User identity authenticating method and device for preventing malicious harassment

US 9,729,532 B2
Filed: 09/04/2013
Issued: 08/08/2017
Est. Priority Date: 09/12/2012
Status: Active Grant

First Claim

Patent Images

1. A user identity authenticating method for preventing malicious harassment, comprising:

after a user logs into an internet website, generating unique first authentication code information and storing it;

wherein the first authentication code information contains a unique first authentication code;

displaying the first authentication code information and a Short Message (SMS) Uplink (UL) service number used for identifying the internet website uniquely on a website page;

after the user acquires second authentication code information based on display information on the website page and sends the second authentication code information through an SMS by using a user mobile phone to the corresponding SMS UL service number, acquiring a unique second authentication code from the second authentication code information, and matching the acquired second authentication code with the stored first authentication code;

if the matching succeeds, then the authentication succeeds and a phone number of the user mobile phone is registered.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user identity authenticating method and device for preventing malicious harassment are described. The method includes: after a user logs in an internet website, unique first authentication code information is generated and stored; the first authentication code information and a Short Message (SMS) Uplink (UL) service number used for identifying the internet website uniquely are displayed on a website page; after the user sends an SMS including second authentication code information input by the user to the corresponding SMS UL service number, an acquired second authentication code is matched with a stored first authentication code, if the matching succeeds, then the authentication succeeds. The embodiments in the disclosure can avoid possible malicious harassment effectively, thus avoiding legal risks which a website service provider may confront to some extent, and improving the satisfaction of its service. In addition, the increase of processing load and performance influence of the website service provider'"'"'s server, which are caused by triggering the sending of a large number of authentication codes maliciously, can be avoided in the disclosure.

20 Citations

18 Claims

1. A user identity authenticating method for preventing malicious harassment, comprising:
- after a user logs into an internet website, generating unique first authentication code information and storing it;
  
  wherein the first authentication code information contains a unique first authentication code;
  
  displaying the first authentication code information and a Short Message (SMS) Uplink (UL) service number used for identifying the internet website uniquely on a website page;
  
  after the user acquires second authentication code information based on display information on the website page and sends the second authentication code information through an SMS by using a user mobile phone to the corresponding SMS UL service number, acquiring a unique second authentication code from the second authentication code information, and matching the acquired second authentication code with the stored first authentication code;
  
  if the matching succeeds, then the authentication succeeds and a phone number of the user mobile phone is registered.
- View Dependent Claims (2, 3, 4, 5, 11, 12, 13, 14)
- - 2. The user identity authenticating method for preventing malicious harassment according to claim 1, wherein the generating the unique first authentication code information and storing it after the user logs in the internet website comprises:
    - after the user logs in the internet website, generating a unique session identifier accordingly and putting it into website Cookie, and generating an authentication code request command;
      
      according to the command, the session identifier, a preset expiration time threshold and an authentication code request command serial number, generating the unique first authentication code based on an authentication code generating algorithm, and storing the first authentication code together with the corresponding session identifier and the expiration time threshold information.
  - 3. The user identity authenticating method for preventing malicious harassment according to claim 2, wherein the displaying the first authentication code information on the website page comprises:
    - displaying the first authentication code information in the form of a text, or in the form of a Quick Response (QR) code image.
  - 4. The user identity authenticating method for preventing malicious harassment according to claim 1, wherein after the user sends the SMS including the second authentication code information input by the user to the corresponding SMS UL service number, the matching the acquired second authentication code with the stored first authentication code comprises:
    - after the user inputs the second authentication code information manually according to display information on the website page or inputs the second authentication code information according to scanning the QR code image, sending the SMS including the second authentication code information to the corresponding SMS UL service number;
      
      matching the second authentication code with the stored first authentication code, if the matching succeeds, determining whether a user identity authentication duration exceeds the expiration time threshold;
      
      if the user identity authentication duration is within its validity, the authentication succeeds.
  - 5. The user identity authenticating method for preventing malicious harassment according to claim 4, further comprising:
    - sending an identity authentication acknowledgment SMS to the phone number of the user mobile phone;
      
