1. Field of the Invention
The present invention relates to an information authentication method, and more particularly, to an SMS authentication method.
2. Description of Related Art
As internet and on-line information devices are more and more popular, there are various services via internet. Users can access various information services from internet via a personal computer, a laptop, a mobile phone, and etc. For example, users may download software from internet via a computer, play a multimedia file on-line and have sales, shopping, account transfer or stock trades on-line.
It is very convenient and efficient to access services from internet, but the information of users may be illegally accessed, copied, disrupted, changed and even stole. Further, the computer and on-line information devices may be attacked by viruses or other malicious programs. Similarly, the internet service supplier, such as ISP, ICP, portal site and on-line trading site, may be illegally attacked and thus suffer unexpected damages.
In order to prevent the above-mentioned damages, most on-line service suppliers ask user to proceed with an authentication procedure while using or downloading the supplied services, wherein a registered account and password are widely used for such authentication.
However, the account and password may be stolen or cracked. Therefore, some service suppliers provide authentication mechanisms to assist or replace the authentication of account and password. The authentication mechanisms include one-time password, an SMS (short message service) authentication, email reply authentication and etc.
FIG. 1 is a flow chart showing an SMS authentication method in the prior art. In step S101, a user enters an on-line service supply website which needs an SMS authentication. In step S102, the on-line service supply website sends out a request of an SMS authentication to an SMS authentication service system. In step S103, the SMS authentication service system sends out a short message including authentication information via a telecommunication company. In step S104, after the user receives the short message, the authentication information in the short message is input to the on-line service supply website, wherein the authentication information may be a single or multiple words and/or symbols. In step S105, the input authentication information received by the on-line service supply website is sent to the SMS authentication service system, and the SMS authentication service system determines whether the authentication information is correct. In step S106, the SMS authentication service system sends the authentication information, which is determined to be correct or not, back to the on-line service supply website, and then the on-line service supply service website accordingly determines whether the user is authorized to use the supplied on-line services. In the prior art, the authentication information in the short message may be maliciously recorded and stolen.
FIG. 2 is a flow chart showing anther SMS authentication method in the prior art. In step S201, a user enters an on-line service supply website which needs an SMS authentication. In step S202, the on-line service supply website sends out a request of an SMS authentication to an SMS authentication service system. In step S203, the SMS authentication service system provides authentication information to the on-line service supply website via application program interface (API). In step S204, the on-line service supply website provides the authentication message to the user. In step S205, the user sends the short message including the authentication information to a telecommunication company via a specified phone number. In step S206, the telecommunication company sends the received authentication message to the SMS authentication service system. In the S207, the SMS authentication service system determines whether the authentication message sent from the telecommunication company conform to the authentication message sent to the user from the on-line service supply website, and send the determination result to the on-line service supply website. In step S208, the on-line service supply website determines whether the user is authorized to use the supplied on-line services according to the determination result from the SMS authentication service system. The disadvantage of such conventional technology is that if the phone number is stolen or forged, it is difficult to judge whether the user is a real user.
Accordingly, there is a need to develop an SMS authentication method for overcome the drawbacks in the prior art.