[go: up one dir, main page]

WO2013013367A1 - Procédé et dispositif d'authentification d'identité de terminal mobile - Google Patents

Procédé et dispositif d'authentification d'identité de terminal mobile Download PDF

Info

Publication number
WO2013013367A1
WO2013013367A1 PCT/CN2011/077492 CN2011077492W WO2013013367A1 WO 2013013367 A1 WO2013013367 A1 WO 2013013367A1 CN 2011077492 W CN2011077492 W CN 2011077492W WO 2013013367 A1 WO2013013367 A1 WO 2013013367A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile terminal
password
location information
module
identity verification
Prior art date
Application number
PCT/CN2011/077492
Other languages
English (en)
Chinese (zh)
Inventor
李治国
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Priority to PCT/CN2011/077492 priority Critical patent/WO2013013367A1/fr
Publication of WO2013013367A1 publication Critical patent/WO2013013367A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals

Definitions

  • the present invention relates to the field of mobile terminals, and in particular, to an identity verification method and apparatus for a mobile terminal.
  • the identity verification of the mobile terminal is implemented by verifying whether the user name and password of the mobile terminal are correct.
  • the user name and password of the mobile terminal respectively match the preset user name and password, It is determined that the identity of the mobile terminal is correct, and the Internet service scheduled by the mobile terminal can be used.
  • the mobile terminal's authentication information is easily stolen by Trojans or hackers, making the mobile terminal less secure when logging in to use the mobile Internet service. .
  • Embodiments of the present invention provide a method and apparatus for authenticating a mobile terminal, which improves security when a mobile terminal logs in using a mobile Internet service.
  • a method for authenticating a mobile terminal includes:
  • the mobile terminal If the identity verification of the mobile terminal passes, the mobile terminal is allowed to log in to the network server and use the network service scheduled by the mobile terminal.
  • a server comprising:
  • An identity verification unit configured to perform a risk on the identity of the mobile terminal according to the user name, the password of the mobile terminal, and the geographical location information of the mobile terminal;
  • a login unit configured to allow the mobile terminal to log in to the network server when the identity verification unit determines that the identity verification of the mobile terminal is passed, and use the network service scheduled by the mobile terminal Business.
  • the method and device for verifying the identity of the mobile terminal provided by the embodiment of the present invention, when performing identity verification on the mobile terminal, according to the user name and password of the mobile terminal and the geographical location information of the location where the mobile terminal is registered, to the mobile terminal
  • the identity of the mobile terminal is verified, and the geographical location information of the mobile terminal is not easily stolen by the Trojan or the hacker.
  • the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. In comparison, the security of the mobile terminal when using the mobile Internet service is improved.
  • FIG. 1 is a flowchart of an identity verification method of a mobile terminal according to Embodiment 1 of the present invention
  • FIG. 2 is a flowchart of an identity verification method of a mobile terminal according to Embodiment 2 of the present invention.
  • FIG. 3 is a flowchart of an identity verification method of a mobile terminal according to Embodiment 3 of the present invention.
  • Embodiment 4 is a block diagram showing the composition of a server in Embodiment 4 of the present invention.
  • FIG. 5 is a block diagram showing the composition of another server in Embodiment 4 of the present invention.
  • FIG. 6 is a block diagram showing the composition of another server in Embodiment 4 of the present invention.
  • Figure 7 is a block diagram showing the composition of another server in Embodiment 4 of the present invention.
  • An embodiment of the present invention provides a method for authenticating a mobile terminal. As shown in FIG. 1, the method includes: 1 01. Verify the identity of the mobile terminal according to the username, password, and geographic location information of the mobile terminal.
  • the network server sends a prompt message to the mobile terminal whether to log in to use the network service only after receiving the network service registration request sent by the mobile terminal, if the user determines Only when the login service is used to register the network service, the geographical location information registered by the mobile terminal is obtained, and the registered geographical location information will not be modified once determined.
  • the geographic location information of the mobile terminal can be obtained by the server through the GPS. However, the embodiment of the present invention does not limit this, and may be acquired by the mobile terminal and sent to the server.
  • the mobile terminal If the identity verification of the mobile terminal passes, the mobile terminal is allowed to log in to the network server, and uses the network service scheduled by the mobile terminal.
  • the identity of the mobile terminal is verified according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal registration, and the mobile terminal The geographical location information of the registered place is not easily stolen by the Trojan or the hacker.
  • the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. Security when using mobile internet services.
  • the embodiment of the invention provides an identity verification method for a mobile terminal. As shown in FIG. 2, the method includes:
  • the mobile terminal when the mobile terminal first performs the registration network service, after receiving the network service registration request sent by the mobile terminal, the mobile terminal sends a prompt message to the mobile terminal whether to log in to use the network service only at the registered location, So that the user can determine the mode of logging in to use the web service.
  • the location information of the mobile terminal registration location is obtained; and according to the geographic location The set information and the predetermined rule set the range of the geographic location of the mobile terminal.
  • the obtaining the geographical location information registered by the mobile terminal may be obtained by the server through the GPS, but the embodiment of the present invention does not limit this, and may also be acquired by the mobile terminal and sent to the server.
  • the predetermined rule is a defined rule of the range of the location value, and may be specifically set according to the needs of the user, which is not limited by the embodiment of the present invention, for example, within 50 meters or around the specific geographical location where the mobile terminal is registered. Within 100 meters.
  • the request may be a request triggered by an operation of the terminal in any form, for example, a request that is triggered after the login of the network service login user name and password.
  • the embodiment of the present invention is not limited thereto, and may also be when the network login interface is opened. The request that was triggered.
  • the obtaining the user name and password of the mobile terminal may be implemented by, but not limited to, receiving the user name and password sent by the mobile terminal; when the mobile terminal sends the user name and password, the user may input the user name and the password. After the password is sent to the network server, the user name and password input by the user are sent to the network server. The default user name and password in the default login mode are directly sent to the network server when the login interface is opened. .
  • step 205 Perform identity verification on the mobile terminal according to the username and password. If the username and password respectively match the corresponding username and password of the preset value of the mobile terminal, perform step 206; If the name and password respectively do not match the corresponding user name and password of the preset value of the mobile terminal, step 210 is performed.
  • the user is authenticated according to the user name and password, and the user name and password are respectively matched with the corresponding user name and password of the preset value of the mobile terminal.
  • the obtaining of the geographic location information of the mobile terminal may be obtained by the server through the GPS. However, the embodiment of the present invention does not limit this, and may be acquired by the mobile terminal and sent to the server. 207.
  • the obtained geographical location information is compared with the geographical location information of the mobile terminal to be registered. If the geographical difference value obtained by the comparison is within the geographic location wide value range, step 208 is performed; If the geographical difference value obtained by the comparison is not within the range of the geographic location, step 209 is performed.
  • the user name and password input to the mobile terminal are incorrect. Please re-enter the notification message of the user name and password.
  • the identity of the mobile terminal is verified according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal registration, and the mobile terminal The geographical location information of the registered place is not easily stolen by the Trojan or the hacker.
  • the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. Security when using mobile internet services.
  • the embodiment of the invention provides an identity verification method for a mobile terminal. As shown in FIG. 3, the method includes:
  • the mobile terminal when the mobile terminal first performs the registration network service, after receiving the network service registration request sent by the mobile terminal, the mobile terminal sends a prompt message to the mobile terminal whether to log in to use the network service only at the registered location, So that the user can determine the mode of logging in to use the web service.
  • the location information of the mobile terminal registration location is obtained; and according to the geographic location
  • the set information and the predetermined rule set the range of the geographic location of the mobile terminal.
  • the obtaining the geographical location information registered by the mobile terminal may be obtained by the server through the GPS, but the embodiment of the present invention does not limit this, and may also be acquired by the mobile terminal and sent to the server.
  • the predetermined rule is a defined rule of the range of the location value, and may be specifically set according to the requirements of the user, which is not limited by the embodiment of the present invention, for example, within 50 meters or around the specific geographical location where the mobile terminal is registered. Within 100 meters.
  • the request may be a request triggered by an operation of the terminal in any form, for example, a request that is triggered after the login of the network service login user name and password.
  • the embodiment of the present invention is not limited thereto, and may also be when the network login interface is opened. The request that was triggered.
  • the obtaining of the geographic location information of the mobile terminal may be obtained by the server through the GPS.
  • the embodiment of the present invention does not limit the mobile terminal, and may be acquired by the mobile terminal and sent to the server.
  • step 306 is performed; If the geographical difference value obtained by the comparison is not within the range of the geographic location, step 309 is performed.
  • the obtaining the user name and password of the mobile terminal may be implemented by, but not limited to, receiving the user name and password sent by the mobile terminal; when the mobile terminal sends the user name and password, the user may input the user name and the password. After the password is sent to the network server, the user name and password input by the user are sent to the network server. The default user name and password in the default login mode are directly sent to the network server when the login interface is opened. .
  • Step 307 Perform identity verification on the mobile terminal according to the username and password. If the username and password respectively match the corresponding username and password of the mobile terminal preset value, perform Step 308: If the user name and password respectively do not match the corresponding user name and password of the preset value of the mobile terminal, step 309 is performed.
  • the user name and password input to the mobile terminal are incorrect. Please re-enter the notification message of the user name and password.
  • the identity of the mobile terminal is verified according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal registration, and the mobile terminal The geographical location information of the registered place is not easily stolen by the Trojan or the hacker.
  • the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. Security when using mobile internet services.
  • the mobile terminal after receiving the request for logging in to the network server sent by the mobile terminal, acquiring geographical location information of the mobile terminal, and pre-setting the geographic location information with the mobile terminal Comparing the geographical value range, when the compared geographical difference is within the range of the geographic value, the mobile terminal is authenticated according to the username and password, and the geographical difference is compared. When the value is not in the range of the location value, the mobile terminal is not authenticated according to the username and password, which avoids unnecessary verification operations of the server and saves operating resources of the server.
  • the embodiment of the invention provides a server.
  • the server includes: an identity verification unit 41 and a login unit 42.
  • the identity verification unit 41 is configured to verify the identity of the mobile terminal according to the username, password, and geographic location information of the mobile terminal.
  • the login unit 42 is configured to allow the mobile terminal to log in to the network server when the identity verification unit 41 determines that the identity verification of the mobile terminal passes, and use the network service scheduled by the mobile terminal.
  • the identity verification unit 41 includes: a first receiving module 41 1 , a first obtaining module 412 , a first identity verifying module 41 3 , a second acquiring module 414 , and a first comparing module 415 .
  • the first receiving module 411 is configured to receive a request sent by the mobile terminal to log in to the network server.
  • the first obtaining module 412 is configured to obtain a username and a password of the mobile terminal.
  • the first identity verification module 41 3 is configured to perform identity verification on the mobile terminal according to the username and password obtained by the first obtaining module 412.
  • the second obtaining module 414 is configured to determine, in the first identity verification module 41 3, that the user name and password acquired by the first obtaining module 412 are respectively matched with corresponding user names and passwords of the preset value of the mobile terminal. And acquiring geographic location information of the mobile terminal.
  • the first comparison module 415 is configured to compare the geographical location information acquired by the second obtaining module 414 with a geographical location information range of the mobile terminal registration.
  • the first determining module 416 is configured to determine, when the geographical difference value obtained by the first comparison module 415 is within the range of the geographic location, determine the identity verification of the mobile terminal.
  • the sending module 417 is configured to send, to the mobile terminal, a notification message that the mobile terminal fails to log in to the network server when the geographical difference value obtained by the first comparison module 415 is not within the geographical range.
  • the ID card unit 41 includes: a second receiving module 418, a third obtaining module 419, a second comparing unit 4110, a fourth obtaining module 4111, and a second identity verification module. 4112.
  • the second determining module 411 3.
  • the second receiving module 418 is configured to receive a request sent by the mobile terminal to log in to the network server.
  • the third obtaining module 419 is configured to obtain geographic location information of the mobile terminal.
  • the second comparing unit 4110 is configured to compare the geographic location information acquired by the third acquiring module 419 with geographic location information of the mobile terminal registration location.
  • the fourth obtaining module 4111 is configured to acquire the username and password of the mobile terminal when the geographically significant difference value obtained by the second comparing unit 4110 is within the range of the geographic location.
  • the second identity verification module 412 is configured to perform identity verification on the mobile terminal according to the user name and password obtained by the fourth obtaining module 4111.
  • the second determining module 4113 is configured to determine, when the second identity verification module 4112 determines that the username and password respectively match the corresponding username and password of the preset value of the mobile terminal, determine the identity of the mobile terminal. Verification passed.
  • the sending module 4114 is configured to send, to the mobile terminal, a notification message that the mobile terminal fails to log in to the network server when the geographical difference value obtained by the second comparison module 4110 is not within the geographical range.
  • the server further includes: a sending unit 43, an obtaining unit 44, and a setting unit 45.
  • the sending unit 43 is configured to receive the mobile terminal before the identity verification unit authenticates the identity of the mobile terminal according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal. After the network service registration request, the mobile terminal is sent a prompt message indicating whether to log in to use the network service only at the registered place.
  • the obtaining unit 44 is configured to: after receiving the response information that the user determines to log in to use the prompt information of the network service only, to obtain the geographical location information of the mobile terminal registration place.
  • a setting unit 45 configured to set a range of geographic location values of the mobile terminal according to the geographic location information acquired by the obtaining unit 44 and a predetermined rule;
  • the predetermined rule is a defined rule of a geographic location wide value range, and According to the specific needs of the user, the embodiment of the present invention does not limit this, for example, within 50 meters or within 100 meters of the specific geographical location where the mobile terminal is registered.
  • the identity of the mobile terminal is verified according to the user name and password of the mobile terminal and the geographical location information of the mobile terminal registration, and the mobile terminal The geographical location information of the registered place is not easily stolen by the Trojan or the hacker.
  • the mobile terminal is authenticated only by the user name and password that are easily stolen by the Trojan or the hacker. Security when using mobile internet services.
  • the mobile terminal after receiving the request for logging in to the network server sent by the mobile terminal, acquiring geographical location information of the mobile terminal, and pre-setting the geographic location information with the mobile terminal Comparing the geographical value range, when the compared geographical difference is within the range of the geographic value, the mobile terminal is authenticated according to the username and password, and the geographical difference is compared. When the value is not in the range of the location value, the mobile terminal is not authenticated according to the username and password, which avoids unnecessary verification operations of the server and saves operating resources of the server.
  • the embodiment of the present invention can be applied in any application scenario that needs to be kept secret.
  • a user performs a login service on a mobile terminal such as a mobile phone, such as synchronizing, uploading, or transmitting data that is very private to the user
  • the security requirement is high or Users with strong privacy only want to log in and use at home. Therefore, when the user can only log in locally, the hacker in the field can steal the user's username and password, and the hacker cannot know the user registration.
  • the geographical location information greatly increases security.
  • the present invention can be implemented by means of software plus necessary general hardware, and of course, by hardware, but in many cases, the former is a better implementation. .
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a readable storage medium, such as a floppy disk of a computer.
  • a hard disk or optical disk or the like includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

