User identity authenticating method and device for preventing malicious harassment

US 20150244698A1
Filed: 09/04/2013
Published: 08/27/2015
Est. Priority Date: 09/12/2012
Status: Active Grant

First Claim

Patent Images

1. A user identity authenticating method for preventing malicious harassment, comprising:

after a user logs in an internet website, generating unique first authentication code information and storing it;

displaying the first authentication code information and a Short Message (SMS) Uplink (UL) service number used for identifying the internet website uniquely on a website page;

after the user sends an SMS including second authentication code information input by the user to the corresponding SMS UL service number, matching an acquired second authentication code with a stored first authentication code;

if the matching succeeds, then the authentication succeeds.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user identity authenticating method and device for preventing malicious harassment are described. The method includes: after a user logs in an internet website, unique first authentication code information is generated and stored; the first authentication code information and a Short Message (SMS) Uplink (UL) service number used for identifying the internet website uniquely are displayed on a website page; after the user sends an SMS including second authentication code information input by the user to the corresponding SMS UL service number, an acquired second authentication code is matched with a stored first authentication code, if the matching succeeds, then the authentication succeeds. The embodiments in the disclosure can avoid possible malicious harassment effectively, thus avoiding legal risks which a website service provider may confront to some extent, and improving the satisfaction of its service. In addition, the increase of processing load and performance influence of the website service provider'"'"'s server, which are caused by triggering the sending of a large number of authentication codes maliciously, can be avoided in the disclosure.

Citations

18 Claims

1. A user identity authenticating method for preventing malicious harassment, comprising:
- after a user logs in an internet website, generating unique first authentication code information and storing it;
  
  displaying the first authentication code information and a Short Message (SMS) Uplink (UL) service number used for identifying the internet website uniquely on a website page;
  
  after the user sends an SMS including second authentication code information input by the user to the corresponding SMS UL service number, matching an acquired second authentication code with a stored first authentication code;
  
  if the matching succeeds, then the authentication succeeds.
- View Dependent Claims (2, 3, 4, 5, 11, 12, 13, 14)
- - 2. The user identity authenticating method for preventing malicious harassment according to claim 1, wherein the generating the unique first authentication code information and storing it after the user logs in the internet website comprises:
    - after the user logs in the internet website, generating a unique session identifier accordingly and putting it into website Cookie, and generating an authentication code request command;
      
      according to the command, the session identifier, a preset expiration time threshold and an authentication code request command serial number, generating the unique first authentication code based on an authentication code generating algorithm, and storing the first authentication code together with the corresponding session identifier and the expiration time threshold information.
  - 3. The user identity authenticating method for preventing malicious harassment according to claim 2, wherein the displaying the first authentication code information on the website page comprises:
    - displaying the first authentication code information in the form of a text, or in the form of a Quick Response (QR) code image.
  - 4. The user identity authenticating method for preventing malicious harassment according to claim 1, wherein after the user sends the SMS including the second authentication code information input by the user to the corresponding SMS UL service number, the matching the acquired second authentication code with the stored first authentication code comprises:
    - after the user inputs the second authentication code information manually according to display information on the website page or inputs the second authentication code information according to scanning the QR code image, sending the SMS including the second authentication code information to the corresponding SMS UL service number;
      
      matching the second authentication code with the stored first authentication code, if the matching succeeds, determining whether a user identity authentication duration exceeds the expiration time threshold;
      
      if the user identity authentication duration is within its validity, the authentication succeeds.
  - 5. The user identity authenticating method for preventing malicious harassment according to claim 4, further comprising:
    - sending an identity authentication acknowledgment SMS to a user mobile phone number;
      
      according to acquired acknowledgment information replied by the user, associating and storing the user mobile phone number with the unique session identifier of the identity authentication, and sending an identify authentication success SMS to the user mobile phone number.
  - 11. The user identity authenticating method for preventing malicious harassment according to claim 2, wherein after the user sends the SMS including the second authentication code information input by the user to the corresponding SMS UL service number, the matching the acquired second authentication code with the stored first authentication code comprises:
    - after the user inputs the second authentication code information manually according to display information on the website page or inputs the second authentication code information according to scanning the QR code image, sending the SMS including the second authentication code information to the corresponding SMS UL service number;
      
      matching the second authentication code with the stored first authentication code, if the matching succeeds, determining whether a user identity authentication duration exceeds the expiration time threshold;
      
      if the user identity authentication duration is within its validity, the authentication succeeds.
  - 12. The user identity authenticating method for preventing malicious harassment according to claim 3, wherein after the user sends the SMS including the second authentication code information input by the user to the corresponding SMS UL service number, the matching the acquired second authentication code with the stored first authentication code comprises:
    - after the user inputs the second authentication code information manually according to display information on the website page or inputs the second authentication code information according to scanning the QR code image, sending the SMS including the second authentication code information to the corresponding SMS UL service number;
      
      matching the second authentication code with the stored first authentication code, if the matching succeeds, determining whether a user identity authentication duration exceeds the expiration time threshold;
      
      if the user identity authentication duration is within its validity, the authentication succeeds.
  - 13. The user identity authenticating method for preventing malicious harassment according to claim 11, further comprising:
    - sending an identity authentication acknowledgment SMS to a user mobile phone number;
      
      according to acquired acknowledgment information replied by the user, associating and storing the user mobile phone number with the unique session identifier of the identity authentication, and sending an identify authentication success SMS to the user mobile phone number.
  - 14. The user identity authenticating method for preventing malicious harassment according to claim 12, further comprising:
    - sending an identity authentication acknowledgment SMS to a user mobile phone number;
      
      according to acquired acknowledgment information replied by the user, associating and storing the user mobile phone number with the unique session identifier of the identity authentication, and sending an identify authentication success SMS to the user mobile phone number.

6. A user identity authenticating device for preventing malicious harassment, comprising:
- an authentication page module, which is configured to provide an internet website page for a user; and
  
  to display first authentication code information acquired from an authentication code generating module and a Short Message (SMS) Uplink (UL) service number used for identifying the internet website uniquely on the website page;
  
  the authentication code generating module, which is configured, after the user logs in the internet website, to generate the unique first authentication code information and to store it;
  
  an authentication code receiving module, which is configured, after the user sends an SMS including second authentication code information input by the user to the corresponding SMS UL service number, to acquire the second authentication code information fed back by the user;
  
  an authentication execution module, which is configured to match the acquired second authentication code information with a stored first authentication code, if the matching succeeds, the authentication succeeds.
- View Dependent Claims (7, 8, 9, 10, 15, 16, 17, 18)
- - 7. The user identity authenticating device for preventing malicious harassment according to claim 6, wherein the authentication code generating module is further configured,after the user logs in the internet website, to generate a unique session identifier accordingly and put it into website Cookie, and to generate an authentication code request command;
    - according to the command, the session identifier, a preset expiration time threshold and an authentication code request command serial number, to generate the unique first authentication code based on an authentication code generating algorithm, and to store the first authentication code together with the corresponding session identifier and the expiration time threshold information.
  - 8. The user identity authenticating device for preventing malicious harassment according to claim 7, wherein the displaying the first authentication code information on the website page by the authentication page module comprises:
    - displaying the first authentication code information in the form of a text, or in the form of a QR code image.
  - 9. The user identity authenticating device for preventing malicious harassment according to claim 6, whereinafter the user inputs the second authentication code information manually according to display information on the website page or inputs the second authentication code information according to scanning the QR code image, and sends the SMS including the second authentication code information to the corresponding SMS UL service number, the authentication code receiving module is configured to acquire the second authentication code information fed back by the user;
    - and the authentication execution module is further configured to match the second authentication code with the stored first authentication code, if the matching succeeds, to determine whether a user identity authentication duration exceeds the expiration time threshold;
      
      if the user identity authentication duration is within its validity, the authentication succeeds.
  - 10. The user identity authenticating device for preventing malicious harassment according to claim 9, further comprising:
    - an acknowledgment SMS sending module, which is configured, after the identity authentication succeeds, to send an identity authentication acknowledgment SMS to a user mobile phone number; and
      
      after the acknowledgment SMS receiving module acquires acknowledgment information replied by the user, to send an identify authentication success SMS to the user mobile phone number;
      
      an acknowledgment SMS receiving module, which is configured to acquire the acknowledgment information replied by the user, and to associate and store the user mobile phone number with the unique session identifier of the identity authentication.
  - 15. The user identity authenticating device for preventing malicious harassment according to claim 7, whereinafter the user inputs the second authentication code information manually according to display information on the website page or inputs the second authentication code information according to scanning the QR code image, and sends the SMS including the second authentication code information to the corresponding SMS UL service number, the authentication code receiving module is configured to acquire the second authentication code information fed back by the user;
    - and the authentication execution module is further configured to match the second authentication code with the stored first authentication code, if the matching succeeds, to determine whether a user identity authentication duration exceeds the expiration time threshold;
      
      if the user identity authentication duration is within its validity, the authentication succeeds.
  - 16. The user identity authenticating device for preventing malicious harassment according to claim 8, whereinafter the user inputs the second authentication code information manually according to display information on the website page or inputs the second authentication code information according to scanning the QR code image, and sends the SMS including the second authentication code information to the corresponding SMS UL service number, the authentication code receiving module is configured to acquire the second authentication code information fed back by the user;
    - and the authentication execution module is further configured to match the second authentication code with the stored first authentication code, if the matching succeeds, to determine whether a user identity authentication duration exceeds the expiration time threshold;
      
      if the user identity authentication duration is within its validity, the authentication succeeds.
  - 17. The user identity authenticating device for preventing malicious harassment according to claim 15, further comprising:
    - an acknowledgment SMS sending module, which is configured, after the identity authentication succeeds, to send an identity authentication acknowledgment SMS to a user mobile phone number; and
      
      after the acknowledgment SMS receiving module acquires acknowledgment information replied by the user, to send an identify authentication success SMS to the user mobile phone number;
      
      an acknowledgment SMS receiving module, which is configured to acquire the acknowledgment information replied by the user, and to associate and store the user mobile phone number with the unique session identifier of the identity authentication.
  - 18. The user identity authenticating device for preventing malicious harassment according to claim 16, further comprising:
    - an acknowledgment SMS sending module, which is configured, after the identity authentication succeeds, to send an identity authentication acknowledgment SMS to a user mobile phone number; and
      
      after the acknowledgment SMS receiving module acquires acknowledgment information replied by the user, to send an identify authentication success SMS to the user mobile phone number;
      
      an acknowledgment SMS receiving module, which is configured to acquire the acknowledgment information replied by the user, and to associate and store the user mobile phone number with the unique session identifier of the identity authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZTE Corporation
Original Assignee
ZTE Corporation
Inventors
Zheng, Wei

Granted Patent

US 9,729,532 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/313   using a call-back technique...

H04L 63/08   for authentication of entit...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 63/1466   Active attacks involving in...

H04L 63/1483   service impersonation, e.g....

H04L 63/18   using different networks or...

H04L 9/3226   using a predetermined code,...

H04W 12/06   Authentication

H04W 12/77   Graphical identity

H04W 4/14   Short messaging services, e...

User identity authenticating method and device for preventing malicious harassment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

User identity authenticating method and device for preventing malicious harassment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links