Summary of the invention
Inventors have found that existing account information verification technique has the following problems:
User account and static password information are easy leakage, and the identifying code issued by short message is easily stolen to be stolen and intercept simultaneouslyFeedback is forged, user account safety is led to user's property loss risk by great threat.
U-shield technical security is high, but inconvenient to carry, and application scenarios are also restrained, in particular with mobile InternetWith the development of smart phone, U-shield technology is difficult to use in the user identity authentication scene of mobile application.
One purpose of the disclosure is to improve the reliability of safety verification.
According to one aspect of the disclosure, a kind of security authentication systems are proposed, comprising: application platform, for generating verifyingInformation is simultaneously sent to user terminal by internet channel, receives testing come user terminal by carrier data short message channelInformation is demonstrate,proved, and safety verification is carried out according to verification information;User terminal comes from application platform for obtaining by internet interfaceVerification information, and by user input verification information by carrier data short message channel send verification information arrive application put downPlatform.
Optionally, user terminal is also used to username and password being sent to application platform by internet channel;UsingPlatform is also used to by internet channel reception username and password from the user, according to user name, password and verification informationCarry out safety verification.
Optionally, user terminal includes subscriber card, passes through fortune for prompting user's validation information, and by verification informationBattalion's quotient data short message channel is sent to application platform.
Optionally, application platform is also used to after sending verification information to user terminal, is tested to the transmission of card application serverCard instruction;System further include: card application server, for sending verifying active information to user terminal according to verifying instruction, andVerification information from subscriber card is transmitted to application platform;Subscriber card is used to be tested according to verifying active information prompt user's inputDemonstrate,prove information.
In such security authentication systems, application platform sends verification information to user by internet channel, and user willThe verification information received from internet channel is sent to application platform by carrier data short message channel, to utilize internetSafety verification is carried out with short message binary channels, improves reliability.
According to another aspect of the disclosure, propose a kind of safe verification method, comprising: by internet interface acquisition comeThe verification information of self-application platform;Prompt user's validation information;Verification information is sent by carrier data short message channelTo application platform.
Optionally, prompt user's validation information includes: to receive the verifying active information from card application server,In, card application server instructs to subscriber card according to the verifying from application platform and sends verifying active information;The peace of subscriber cardFull authentication module prompts user's validation information according to verifying active information.
Optionally, further includes: the username and password that user inputs is sent to application platform by internet interface, withJust application platform according to user name, password and verification information from carrier data short message channel from internet channel intoRow safety verification.
By such method, user terminal obtains the verification information from application platform by internet channel, and leads toCarrier data short message channel feedback validation information is crossed to application platform, to carry out safety using internet and short message binary channelsVerifying, improves reliability.
According to the another aspect of the disclosure, a kind of user terminal is proposed, comprising: applications client, for passing through interconnectionNetwork interface obtains the verification information from application platform and shows to user;Subscriber card, for prompting user's validation information,And the verification information carrier data short message channel of user's input is sent into verification information to application platform.
Optionally, subscriber card is also used to receive the instruction of the verifying from card application server, to prompt user's input to testDemonstrate,prove information.
Optionally, subscriber card is used to verification information being sent to card application server, so that card application server is forwarded toApplication platform.
Optionally, subscriber card includes SIM (Subscriber Identification Module, subscriber identification card)Card, UIM (User Identity Module, subscriber identification module) card, USIM (Universal SubscriberIdentity Module, Global Subscriber identification card) card one of or it is a variety of.
Such user terminal can obtain the verification information from application platform by internet channel, and pass through operationQuotient data short message channel feedback validation information is to application platform, so that safety verification is carried out using internet and short message binary channels,Improve the reliability of safety verification.
According to another aspect of the disclosure, a kind of safe verification method is proposed, comprising: application platform generates verification informationAnd user terminal is sent to by internet channel;Application platform is received by carrier data short message channel come user terminalVerification information;Application platform carries out safety verification according to verification information.
Optionally, it includes: that application platform is connect by internet channel that application platform, which carries out safety verification according to verification information,Username and password from the user is received, safety verification is carried out according to user name, password and verification information.
Optionally, further includes: application platform is tested after sending verification information to user terminal to the transmission of card application serverCard instruction, so as to card application server, activation user terminal prompt user provides verifying letter by carrier data short message channelBreath.
By such method, application platform can send verification information to user by internet channel, and from operationQuotient data short message channel receives the verification information of user feedback, so that safety verification is carried out using internet and short message binary channels,Improve reliability.