La présente invention concerne le domaine des terminaux mobiles. Un mode de réalisation de la présente invention concerne un procédé et un dispositif permettant l'authentification de l'identité d'un terminal mobile, tout en améliorant la sécurité lorsque le terminal mobile se connecte à un service d'Internet mobile et l'utilise. Le procédé de la présente invention comprend : l'authentification de l'identité du terminal mobile en fonction du nom d'utilisateur et du mot de passe du terminal mobile, ainsi que des informations de localisation géographique actuelles du terminal mobile ; si l'authentification de l'identité du terminal mobile est approuvée, alors le terminal mobile a l'autorisation de se connecter à un serveur de réseau et d'utiliser le service de réseau commandé par le terminal mobile. Le mode de réalisation de la présente invention est principalement utilisé dans le procédé d'authentification d'identité du terminal mobile.
PCT/CN2011/077492 2011-07-22 2011-07-22 Procédé et dispositif d'authentification d'identité de terminal mobile WO2013013367A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/077492 WO2013013367A1 (fr) 2011-07-22 2011-07-22 Procédé et dispositif d'authentification d'identité de terminal mobile

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/077492 WO2013013367A1 (fr) 2011-07-22 2011-07-22 Procédé et dispositif d'authentification d'identité de terminal mobile

Publications (1)

Publication Number Publication Date
WO2013013367A1 true WO2013013367A1 (fr) 2013-01-31

Family

ID=47600444

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/077492 WO2013013367A1 (fr) 2011-07-22 2011-07-22 Procédé et dispositif d'authentification d'identité de terminal mobile

Country Status (1)

Country Link
WO (1) WO2013013367A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020137524A1 (en) * 2001-03-22 2002-09-26 International Business Machines Corporation System and method for providing access to mobile devices based on positional data
CN1464682A (zh) * 2002-06-24 2003-12-31 华为技术有限公司 基于验证、授权、计费协议的宽带预付费的实现方法
CN101197874A (zh) * 2008-01-02 2008-06-11 中兴通讯股份有限公司 移动终端设备

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020137524A1 (en) * 2001-03-22 2002-09-26 International Business Machines Corporation System and method for providing access to mobile devices based on positional data
CN1464682A (zh) * 2002-06-24 2003-12-31 华为技术有限公司 基于验证、授权、计费协议的宽带预付费的实现方法
CN101197874A (zh) * 2008-01-02 2008-06-11 中兴通讯股份有限公司 移动终端设备

Similar Documents

Publication Publication Date Title
JP6992105B2 (ja) 認証能力を決定するためのクエリシステム及び方法
US9722984B2 (en) Proximity-based authentication
CN107948204B (zh) 一键登录方法及系统、相关设备以及计算机可读存储介质
CN104917727B (zh) 一种帐户鉴权的方法、系统及装置
JP5784827B2 (ja) 2つの通信デバイスを介した認証システム
WO2015062398A1 (fr) Procédé et dispositif d'authentification d'accès pour un système d'information
WO2016177052A1 (fr) Procédé et appareil d'authentification d'utilisateur
US9730001B2 (en) Proximity based authentication using bluetooth
US20120254960A1 (en) Connecting mobile devices, internet-connected vehicles, and cloud services
US20200274868A1 (en) Server-based setup for connecting a device to a local area network
US20130305325A1 (en) Methods for Thwarting Man-In-The-Middle Authentication Hacking
WO2017076216A1 (fr) Serveur, terminal mobile et procédé et système d'authentification de nom réel sur internet
CN108880822A (zh) 一种身份认证方法、装置、系统及一种智能无线设备
CN103581184A (zh) 移动终端访问企业内网服务器的方法和系统
CN105681259A (zh) 一种开放授权方法、装置及开放平台
US9853971B2 (en) Proximity based authentication using bluetooth
US11689923B2 (en) Method and system for generating a secure one-time passcode using strong authentication
WO2016155220A1 (fr) Procédé, système et terminal de signature unique
CN109460647B (zh) 一种多设备安全登录的方法
CN104660405A (zh) 一种业务设备认证方法及设备
WO2018099407A1 (fr) Procédé et dispositif de connexion basée sur une authentification de compte
WO2024139616A1 (fr) Procédé et appareil d'authentification de signature
CN107147661A (zh) 一种基于动态口令增强ftp协议安全系统和方法
US8949598B2 (en) Method and apparatus for secured embedded device communication
JP2015170220A (ja) 機器認証方法および機器認証システム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11870045

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11870045

Country of ref document: EP

Kind code of ref document: A1