WO2023050524A1 - Im-based user identity authentication method and apparatus, and server and storage medium - Google Patents

Im-based user identity authentication method and apparatus, and server and storage medium Download PDF

Info

Publication number
WO2023050524A1
WO2023050524A1 PCT/CN2021/128188 CN2021128188W WO2023050524A1 WO 2023050524 A1 WO2023050524 A1 WO 2023050524A1 CN 2021128188 W CN2021128188 W CN 2021128188W WO 2023050524 A1 WO2023050524 A1 WO 2023050524A1
Authority
WO
WIPO (PCT)
Prior art keywords
verification
code
user
application
link
Prior art date
Application number
PCT/CN2021/128188
Other languages
French (fr)
Chinese (zh)
Inventor
袁欣
沈坚
张子鹏
Original Assignee
传仲智能数字科技(上海)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 传仲智能数字科技(上海)有限公司 filed Critical 传仲智能数字科技(上海)有限公司
Publication of WO2023050524A1 publication Critical patent/WO2023050524A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/23Reliability checks, e.g. acknowledgments or fault reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Definitions

  • the invention relates to the communication field, in particular to an IM-based user identity verification method, device, server and storage medium thereof.
  • authentication is the most basic and important link.
  • identity verification is to ensure that the real wishes of users are reflected in specific decision-making links.
  • the first technical solution is a solution using a downlink SMS verification code, which specifically includes: a.
  • the user enters a mobile phone number when registering/logging in; b. After the server gets the number, it sends a random number verification code through the SMS gateway; c. After receiving the text message, the user enters the verification code; d.
  • the server compares the verification code entered by the user, and the registration/login function is completed after the verification code is successful.
  • This kind of solution is widely used in the registration/login process of most third-party servers at present, but this kind of solution requires the user to manually enter the mobile phone number, which is inconvenient to operate; on the other hand, this kind of solution needs to cooperate with the operator to complete the SMS
  • the verification code is sent, and the access cost of the SMS gateway is high, so the cost is high, and the implementation cost will be higher in countries and regions with a large number of operators.
  • the second technical solution is the one-key login solution of the operator, which specifically includes: a.
  • the authentication software development kit Software Development Kit, SDK
  • the SDK communicates with the operator's network to collect the user's mobile phone number and display it; c. After obtaining the user's consent and authorization, the application client obtains the interface calling Token and passes it to the application server; d.
  • the authentication server uses the Token to obtain the mobile phone number interface , and finally obtain the mobile phone number of the current authorized user, and complete the registration/login.
  • this technical solution has a high threshold, requires the operator to directly provide technical support, needs to embed the SDK, can only be used on the application client, and will cause users to worry about privacy and other issues.
  • the present invention provides an IM-based user identity verification method, device, server and its storage medium, which simplifies user operations the most and takes cost and Under the premise of user convenience, user authentication is realized.
  • the present invention provides a kind of user identity authentication method based on IM, it is characterized in that, described authentication method comprises:
  • the verification link includes a first verification code and an IM application terminal identification code
  • the verification link is configured to automatically open the IM application end when the user clicks the verification link, and the first verification code is automatically filled in the field corresponding to the identification code of the IM application end.
  • the verification method also includes:
  • the verification method also includes:
  • the IM account information corresponding to the IM application terminal identification code is pre-configured.
  • the first verification code is composed of at least 4 random characters.
  • the verification link becomes invalid.
  • the predetermined time can be customized according to usage scenarios.
  • the present invention provides a kind of IM-based user identity verification device, it is characterized in that, described verification device comprises:
  • the first receiving module is configured to receive a verification request sent by an application program of the terminal;
  • a generating module configured to generate a verification link according to the verification request, and send the verification link to the application program of the terminal, wherein the verification link includes a first verification code and an IM application terminal identification code;
  • the second receiving module is configured to receive the second verification code and the user identification code sent by the IM application end, wherein the IM application end is an IM application program corresponding to the IM application end identification code;
  • a verification module configured to pass the verification when the first verification code matches the second verification code.
  • the verification link is configured to automatically open the IM application end when the user clicks the verification link, and the first verification code is automatically filled in the field corresponding to the identification code of the IM application end.
  • the verification module is also used to,
  • the verification device also includes:
  • the configuration module is configured to pre-configure the IM to receive the user's account information before receiving the user identity verification request.
  • the present invention provides a server, the server includes a processor and a memory, at least one instruction is stored in the memory, and the instruction is loaded and executed by the processor to implement the above-mentioned IM-based user The action performed by the authentication method.
  • the present invention provides a computer-readable storage medium, at least one instruction is stored in the storage medium, and the instruction is loaded and executed by a processor to implement the above-mentioned IM-based user authentication method. operate.
  • the IM application terminal is combined with the third-party application program server by utilizing the communication characteristics of the IM application terminal itself binding personal mobile phone numbers and information
  • the third-party server generates the user's identity verification ID, and then sends a real-time verification code through the IM application bound to the personal identity, and finally the third-party server makes a matching judgment on the identity verification ID, thereby completing the verification of the user's identity information.
  • the user identity verification method of the present invention does not require the cooperation of short messages or operators, thereby saving the cost of sending short messages by operators.
  • the user uses the IM client to send the real-time verification code, and the real-time verification code information can be sent to the third-party server, which simplifies the user's verification operation compared with the method where the user manually enters the SMS verification code.
  • Fig. 1 schematically shows a flowchart of an IM-based user identity verification method in an embodiment of the present invention
  • Fig. 2 schematically shows a structural block diagram of an IM-based user identity verification system in an embodiment of the present invention
  • FIG. 3 schematically shows the flowchart of the application in the IM-based user authentication method in a preferred embodiment of the present invention
  • Fig. 4 schematically shows a structural diagram of a server provided by an embodiment of the present invention.
  • FIG. 1 schematically shows a flowchart of an IM (Instant Messaging)-based user authentication method in an embodiment of the present invention.
  • Embodiments of the present invention provide an IM-based user authentication method, which is applied to any third-party application program running on a terminal, and the terminal includes but is not limited to a smart phone, a tablet computer, a desktop Internet equipment such as computers and workstations, but not limited to them.
  • the IM on which the present invention is based is an instant messaging APP that uses a mobile phone number as a user account, including but not limited to WhatsApp and Telegram.
  • the IM-based user verification method includes but not limited to the following steps.
  • Step S101 receiving a verification request sent by an application program of a terminal.
  • the verification request includes a request from the user to apply for a registration account from the application server, or a request from the user to apply for a login account from the application server, or a request from the user to perform certain functions of the application.
  • the user authentication interface will be displayed on the interactive interface of the application.
  • the user identity verification interface includes a sending verification request control, and the sending verification request is used for the user to click and perform the operation of sending the verification request.
  • the application server receives the user authentication request.
  • Step S102 generating a verification link according to the verification request, and sending the verification link to the application program of the terminal, wherein the verification link includes a first verification code and an IM application terminal identification code.
  • the application server generates the user's first verification code as a real-time verification code (On Time Password, OTP) as user identification information.
  • the first verification code may be a plurality of characters composed of a plurality of random numbers, may be a plurality of characters composed of a plurality of random English letters (where uppercase English letters and lowercase English letters represent different characters), or may be It is a letter composed of multiple random numbers and multiple random English letters. More specifically, the first verification code is a random character with at least 4 digits.
  • one of the first verification codes is a check code, specifically the last digit of the group of numbers, which is obtained from the previous numbers through a certain operation, and used to verify the group of numbers correctness, so as to avoid the wrong matching problem when the verification code is entered incorrectly.
  • the IM application terminal identification code is pre-configured by the application program server on the IM application terminal, and is used to receive the IM account of the verification code sent by the user.
  • the IM application terminal identification code used to implement the user identity verification method of this application can be a unified IM account, or multiple different IM accounts can be set according to the type of verification application, user type, and verification request type. In addition, this IM account can also be changed periodically according to business processes.
  • the verification link does not have a jump function
  • the user can only view the first verification code and the IM application terminal identification code on the application user identity verification interface of the terminal, and the user needs to manually Open the corresponding IM application terminal on the terminal, then find the IM account number of the corresponding IM application terminal identification code, and manually input the first verification code on the communication interface of the IM account number of the IM application terminal identification code, then click send, and the This completes the upload of verification information.
  • the verification link has a jump function.
  • the IM application end can be automatically awakened, and the first verification code will be automatically filled in with the IM application end identification.
  • the user On the communication interface of the communication interface corresponding to the IM account, the user only needs to click send to complete the upload of the verification information.
  • the verification link with the jump function greatly simplifies the user's verification operation, and the user only needs two clicks to complete the verification information upload. And in this way, the user information is automatically filled in without manual operation, which avoids the verification failure caused by the user entering the wrong verification code, thereby improving the efficiency and success rate of user identity verification.
  • Step S103 receiving the second verification code and the user verification code sent by the IM application, wherein the IM application is an IM application corresponding to the IM application identification code.
  • the second verification code is a real-time verification code sent by the user to the IM account corresponding to the IM application terminal identification code.
  • the IM account corresponding to the IM application end identification code will obtain the second verification code sent by the user on the communication interface;
  • the verification code gateway obtains the second verification code and the user's corresponding user mobile phone number from the application program interface (API) of the IM application end, wherein the real-time verification code gateway (OTP Gateway) and the application program interface (API) ) is pre-configured.
  • the IM of the present invention is an instant messaging APP that uses the mobile phone number as the user account, so when the user sends the second verification code using the IM application end of the terminal, the IM account corresponding to the IM application end identification code as the recipient can obtain the user's verification code.
  • mobile phone number, and the mobile phone number is sent to the application server to be verified by the real-time verification code gateway (OTP Gateway).
  • OTP Gateway real-time verification code gateway
  • the verification link becomes invalid.
  • the predetermined time can be customized according to usage scenarios.
  • the purpose of designing the verification link to expire periodically is to prevent the verification code from being stolen and causing user losses.
  • many criminals will use improper and illegal means to crack it.
  • set a valid time for the verification link and remind the user that whenever the valid time is exceeded, the verification code will fail.
  • the user himself has not received the verification link within the valid time, he can resend the verification request to obtain the verification link, so as to prevent losses caused by criminals stealing the verification code.
  • Step S104 judging whether the first verification code matches the second verification code; wherein, when the first verification code matches the second verification code, enter step S105; when the first When the verification code does not match the second verification code, go to step S106.
  • Step S105 when the first verification code matches the second verification code, the verification is passed.
  • the application server confirms the user identification code, thereby completing user authentication for the user identification code.
  • the user opens the application program through the terminal, the application program returns pass information, and completes the user identity information verification process.
  • Step S106 when the first verification code does not match the second verification code, return verification failure information.
  • the user opens the application program through the terminal, and the application program returns the information that the verification fails. At this time, the user can resend the verification request to perform the second user identity information verification process.
  • the IM application terminal is used to bind the personal mobile phone number and the communication characteristics of personal information, and the IM application terminal is combined with the application server to be verified.
  • the user's real-time verification code is generated by the application server to be verified, and then the user sends back the real-time verification code through the IM application bound to the personal identity, and finally the application server to be verified matches the real-time verification code to complete the user Verification of identity information.
