CN102420800A - Method, system and authentication terminal for accomplishing service by multi-factor identity authentication - Google Patents
Method, system and authentication terminal for accomplishing service by multi-factor identity authentication Download PDFInfo
- Publication number
- CN102420800A CN102420800A CN2010102946749A CN201010294674A CN102420800A CN 102420800 A CN102420800 A CN 102420800A CN 2010102946749 A CN2010102946749 A CN 2010102946749A CN 201010294674 A CN201010294674 A CN 201010294674A CN 102420800 A CN102420800 A CN 102420800A
- Authority
- CN
- China
- Prior art keywords
- information
- user
- authentication
- authentication terminal
- request message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The embodiment of the invention provides a method, system and authentication terminal for accomplishing a service by multi-factor identity authentication, belonging to the technical filed of communication. The method comprises the steps of: receiving an authentication request message transmitted by a user side or a server, wherein the message includes user information and information of service application; forwarding the request message to the authentication terminal corresponding to the user information, wherein the authentication terminal carries out the multi-factor identity authentication on a user according to the received request message and the obtained identity information; after the authentication terminal acknowledges the identity of the user: (1) transmitting acknowledgement information which responds to the request message, receiving the acknowledgement information and accomplishing the service corresponding to the service information; or (2) forwarding the acknowledgement information to the server to enable the server to accomplish the service corresponding to the service information. Unlike the prior art, the method, system and authentication terminal disclosed by the invention are free from transmitting the authenticated identity information in a network, so that the security and reliability of authentication are greatly increased.
Description
Technical field
The embodiment of the invention belongs to communication technical field, and is particularly a kind of through multiple-factor authentication completion service method, system and authentication terminal.
Background technology
In order to improve the efficient of service; Each service organization all falls over each other to have offered electronic service; The user need not to accomplish various applications, transaction in the window queuing of service organization through the mode of paper spare like this; Service such as transfer accounts; Only need to accomplish various services through the account application of authentication login oneself, can login own account, accomplish the submission and the affirmation of expense through the input amount of money in the corresponding mechanism registration such as number of the account and password in network computer through browser input oneself through the information of terminal equipment input digitization.
Yet; There is certain potential safety hazard in this identification authentication mode of the prior art; Because identity information (user's number of the account, password etc.) will be sent out to server, so in case the transmission channel of end side or data is invaded, then these identity informations just might be stolen; And the lawless person who obtains these identity informations just can accomplish various services through the identity information application of stealing; Such as financial service, this with big havoc social security context, so those skilled in the art hope more safe and reliable with electronic service design for a long time always.
Summary of the invention
The purpose of the embodiment of the invention is to provide a kind of and accomplishes service method, system and authentication terminal through the multiple-factor authentication, and can be so that the user is when applying for electronic is served through method, system and authentication terminal that the embodiment of the invention provided: authentication be guaranteed under safe and reliable environment, to carry out in (1); (2) need not to send identity information to server; And only need to accomplish authentication at the terminal according to the authentication request that the authentication terminal receives; The result of return authentication can accomplish service again; As prior art, will need need not the identity information of authentication in network, to transmit, improved authenticating safety and reliability greatly.
For realizing above-mentioned purpose, the embodiment of the invention provides a kind of and accomplishes service method through the multiple-factor authentication, and said method comprises:
Certificate server receives authentication request message that user side sends or that third-party server sends, comprises the information of user profile and application service in the said message;
Certificate server is transmitted described request message through network to the authentication terminal of the said user profile of correspondence;
Said authentication terminal is carried out authentication according to described request message that receives and the identity information that gets access in this locality to the user, and the said identity information that gets access to comprises user's accounts information and/or finger print information and/or facial information and/or pupil information and/or voice messaging and/or DNA information and/or user coordinates information;
After the said user's of said authentication terminal check identity, send the affirmation information of response described request message to certificate server;
Certificate server receives said confirmation and accomplishes the service of corresponding said information on services, or said confirmation is transmitted to said third-party server so that said third-party server is accomplished the service of corresponding said information on services.
To transmitting described request message, said certificate server is transmitted described request message through network to the authentication terminal of the said user profile of correspondence and is comprised for effectively:
According to the user account in the said user profile, search in advance and number with the authentication end product identity of said number of the account binding;
According to the said product identification numbering that finds, obtain the mailing address of numbering the corresponding said authentication terminal of binding in advance with said product identification;
Send described request message according to said mailing address and the corresponding network of said mailing address to said authentication terminal.
In order effectively to be connected with the authentication terminal, according to the corresponding network of said mailing address and said mailing address before described request message is sent at said authentication terminal, said method also comprises:
Judge whether to have set up and be connected with said authentication terminal; If do not connect with said authentication terminal; Then, send described request message to said authentication terminal through said encryption channel according to the encryption channel of said mailing address foundation with said authentication terminal communication.
For the safety that further reinforcement information is transmitted, when comprising the digital certificate of corresponding with service device in the said authentication terminal, said method also comprises before the affirmation information of sending response described request message:
Through said digital certificate the affirmation information that includes the subscriber identity information that gets access to that needs send is encrypted; So that after said server receives the said affirmation information that includes subscriber identity information, obtain the service that subscriber identity information has been accomplished corresponding said information on services according to said digital certificate.
For realizing above-mentioned purpose, the embodiment of the invention also provides a kind of and accomplishes the system that serves through the multiple-factor authentication, and said system comprises:
Certificate server is used to receive authentication request message that user side sends or that third-party server sends, comprises the information of user profile and application service in the said message, transmits described request message to the authentication terminal of the said user profile of correspondence; Receive the affirmation information of sending at said authentication terminal and accomplish the service of corresponding said information on services, or said confirmation is transmitted to said third-party server so that said third-party server is accomplished the service of corresponding said information on services;
The authentication terminal; Be used for described request message of sending and the identity information that gets access to the user is carried out authentication according to the said certificate server that receives; The said identity information that gets access to comprises user's accounts information and/or finger print information and/or facial information and/or pupil information and/or voice messaging and/or DNA (Deoxyribonucleic acid DNA) information and/or user coordinates information; After the identity of confirming said user, send the affirmation information of response described request message.This authentication terminal is independence, sealing, complete software and hardware running environment, with extraneous all communications all through being connected completion with the data of certificate server.
Said certificate server is in order better to transmit request message; Be used for user account according to said user profile; Search in advance and number with the authentication end product identity of said number of the account binding; According to the said product identification numbering that finds, obtain the mailing address of numbering the corresponding said authentication terminal of binding in advance with said product identification, send described request message according to said mailing address and the corresponding network of said mailing address to said authentication terminal.
Transmission message for greater safety; Said certificate server according to the corresponding network of said mailing address and said mailing address when described request message is sent at said authentication terminal; Specifically be used to judge whether set up and be connected with said authentication terminal; If do not connect with said authentication terminal, then the encryption channel of foundation and said authentication terminal communication sends described request message through said encryption channel to said authentication terminal.
Transmit identity information for greater safety; When comprising the digital certificate of corresponding third-party server in the said authentication terminal; Said authentication terminal also is used for through said digital certificate the affirmation information that includes subscriber identity information that needs send being encrypted before the affirmation information of sending response described request message; So that after said third-party server receives the said affirmation information that includes subscriber identity information, obtain the service that subscriber identity information has been accomplished corresponding said information on services according to said digital certificate.