According to another aspect of the disclosure, a kind of application platform is proposed, comprising: verification information issuance unit is used forIt generates verification information and user terminal is sent to by internet channel;Verification information receiving unit, for passing through operation quotientCarry out the verification information of user terminal according to short message channel reception;Authentication unit, for carrying out safety verification according to verification information.
Optionally, authentication unit is used for according to verification information and by the user name of the user of internet channel reception and closeCode carries out safety verification.
Optionally, further includes: verifying instruction issuance unit, for being tested in verification information issuance unit to user terminal transmissionAfter demonstrate,proving information, verifying instruction is sent to card application server, activation user terminal prompt user passes through so as to card application serverCarrier data short message channel provides verification information.
According to disclosure one aspect, a kind of application platform is proposed, comprising: memory;And it is coupled to memoryProcessor, processor is configured as based on being stored in the instruction execution of the memory above safety as performed by application platformVerification method.
Such application platform can send verification information to user by internet channel, and from carrier data short messageThe verification information of channel reception user feedback improves reliable to carry out safety verification using internet and short message binary channelsProperty.
In addition, according to one aspect of the disclosure, proposing a kind of computer readable storage medium, being stored thereon with computerProgram instruction realizes the safe verification method that above any one is executed by application platform when the instruction is executed by processorStep.
Such computer readable storage medium can be sent out by internet channel to user by executing instruction thereonVerification information is sent, and receives the verification information of user feedback from carrier data short message channel, to utilize internet and short messageBinary channels carries out safety verification, improves reliability.
Specific embodiment
Below by drawings and examples, the technical solution of the disclosure is described in further detail.
The flow chart of one embodiment of the safe verification method of the disclosure is as shown in Figure 1.
In a step 101, the verification information from application platform is obtained by internet interface, internet interface can be withThe connection of the channels such as wired internet, 3G/4G (third generation/fourth generation mobile communication technology) mobile Internet.In one embodimentIn, verification information can be obtained in applications client, application client is not limited by user terminal operating system, be can be micro-Soft Windows, apple IOS or Google's Android operation system.In one embodiment, verification information can be identifying code.?In one embodiment, user first can send user name, encrypted message by internet channel to application platform, such as in application visitorFamily end inputs user name password, so that application platform generates verification information after receiving user name, password.
In a step 102, user's validation information is prompted.In one embodiment, information input frame can be popped up to mentionShow that user inputs the verification information obtained from internet interface.
In step 103, verification information is sent to application platform by carrier data short message channel.In one embodimentIn, the short message including verification information can be sent directly to application platform, transfer server can also be sent to, by serverThe short message interface of the application platform to be matched according to application platform mark determination is simultaneously transmitted to application platform or transfer server generalApplication platform is sent to by internet channel by carrier data short message channel received verification information.In one embodimentIn, in order to improve safety, terminal, which is used, sends out encryption information with after the progress verification information encryption of the cipher mode of Peer NegotiationIt send to application platform or transfer server.
By such method, user terminal obtains the verification information from application platform by internet channel, and leads toCarrier data short message channel feedback validation information is crossed to application platform, to carry out safety using internet and short message binary channelsVerifying, improves the reliability of verifying.
In one embodiment, it can be utilized by subscriber card (SIM card, usim card or UIM card in such as user mobile phone)It is embedded in the function triggering prompt user's validation information of itself, so that verification information passes through carrier data short message channelA possibility that process of transmission is associated with subscriber card, reduces forgery, improves safety.
In one embodiment, after application platform sends verification information to user terminal by internet channel, Ke YixiangTransfer server (card application server such as associated with subscriber card) send verifying instruction, transfer server to requests verificationThe associated subscriber card of user send verifying activation instruction, subscriber card prompts user's validation information immediately, and user is only capable ofEnough pass through the channel transfer information to transfer server and application platform only approves the verification information forwarded by transfer server, fromAnd it ensure that the terminal for capableing of validation information is to be configured with the terminal of the subscriber card of corresponding user, it is therefore prevented that pass through internetThe verifying message of transmission is intercepted caused security risk, further improves reliability.
The flow chart of another embodiment of the safe verification method of the disclosure is as shown in Figure 2.