  • the user identity verification method of the present invention does not require the cooperation of short messages or operators, thereby saving the cost of sending short messages by operators.
  • the verification link function is integrated.
  • the sending content of the real-time verification code sent to the specific IM receiving user can be automatically formed.
  • the user only needs to send with one click, and the identity verification identification information can be sent to the application server to be verified.
  • the verification operation of the user is simplified.
  • FIG. 2 schematically shows a structural block diagram of an IM-based user identity verification system in an embodiment of the present invention.
  • An embodiment of the present invention provides an IM-based user identity verification device, which is applied to a third-party server, including but not limited to the following modules.
  • the first receiving module is configured to receive the verification request sent by the application program of the terminal.
  • the verification request includes a request from the user to apply for a registration account from the application server, or a request from the user to apply for a login account from the application server, or a request from the user to perform certain functions of the application.
  • the user authentication interface will be displayed on the interactive interface of the application.
  • the user identity verification interface includes a sending verification request control, and the sending verification request is used for the user to click and perform the operation of sending the verification request.
  • the application server receives the user authentication request.
  • a generating module configured to generate a verification link according to the verification request, and send the verification link to the application program of the terminal, wherein the verification link includes a first verification code and an IM application terminal identification code.
  • the application server generates the user's first verification code as a real-time verification code (On Time Password, OTP) as user identification information.
  • the first verification code may be a plurality of characters composed of a plurality of random numbers, may be a plurality of characters composed of a plurality of random English letters (where uppercase English letters and lowercase English letters represent different characters), or may be It is a letter composed of multiple random numbers and multiple random English letters. More specifically, the first verification code is a random character with at least 4 digits.
  • one of the first verification codes is a check code, specifically the last digit of the group of numbers, which is obtained from the previous numbers through a certain operation, and used to verify the group of numbers correctness, so as to avoid the wrong matching problem when the verification code is entered incorrectly.
  • the IM application terminal identification code is pre-configured by the application program server on the IM application terminal, and is used to receive the IM account of the verification code sent by the user.
  • the IM application terminal identification code used to implement the user identity verification method of this application can be a unified IM account, or multiple different IM accounts can be set according to the type of verification application program, user type, and verification request type. In addition, this IM account can also be changed periodically according to business processes.
  • the verification link does not have a jump function
  • the user can only view the first verification code and the IM application terminal identification code on the application user identity verification interface of the terminal, and the user needs to manually Open the corresponding IM application terminal on the terminal, then find the IM account number of the corresponding IM application terminal identification code, and manually input the first verification code on the communication interface of the IM account number of the IM application terminal identification code, then click send, and the This completes the upload of verification information.
  • the verification link has a jump function.
  • the IM application end can be automatically awakened, and the first verification code will be automatically filled in with the IM application end identification.
  • the user On the communication interface of the communication interface corresponding to the IM account, the user only needs to click send to complete the upload of the verification information.
  • the verification link with the jump function greatly simplifies the user's verification operation, and the user only needs two clicks to complete the verification information upload. And in this way, the user information is automatically filled in without manual operation, which avoids the verification failure caused by the user entering the wrong verification code, thereby improving the efficiency and success rate of user identity verification.
  • the second receiving module is configured to receive the second verification code and the user verification code sent by the IM application end, wherein the IM application end is an IM application program corresponding to the IM application end identification code.
  • the second verification code is a real-time verification code sent by the user to the IM account corresponding to the IM application terminal identification code.
  • the IM account corresponding to the IM application end identification code will obtain the second verification code sent by the user on the communication interface;
  • the verification code gateway obtains the second verification code and the user's corresponding user mobile phone number from the application program interface (API) of the IM application end, wherein the real-time verification code gateway (OTP Gateway) and the application program interface (API) ) is pre-configured.
  • the IM of the present invention is an instant messaging APP that uses the mobile phone number as the user account, so when the user sends the second verification code using the IM application end of the terminal, the IM account corresponding to the IM application end identification code as the recipient can obtain the user's verification code.
  • mobile phone number, and the mobile phone number is sent to the application server to be verified by the real-time verification code gateway (OTP Gateway).
  • OTP Gateway real-time verification code gateway
  • the verification module judges whether the first verification code matches the second verification code.
  • the verification is passed; wherein, the user opens the application program through the terminal, and the application program returns pass information, and completes the user information verification process.
  • the verification failure information is returned; wherein, the user opens the application program through the terminal, and the application program returns the verification failure information. At this time, the user can resend the verification request to proceed The second verification process.
  • the verification module traverses the verification codes generated in the application server, and matches the second verification code sent by the user with the first verification code generated by the application server.
  • the verification module traverses the verification codes generated in the application server, and matches the second verification code sent by the user with the first verification code generated by the application server.
  • the IM-based user identity verification device of the present invention further includes a configuration module, configured to pre-configure the IM account information corresponding to the IM application terminal identification code before receiving the user identity verification request. Specifically, register the receiving account on the IM application in advance and complete the information verification.
  • the configuration module is used to configure the communication between the IM application and the application to be verified. Therefore, when the user receives the user's real-time verification code through the IM application, the real-time The verification code can be transmitted to the real-time verification code gateway through the application port API of IM, and then input to the application server, thereby verifying the user verification information.
  • the IM-based user identity verification device runs on a third-party application server, uses the communication characteristics of the IM application itself to bind the personal mobile phone number and information, and integrates the IM application
  • the terminal is combined with the application server to be authenticated.
  • the user identity verification device receives the user identity verification request through the receiving request module, and uses the generation module to generate the user's real-time verification code; then the user sends the real-time verification code through the IM application end bound to the personal identity, and the real-time verification code is transmitted to the IM for receiving
  • the user's information receiving end receives the real-time verification code sent by the user from the real-time verification code gateway, and finally the verification module performs matching judgment on the real-time verification code, thereby completing the verification of user information.
  • the user identity verification device of the present invention does not require the cooperation of short messages or operators, thereby saving the cost of sending short messages by operators.
  • the verification link function is integrated. After the user clicks the link, the sending content of sending the identity verification ID to the specific IM receiving user can be automatically formed. The user only needs to send the identity verification ID information to the application server to be verified with one click. This simplifies the user's authentication operation.
  • Fig. 3 schematically shows the flow chart of the IM-based user identity verification method in a preferred embodiment of the present invention.
  • the technical content involved in the above-mentioned embodiment will be described in detail below in conjunction with Fig. 3 and this embodiment .
  • the user identity verification method can be used for user login, registration, or application for executing special functions of the application program.
  • user registration is taken as an example.
  • the user verification method can be run in the application server to be registered, and can also be run in the application client to be registered, and the user identity verification method includes the following steps:
  • the Gateway is an API gateway based on the HTTP protocol, As a unified API access layer, the connection between NetApp Server and IM Server is thus realized;
  • NetApp is an application program that adopts the verification scheme of this application, and
  • IM is an instant messaging APP that uses a mobile phone number as a user account. In this embodiment, it is Whatsapp or Telegram.
  • the NetApp Server After the user completes the registration information request on the NetApp display interface, the NetApp Server generates the OTP and the IM receiving number, generates an IM sending link together, and displays it on the user registration page; the registration information request includes filling in the mobile phone number and clicking to send The registration request; the IM sending connection includes OTP and the IM receiving number, and also includes the control instruction for jumping to open the IM application program and the control instruction for sending information to the IM receiving number.
  • OTP Gateway sends the user's mobile phone number and received OTP information to NetApp Server.
  • OTP Gateway receives the user notification through IM to switch back to NetApp to complete the registration process.
  • NetApp Server judges whether the prefabricated OTP information is consistent with the OTP sent to the registered user in step (2); if the prefabricated OTP information is consistent with the OTP sent to the registered user, then enter step (8); if the prefabricated OTP information is consistent with the OTP sent to the registered user If the user's OTP is the same, go to step (9).
  • NetApp Server returns the verification pass information to complete the user registration.
  • NetApp Server returns the message that the verification fails. Wherein, when the verification fails, the user can resend the identity verification request to register for the second time.
  • the IM application terminal itself is used to bind the personal mobile phone number and the communication characteristics of information, and the IM application terminal is combined with the application server to be registered, and the application server to be registered generates The user's identity verification ID, and then the user sends the identity verification ID through the IM application that is bound to the personal identity, and finally the application server to be registered will make a matching judgment on the identity verification ID, thereby completing the verification of user information.
  • the user identity verification method of the present invention does not require the cooperation of short messages or operators, thereby saving the cost of sending short messages by operators.
  • the verification link function is integrated.
  • the user clicks on the link it can automatically form the sending content of sending the identity verification identification to the specific IM receiving user.
  • the user only needs to send the identity verification identification information to the application server to be registered with one click.
  • the user operation is simple, only 2 clicks are required, and there is no need to manually enter the verification code, which simplifies the user's verification operation.
  • FIG. 4 is a schematic structural diagram of a server provided by an embodiment of the present invention.
  • the server 400 may have relatively large differences due to different configurations or performances, and may include one or more central processing units (CPU) 401 and one or more than one memory 402, wherein at least one instruction is stored in the memory 402, and the at least one instruction is loaded and executed by the processor 401 to implement the IM-based user authentication method provided by the above method embodiments .
  • the server may also have components such as a wired or wireless network interface, a keyboard, and an input and output interface for input and output, and the server may also include other components for realizing device functions, which will not be repeated here.
  • a computer-readable storage medium such as a memory including instructions, which can be executed by a processor in the terminal to complete the IM-based user authentication method in the following embodiments.
  • the computer readable storage medium may be ROM, random access memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, and the like.
  • the program can be stored in a computer-readable storage medium.
  • the above-mentioned The storage medium mentioned may be a read-only memory, a magnetic disk or an optical disk, and the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

An IM-based user identity authentication method and apparatus, and a server and a storage medium. The authentication method comprises: receiving an authentication request that is sent by an application program of a terminal (S101); generating an authentication link according to the authentication request, and sending the authentication link to the application program of the terminal, wherein the authentication link comprises a first authentication code and an IM application end identification code (S102); receiving a second authentication code that is sent by an IM application end (S103), wherein the IM application end is the IM application program corresponding to the IM application end identification code; and when the first authentication code matches the second authentication code, passing the authentication (S105). By means of the user identity authentication method and apparatus, an IM application program is used as a transmission path for authentication, and a user sends a real-time authentication code by means of the IM application end. Compared with inputting an authentication code by using a text message, the cost and user convenience are further taken into consideration.

Description

基于IM的用户身份验证方法、装置、服务器及其存储介质IM-based user authentication method, device, server and storage medium thereof 技术领域technical field
本发明涉及通信领域,特别涉及一种基于IM的用户身份验证方法、装置、服务器及其存储介质。The invention relates to the communication field, in particular to an IM-based user identity verification method, device, server and storage medium thereof.
背景技术Background technique
在网路信息安全的五个功能中(身份验证、授权、保密性、完整性和不可否认),身份验证(Authentication)是最基本最重要的环节。身份验证的作用,是保证在具体的决策环节,体现用户的真实意愿。Among the five functions of network information security (authentication, authorization, confidentiality, integrity and non-repudiation), authentication is the most basic and important link. The role of identity verification is to ensure that the real wishes of users are reflected in specific decision-making links.
因此,为了信息访问的安全以及确保用户的唯一身份,用户在使用手机、平板电脑等终端时注册/登录第三方服务器时,通常使用手机号码进行校验,从而验证用户身份以保证个人账户和隐私的网络安全。现有技术中常见的两种用户身份验证的技术方案如下所述:Therefore, in order to ensure the security of information access and ensure the unique identity of users, when users register/log in to third-party servers when using terminals such as mobile phones and tablets, they usually use mobile phone numbers for verification, thereby verifying user identities to ensure personal accounts and privacy network security. Two common technical solutions for user authentication in the prior art are as follows:
第一种技术方案为采用下行短信验证码的方案,具体包括:a.用户在注册/登陆时,输入手机号码;b.服务器拿到号码后,通过短信网关,下发一个随机数验证码;c.用户收到短信后,将该验证码输入;d.服务器将用户输入的验证码进行比对,成功后即完成注册/登陆功能。此种方案广泛应用于目前大多数第三方服务器的注册/登录流程中,但是采用此种方案需要用户手动输入手机号码,操作不便利;另一方面,此种方案需要与运营商协作以完成短信发送验证码,而短信网关接入成本较高,因此成本较高,并且在运营商数量较多的国家和地区,实施成本会更高。The first technical solution is a solution using a downlink SMS verification code, which specifically includes: a. The user enters a mobile phone number when registering/logging in; b. After the server gets the number, it sends a random number verification code through the SMS gateway; c. After receiving the text message, the user enters the verification code; d. The server compares the verification code entered by the user, and the registration/login function is completed after the verification code is successful. This kind of solution is widely used in the registration/login process of most third-party servers at present, but this kind of solution requires the user to manually enter the mobile phone number, which is inconvenient to operate; on the other hand, this kind of solution needs to cooperate with the operator to complete the SMS The verification code is sent, and the access cost of the SMS gateway is high, so the cost is high, and the implementation cost will be higher in countries and regions with a large number of operators.
第二种技术方案为采用运营商一键登录的方案,具体包括:a.须在应用客户端中嵌入认证软件开发工具包(Software Development Kit,SDK);b.用户请求注册/登录时,通过该SDK与运营商的网络通信来采集用户手机号码并显示;c.在获得用户同意授权后,应用客户端获得接口调用Token,传递给应用服务端;d.认证服务端使用Token获取手机号码接口,最终实现获取当前授权用户的手机号码,并完成注册/登陆。但是,此种技术方案门槛较高,需要运营商直 接提供技术支持,需要嵌入SDK,只能在应用客户端上使用,并且会造成用户对隐私担忧等问题。The second technical solution is the one-key login solution of the operator, which specifically includes: a. The authentication software development kit (Software Development Kit, SDK) must be embedded in the application client; b. When the user requests registration/login, pass The SDK communicates with the operator's network to collect the user's mobile phone number and display it; c. After obtaining the user's consent and authorization, the application client obtains the interface calling Token and passes it to the application server; d. The authentication server uses the Token to obtain the mobile phone number interface , and finally obtain the mobile phone number of the current authorized user, and complete the registration/login. However, this technical solution has a high threshold, requires the operator to directly provide technical support, needs to embed the SDK, can only be used on the application client, and will cause users to worry about privacy and other issues.
以上两种技术方案均需要在运营商的协同下才能完成用户身份验证,在复杂的运营商环境下,不仅成本较高,还会影响用户操作的便利性。因此,向用户提供一种兼顾成本以及用户便利性的用户身份验证方法是亟待解决的问题。Both of the above two technical solutions require the cooperation of the operator to complete the user identity verification. In a complex operator environment, not only the cost is high, but also the convenience of user operation is affected. Therefore, it is an urgent problem to provide users with a user authentication method that takes into account both cost and user convenience.
发明内容Contents of the invention
为了解决相关技术中用户身份验证存在成本较高以及操作不便的问题,本发明提供了一种基于IM的用户身份验证方法、装置、服务器及其存储介质,其最简化用户操作,在兼顾成本以及用户便利性的前提下,实现用户身份验证。In order to solve the problems of high cost and inconvenient operation in user identity verification in related technologies, the present invention provides an IM-based user identity verification method, device, server and its storage medium, which simplifies user operations the most and takes cost and Under the premise of user convenience, user authentication is realized.
为了解决上述技术问题,本发明提供的技术方案为:In order to solve the problems of the technologies described above, the technical solution provided by the invention is:
一方面,本发明提供了一种基于IM的用户身份验证方法,其特征在于,所述验证方法包括:On the one hand, the present invention provides a kind of user identity authentication method based on IM, it is characterized in that, described authentication method comprises:
接收终端的应用程序发送的验证请求;Receive the verification request sent by the application program of the terminal;
根据所述验证请求生成验证链接,并将所述验证链接发送给所述终端的应用程序,其中,所述验证链接包括第一验证码和IM应用端标识码;generating a verification link according to the verification request, and sending the verification link to the application program of the terminal, wherein the verification link includes a first verification code and an IM application terminal identification code;
接收IM应用端发送的第二验证码和用户标识码,其中,所述IM应用端是所述IM应用端标识码对应的IM应用程序;receiving a second verification code and a user identification code sent by an IM application end, wherein the IM application end is an IM application program corresponding to the IM application end identification code;
当所述第一验证码和所述第二验证码匹配时,通过验证。When the first verification code matches the second verification code, the verification is passed.
在一些实施例中,所述验证链接被配置成:当用户点击所述验证链接后,自动打开所述IM应用端,并且所述第一验证码自动填写在与所述IM应用端标识码对应IM账户的通信界面上。In some embodiments, the verification link is configured to automatically open the IM application end when the user clicks the verification link, and the first verification code is automatically filled in the field corresponding to the identification code of the IM application end. On the communication interface of the IM account.
在一些实施例中,所述验证方法还包括:In some embodiments, the verification method also includes:
当所述第一验证码与所述第二验证码不匹配时,返回验证不通过信息。When the first verification code does not match the second verification code, return verification failure information.
在一些实施例中,所述验证方法还包括:In some embodiments, the verification method also includes:
在接收终端的应用程序发送的验证请求之前,预先配置所述IM应用端标识码对应的IM账户信息。Before receiving the verification request sent by the application program of the terminal, the IM account information corresponding to the IM application terminal identification code is pre-configured.
在一些实施例中,所述第一验证码由至少4位随机字符组成。In some embodiments, the first verification code is composed of at least 4 random characters.
在一些实施例中,在生成对应的验证链接后,若超过预定时间未获取所述第二验证码,所述验证链接失效。优选地,所述预定时间可根据使用场景自定义。In some embodiments, after the corresponding verification link is generated, if the second verification code is not acquired within a predetermined time, the verification link becomes invalid. Preferably, the predetermined time can be customized according to usage scenarios.
一方面,本发明提供了一种基于IM的用户身份验证装置,其特征在于, 所述验证装置包括:On the one hand, the present invention provides a kind of IM-based user identity verification device, it is characterized in that, described verification device comprises:
第一接收模块,用于接收终端的应用程序发送的验证请求;The first receiving module is configured to receive a verification request sent by an application program of the terminal;
生成模块,用于根据所述验证请求生成验证链接,并将所述验证链接发送给所述终端的应用程序,其中,所述验证链接包括第一验证码和IM应用端标识码;A generating module, configured to generate a verification link according to the verification request, and send the verification link to the application program of the terminal, wherein the verification link includes a first verification code and an IM application terminal identification code;
第二接收模块,用于接收IM应用端发送的第二验证码和用户标识码,其中,所述IM应用端是所述IM应用端标识码对应的IM应用程序;以及The second receiving module is configured to receive the second verification code and the user identification code sent by the IM application end, wherein the IM application end is an IM application program corresponding to the IM application end identification code; and
验证模块,用于当所述第一验证码和所述第二验证码匹配时,通过验证。A verification module, configured to pass the verification when the first verification code matches the second verification code.
在一些实施例中,所述验证链接被配置成:当用户点击所述验证链接后,自动打开所述IM应用端,并且所述第一验证码自动填写在与所述IM应用端标识码对应IM账户的通信界面上。In some embodiments, the verification link is configured to automatically open the IM application end when the user clicks the verification link, and the first verification code is automatically filled in the field corresponding to the identification code of the IM application end. On the communication interface of the IM account.
在一些实施例中,所述验证模块还用于,In some embodiments, the verification module is also used to,
当所述用户发送的身份验证信息与所述身份标识信息不匹配时,返回验证不通过信息。When the identity verification information sent by the user does not match the identity information, return verification failure information.
在一些实施例中,其特征在于,所述验证装置还包括:In some embodiments, it is characterized in that the verification device also includes:
配置模块,用于在接收用户身份验证请求之前,预先配置所述IM接收用户的账户信息。The configuration module is configured to pre-configure the IM to receive the user's account information before receiving the user identity verification request.
一方面,本发明提供了一种服务器,所述服务器包括处理器和存储器,所述存储器中存储有至少一条指令,所述指令由所述处理器加载并执行以实现如上述的基于IM的用户身份验证方法所执行的操作。In one aspect, the present invention provides a server, the server includes a processor and a memory, at least one instruction is stored in the memory, and the instruction is loaded and executed by the processor to implement the above-mentioned IM-based user The action performed by the authentication method.
一方面,本发明提供了一种计算机可读存储介质,所述存储介质中存储有至少一条指令,所述指令由处理器加载并执行以实现如上述的基于IM的用户身份验证方法所执行的操作。In one aspect, the present invention provides a computer-readable storage medium, at least one instruction is stored in the storage medium, and the instruction is loaded and executed by a processor to implement the above-mentioned IM-based user authentication method. operate.
本发明的实施例提供的技术方案可以包括以下有益效果:The technical solutions provided by the embodiments of the present invention may include the following beneficial effects:
在本发明公开的基于IM的用户身份验证方法、装置、服务器及其存储介质中,利用IM应用端本身绑定个人手机号及信息的通信特点,将IM应用端与第三方应用程序服务器进行结合,通过第三方服务器生成用户的身份验证标识,然后通过绑定个人身份的IM应用端发送实时验证码,最后再由第三方服务器对身份验证标识进行匹配判断,从而完成用户身份信息的验证。本发明的用户身份验证方法不需要通过短信或者运营商的配合,从而节省了运营商发送短信的 成本。另一方面,用户使用IM客户端发送实时验证码,可将实时验证码信息发送至第三方服务器,相较于用户手动输入短信验证码的方法,简化了用户的验证操作。In the IM-based user authentication method, device, server and storage medium thereof disclosed in the present invention, the IM application terminal is combined with the third-party application program server by utilizing the communication characteristics of the IM application terminal itself binding personal mobile phone numbers and information The third-party server generates the user's identity verification ID, and then sends a real-time verification code through the IM application bound to the personal identity, and finally the third-party server makes a matching judgment on the identity verification ID, thereby completing the verification of the user's identity information. The user identity verification method of the present invention does not require the cooperation of short messages or operators, thereby saving the cost of sending short messages by operators. On the other hand, the user uses the IM client to send the real-time verification code, and the real-time verification code information can be sent to the third-party server, which simplifies the user's verification operation compared with the method where the user manually enters the SMS verification code.
应当理解的是,以上的一般描述和后文的细节描述仅是示例性的,并不能限制本公开。It is to be understood that both the foregoing general description and the following detailed description are exemplary only and are not restrictive of the present disclosure.
附图说明Description of drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.
图1示意性示出了本发明实施例中的基于IM的用户身份验证方法的流程图;Fig. 1 schematically shows a flowchart of an IM-based user identity verification method in an embodiment of the present invention;
图2示意性示出了本发明实施例中的基于IM的用户身份验证系统的结构框图;Fig. 2 schematically shows a structural block diagram of an IM-based user identity verification system in an embodiment of the present invention;
图3示意性示出了本发明一较优实施例中的应用在基于IM的用户身份验证方法的流程架构图;Fig. 3 schematically shows the flowchart of the application in the IM-based user authentication method in a preferred embodiment of the present invention;
图4示意性示出了本发明实施例提供的一种服务器的结构图。Fig. 4 schematically shows a structural diagram of a server provided by an embodiment of the present invention.
具体实施方式Detailed ways
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便此处描述的本发明的实施例。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其他步骤或单元。It should be noted that the terms "first" and "second" in the description and claims of the present invention and the above drawings are used to distinguish similar objects, but not necessarily used to describe a specific sequence or sequence. It should be understood that the data so used may be interchanged under appropriate circumstances for the embodiments of the invention described herein. Furthermore, the terms "comprising" and "having", as well as any variations thereof, are intended to cover a non-exclusive inclusion, for example, a process, method, system, product or device comprising a sequence of steps or elements is not necessarily limited to the expressly listed instead, may include other steps or elements not explicitly listed or inherent to the process, method, product or apparatus.
下面将结合本发明实施方式中的附图,对本发明实施方式中的技术方案进行清楚、完整地描述。显然,所描述的实施方式是本发明的一部分实施方式, 而不是全部实施方式。基于本发明中的实施方式,本领域普通技术人员在没有做出创造性劳动的前提下所获得的所有其他实施方式,都应属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the drawings in the embodiments of the present invention. Apparently, the described embodiments are some, not all, embodiments of the present invention. Based on the implementation manners in the present invention, all other implementation manners obtained by persons of ordinary skill in the art without making creative efforts shall fall within the protection scope of the present invention.
请参阅图1,图1示意性示出了本发明实施例中的基于IM(Instant Messaging)的用户身份验证方法的流程图。本发明的实施例提供了一种基于IM的用户身份验证方法,所述用户身份验证方法应用于在终端运行的任意第三方应用程序,所述终端包括但不仅限于为智能手机、平板电脑、台式电脑、工作站等互联网设备,但并不局限于此。本发明所基于的IM为使用手机号码为用户账号的即时通信APP,包括但不局限于WhatsApp和Telegram。具体地,所述基于IM的用户验证方法包括但不限于以下步骤。Referring to FIG. 1, FIG. 1 schematically shows a flowchart of an IM (Instant Messaging)-based user authentication method in an embodiment of the present invention. Embodiments of the present invention provide an IM-based user authentication method, which is applied to any third-party application program running on a terminal, and the terminal includes but is not limited to a smart phone, a tablet computer, a desktop Internet equipment such as computers and workstations, but not limited to them. The IM on which the present invention is based is an instant messaging APP that uses a mobile phone number as a user account, including but not limited to WhatsApp and Telegram. Specifically, the IM-based user verification method includes but not limited to the following steps.
步骤S101,接收终端的应用程序发送的验证请求。Step S101, receiving a verification request sent by an application program of a terminal.
具体地,所述验证请求包括用户向应用程序服务器申请注册账户的请求或者用户向应用程序服务器申请登录账户的请求,又或者用户需要执行应用程序某些功能等请求。此时,在应用程序的交互界面上将显示用户身份验证界面。所述用户身份验证界面包括有发送验证请求控件,所述发送验证请求用于用户点击并执行发送验证请求的操作。在用户发送验证请求操作后,应用程序服务器接收用户身份验证请求。Specifically, the verification request includes a request from the user to apply for a registration account from the application server, or a request from the user to apply for a login account from the application server, or a request from the user to perform certain functions of the application. At this point, the user authentication interface will be displayed on the interactive interface of the application. The user identity verification interface includes a sending verification request control, and the sending verification request is used for the user to click and perform the operation of sending the verification request. After the user sends an authentication request action, the application server receives the user authentication request.
步骤S102,根据所述验证请求生成验证链接,并将所述验证链接发送给所述终端的应用程序,其中,所述验证链接包括第一验证码和IM应用端标识码。Step S102, generating a verification link according to the verification request, and sending the verification link to the application program of the terminal, wherein the verification link includes a first verification code and an IM application terminal identification code.
具体地,应用程序服务器生成用户的第一验证码为实时验证码(On Time Password,OTP),以作为用户身份标识信息。其中,该第一验证码可以是由多个随机数字组成的多个字符,可以是由多个随机英文字母(其中大写英文字母与其小写英文字母代表不同的字符)组成的多个字符,也可以是由多个随机数字和多个随机英文字母组成的字母。更具体地,所述第一验证码为至少4位的随机字符。另外,在本实施例中,所述第一验证码的其中一位为校验码,具体为该组数字的最后一位,由前面的数字通过某种运算得出,用以检验该组数字的正确性,从而避免验证码输错情况下错误匹配的问题。Specifically, the application server generates the user's first verification code as a real-time verification code (On Time Password, OTP) as user identification information. Wherein, the first verification code may be a plurality of characters composed of a plurality of random numbers, may be a plurality of characters composed of a plurality of random English letters (where uppercase English letters and lowercase English letters represent different characters), or may be It is a letter composed of multiple random numbers and multiple random English letters. More specifically, the first verification code is a random character with at least 4 digits. In addition, in this embodiment, one of the first verification codes is a check code, specifically the last digit of the group of numbers, which is obtained from the previous numbers through a certain operation, and used to verify the group of numbers correctness, so as to avoid the wrong matching problem when the verification code is entered incorrectly.
所述IM应用端标识码为应用程序服务器在IM应用端上预先配置,用于接收用户发送验证码的IM账户。用于实现本申请的用户身份验证方法的IM应用端标识码可以是一个统一的IM账户,也可以根据验证应用程序的类型、用户类 型、验证请求类型等区别设置多个不同的IM账户。另外,本IM账户也可以定期根据业务进程进行更改。The IM application terminal identification code is pre-configured by the application program server on the IM application terminal, and is used to receive the IM account of the verification code sent by the user. The IM application terminal identification code used to implement the user identity verification method of this application can be a unified IM account, or multiple different IM accounts can be set according to the type of verification application, user type, and verification request type. In addition, this IM account can also be changed periodically according to business processes.
在一些实施例中,所述验证链接不具有跳转功能,用户只能在终端的应用程序用户身份验证界面上查看到第一验证码和IM应用端标识码,用户需要根据上述接收信息,手动打开终端上的对应的IM应用端,然后寻找到对应的IM应用端标识码的IM账号,并将第一验证码手动输入IM应用端标识码的IM账号的通信界面上,然后点击发送,由此完成验证信息的上传。In some embodiments, the verification link does not have a jump function, the user can only view the first verification code and the IM application terminal identification code on the application user identity verification interface of the terminal, and the user needs to manually Open the corresponding IM application terminal on the terminal, then find the IM account number of the corresponding IM application terminal identification code, and manually input the first verification code on the communication interface of the IM account number of the IM application terminal identification code, then click send, and the This completes the upload of verification information.
在另一些实施例,所述验证链接具备跳转功能,当用户点击所述验证链接时,IM应用端能被自动唤醒,并且所述第一验证码会自动填写在与所述IM应用端标识码对应IM账户的通信界面上的通信界面上,用户只需点击发送,即可完成验证信息的上传。由此可见,具备跳转功能的验证链接极大地简化了用户的验证操作,用户只需两次点击即可完成验证信息上传。并且此种方式下,用户信息自动填写,不需要人工操作,避免了用户输错验证码导致验证不通过,从而提高了用户身份验证的效率和成功率。In some other embodiments, the verification link has a jump function. When the user clicks on the verification link, the IM application end can be automatically awakened, and the first verification code will be automatically filled in with the IM application end identification. On the communication interface of the communication interface corresponding to the IM account, the user only needs to click send to complete the upload of the verification information. It can be seen that the verification link with the jump function greatly simplifies the user's verification operation, and the user only needs two clicks to complete the verification information upload. And in this way, the user information is automatically filled in without manual operation, which avoids the verification failure caused by the user entering the wrong verification code, thereby improving the efficiency and success rate of user identity verification.
步骤S103,接收IM应用端发送的第二验证码和用户验证码,其中,所述IM应用端是所述IM应用端标识码对应的IM应用程序。Step S103, receiving the second verification code and the user verification code sent by the IM application, wherein the IM application is an IM application corresponding to the IM application identification code.
具体地,所述第二验证码为用户向IM应用端标识码对应的IM账户发送的实时验证码。当用户通过终端的IM应用端发送第二验证码后,所述IM应用端标识码对应的IM账户,作为接收方将在通信界面获得用户发送过来的第二验证码;然后应用程序服务器通过实时验证码网关(OTP Gateway)从IM应用端的应用程序接口(API)获得所述第二验证码以及用户对应的用户手机号,其中,所述实时验证码网关(OTP Gateway)与应用程序接口(API)是预先配置好的。Specifically, the second verification code is a real-time verification code sent by the user to the IM account corresponding to the IM application terminal identification code. After the user sends the second verification code through the IM application end of the terminal, the IM account corresponding to the IM application end identification code, as the receiver, will obtain the second verification code sent by the user on the communication interface; The verification code gateway (OTP Gateway) obtains the second verification code and the user's corresponding user mobile phone number from the application program interface (API) of the IM application end, wherein the real-time verification code gateway (OTP Gateway) and the application program interface (API) ) is pre-configured.
具体地,本发明IM为使用手机号码为用户账号的即时通信APP,因此当用户使用终端的IM应用端发送第二验证码时,作为接收方的IM应用端标识码对应的IM账户可以获取用户的手机号码,并将该手机号码通过所述实时验证码网关(OTP Gateway)发送至待验证应用程序服务器。Specifically, the IM of the present invention is an instant messaging APP that uses the mobile phone number as the user account, so when the user sends the second verification code using the IM application end of the terminal, the IM account corresponding to the IM application end identification code as the recipient can obtain the user's verification code. mobile phone number, and the mobile phone number is sent to the application server to be verified by the real-time verification code gateway (OTP Gateway).
在一些实施例中,在生成对应的验证链接后,若超过预定时间未获取用户发送的第二验证码,所述验证链接失效。具体地,所述预定时间可根据使用场景自定义。将验证链接设计成定时失效的目的在于防止验证码被窃取而造成用户损失。在获取验证码的时候,不少的不法分子会利用不正当的非法手段来破 解,为了防止不法分子的窃取验证码行为,对验证链接设置有效时间并提醒用户,每当超过有效时间,验证码就会失效。而如果用户本人在有效时间未收到验证链接,可以重新发送验证请求以获取验证链接,这样就可以防止因为不法分子窃取验证码而造成的损失。In some embodiments, after the corresponding verification link is generated, if the second verification code sent by the user is not obtained within a predetermined time, the verification link becomes invalid. Specifically, the predetermined time can be customized according to usage scenarios. The purpose of designing the verification link to expire periodically is to prevent the verification code from being stolen and causing user losses. When obtaining the verification code, many criminals will use improper and illegal means to crack it. In order to prevent criminals from stealing the verification code, set a valid time for the verification link and remind the user that whenever the valid time is exceeded, the verification code will fail. And if the user himself has not received the verification link within the valid time, he can resend the verification request to obtain the verification link, so as to prevent losses caused by criminals stealing the verification code.
步骤S104,判断所述第一验证码与所述第二验证码是否匹配;其中,当所述所述第一验证码与所述第二验证码匹配时,进入步骤S105;当所述第一验证码与所述第二验证码不匹配时,进入步骤S106。Step S104, judging whether the first verification code matches the second verification code; wherein, when the first verification code matches the second verification code, enter step S105; when the first When the verification code does not match the second verification code, go to step S106.
具体地,遍历应用程序服务器中产生的验证码,将用户发送的第二验证码与应用程序服务器生成的第一验证码进行匹配,当用户发送的第二验证码的每个字符与应用程序服务器对应生成的第一验证码的每个字符都完全相同时,匹配成功。Specifically, traverse the verification codes generated in the application server, and match the second verification code sent by the user with the first verification code generated by the application server. When each character of the second verification code sent by the user matches the When each character corresponding to the generated first verification code is exactly the same, the matching is successful.
步骤S105,当所述第一验证码与所述第二验证码匹配时,通过验证。应用程序服务器确认该用户标识码,从而完成对该用户标识码的用户身份验证。其中,用户通过终端打开应用程序,应用程序返回通过信息,并完成用户身份信息验证流程。Step S105, when the first verification code matches the second verification code, the verification is passed. The application server confirms the user identification code, thereby completing user authentication for the user identification code. Wherein, the user opens the application program through the terminal, the application program returns pass information, and completes the user identity information verification process.
步骤S106,当所述第一验证码与所述第二验证码不匹配时,返回验证不通过信息。其中,用户通过终端打开应用程序,应用程序返回验证不通过信息,此时用户可以重新发送验证请求,进行第二次用户身份信息验证流程。Step S106, when the first verification code does not match the second verification code, return verification failure information. Wherein, the user opens the application program through the terminal, and the application program returns the information that the verification fails. At this time, the user can resend the verification request to perform the second user identity information verification process.
相较于现有技术,在本发明公开的基于IM的用户身份验证方法中,利用IM应用端本身绑定个人手机号及个人信息的通信特点,将IM应用端与待验证应用程序服务器进行结合,通过待验证应用程序服务器生成用户的实时验证码,然后用户通过绑定个人身份的IM应用端发送返回实时验证码,最后再由待验证应用程序服务器对实时验证码进行匹配判断,从而完成用户身份信息的验证。本发明的用户身份验证方法不需要通过短信或者运营商的配合,从而节省了运营商发送短信的成本。并且对验证链接功能进行集成,用户点击链接后能够自动形成对特定IM接收用户发送实时验证码的发送内容,用户只需要一键发送,即可将身份验证标识信息发送至待验证应用程序服务器,相对用户手动输入短信验证码的方法,简化了用户的验证操作。Compared with the prior art, in the IM-based user authentication method disclosed in the present invention, the IM application terminal is used to bind the personal mobile phone number and the communication characteristics of personal information, and the IM application terminal is combined with the application server to be verified. , the user's real-time verification code is generated by the application server to be verified, and then the user sends back the real-time verification code through the IM application bound to the personal identity, and finally the application server to be verified matches the real-time verification code to complete the user Verification of identity information. The user identity verification method of the present invention does not require the cooperation of short messages or operators, thereby saving the cost of sending short messages by operators. In addition, the verification link function is integrated. After the user clicks on the link, the sending content of the real-time verification code sent to the specific IM receiving user can be automatically formed. The user only needs to send with one click, and the identity verification identification information can be sent to the application server to be verified. Compared with the method in which the user manually inputs the SMS verification code, the verification operation of the user is simplified.
请参阅图2,图2示意性示出了本发明实施例中的基于IM的用户身份验证系统的结构框图。本发明的实施例提供了一种基于IM的用户身份验证装置, 所述用户身份验证装置应用于第三方服务器上,包括但不限于以下模块。Please refer to FIG. 2 , which schematically shows a structural block diagram of an IM-based user identity verification system in an embodiment of the present invention. An embodiment of the present invention provides an IM-based user identity verification device, which is applied to a third-party server, including but not limited to the following modules.
第一接收模块,用于接收终端的应用程序发送的验证请求。The first receiving module is configured to receive the verification request sent by the application program of the terminal.
具体地,所述验证请求包括用户向应用程序服务器申请注册账户的请求或者用户向应用程序服务器申请登录账户的请求,又或者用户需要执行应用程序某些功能等请求。此时,在应用程序的交互界面上将显示用户身份验证界面。所述用户身份验证界面包括有发送验证请求控件,所述发送验证请求用于用户点击并执行发送验证请求的操作。在用户发送验证请求操作后,应用程序服务器接收用户身份验证请求。Specifically, the verification request includes a request from the user to apply for a registration account from the application server, or a request from the user to apply for a login account from the application server, or a request from the user to perform certain functions of the application. At this point, the user authentication interface will be displayed on the interactive interface of the application. The user identity verification interface includes a sending verification request control, and the sending verification request is used for the user to click and perform the operation of sending the verification request. After the user sends an authentication request action, the application server receives the user authentication request.
生成模块,用于根据所述验证请求生成验证链接,并将所述验证链接发送给所述终端的应用程序,其中,所述验证链接包括第一验证码和IM应用端标识码。A generating module, configured to generate a verification link according to the verification request, and send the verification link to the application program of the terminal, wherein the verification link includes a first verification code and an IM application terminal identification code.
具体地,应用程序服务器生成用户的第一验证码为实时验证码(On Time Password,OTP),以作为用户身份标识信息。其中,该第一验证码可以是由多个随机数字组成的多个字符,可以是由多个随机英文字母(其中大写英文字母与其小写英文字母代表不同的字符)组成的多个字符,也可以是由多个随机数字和多个随机英文字母组成的字母。更具体地,所述第一验证码为至少4位的随机字符。另外,在本实施例中,所述第一验证码的其中一位为校验码,具体为该组数字的最后一位,由前面的数字通过某种运算得出,用以检验该组数字的正确性,从而避免验证码输错情况下错误匹配的问题。Specifically, the application server generates the user's first verification code as a real-time verification code (On Time Password, OTP) as user identification information. Wherein, the first verification code may be a plurality of characters composed of a plurality of random numbers, may be a plurality of characters composed of a plurality of random English letters (where uppercase English letters and lowercase English letters represent different characters), or may be It is a letter composed of multiple random numbers and multiple random English letters. More specifically, the first verification code is a random character with at least 4 digits. In addition, in this embodiment, one of the first verification codes is a check code, specifically the last digit of the group of numbers, which is obtained from the previous numbers through a certain operation, and used to verify the group of numbers correctness, so as to avoid the wrong matching problem when the verification code is entered incorrectly.
所述IM应用端标识码为应用程序服务器在IM应用端上预先配置,用于接收用户发送验证码的IM账户。用于实现本申请的用户身份验证方法的IM应用端标识码可以是一个统一的IM账户,也可以根据验证应用程序的类型、用户类型、验证请求类型等区别设置多个不同的IM账户。另外,本IM账户也可以定期根据业务进程进行更改。The IM application terminal identification code is pre-configured by the application program server on the IM application terminal, and is used to receive the IM account of the verification code sent by the user. The IM application terminal identification code used to implement the user identity verification method of this application can be a unified IM account, or multiple different IM accounts can be set according to the type of verification application program, user type, and verification request type. In addition, this IM account can also be changed periodically according to business processes.
在一些实施例中,所述验证链接不具有跳转功能,用户只能在终端的应用程序用户身份验证界面上查看到第一验证码和IM应用端标识码,用户需要根据上述接收信息,手动打开终端上的对应的IM应用端,然后寻找到对应的IM应用端标识码的IM账号,并将第一验证码手动输入IM应用端标识码的IM账号的通信界面上,然后点击发送,由此完成验证信息的上传。In some embodiments, the verification link does not have a jump function, the user can only view the first verification code and the IM application terminal identification code on the application user identity verification interface of the terminal, and the user needs to manually Open the corresponding IM application terminal on the terminal, then find the IM account number of the corresponding IM application terminal identification code, and manually input the first verification code on the communication interface of the IM account number of the IM application terminal identification code, then click send, and the This completes the upload of verification information.
在另一些实施例,所述验证链接具备跳转功能,当用户点击所述验证链接 时,IM应用端能被自动唤醒,并且所述第一验证码会自动填写在与所述IM应用端标识码对应IM账户的通信界面上的通信界面上,用户只需点击发送,即可完成验证信息的上传。由此可见,具备跳转功能的验证链接极大地简化了用户的验证操作,用户只需两次点击即可完成验证信息上传。并且此种方式下,用户信息自动填写,不需要人工操作,避免了用户输错验证码导致验证不通过,从而提高了用户身份验证的效率和成功率。In some other embodiments, the verification link has a jump function. When the user clicks on the verification link, the IM application end can be automatically awakened, and the first verification code will be automatically filled in with the IM application end identification. On the communication interface of the communication interface corresponding to the IM account, the user only needs to click send to complete the upload of the verification information. It can be seen that the verification link with the jump function greatly simplifies the user's verification operation, and the user only needs two clicks to complete the verification information upload. And in this way, the user information is automatically filled in without manual operation, which avoids the verification failure caused by the user entering the wrong verification code, thereby improving the efficiency and success rate of user identity verification.
第二接收模块,用于接收IM应用端发送的第二验证码和用户验证码,其中,所述IM应用端是所述IM应用端标识码对应的IM应用程序。The second receiving module is configured to receive the second verification code and the user verification code sent by the IM application end, wherein the IM application end is an IM application program corresponding to the IM application end identification code.
具体地,所述第二验证码为用户向IM应用端标识码对应的IM账户发送的实时验证码。当用户通过终端的IM应用端发送第二验证码后,所述IM应用端标识码对应的IM账户,作为接收方将在通信界面获得用户发送过来的第二验证码;然后应用程序服务器通过实时验证码网关(OTP Gateway)从IM应用端的应用程序接口(API)获得所述第二验证码以及用户对应的用户手机号,其中,所述实时验证码网关(OTP Gateway)与应用程序接口(API)是预先配置好的。Specifically, the second verification code is a real-time verification code sent by the user to the IM account corresponding to the IM application terminal identification code. After the user sends the second verification code through the IM application end of the terminal, the IM account corresponding to the IM application end identification code, as the receiver, will obtain the second verification code sent by the user on the communication interface; The verification code gateway (OTP Gateway) obtains the second verification code and the user's corresponding user mobile phone number from the application program interface (API) of the IM application end, wherein the real-time verification code gateway (OTP Gateway) and the application program interface (API) ) is pre-configured.
具体地,本发明IM为使用手机号码为用户账号的即时通信APP,因此当用户使用终端的IM应用端发送第二验证码时,作为接收方的IM应用端标识码对应的IM账户可以获取用户的手机号码,并将该手机号码通过所述实时验证码网关(OTP Gateway)发送至待验证应用程序服务器。Specifically, the IM of the present invention is an instant messaging APP that uses the mobile phone number as the user account, so when the user sends the second verification code using the IM application end of the terminal, the IM account corresponding to the IM application end identification code as the recipient can obtain the user's verification code. mobile phone number, and the mobile phone number is sent to the application server to be verified by the real-time verification code gateway (OTP Gateway).
验证模块,判断所述第一验证码与所述第二验证码是否匹配。当所述第一验证码与所述第二验证码匹配时,通过验证;其中,用户通过终端打开应用程序,应用程序返回通过信息,并完成用户信息验证流程。所述第一验证码与所述第二验证码不匹配时,返回验证不通过信息;其中,用户通过终端打开应用程序,应用程序返回验证不通过信息,此时用户可以重新发送验证请求,进行第二次验证流程。The verification module judges whether the first verification code matches the second verification code. When the first verification code matches the second verification code, the verification is passed; wherein, the user opens the application program through the terminal, and the application program returns pass information, and completes the user information verification process. When the first verification code does not match the second verification code, the verification failure information is returned; wherein, the user opens the application program through the terminal, and the application program returns the verification failure information. At this time, the user can resend the verification request to proceed The second verification process.
具体地,验证模块遍历应用程序服务器中产生的验证码,将用户发送的第二验证码与应用程序服务器生成的第一验证码进行匹配,当用户发送的第二验证码的每个字符与应用程序服务器对应生成的第一验证码的每个字符都完全相同时,匹配成功。Specifically, the verification module traverses the verification codes generated in the application server, and matches the second verification code sent by the user with the first verification code generated by the application server. When each character of the second verification code sent by the user matches the application When each character of the corresponding first verification code generated by the program server is exactly the same, the matching is successful.
在一些实施例中,本发明的基于IM的用户身份验证装置还包括配置模块,用于在接收用户身份验证请求之前,预先配置所述IM应用端标识码对应的IM 账户信息。具体地,预先在IM应用端注册接收账户并完成信息验证,配置模块用于配置IM应用端与待验证应用程序的通信,因此当用户通过IM应用端接收到用户的实时验证码后,该实时验证码可以通过IM的应用程序端口API传输到实时验证码网关,然后输入到应用程序服务器上,由此对用户验证信息进行验证。In some embodiments, the IM-based user identity verification device of the present invention further includes a configuration module, configured to pre-configure the IM account information corresponding to the IM application terminal identification code before receiving the user identity verification request. Specifically, register the receiving account on the IM application in advance and complete the information verification. The configuration module is used to configure the communication between the IM application and the application to be verified. Therefore, when the user receives the user's real-time verification code through the IM application, the real-time The verification code can be transmitted to the real-time verification code gateway through the application port API of IM, and then input to the application server, thereby verifying the user verification information.
相较于现有技术,在本发明公开的基于IM的用户身份验证装置中,其运行与第三方应用程序服务器上,利用IM应用端本身绑定个人手机号及信息的通信特点,将IM应用端与待验证应用程序服务器进行结合。该用户身份验证装置通过接收请求模块接收用户身份验证请求,利用生成模块生成用户的实时验证码;然后用户通过绑定个人身份的IM应用端发送实时验证码,并且该实时验证码传输至IM接收用户的信息接收端,从实时验证码网关接收用户发送的实时验证码,最后再由验证模块对实时验证码进行匹配判断,从而完成用户信息的验证。本发明的用户身份验证装置不需要通过短信或者运营商的配合,从而节省了运营商发送短信的成本。并且对验证链接功能进行集成,用户点击链接后能够自动形成对特定IM接收用户发送身份验证标识的发送内容,用户只需要一键发送,即可将身份验证标识信息发送至待验证应用程序服务器,由此简化了用户的验证操作。Compared with the prior art, in the IM-based user identity verification device disclosed in the present invention, it runs on a third-party application server, uses the communication characteristics of the IM application itself to bind the personal mobile phone number and information, and integrates the IM application The terminal is combined with the application server to be authenticated. The user identity verification device receives the user identity verification request through the receiving request module, and uses the generation module to generate the user's real-time verification code; then the user sends the real-time verification code through the IM application end bound to the personal identity, and the real-time verification code is transmitted to the IM for receiving The user's information receiving end receives the real-time verification code sent by the user from the real-time verification code gateway, and finally the verification module performs matching judgment on the real-time verification code, thereby completing the verification of user information. The user identity verification device of the present invention does not require the cooperation of short messages or operators, thereby saving the cost of sending short messages by operators. And the verification link function is integrated. After the user clicks the link, the sending content of sending the identity verification ID to the specific IM receiving user can be automatically formed. The user only needs to send the identity verification ID information to the application server to be verified with one click. This simplifies the user's authentication operation.
图3示意性示出了本发明一较优实施例中的基于IM的用户身份验证方法的流程架构图,下面结合图3和本实施例,对上述实施例中涉及的技术内容进行详细地说明。Fig. 3 schematically shows the flow chart of the IM-based user identity verification method in a preferred embodiment of the present invention. The technical content involved in the above-mentioned embodiment will be described in detail below in conjunction with Fig. 3 and this embodiment .
本实施例提供了一种基于IM的用户身份验证方法。该用户身份验证方法可用于用户登录、注册或者执行应用程序特殊功能的申请,在本实施例中以用户注册为例。具体地,所述用户验证方法可运行于待注册应用程序服务器中,也可运行于待注册应用程序客户端中,该用户身份验证方法包括如下步骤:This embodiment provides an IM-based user identity verification method. The user identity verification method can be used for user login, registration, or application for executing special functions of the application program. In this embodiment, user registration is taken as an example. Specifically, the user verification method can be run in the application server to be registered, and can also be run in the application client to be registered, and the user identity verification method includes the following steps:
(1)配置实时验证码(OTP)的网关(Gateway),通知应用程序服务器(NetApp Server)接收OTP的即时通信(IM)应用程序的账户信息;其中,Gateway是一个基于HTTP协议的API网关,作为统一的API接入层,由此实现NetApp Server与IM Server的连接;NetApp为采用本申请验证方案的应用程序,IM为使用手机号码作为用户账户的即时通信APP,在本实施例为Whatsapp或Telegram。(1) Configure the gateway (Gateway) of the real-time verification code (OTP), and notify the application program server (NetApp Server) to receive the account information of the instant messaging (IM) application program of the OTP; wherein, the Gateway is an API gateway based on the HTTP protocol, As a unified API access layer, the connection between NetApp Server and IM Server is thus realized; NetApp is an application program that adopts the verification scheme of this application, and IM is an instant messaging APP that uses a mobile phone number as a user account. In this embodiment, it is Whatsapp or Telegram.
(2)用户在NetApp的显示界面完成注册信息请求后,NetApp Server生成OTP和IM接收号码,一起生成IM发送链接,并显示与用户注册页面上;其中,注册信息请求包括手机号填写以及点击发送注册请求;IM发送连接包括OTP和IM接收号码,还包括跳转打开IM应用程序的控制指令和对IM接收号码发送信息的控制指令。(2) After the user completes the registration information request on the NetApp display interface, the NetApp Server generates the OTP and the IM receiving number, generates an IM sending link together, and displays it on the user registration page; the registration information request includes filling in the mobile phone number and clicking to send The registration request; the IM sending connection includes OTP and the IM receiving number, and also includes the control instruction for jumping to open the IM application program and the control instruction for sending information to the IM receiving number.
(3)用户点击IM发送链接,IM被自动唤起,预制的OTP信息自动填写在接收号码的聊天界面。(3) The user clicks the IM to send the link, the IM is automatically awakened, and the prefabricated OTP information is automatically filled in the chat interface of the receiving number.
(4)用户在IM上点击发送预制OTP信息;该预制OTP信息被发送至IM接收用户的通信中,并通过预先配置的OTP Gateway从IMAPI获取注册用户发送的信息内容。(4) The user clicks on the IM to send the prefabricated OTP information; the prefabricated OTP information is sent to the communication of the IM receiving user, and the information content sent by the registered user is obtained from the IMAPI through the preconfigured OTP Gateway.
(5)OTP Gateway将用户手机号码和收到OTP信息一并传送到NetApp Server。(5) OTP Gateway sends the user's mobile phone number and received OTP information to NetApp Server.
(6)OTP Gateway通过IM接收用户通知用户切换回NetApp完成注册流程。(6) OTP Gateway receives the user notification through IM to switch back to NetApp to complete the registration process.
(7)NetApp Server判断预制OTP信息和步骤(2)中发送给注册用户的OTP是否一致;若预制OTP信息与发送注册用户的OTP一致,则进入步骤(8);若预制OTP信息与发送注册用户的OTP一致,则进入步骤(9)。(7) NetApp Server judges whether the prefabricated OTP information is consistent with the OTP sent to the registered user in step (2); if the prefabricated OTP information is consistent with the OTP sent to the registered user, then enter step (8); if the prefabricated OTP information is consistent with the OTP sent to the registered user If the user's OTP is the same, go to step (9).
(8)NetApp Server返回验证通过信息,完成用户注册。(8) NetApp Server returns the verification pass information to complete the user registration.
(9)NetApp Server返回验证不通过信息。其中,当验证不通过后,用户可以重新发送身份验证请求,以进行第二次注册。(9) NetApp Server returns the message that the verification fails. Wherein, when the verification fails, the user can resend the identity verification request to register for the second time.
本实施例公开的基于IM的用户身份验证方法中,利用IM应用端本身绑定个人手机号及信息的通信特点,将IM应用端与待注册应用程序服务器进行结合,通过待注册应用程序服务器生成用户的身份验证标识,然后用户通过绑定个人身份的IM应用端发送身份验证标识,最后再由待注册应用程序服务器对身份验证标识进行匹配判断,从而完成用户信息的验证。本发明的用户身份验证方法不需要通过短信或者运营商的配合,从而节省了运营商发送短信的成本。并且对验证链接功能进行集成,用户点击链接后能够自动形成对特定IM接收用户发送身份验证标识的发送内容,用户只需要一键发送,即可将身份验证标识信息发送至待注册应用程序服务器,相对用户手动输入短信验证码的方法,用户操作简单,仅需2次点击,无须手动输入验证码,简化了用户的验证操作。In the IM-based user authentication method disclosed in this embodiment, the IM application terminal itself is used to bind the personal mobile phone number and the communication characteristics of information, and the IM application terminal is combined with the application server to be registered, and the application server to be registered generates The user's identity verification ID, and then the user sends the identity verification ID through the IM application that is bound to the personal identity, and finally the application server to be registered will make a matching judgment on the identity verification ID, thereby completing the verification of user information. The user identity verification method of the present invention does not require the cooperation of short messages or operators, thereby saving the cost of sending short messages by operators. In addition, the verification link function is integrated. After the user clicks on the link, it can automatically form the sending content of sending the identity verification identification to the specific IM receiving user. The user only needs to send the identity verification identification information to the application server to be registered with one click. Compared with the method where the user manually enters the SMS verification code, the user operation is simple, only 2 clicks are required, and there is no need to manually enter the verification code, which simplifies the user's verification operation.
图4是本发明实施例提供的一种服务器的结构示意图,该服务器400可因 配置或性能不同而产生比较大的差异,可以包括一个或一个以上处理器(central processing units,CPU)401和一个或一个以上的存储器402,其中,所述存储器402中存储有至少一条指令,所述至少一条指令由所述处理器401加载并执行以实现上述各个方法实施例提供的基于IM的用户身份验证方法。当然,该服务器还可以具有有线或无线网络接口、键盘以及输入输出接口等部件,以便进行输入输出,该服务器还可以包括其他用于实现设备功能的部件,在此不做赘述。FIG. 4 is a schematic structural diagram of a server provided by an embodiment of the present invention. The server 400 may have relatively large differences due to different configurations or performances, and may include one or more central processing units (CPU) 401 and one or more than one memory 402, wherein at least one instruction is stored in the memory 402, and the at least one instruction is loaded and executed by the processor 401 to implement the IM-based user authentication method provided by the above method embodiments . Certainly, the server may also have components such as a wired or wireless network interface, a keyboard, and an input and output interface for input and output, and the server may also include other components for realizing device functions, which will not be repeated here.
在示例性实施例中,还提供了一种计算机可读存储介质,例如包括指令的存储器,上述指令可由终端中的处理器执行以完成下述实施例中的基于IM的用户身份验证方法。例如,所述计算机可读存储介质可以是ROM、随机存取存储器(RAM)、CD-ROM、磁带、软盘和光数据存储设备等。In an exemplary embodiment, there is also provided a computer-readable storage medium, such as a memory including instructions, which can be executed by a processor in the terminal to complete the IM-based user authentication method in the following embodiments. For example, the computer readable storage medium may be ROM, random access memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, and the like.
本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps for implementing the above embodiments can be completed by hardware, and can also be completed by instructing related hardware through a program. The program can be stored in a computer-readable storage medium. The above-mentioned The storage medium mentioned may be a read-only memory, a magnetic disk or an optical disk, and the like.
应当理解的是,以上所述实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,这些技术特征不存在矛盾的组合,都应当认为是本说明书记载的范围。It should be understood that the various technical features of the above-mentioned embodiments can be combined arbitrarily. For the sake of concise description, all possible combinations of the various technical features in the above-mentioned embodiments are not described. However, these technical features do not exist Any contradictory combination should be considered as falling within the scope of this specification.
以上仅为本公开的较佳可行实施例,并非限制本公开的保护范围,凡运用本公开说明书及附图内容所作出的等效结构变化,均包含在本公开的保护范围内。The above are only preferred feasible embodiments of the present disclosure, and do not limit the protection scope of the present disclosure. All equivalent structural changes made by using the contents of the disclosure specification and drawings are included in the protection scope of the present disclosure.