For realizing above-mentioned purpose, the embodiment of the invention also provides a kind of multiple-factor authentication terminal, is used for authentication request message of sending according to the certificate server that receives and the identity information that gets access to the user is carried out authentication.Said equipment can comprise:
Receiving element is used to receive authentication request message, comprises the information of user profile and application service in the said message;
The identity-acquiring unit; Be used for behind the request message that said receiving element receives; Gather user's identity information, said identity information comprises user's accounts information and/or finger print information and/or facial information and/or pupil information and/or voice messaging and/or DNA information and/or user coordinates information; The authentication unit is used for the subscriber identity information of said identity-acquiring unit collection is carried out authentication;
Transmitting element is used for after said user's identity is confirmed in said authentication unit, sends the affirmation information of response described request message;
In order to prevent to obtain user profile through destroying the authentication terminal, said terminal also comprises:
The self-destruction unit is used for when preset self-destruction condition satisfies, and removes all user profile (for example digital certificate) of preserving in the said equipment and identity information etc.
This authentication terminal is independence, sealing, complete software and hardware running environment, with extraneous all communications all through being connected completion with the data of certificate server.
The advantage of the embodiment of the invention is: the software and hardware running environment of complete closed has guaranteed that identity information obtains, calculating, safety of transmission; Need not identity information the transmission through network user; Only need to carry out authentication in end side and get final product, improved the fail safe and the reliability of authentication greatly according to authentication request.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention; The accompanying drawing of required use is done to introduce simply in will describing embodiment below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work property, can also obtain other accompanying drawing according to these accompanying drawings.
A kind of schematic flow diagram of accomplishing service method through the multiple-factor authentication that Fig. 1 provides for the embodiment of the invention.
The another kind that Fig. 2 provides for the embodiment of the invention is accomplished the schematic flow diagram of service method through the multiple-factor authentication.
A kind of systematic functional structrue schematic block diagram of accomplishing service through the multiple-factor authentication that Fig. 3 provides for the embodiment of the invention.
A kind of functional structure schematic block diagram that Fig. 4 provides for the embodiment of the invention through the multiple-factor identity authentication terminal.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, clear, intactly describe technical scheme in the embodiment of the invention.Obviously, the described embodiment of this part is the present invention's part embodiment, rather than whole embodiment.Illustrative examples of the present invention and explanation thereof are used to explain the present invention, but not as to qualification of the present invention.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
The embodiment of the invention provides a kind of and accomplishes service method through the multiple-factor authentication, and as shown in Figure 1, this method can comprise:
101. certificate server receives authentication request message that user side sends or that third-party server sends, comprises the information of user profile and application service in the said message;
Because the user applies service so this step certificate server can receive the authentication request message of user side or server transmission, proves the user in the application service with hope.This user side refers to the used equipment of user request service, for example the used PC of customer access network bank.These equipment obtain the information of user profile (such as user's number of the account) and application service according to user's operation.If will directly these information be sent to certificate server then, user side equipment sends after the generation authentication request message according to user profile and application information on services.If these information are sent to third-party server, then this third-party server is sent to certificate server according to user profile and application information on services after the generation authentication request message.
If third-party server is hoped and authenticating device between set up safe lane end to end, the digital certificate of relative users can also be in advance be installed in authenticating device.When third-party server generates authentication request, send to certificate server after the digital certificate encryption with the use of the information in authentication request respective user.After having only this information to arrive authenticating device, authenticating device uses corresponding digital certificate just can decipher, and all intermediate communication processes all can't be deciphered this information, have increased the fail safe that information is transmitted greatly.
102. certificate server is transmitted authentication request message through network to the authentication terminal of the said user profile of correspondence;
Because the authentication to the user in the present embodiment is not to realize through the transmission identity information; But in specific authentication terminal, realize the authentication of user identity; So the request message that this step receives according to step 101 is transmitted described request message by certificate server to the authentication terminal of the said user profile of correspondence.Authentication terminal in this step is positioned at user side, has stored user's user profile in this authentication terminal in advance, so request message is to send to the authentication terminal of the said user profile of correspondence.
103. the authentication terminal is carried out authentication according to described request message that receives and the identity information that gets access in this locality to the user;
After the authentication terminal of user side receives request message in this step; Promptly begin to carry out authentication to the user; The information that demonstrates user profile and application service in the request message through display screen such as the authentication terminal is to confirm to the user; When the user need confirm these information, can input the password of corresponding number of the account or import other physiological characteristic, so that the identity information that the authentication terminal gets access to.The multiple-factor authentication can be realized in authentication terminal in the present embodiment; Accounts information (number of the account and password) as importing through the user is confirmed user identity, or gathers user's finger print information affirmation user identity, or gathers user's facial information affirmation user identity; Or the pupil information of gathering the user is confirmed user identity; Or gather user's voice validation of information user identity, or gather user's DNA validation of information user identity, or gather user's coordinate information affirmation user identity through GPS (Global Positioning System global positioning system) module; Or other identity informations of gathering the user are confirmed user identity; And not only can be one the mode of selecting, also can be that the mode of the multiple factor and usefulness is confirmed, such as confirming user identity through the accounts information (number of the account and password) of user's input earlier; Gather user's finger print information again and confirm user identity etc., concrete recognition sequence can be set according to the actual requirements.Because the authentication terminal stored these identity informations of user in advance, compare and to realize affirmation user identity so only need to get access to the identity information of user's identity information and storage.Because this comparison technology is a prior art, does not give unnecessary details so present embodiment is not done at this.
104. after the said user's of authentication terminal check identity, send the affirmation information of response described request message to certificate server;
When the authentication terminal with the identity information that collects with obtain the identity that consistent result has promptly confirmed the user after the identity information of storage is compared; The affirmation information of response described request message will be sent in the authentication terminal this moment, be firmly established to inform the opposite end user identity.
Need to prove that this confirmation does not comprise user's identity information, only is the object information of an affirmation.
If third party's service server has been provided digital certificate for relative users, authenticating device must use this certificate that confirmation is encrypted, and sends to certificate server then.Can guarantee confirmation like this before arriving third party's service server, any other intermediate link all can't be deciphered.
105. certificate server receives said confirmation and accomplishes the service of corresponding said information on services, or said confirmation is transmitted to third-party server so that third-party server is accomplished the service of corresponding said information on services.
In this step, certificate server promptly knows it is the service of user's application after having received the affirmation information of authentication terminal transmission, so can accomplish the service that the user applies for this moment.If what step 101 received is the authentication request message that third-party server sends, said confirmation is transmitted to third-party server to certificate server so that said server is accomplished the service that the user applied for.
Can find out by present embodiment; According to the inventionly accomplish the identity information that service method need not transmission user through the multiple-factor authentication and confirm user identity; Only need request to be sent to the end that user side carries out authentication specially and carry out authentication according to user's application; The result of a response confirmation gets final product after the affirmation identity, as prior art, will need need not the identity information of authentication in network, to transmit, and has improved authenticating safety and reliability greatly.
The embodiment of the invention also provides a kind of and accomplishes service method through the multiple-factor authentication, and as shown in Figure 2, this method can comprise:
201. certificate server receives authentication request message that user side sends or that third-party server sends, comprises the information and the user profile of application service in the said message.
Here, user profile can be included in user's unique identification at user side or third party place, for example, and user account number, or user account number that binds together and authentication end product identity numbering.Hence one can see that, and present embodiment allows authentication end product identity numbering is kept in user side or the third-party server, confirms so that this numbering is sent to certificate server.
This step is basic identical with step 101, so something in common repeats no more.