      according to acquired acknowledgment information replied by the user, associating and storing the phone number of the user mobile phone with the unique session identifier of the identity authentication, and sending an identify authentication success SMS to the phone number of the user mobile phone.
  - 11. The user identity authenticating method for preventing malicious harassment according to claim 2, wherein after the user sends the SMS including the second authentication code information input by the user to the corresponding SMS UL service number, the matching the acquired second authentication code with the stored first authentication code comprises:
    - after the user inputs the second authentication code information manually according to display information on the website page or inputs the second authentication code information according to scanning the QR code image, sending the SMS including the second authentication code information to the corresponding SMS UL service number;
      
      matching the second authentication code with the stored first authentication code, if the matching succeeds, determining whether a user identity authentication duration exceeds the expiration time threshold;
      
      if the user identity authentication duration is within its validity, the authentication succeeds.
  - 12. The user identity authenticating method for preventing malicious harassment according to claim 3, wherein after the user sends the SMS including the second authentication code information input by the user to the corresponding SMS UL service number, the matching the acquired second authentication code with the stored first authentication code comprises:
    - after the user inputs the second authentication code information manually according to display information on the website page or inputs the second authentication code information according to scanning the QR code image, sending the SMS including the second authentication code information to the corresponding SMS UL service number;
      
      matching the second authentication code with the stored first authentication code, if the matching succeeds, determining whether a user identity authentication duration exceeds the expiration time threshold;
      
      if the user identity authentication duration is within its validity, the authentication succeeds.
  - 13. The user identity authenticating method for preventing malicious harassment according to claim 11, further comprising:
    - sending an identity authentication acknowledgment SMS to the phone number of the user mobile phone;
      
      according to acquired acknowledgment information replied by the user, associating and storing the phone number of the user mobile phone with the unique session identifier of the identity authentication, and sending an identify authentication success SMS to the phone number of the user mobile phone.
  - 14. The user identity authenticating method for preventing malicious harassment according to claim 12, further comprising:
    - sending an identity authentication acknowledgment SMS to the phone number of the user mobile phone;
      
      according to acquired acknowledgment information replied by the user, associating and storing the phone number of the user mobile phone with the unique session identifier of the identity authentication, and sending an identify authentication success SMS to the phone number of the user mobile phone.

6. A user identity authenticating device for preventing malicious harassment, comprising:
- a memory storing instructions;
  
  a first processor, which is configured to provide an internet website page for a user; and
  
  to display first authentication code information acquired from a second processor and a Short Message (SMS) Uplink (UL) service number used for identifying the internet website uniquely on the website page;
  
  the second processor, which is configured, after the user logs into the internet website, to generate a unique first authentication code information and to store it;
  
  wherein the first authentication code information contains a unique first authentication code;
  
  a third processor, which is configured to, after the user acquires second authentication code information based on display information on the website page and sends the second authentication code information through an SMS by using a user mobile phone to the corresponding SMS UL service number, acquire a unique second authentication code from the second authentication code information fed back by the user;
  
  a fourth processor, which is configured to match the acquired second authentication code with the stored first authentication code, if the matching succeeds, the authentication succeeds and a phone number of the user mobile phone is registered.
- View Dependent Claims (7, 8, 9, 10, 15, 16, 17, 18)
- - 7. The user identity authenticating device for preventing malicious harassment according to claim 6, wherein the second processor is further configured,after the user logs in the internet website, to generate a unique session identifier accordingly and put it into website Cookie, and to generate an authentication code request command;
    - according to the command, the session identifier, a preset expiration time threshold and an authentication code request command serial number, to generate the unique first authentication code based on an authentication code generating algorithm, and to store the first authentication code together with the corresponding session identifier and the expiration time threshold information.
  - 8. The user identity authenticating device for preventing malicious harassment according to claim 7, wherein the displaying the first authentication code information on the website page by the first processor comprises:
    - displaying the first authentication code information in the form of a text, or in the form of a QR code image.
  - 9. The user identity authenticating device for preventing malicious harassment according to claim 6, whereinafter the user inputs the second authentication code information manually according to display information on the website page or inputs the second authentication code information according to scanning the QR code image, and sends the SMS including the second authentication code information to the corresponding SMS UL service number, the third processor is configured to acquire the second authentication code information fed back by the user;
    - and the fourth processor is further configured to match the second authentication code with the stored first authentication code, if the matching succeeds, to determine whether a user identity authentication duration exceeds the expiration time threshold;
      
      if the user identity authentication duration is within its validity, the authentication succeeds.
  - 10. The user identity authenticating device for preventing malicious harassment according to claim 9, further comprising:
    - a fifth processor, which is configured, after the identity authentication succeeds, to send an identity authentication acknowledgment SMS to the phone number of the user mobile phone; and
      
      after a sixth processor acquires acknowledgment information replied by the user, to send an identify authentication success SMS to the phone number of the user mobile phone;
      
      the sixth processor, which is configured to acquire the acknowledgment information replied by the user, and to associate and store the phone number of the user mobile phone with the unique session identifier of the identity authentication.
  - 15. The user identity authenticating device for preventing malicious harassment according to claim 7, whereinafter the user inputs the second authentication code information manually according to display information on the website page or inputs the second authentication code information according to scanning the QR code image, and sends the SMS including the second authentication code information to the corresponding SMS UL service number, the third processor is configured to acquire the second authentication code information fed back by the user;
    - and the fourth processor is further configured to match the second authentication code with the stored first authentication code, if the matching succeeds, to determine whether a user identity authentication duration exceeds the expiration time threshold;
      
      if the user identity authentication duration is within its validity, the authentication succeeds.
  - 16. The user identity authenticating device for preventing malicious harassment according to claim 8, whereinafter the user inputs the second authentication code information manually according to display information on the website page or inputs the second authentication code information according to scanning the QR code image, and sends the SMS including the second authentication code information to the corresponding SMS UL service number, the third processor is configured to acquire the second authentication code information fed back by the user;
    - and the fourth processor is further configured to match the second authentication code with the stored first authentication code, if the matching succeeds, to determine whether a user identity authentication duration exceeds the expiration time threshold;
      
      if the user identity authentication duration is within its validity, the authentication succeeds.
  - 17. The user identity authenticating device for preventing malicious harassment according to claim 15, further comprising:
    - a fifth processor, which is configured, after the identity authentication succeeds, to send an identity authentication acknowledgment SMS to the phone number of the user mobile phone; and
      
      after a sixth processor acquires acknowledgment information replied by the user, to send an identify authentication success SMS to the phone number of the user mobile phone;
      
      the sixth processor, which is configured to acquire the acknowledgment information replied by the user, and to associate and store the phone number of the user mobile phone with the unique session identifier of the identity authentication.
  - 18. The user identity authenticating device for preventing malicious harassment according to claim 16, further comprising:
    - a fifth processor, which is configured, after the identity authentication succeeds, to send an identity authentication acknowledgment SMS to the phone number of the user mobile phone; and
      
      after a sixth processor acquires acknowledgment information replied by the user, to send an identify authentication success SMS to the phone number of the user mobile phone;
      
      the sixth processor, which is configured to acquire the acknowledgment information replied by the user, and to associate and store the phone number of the user mobile phone with the unique session identifier of the identity authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZTE Corporation
Original Assignee
ZTE Corporation
Inventors
Zheng, Wei
Primary Examiner(s)
Cribbs, Malcolm

Application Number

US14/427,528
Publication Number

US 20150244698A1
Time in Patent Office

1,434 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/313   using a call-back technique...

H04L 63/08   for authentication of entit...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 63/1466   Active attacks involving in...

H04L 63/1483   service impersonation, e.g....

H04L 63/18   using different networks or...

H04L 9/3226   using a predetermined code,...

H04W 12/06   Authentication

H04W 12/77   Graphical identity

H04W 4/14   Short messaging services, e...

User identity authenticating method and device for preventing malicious harassment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

User identity authenticating method and device for preventing malicious harassment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links