Summary of the invention
The present invention's main purpose, be to provide a kind of method for security protection and system thereof of mobile terminal application, make full use of unique International Mobile Equipment Identity code that mobile terminal itself carries and user and move identify label and know as user rs authentication, improve user's terminal applies fail safe; Meanwhile, more frequent if user changes mobile terminal, user is renewable or cancel user rs authentication and identify to facilitate and log in application program.
The embodiment one of according to the present invention, the present invention discloses a kind of method for security protection of mobile terminal application, and application with between mobile terminal and server, is characterized in that, comprises the following steps:
S10. user is sent to server registration by logon information, and logon information at least comprises and logs in account number and password;
S11. user logs in application program in mobile terminal, and whether authentication of users logon information is correct, if so, enters next step;
S12. point out user whether to need International Mobile Equipment Identity code, the mobile subscriber identifier of setting mobile terminal to be designated user rs authentication sign; If so, enter next step;
S13. the International Mobile Equipment Identity code of mobile terminal, mobile subscriber identifier sign are sent to server and register, and by International Mobile Equipment Identity code, the binding of mobile subscriber identifier sign, i.e. user rs authentication sign;
S14. user logs in application program in mobile terminal, and whether authentication of users logon information is correct, if so, enters next step;
S15. obtain current user rs authentication sign;
S16. verify that whether current International Mobile Equipment Identity code is consistent with the former International Mobile Equipment Identity code in server, if so, enter next step;
S17. verify that whether current mobile subscriber identifier sign is consistent with the former mobile subscriber identifier sign in server, if so, enters next step;
S18. successfully log on this application program.
The embodiment one of according to the present invention, in step S11 and S14, if authentication of users logon information is incorrect, logs in this application program failure.
The embodiment one of according to the present invention, in step S12, if user selects not set user rs authentication sign, successfully logs in this application program.
The embodiment one of according to the present invention, in step S16, if verify, the former International Mobile Equipment Identity code in current International Mobile Equipment Identity code and server is inconsistent, logs in application program failure.
The embodiment one of according to the present invention, in step S17, if verify, current mobile subscriber identifier sign is inconsistent with the former mobile subscriber identifier sign in server, perform step S19, point out user whether to upgrade user rs authentication sign, if, point out user to input original subscriber and verify sign, whether correctly check, if so, upgrade user rs authentication sign.
The embodiment one of according to the present invention, in step S19, if user selects not upgrade user rs authentication sign, performs step S20, and the original subscriber who points out user whether to cancel in the server of having set verifies sign.
The embodiment one of according to the present invention, in step S20, if user selects to cancel and sets user rs authentication sign, perform step S21, point out user to input original subscriber and verify sign, whether correctly check, if eliminate the original subscriber who has recorded in server, verify sign.
The embodiment one of according to the present invention, the present invention discloses again a kind of safety system of mobile terminal application, comprising:
Registering modules is registered in order to logon information is sent to server, and logon information at least comprises and logs in account number and password;
Whether the first logon information authentication module is correct in order to verify logon information, if so, enters next step; If not, log in application program failure;
Checking sign setting module is in order to point out user whether to need to set user rs authentication sign, if, obtain International Mobile Equipment Identity code, the mobile subscriber identifier sign of mobile terminal as user rs authentication sign, and user rs authentication sign is sent to server registers; If not, successfully log on the application program of website;
Whether the second logon information authentication module is correct in order to authentication of users logon information equally, if so, enters next step;
If not; Log in failure;
Checking identifier acquisition module is in order to obtain current user rs authentication sign;
Mobile equipment identity code authentication module in order to verify current International Mobile Equipment Identity code whether with server in former state
Border mobile equipment identity code is identical, if so, enters next step, if not, logs in application program failure;
Identify label authentication module in order to verify current mobile subscriber identifier sign whether with server in former mobile subscriber's body
Part sign is identical, if so, successfully logs in application program.
The embodiment one of according to the present invention, more comprise a checking identification renewal module, when identify label authentication module verifies current mobile subscriber identifier sign, identify not identical with the former mobile subscriber identifier in server, whether checking identification renewal module prompting user needs to upgrade user rs authentication sign, if, point out user to input original subscriber and verify sign, check whether correct, if upgrade user rs authentication sign.