202. certificate server, is confirmed the authentication end product identity numbering to identifying according to the user's unique identification in the user profile;
Authentication end product identity numbering is unique identity numbering of this authentication end product, also is ID number.After the user has bought new authentication end product, can user's the unique identification (such as user account) and the corresponding relation of authentication end product identity numbering (ID number) be stored in the certificate server through service organization.After the user applies service; For the user is carried out identity validation, after step 201 received authentication request, this step can be according to user's unique identification in the user profile; The authentication end product identity numbering of affirmation to identifying is with the further authentication terminal of confirming that the user was held.Such as when user's unique identification is user account, this step can find in advance according to user account and number with the authentication end product identity of this number of the account binding; When user's unique identification is the user account number that binds together and authentication end product identity numbering; Whether the authentication end product identity numbering during this step can be confirmed to identify is identical with the authentication end product identity numbering to identifying of storage, can carry out subsequent step as if identical.
203. judging whether to have set up with said authentication terminal, certificate server is connected; If connect with said authentication terminal, then change step 206 over to, if do not connect, then change step 204 over to said authentication terminal;
Confirmed the product identification numbering at authentication terminal when step 202 after; This step can be judged whether certificate server has been set up with the authentication terminal and be connected; If the linkage record through the product identification numbering finds representes to have set up connection, then change step 206 over to, accomplish the transmission of request message.If the linkage record through the product identification numbering does not find then changes step 204 over to, obtain the mailing address at authentication terminal.
204., obtain the mailing address of numbering the corresponding said authentication terminal of binding in advance with said product identification according to the said product identification numbering of confirming;
Confirmed user's authentication terminal in step 202 after, then to transmit request message, the user carried out authentication with the triggering authentication terminal to this authentication terminal.And according to the judgement of step 203, certificate server is not connected with the authentication terminal, so this step will be obtained the mailing address at authentication terminal.
The mailing address at authentication terminal is to bind well with authentication end product identity numbering in advance in the present embodiment; Such as when the authentication terminal initial; This authentication terminal can connect through wired or wireless mode and authentication background server; Thereby the authentication background server gets access to the mailing address at this authentication terminal according to the connection of setting up, and this mailing address and authentication end product identity numbering are bound, and perhaps authentication terminal and authentication background server connect before in this step; So that the authentication background server gets access to the mailing address at this authentication terminal according to the connection of setting up, and with this mailing address and the binding of authentication end product identity numbering.This mailing address confirms it is call number or IP (Internet Protocol, Internet Protocol) address, port numbers according to the employed network in authentication terminal, such as being suitable for the mobile network (such as GSM when the authentication terminal; Global System forMobile Communications; Global system for mobile communications, or WCDMA, Wideband CodeDivision Multiple Access; WCDMA) time, this mailing address just can be a call number.If authentication terminal and PC (Personal Computer, personal computer) connect (as linking to each other through USB (Universal Serial Bus, USB) data wire), when PC connected the Internet, this authentication terminal connected the Internet with this PC as gateway.When this authentication terminal connects certificate server through the Internet or mobile Internet; The authentication terminal is promptly through TCPKEEPALIVE (being the TCP survival), HTTP WebSocket, IMAP (Internet MessageAccess Protocol; Internet message access protocol); Or other being connected based on the application layer protocol foundation of IP (Internet Protocol) and maintenance and authentication background server; This moment, this mailing address just can be an IP linkage record on the certificate server, and this record can comprise the IP address and to port numbers that should the IP address.
205., send described request message to said authentication terminal through encryption channel according to the encryption channel of mailing address foundation with the authentication terminal communication.
The mailing address that this step can get access to according to step 204 is set up the encryption channel with the authentication terminal communication; Such as passing through HTTPS (Hypertext Transfer Protocol over Secure SocketLayer; Secure Hypertext Transfer Protocol) encryption channel between foundation and the authentication terminal; Also can support IPSEC (Internet Protocol Security, internet protocol secure) simultaneously.Increased the fail safe of channel so greatly, further improved data transmission safety from channel.
206. send described request message to said authentication terminal according to mailing address and the corresponding network of said mailing address;
Confirmed certificate server when step 203 and, can know the mailing address at authentication terminal that this step just can send a request message to said authentication terminal according to mailing address and the corresponding network of said mailing address with after the authentication terminal is connected.When being a call number such as mailing address when the authentication terminal; This step can be with request message with note (SMS through the mobile network; ShortMessaging Service) business or unstructured supplementary data traffic (USSD; UnstructuredSupplementary Service Data, unstructured supplementary data traffic) mode is sent to authentication terminal that should call number.
207. the authentication terminal is carried out authentication according to described request message that receives and the identity information that gets access to the user;
The request message that authentication terminal receiving step 205 or 206 sends in this step, request authentication user's identity, having examined is the service of user's application.Owing to comprise the information that user profile and user apply for service in this message; So the authentication terminal applies for that with the user information of service shows for the user and confirms; See the authenticity that to confirm this message after the information of demonstration as the user; As the service of user really application, then can be with the step of carrying out authentication.
This authentication terminal is a kind of multiple-factor authenticating device, can carry out authentication to the user through the identity information that obtains the user, as confirming user identity through the accounts information (number of the account and password) of user's input; Or the finger print information of gathering the user is confirmed user identity; Or gather user's facial information affirmation user identity, or gather user's pupil information affirmation user identity, or gather user's voice validation of information user identity; Or collection user's DNA validation of information user identity; Or confirm user identity through the coordinate information that GPS (Global Positioning System global positioning system) module is gathered the user, or other identity informations of gathering the user confirm user identity, and not only can be one the modes of selecting; The mode that also can be the multiple factor and usefulness is confirmed; Such as confirming user identity through the accounts information (number of the account and password) of user's input earlier, to gather user's finger print information again and confirm user identity etc., concrete recognition sequence can be set according to the actual requirements.Because the authentication terminal stored these identity informations of user in advance, compare and to realize affirmation user identity so only need to get access to the identity information of user's identity information and storage.Because this comparison technology is a prior art, does not give unnecessary details so present embodiment is not done at this.
208. after the said user's of authentication terminal check identity, send the affirmation information of response described request message;
This step will be sent the affirmation information of response described request message to the authentication background server according to the result of the affirmation user identity of step 207, has informed that authentication background server user has applied for service really, can accomplish the service of user applies.The send mode of this confirmation is basic identical with the mode that sends a request message with form, so repeat no more.
If comprise the digital certificate of corresponding with service device in the authentication terminal, then the authentication terminal can be encrypted in the subscriber identity information that gets access in the affirmation information that needs to send, and together sends with confirmation.
209. receive said confirmation and accomplish the service of corresponding said information on services, or said confirmation is transmitted to said server so that said server is accomplished the service of corresponding said information on services.
This step is after the affirmation information that receives step 208 transmission, and the service of the application of user really before promptly knowing is so can accomplish the service that the user applies for this moment.If what step 201 received is the authentication request message that server sends, this moment, said confirmation was transmitted to said server so that said server is accomplished the service that the user applied for.
If also include the digital certificate information encrypted through third-party server in the confirmation, then certificate server directly sends to corresponding third-party server with ciphertext, does not carry out any other work.This mode mainly is applicable to the situation of a certificate server corresponding to a plurality of third party service organizations.Because all there is the digital certificate of oneself in each service organization, have only the server of own service organization just to have the ability of deciphering.
This shows that the described method of present embodiment need not the identity information the transmission through network user, only need to carry out authentication in end side and get final product that the utilization of various encryption measures has improved the fail safe and the reliability of authentication greatly according to authentication request.
In order to realize the described method of the foregoing description; The embodiment of the invention also provides a kind of system that accomplishes service through the multiple-factor authentication; As shown in Figure 3; Fig. 3 accomplishes the systematic functional structrue block diagram of serving for the multiple-factor authentication of passing through that the embodiment of the invention provides, and as can be seen from Figure 3 this system mainly comprises: certificate server 301 and authentication terminal 302
Certificate server 301; Be used to receive authentication request message user side 303 transmissions or that third-party server 304 sends; The information that comprises user profile and application service in the said message is transmitted described request message to the authentication terminal 302 of the said user profile of correspondence; Receive affirmation information of sending at authentication terminal 302 and the service of accomplishing corresponding said information on services, or said confirmation is transmitted to third-party server 304, so that third-party server 304 is accomplished the service of corresponding said information on services; Wherein certificate server 301 is when described request message is transmitted at the authentication terminal 302 of the said user profile of correspondence; Specifically be used for user account according to said user profile; Search in advance and number with the authentication end product identity of said number of the account binding; According to the said product identification numbering that finds; Obtain in advance with said product identification numbering bind to mailing address that should authentication terminal 302, send the described request message according to said mailing address and the corresponding network of said mailing address to authentication terminal 302.And certificate server 301 according to the corresponding network of said mailing address and said mailing address when described request message is sent at said authentication terminal; Specifically be used to judge whether set up and be connected with said authentication terminal 302; If do not connect with authentication terminal 302; Then set up the encryption channel of communicating by letter, send described request message to authentication terminal 302 through said encryption channel with authentication terminal 302.
In order to make those skilled in the art be expressly understood the described method of the embodiment of the invention more, below with the routine method that the embodiment of the invention is described of being applied as of different scenes.
Scene one, the service of user applies login Net silver, the authentication terminal that the user holds has radio communication function, is furnished with a call number 15212345678, and this user's Net silver number of the account is 987456321, and password is 333.Because the user is after buying the authentication terminal; Just the bank at corresponding Net silver has handled the authentication endpoint registration; So this user's user profile (comprising user's Net silver number of the account) just is stored in this authentication terminal; Indicate in the ebanking server of this bank simultaneously, this user's Net silver account number can be used the authentication terminal authentication, and in certificate server, user's Net silver account number and authentication Termination ID is bound together.After the user passed through the authentication terminal wireless network and certificate server is connected, certificate server was about to the call number 15212345678 at this authentication terminal and binds with the authentication Termination ID.
When the user logins Net silver; The user proposes the application of login Net silver through network-termination device (such as PC); This application is sent to the ebanking server of bank through authentication request message, comprises user's the Net silver number of the account 987456321 and the information on services of application login Net silver in this request message at least, after ebanking server receives request message; Confirm that according to the Net silver number of the account in the request message 987456321 user can use authentication service, then this request message is forwarded to certificate server.Certificate server finds the authentication Termination ID of corresponding this number of the account 987456321 according to the Net silver account number in this locality, and judges whether to have set up with the authentication terminal to be connected through the authentication Termination ID; If the linkage record that finds through the authentication Termination ID representes to have set up connection, then this request message being sent to call number is 15212345678 authentication terminal; If do not connect; Then search the call number 15212345678 corresponding with the authentication Termination ID; Being that encryption channel is set up at 15212345678 authentication terminal according to wireless encryption mode and call number then, is that described request message is sent at 15212345678 authentication terminal through this encryption channel to call number.After the authentication terminal receives request message; Through the display screen message content; To inform that user's Net silver number of the account 987456321 asking to login Net silver, the user knows promptly according to the information that shows whether this request is that oneself applies for that the user imports the password 333 of corresponding number of the account on the authentication terminal; The authentication terminal can be confirmed according to 333 pairs of user identity of password; Thereby send confirmation to certificate server, certificate server is transmitted to ebanking server with confirmation after receiving this confirmation; So that ebanking server receives the application that the approval user logins Net silver after the confirmation, the user just can be through the pc access Internet bank like this.
When the user is carried out authentication, can also be to carry out in this scene through other modes; Fingerprint identification user identity such as the identification user; Or gather user's facial information affirmation user identity, or gather user's pupil information affirmation user identity, or gather user's voice validation of information user identity; Or collection user's DNA validation of information user identity; Or confirm user identity through the coordinate information that GPS (GlobalPositioning System global positioning system) module is gathered the user, or other identity informations of gathering the user confirm user identity, and not only can be one the modes of selecting; The mode that also can be the multiple factor and usefulness is confirmed; Such as confirming user identity through the accounts information (number of the account and password) of user's input earlier, to gather user's finger print information again and confirm user identity etc., concrete recognition sequence can be set according to the actual requirements.
Scene two; User applies remote transaction service (such as transfer accounts, purchase and consumption etc.), the authentication terminal that the user holds has the wire communication function, can be continuous with the PC that is connected the Internet through the usb data line; This user's Bank Account Number is 1234567890, and password is 333.Because the user is after buying the authentication terminal; Just handled the authentication endpoint registration in corresponding bank; So this user's user profile (identity informations such as Bank Account Number, password that comprise the user) just is stored in the service server of this bank, in certificate server, user profile and authentication Termination ID is bound together simultaneously.When the user links to each other through the usb data line authentication terminal with the PC that is connected the Internet; Thereby be connected to the Internet through PC; Final foundation and maintenance are connected with certificate server, and certificate server is about to the IP address 196.232.45.3 and the port numbers 23456 at this authentication terminal and binds with the authentication Termination ID.If the IP address of user side changes, the authentication terminal rebulids and being connected of certificate server automatically, and certificate server upgrades the IP address and the port numbers at this authentication terminal afterwards.
When the user need accomplish transaction through bank card; The user passes through the network trading terminal equipment (such as POS machine (point of sale; Point-of-sale terminal)) the transaction application is proposed; This application is sent through the service server of authentication request message to bank, comprises user's the Bank Account Number 1234567890 and the information on services of application transaction in this request message at least.Service server is searched according to the Bank Account Number in the request message 1234567890 and is confirmed that this number of the account can use terminal authentication, then user's account No. and authentication request is sent to certificate server.
Certificate server uses user's account No. to find the authentication Termination ID; And represent to have set up connection through the linkage record that the authentication Termination ID finds, then this request message being sent to the IP address is that 196.232.45.3 and port numbers are 23456 authentication end.After the authentication terminal receives request message; Through the display screen message content; Asking to carry out target transaction to inform user's Bank Account Number 1234567890; The user knows promptly according to the information that shows whether this request is oneself application, and the user imports the password 333 of corresponding number of the account on the authentication terminal, and the authentication terminal can be confirmed according to 333 pairs of user identity of password.This moment, the authentication terminal further required the user to import fingerprint, and user fingerprints information is gathered through the fingerprint collecting district on the authentication terminal in the authentication terminal.The finger print information that collects and the finger print information of storage are in advance compared in the authentication terminal, thereby have confirmed the unanimity of fingerprint, and send confirmation to certificate server.After certificate server receives this confirmation, confirmation is transmitted to the banking server, so that service server receives the transaction of accomplishing user applies after the confirmation, the user has just confirmed this transaction like this.
When the user is carried out authentication, can also be to carry out in this scene through other modes; Confirm user identity such as the facial information of gathering the user; Or the pupil information of gathering the user is confirmed user identity; Or gather user's voice validation of information user identity, or gather user's DNA validation of information user identity, or through the coordinate information that GPS (Global Positioning System global positioning system) module is gathered the user confirm user identity designated user in the specific region, apply for serving; Or other identity informations of gathering the user are confirmed user identity; And not only can be one the mode of selecting, also can be that the mode of the multiple factor and usefulness is confirmed, concrete recognition sequence can be set according to the actual requirements.
This scene can also further extend on the product of other transaction; When being air ticket or train ticket such as the article of buying as the user; The server in airline or railway station received the payment affirmation information that service server sends after transaction was accomplished; The server in airline or railway station can send to the image in 2 D code on air ticket or the train ticket on user's the authentication terminal through certificate server so, like this user just can rely on the image in 2 D code of authentication terminal storage accomplish board or on train.
Scene three, user applies logistics distribution service, the authentication terminal of holding with scene one same subscriber has radio communication function, is furnished with a call number 15212345678, and this user's Bank Account Number is 1234567890, and password is 333.Because the user is after buying the authentication terminal; Just handled the authentication endpoint registration in corresponding bank; So this user's user profile (identity informations such as Bank Account Number, password that comprise the user) just is stored in the service server of this authentication terminal and this bank, indicates that in service server this account can use the authentication terminal to carry out authentication simultaneously.And in certificate server the binding relationship of recording user account and authentication Termination ID.After the user passed through the authentication terminal wireless network and certificate server is connected, certificate server was about to the call number 15212345678 at this authentication terminal and binds with the authentication Termination ID.
When the user applies logistics distribution was served, the user placed an order to trade company through network-termination device (such as PC).Merchant server is banishd the application that takes affair to bank's abstract, and this application is sent to the service server of bank through transaction request message, the Bank Account Number that comprises the user in this request message at least be 1234567890 with the information of application logistics distribution service.The banking server receives the fund of freezing corresponding amount on the corresponding number of the account 1234567890 behind the request message; And confirm that according to the Bank Account Number in the request message 1234567890 accounts can use terminal authentication, the request message that will comprise this account No. then is sent to certificate server.Certificate server is searched the authentication Termination ID of corresponding this number of the account according to user's account No., and judges whether to have set up with the authentication terminal to be connected through the authentication Termination ID; If the linkage record through the authentication Termination ID finds representes to have set up connection, then this request message is sent to the authentication end of respective communication address in the linkage record; If do not connect; Then find call number 15212345678 according to Termination ID; According to wireless encryption mode and call number is that encryption channel is set up at 15212345678 authentication terminal, is that described request message is sent at 15212345678 authentication terminal through this encryption channel to call number.After the authentication terminal receives request message, through the display screen message content, asking the logistics distribution service to inform user's Bank Account Number 1234567890, the user knows promptly according to the information that shows whether this request is oneself application.Oneself is applied in this way, and the user imports the password 333 of corresponding number of the account on the authentication terminal, and the authentication terminal can be confirmed according to 333 pairs of user identity of password.After certificate server receives this confirmation; Confirmation is transmitted to service server; This service server is sent to target logistics corporate server with the request message of logistics distribution service, so that the target logistics company is provided logistics distribution service for the user according to the request message of logistics distribution service.After personnel's hand over of goods, the user of target logistics company confirmed, the target logistics company sent acknowledge message through merchant server to the banking server.The banking server changes this acknowledge message into authentication request message after receiving acknowledge message, comprises confirmations such as user's name, time that payment order number, target logistics associate confirms the service of logistics distribution, place in this request message at least.The banking server is according to user's order number searching user's in the request message Bank Account Number 1234567890; Confirm that according to Bank Account Number 1234567890 account can use terminal authentication again; Set up authentication request according to sequence information and user account number, then authentication request is sent to certificate server.Certificate server is searched the authentication Termination ID of corresponding this number of the account according to the user account number in the request, uses this Termination ID to judge whether to have set up with the authentication terminal to be connected; If set up connection, then this request message is sent to the authentication end of respective communication address; If do not connect; Then find call number 15212345678 according to Termination ID; According to wireless encryption mode and call number is that encryption channel is set up at 15212345678 authentication terminal, is that described request message is sent at 15212345678 authentication terminal through this encryption channel to call number.After the authentication terminal receives request message; Through the display screen message content; With the logistics distribution service of informing that user and target logistics company are confirmed; The user knows promptly according to the information that shows whether this request is that oneself confirms that the user imports the password 333 of corresponding number of the account on the authentication terminal, and the authentication terminal can be confirmed according to 333 pairs of user identity of password.This moment, the authentication terminal can further require to gather facial information, and the user takes pictures the camera that face aims on the authentication terminal for authentication terminal collection user facial information.The facial information that collects and the facial information of storage are in advance compared in the authentication terminal, thereby have confirmed facial consistency, and send confirmation to certificate server.After certificate server receives this confirmation, confirmation is transmitted to the banking server.Service server receives the user's of thawing after the confirmation Bank Account Number and accomplishes the required reimbursement of expense of user applies logistics distribution service, and the user just can realize the logistics distribution service like this.
When the user is carried out authentication, can also be to carry out in this scene through other modes; Confirm user identity such as the facial information of gathering the user; Or the pupil information of gathering the user is confirmed user identity; Or gather user's voice validation of information user identity, or gather user's DNA validation of information user identity, or through the coordinate information that GPS (Global Positioning System global positioning system) module is gathered the user confirm user identity designated user in the specific region, apply for serving; Or other identity informations of gathering the user are confirmed user identity; And not only can be one the mode of selecting, also can be that the mode of the multiple factor and usefulness is confirmed, concrete recognition sequence can be set according to the actual requirements.
Scene four, the user has A, two numbers of the account of B, and the A number of the account of corresponding A service organization is 1234567890, and password is 555; The B number of the account of correspondence B service organization is 9874563210, and password is 333.Under this kind scene; An authentication background server is shared by each service organization, and for safer transmission information, all there is the digital certificate of oneself in each service organization; Such as corresponding A service organization is the A digital certificate; Corresponding B service organization be the B digital certificate, this digital certificate is used for the information encryption of transmitting is deciphered, and does not have the digital certificate of other service organizations just can't crack its information like this.It is example that the authentication terminal of still holding with the user in this scene has radio communication function; This authentication terminal is furnished with a call number 15212345678; The user is after buying the authentication terminal like this; Just handle the authentication endpoint registration in A, B two service organizations; So this user's user profile (identity informations such as A, B number of the account, corresponding password that comprise the user) and digital certificate A, B just are stored in the service server of this authentication terminal and A, B mechanism, in the certificate server of sharing, user profile and authentication Termination ID are bound together simultaneously.After the user passed through the authentication terminal wireless network and certificate server is connected, certificate server was about to the call number 15212345678 at this authentication terminal and binds with the authentication Termination ID.
Service when user applies A service organization, the user proposes the A service request through network-termination device (such as PC), and this application is sent to certificate server through authentication request message, comprises user's A account and application A information on services in this request message at least.The information on services here uses digital certificate A to encrypt, thereby this information can't be deciphered on the path from the A authority server to the authentication terminal.After certificate server receives request message, search counterpart terminal ID, and judge whether to have set up with the authentication terminal to be connected through the authentication Termination ID according to the user A account number in the request message.If the linkage record that finds through the authentication Termination ID representes to have set up connection, it is 15212345678 authentication end that certificate server is sent to call number with this request message; If do not connect; Then search the call number 15212345678 corresponding with the authentication Termination ID; And be that encryption channel is set up at 15212345678 authentication terminal according to wireless encryption mode and call number, be that described request message is sent at 15212345678 authentication terminal through this encryption channel to call number.After the authentication terminal receives request message, use the digital certificate of A will apply for the deciphering of A information on services and pass through the display screen message content that to inform user A number of the account: 1234567890 are asking to apply for the A service.The user knows promptly according to the information that shows whether this request is oneself application, and the user imports the password 555 of corresponding number of the account on the authentication terminal, and the authentication terminal can be confirmed according to 555 pairs of user identity of password.Like success, digital certificate A packaging ciphering is passed through with this number of the account A and password in the authentication terminal, sends to certificate server through confirmation.After certificate server receives this confirmation, again confirmation is transmitted to A service organization server according to the label of corresponding A service organization in the confirmation.Thereby A service organization server is deciphered information encrypted through digital certificate A and is obtained number of the account A:1234567890 and password 555, has confirmed can accomplish after number of the account A and the password matching A service of user applies.
