 获取所述移动终端的用户名和密码。  The fourth obtaining module 4111 is configured to acquire the username and password of the mobile terminal when the geographically significant difference value obtained by the second comparing unit 4110 is within the range of the geographic location.
第二身份验证模块 412 , 用于根据所述第四获取模块 4111获取的所述用 户名和密码对所述移动终端进行身份验证。  The second identity verification module 412 is configured to perform identity verification on the mobile terminal according to the user name and password obtained by the fourth obtaining module 4111.
第二确定模块 411 3 ,用于在所述第二身份验证模块 4112确定所述用户名 和密码分别与所述移动终端预设值的对应的用户名和密码相匹配时, 确定所 述移动终端的身份验证通过。  The second determining module 4113 is configured to determine, when the second identity verification module 4112 determines that the username and password respectively match the corresponding username and password of the preset value of the mobile terminal, determine the identity of the mobile terminal. Verification passed.
发送模块 4114 ,用于在所述第二比较模块 4110比较得到的地理位置差值 不在所述地理位置阔值范围内时, 向所述移动终端发送移动终端登录网络服 务器失败的通知消息。  The sending module 4114 is configured to send, to the mobile terminal, a notification message that the mobile terminal fails to log in to the network server when the geographical difference value obtained by the second comparison module 4110 is not within the geographical range.
进一步可选的, 如图 7所示, 该服务器还包括: 发送单元 43、 获取单元 44、 设置单元 45。  Further, as shown in FIG. 7, the server further includes: a sending unit 43, an obtaining unit 44, and a setting unit 45.
发送单元 43 , 用于在所述身份验证单元根据移动终端的用户名、 密码以 及所述移动终端当前所在的地理位置信息, 对所述移动终端的身份进行验证 之前, 在接收所述移动终端的网络服务注册请求后, 向所述移动终端发送是 否仅在注册地进行登录使用网络服务的提示信息。  The sending unit 43 is configured to receive the mobile terminal before the identity verification unit authenticates the identity of the mobile terminal according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal. After the network service registration request, the mobile terminal is sent a prompt message indicating whether to log in to use the network service only at the registered place.
获取单元 44 , 用于当接收到用户确定仅在注册地进行登录使用网络服务 的提示信息的应答信息后, 获取所述移动终端注册地的地理位置信息。  The obtaining unit 44 is configured to: after receiving the response information that the user determines to log in to use the prompt information of the network service only, to obtain the geographical location information of the mobile terminal registration place.
设置单元 45 ,用于根据所述获取单元 44获取的所述地理位置信息和预定 的规则设置所述移动终端的地理位置阔值范围; 该预定的规则为地理位置阔 值范围的限定规则, 可以根据用户的需求具体设置, 本发明实施例对此不进 行限定,例如移动终端注册地所在具体地理位置的周围 50米以内或者周围 100 米以内。  a setting unit 45, configured to set a range of geographic location values of the mobile terminal according to the geographic location information acquired by the obtaining unit 44 and a predetermined rule; the predetermined rule is a defined rule of a geographic location wide value range, and According to the specific needs of the user, the embodiment of the present invention does not limit this, for example, within 50 meters or within 100 meters of the specific geographical location where the mobile terminal is registered.
需要说明的是, 本发明实施例中的服务器所包含的各功能模块的其他描 述, 可以参考实施例 1至实施例 3中的相关描述, 本发明实施例此处将不再 赘述。 It should be noted that, for other descriptions of the functional modules included in the server in the embodiment of the present invention, reference may be made to the related descriptions in the first embodiment to the third embodiment. Narration.
本发明实施例中, 在对移动终端进行身份验证时, 是根据移动终端的用 户名、 密码以及所述移动终端注册地的地理位置信息, 对所述移动终端的身 份进行验证, 而该移动终端注册地的地理位置信息不容易被木马或黑客所窃 取, 与现有技术中仅通过容易被木马或黑客所窃取移动终端的用户名和密码 对移动终端进行身份验证相比, 提高了移动终端登录使用移动互联网服务时 的安全性。  In the embodiment of the present invention, when authenticating the mobile terminal, the identity of the mobile terminal is verified according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal registration, and the mobile terminal The geographical location information of the registered place is not easily stolen by the Trojan or the hacker. Compared with the prior art, the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. Security when using mobile internet services.
并且, 本发明实施例中, 在接收到移动终端发送的登录所述网络服务器 的请求后, 先获取所述移动终端的地理位置信息, 并将所述地理位置信息与 所述移动终端预设置的地理位置阔值范围进行比较, 在比较得到的地理位置 差值在所述地理位置阔值范围内时, 才根据所述用户名和密码对所述移动终 端进行身份验证, 在比较得到的地理位置差值不在所述地理位置阔值范围内 时, 不执行根据所述用户名和密码对所述移动终端进行身份验证, 避免了服 务器不必要的验证操作, 节省了服务器的操作资源。  And, in the embodiment of the present invention, after receiving the request for logging in to the network server sent by the mobile terminal, acquiring geographical location information of the mobile terminal, and pre-setting the geographic location information with the mobile terminal Comparing the geographical value range, when the compared geographical difference is within the range of the geographic value, the mobile terminal is authenticated according to the username and password, and the geographical difference is compared. When the value is not in the range of the location value, the mobile terminal is not authenticated according to the username and password, which avoids unnecessary verification operations of the server and saves operating resources of the server.
本发明的实施例, 可以在任何需要保密的应用场景下应用, 例如, 用户 在手机等移动终端进行登录服务, 例如同步、 上传或传输用户很私密的数据 时, 这种要求安全性较高或者私密性很强的操作用户只希望在家中进行登录 和使用, 因此当用户设定只能在本地进行登录时, 外地的黑客盗取了用户的 用户名和密码也不能用, 黑客也无法知道用户注册时的地理位置信息, 极大 增加了安全性。  The embodiment of the present invention can be applied in any application scenario that needs to be kept secret. For example, when a user performs a login service on a mobile terminal such as a mobile phone, such as synchronizing, uploading, or transmitting data that is very private to the user, the security requirement is high or Users with strong privacy only want to log in and use at home. Therefore, when the user can only log in locally, the hacker in the field can steal the user's username and password, and the hacker cannot know the user registration. The geographical location information greatly increases security.
通过以上的实施方式的描述, 所属领域的技术人员可以清楚地了解到本 发明可借助软件加必需的通用硬件的方式来实现, 当然也可以通过硬件, 但 很多情况下前者是更佳的实施方式。 基于这样的理解, 本发明的技术方案本 质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来, 该 计算机软件产品存储在可读取的存储介质中, 如计算机的软盘, 硬盘或光盘 等, 包括若干指令用以使得一台计算机设备(可以是个人计算机, 服务器, 或者网络设备等)执行本发明各个实施例所述的方法。 以上所述, 仅为本发明的具体实施方式, 但本发明的保护范围并不局限 于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易 想到变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护 范围应以所述权利要求的保护范围为准。 Through the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented by means of software plus necessary general hardware, and of course, by hardware, but in many cases, the former is a better implementation. . Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a readable storage medium, such as a floppy disk of a computer. A hard disk or optical disk or the like includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention. The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the appended claims.

Claims

权 利 要求 书 Claim
1、 一种移动终端的身份验证方法, 其特征在于, 包括: A method for authenticating a mobile terminal, comprising:
根据移动终端的用户名、 密码以及所述移动终端注册地的地理位置信息, 对所述移动终端的身份进行验证;  Verifying the identity of the mobile terminal according to the username, password, and geographic location information of the mobile terminal;
若所述移动终端的身份验证通过, 则允许所述移动终端登录网络服务器, 并使用所述移动终端预定的网络服务。  If the identity verification of the mobile terminal passes, the mobile terminal is allowed to log in to the network server and use the network service scheduled by the mobile terminal.
2、 根据权利要求 1所述的移动终端的身份验证方法, 其特征在于, 所述根 据移动终端的用户名、 密码以及所述移动终端注册地的地理位置信息, 对所述 移动终端的身份进行验证, 包括:  The method for authenticating an identity of a mobile terminal according to claim 1, wherein the identity of the mobile terminal is performed according to a user name, a password of the mobile terminal, and geographical location information of the location where the mobile terminal is registered. Verification, including:
接收所述移动终端发送的登录所述网络服务器的请求;  Receiving a request sent by the mobile terminal to log in to the network server;
获取所述移动终端的用户名和密码;  Obtaining a username and password of the mobile terminal;
根据所述用户名和密码对所述移动终端进行身份验证;  Performing identity verification on the mobile terminal according to the username and password;
若所述用户名和密码分别与所述移动终端预设值的对应的用户名和密码相 匹配, 则获取所述移动终端的地理位置信息;  And acquiring the geographic location information of the mobile terminal, if the user name and password respectively match the corresponding user name and password of the preset value of the mobile terminal;
将所述获取的地理位置信息与所述移动终端注册地的地理位置信息进行比 较;  Comparing the obtained geographical location information with geographic location information of the mobile terminal registration place;
若比较得到的地理位置差值在所述地理位置阔值范围内, 则确定所述移动 终端的身份验证通过。  If the obtained geographical difference value is within the range of the geographical value, it is determined that the identity verification of the mobile terminal passes.
3、 根据权利要求 1所述的移动终端的身份验证方法, 其特征在于, 所述根 据移动终端的用户名、 密码以及所述移动终端注册地的地理位置信息, 对所述 移动终端的身份进行验证, 包括:  The method for verifying the identity of the mobile terminal according to claim 1, wherein the identity of the mobile terminal is performed according to the user name, the password of the mobile terminal, and the geographical location information of the location where the mobile terminal is registered. Verification, including:
接收所述移动终端发送的登录所述网络服务器的请求;  Receiving a request sent by the mobile terminal to log in to the network server;
获取所述移动终端的地理位置信息;  Obtaining geographic location information of the mobile terminal;
将所述获取的地理位置信息与所述移动终端注册地的地理位置信息进行比 较;  Comparing the obtained geographical location information with geographic location information of the mobile terminal registration place;
若比较得到的地理位置差值在所述地理位置阔值范围内, 则获取所述移动 终端的用户名和密码, 并根据所述用户名和密码对所述移动终端进行身份验证; 若所述用户名和密码分别与所述移动终端预设值的对应的用户名和密码相 匹配, 则确定所述移动终端的身份验证通过。 Obtaining a username and a password of the mobile terminal, and performing identity verification on the mobile terminal according to the username and password, if the obtained geographical difference value is within the range of the geographic location; If the username and password respectively match the corresponding username and password of the mobile terminal preset value, it is determined that the identity verification of the mobile terminal passes.
4、 根据权利要求 2或 3所述的移动终端的身份验证方法, 其特征在于, 该 方法还包括:  The method for authenticating the mobile terminal according to claim 2 or 3, wherein the method further comprises:
若比较得到的地理位置差值不在所述地理位置阔值范围内, 则向所述移动 终端发送移动终端登录网络服务器失败的通知消息。  And if the obtained geographical difference value is not within the geographical value range, sending a notification message that the mobile terminal fails to log in to the network server to the mobile terminal.
5、根据权利要求 1-3任一项所述的移动终端的身份验证方法,其特征在于, 在根据移动终端的用户名、 密码以及所述移动终端注册地的地理位置信息, 对 所述移动终端的身份进行验证之前, 该方法还包括:  The method for authenticating an identity of a mobile terminal according to any one of claims 1 to 3, wherein the mobile terminal is based on a user name, a password of the mobile terminal, and geographical location information of the mobile terminal registration location. Before the identity of the terminal is verified, the method further includes:
在接收到所述移动终端发送的网络服务注册请求后, 向所述移动终端发送 是否仅在注册地进行登录使用网络服务的提示信息;  After receiving the network service registration request sent by the mobile terminal, sending, to the mobile terminal, prompt information for whether to log in to use the network service only in registration;
当接收到用户确定仅在注册地进行登录使用网络服务的提示信息的应答信 息后, 获取所述移动终端注册地的地理位置信息, 并根据所述地理位置信息和 预定的规则设置所述移动终端的地理位置阔值范围。  After receiving the response information that the user determines to log in to use the prompt information of the network service only, the location information of the mobile terminal registration location is obtained, and the mobile terminal is set according to the geographic location information and a predetermined rule. The geographical range of the location.
6、 一种服务器, 其特征在于, 包括:  6. A server, comprising:
身份验证单元, 用于根据移动终端的用户名、 密码以及所述移动终端注册 地的地理位置信息, 对所述移动终端的身份进行验证;  An identity verification unit, configured to verify, according to a username, a password, and a geographical location information of the mobile terminal, the identity of the mobile terminal;
登录单元, 用于在所述身份验证单元确定所述移动终端的身份验证通过时, 允许所述移动终端登录网络服务器, 并使用所述移动终端预定的网络服务。  And a login unit, configured to allow the mobile terminal to log in to the network server when the identity verification unit determines that the identity verification of the mobile terminal passes, and use the network service scheduled by the mobile terminal.
7、 根据权利要求 6所述的服务器, 其特征在于, 所述身份验证单元包括: 第一接收模块, 用于接收所述移动终端发送的登录所述网络服务器的请求; 第一获取模块, 用于获取所述移动终端的用户名和密码;  The server according to claim 6, wherein the identity verification unit comprises: a first receiving module, configured to receive a request sent by the mobile terminal to log in to the network server; Obtaining a username and password of the mobile terminal;
第一身份验证模块, 用于根据所述第一接收模块接收的所述第一获取模块 获取的所述用户名和密码对所述移动终端进行身份验证;  a first identity verification module, configured to perform identity verification on the mobile terminal according to the username and password obtained by the first acquiring module received by the first receiving module;
第二获取模块, 用于在所述第一身份验证模块确定所述第一获取模块获取 的所述用户名和密码分别与所述移动终端预设值的对应的用户名和密码相匹配 时, 获取所述移动终端的地理位置信息; 第一比较模块, 用于将所述第二获取模块获取的所述地理位置信息与所述 移动终端注册地的地理位置信息进行比较; a second acquiring module, configured to: when the first identity verification module determines that the user name and password acquired by the first acquiring module respectively match a corresponding user name and password of the mobile terminal preset value, The geographical location information of the mobile terminal; a first comparison module, configured to compare the geographical location information acquired by the second acquiring module with geographic location information of a location where the mobile terminal is registered;
第一确定模块, 用于在所述比较模块比较得到的地理位置差值在所述地理 位置阔值范围内时, 确定所述移动终端的身份验证通过。  And a first determining module, configured to determine, when the geographical location difference obtained by the comparing module is within the geographic location threshold, determine identity verification of the mobile terminal.
8、 根据权利要求 6所述的服务器, 其特征在于, 所述身份证单元包括: 第二接收模块, 用于接收所述移动终端发送的登录所述网络服务器的请求; 第三获取模块, 用于获取所述移动终端的地理位置信息;  The server according to claim 6, wherein the identity card unit comprises: a second receiving module, configured to receive a request sent by the mobile terminal to log in to the network server; and a third acquiring module, Obtaining geographic location information of the mobile terminal;
第二比较单元, 用于将所述第三获取模块获取的所述地理位置信息与所述 移动终端注册地的地理位置信息进行比较;  a second comparing unit, configured to compare the geographical location information acquired by the third acquiring module with geographic location information of a location where the mobile terminal is registered;
第四获取模块, 用于在所述第二比较单元比较得到的地理位置差值在所述 地理位置阔值范围内时, 获取所述移动终端的用户名和密码;  a fourth obtaining module, configured to acquire a username and a password of the mobile terminal when the geographical difference value obtained by comparing the second comparison unit is within the range of the geographic location;
第二身份验证模块, 用于根据所述第四获取模块获取的所述用户名和密码 对所述移动终端进行身份验证;  a second identity verification module, configured to perform identity verification on the mobile terminal according to the username and password obtained by the fourth obtaining module;
第二确定模块, 用于在所述第二身份验证模块确定, 所述用户名和密码分 别与所述移动终端预设值的对应的用户名和密码相匹配时, 确定所述移动终端 的身份验证通过。  a second determining module, configured to: when the second identity verification module determines that the user name and password respectively match the corresponding user name and password of the preset value of the mobile terminal, determine that the identity verification of the mobile terminal passes .
9、 根据权利要求 7或 8所述的服务器, 其特征在于, 所述身份验证单元还 包括:  The server according to claim 7 or 8, wherein the identity verification unit further comprises:
发送模块, 用于在所述第一比较模块或所述第二比较模块比较得到的地理 位置差值不在所述地理位置阔值范围内时, 向所述移动终端发送移动终端登录 网络 Λ良务器失败的通知消息。  a sending module, configured to send a mobile terminal login network to the mobile terminal when the geographical difference value obtained by comparing the first comparison module or the second comparison module is not within the geographical range Notification message that failed.
10、 根据权利要求 6-8任一项所述的服务器, 其特征在于, 该服务器还包 括:  The server according to any one of claims 6-8, wherein the server further comprises:
发送单元, 用于在所述身份验证单元根据移动终端的用户名、 密码以及所 述移动终端当前所在的地理位置信息, 对所述移动终端的身份进行验证之前, 在接收到所述移动终端发送的网络服务注册请求后, 向所述移动终端发送是否 仅在注册地进行登录使用网络服务的提示信息; 获取单元, 用于当接收到用户确定仅在注册地进行登录使用网络服务的提 示信息的应答信息后, 获取所述移动终端注册地的地理位置信息; a sending unit, configured to send, before the identity verification unit, the identity of the mobile terminal according to a user name, a password, and a geographical location information of the mobile terminal currently located by the mobile terminal, After the network service registration request, send, to the mobile terminal, prompt information for whether to log in to use the network service only at the registered place; An obtaining unit, configured to: after receiving the response information that the user determines to log in to use the prompt information of the network service only, to obtain the geographical location information of the mobile terminal registration location;
设置单元, 用于根据所述获取单元获取的所述地理位置信息和预定的规则 设置所述移动终端的地理位置阔值范围。  And a setting unit, configured to set a geographic value threshold range of the mobile terminal according to the geographical location information acquired by the acquiring unit and a predetermined rule.
PCT/CN2011/077492 2011-07-22 2011-07-22 Method and device for authenticating identity of mobile terminal WO2013013367A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/077492 WO2013013367A1 (en) 2011-07-22 2011-07-22 Method and device for authenticating identity of mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/077492 WO2013013367A1 (en) 2011-07-22 2011-07-22 Method and device for authenticating identity of mobile terminal