The embodiment one of according to the present invention, more comprise a checking sign cancellation module, if user selects not upgrade user rs authentication sign, the original subscriber who points out user whether will cancel in server verifies sign, if so, point out user to input original subscriber and verify sign, whether correctly check, if so, eliminate the original subscriber who has recorded in server and verify sign.
In sum, in practice, by unique International Mobile Equipment Identity code that mobile terminal is carried and mobile subscriber identifier, be identified at while logging in and verify, solved the stolen safety problem of bringing of user's logon information under single registration scenarios, meanwhile, also having met user's needs different in the situation that upgrades user rs authentication sign or cancels the demand that user rs authentication identifies.
Embodiment
This exposure book mainly provides a kind of method for security protection and system thereof of mobile terminal application; by the present invention; by unique International Mobile Equipment Identity code that mobile terminal is carried and mobile subscriber identifier, be identified at while logging in and verify; solved the stolen safety problem of bringing of user's logon information under single registration scenarios; meanwhile, also having met user's needs different in the situation that upgrades user rs authentication sign or cancels the demand that user rs authentication identifies.
Below, with reference to graphic one of shown preferred embodiment, describe cooperation in detail feature of the present invention and effect; Please refer to Fig. 1, the system architecture diagram of the safety system of the mobile terminal application that Fig. 1 is the present invention.As shown in Figure 1, the invention provides a kind of safety system of mobile terminal application, this system mainly comprises following:
Registering modules is registered in order to logon information is sent to server, and this logon information at least comprises and logs in account number and password;
Whether the first logon information authentication module is correct in order to the logon information of authentication of users input when user logins website by input logon information, if so, enters next step; If not, log in failure; The first logon information authentication module comprises that limiting module can not input logon information after the number of times of input error logon information at most continuously again in order to limited subscriber simultaneously, when the number of times of the continuous input error logon information of user reaches maximum number of times, limiting module by limited subscriber at logon information corresponding position input character.
Checking sign setting module is in order to point out user whether to need to set user rs authentication sign, if, checking sign setting module obtains the International Mobile Equipment Identity code, mobile subscriber identifier sign of mobile terminal as user rs authentication sign, and user rs authentication sign is sent to server registers; If not, successfully log on the application program of website;
Whether the second logon information authentication module is correct in order to verify logon information equally, if so, enters next step; If not, log in failure; Need restriction, when user is in registered website input logon information, the second logon information authentication module is only carried out the whether correct step of checking login user logon information in the situation that user has set user rs authentication sign.
The current user rs authentication sign of active obtaining mobile terminal after checking identifier acquisition module is correct in order to the logon information in the second logon information authentication module authentication of users input;
Mobile equipment identity code authentication module is in order to verify that whether current International Mobile Equipment Identity code is identical with the former International Mobile Equipment Identity code in server, if so, verify that International Mobile Equipment Identity code is correct, enter next step, if not, log in failure;
Identify label authentication module, in order to verify that whether current mobile subscriber identifier sign is identical with the former mobile subscriber identifier sign in server, if so, verifies that mobile subscriber identifier sign is correct, logs in successfully.
It is to be noted, the International Mobile Equipment Identity code of each mobile terminal, mobile subscriber identifier sign is all unique, therefore, when user sets user rs authentication sign, only when user uses when having International Mobile Equipment Identity code that this original subscriber verifies that sign comprises and identifying with mobile subscriber identifier, it is identical with the former International Mobile Equipment Identity code in server that mobile equipment identity code authentication module just can verify current International Mobile Equipment Identity code, it is identical with the former mobile subscriber identifier sign in server that identify label authentication module just can verify current mobile subscriber identifier sign, user just can set user rs authentication successful login application program of sign in the situation that.
Furthermore, this safety system more comprises a checking identification renewal module, when identify label authentication module verifies current mobile subscriber identifier sign, identify not identical with the former mobile subscriber identifier in server, whether checking identification renewal module prompting user needs to upgrade user rs authentication sign, if so, point out user to input original subscriber and verify sign, whether correctly check, if so, upgrade user rs authentication sign; If not, do not upgrade user rs authentication sign.When user changes mobile terminal, log in website, can synchronously upgrade user rs authentication and identify the fail safe that guarantees that user logins.
Furthermore, this safety system more comprises a checking sign cancellation module, if user selects not upgrade user rs authentication sign, the original subscriber who points out user whether will cancel in server verifies sign, if so, point out user to input original subscriber and verify sign, whether correctly check, if so, eliminate the original subscriber who has recorded in server and verify sign; If not, the original subscriber who has recorded in reservation server verifies sign.When user cancels original subscriber, verify after sign, user is logging in the application of this application program, only needs correct input logon information just can log in successfully.Frequent when different mobile terminals logs in as user, if all need at every turn, set user rs authentication sign or upgrade user rs authentication sign and will make troubles, if therefore user cancels user rs authentication sign, just can better simply step login website.
Please refer to Fig. 2, the flow chart of steps of the method for security protection of the mobile terminal that Fig. 2 is the present invention.As shown in Figure 2, the present invention more provides a kind of method for security protection of mobile terminal application, and as can be seen from Figure, the method mainly comprises the following steps:
S10: logon information is registered on server;
When user's first passage mobile terminal starts application program for mobile terminal, logon information need be sent to server and register, this logon information at least comprises and logs in account number, password.
S11. verify that whether logon information is correct, if so, enter step S12;
User logs in application program in mobile terminal, inputs and send logon information to server, and server end will be verified
Whether the logon information of user's input is correct; If so, enter step S12; If not, show and log in application program failure.In this step S12, by the maximum number of times of the logon information of limit erroneous, when user sends wrong logon information, reach maximum number of times, by limited subscriber at logon information corresponding position input character.The situation of logon information mistake comprise log in one of account number, password be wrong be all wrong with both.
S12. whether prompting needs to set user rs authentication sign;
Do not setting user rs authentication sign, when user in this application program send logon information to server to enter application program,
All can point out International Mobile Equipment Identity code, the mobile subscriber identifier sign whether user needs to set mobile terminal to identify as user rs authentication, if so, enter step S13; If not, successfully log in application program.In the present embodiment, the English full name of International Mobile Equipment Identity code is International Mobile Equipment Identity, referred to as IMEI, mobile subscriber identifier sign can be international mobile subscriber identity, the English full name of international mobile subscriber identity is International Mobile Subscriber Identification Number, referred to as IMSI, so, the present invention is not limited to this.
S13. obtain user rs authentication and identify and be sent to server registers;
The International Mobile Equipment Identity code of mobile terminal, mobile subscriber identifier sign are sent to server and register, and will
International Mobile Equipment Identity code, the binding of mobile subscriber identifier sign, i.e. user rs authentication sign.
S14. verify that whether logon information is correct, if so, enter step S15;
User logs in application program in mobile terminal after setting user rs authentication sign, and whether authentication of users logon information is correct,
If so, enter step S15; If not, log in application program failure.
S15. obtain current user rs authentication sign;
Obtain International Mobile Equipment Identity code, the current mobile subscriber identifier code of current mobile terminal and be sent to server.
S16. verify that whether current International Mobile Equipment Identity code is consistent with the former International Mobile Equipment Identity code in server,
If so, enter step S17; If not, log in application program failure.
S17. verify that whether current mobile subscriber identifier sign is consistent with the former mobile subscriber identifier sign in server, if
To enter step S18;
S18. successfully log on this application program.
You need to add is that, in step S17, if verify former in current mobile subscriber identifier sign and server
Mobile subscriber identifier sign is inconsistent, performs step S19, points out user whether to upgrade user rs authentication sign, if point out user to input original subscriber, verify sign, check whether correct, if, upgrade user rs authentication sign, if incorrect, do not upgrade user rs authentication sign.In step S19, if user selects not upgrade user rs authentication sign, perform step S20, the original subscriber who points out user whether to cancel in the server of having set verifies sign, if user selects to cancel the user rs authentication sign of having set, performs step S21, point out user to input original subscriber and verify sign, whether correctly check, if so, eliminate the original subscriber who has recorded in server and verify sign; If user selects not cancel the user rs authentication sign of having set, do not eliminate the original subscriber who has recorded in server and verify sign.
The present invention can realize following advantage:
By the present invention, by unique International Mobile Equipment Identity code that mobile terminal is carried and mobile subscriber identifier, be identified at while logging in and verify, solved the stolen safety problem of bringing of user's logon information under single registration scenarios, meanwhile, also having met user's needs different in the situation that upgrades user rs authentication sign or cancels the demand that user rs authentication identifies.
Only the foregoing is only the present invention's preferred embodiment, the non-scope of patent protection that is intended to limit to the present invention, therefore such as use specification of the present invention and the equivalence variation for it of graphic content institute, is all in like manner all contained within the scope of the present invention's rights protection, closes and gives Chen Ming.