Claims (12)

  1. 一种基于IM的用户身份验证方法,其特征在于,所述验证方法包括:An IM-based user identity verification method, characterized in that the verification method comprises:
    接收终端的应用程序发送的验证请求;Receive the verification request sent by the application program of the terminal;
    根据所述验证请求生成验证链接,并将所述验证链接发送给所述终端的应用程序,其中,所述验证链接包括第一验证码和IM应用端标识码;generating a verification link according to the verification request, and sending the verification link to the application program of the terminal, wherein the verification link includes a first verification code and an IM application terminal identification code;
    接收IM应用端发送的第二验证码以及用户标识码,其中,所述IM应用端是所述IM应用端标识码对应的IM应用程序;以及receiving a second verification code and a user identification code sent by an IM application end, wherein the IM application end is an IM application program corresponding to the IM application end identification code; and
    当所述第一验证码和所述第二验证码匹配时,通过验证。When the first verification code matches the second verification code, the verification is passed.
  2. 根据权利要求1所述的基于IM的用户身份验证方法,其特征在于,所述验证链接被配置成:当用户点击所述验证链接后,自动打开所述IM应用端,并且所述第一验证码自动填写在与所述IM应用端标识码对应IM账户的通信界面上。The IM-based user identity verification method according to claim 1, wherein the verification link is configured to automatically open the IM application end when the user clicks the verification link, and the first verification link The code is automatically filled in on the communication interface of the IM account corresponding to the IM application terminal identification code.
  3. 根据权利要求1所述的基于IM的用户身份验证方法,其特征在于,所述验证方法还包括:The IM-based user identity verification method according to claim 1, wherein the verification method further comprises:
    当所述第一验证码与所述第二验证码不匹配时,返回验证不通过信息。When the first verification code does not match the second verification code, return verification failure information.
  4. 根据权利要求1所述的基于IM的用户身份验证方法,其特征在于,所述验证方法还包括:The IM-based user identity verification method according to claim 1, wherein the verification method further comprises:
    在接收终端的应用程序发送的验证请求之前,预先配置所述IM应用端标识码对应的IM账户信息。Before receiving the verification request sent by the application program of the terminal, the IM account information corresponding to the IM application terminal identification code is pre-configured.
  5. 根据权利要求1所述的基于IM的用户身份验证方法,其特征在于,所述第一验证码由至少4位随机字符组成。The IM-based user identity verification method according to claim 1, wherein the first verification code is composed of at least 4 random characters.
  6. 根据权利要求1所述的基于IM的用户身份验证方法,其特征在于,在生成对应的验证链接后,若超过预定时间未获取所述第二验证码,所述验证链接失效。The IM-based user identity verification method according to claim 1, wherein after the corresponding verification link is generated, if the second verification code is not obtained within a predetermined time, the verification link becomes invalid.
  7. 一种基于IM的用户身份验证装置,其特征在于,所述验证装置包括:An IM-based user identity verification device, characterized in that the verification device includes:
    第一接收模块,用于接收终端的应用程序发送的验证请求;The first receiving module is configured to receive a verification request sent by an application program of the terminal;
    生成模块,用于根据所述验证请求生成验证链接,并将所述验证链接发送给所述终端的应用程序,其中,所述验证链接包括第一验证码和IM应用端标识码;A generating module, configured to generate a verification link according to the verification request, and send the verification link to the application program of the terminal, wherein the verification link includes a first verification code and an IM application terminal identification code;
    第二接收模块,用于接收IM应用端发送的第二验证码和用户标识码,其中,所述IM应用端是所述IM应用端标识码对应的IM应用程序;以及The second receiving module is configured to receive the second verification code and the user identification code sent by the IM application end, wherein the IM application end is an IM application program corresponding to the IM application end identification code; and
    验证模块,用于当所述第一验证码和所述第二验证码匹配时,通过验证。A verification module, configured to pass the verification when the first verification code matches the second verification code.
  8. 根据权利要求7所述的基于IM的用户身份验证装置,其特征在于,所述验证链接被配置成:当用户点击所述验证链接后,自动打开所述IM应用端,并且所述第一验证码自动填写在与所述IM应用端标识码对应IM账户的通信界面上。The IM-based user identity verification device according to claim 7, wherein the verification link is configured to automatically open the IM application end when the user clicks the verification link, and the first verification link The code is automatically filled in on the communication interface of the IM account corresponding to the IM application terminal identification code.
  9. 根据权利要求7所述的基于IM的用户身份验证装置,其特征在于,所述验证模块还用于,The IM-based user identity verification device according to claim 7, wherein the verification module is also used for:
    当所述用户发送的身份验证信息与所述身份标识信息不匹配时,返回验证不通过信息。When the identity verification information sent by the user does not match the identity information, return verification failure information.
  10. 根据权利要求7所述的基于IM的用户身份验证装置,其特征在于,所述验证装置还包括:The IM-based user identity verification device according to claim 7, wherein the verification device further comprises:
    配置模块,用于在接收用户身份验证请求之前,预先配置所述IM应用端标识码对应的IM账户信息。The configuration module is configured to pre-configure the IM account information corresponding to the IM application terminal identification code before receiving the user identity verification request.
  11. 一种服务器,其特征在于,所述服务器包括处理器和存储器,所述存储器中存储有至少一条指令,所述指令由所述处理器加载并执行以实现如权利要求1至权利要求6任一项所述的基于IM的用户身份验证方法所执行的操作。A server, characterized in that the server includes a processor and a memory, at least one instruction is stored in the memory, and the instruction is loaded and executed by the processor to implement any one of claims 1 to 6. Actions performed by the IM-based user authentication method described in item .
  12. 一种计算机可读存储介质,其特征在于,所述存储介质中存储有至少一条指令,所述指令由处理器加载并执行以实现如权利要求1至权利要求6任一项所述的基于IM的用户身份验证方法所执行的操作。A computer-readable storage medium, characterized in that at least one instruction is stored in the storage medium, and the instruction is loaded and executed by a processor to implement the IM-based The action performed by the user authentication method for .
PCT/CN2021/128188 2021-09-30 2021-11-02 Im-based user identity authentication method and apparatus, and server and storage medium WO2023050524A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111158857.2A CN113824628B (en) 2021-09-30 2021-09-30 User identity authentication method, device, server and storage medium based on IM
CN202111158857.2 2021-09-30

Publications (1)

Publication Number Publication Date
WO2023050524A1 true WO2023050524A1 (en) 2023-04-06

Family

ID=78919868

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/128188 WO2023050524A1 (en) 2021-09-30 2021-11-02 Im-based user identity authentication method and apparatus, and server and storage medium

Country Status (2)

Country Link
CN (1) CN113824628B (en)
WO (1) WO2023050524A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114979048B (en) * 2022-08-02 2022-11-29 深圳市明源云科技有限公司 Identity verification method, system, electronic device and medium based on instant messaging
CN116436633B (en) * 2023-02-08 2023-12-05 广州希倍思智能科技有限公司 Platform login method and system for receiving and transmitting verification code based on instant messaging
CN117835248A (en) * 2023-10-17 2024-04-05 湖北星纪魅族集团有限公司 Security control method, terminal, and non-transitory computer-readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102480434A (en) * 2010-11-24 2012-05-30 金蝶软件(中国)有限公司 Method, device and system for realizing seamless transition among different system businesses
CN106230702A (en) * 2016-08-29 2016-12-14 北京小米移动软件有限公司 Identity information verification method, Apparatus and system
CN106899571A (en) * 2016-12-21 2017-06-27 阿里巴巴集团控股有限公司 Information interacting method and device
CN111245841A (en) * 2020-01-14 2020-06-05 杭州涂鸦信息技术有限公司 Account authorization method and system
WO2020155767A1 (en) * 2019-01-31 2020-08-06 平安科技(深圳)有限公司 Mobile terminal-based passwordless login method and apparatus, device, and storage medium
CN111741011A (en) * 2020-07-16 2020-10-02 腾讯科技(深圳)有限公司 Verification method, verification device and storage medium

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8705720B2 (en) * 2007-02-08 2014-04-22 Avaya Inc. System, method and apparatus for clientless two factor authentication in VoIP networks
CN105207777B (en) * 2014-06-30 2019-09-20 腾讯科技(深圳)有限公司 The method and apparatus of network information verifying
CN105407074A (en) * 2014-09-11 2016-03-16 腾讯科技(深圳)有限公司 Authentication method, apparatus and system
CN105490809B (en) * 2014-09-17 2020-11-06 腾讯科技(深圳)有限公司 Information acquisition method and device, terminal and server
CN104811370B (en) * 2015-04-27 2018-05-08 北京北信源软件股份有限公司 A kind of security instant communication system framework based on mark
US10080139B2 (en) * 2015-06-15 2018-09-18 Huawei Technologies Co., Ltd. Information sending method and apparatus, terminal device, and system
CN106101125B (en) * 2016-07-01 2020-09-22 龙官波 Verification processing method, device and system
CN111835714A (en) * 2017-07-11 2020-10-27 创新先进技术有限公司 Information verification processing method, client and server
CN110099029A (en) * 2018-01-30 2019-08-06 阿里健康信息技术有限公司 A kind of auth method, terminal device and server
CN111709007A (en) * 2020-06-10 2020-09-25 中国建设银行股份有限公司 User authentication method, device and equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102480434A (en) * 2010-11-24 2012-05-30 金蝶软件(中国)有限公司 Method, device and system for realizing seamless transition among different system businesses
CN106230702A (en) * 2016-08-29 2016-12-14 北京小米移动软件有限公司 Identity information verification method, Apparatus and system
CN106899571A (en) * 2016-12-21 2017-06-27 阿里巴巴集团控股有限公司 Information interacting method and device
WO2020155767A1 (en) * 2019-01-31 2020-08-06 平安科技(深圳)有限公司 Mobile terminal-based passwordless login method and apparatus, device, and storage medium
CN111245841A (en) * 2020-01-14 2020-06-05 杭州涂鸦信息技术有限公司 Account authorization method and system
CN111741011A (en) * 2020-07-16 2020-10-02 腾讯科技(深圳)有限公司 Verification method, verification device and storage medium

Also Published As

Publication number Publication date
CN113824628A (en) 2021-12-21
CN113824628B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
WO2023050524A1 (en) Im-based user identity authentication method and apparatus, and server and storage medium
TWI758260B (en) Website login method and login system based on mobile phone short message
US9722984B2 (en) Proximity-based authentication
CN107249004B (en) Identity authentication method, device and client
CN107241339B (en) Identity authentication method, identity authentication device and storage medium
US11159674B2 (en) Multi-factor authentication of caller identification (ID) identifiers
CN107872447A (en) Electronic device, server, communication system and communication method
US20150365420A1 (en) A secure user interaction method performing defined actions on web resources over a separate channel and a system thereof
KR20170140215A (en) Methods and systems for transaction security
CN110719252B (en) Method, system and medium for authorizing transactions over a communication channel
CN109525588B (en) Verification code processing method, device and system
CN117336092A (en) Client login method and device, electronic equipment and storage medium
WO2022041179A1 (en) Method, device and system for sending authentication information by means of instant messaging
CN114584971A (en) Account registration method and device, electronic equipment and storage medium
CN110830420A (en) Method and system for verifying short message verification code
CN113395290A (en) Mailbox login method and device, electronic equipment and readable storage medium
CN104301285A (en) Method for logging in web system
CN113824727A (en) Webpage login verification method, device, server and storage medium
CN105471891A (en) Login method based on confidential order of trusted equipment
JP6115884B1 (en) Service providing system, authentication device, and program
CN111277571A (en) Enterprise APP login management system based on zero-knowledge proof
TWM583082U (en) User identity verification system for safety transaction environment
WO2017134922A1 (en) Service provision system, authentication device, and program
JP2003264551A (en) Method for ensuring security between communication terminal and server
CN112688943B (en) Dynamic password generation method, server, terminal device and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21959088

Country of ref document: EP

Kind code of ref document: A1