Publications (1)

Publication Number Publication Date
WO2013013367A1 true WO2013013367A1 (en) 2013-01-31

Family

ID=47600444

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/077492 WO2013013367A1 (en) 2011-07-22 2011-07-22 Method and device for authenticating identity of mobile terminal

Country Status (1)

Country Link
WO (1) WO2013013367A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020137524A1 (en) * 2001-03-22 2002-09-26 International Business Machines Corporation System and method for providing access to mobile devices based on positional data
CN1464682A (en) * 2002-06-24 2003-12-31 华为技术有限公司 Method for implementing broad band pre-payment based on authentication, authorization and charging protocol
CN101197874A (en) * 2008-01-02 2008-06-11 中兴通讯股份有限公司 Mobile terminal equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020137524A1 (en) * 2001-03-22 2002-09-26 International Business Machines Corporation System and method for providing access to mobile devices based on positional data
CN1464682A (en) * 2002-06-24 2003-12-31 华为技术有限公司 Method for implementing broad band pre-payment based on authentication, authorization and charging protocol
CN101197874A (en) * 2008-01-02 2008-06-11 中兴通讯股份有限公司 Mobile terminal equipment

Similar Documents

Publication Publication Date Title
JP6992105B2 (en) Query system and method for determining authentication capability
US9866544B2 (en) Systems and methods for location-based authentication
US9722984B2 (en) Proximity-based authentication
JP5784827B2 (en) Authentication system via two communication devices
WO2017028593A1 (en) Method for making a network access device access a wireless network access point, network access device, application server, and non-volatile computer readable storage medium
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
WO2015062398A1 (en) Access authentication method and device for information system
WO2016177052A1 (en) User authentication method and apparatus
JP2019508972A (en) System and method for password assisted computer login service assisted mobile pairing
US20120254960A1 (en) Connecting mobile devices, internet-connected vehicles, and cloud services
US9730001B2 (en) Proximity based authentication using bluetooth
US11765164B2 (en) Server-based setup for connecting a device to a local area network
US20130305325A1 (en) Methods for Thwarting Man-In-The-Middle Authentication Hacking
CN106161348B (en) Single sign-on method, system and terminal
WO2016078419A1 (en) Open authorization method, device and open platform
WO2017076216A1 (en) Server, mobile terminal, and internet real name authentication system and method
US9853971B2 (en) Proximity based authentication using bluetooth
US20180343118A1 (en) Method employed in user authentication system and information processing apparatus included in user authentication system
US11777942B2 (en) Transfer of trust between authentication devices
WO2015176500A1 (en) Single sign-on authentication method, device and system, and computer storage medium
JP2020078067A5 (en)
US20230284015A1 (en) Method and system for generating a secure one-time passcode using strong authentication
CN109460647B (en) Multi-device secure login method
WO2018099407A1 (en) Account authentication login method and device
US20220116390A1 (en) Secure two-way authentication using encoded mobile image

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11870045

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11870045

Country of ref document: EP

Kind code of ref document: A1