Though this scene is an example with application A service, those skilled in the art can know that the user is to the application process of B service according to above-mentioned explanation is clear, and the processing mode of native system also is similarly, so repeat no more at this.And can also be to carry out through other modes when the user is carried out authentication; Fingerprint identification user identity such as the identification user; Or gather user's facial information affirmation user identity, or gather user's pupil information affirmation user identity, or gather user's voice validation of information user identity; Or collection user's DNA validation of information user identity; Or confirm user identity through the coordinate information that GPS (Global Positioning System global positioning system) module is gathered the user, or other identity informations of gathering the user confirm user identity, and not only can be one the modes of selecting; The mode that also can be the multiple factor and usefulness is confirmed; Such as confirming user identity through the accounts information (number of the account and password) of user's input earlier, to gather user's finger print information again and confirm user identity etc., concrete recognition sequence can be set according to the actual requirements.Behind these user identity of authentication terminal check; The subscriber identity information of gathering and confirming is encrypted the back through the respective digital certificate to be sent to the respective service authority server; And the respective service authority server can be accomplished deciphering through the digital certificate of oneself after receiving the subscriber identity information of encryption again, obtains subscriber identity information.
Explanation can be known and finds out based on above-mentioned scene; The described system of present embodiment need not the identity information the transmission through network user; Only need to carry out the multiple-factor authentication and authentication result returned getting final product in the authentication end side according to authentication request; Improved the fail safe and the reliability of authentication greatly,, then can encrypt and transmit identity information if need in transmission channel, transmit identity information.
Need to prove; The just illustrational several kinds of embodiment in order to it will be apparent to those skilled in the art that this programme of service method are accomplished in the multiple-factor authentication of passing through that above-mentioned scene is mentioned; Can not think that present embodiment is described and accomplish service method through the multiple-factor authentication and can only have the mode of above-mentioned several scenes to realize; Therefore can not be with it as restrictive interpretation of the present invention; Any modification that those skilled in the art make technical scheme of the present invention according to the description of the foregoing description, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
The embodiment of the invention also provides a kind of multiple-factor authentication terminal, and is as shown in Figure 4, and Fig. 4 is the functional block diagram at the said multiple-factor authentication of embodiment of the invention terminal, and as can be seen from Figure 4 this multiple-factor authentication terminal comprises:
Receiving element 401 is used to receive authentication request message, comprises the information of user profile and application service in the said message; Can also the user receive advertising message and the business information that service organization sends, such as the joint name card business information of bank's transmission.
Identity-acquiring unit 402; Be used for the request message that receives according to receiving element 401; Gather user's identity information, said identity information comprises user's accounts information and/or finger print information and/or facial information and/or pupil information and/or voice messaging and/or DNA information and/or user coordinates information; Such as input module (keyboard, touch-screen), finger print acquisition module, camera, microphone, GPS module etc.
Transmitting element 404 is used for after said user's identity is confirmed in authentication unit 403, sending the affirmation information of response described request message;
Wherein receiving element 401 can be to communicate with external server, PC through wireless and/or wired mode with transmitting element 404; (connect through wired modes such as USB in this way such as GSM, CDMA, CDMA2000, TDS-CDMA, TD-LTE, WIFI, Bluetooth, Zigbee, USB; Also need install driver on corresponding apparatus) etc.; To those skilled in the art, these communication modes all are the ordinary skills of knowing, and do not give unnecessary details one by one at this.
Self-destruction unit 408 is used for when preset self-destruction condition satisfies, removing all user profile and the identity information preserved in the said equipment.Should preset self-destruction condition comprise the system integrity condition, such as regularly (comprise system start-up, stop, when carrying out authentication) at every turn the integrality of system is confirmed, in case pinpoint the problems, start and remove canned data in all memory cell 405; Perhaps carry out the action of removing information according to the self damaging order that receives; Perhaps, the terminal carries out the action of removing information after stopping using above predetermined amount of time.Even user loss authentication terminal can not worry that information is wherein stolen yet like this.
This shows; The described authentication of present embodiment terminal not only can start authentication according to the request message that receives; And can be to request message response authentication result, storage identity information that also can be safe also carries out self-destruction where necessary, has protected safety of user information.
Certainly, above-described specific embodiment has carried out further explain to the object of the invention, technical scheme and beneficial effect; Institute is understood that; The above is merely specific embodiment of the present invention, and is not used in qualification protection scope of the present invention, and is all within logic of the present invention and principle; Any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. one kind is passed through multiple-factor authentication completion service method, it is characterized in that said method comprises:
Certificate server receives authentication request message that user side sends or that third-party server sends, comprises the information of user profile and application service in the said message;
Certificate server is transmitted described request message through network to the authentication terminal of the said user profile of correspondence;
Said authentication terminal is carried out authentication according to described request message that receives and the identity information that gets access in this locality to the user, and the said identity information that gets access to comprises user's accounts information and/or finger print information and/or facial information and/or pupil information and/or voice messaging and/or DNA information and/or user coordinates information;
After the said user's of said authentication terminal check identity, send the affirmation information of response described request message to certificate server;
Certificate server receives said confirmation and accomplishes the service of corresponding said information on services, or said confirmation is transmitted to said third-party server so that said third-party server is accomplished the service of corresponding said information on services.
2. method according to claim 1 is characterized in that, said certificate server is transmitted described request message through network to the authentication terminal of the said user profile of correspondence and comprised:
According to the user account in the said user profile, search in advance and number with the authentication end product identity of said number of the account binding;
According to the said product identification numbering that finds, obtain the mailing address of numbering the corresponding said authentication terminal of binding in advance with said product identification;
Send described request message according to said mailing address and the corresponding network of said mailing address to said authentication terminal.
3. method according to claim 2 is characterized in that, according to the corresponding network of said mailing address and said mailing address before described request message is sent at said authentication terminal, said method also comprises:
Judge whether to have set up and be connected with said authentication terminal; If do not connect with said authentication terminal; Then, send described request message to said authentication terminal through said encryption channel according to the encryption channel of said mailing address foundation with said authentication terminal communication.
4. according to claim 1 or 3 described methods, it is characterized in that when comprising the digital certificate of corresponding with service device in the said authentication terminal, said method also comprises before the affirmation information of sending response described request message:
Through said digital certificate the affirmation information that includes the subscriber identity information that gets access to that needs send is encrypted; So that after said server receives the said affirmation information that includes subscriber identity information, obtain the service that subscriber identity information has been accomplished corresponding said information on services according to said digital certificate.
5. one kind is passed through the system that service is accomplished in the multiple-factor authentication, it is characterized in that said system comprises:
Certificate server is used to receive authentication request message that user side sends or that third-party server sends, comprises the information of user profile and application service in the said message, transmits described request message to the authentication terminal of the said user profile of correspondence; Receive the affirmation information of sending at said authentication terminal and accomplish the service of corresponding said information on services, or said confirmation is transmitted to said third-party server so that said third-party server is accomplished the service of corresponding said information on services;
The authentication terminal; Be used for described request message of sending and the identity information that gets access to the user is carried out authentication according to the said certificate server that receives; The said identity information that gets access to comprises user's accounts information and/or finger print information and/or facial information and/or pupil information and/or voice messaging and/or DNA information and/or user coordinates information; After the identity of confirming said user, send the affirmation information of response described request message.
6. system according to claim 5; It is characterized in that; Said certificate server is when described request message is transmitted at the authentication terminal of the said user profile of correspondence; Specifically be used for user account, search in advance and number, according to the said product identification numbering that finds with the authentication end product identity of said number of the account binding according to said user profile; Obtain the mailing address of numbering the corresponding said authentication terminal of binding in advance with said product identification, send described request message to said authentication terminal according to said mailing address and the corresponding network of said mailing address.
7. system according to claim 6; It is characterized in that; Said certificate server according to the corresponding network of said mailing address and said mailing address when described request message is sent at said authentication terminal, specifically be used to judge whether set up and be connected, if connect with said authentication terminal with said authentication terminal; Then the encryption channel of foundation and said authentication terminal communication sends described request message through said encryption channel to said authentication terminal.
8. according to claim 5 or 7 described systems; It is characterized in that; When comprising the digital certificate of corresponding third-party server in the said authentication terminal; Said authentication terminal also is used for through said digital certificate the affirmation information that includes subscriber identity information that needs send being encrypted before the affirmation information of sending response described request message; So that after said third-party server receives the said affirmation information that includes subscriber identity information, obtain the service that subscriber identity information has been accomplished corresponding said information on services according to said digital certificate.
9. a multiple-factor identity authentication terminal is characterized in that, said equipment comprises:
Receiving element is used to receive authentication request message, comprises the information of user profile and application service in the said message;
The identity-acquiring unit; Be used for the request message that receives according to said receiving element; Gather user's identity information, said identity information comprises user's accounts information and/or finger print information and/or facial information and/or pupil information and/or voice messaging and/or DNA information;
The authentication unit is used for the subscriber identity information of said identity-acquiring unit collection is carried out authentication;
Transmitting element is used for after said user's identity is confirmed in said authentication unit, sends the affirmation information of response described request message.
10. equipment according to claim 9 is characterized in that, said terminal also comprises:
The self-destruction unit is used for when preset self-destruction condition satisfies, removing all user profile and the identity information preserved in the said equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010294674.9A CN102420800B (en) | 2010-09-28 | Method, system and the certification terminal of service is completed by multiple-factor authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010294674.9A CN102420800B (en) | 2010-09-28 | Method, system and the certification terminal of service is completed by multiple-factor authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102420800A true CN102420800A (en) | 2012-04-18 |
| CN102420800B CN102420800B (en) | 2016-12-14 |
Family
ID=
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102968722A (en) * | 2012-12-21 | 2013-03-13 | 北京惠银通联科技有限公司 | Method and system for transaction confirmation |
| CN103684770A (en) * | 2012-09-10 | 2014-03-26 | 国网信息通信有限公司 | Digital certificate authentication based service system agent access method and device |
| CN103780397A (en) * | 2014-02-25 | 2014-05-07 | 中国科学院信息工程研究所 | Multi-screen multi-factor WEB identity authentication method convenient and fast to implement |
| CN103856332A (en) * | 2014-03-22 | 2014-06-11 | 中国科学院信息工程研究所 | Implementation method of one-to-multiple account mapping binding of convenient and rapid multi-screen multi-factor WEB identity authentication |
| CN104331785A (en) * | 2014-11-28 | 2015-02-04 | 曾嵘 | Multifunctional store management platform |
| CN104660605A (en) * | 2015-03-05 | 2015-05-27 | 北京安普诺信息技术有限公司 | Multi-factor identity authentication method and system |
| CN105100108A (en) * | 2015-08-18 | 2015-11-25 | 赛肯(北京)科技有限公司 | Login authentication method, device and system based on face identification |
| CN105812595A (en) * | 2016-04-25 | 2016-07-27 | 四川联友电讯技术有限公司 | Method for sending and receiving image information of telephone conference based on identity authentication |
| CN106469261A (en) * | 2015-08-21 | 2017-03-01 | 阿里巴巴集团控股有限公司 | A kind of auth method and device |
| CN106789028A (en) * | 2017-01-03 | 2017-05-31 | 上海金融云服务集团安全技术有限公司 | A kind of terminal device mark locking means based on mixed biologic certification |
| CN106796628A (en) * | 2014-09-03 | 2017-05-31 | 陈颂雄 | Secure transaction device, system and method based on synthetic gene group variant |
| CN103905400B (en) * | 2012-12-27 | 2017-06-23 | 中国移动通信集团公司 | A kind of service authentication method, apparatus and system |
| CN107580000A (en) * | 2017-10-20 | 2018-01-12 | 北京知道创宇信息技术有限公司 | Digital certificate authentication method and device |
| CN107689944A (en) * | 2016-08-05 | 2018-02-13 | 阿里巴巴集团控股有限公司 | Identity identifying method, device and system |
| CN108270769A (en) * | 2017-12-11 | 2018-07-10 | 中国电子科技集团公司第三十二研究所 | Websocket-based dual-factor authentication system and method |
| CN109102050A (en) * | 2018-08-20 | 2018-12-28 | 北京旷视科技有限公司 | Checking method, device and server, application server, system of real name verifying system |
| CN109450959A (en) * | 2019-01-08 | 2019-03-08 | 四川九洲电器集团有限责任公司 | A kind of multiple-factor identity identifying method based on threat level |
| CN109618340A (en) * | 2018-12-20 | 2019-04-12 | 北京握奇智能科技有限公司 | A kind of mobile payment security authentication method and device based on net card veritification technology |
| CN109922473A (en) * | 2019-02-25 | 2019-06-21 | 迈普通信技术股份有限公司 | A kind of authorization and authentication method, certificate server and system |
| CN110138726A (en) * | 2019-03-27 | 2019-08-16 | 珍岛信息技术(上海)股份有限公司 | A kind of method and system of intelligent optimization management cloud information |
| CN111090848A (en) * | 2019-11-05 | 2020-05-01 | 深圳市文鼎创数据科技有限公司 | Authentication method and authentication device |
| CN111277554A (en) * | 2018-12-05 | 2020-06-12 | 阿里巴巴集团控股有限公司 | Authentication method, device, system and storage medium |
| CN111867146A (en) * | 2019-04-30 | 2020-10-30 | 大唐移动通信设备有限公司 | Identification information sending and receiving method, equipment and device |
| US20220272099A1 (en) * | 2021-02-19 | 2022-08-25 | Bank Of America Corporation | System for enhanced reconfiguration of access management protocols |
| CN115242536A (en) * | 2022-07-28 | 2022-10-25 | 中国银行股份有限公司 | Identity authentication method and device |
| WO2023151445A1 (en) * | 2022-02-08 | 2023-08-17 | 北京沃东天骏信息技术有限公司 | Information processing method, gateway and communication system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1929381A (en) * | 2006-09-20 | 2007-03-14 | 北京飞天诚信科技有限公司 | Network based software protection method |
| US20080256605A1 (en) * | 2003-06-12 | 2008-10-16 | Nokia Corporation | Localized authorization system in IP networks |
| CN101588351A (en) * | 2008-05-21 | 2009-11-25 | 北京飞天诚信科技有限公司 | Method for information security device for binding network software |
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080256605A1 (en) * | 2003-06-12 | 2008-10-16 | Nokia Corporation | Localized authorization system in IP networks |
| CN1929381A (en) * | 2006-09-20 | 2007-03-14 | 北京飞天诚信科技有限公司 | Network based software protection method |
| CN101588351A (en) * | 2008-05-21 | 2009-11-25 | 北京飞天诚信科技有限公司 | Method for information security device for binding network software |
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103684770A (en) * | 2012-09-10 | 2014-03-26 | 国网信息通信有限公司 | Digital certificate authentication based service system agent access method and device |
| CN102968722A (en) * | 2012-12-21 | 2013-03-13 | 北京惠银通联科技有限公司 | Method and system for transaction confirmation |
| CN102968722B (en) * | 2012-12-21 | 2015-11-18 | 北京惠银通联科技有限公司 | A kind of method and system of trade confirmation |
| CN103905400B (en) * | 2012-12-27 | 2017-06-23 | 中国移动通信集团公司 | A kind of service authentication method, apparatus and system |
| CN103780397A (en) * | 2014-02-25 | 2014-05-07 | 中国科学院信息工程研究所 | Multi-screen multi-factor WEB identity authentication method convenient and fast to implement |
| CN103780397B (en) * | 2014-02-25 | 2016-09-14 | 中国科学院信息工程研究所 | A kind of multi-screen multiple-factor convenient WEB identity authentication method |
| CN103856332A (en) * | 2014-03-22 | 2014-06-11 | 中国科学院信息工程研究所 | Implementation method of one-to-multiple account mapping binding of convenient and rapid multi-screen multi-factor WEB identity authentication |
| CN103856332B (en) * | 2014-03-22 | 2017-02-08 | 中国科学院信息工程研究所 | Implementation method of one-to-multiple account mapping binding of convenient and rapid multi-screen multi-factor WEB identity authentication |
| CN106796628A (en) * | 2014-09-03 | 2017-05-31 | 陈颂雄 | Secure transaction device, system and method based on synthetic gene group variant |
| CN104331785A (en) * | 2014-11-28 | 2015-02-04 | 曾嵘 | Multifunctional store management platform |
| CN104660605A (en) * | 2015-03-05 | 2015-05-27 | 北京安普诺信息技术有限公司 | Multi-factor identity authentication method and system |
| CN104660605B (en) * | 2015-03-05 | 2018-03-23 | 北京安普诺信息技术有限公司 | A kind of multiple-factor auth method and its system |
| CN105100108B (en) * | 2015-08-18 | 2018-04-13 | 广州密码科技有限公司 | A kind of login authentication method based on recognition of face, apparatus and system |
| CN105100108A (en) * | 2015-08-18 | 2015-11-25 | 赛肯(北京)科技有限公司 | Login authentication method, device and system based on face identification |
| CN106469261A (en) * | 2015-08-21 | 2017-03-01 | 阿里巴巴集团控股有限公司 | A kind of auth method and device |
| CN105812595A (en) * | 2016-04-25 | 2016-07-27 | 四川联友电讯技术有限公司 | Method for sending and receiving image information of telephone conference based on identity authentication |
| CN107689944A (en) * | 2016-08-05 | 2018-02-13 | 阿里巴巴集团控股有限公司 | Identity identifying method, device and system |
| CN106789028A (en) * | 2017-01-03 | 2017-05-31 | 上海金融云服务集团安全技术有限公司 | A kind of terminal device mark locking means based on mixed biologic certification |
| CN107580000A (en) * | 2017-10-20 | 2018-01-12 | 北京知道创宇信息技术有限公司 | Digital certificate authentication method and device |
| CN108270769A (en) * | 2017-12-11 | 2018-07-10 | 中国电子科技集团公司第三十二研究所 | Websocket-based dual-factor authentication system and method |
| CN109102050A (en) * | 2018-08-20 | 2018-12-28 | 北京旷视科技有限公司 | Checking method, device and server, application server, system of real name verifying system |
| CN109102050B (en) * | 2018-08-20 | 2021-08-10 | 北京旷视科技有限公司 | Verification method and device, server, application server and real-name verification system |
| CN111277554A (en) * | 2018-12-05 | 2020-06-12 | 阿里巴巴集团控股有限公司 | Authentication method, device, system and storage medium |
| CN109618340A (en) * | 2018-12-20 | 2019-04-12 | 北京握奇智能科技有限公司 | A kind of mobile payment security authentication method and device based on net card veritification technology |
| CN109450959A (en) * | 2019-01-08 | 2019-03-08 | 四川九洲电器集团有限责任公司 | A kind of multiple-factor identity identifying method based on threat level |
| CN109922473A (en) * | 2019-02-25 | 2019-06-21 | 迈普通信技术股份有限公司 | A kind of authorization and authentication method, certificate server and system |
| CN110138726B (en) * | 2019-03-27 | 2021-11-12 | 珍岛信息技术(上海)股份有限公司 | Method and system for intelligently and optimally managing cloud information |
| CN110138726A (en) * | 2019-03-27 | 2019-08-16 | 珍岛信息技术(上海)股份有限公司 | A kind of method and system of intelligent optimization management cloud information |
| CN111867146A (en) * | 2019-04-30 | 2020-10-30 | 大唐移动通信设备有限公司 | Identification information sending and receiving method, equipment and device |
| CN111867146B (en) * | 2019-04-30 | 2022-07-22 | 大唐移动通信设备有限公司 | Identification information sending and receiving method, equipment and device |
| CN111090848A (en) * | 2019-11-05 | 2020-05-01 | 深圳市文鼎创数据科技有限公司 | Authentication method and authentication device |
| US20220272099A1 (en) * | 2021-02-19 | 2022-08-25 | Bank Of America Corporation | System for enhanced reconfiguration of access management protocols |
| WO2023151445A1 (en) * | 2022-02-08 | 2023-08-17 | 北京沃东天骏信息技术有限公司 | Information processing method, gateway and communication system |
| CN115242536A (en) * | 2022-07-28 | 2022-10-25 | 中国银行股份有限公司 | Identity authentication method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11276048B2 (en) | Online payment processing method apparatus and system | |
| US10304062B1 (en) | Computer architecture incorporating blockchain based immutable audit ledger for compliance with data regulations | |
| CN104871187B (en) | Online trading system | |
| US20200065804A1 (en) | Mobile commerce payment system | |
| US10089606B2 (en) | System and method for trusted mobile device payment | |
| AU2010248794B2 (en) | Verification of portable consumer devices | |
| US8762284B2 (en) | Systems and methods for facilitating secure transactions | |
| CN101615322B (en) | Mobile terminal payment method and mobile terminal payment system for realizing magnetic payment function | |
| CN105741112A (en) | Apparatus For Authentication And Payment Based On Web, Method For Authentication And Payment Based On Web, System For Authentication And Payment Based On Web And Non-Transitory Computer Readable Storage Medium Having Computer Program Recorded Thereon | |
| CN107798517A (en) | Bill payment method, apparatus and system | |
| KR20140125449A (en) | Transaction processing system and method | |
| JP2017117471A (en) | Transaction system and method to be used with mobile equipment | |
| SE536589C2 (en) | Secure two-party comparison transaction system | |
| US20130226803A1 (en) | Method and system for authenticating an entity using transaction processing | |
| JP2002298054A (en) | User authentication method, settlement method, information processing method for user authentication, information processing method for settlement, information processing system for user authentication, information processing system for settlement, and program | |
| US20150154584A1 (en) | System to enable electronic payments with mobile telephones without risk of any fraud | |
| CN106507352B (en) | The website identification method and identification terminal of short message verification code | |
| KR20160030342A (en) | Method of paying for a product or service on a commercial website via an internet connection and a corresponding terminal | |
| CN101567110A (en) | Consumer socialization zero-cash payment method and system | |
| CN102271039A (en) | Payment processing system, method and device | |
| KR20200093453A (en) | Payment system and payment method using credit card that can link with URL in online transaction | |
| Jayapandian | Business Transaction Privacy and Security Issues in Near Field Communication | |
| CN102420800A (en) | Method, system and authentication terminal for accomplishing service by multi-factor identity authentication | |
| US20140008434A1 (en) | Method for hub and spokes pan entry and payment verification | |
| CN102420800B (en) | Method, system and the certification terminal of service is completed by multiple-factor authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20161214 Termination date: 20170928 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |