[go: up one dir, main page]

WO2015062461A1 - Method and system for verifying user identity of an online application - Google Patents

Method and system for verifying user identity of an online application Download PDF

Info

Publication number
WO2015062461A1
WO2015062461A1 PCT/CN2014/089627 CN2014089627W WO2015062461A1 WO 2015062461 A1 WO2015062461 A1 WO 2015062461A1 CN 2014089627 W CN2014089627 W CN 2014089627W WO 2015062461 A1 WO2015062461 A1 WO 2015062461A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile terminal
dynamic password
identification code
user identifier
remote server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2014/089627
Other languages
French (fr)
Inventor
Yumiao ZHANG
Zhigang Song
Ming Chen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Publication of WO2015062461A1 publication Critical patent/WO2015062461A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the disclosed implementations relate generally to the field of communication technology, and in particular, to method and system for verifying the identity of a user of an online application.
  • the invention is implemented in a mobile terminal and a remote server that is in communication with the mobile terminal, each having one or more processors, memory and one or more modules, programs or sets of instructions stored in the memory for performing multiple functions. Instructions for performing these functions may be included in a computer program product stored in a non-transitory computer-readable medium and configured for execution by one or more processors.
  • One aspect of the present application involves a computer-implemented method for verifying a user identifier of an online application and performed by a mobile terminal having one or more processors and memory and a display.
  • the computer-implemented method includes: receiving input data associated with the online application; acquiring a first identification code corresponding to the user identifier; generating a first dynamic password based on the first identification code; sending the first dynamic password, the user identifier and the input data to a remote server; and receiving a confirmation message from the remote server, wherein the confirmation message indicates that the user identifier has been verified using the first dynamic password and the input data has been processed using the user identifier.
  • a mobile terminal including memory, one or more processors, and one or more program modules stored in the memory and configured for execution by the one or more processors.
  • the mobile terminal is in communication with a remote server hosting an online application for verifying a user identifier.
  • the one or more program modules include instructions for: receiving input data associated with the online application; acquiring a first identification code corresponding to the user identifier; generating a first dynamic password based on the first identification code; sending the first dynamic password, the user identifier and the input data to a remote server; and receiving a confirmation message from the remote server, wherein the confirmation message indicates that the user identifier has been verified using the first dynamic password and the input data has been processed using the user identifier.
  • Another aspect of the present application involves a non-transitory computer readable storage medium having stored therein one or more program modules for execution by one or more processors of a mobile terminal that is in communication with a remote server hosting an online application for verifying a user identifier, the one or more program modules including instructions for: receiving input data associated with the online application; acquiring a first identification code corresponding to the user identifier; generating a first dynamic password based on the first identification code; sending the first dynamic password, the user identifier and the input data to a remote server; and receiving a confirmation message from the remote server, wherein the confirmation message indicates that the user identifier has been verified using the first dynamic password and the input data has been processed using the user identifier.
  • Figure 1 is a flow chart of a user identity verification method in one embodiment
  • Figure 2 is a flow chart of verification of user identity in one embodiment
  • Figure 3 is a flow chart of verification of user identity in another embodiment
  • Figure 4 is a flow chart of verification of user identity in yet another embodiment
  • Figure 5 is a flow chart of verification of user identity in still another embodiment
  • Figure 6 is a flow chart of a user identity verification method in another embodiment
  • Figure 7 is a structural block diagram of a user identity verification system in one embodiment
  • Figure 8 is a structural block diagram of a server in one embodiment
  • Figure 9 is a structural block diagram of a user identity verification system in another embodiment.
  • Figure 10 is a structural block diagram of a mobile terminal in one embodiment.
  • Figure 11 is a structural block diagram of a server in another embodiment.
  • a user identity verification method comprises the steps described as follows.
  • Step 102 a mobile terminal acquires a pre-stored first identification code corresponding to the user identifier.
  • the mobile terminal of the present application is a mobile terminal device capable of running various applications, including, but not limited to, portable laptop computers, personal digital assistants, tablet computers, smartphones, e-book readers, MP3 (Moving Picture Experts Group Audio Layer III) or MP4 (Moving Picture Experts Group Audio Layer IV) players, POS terminals and on-vehicle computers, etc.
  • MP3 Motion Picture Experts Group Audio Layer III
  • MP4 Motion Picture Experts Group Audio Layer IV
  • the mobile terminal sends a request for transaction payment to a remote server. It is to be understood that the present application is not limited thereto; it may be used to identify the user in application scenarios requiring high degrees of safety, for example, in application scenarios of accessing private information of a user, confirming orders, etc.
  • an online application e.g., an online shopping or social network application
  • the input data may include data about the products being purchased and a user identifier of a user of the mobile terminal corresponding to a user account at the online application, which may be hosted by a remote server.
  • the user does not need to provide his or her password when accessing his or her bank account. Rather, a dynamically-generated password is used for verifying the user’s identity.
  • the dynamically-generated password originates from an identification code generated by the remote server, which may be unknown to the user of the mobile terminal.
  • the dynamically-generated password is tied with the mobile terminal, such transactional request can be verified as long as the request is from the mobile terminal, not from another device.
  • the dynamically-generated password is temporal-and/or spatial-dependent upon the current timestamp of the mobile terminal and/or the current location of the mobile terminal assuming that the mobile terminal is capable of determining its current location using, e.g., a GPS module.
  • the mobile terminal prestores the first identification code corresponding to the user identifier.
  • the user identifier is used for identifying the user uniquely, and it may be an account number or an identification code and the like used to log in applications.
  • the first identification code is an identification code used for generating a first dynamic password by the mobile terminal.
  • the first dynamic password may be a group of character strings obtained after operation is performed on the first identification code, or a group of character strings obtained after operation is performed on a combination of the first identification code and dynamic information associated with the mobile terminal or the user.
  • the first dynamic password is obtained after operation is performed on a combination of a group of character strings obtained and data to be processed, and so on.
  • the first identification code may be generated by the server, and the mobile terminal acquires the identification code from the server and stores it locally. For example, the first identification code may be generated when the user identifier was generated. The identification code stored in the mobile terminal is the first identification code. The first identification code may be generated based on the user identifier.
  • the server may acquire the user identifier sent by the mobile terminal and generates a group of character strings based on the user identifier, and then the group of character strings is the first identification code. Moreover, when generating the first identification code, the server may also generate the character strings based on the user identifier and other information associated with the mobile terminal or the user.
  • Step 104 the mobile terminal generates the first dynamic password based on the first identification code and sends the user identifier and first dynamic password to the server.
  • the first dynamic password is a character string used for verifying the identity
  • the so-called dynamic password is a random combination of numbers and characters generated according to a predefined algorithm.
  • the dynamic password can only be used once and will never be repeated. This is why the user does not need to remember the dynamic password.
  • Step 106 the server acquires a prestored second identification code corresponding to the user identifier.
  • the first identification code refers to the identification code stored in the mobile terminal
  • the second identification code refers to the identification code stored in the server.
  • the first identification code is distinguished from the second identification code according to the storage position of the identification code, and the contents of the first identification code and the second identification code may be the same or not.
  • the second identification code is generated by the server in advance based on the user identifier sent by the mobile terminal. After being sent to the mobile terminal, the second identification code is stored locally in the mobile terminal and is called the first identification code stored in the mobile terminal. If the identification code is not tampered during transmission and storage, the first identification code and the second identification code have the same content.
  • Step 108 the server generates the second dynamic password based on the second identification code and determines whether the first dynamic password matches the second dynamic password. If yes, the verification passes.
  • the first dynamic password is distinguished from the second dynamic password according to the generation position of the dynamic password, and the contents of the first dynamic password and the second dynamic password may be the same or not.
  • the server and the mobile terminal may agree on an algorithm for generating the dynamic password, thus the server generates the second dynamic password using the algorithm pre-agreed upon with the mobile terminal based on the second identification code and then determines whether the first dynamic password matches the second dynamic password. If yes, the user identity verification passes; otherwise, the verification fails.
  • character string detection may be used to detect whether the first dynamic password and the second dynamic password are the same. If yes, the user identity verification passes; otherwise, the verification fails. Since the first dynamic password and the second dynamic password are generated by the mobile terminal and the server respectively using the agreed upon algorithm based on the local identification codes, the first dynamic password and the second dynamic password should also be the same, if the first identification code and the second identification code are the same.
  • the mobile terminal may perform identity verification according to the identification code stored locally. The whole process of verification requires no input operation by the user, so that the possibility of the data being tampered is reduced, thereby improving the safety.
  • the server returns a message to the mobile terminal indicating the result of the verification as well as the transaction.
  • the message may also include results about additional processes performed at the remote server. For example, when the request from the mobile terminal is to initiate a commercial transaction, the remote server may cause another party (e.g., a point of sale (POS) terminal) to release a product associated with the purchase request to the user of the mobile terminal and deduct a corresponding amount of money from the user’s bank account associated with the user identifier.
  • the confirmation message may indicate that the purchase transaction has completed successfully and the amount of transaction as well.
  • a method for verifying the user identity comprises steps 201-212 described as follows.
  • Step 202 a mobile terminal acquires a pre-stored first identification code corresponding to the user identifier.
  • Step 204 the mobile terminal generates a first dynamic password based on the current timestamp and the first identification code.
  • the mobile terminal may acquire from the server the current timestamp which may be the time when the server receives a data processing request for data to be processed, wherein the data to be processed may be data need to be processed by the mobile terminal in various application scenarios, such as order data, payment data and private information of the user, etc.
  • the current timestamp is generated by the mobile terminal itself. In either case, the current timestamp is variable, so that the first dynamic password generated by the mobile terminal is unpredictable, thus the dynamic password cannot be intercepted or tampered easily, thereby further improving the safety.
  • Step 206 the mobile terminal sends the user identifier and the first dynamic password to the server.
  • Step 208 the server acquires a prestored second identification code corresponding to the user identifier.
  • the second identification code is an identification code generated when the mobile terminal requests an identification code from the server, and after being generated, the identification code is returned to the mobile terminal for storage. Therefore, if the first identification code stored in the mobile terminal is not tampered, the first identification code and the second identification code should be the same.
  • Step 210 the server generates a second dynamic password based on the current timestamp and the second identification code.
  • the first dynamic password is the first dynamic password
  • the second dynamic password is the second dynamic password. Since the server generates the second dynamic password based on the current timestamp and the second identification code, the first dynamic password and the second dynamic password should also be the same, if the first identification code and the second identification code are the same.
  • Step 212 the server determines whether the first dynamic password matches the second dynamic password. If yes, the verification passes; otherwise, the verification fails.
  • the server detects whether the first dynamic password and the second dynamic password are the same by means of character string detection. If the two are the same, the user identity verification passes; otherwise, the verification fails.
  • the mobile terminal may accomplish the verification of the user identity according to the prestored identification code, the whole process of verification requires no input by the user, and the dynamic password is dynamically variable according to the current timestamp, so that a reduced safety hazard and an improved safety degree are achieved, and great convenience is brought to the user, thereby improving the verification efficiency.
  • a method for verifying the user identity comprises steps 302-312 described as follows.
  • Step 302 a mobile terminal acquires the pre-stored first identification code corresponding to the user identifier.
  • Step 304 the mobile terminal generates the first dynamic password based on the current timestamp and the first identification code, and encrypts the input data to be processed by the remote server into a first signature data based on the data to be processed and the first dynamic password.
  • the data to be processed may be data provided by the mobile terminal in various application scenarios, such as order data, payment data and private information of the user, etc.
  • the mobile terminal acquires the data to be processed and uses a digest algorithm to perform digest operation on the data to be processed and the first dynamic password so as to generate the first signature data (or referred to as digest data) of the data to be processed.
  • the signature data is the data obtained by digesting the first dynamic password as the data to be processed.
  • the digest algorithm adopted by the mobile terminal to perform digest operation on the data to be processed and the first dynamic password includes, but not limited to, various CRC (Cyclic Redundancy Check) algorithms, MD algorithms (Message-Digest Algorithm) (for example, the MD4 algorithm, the MD5 algorithm) and SHA (Secure Hash Algorithm, an algorithm designated by American National Institute of Standards and Technology, an American standard institution specialized in formulating cryptographic algorithms) and the like, and the present application has no limitation thereon.
  • CRC Cyclic Redundancy Check
  • MD algorithms Message-Digest Algorithm
  • SHA Secure Hash Algorithm, an algorithm designated by American National Institute of Standards and Technology, an American standard institution specialized in formulating cryptographic algorithms
  • Step 306 the mobile terminal sends the user identifier, the data to be processed and first signature data to the server.
  • Step 308 the server acquires the prestored second identification code corresponding to the user identifier.
  • Step 310 the server generates the second dynamic password based on the current timestamp and the second identification code, and encrypts the data to be processed into a second signature data based on the data to be processed and the second dynamic password.
  • the first signature data is distinguished from the second signature data according to the generation position of the signature data, and the contents of the first signature data and the second signature data may be the same or not.
  • the first signature data is the first dynamic password
  • the second signature data is the second dynamic password.
  • the server and the mobile terminal may agree on an algorithm for generating the signature data. After generating the second dynamic password, the server performs digest operation on the received data to be processed and the second dynamic password using the algorithm agreed upon with the mobile terminal so as to generate the second signature data of the data to be processed. Since the server and the mobile terminal generate respective dynamic password using the agreed upon algorithm according to their respective local identification code, the first signature data and the second signature data should also be the same, if the first identification code and the second identification code are the same.
  • Step 312 the server determines whether the first signature data matches the second signature data. If yes, the verification passes; otherwise, the verification fails.
  • the server detects whether the first signature data and the second signature data are the same by means of character string detection. If the two are the same, the user identity verification passes; otherwise, the verification fails.
  • the server when performing identity verification, does not simply determine whether the first dynamic password and the second dynamic password are the same, but the mobile terminal further generates the first signature data of the data to be processed based on the data to be processed and the first dynamic password. And when performing identity verification, the server generates the second signature data of the data to be processed based on the received data to be processed and the second dynamic password generated to determine whether the first signature data and the second signature data are the same.
  • the signature data of the data to be processed is obtained through a series of operations and is dynamically variable with the time, the probability of being tampered is very low, thus the safety may be further improved.
  • the whole process of identity verification requires no input by the user, thus not only is the safety hazard reduced, but also the efficiency of verification is improved.
  • a method for verifying the user identity comprises steps 402-412 described as follows.
  • Step 402 a mobile terminal acquires the pre-stored first identification code corresponding to the user identifier.
  • Step 404 the mobile terminal acquires a mobile terminal identifier and device information corresponding to the user identifier and generates the first dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the first identification code.
  • the a mobile terminal identifier is used for uniquely identifying one terminal, and the mobile terminal identifier may be a character string generated by at least one of a device identification number and a device MAC address together with a private keyword.
  • the mobile terminal may send the device identification number and the device MAC address to the server, and the server generates the character string, for example a character string of 32 bytes, using at least one of the device identification number and the device MAC address in combination with the private keyword.
  • the character string is the mobile terminal identifier, and the mobile terminal identifier generated may be stored in the server corresponding to the user identifier and sent to the mobile terminal for storing corresponding to the user identifier.
  • the mobile terminal may acquire the mobile terminal identifier corresponding to the user identifier locally or from the server.
  • the device information includes, but not limited to, device identification numbers, device MAC addresses, device platforms, device models, types of operating systems and root right information and the like.
  • the server may store the device information corresponding to the user identifier.
  • the mobile terminal may acquire the device information corresponding to the user identifier locally or from the server.
  • Step 406 the mobile terminal sends the user identifier and the first dynamic password to the server.
  • Step 408 the server acquires the prestored second identification code corresponding to the user identifier.
  • Step 410 the server acquires a mobile terminal identifier and device information corresponding to the user identifier and generates the second dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the second identification code.
  • the at least one of the user identifier, the mobile terminal identifier and the device information used by the server for generating the second dynamic password should be the same as the at least one of the user identifier, the mobile terminal identifier and the device information used by the mobile terminal for generating the first dynamic password.
  • the mobile terminal generates the first dynamic password based on the user identifier, the mobile terminal identifier and the device model, as well as the current timestamp and the first identification code
  • the server generates the second dynamic password based on the user identifier, the mobile terminal identifier and device model, as well as the current timestamp and the second identification code.
  • the server and the mobile terminal agree on an algorithm for generating the dynamic password, so that the server may generate the second dynamic password using the algorithm agreed upon with the mobile terminal.
  • Step 412 the server determines whether the first dynamic password matches the second dynamic password. If yes, the verification passes; otherwise, the verification fails.
  • the server detects whether the first dynamic password and the second dynamic password are the same by means of character string detection. If the two are the same, the user identity verification passes; otherwise, the verification fails.
  • the mobile terminal generates the first dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the first identification code, and these information has a even lower probability of being tampered, so that the safety could be further improved.
  • the whole process requires no input by the user, thus not only is the safety hazard reduced, but also the efficiency of verification is improved, providing great convenience to the user.
  • a method for verifying the user identity comprises steps 502-512 described as follows.
  • Step 502 a mobile terminal acquires the pre-stored first identification code corresponding to the user identifier.
  • Step 504 the mobile terminal acquires the mobile terminal identifier and the device information corresponding to the user identifier, generates the first dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the first identification code and encrypts the data to be processed into the first signature data based on the data to be processed and the first dynamic password.
  • the mobile terminal may perform digest operation on the first dynamic password and the data to be processed using the plurality of digest algorithms described above to obtain the first signature data of the data to be processed.
  • Step 506 the mobile terminal sends the user identifier, the data to be processed and first signature data to the server.
  • Step 508 the server acquires the prestored second identification code corresponding to the user identifier.
  • Step 510 the server acquires the mobile terminal identifier and the device information corresponding to the user identifier, generates the second dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the second identification code and encrypts the data to be processed into the second signature data based on the second dynamic password and the received data to be processed.
  • the server and the mobile terminal may agree on an algorithm. After generating the second dynamic password, the server performs digest operation on the received data to be processed and the second dynamic password using the algorithm agreed upon with the mobile terminal so as to generate the second signature data of the data to be processed.
  • Step 512 the server determines whether the first signature data matches the second signature data. If yes, the verification passes; otherwise, the verification fails.
  • the server detects whether the first signature data and the second signature data are the same by means of character string detection. If the two are the same, the user identity verification passes; otherwise, the verification fails.
  • the server when performing identity verification, does not simply determine whether the first dynamic password and the second dynamic password are the same, but terminal further generates the first signature data of the data to be processed based on the data to be processed and the first dynamic password. And when performing identity verification, the server generates the second signature data of the data to be processed based on the data to be processed received and the second dynamic password generated to determine whether the first signature data and the second signature data are the same.
  • the signature data of the data to be processed is obtained through a series of operations and is dynamically variable with the time, the probability of being tampered is very low.
  • the mobile terminal generates the first dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the first identification code, and these information has a even lower probability of being tampered, so that the safety could be further improved.
  • the whole process of verification requires no input by the user, thus not only is the safety hazard reduced, but also the efficiency of verification is improved. Besides, not only the safety but also the convenience is improved.
  • the user identity verification method may also comprise that the server receives the current timestamp sent by the mobile terminal and determines whether a timing out occurs based on the current timestamp. If no, the server performs the step of generating the second dynamic password based on the second identification code; wherein the current timestamp sent by the mobile terminal is acquired from the server.
  • the mobile terminal sends the data processing request for the data to be processed to the server, and after receiving the data processing request, the server returns the current timestamp to the mobile terminal.
  • the current timestamp may be the current time of the server when the server receives the data processing request.
  • the current timestamp makes the dynamic password (the first dynamic password) generated by the mobile terminal time-efficient.
  • the mobile terminal sends the current timestamp to the server too.
  • the server obtains a time difference between the current time of the server and the current timestamp received and then determines whether the time difference exceeds preset duration (seconds) of timing out. If yes, it means that a timing out occurs, and the server will not do the following processing, that is, the second dynamic password becomes invalid.
  • Step 602 a mobile terminal detects whether there is the first identification code corresponding to the user identifier. If no, the process proceeds to step 604, otherwise to step 608.
  • the mobile terminal when verification of a user is required, the mobile terminal first acquires the first identification code stored therein corresponding to the user identifier. Before acquiring the first identification code, the mobile terminal needs to detect whether the first identification code presents. If no, it means that the mobile terminal fails in applying for the identification code, and the process proceeds to step 604 to perform the application of the identification code later.
  • the mobile terminal needs to further detect in step 602 whether the mobile terminal identifier corresponding to the user identifier can be acquired.
  • the mobile terminal detects whether the mobile terminal identifier corresponding to the user identifier is stored in the server. If yes, the mobile terminal acquires the mobile terminal identifier corresponding to the user identifier and performs the subsequent steps; otherwise the process proceeds to step 604.
  • Step 604 the mobile terminal sends to the server a verification request which carries the user identifier.
  • Step 606 the server performs identity verification according to the verification request and generates the identification code based on the user identifier after the user identity verification passes.
  • the mobile terminal may prompt the user to input the password, and then sends the password input together with the user identifier to the server for identity verification.
  • the mobile terminal may also prompt the user to input a mobile phone number for short message verification.
  • the mobile terminal receives a short message verification code input by the user and sends the short message verification code and the user identifier to the server.
  • the server verifies whether it is the same as the short message verification code generated before. If yes, the verification passes.
  • the server generates the identification code based on the user identifier after the user identity verification passes. As the user identifier is unique, the identification code generated is unique too.
  • the server may store the identification code corresponding to the user identifier.
  • the process further comprises that the mobile terminal acquires the identification code from the server and stores it corresponding to the user identifier, thereby facilitating the mobile terminal to acquire the identification code stored corresponding to the user identifier so as to realize the verification.
  • the identification code stored in the mobile terminal corresponding to the user identifier is the first identification code.
  • the step of the server generating the identification code based on the user identifier comprises that the server acquires an application identification and generates the identification code based on the application identification and the user identifier.
  • the application may be an application running in the mobile terminal for generating the data to be processed, and the application identification may be the name of the application or an identification number pre-assigned for the application, etc.
  • the server generates the identification code based on the user identifier and the application identification, so that an increased complexity of the identification code, a reduced probability of the identification code being tampered, and thus an further improved safety are achieved.
  • the process further comprise that the server receives the device information sent by the mobile terminal, generates the mobile terminal identifier based on the device information and stores the mobile terminal identifier corresponding to the user identifier.
  • the mobile terminal acquires the device information and sends the device information to the server.
  • the device information includes, but not limited to, device identification numbers, device MAC addresses, device platforms, device models, types of operating systems and root right information, etc.
  • the server receives the device information sent by the mobile terminal and generates the mobile terminal identifier based on the device information.
  • the server may select at least one of the device information, in combination with the private keyword, to generate the mobile terminal identifier.
  • the server may generate the mobile terminal identifier based on the device identification number and device MAC address of the device information in combination with the private keyword, and the mobile terminal identifier is a character string of 32 bytes, so that the mobile terminal identifier generated is unique and can be used for identifying one terminal device uniquely.
  • the server may store the generated a mobile terminal identifier corresponding to the user identifier.
  • the mobile terminal may acquire the mobile terminal identifier corresponding to the user identifier from the server.
  • the step of the server generating the identification code based on the user identifier comprises that the server acquires the application identification and generates the identification code based on the application identification, the user identifier and the mobile terminal identifier; or the server generates the identification code based on the user identifier and the mobile terminal identifier.
  • the server generate the identification code based on the application identification, the user identifier and the mobile terminal identifier, or generate the identification code based on the user identifier and the mobile terminal identifier, thereby increasing the complexity of the identification code, reducing the probability of the identification code being tampered and further improving the safety.
  • the process further comprises that the server takes at least one of the user identifier, the mobile terminal identifier and the device information as a secret key to encrypt the identification code.
  • the server uses at least one of the user identifier, the mobile terminal identifier and the device information to encrypt the identification code, and then stores the encrypted identification code corresponding to the user identifier. And the mobile terminal acquires the identification code from the server which is also encrypted and stores the encrypted identification code corresponding to the user identifier.
  • the mobile terminal acquires the identification code stored and decrypts the encrypted identification code with at least one of the user identifier, the mobile terminal identifier and the device information accordingly.
  • the identification code is encrypted, and at least one of the user identifier, the mobile terminal identifier and the device information is used as the secret key, the possibility of the identification code being tampered is further reduced, thus the safety can further be improved.
  • Step 608 the mobile terminal acquires the prestored first identification code corresponding to the user identifier and performs the user identity verification according to the first identification code.
  • the mobile terminal acquires the identification code and performs the subsequent process of identity verification.
  • the process of user identity verification is as described in the above-mentioned embodiments, and detailed description thereof will be omitted.
  • the server processes the data to be processed, for example, accomplishing the payment transaction, etc.
  • the mobile terminal when detecting no storage of the identification code, applies to the server for the identification code so as to perform subsequent verification with the identification code stored.
  • the mobile terminal and the server acquire their own stored identification codes to generate the dynamic passwords, respectively, and then perform identity verification by determining whether the respectively generated dynamic passwords are the same.
  • the mobile terminal may achieve automatic verification by means of the identification code stored without the need for any input by the user, so that not only the safety but also the efficiency of verification can be improved.
  • a user identity verification system which comprises a terminal 720 and a server 740, wherein the terminal 720 comprises:
  • ⁇ a first dynamic password generation module 724 for generating the first dynamic password based on the first identification code and sending the user identifier and first dynamic password to the server 740.
  • the server 740 comprises:
  • the first verification module 746 is used to determining whether the first dynamic password and the second dynamic password are the same. If yes, the verification passes; otherwise, the verification fails.
  • the first dynamic password generation module 724 is used for generating the first dynamic password based on the current timestamp and the first identification code; the second dynamic password generation module 744 is used for generating the second dynamic password based on the current timestamp and the second identification code; and the first verification module 746 is used for determining whether the first dynamic password matches the second dynamic password. If yes, the verification passes.
  • the first dynamic password generation module 724 is used for generating the first dynamic password based on the current timestamp and the first identification code and generating the first signature data of the data to be processed based on the data to be processed and the first dynamic password;
  • the second dynamic password generation module 744 is used for receiving the data to be processed and the first signature data sent by the mobile terminal 720, generating the second dynamic password based on the current timestamp and the second identification code, and generating the second signature data of the data to be processed based on the received data to be processed and the second dynamic password;
  • the first verification module 746 is used for determining whether the first signature data matches the second signature data. If yes, the verification passes.
  • the first dynamic password generation module 724 is used for acquiring the mobile terminal identifier and the device information corresponding to the user identifier, and generating the first dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the first identification code;
  • the second dynamic password generation module 744 is used for acquiring the mobile terminal identifier and the device information corresponding to the user identifier, and generating the second dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the second identification code;
  • the first verification module 746 is used for determining whether the first dynamic password matches the second dynamic password. If yes, the verification passes.
  • the first dynamic password generation module 724 is used for acquiring the mobile terminal identifier and the device information corresponding to the user identifier, generating the first dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the first identification code, and generating the first signature data of the data to be processed based on the data to be processed and the first dynamic password;
  • the second dynamic password generation module 744 is used for receiving the data to be processed and the first signature data sent by the mobile terminal 720, acquiring the mobile terminal identifier and the device information corresponding to the user identifier, generating the second dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the second identification code, and generating the second signature data of the data to be processed based on the second dynamic password and the received data to be processed; and the first verification module 746 is used for determining whether the first signature data matches the second signature data. If yes
  • the server 740 further comprises:
  • timing out determination module 741 for receiving the current timestamp sent by the mobile terminal 720 and determining whether a timing out occurs based on the current timestamp. If the timing out occurs, the timing out determination module 741 informs the second dynamic password generation module 744 to generate the second dynamic password; wherein the current timestamp sent by the mobile terminal 720 is acquired from the server 740.
  • the server 720 further comprises:
  • ⁇ an identification code detection module 721 for detecting the presence of the first identification code corresponding to the user identifier in the mobile terminal 720. If no, the identification code detection module 721 sends a verification request carrying the user identifier to the server 740.
  • the server 740 further comprises:
  • ⁇ a second verification module 745 for performing identity verification according to the verification request.
  • ⁇ an identification code generation module 747 for generating the identification code based on the user identifier after the user identity verification passes.
  • the identification code generation module 747 is used for acquiring the application identification and generating the identification code based on the application identification and the user identifier.
  • the mobile terminal 720 further comprises:
  • ⁇ an identification code storage module 726 for acquiring the identification code generated from the server and storing the identification code corresponding to the user identifier.
  • the server 740 further comprises:
  • ⁇ a mobile terminal identifier generation module 748 for receiving the device information sent by the mobile terminal 720, generating the mobile terminal identifier based on the device information and storing the mobile terminal identifier corresponding to the user identifier.
  • the identification code generation module 747 is used for acquiring the application identification and generating the identification code based on the application identification, the user identifier and the mobile terminal identifier; or the identification code generation module 747 is also used for generating the identification code based on the user identifier and the mobile terminal identifier.
  • server 740 also comprises:
  • ⁇ an encryption module 749 for encrypting the generated identification code using at least one of the user identifier, the mobile terminal identifier and the device information as an secret key.
  • the encrypted identification code is sent to the mobile terminal 720 for storage.
  • the mobile terminal 720 decrypts the acquired identification code with at least one of the user identifier, the mobile terminal identifier and the device information, and then generates the dynamic password based on the decrypted identification code.
  • first, second, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another.
  • first ranking criteria could be termed second ranking criteria, and, similarly, second ranking criteria could be termed first ranking criteria, without departing from the scope of the present invention.
  • First ranking criteria and second ranking criteria are both ranking criteria, but they are not the same ranking criteria.
  • the term “if” may be construed to mean “when” or “upon” or “in response to determining” or “in accordance with a determination” or “in response to detecting, ” that a stated condition precedent is true, depending on the context.
  • the phrase “if it is determined [that a stated condition precedent is true] ” or “if [astated condition precedent is true] ” or “when [astated condition precedent is true] ” may be construed to mean “upon determining” or “in response to determining” or “in accordance with a determination” or “upon detecting” or “in response to detecting” that the stated condition precedent is true, depending on the context.
  • stages that are not order dependent may be reordered and other stages may be combined or broken out. While some reordering or other groupings are specifically mentioned, others will be obvious to those of ordinary skill in the art and so do not present an exhaustive list of alternatives. Moreover, it should be recognized that the stages could be implemented in hardware, firmware, software or any combination thereof.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)

Abstract

A method for verifying a user identifier of an online application involves a mobile terminal and a remote server. The mobile terminal receives input data associated with the online application and acquires a first identification code corresponding to the user identifier. The mobile terminal then generates a first dynamic password based on the first identification code and sends the first dynamic password, the user identifier and the input data to the remote server. In response, the remote server compares the first dynamic password (or its derivatives) with a second dynamic password generated by the remote server (or its derivatives) and returns a confirmation message to the mobile terminal when the two dynamic passwords correspond to each other. The confirmation message indicates that the user identifier has been verified using the first dynamic password and the input data has been processed using the user identifier.

Description

METHOD AND SYSTEM FOR VERIFYING USER IDENTITY OF AN ONLINE APPLICATION
RELATED APPLICATION
This application claims priority to Chinese Patent Application No. 201310516818.4, entitled "Identity Verification Method and System" filed on October 28, 2013, which is incorporated by reference in its entirety.
TECHNICAL FIELD
The disclosed implementations relate generally to the field of communication technology, and in particular, to method and system for verifying the identity of a user of an online application.
BACKGROUND
In many application scenarios of the Internet, verification of a user is required. Traditional user identity verification method is for the user to provide a password. Specifically, the user identity is verified according to the password received. If the password is correct, the user passes the verification. However, for the traditional identity verification method, a safety concern occurs when the password is learnt by others, resulting in a low degree of safety.
SUMMARY
The above deficiencies and other problems associated with the conventional approach of user identity verification are reduced or eliminated by the invention disclosed below. In some embodiments, the invention is implemented in a mobile terminal and a remote server that is in communication with the mobile terminal, each having one or more processors, memory and one or more modules, programs or sets of instructions stored in the memory for performing multiple functions. Instructions for performing these functions may be included in a computer program product stored in a non-transitory computer-readable medium and configured for execution by one or more processors.
One aspect of the present application involves a computer-implemented method for verifying a user identifier of an online application and performed by a mobile terminal having one or more processors and memory and a display. The computer-implemented method includes: receiving input data associated with the online application; acquiring a first identification code corresponding to the user identifier; generating a first dynamic password based on the first identification code; sending the first dynamic password, the user identifier and the input data to a remote server; and receiving a confirmation message from the remote server, wherein the confirmation message indicates that the user identifier has been verified using the first dynamic password and the input data has been processed using the user identifier.
Another aspect of the present application involves a mobile terminal including memory, one or more processors, and one or more program modules stored in the memory and configured for execution by the one or more processors. The mobile terminal is in communication with a remote server hosting an online application for verifying a user identifier. The one or more program modules include instructions for: receiving input data associated with the online application; acquiring a first identification code corresponding to the user identifier; generating a first dynamic password based on the first identification code; sending the first dynamic password, the user identifier and the input data to a remote server; and receiving a confirmation message from the remote server, wherein the confirmation message indicates that the user identifier has been verified using the first dynamic password and the input data has been processed using the user identifier.
Another aspect of the present application involves a non-transitory computer readable storage medium having stored therein one or more program modules for execution by one or more processors of a mobile terminal that is in communication with a remote server hosting an online application for verifying a user identifier, the one or more program modules including instructions for: receiving input data associated with the online application; acquiring a first identification code corresponding to the user identifier; generating a first dynamic password based on the first identification code; sending the first dynamic password, the user identifier and the input data to a remote server; and receiving a confirmation message from the remote server, wherein the confirmation message indicates that the user identifier  has been verified using the first dynamic password and the input data has been processed using the user identifier.
BRIEF DESCRIPTION OF DRAWINGS
The aforementioned implementation of the invention as well as additional implementations will be more clearly understood as a result of the following detailed description of the various aspects of the invention when taken in conjunction with the drawings. Like reference numerals refer to corresponding parts throughout the several views of the drawings.
Figure 1 is a flow chart of a user identity verification method in one embodiment;
Figure 2 is a flow chart of verification of user identity in one embodiment;
Figure 3 is a flow chart of verification of user identity in another embodiment;
Figure 4 is a flow chart of verification of user identity in yet another embodiment;
Figure 5 is a flow chart of verification of user identity in still another embodiment;
Figure 6 is a flow chart of a user identity verification method in another embodiment;
Figure 7 is a structural block diagram of a user identity verification system in one embodiment;
Figure 8 is a structural block diagram of a server in one embodiment;
Figure 9 is a structural block diagram of a user identity verification system in another embodiment;
Figure 10 is a structural block diagram of a mobile terminal in one embodiment; and
Figure 11 is a structural block diagram of a server in another embodiment.
DETAILED DESCRIPTION
In order to make the objects, technical schemes and advantages of the invention more clear and apparent, the invention will now be described in further detail with reference to accompanying drawings and embodiments. It should be understood that the embodiments described here are only illustrative and are not intended to limit the application.
As used throughout, elements and components in the present application may be used in the singular form or plural form unless the context clearly dictates otherwise. The present application has no limitation thereon. Although steps in the present application are numbered, the order of these steps is not intended to be limited, unless the order of the steps or that the implementation of a certain step is on the basis of other steps is clearly indicated, otherwise the relative order of the steps may be varied. It is to be understood that the term "and/or" relates to and includes any and all combinations of one or more of the associated listed items.
As shown in Figure 1, in one embodiment, a user identity verification method is provided, and the method comprises the steps described as follows.
Step 102, a mobile terminal acquires a pre-stored first identification code corresponding to the user identifier.
The mobile terminal of the present application is a mobile terminal device capable of running various applications, including, but not limited to, portable laptop computers, personal digital assistants, tablet computers, smartphones, e-book readers, MP3 (Moving Picture Experts Group Audio Layer III) or MP4 (Moving Picture Experts Group Audio Layer IV) players, POS terminals and on-vehicle computers, etc. In many application scenarios, verification of a user identity is required for use of a mobile terminal when the user attempts to access a service hosted by a remote server from the mobile terminal.
In the present application, a scenario in which the mobile terminal sends a request for transaction payment to a remote server is described as an example. It is to be understood that the present application is not limited thereto; it may be used to identify the user in application scenarios requiring high degrees of safety, for example, in application scenarios of accessing private information of a user, confirming orders, etc. As part of the request,  there is input data associated with an online application (e.g., an online shopping or social network application) . Note that the input data may include data about the products being purchased and a user identifier of a user of the mobile terminal corresponding to a user account at the online application, which may be hosted by a remote server. Using the method disclosed in the present application, the user does not need to provide his or her password when accessing his or her bank account. Rather, a dynamically-generated password is used for verifying the user’s identity. In some embodiments, the dynamically-generated password originates from an identification code generated by the remote server, which may be unknown to the user of the mobile terminal. However, since the dynamically-generated password is tied with the mobile terminal, such transactional request can be verified as long as the request is from the mobile terminal, not from another device. In some embodiments, the dynamically-generated password is temporal-and/or spatial-dependent upon the current timestamp of the mobile terminal and/or the current location of the mobile terminal assuming that the mobile terminal is capable of determining its current location using, e.g., a GPS module.
In this embodiment, the mobile terminal prestores the first identification code corresponding to the user identifier. The user identifier is used for identifying the user uniquely, and it may be an account number or an identification code and the like used to log in applications. The first identification code is an identification code used for generating a first dynamic password by the mobile terminal. For example, the first dynamic password may be a group of character strings obtained after operation is performed on the first identification code, or a group of character strings obtained after operation is performed on a combination of the first identification code and dynamic information associated with the mobile terminal or the user. In some embodiments, the first dynamic password is obtained after operation is performed on a combination of a group of character strings obtained and data to be processed, and so on. The first identification code may be generated by the server, and the mobile terminal acquires the identification code from the server and stores it locally. For example, the first identification code may be generated when the user identifier was generated. The identification code stored in the mobile terminal is the first identification code. The first identification code may be generated based on the user identifier.
Specifically, the server may acquire the user identifier sent by the mobile terminal and generates a group of character strings based on the user identifier, and then the group of character strings is the first identification code. Moreover, when generating the first identification code, the server may also generate the character strings based on the user identifier and other information associated with the mobile terminal or the user.
Step 104, the mobile terminal generates the first dynamic password based on the first identification code and sends the user identifier and first dynamic password to the server. The first dynamic password is a character string used for verifying the identity, and the so-called dynamic password is a random combination of numbers and characters generated according to a predefined algorithm. In some embodiments, the dynamic password can only be used once and will never be repeated. This is why the user does not need to remember the dynamic password.
Step 106, the server acquires a prestored second identification code corresponding to the user identifier.
In this embodiment, the first identification code refers to the identification code stored in the mobile terminal, and the second identification code refers to the identification code stored in the server.
Herein, the first identification code is distinguished from the second identification code according to the storage position of the identification code, and the contents of the first identification code and the second identification code may be the same or not. The second identification code is generated by the server in advance based on the user identifier sent by the mobile terminal. After being sent to the mobile terminal, the second identification code is stored locally in the mobile terminal and is called the first identification code stored in the mobile terminal. If the identification code is not tampered during transmission and storage, the first identification code and the second identification code have the same content.
Step 108, the server generates the second dynamic password based on the second identification code and determines whether the first dynamic password matches the second dynamic password. If yes, the verification passes.
Herein, the first dynamic password is distinguished from the second dynamic password according to the generation position of the dynamic password, and the contents of the first dynamic password and the second dynamic password may be the same or not.
Specifically, in this embodiment, the server and the mobile terminal may agree on an algorithm for generating the dynamic password, thus the server generates the second dynamic password using the algorithm pre-agreed upon with the mobile terminal based on the second identification code and then determines whether the first dynamic password matches the second dynamic password. If yes, the user identity verification passes; otherwise, the verification fails.
In a preferred embodiment, character string detection may be used to detect whether the first dynamic password and the second dynamic password are the same. If yes, the user identity verification passes; otherwise, the verification fails. Since the first dynamic password and the second dynamic password are generated by the mobile terminal and the server respectively using the agreed upon algorithm based on the local identification codes, the first dynamic password and the second dynamic password should also be the same, if the first identification code and the second identification code are the same.
In this embodiment, as the first dynamic password is generated based on the first identification code stored in the mobile terminal, and the second dynamic password is generated based on the second identification code stored in the server, while the first identification code is acquired from the server by the mobile terminal, as long as the identification code generated by the server based on the user identifier is not tampered during transmission to and storage in the mobile terminal, the mobile terminal may perform identity verification according to the identification code stored locally. The whole process of verification requires no input operation by the user, so that the possibility of the data being tampered is reduced, thereby improving the safety.
In some embodiments, the server returns a message to the mobile terminal indicating the result of the verification as well as the transaction. When the message confirms that the user identifier passes the verification test, the message may also include results about additional processes performed at the remote server. For example, when the request from the mobile terminal is to initiate a commercial transaction, the remote server  may cause another party (e.g., a point of sale (POS) terminal) to release a product associated with the purchase request to the user of the mobile terminal and deduct a corresponding amount of money from the user’s bank account associated with the user identifier. In this case, the confirmation message may indicate that the purchase transaction has completed successfully and the amount of transaction as well.
As shown in Figure 2, in one embodiment, a method for verifying the user identity comprises steps 201-212 described as follows.
Step 202, a mobile terminal acquires a pre-stored first identification code corresponding to the user identifier.
Step 204, the mobile terminal generates a first dynamic password based on the current timestamp and the first identification code.
In this embodiment, before step 202, the mobile terminal may acquire from the server the current timestamp which may be the time when the server receives a data processing request for data to be processed, wherein the data to be processed may be data need to be processed by the mobile terminal in various application scenarios, such as order data, payment data and private information of the user, etc. In some other embodiments, the current timestamp is generated by the mobile terminal itself. In either case, the current timestamp is variable, so that the first dynamic password generated by the mobile terminal is unpredictable, thus the dynamic password cannot be intercepted or tampered easily, thereby further improving the safety.
Step 206, the mobile terminal sends the user identifier and the first dynamic password to the server.
Step 208, the server acquires a prestored second identification code corresponding to the user identifier.
The second identification code is an identification code generated when the mobile terminal requests an identification code from the server, and after being generated, the identification code is returned to the mobile terminal for storage. Therefore, if the first  identification code stored in the mobile terminal is not tampered, the first identification code and the second identification code should be the same.
Step 210, the server generates a second dynamic password based on the current timestamp and the second identification code.
