Browse Prior Art Database

Automatically filled, Encrypted SMS Verification

IP.com Disclosure Number: IPCOM000249358D
Publication Date: 2017-Feb-20
Document File: 5 page(s) / 74K

Publishing Venue

The IP.com Prior Art Database

Abstract

The usage of Short Message (SMS) as verification code is very popular for mobile APPs, however, SMS-based verification mechanism has drawbacks: it adds additional burdens to people, especially the aged to manually input the verification code, and the plain text based verification code can be stolen by malicious programs like warm/trojan, even by GSM (Global System for Mobile communication) signal interception. To solve the problems, an approach to encrypt/decrypt SMS-based verification code is proposed, and a SMS broker (publish/subscribe framework) in smart phone is also proposed for automatically extracting & form-filling SMS verification code for mobile APPs.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

1

Automatically filled, Encrypted SMS Verification

Mobile phone two-factor authentication is to use devices such as mobile phones and smartphones as "something that the user possesses". To authenticate themselves, people can use their personal access license (i.e. something that only the individual user knows) plus a one-time-valid, dynamic passcode consisting of digits. The code can be sent to their mobile device by SMS. Since there is no need for an additional, dedicated token, as users tend to carry their mobile devices around at all times anyway, mobile phone two-factor authentication is very popular in online banking, online shopping, social websites. etc.

However, SMS-based verification mechanism also has some drawbacks: - It asks the user to remember the verification code and manually fill it into the form field . It adds additional burdens to people, especially the aged. - The plain text based verification code can be stolen by malicious programs like warm/trojan, even by GSM signal interception. A novel system and method for automatically extract & form-filling SMS verification code, includes:

- A SMS pub/sub system for message broking - A method for SMS encryption/decryption and automatically form-filling

•The general flow of SMS-based verification: 1.Users click to acquire a verification code in a mobile APP

2.APP sends request to the backend server, asking for verification

code

3.The backend server generates a random verification code and

composes the short message

4.The backend server sends the short message by SMS service

5.The SMS service accepts the message, sends it out by SMS gateway

2

6.The user’s phone receives the short message, the user manually

fills the verification code

7.APP sends the verification code to the backend server, th...