In step 201, application platform generates verification information and is sent to user terminal by internet channel.At oneIn embodiment, application platform can generate verification information after receiving checking request from the user;In one embodiment, it answersIt can receive username and password from the user with platform, generate accidental validation information immediately, applications client transmits accountWhen the information such as password are to application platform, the information such as the key pair account number cipher negotiated between client and application platform can be passed throughCarry out encrypted transmission.
In step 202, application platform is received by carrier data short message channel come the verification information of user terminal.In one embodiment, verification information can be transmitted directly to application platform by operator's client information channel by user terminal,The short of application platform can also be sent to after carrying out identification transfer by transfer server reception come the verification information of user terminalLetter interface or transfer server will be sent to by the received verification information of carrier data short message channel by internet channelApplication platform.
In step 203, application platform carries out safety verification according to verification information.In one embodiment, application platformVerification information and the verification information of transmission can be subjected to matching verifying;In another embodiment, application platform can basisUser name, password from internet channel and the verification information from carrier data short message channel carry out safety verification,User name, password match, and pass through safety verification in the case that verification information fits through.
By such method, application platform can send verification information to user by internet channel, and from operationQuotient data short message channel receives the verification information of user feedback, so that safety verification is carried out using internet and short message binary channels,Improve reliability.
In one embodiment, application platform is sent after sending verification information to user terminal to card application serverVerifying instruction, so as to card application server, activation user terminal prompt user provides verifying letter by carrier data short message channelBreath, subscriber card prompt user's validation information immediately, user only can by the channel transfer information to card application server,And application platform only approves the verification information forwarded by card application server, to ensure that the terminal for capableing of validation informationFor be configured with corresponding user subscriber card terminal, it is therefore prevented that caused peace is intercepted by the verifying message of the Internet transmissionFull hidden danger, further improves reliability.
The flow chart of another embodiment of the safe verification method of the disclosure is as shown in Figure 3.
In step 301, user inputs username and password in applications client, and is sent to and is answered by internet channelUse platform.
In step 302, application platform generates verification information after receiving user name password, and passes through internet channelFeed back to applications client.
In step 303, application platform sends verifying instruction to card application server.In one embodiment, verifying refers toIt may include username information in order.
In step 304, card application server sends verifying active information to the subscriber card bound with username information.?In one embodiment, subscriber card is stored in card application server in the username information of each application platform.
In step 305, for the subscriber card of user terminal after receiving verifying active information, display reminding user inputs verifyingVerification information is sent to by carrier data short message channel and is answered after user completes verification information input by the interface of informationUse platform.In one embodiment, verification information can be sent to transfer server by user, be turned after transfer server identificationIssue the short message interface of application platform.
Within step 306, application platform receives verification information by carrier data short message channel.
In step 307, whether application platform verifying user name, password match, and the verification information that verifying receives whetherThe verification information matching sent when the user name of user corresponding with receiving.If being all verified, verification process is completed, is allowedUser operates.
By such method, application platform can be according to user name, password, and is based on internet and short message binary channelsVerification information verify carry out safety verification, further improve reliability.
The schematic diagram of one embodiment of the user terminal of the disclosure is as shown in Figure 4.Applications client 41 can be by mutualNetworking interface obtains the verification information from application platform and shows to user, and subscriber card 42 can prompt user to input verifying letterBreath, and the verification information carrier data short message channel of user's input is sent into verification information to application platform.Implement at oneIn example, in order to improve safety, subscriber card 42 is used will encrypt with after the progress verification information encryption of the cipher mode of Peer NegotiationInformation is sent to application platform.
Such user terminal can obtain the verification information from application platform by internet channel, and pass through operationQuotient data short message channel feedback validation information is to application platform, so that safety verification is carried out using internet and short message binary channels,Improve reliability.
In one embodiment, subscriber card can only carry out the communication of verification information with card application server, such as receiveCard application service is sent to from verifying command prompt user's validation information of card application server, and by verification informationDevice, so that card application server is forwarded to application platform.
Such user terminal limits the Correspondent Node of subscriber card, is on the one hand easy to implement, and on the other hand also reducesA possibility that information is tampered and intercepts, improves safety.
In one embodiment, subscriber card may include one of SIM card, usim card, usim card or a variety of.At oneIn embodiment, functional module can be increased based on existing subscriber card.Subscriber card can be 3G/4G Native card, card at this timeApplied function module is the mode of instruction set, and card applied function module can be placed in by subscriber card provider preset mode;UserCard is also possible to 3G/4G NFC (Near Field Communication, near field communication (NFC)) card, and card at this time is answeredIt is Java Applet program with functional module, card applied function module can be placed in by special card application management software.
Such user terminal can prompt user's validation information using the function triggering for being embedded in itself by subscriber card,So that verification information is associated with subscriber card by the process that carrier data short message channel is sent, reduce forgery canEnergy property, improves safety.
The schematic diagram of one embodiment of the application platform of the disclosure is as shown in Figure 5.Verification information issuance unit 51 canIt generates verification information and user terminal is sent to by internet channel.In one embodiment, verification information issuance unit 51Verification information can be generated after receiving user name, password when user attempts to log in.Verification information receiving unit 52 can lead toIt crosses carrier data short message channel and receives the verification information for carrying out user terminal.Authentication unit 53 can be carried out according to verification informationSafety verification.
Such application platform can send verification information to user by internet channel, and from carrier data short messageThe verification information of channel reception user feedback improves reliable to carry out safety verification using internet and short message binary channelsProperty.
In one embodiment, authentication unit 53 according to verification information and can pass through the user's of internet channel receptionUsername and password carries out safety verification, further improves reliability.
In one embodiment, as shown in figure 5, application platform can also include verifying instruction issuance unit 54, Neng GouAfter verification information issuance unit 51 sends verification information to user terminal, verifying instruction is sent to card application server, so as to cardApplication server activates user terminal prompt user to provide verification information by carrier data short message channel, and ensure that can be defeatedThe terminal for entering verification information is to be configured with the terminal of the subscriber card of corresponding user, it is therefore prevented that passes through the verifying message of the Internet transmissionIt is intercepted caused security risk, further improves reliability.
The structural schematic diagram of one embodiment of disclosure application platform is as shown in Figure 6.Application platform includes memory 610With processor 620.Wherein: memory 610 can be disk, flash memory or other any non-volatile memory mediums.Memory is usedThe instruction executed in the storage above corresponding embodiment of safe verification method by application platform.Processor 620, which is coupled to, to be depositedReservoir 610 can be used as one or more integrated circuits to implement, such as microprocessor or microcontroller.The processor 620 is usedIn executing the instruction that stores in memory, it can be realized and verification information is sent to user by internet channel, and from operatorThe verification information of data SMS channel reception user feedback mentions to carry out safety verification using internet and short message binary channelsHigh reliability.
It in one embodiment, can be as shown in fig. 7, application platform 700 includes memory 710 and processor 720.PlaceReason device 720 is coupled to memory 710 by BUS bus 730.The application platform 700 can also be connected to by memory interface 740External memory 750 can also be connected to network or an other meter to call external data by network interface 760Calculation machine system (not shown).Specific signaling flow direction and treatment process no longer describe in detail herein.
In this embodiment, it is instructed by memory stores data, then above-metioned instruction is handled by processor, can be realizedVerification information is sent to user by internet channel, and receives the verifying letter of user feedback from carrier data short message channelBreath improves reliability to carry out safety verification using internet and short message binary channels.
In another embodiment, a kind of computer readable storage medium, is stored thereon with computer program instructions, this refers toEnable the step of method executed in safe verification method corresponding embodiment by application platform is realized when being executed by processor.This fieldInterior technical staff is it should be appreciated that embodiment of the disclosure can provide as method, apparatus or computer program product.Therefore, this public affairsOpen the form that complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used.AndAnd the disclosure can be used and can be deposited with non-transient in the computer that one or more wherein includes computer usable program codeThe shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)Formula.
The schematic diagram of one embodiment of the security authentication systems of the disclosure is as shown in Figure 8.Application platform 81 can be upperAny one application platform in text can generate verification information and be sent to user terminal by internet channel, pass through operationQuotient data short message channel receives the verification information for carrying out user terminal, and carries out safety verification according to verification information.User terminal82 can be above any one user terminal, can obtain the verification information from application platform by internet interface,And the verification information of user's input is sent into verification information to application platform by carrier data short message channel.
In such security authentication systems, application platform sends verification information to user by internet channel, and user willThe verification information received from internet channel is sent to application platform by carrier data short message channel, to utilize internetSafety verification is carried out with short message binary channels, improves reliability.
It in one embodiment, can be according to answering as shown in figure 8, security authentication systems further include card application server 83It is instructed to the verifying that card application server is sent to user terminal transmission and is tested after sending verification information to user terminal with platformActive information is demonstrate,proved, and the verification information from subscriber card is transmitted to application platform;The subscriber card configured in user terminal according toIt verifies active information and prompts user's validation information.
The terminal that such security authentication systems can guarantee validation information is to be configured with the use of corresponding userThe terminal of family card, it is therefore prevented that caused security risk is intercepted by the verifying message of the Internet transmission, is further improvedReliability.
In one embodiment, the data SMS format between card application server and the card applied function module of subscriber cardGSMA03.48 standard can be used, the confirmation message that user is inputted is limited by subscriber card proactive command GET INPUT, and oneAs only include the combination of number, *, #, therefore, the confirmation message that application platform generates can only be the combination of number, *, #, confirmation letterBreath length generally can be 4-10 character, and the communication between card application server and application platform can pass through both sides' arranging keyCarry out encrypted transmission.Such security authentication systems limit key, agreement, the format of each input and communication links, thusFurther improve safety.
By taking Network Bank security verification process as an example, the signaling interaction diagram of one embodiment of the security authentication systems of the disclosure is such asShown in Fig. 9.
In 901, user starts Web bank's client.
In 902, user transfers accounts or trades in Web bank.
In 903, user is in information such as Web bank's client input account number ciphers.
In 904, Web bank's client sends the information such as account number cipher to bank system of web.
In 905, bank system of web generates dynamic verification code.
In 906, bank system of web returns to dynamic verification code by network channel and gives Web bank's client.
In 907, Web bank's client shows dynamic verification code.
In 908, bank system of web carries user mobile phone number information transmission Data Data short message channel certification request and disappearsIt ceases and gives operator's card application server.
In 909, operator's card application server sends data SMS to subscriber card, request pop-up according to user mobile phone numberDynamic verification code inputs prompting frame.
In 910, subscriber card is based on the associated card applied function module pop-up dynamic verification code input prompt being embedded in thereonFrame.
In 911, user inputs dynamic verification code shown by Web bank's client.
In 912, subscriber card applied function module obtains the dynamic verification code information of user's input, and passes through data SMSReturn to operator's card application server.
In 913, operator's card application server forwarding dynamic verification code information gives Web bank's application platform.
In 914, Web bank's application platform is to information such as account number ciphers from network channel and comes from Data DataThe dynamic verification code information of short message channel carries out double verification.
By the above process, the information such as user's confirmation message and account number cipher are respectively adopted different channels and are back to applicationPlatform;User plays in frame after input validation information in the card application of mobile phone terminal, the Data Data that confirmation message passes through operatorShort message channel is back to application platform;The information such as account number cipher are back to application platform by traditional network channel, ensureThe safety of user information transmission, and enhance the credibility to subscriber authentication.
The disclosure is reference according to the method for the embodiment of the present disclosure, the flow chart of equipment (system) and computer program productAnd/or block diagram describes.It should be understood that each process in flowchart and/or the block diagram can be realized by computer program instructionsAnd/or the combination of the process and/or box in box and flowchart and/or the block diagram.It can provide these computer programs to refer toEnable the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to generateOne machine so that by the instruction that the processor of computer or other programmable data processing devices executes generate for realizingThe device for the function of being specified in one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spyDetermine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram orThe function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that countingSeries of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer orThe instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram oneThe step of function of being specified in a box or multiple boxes.
So far, the disclosure is described in detail.In order to avoid covering the design of the disclosure, it is public that this field institute is not describedThe some details known.Those skilled in the art as described above, completely it can be appreciated how implementing technology disclosed hereinScheme.
Disclosed method and device may be achieved in many ways.For example, can by software, hardware, firmware orPerson's software, hardware, firmware any combination realize disclosed method and device.The step of for the method it is above-mentionedSequence is merely to be illustrated, and the step of disclosed method is not limited to sequence described in detail above, unless with other sidesFormula illustrates.In addition, in some embodiments, the disclosure can be also embodied as recording program in the recording medium, theseProgram includes for realizing according to the machine readable instructions of disclosed method.Thus, the disclosure also covers storage for executingAccording to the recording medium of the program of disclosed method.
Finally it should be noted that: above embodiments are only to illustrate the technical solution of the disclosure rather than its limitations;To the greatest extentPipe is described in detail the disclosure referring to preferred embodiment, it should be understood by those ordinary skilled in the art that: stillIt can modify to the specific embodiment of the disclosure or some technical features can be equivalently replaced;Without departing from this public affairsThe spirit of technical solution is opened, should all be covered in the claimed technical proposal scope of the disclosure.