It is to be understood that, in this embodiment, the first dynamic password is the first dynamic password, and the second dynamic password is the second dynamic password. Since the server generates the second dynamic password based on the current timestamp and the second identification code, the first dynamic password and the second dynamic password should also be the same, if the first identification code and the second identification code are the same.
Step 212, the server determines whether the first dynamic password matches the second dynamic password. If yes, the verification passes; otherwise, the verification fails.
Specifically, the server detects whether the first dynamic password and the second dynamic password are the same by means of character string detection. If the two are the same, the user identity verification passes; otherwise, the verification fails.
In this embodiment, the mobile terminal may accomplish the verification of the user identity according to the prestored identification code, the whole process of verification requires no input by the user, and the dynamic password is dynamically variable according to the current timestamp, so that a reduced safety hazard and an improved safety degree are achieved, and great convenience is brought to the user, thereby improving the verification efficiency.
In another embodiment, as shown in Figure 3, a method for verifying the user identity comprises steps 302-312 described as follows.
Step 302, a mobile terminal acquires the pre-stored first identification code corresponding to the user identifier.
Step 304, the mobile terminal generates the first dynamic password based on the current timestamp and the first identification code, and encrypts the input data to be  processed by the remote server into a first signature data based on the data to be processed and the first dynamic password.
The data to be processed may be data provided by the mobile terminal in various application scenarios, such as order data, payment data and private information of the user, etc.
In one embodiment, the mobile terminal acquires the data to be processed and uses a digest algorithm to perform digest operation on the data to be processed and the first dynamic password so as to generate the first signature data (or referred to as digest data) of the data to be processed. The signature data is the data obtained by digesting the first dynamic password as the data to be processed.
It should be noted that the digest algorithm adopted by the mobile terminal to perform digest operation on the data to be processed and the first dynamic password includes, but not limited to, various CRC (Cyclic Redundancy Check) algorithms, MD algorithms (Message-Digest Algorithm) (for example, the MD4 algorithm, the MD5 algorithm) and SHA (Secure Hash Algorithm, an algorithm designated by American National Institute of Standards and Technology, an American standard institution specialized in formulating cryptographic algorithms) and the like, and the present application has no limitation thereon.
Step 306, the mobile terminal sends the user identifier, the data to be processed and first signature data to the server.
Step 308, the server acquires the prestored second identification code corresponding to the user identifier.
Step 310, the server generates the second dynamic password based on the current timestamp and the second identification code, and encrypts the data to be processed into a second signature data based on the data to be processed and the second dynamic password.
Herein, the first signature data is distinguished from the second signature data according to the generation position of the signature data, and the contents of the first signature data and the second signature data may be the same or not.
It is to be understood that, in this embodiment, the first signature data is the first dynamic password, and the second signature data is the second dynamic password. The server and the mobile terminal may agree on an algorithm for generating the signature data. After generating the second dynamic password, the server performs digest operation on the received data to be processed and the second dynamic password using the algorithm agreed upon with the mobile terminal so as to generate the second signature data of the data to be processed. Since the server and the mobile terminal generate respective dynamic password using the agreed upon algorithm according to their respective local identification code, the first signature data and the second signature data should also be the same, if the first identification code and the second identification code are the same.
Step 312, the server determines whether the first signature data matches the second signature data. If yes, the verification passes; otherwise, the verification fails.
Specifically, the server detects whether the first signature data and the second signature data are the same by means of character string detection. If the two are the same, the user identity verification passes; otherwise, the verification fails.
In this embodiment, when performing identity verification, the server does not simply determine whether the first dynamic password and the second dynamic password are the same, but the mobile terminal further generates the first signature data of the data to be processed based on the data to be processed and the first dynamic password. And when performing identity verification, the server generates the second signature data of the data to be processed based on the received data to be processed and the second dynamic password generated to determine whether the first signature data and the second signature data are the same. As the signature data of the data to be processed is obtained through a series of operations and is dynamically variable with the time, the probability of being tampered is very low, thus the safety may be further improved. In addition, the whole process of identity verification requires no input by the user, thus not only is the safety hazard reduced, but also the efficiency of verification is improved.
In one embodiment, as shown in Figure 4, a method for verifying the user identity comprises steps 402-412 described as follows.
Step 402, a mobile terminal acquires the pre-stored first identification code corresponding to the user identifier.
Step 404, the mobile terminal acquires a mobile terminal identifier and device information corresponding to the user identifier and generates the first dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the first identification code.
The a mobile terminal identifier is used for uniquely identifying one terminal, and the mobile terminal identifier may be a character string generated by at least one of a device identification number and a device MAC address together with a private keyword.
In one embodiment, the mobile terminal may send the device identification number and the device MAC address to the server, and the server generates the character string, for example a character string of 32 bytes, using at least one of the device identification number and the device MAC address in combination with the private keyword. The character string is the mobile terminal identifier, and the mobile terminal identifier generated may be stored in the server corresponding to the user identifier and sent to the mobile terminal for storing corresponding to the user identifier. Thus, the mobile terminal may acquire the mobile terminal identifier corresponding to the user identifier locally or from the server.
The device information includes, but not limited to, device identification numbers, device MAC addresses, device platforms, device models, types of operating systems and root right information and the like. When the first dynamic password is generated, at least one of the device information is selected to be used in the operation. The mobile terminal may send the device information and the user identifier to the server together and the server may store the device information corresponding to the user identifier. Thus, the mobile terminal may acquire the device information corresponding to the user identifier locally or from the server.
Step 406, the mobile terminal sends the user identifier and the first dynamic password to the server.
Step 408, the server acquires the prestored second identification code corresponding to the user identifier.
Step 410, the server acquires a mobile terminal identifier and device information corresponding to the user identifier and generates the second dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the second identification code.
It is to be understood that the at least one of the user identifier, the mobile terminal identifier and the device information used by the server for generating the second dynamic password should be the same as the at least one of the user identifier, the mobile terminal identifier and the device information used by the mobile terminal for generating the first dynamic password. For example, the mobile terminal generates the first dynamic password based on the user identifier, the mobile terminal identifier and the device model, as well as the current timestamp and the first identification code, and then correspondingly, the server generates the second dynamic password based on the user identifier, the mobile terminal identifier and device model, as well as the current timestamp and the second identification code. The server and the mobile terminal agree on an algorithm for generating the dynamic password, so that the server may generate the second dynamic password using the algorithm agreed upon with the mobile terminal.
Step 412, the server determines whether the first dynamic password matches the second dynamic password. If yes, the verification passes; otherwise, the verification fails.
Specifically, the server detects whether the first dynamic password and the second dynamic password are the same by means of character string detection. If the two are the same, the user identity verification passes; otherwise, the verification fails.
In this embodiment, the mobile terminal generates the first dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the first identification code, and these information has a even lower probability of being tampered, so that the safety could be further improved. In addition, the whole process requires no input by the user, thus not only is the safety hazard reduced, but also the efficiency of verification is improved, providing great convenience to the user.
In another embodiment, as shown in Figure 5, a method for verifying the user identity comprises steps 502-512 described as follows.
Step 502, a mobile terminal acquires the pre-stored first identification code corresponding to the user identifier.
Step 504, the mobile terminal acquires the mobile terminal identifier and the device information corresponding to the user identifier, generates the first dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the first identification code and encrypts the data to be processed into the first signature data based on the data to be processed and the first dynamic password.
In this embodiment, the mobile terminal may perform digest operation on the first dynamic password and the data to be processed using the plurality of digest algorithms described above to obtain the first signature data of the data to be processed.
Step 506, the mobile terminal sends the user identifier, the data to be processed and first signature data to the server.
Step 508, the server acquires the prestored second identification code corresponding to the user identifier.
Step 510, the server acquires the mobile terminal identifier and the device information corresponding to the user identifier, generates the second dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the second identification code and encrypts the data to be processed into the second signature data based on the second dynamic password and the received data to be processed.
In this embodiment, the server and the mobile terminal may agree on an algorithm. After generating the second dynamic password, the server performs digest operation on the received data to be processed and the second dynamic password using the algorithm agreed upon with the mobile terminal so as to generate the second signature data of the data to be processed.
Step 512, the server determines whether the first signature data matches the second signature data. If yes, the verification passes; otherwise, the verification fails.
Specifically, the server detects whether the first signature data and the second signature data are the same by means of character string detection. If the two are the same, the user identity verification passes; otherwise, the verification fails.
In this embodiment, when performing identity verification, the server does not simply determine whether the first dynamic password and the second dynamic password are the same, but terminal further generates the first signature data of the data to be processed based on the data to be processed and the first dynamic password. And when performing identity verification, the server generates the second signature data of the data to be processed based on the data to be processed received and the second dynamic password generated to determine whether the first signature data and the second signature data are the same. As the signature data of the data to be processed is obtained through a series of operations and is dynamically variable with the time, the probability of being tampered is very low.
Furthermore, the mobile terminal generates the first dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the first identification code, and these information has a even lower probability of being tampered, so that the safety could be further improved. In addition, the whole process of verification requires no input by the user, thus not only is the safety hazard reduced, but also the efficiency of verification is improved. Besides, not only the safety but also the convenience is improved.
In one embodiment, before the step of the server generating the second dynamic password based on the second identification code, the user identity verification method may also comprise that the server receives the current timestamp sent by the mobile terminal and determines whether a timing out occurs based on the current timestamp. If no, the server performs the step of generating the second dynamic password based on the second identification code; wherein the current timestamp sent by the mobile terminal is acquired from the server.
In this embodiment, the mobile terminal sends the data processing request for the data to be processed to the server, and after receiving the data processing request, the server returns the current timestamp to the mobile terminal. The current timestamp may be the current time of the server when the server receives the data processing request. The current timestamp makes the dynamic password (the first dynamic password) generated by the mobile terminal time-efficient.
Further, while sending the user identifier and the first dynamic password to the server, the mobile terminal sends the current timestamp to the server too. Upon receiving the current timestamp, the server obtains a time difference between the current time of the server and the current timestamp received and then determines whether the time difference exceeds preset duration (seconds) of timing out. If yes, it means that a timing out occurs, and the server will not do the following processing, that is, the second dynamic password becomes invalid.
Thus, by invalidating the first dynamic password submitted to the server by the mobile terminal a certain period of time later after the mobile terminal sends the data processing request, the situation that the mobile terminal does not submit the first dynamic password in a long time after sending the data processing request may be effectively avoided, thereby further improving the safety.
In one embodiment, as shown in Figure 6, another identity verification method is provided, which comprises steps 602-608 described as follows.
Step 602, a mobile terminal detects whether there is the first identification code corresponding to the user identifier. If no, the process proceeds to step 604, otherwise to step 608.
Specifically, when verification of a user is required, the mobile terminal first acquires the first identification code stored therein corresponding to the user identifier. Before acquiring the first identification code, the mobile terminal needs to detect whether the first identification code presents. If no, it means that the mobile terminal fails in applying for the identification code, and the process proceeds to step 604 to perform the application of the identification code later.
In one embodiment, if the generation of the first dynamic password involves the mobile terminal identifier, the mobile terminal needs to further detect in step 602 whether the mobile terminal identifier corresponding to the user identifier can be acquired.
Specifically, the mobile terminal detects whether the mobile terminal identifier corresponding to the user identifier is stored in the server. If yes, the mobile terminal acquires the mobile terminal identifier corresponding to the user identifier and performs the subsequent steps; otherwise the process proceeds to step 604.
Step 604, the mobile terminal sends to the server a verification request which carries the user identifier.
Step 606, the server performs identity verification according to the verification request and generates the identification code based on the user identifier after the user identity verification passes.
In one embodiment, the mobile terminal may prompt the user to input the password, and then sends the password input together with the user identifier to the server for identity verification.
In another embodiment, the mobile terminal may also prompt the user to input a mobile phone number for short message verification.
Specifically, the mobile terminal receives a short message verification code input by the user and sends the short message verification code and the user identifier to the server. Upon receiving the short message verification code, the server verifies whether it is the same as the short message verification code generated before. If yes, the verification passes.
Further, the server generates the identification code based on the user identifier after the user identity verification passes. As the user identifier is unique, the identification code generated is unique too. The server may store the identification code corresponding to the user identifier.
In one embodiment, after the server generates the identification code based on the user identifier, the process further comprises that the mobile terminal acquires the identification code from the server and stores it corresponding to the user identifier, thereby  facilitating the mobile terminal to acquire the identification code stored corresponding to the user identifier so as to realize the verification. The identification code stored in the mobile terminal corresponding to the user identifier is the first identification code.
In one embodiment, the step of the server generating the identification code based on the user identifier comprises that the server acquires an application identification and generates the identification code based on the application identification and the user identifier.
In this embodiment, the application may be an application running in the mobile terminal for generating the data to be processed, and the application identification may be the name of the application or an identification number pre-assigned for the application, etc. The server generates the identification code based on the user identifier and the application identification, so that an increased complexity of the identification code, a reduced probability of the identification code being tampered, and thus an further improved safety are achieved.
In one embodiment, after the user identity verification, the process further comprise that the server receives the device information sent by the mobile terminal, generates the mobile terminal identifier based on the device information and stores the mobile terminal identifier corresponding to the user identifier.
In this embodiment, the mobile terminal acquires the device information and sends the device information to the server. The device information includes, but not limited to, device identification numbers, device MAC addresses, device platforms, device models, types of operating systems and root right information, etc. The server receives the device information sent by the mobile terminal and generates the mobile terminal identifier based on the device information.
Specifically, the server may select at least one of the device information, in combination with the private keyword, to generate the mobile terminal identifier. For example, the server may generate the mobile terminal identifier based on the device identification number and device MAC address of the device information in combination with the private keyword, and the mobile terminal identifier is a character string of 32 bytes,  so that the mobile terminal identifier generated is unique and can be used for identifying one terminal device uniquely.
Further, the server may store the generated a mobile terminal identifier corresponding to the user identifier. Thus, when generating the first dynamic password, the mobile terminal may acquire the mobile terminal identifier corresponding to the user identifier from the server.
Further, in one embodiment, the step of the server generating the identification code based on the user identifier comprises that the server acquires the application identification and generates the identification code based on the application identification, the user identifier and the mobile terminal identifier; or the server generates the identification code based on the user identifier and the mobile terminal identifier.
In this embodiment, the server generate the identification code based on the application identification, the user identifier and the mobile terminal identifier, or generate the identification code based on the user identifier and the mobile terminal identifier, thereby increasing the complexity of the identification code, reducing the probability of the identification code being tampered and further improving the safety.
Further, in one embodiment, after the step of the server generating the identification code based on the user identifier, the process further comprises that the server takes at least one of the user identifier, the mobile terminal identifier and the device information as a secret key to encrypt the identification code.
In this embodiment, the server uses at least one of the user identifier, the mobile terminal identifier and the device information to encrypt the identification code, and then stores the encrypted identification code corresponding to the user identifier. And the mobile terminal acquires the identification code from the server which is also encrypted and stores the encrypted identification code corresponding to the user identifier. When needing to generate the dynamic password with the identification code, the mobile terminal acquires the identification code stored and decrypts the encrypted identification code with at least one of the user identifier, the mobile terminal identifier and the device information accordingly. As the identification code is encrypted, and at least one of the user identifier, the mobile terminal  identifier and the device information is used as the secret key, the possibility of the identification code being tampered is further reduced, thus the safety can further be improved.
Step 608, the mobile terminal acquires the prestored first identification code corresponding to the user identifier and performs the user identity verification according to the first identification code.
If detecting that the identification code corresponding to the user identifier is locally stored, the mobile terminal acquires the identification code and performs the subsequent process of identity verification. Specifically, the process of user identity verification is as described in the above-mentioned embodiments, and detailed description thereof will be omitted. After the user identity verification passes, the server processes the data to be processed, for example, accomplishing the payment transaction, etc.
In this embodiment, when detecting no storage of the identification code, the mobile terminal applies to the server for the identification code so as to perform subsequent verification with the identification code stored. When subsequent generation of the dynamic password is required, the mobile terminal and the server acquire their own stored identification codes to generate the dynamic passwords, respectively, and then perform identity verification by determining whether the respectively generated dynamic passwords are the same. As the possibility of the identification code and the dynamic password being tampered is very low, the safety hazard is reduced. Besides, the mobile terminal may achieve automatic verification by means of the identification code stored without the need for any input by the user, so that not only the safety but also the efficiency of verification can be improved.
As shown in Figure 7, in one embodiment, also provided is a user identity verification system which comprises a terminal 720 and a server 740, wherein the terminal 720 comprises:
·a first identification code acquisition module 722 for acquiring the prestored first identification code corresponding to the user identifier; and
·a first dynamic password generation module 724 for generating the first dynamic password based on the first identification code and sending the user identifier and first dynamic password to the server 740.
The server 740 comprises:
·a second identification code acquisition module 742 for acquiring the prestored second identification code corresponding to the user identifier;
·a second dynamic password generation module 744 for generating the second dynamic password based on the second identification code; and
·a first verification module 746 for determining whether the first dynamic password matches the second dynamic password. If yes, the verification passes.
Specifically, the first verification module 746 is used to determining whether the first dynamic password and the second dynamic password are the same. If yes, the verification passes; otherwise, the verification fails.
In one embodiment, the first dynamic password generation module 724 is used for generating the first dynamic password based on the current timestamp and the first identification code; the second dynamic password generation module 744 is used for generating the second dynamic password based on the current timestamp and the second identification code; and the first verification module 746 is used for determining whether the first dynamic password matches the second dynamic password. If yes, the verification passes.
In another embodiment, the first dynamic password generation module 724 is used for generating the first dynamic password based on the current timestamp and the first identification code and generating the first signature data of the data to be processed based on the data to be processed and the first dynamic password; the second dynamic password generation module 744 is used for receiving the data to be processed and the first signature data sent by the mobile terminal 720, generating the second dynamic password based on the current timestamp and the second identification code, and generating the second signature data of the data to be processed based on the received data to be processed and the second  dynamic password; and the first verification module 746 is used for determining whether the first signature data matches the second signature data. If yes, the verification passes.
In one embodiment, the first dynamic password generation module 724 is used for acquiring the mobile terminal identifier and the device information corresponding to the user identifier, and generating the first dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the first identification code; the second dynamic password generation module 744 is used for acquiring the mobile terminal identifier and the device information corresponding to the user identifier, and generating the second dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the second identification code; and the first verification module 746 is used for determining whether the first dynamic password matches the second dynamic password. If yes, the verification passes.
In another embodiment, the first dynamic password generation module 724 is used for acquiring the mobile terminal identifier and the device information corresponding to the user identifier, generating the first dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the first identification code, and generating the first signature data of the data to be processed based on the data to be processed and the first dynamic password; the second dynamic password generation module 744 is used for receiving the data to be processed and the first signature data sent by the mobile terminal 720, acquiring the mobile terminal identifier and the device information corresponding to the user identifier, generating the second dynamic password based on at least one of the user identifier, the mobile terminal identifier and the device information, as well as the current timestamp and the second identification code, and generating the second signature data of the data to be processed based on the second dynamic password and the received data to be processed; and the first verification module 746 is used for determining whether the first signature data matches the second signature data. If yes, the verification passes.
In one embodiment, as shown in Figure 8, the server 740 further comprises:
·a timing out determination module 741 for receiving the current timestamp sent by the mobile terminal 720 and determining whether a timing out occurs based on the current timestamp. If the timing out occurs, the timing out determination module 741 informs the second dynamic password generation module 744 to generate the second dynamic password; wherein the current timestamp sent by the mobile terminal 720 is acquired from the server 740.
In one embodiment, as shown in Figure 9, the server 720 further comprises:
·an identification code detection module 721 for detecting the presence of the first identification code corresponding to the user identifier in the mobile terminal 720. If no, the identification code detection module 721 sends a verification request carrying the user identifier to the server 740.
In this embodiment, the server 740 further comprises:
·a second verification module 745 for performing identity verification according to the verification request; and
·an identification code generation module 747 for generating the identification code based on the user identifier after the user identity verification passes.
Further, in one embodiment, the identification code generation module 747 is used for acquiring the application identification and generating the identification code based on the application identification and the user identifier.
Further, in one embodiment, as shown in Figure 10, the mobile terminal 720 further comprises:
·an identification code storage module 726 for acquiring the identification code generated from the server and storing the identification code corresponding to the user identifier.
In one embodiment, as shown in Figure 11, the server 740 further comprises:
·a mobile terminal identifier generation module 748 for receiving the device information sent by the mobile terminal 720, generating the mobile terminal identifier based on the  device information and storing the mobile terminal identifier corresponding to the user identifier.
Further, the identification code generation module 747 is used for acquiring the application identification and generating the identification code based on the application identification, the user identifier and the mobile terminal identifier; or the identification code generation module 747 is also used for generating the identification code based on the user identifier and the mobile terminal identifier.
Further, the server 740 also comprises:
·an encryption module 749 for encrypting the generated identification code using at least one of the user identifier, the mobile terminal identifier and the device information as an secret key.
In this embodiment, the encrypted identification code is sent to the mobile terminal 720 for storage. When needing to acquire the locally stored identification code for verification, the mobile terminal 720 decrypts the acquired identification code with at least one of the user identifier, the mobile terminal identifier and the device information, and then generates the dynamic password based on the decrypted identification code.
While particular embodiments are described above, it will be understood it is not intended to limit the invention to these particular embodiments. On the contrary, the invention includes alternatives, modifications and equivalents that are within the spirit and scope of the appended claims. Numerous specific details are set forth in order to provide a thorough understanding of the subject matter presented herein. But it will be apparent to one of ordinary skill in the art that the subject matter may be practiced without these specific details. In other instances, well-known methods, procedures, components, and circuits have not been described in detail so as not to unnecessarily obscure aspects of the embodiments.
Although the terms first, second, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, first ranking criteria could be termed second ranking criteria, and, similarly, second ranking criteria could be termed first ranking  criteria, without departing from the scope of the present invention. First ranking criteria and second ranking criteria are both ranking criteria, but they are not the same ranking criteria.
The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the description of the invention and the appended claims, the singular forms “a, ” “an, ” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. It will be further understood that the terms "includes, " "including, " "comprises, " and/or "comprising, " when used in this specification, specify the presence of stated features, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, operations, elements, components, and/or groups thereof.
As used herein, the term “if” may be construed to mean “when” or “upon” or “in response to determining” or “in accordance with a determination” or “in response to detecting, ” that a stated condition precedent is true, depending on the context. Similarly, the phrase “if it is determined [that a stated condition precedent is true] ” or “if [astated condition precedent is true] ” or “when [astated condition precedent is true] ” may be construed to mean “upon determining” or “in response to determining” or “in accordance with a determination” or “upon detecting” or “in response to detecting” that the stated condition precedent is true, depending on the context.
Although some of the various drawings illustrate a number of logical stages in a particular order, stages that are not order dependent may be reordered and other stages may be combined or broken out. While some reordering or other groupings are specifically mentioned, others will be obvious to those of ordinary skill in the art and so do not present an exhaustive list of alternatives. Moreover, it should be recognized that the stages could be implemented in hardware, firmware, software or any combination thereof.
The foregoing description, for purpose of explanation, has been described with reference to specific implementations. However, the illustrative discussions above are not intended to be exhaustive or to limit the invention to the precise forms disclosed. Many modifications and variations are possible in view of the above teachings. The  implementations were chosen and described in order to best explain principles of the invention and its practical applications, to thereby enable others skilled in the art to best utilize the invention and various implementations with various modifications as are suited to the particular use contemplated. Implementations include alternatives, modifications and equivalents that are within the spirit and scope of the appended claims. Numerous specific details are set forth in order to provide a thorough understanding of the subject matter presented herein. But it will be apparent to one of ordinary skill in the art that the subject matter may be practiced without these specific details. In other instances, well-known methods, procedures, components, and circuits have not been described in detail so as not to unnecessarily obscure aspects of the implementations.

Claims (20)

  1. A method for verifying a user identifier of an online application, the method comprising:
    at a mobile terminal having one or more processors and memory for storing program modules to be executed by the one or more processors:
    receiving input data associated with the online application;
    acquiring a first identification code corresponding to the user identifier;
    generating a first dynamic password based on the first identification code;
    sending the first dynamic password, the user identifier and the input data to a remote server; and
    receiving a confirmation message from the remote server, wherein the confirmation message indicates that the user identifier has been verified using the first dynamic password and the input data has been processed using the user identifier.
  2. The method of claim 1, wherein the first identification code was generated by the remote server when the user identifier was generated and then stored in the memory of the mobile terminal.
  3. The method of claim 2, wherein a mapping relationship between the first identification code and the user identifier is stored in the memory of the mobile terminal and the remote server, respectively.
  4. The method of claim 2, wherein the first identification code stored in the memory of the mobile terminal is periodically replaced by a new identification code generated by the remote server.
  5. The method of claim 1, wherein, upon receipt of the first dynamic password, the user identifier and the input data, the remote server is configured to:
    acquire a second identification code corresponding to the user identifier;
    generate a second dynamic password based on the second identification code;
    compare the second dynamic password with the first dynamic password; and
    return the confirmation message to the mobile terminal after determining that determine that the second dynamic password corresponds to the first dynamic password.
  6. The method of claim 1, wherein the input data is encrypted into first signature data using the first dynamic password and the first signature data is then sent to the remote server for verifying the user identifier.
  7. The method of claim 6, wherein the remote server is configured to:
    acquire a second identification code corresponding to the user identifier;
    generate a second dynamic password based on the second identification code;
    encrypt the input data into second signature data using the second dynamic password;
    compare the second signature data with the first signature data; and
    return the confirmation message to the mobile terminal after determining that determine that the second signature data corresponds to the first signature data.
  8. The method of claim 1, wherein the first dynamic password is generated according to at least one of a mobile terminal identifier of the mobile terminal and device information of the mobile terminal, a current timestamp of the mobile terminal, and the first identification code and the current timestamp of the mobile terminal is then sent to the remote server for verifying the user identifier.
  9. The method of claim 8, wherein the remote server is configured to:
    acquire a second identification code corresponding to the user identifier;
    generate a second dynamic password based on the second identification code and the current timestamp from the mobile terminal and at least one of the mobile terminal identifier and the device information;
    compare the second dynamic password with the first dynamic password; and
    return the confirmation message to the mobile terminal after determining that determine that the second dynamic password corresponds to the first dynamic password.
  10. The method of claim 1, wherein the first dynamic password is generated according to at least one of the user identifier, a mobile terminal identifier of the mobile terminal and device information of the mobile terminal, a current timestamp of the mobile terminal, and the first identification code and the input data is encrypted into first signature data using the first dynamic password and the first signature data and the current timestamp of the mobile terminal are then sent to the remote server for verifying the user identifier.
  11. The method of claim 10, wherein at least one of the mobile terminal identifier of the mobile terminal and the device information of the mobile terminal is provided to the remote server when the remote server generates a user account of the online application using the user identifier.
  12. The method of claim 10, wherein the remote server is configured to:
    acquire a second identification code corresponding to the user identifier;
    generate a second dynamic password based on the second identification code and the current timestamp from the mobile terminal and at least one of the user identifier, the mobile terminal identifier and the device information;
    encrypt the input data into second signature data using the second dynamic password;
    compare the second signature data with the first signature data; and
    return the confirmation message to the mobile terminal after determining that determine that the second signature data corresponds to the first signature data.
  13. The method of claim 1, wherein a current timestamp of the mobile terminal is sent to the remote server and the remote server is configured to verify the user identifier when a different between the current timestamp of the mobile terminal and a current timestamp of the remote server is less than a predefined threshold.
  14. The method of claim 13, wherein the current timestamp of the mobile terminal is generated by the remote server and provided to the mobile terminal along with the first identification code.
  15. The method of claim 13, wherein the current timestamp of the mobile terminal is periodically replaced by a new current timestamp provided by the remote server.
  16. The method of claim 1, wherein the first dynamic password is generated according to at least one of a mobile terminal identifier of the mobile terminal and device information of the mobile terminal, a current timestamp of the mobile terminal, a current location of the mobile terminal and the first identification code and the current timestamp of the mobile terminal and the current location of the mobile terminal are then sent to the remote server for verifying the user identifier.
  17. The method of claim 16, wherein the remote server is configured to:
    acquire a second identification code corresponding to the user identifier;
    generate a second dynamic password based on the second identification code and the current timestamp from the mobile terminal and the current location of the mobile terminal and at least one of the mobile terminal identifier and the device information;
    compare the second dynamic password with the first dynamic password; and
    return the confirmation message to the mobile terminal after determining that determine that the second dynamic password corresponds to the first dynamic password.
  18. A mobile terminal, wherein the mobile terminal is in communication with a remote server hosting an online application for verifying a user identifier, the mobile terminal comprising:
    one or more processors;
    memory; and
    one or more program modules stored in the memory and to be executed by the one or more processors, the program modules further including instructions for:
    receiving input data associated with the online application;
    acquiring a first identification code corresponding to the user identifier;
    generating a first dynamic password based on the first identification code;
    sending the first dynamic password, the user identifier and the input data to the remote server; and
    receiving a confirmation message from the remote server, wherein the confirmation message indicates that the user identifier has been verified using the first dynamic password and the input data has been processed using the user identifier.
  19. The mobile terminal of claim 18, wherein, upon receipt of the first dynamic password, the user identifier and the input data, the remote server is configured to:
    acquire a second identification code corresponding to the user identifier;
    generate a second dynamic password based on the second identification code;
    compare the second dynamic password with the first dynamic password; and
    return the confirmation message to the mobile terminal after determining that determine that the second dynamic password corresponds to the first dynamic password.
  20. A non-transitory computer-readable medium, storing one or more program modules for execution by one or more processors of a mobile terminal that is in communication with a remote server hosting an online application for verifying a user identifier, the one or more program modules further including instructions for:
    receiving input data associated with the online application;
    acquiring a first identification code corresponding to the user identifier;
    generating a first dynamic password based on the first identification code;
    sending the first dynamic password, the user identifier and the input data to the remote server; and
    receiving a confirmation message from the remote server, wherein the confirmation message indicates that the user identifier has been verified using the first dynamic password and the input data has been processed using the user identifier.
PCT/CN2014/089627 2013-10-28 2014-10-28 Method and system for verifying user identity of an online application Ceased WO2015062461A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310516818.4A CN104579649B (en) 2013-10-28 2013-10-28 Personal identification method and system
CN201310516818.4 2013-10-28

Publications (1)

Publication Number Publication Date
WO2015062461A1 true WO2015062461A1 (en) 2015-05-07

Family

ID=53003335

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/089627 Ceased WO2015062461A1 (en) 2013-10-28 2014-10-28 Method and system for verifying user identity of an online application

Country Status (2)

Country Link
CN (1) CN104579649B (en)
WO (1) WO2015062461A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105049209A (en) * 2015-06-16 2015-11-11 中国银行股份有限公司 Dynamic password generation method and apparatus
CN107181714A (en) * 2016-03-09 2017-09-19 阿里巴巴集团控股有限公司 Verification method and device, the generation method of service code and device based on service code

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105072080B (en) * 2015-07-01 2018-04-13 广州密码科技有限公司 A kind of Information Authentication method, apparatus and system
CN105631667A (en) * 2015-08-05 2016-06-01 宇龙计算机通信科技(深圳)有限公司 Authentication method, device and system
CN105916143A (en) * 2015-12-15 2016-08-31 乐视致新电子科技(天津)有限公司 Vehicle remote authentication method based on dynamic password and vehicle remote authentication system thereof
CN105515781B (en) * 2016-01-19 2018-09-14 上海众人网络安全技术有限公司 A kind of application platform login system and its login method
CN105827620B (en) * 2016-04-25 2019-04-02 上海众人网络安全技术有限公司 A kind of data transmission system and its method
CN105827621A (en) * 2016-04-25 2016-08-03 上海众人网络安全技术有限公司 Internet-based reservation platform login system and login method thereof
CN106330458B (en) * 2016-08-23 2019-05-14 宇龙计算机通信科技(深圳)有限公司 A kind of processing method and processing device of identifying code
CN108156195B (en) * 2016-12-02 2021-08-20 中科星图股份有限公司 Service data checking method and system
CN108933766B (en) * 2017-05-26 2021-11-09 武汉斗鱼网络科技有限公司 Method and client for improving equipment ID security
CN108933765B (en) * 2017-05-26 2021-11-09 武汉斗鱼网络科技有限公司 Method, client and server for improving equipment ID security
CN109218009B (en) * 2017-06-30 2021-11-09 武汉斗鱼网络科技有限公司 Method, client and server for improving equipment ID security
CN107948973B (en) * 2017-11-01 2020-10-13 中国移动通信集团江苏有限公司 Equipment fingerprint generation method applied to IOS (input/output system) for security risk control
CN108566279A (en) * 2018-03-19 2018-09-21 深圳市敢为特种设备物联网技术有限公司 Synchronous dynamic two dimension code generation method, equipment and system, storage medium
CN109547217B (en) * 2019-01-11 2021-10-22 北京中实信达科技有限公司 One-to-many identity authentication system and method based on dynamic password
CN109951293B (en) * 2019-02-20 2023-12-05 深圳市朗石科学仪器有限公司 Water quality monitoring terminal user verification method and system and water quality monitoring Internet of things terminal system
CN113037682A (en) * 2019-12-09 2021-06-25 西安诺瓦星云科技股份有限公司 Encrypted communication method, encrypted communication device, and encrypted communication system
CN113516812A (en) * 2021-06-01 2021-10-19 深圳市巨鼎医疗股份有限公司 Remote control method, device, equipment and storage medium for medical self-service terminal

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101060403A (en) * 2006-04-18 2007-10-24 钟曦辰 Wireless communication terminal-based interactive dynamic password safety service system
CN101163014A (en) * 2007-11-30 2008-04-16 中国电信股份有限公司 Dynamic password identification authenticating system and method
CN102457491A (en) * 2010-10-20 2012-05-16 北京大学 dynamic identity authentication method and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8256664B1 (en) * 2010-04-09 2012-09-04 Google Inc. Out-of band authentication of browser sessions
CN103368918A (en) * 2012-04-01 2013-10-23 西门子公司 Method, device and system for dynamic password authentication
CN103124266B (en) * 2013-02-07 2016-08-31 百度在线网络技术(北京)有限公司 Mobile terminal and carry out the method, system and the cloud server that log in by it

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101060403A (en) * 2006-04-18 2007-10-24 钟曦辰 Wireless communication terminal-based interactive dynamic password safety service system
CN101163014A (en) * 2007-11-30 2008-04-16 中国电信股份有限公司 Dynamic password identification authenticating system and method
CN102457491A (en) * 2010-10-20 2012-05-16 北京大学 dynamic identity authentication method and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105049209A (en) * 2015-06-16 2015-11-11 中国银行股份有限公司 Dynamic password generation method and apparatus
CN105049209B (en) * 2015-06-16 2018-10-23 中国银行股份有限公司 Dynamic password formation method and device
CN107181714A (en) * 2016-03-09 2017-09-19 阿里巴巴集团控股有限公司 Verification method and device, the generation method of service code and device based on service code

Also Published As

Publication number Publication date
CN104579649A (en) 2015-04-29
CN104579649B (en) 2019-01-11

Similar Documents

Publication Publication Date Title
WO2015062461A1 (en) Method and system for verifying user identity of an online application
US10873573B2 (en) Authenticating a user and registering a wearable device
CN106330850B (en) Security verification method based on biological characteristics, client and server
US10574648B2 (en) Methods and systems for user authentication
US10013692B2 (en) Systems and methods for authorizing transactions via a digital device
US9641521B2 (en) Systems and methods for network connected authentication
US20160321745A1 (en) Account binding processing method, apparatus and system
US20200021582A1 (en) Verifying a user based on digital fingerprint signals derived from out-of-band data
WO2015188426A1 (en) Method, device, system, and related device for identity authentication
CN103905400B (en) A kind of service authentication method, apparatus and system
EP3206329B1 (en) Security check method, device, terminal and server
KR102162044B1 (en) The Method for User Authentication Based on Block Chain and The System Thereof
CN108683667B (en) Account protection method, device, system and storage medium
US11930116B2 (en) Securely communicating service status in a distributed network environment
CN107453871B (en) Password generation method, password verification method, payment method and payment device
CN106533685B (en) Identity authentication method, device and system
US9203616B1 (en) Multi-server fault tolerant data store update
CN105516054B (en) Method and device for user authentication
US11425165B2 (en) Methods, systems, articles of manufacture and apparatus to reduce spoofing vulnerabilities
US9288060B1 (en) System and method for decentralized authentication of supplicant devices
CN109428869B (en) Phishing attack defense method and authorization server
CN114631109A (en) System and method for cross-coupling risk analysis and one-time passwords
JP6398308B2 (en) Information processing system, information processing method, and program
JP6338540B2 (en) Authentication system, authentication result use server, and authentication method
CN115859247A (en) Password security verification method and device, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14857905

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 21.09.2016)

122 Ep: pct application non-entry in european phase

Ref document number: 14857905

Country of ref document: EP

Kind code of ref document: A1