WO2023029250A1 - Procédé et système de connexion sécurisée en un clic et plateforme tierce - Google Patents

Procédé et système de connexion sécurisée en un clic et plateforme tierce Download PDF

Info

Publication number
WO2023029250A1
WO2023029250A1 PCT/CN2021/134184 CN2021134184W WO2023029250A1 WO 2023029250 A1 WO2023029250 A1 WO 2023029250A1 CN 2021134184 W CN2021134184 W CN 2021134184W WO 2023029250 A1 WO2023029250 A1 WO 2023029250A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
unique identifier
mobile phone
phone number
sim card
Prior art date
Application number
PCT/CN2021/134184
Other languages
English (en)
Chinese (zh)
Inventor
王恩惠
Original Assignee
王恩惠
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 王恩惠 filed Critical 王恩惠
Publication of WO2023029250A1 publication Critical patent/WO2023029250A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Definitions

  • the invention relates to the field of communication technology, in particular to a method, system and third-party platform for one-key secure login.
  • One-click login is currently one of the mainstream ways for users to log in to applications.
  • users had to enter their mobile phone number and password, or enter their mobile phone number and SMS verification code to register and log in.
  • With the one-click login method operators can directly identify users. Users only need to click the login button, and the operator will send the mobile phone number to Application service providers can achieve password-free and inspection-free registration and login.
  • the new account owner receives calls or text messages sent to the original account owner from time to time, causing unnecessary troubles.
  • the original account owner does not log out the app account
  • the new account owner uses the one-click login method, he will directly log in to the original account owner's account, resulting in the privacy of the original account owner being leaked, and the new user will not be able to enjoy Sign up for benefits.
  • the present invention is implemented in the following way:
  • the present invention provides a method for one-key secure login, the method comprising:
  • the user performs one-click login on the client side of the third-party platform
  • the client obtains the SIM card information of the user, and sends the SIM card information to the operator platform;
  • the third-party platform receives the unique identifier corresponding to the SIM card information, and realizes the user's one-key secure login according to the unique identifier;
  • the unique identifier is stored in correspondence with the mobile phone number and the SIM card information on the operator platform.
  • the realization of the one-key secure login of the user according to the unique identifier is specifically:
  • the third-party platform uses the unique identifier as an account to realize the one-key secure login of the user.
  • the third-party platform when the third-party platform receives the unique identifier corresponding to the SIM card information, it also receives the mobile phone number.
  • the realization of the one-key secure login of the user according to the unique identifier is specifically:
  • the third-party platform compares the unique identifier with the unique identifier corresponding to the mobile phone number it saves, and if the comparison is consistent, the user's one-key secure login will be implemented as an old user; if the comparison is inconsistent, then Implement one-key secure login of the user as a new user or login failure.
  • the client cannot obtain the SIM card information of the user, the user is asked to input the mobile phone number and SMS verification code, and send the mobile phone number and the SMS verification code to the operator
  • the third-party platform receives the unique identifier corresponding to the mobile phone number, and implements one-key secure login of the user according to the unique identifier.
  • the client obtains the SIM card information of the user, and the registration and login SDK integrated by the client obtains the SIM card information;
  • the registration and login SDK cannot obtain the SIM card information of the user, the user is asked to input the mobile phone number and the SMS verification code, and send the mobile phone number and the SMS verification code to the operator platform.
  • the third-party platform if it has a communication requirement, it sends a communication request to the operator platform, wherein the communication request includes at least the unique identifier, and the operator platform The unique identification means that the corresponding mobile phone number communicates with the third-party platform.
  • the present invention provides a one-key secure login system, the system comprising:
  • One-click login module which is used for users to perform one-click login on the client side of the third-party platform
  • An acquisition module used for the client to acquire the SIM card information of the user, and send the SIM card information to the operator platform;
  • the result module is used for the third-party platform to receive the unique identification corresponding to the SIM card information, and realize the one-key security login of the user according to the unique identification;
  • the unique identifier is stored in correspondence with the mobile phone number and the SIM card information on the operator platform.
  • the realization of the one-key secure login of the user according to the unique identifier is specifically:
  • the third-party platform uses the unique identifier as an account to realize the one-key secure login of the user.
  • the result module is also used for receiving the mobile phone number when the third-party platform receives the unique identifier corresponding to the SIM card information.
  • the realization of the one-key secure login of the user according to the unique identifier is specifically:
  • the third-party platform compares the unique identifier with the unique identifier corresponding to the mobile phone number it saves, and if the comparison is consistent, the user's one-key secure login will be implemented as an old user; if the comparison is inconsistent, then Implement one-key secure login of the user as a new user or login failure.
  • a verification module is also included, for if the client cannot obtain the SIM card information of the user, the user is allowed to input the mobile phone number and SMS verification code, and the mobile phone number and the SMS verification code are combined.
  • the verification code is sent to the operator platform and successfully verified by the operator platform;
  • the result module is also used for the third-party platform to receive the unique identifier corresponding to the mobile phone number, and realize the one-key secure login of the user according to the unique identifier.
  • the client obtains the SIM card information of the user, and the registration and login SDK integrated by the client obtains the SIM card information;
  • the registration and login SDK cannot obtain the SIM card information of the user, the user is asked to input the mobile phone number and the SMS verification code, and send the mobile phone number and the SMS verification code to the operator platform.
  • a communication module which is used for the third-party platform to send a communication request to the operator platform if there is a communication requirement, wherein the communication request includes at least the unique identifier, and the operator platform Communicate with the third-party platform for the corresponding mobile phone number according to the unique identifier included in the communication request.
  • the present invention provides a third-party platform, including the system described in any one of the second aspect.
  • the mobile phone number is no longer used for registration or login, which effectively prevents the leakage of the mobile phone number and effectively avoids unnecessary leakage of the mobile phone number.
  • Fig. 1 is a schematic diagram of the method provided by the present invention.
  • Fig. 2 is a schematic diagram of the system provided by the present invention.
  • this method comprises:
  • Step S1 the user performs one-click login on the client side of the third-party platform
  • Step S2 the client obtains the SIM card information of the user, and sends the SIM card information to the operator platform;
  • Step S3 the third-party platform receives the unique identifier corresponding to the SIM card information, and realizes the one-key secure login of the user according to the unique identifier.
  • the SIM card information is an IMSI code.
  • IMSI International Mobile Subscriber Identification Number is the identification code of each SIM card, which is used to distinguish the user's identity and is unique. Obtaining the IMSI code corresponding to the SIM card of the user in the mobile terminal already belongs to the prior art in this field, and will not be repeated here.
  • the unique identifier is generated when the user handles the mobile phone number for network access, and is stored in correspondence with the mobile phone number and SIM card information on the operator platform.
  • the unique identifier can be a group of numbers or character strings, which are used to identify the uniqueness of different mobile phone numbers, mobile phone numbers assigned twice or multiple times.
  • the one-key secure login of the user is realized according to the unique identifier, specifically: the third-party platform uses the unique identifier as an account to realize the one-key secure login of the user.
  • the third-party platform when the third-party platform receives the unique identifier corresponding to the SIM card information, it also receives the mobile phone number.
  • the user's one-key secure login is realized according to the unique identification, specifically:
  • the third-party platform compares the unique identifier with the unique identifier corresponding to the saved mobile phone number. If the comparison is consistent, the user's one-click secure login will be implemented as an old user. If the comparison is inconsistent, the user's one-click login will be implemented as a new user. Secure login or login failure (the user is not allowed to log in to the original user's account).
  • the client if the client cannot obtain the user's SIM card information (for example, the mobile terminal has turned off the cellular mobile network), the user is asked to enter the mobile phone number and SMS verification code (the third-party platform will not obtain the mobile phone number at this time). number), and send the mobile phone number and SMS verification code to the operator platform.
  • the third-party platform After successful verification by the operator platform, the third-party platform receives the unique identification corresponding to the mobile phone number, and realizes the user's one-click secure login based on the unique identification.
  • the client obtains the user's SIM card information
  • the registration and login SDK integrated with the client obtains the SIM card information
  • SDK is the abbreviation of Software Development Kit, called software development kit, which is a collection of development tools for developers to create application software for specific software packages, software frameworks, hardware platforms, operating systems, etc., and can be applied to various applications Among them, it generally includes relevant documents, examples and tools to assist in the development of a certain type of software, as well as sample codes, supporting technical notes or other supporting documents that clarify doubts for basic reference materials.
  • SDK can provide users with some specific interface, so that users can directly call the interface to realize certain functions.
  • the registration and login SDK is a software development kit issued by the operator platform, which is integrated in the application program and can obtain the SIM card information of the user's mobile terminal.
  • the registration and login SDK fails to obtain the user's SIM card information, the user is asked to enter the mobile phone number and SMS verification code, and the mobile phone number and SMS verification code are sent to the operator platform.
  • the user is asked to enter the mobile phone number and SMS verification code, and the mobile phone number and SMS verification code are sent to the operator platform.
  • the third-party platform when the third-party platform receives the unique identifier corresponding to the SIM card information, it also receives the masked mobile phone number.
  • the third-party platform can store the masked mobile phone number corresponding to the unique identifier, and the masked mobile phone number is used for display in a specific location of the client (such as a personal center, etc.), so that The user knows which mobile phone number is being used.
  • the masked mobile phone number or the complete mobile phone number can also be provided to the third-party platform according to its qualifications.
  • third-party platforms are financial, banking and other platforms that strictly keep user information confidential. These platforms themselves have the responsibility and obligation to protect user information from being leaked, and they also have very high anti-hacking technical capabilities. Therefore, using a Provide the complete mobile phone number to it when logging in with the key, and there is no need to worry about the leakage of the mobile phone number.
  • the third-party platform if it has a communication requirement, it sends a communication request to the operator platform, wherein the communication request includes at least a unique identifier, and the operator platform is based on the unique identifier included in the communication request.
  • the mobile number communicates with the third-party platform.
  • the communication is a text message or a phone call (for example, a text message with a verification code, a voice call with a verification code, etc.).
  • the user when the unique identifier is used as an account and the user needs to bind the mobile phone number to the account, the user enters the mobile phone number on the client terminal, and the third-party platform sends the mobile phone number to the operator platform, and the third party The platform receives the unique identifier corresponding to the mobile phone number, compares the unique identifier with the unique identifier corresponding to the account, and completes the mobile phone number binding if the comparison is consistent.
  • the mobile phone number bound to the user and the unique identifier corresponding to the account are the same mobile phone number, thereby ensuring the security of the account.
  • the user is bound with a real mobile phone number, and the third-party platform can provide users with more or better services.
  • the mobile phone number is no longer used for registration or login, which effectively prevents the leakage of the mobile phone number and effectively avoids unnecessary leakage of the mobile phone number.
  • the present invention provides a one-key secure login system, which includes:
  • One-key login module 101 used for the user to perform one-key login on the client side of the third-party platform
  • Obtaining module 102 used for the client to obtain the SIM card information of the user, and send the SIM card information to the operator platform;
  • the result module 103 is used for the third-party platform to receive the unique identification corresponding to the SIM card information, and realize the one-key secure login of the user according to the unique identification.
  • the result module 103 is also used for receiving the mobile phone number when the third-party platform receives the unique identifier corresponding to the SIM card information.
  • it also includes a verification module, which is used to allow the user to input the mobile phone number and SMS verification code if the client cannot obtain the user's SIM card information, and send the mobile phone number and SMS verification code to the operator The platform is successfully verified by the operator platform.
  • a verification module which is used to allow the user to input the mobile phone number and SMS verification code if the client cannot obtain the user's SIM card information, and send the mobile phone number and SMS verification code to the operator The platform is successfully verified by the operator platform.
  • the result module 103 is also used for the third-party platform to receive the unique identification corresponding to the mobile phone number, and realize the one-key secure login of the user according to the unique identification.
  • it also includes a communication module, which is used for the third-party platform to send a communication request to the operator platform if there is a communication demand, wherein the communication request includes at least a unique identifier, and the operator platform includes according to the communication request.
  • the unique identification of the corresponding mobile phone number communicates with the third-party platform.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Sont divulgués ici un procédé et un système de connexion sécurisée en un clic, et une plateforme tierce. Le procédé comprend les étapes suivantes dans lesquelles : un utilisateur effectue une connexion en un clic sur un client d'une plateforme tierce ; le client acquiert des informations de carte SIM de l'utilisateur et envoie les informations de carte SIM à une plateforme d'opérateur ; et la plateforme tierce reçoit un identifiant unique correspondant aux informations de carte SIM, et implémente une connexion sécurisée en un clic de l'utilisateur en fonction de l'identifiant unique. Au moyen du procédé selon les modes de réalisation de la présente invention, un utilisateur n'utilise pas de numéro de téléphone mobile pour l'enregistrement ou la connexion dans un programme d'application pendant son enregistrement ou sa connexion, ce qui empêche efficacement toute fuite de numéro de téléphone mobile en permettant d'éviter efficacement une fuite inutile d'un numéro de téléphone mobile.
PCT/CN2021/134184 2021-09-03 2021-11-29 Procédé et système de connexion sécurisée en un clic et plateforme tierce WO2023029250A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111033936.0 2021-09-03
CN202111033936 2021-09-03

Publications (1)

Publication Number Publication Date
WO2023029250A1 true WO2023029250A1 (fr) 2023-03-09

Family

ID=80481545

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/134184 WO2023029250A1 (fr) 2021-09-03 2021-11-29 Procédé et système de connexion sécurisée en un clic et plateforme tierce

Country Status (2)

Country Link
CN (1) CN114173341A (fr)
WO (1) WO2023029250A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117098134A (zh) * 2023-10-17 2023-11-21 湖北星纪魅族集团有限公司 安全控制方法、终端及非暂时性计算机可读存储介质

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114727276A (zh) * 2021-09-03 2022-07-08 王恩惠 一种在用户未登录状态下确定账号信息的方法及系统
CN116156497A (zh) * 2022-12-13 2023-05-23 中国联合网络通信集团有限公司 一种网关认证方法、装置及存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160112419A1 (en) * 2013-06-25 2016-04-21 Huawei Technologies Co., Ltd. Account Login Method, Device, and System
CN106936802A (zh) * 2015-12-31 2017-07-07 上海粱江通信系统股份有限公司 手机app信息保护方法及手机app客户端、系统
CN107948204A (zh) * 2017-12-29 2018-04-20 咪咕文化科技有限公司 一键登录方法及系统、相关设备以及计算机可读存储介质
CN110149629A (zh) * 2019-05-22 2019-08-20 中国联合网络通信集团有限公司 一种基于手机的快速注册及登录应用程序的方法和系统
CN110636505A (zh) * 2019-10-24 2019-12-31 王恩惠 一种保护账号安全的方法及系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160112419A1 (en) * 2013-06-25 2016-04-21 Huawei Technologies Co., Ltd. Account Login Method, Device, and System
CN106936802A (zh) * 2015-12-31 2017-07-07 上海粱江通信系统股份有限公司 手机app信息保护方法及手机app客户端、系统
CN107948204A (zh) * 2017-12-29 2018-04-20 咪咕文化科技有限公司 一键登录方法及系统、相关设备以及计算机可读存储介质
CN110149629A (zh) * 2019-05-22 2019-08-20 中国联合网络通信集团有限公司 一种基于手机的快速注册及登录应用程序的方法和系统
CN110636505A (zh) * 2019-10-24 2019-12-31 王恩惠 一种保护账号安全的方法及系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117098134A (zh) * 2023-10-17 2023-11-21 湖北星纪魅族集团有限公司 安全控制方法、终端及非暂时性计算机可读存储介质
CN117098134B (zh) * 2023-10-17 2024-01-26 湖北星纪魅族集团有限公司 安全控制方法、终端及非暂时性计算机可读存储介质

Also Published As

Publication number Publication date
CN114173341A (zh) 2022-03-11

Similar Documents

Publication Publication Date Title
WO2023029250A1 (fr) Procédé et système de connexion sécurisée en un clic et plateforme tierce
CN101447872B (zh) 一种用户身份验证方法、系统及验证码生成维护子系统
US7784089B2 (en) System and method for providing a multi-credential authentication protocol
US20060141987A1 (en) Identification of a terminal with a server
CN101795454B (zh) 基于移动通信独立通道的双身份认证方法及系统
KR20080066956A (ko) 통신망에 있어서의 사용자 계좌의 원격 활성화
CN103269270A (zh) 一种基于手机号码的实名认证安全登录的方法及系统
WO2003007121B1 (fr) Procede et systeme permettant de determiner la confidence dans une transaction numerique
US6993666B1 (en) Method and apparatus for remotely accessing a password-protected service in a data communication system
CN105357186A (zh) 一种基于带外验证和增强otp机制的二次认证方法
TW201729562A (zh) 伺服器、行動終端機、網路實名認證系統及方法
CN109769003A (zh) 防止手机号码泄露的手机注册方法、系统及服务器
EP1680940B1 (fr) Procede permettant d'authentifier un utilisateur
CN106921633A (zh) 主叫号码认证系统及方法
CN110278084A (zh) eID建立方法、相关设备及系统
CN110149629A (zh) 一种基于手机的快速注册及登录应用程序的方法和系统
JP2004530321A (ja) 匿名呼セットアップのための方法および装置
CN112165458B (zh) 一种实名认证方法、装置及终端
Mueller et al. Security and privacy of smartphone messaging applications
CN113709740A (zh) 一种在授权登录页面显示账号信息的方法及系统
CN110324824A (zh) 副卡添加方法、用户终端和区块链网络系统
WO2023029476A1 (fr) Procédé de détermination d'informations de compte hors connexion d'utilisateur, et système
TW444476B (en) Effective use of dialed digits in call origination
CN115118454A (zh) 一种基于移动应用的级联认证系统及认证方法
WO2023108959A1 (fr) Procédé et système pour trouver si un contact dans un carnet d'adresses est un ami d'un carnet d'adresses

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21955778

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE