CN110675151A - Transaction authentication method and device - Google Patents
Transaction authentication method and device Download PDFInfo
- Publication number
- CN110675151A CN110675151A CN201910931981.4A CN201910931981A CN110675151A CN 110675151 A CN110675151 A CN 110675151A CN 201910931981 A CN201910931981 A CN 201910931981A CN 110675151 A CN110675151 A CN 110675151A
- Authority
- CN
- China
- Prior art keywords
- client
- verification code
- customer
- transaction
- merchant
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Abstract
The invention provides a transaction authentication method and a device, wherein the method comprises the following steps: respectively receiving customer transaction information, a payment account number, voice data of a customer reading customer verification code and merchant transaction information sent by a customer and a merchant; generating a merchant verification code according to the merchant transaction information; identifying a customer verification code according to the voice data; comparing the merchant passcode to the customer passcode; if the comparison is consistent, acquiring a registered voiceprint recognition vector of the client in a preset bank client voiceprint recognition vector database according to the payment account; comparing the voiceprint recognition vector of the voice data with the registered voiceprint recognition vector of the client; the method can avoid the transaction information from being tampered by malicious programs such as Trojan horse and the like, and improves the safety of online shopping payment.
Description
Technical Field
The invention relates to an identity authentication and transaction authentication technology, in particular to an identity authentication and transaction authentication technology of online shopping payment transaction, and particularly relates to a transaction authentication method and a transaction authentication device.
Background
In the prior art, an online shopping system is established on the internet and an open computing platform, for example: due to the openness of ordinary personal PCs and mobile terminals, the environment has many security threats, such as viruses and trojans. On one hand, malicious programs such as trojans can tamper the key data of the client when the client displays the transaction data of the client and sends a request to the server. On the other hand, when the existing payment tool is used for payment, only the amount of money, the payee and the payer are displayed, and detailed information of an order, including information such as an order number, a commodity, a receiver and a receiving address, is not displayed, so that a malicious program can replace the order information of a client, but the client cannot find the risk in time, and once the client confirms the payment, the situation that an alternative person buys the order is easily caused.
Through the analysis of the examples of the potential safety hazards, the important reason that the potential safety hazards exist in the existing online shopping client side is that when a customer confirms payment, the customer does not see key information of transaction, only displays amount, a payee and a payer, does not display detailed information of an order, including information such as an order number, a commodity, a receiver and a receiving address, and cannot find out that order information is tampered in time. On the other hand, even if the detailed information of the displayed order is added, malicious programs such as trojans and the like utilize the separation of the display and the confirmation submission at the client, the data actually confirmed and submitted can be inconsistent with the data displayed to the client, and the malicious situation of the client replacing the order can still occur.
Disclosure of Invention
Aiming at the problems in the prior art, the transaction authentication method and the transaction authentication device provided by the invention can separate the transaction authentication device from the transaction terminal, display and tamper-proof verification are carried out on the key information of the transaction, and the language identification and voiceprint authentication technology is combined, so that the key information of the transaction is prevented from being identified and tampered by malicious programs such as Trojan horse and the like at the client, the safety of online shopping payment is improved, and the customer experience is improved.
In order to solve the technical problems, the invention provides the following technical scheme:
in a first aspect, the present invention provides a transaction authentication method applied to a client, including:
generating a customer verification code based on customer transaction information, the customer transaction information including: payee, amount, order number, commodity, receiver, and receiver address;
acquiring a payment account number of a client and voice data of a client reading client verification code;
and encrypting the client transaction information, the payment account and the voice data by using a preset bank public key, and sending an encryption result to the bank server so that the bank server generates feedback information based on the encryption result.
Preferably, after generating the customer verification code according to the transaction information, the method further comprises:
and displaying the transaction information and the client verification code to the client, and prompting the client to read the client verification code.
The invention also provides a transaction authentication method applicable to the bank server, which comprises the following steps:
respectively receiving customer transaction information, a payment account number, voice data of a customer reading customer verification code and merchant transaction information sent by a customer and a merchant;
generating a merchant verification code according to the merchant transaction information; the merchant transaction information includes: payee, amount, order number, commodity, receiver, and receiver address;
decrypting the encrypted data acquired from the client by using a preset bank private key to obtain client transaction information, a payment account and voice data; the encrypted data is obtained by encrypting the client transaction information, the payment account and the voice data by the client;
generating and identifying a client verification code according to the voice data;
comparing the merchant verification code with the customer verification code;
if the comparison is consistent, acquiring a registered voiceprint recognition vector of the client in a preset bank client voiceprint recognition vector database according to the payment account;
comparing the voiceprint recognition vector of the voice data with the registered voiceprint recognition vector of the client;
and if the comparison is consistent, sending the successful transaction authentication information to the client and the merchant server.
Preferably, comparing the merchant verification code to the customer verification code comprises:
comparing whether the order number in the merchant transaction information is consistent with the order number in the customer transaction information;
if so, the merchant verification code is compared with the customer verification code.
Preferably, acquiring a registered voiceprint recognition vector of the customer from a preset bank customer voiceprint recognition vector database according to the payment account number, includes:
searching a client to which the payment account belongs according to the payment account;
and searching the registered voiceprint identification vector of the client in a database of the voiceprint identification vectors of the bank clients according to the client.
In a second aspect, the present invention provides a transaction authentication device for a client, the device comprising:
a customer verification code generating unit for generating a customer verification code based on customer transaction information, the customer transaction information including: payee, amount, order number, commodity, receiver, and receiver address;
the voice data acquisition unit is used for acquiring a payment account number of a client and voice data of a client reading client verification code;
and the voice data encryption unit is used for encrypting the client transaction information, the payment account and the voice data by using a preset bank public key and sending an encryption result to the bank server so that the bank server generates feedback information based on the encryption result.
Preferably, the transaction authentication device further comprises:
and the verification code display device is used for displaying the transaction information and the client verification code to the client and prompting the client to read the client verification code.
The invention provides a transaction authentication device suitable for a bank server, which comprises:
the transaction information receiving device is used for respectively receiving the client transaction information, the payment account number, the voice data of the client reading client verification code and the merchant transaction information which are sent by the client and the merchant;
the merchant verification code generating unit is used for generating a merchant verification code according to the merchant transaction information; the merchant transaction information includes: payee, amount, order number, commodity, receiver, and receiver address;
the encrypted data decryption unit is used for decrypting the encrypted data acquired from the client by using a preset bank private key to obtain client transaction information, a payment account and voice data; the encrypted data is obtained by encrypting the client transaction information, the payment account and the voice data by the client;
a client identifying unit for identifying the client identifying code according to the voice data;
the verification code comparison unit is used for comparing the merchant verification code with the customer verification code;
the voice print acquisition unit is used for acquiring a registered voice print identification vector of a client in a preset bank client voice print identification vector database according to a payment account;
the voice print recognition vector comparison unit is used for comparing the voice print recognition vector of the voice data with the registered voice print recognition vector of the client;
and the authentication success sending unit is used for sending the transaction authentication success information to the client and the merchant server.
Preferably, the verification code comparison unit includes:
the order number comparison module is used for comparing whether the order number of the merchant is consistent with the order number of the customer in the customer transaction information;
and the verification code comparison module is used for comparing the merchant verification code with the customer verification code.
Preferably, the voiceprint acquisition unit includes:
the client searching module is used for searching a client to which the payment account belongs according to the payment account;
and the voiceprint recognition vector searching module is used for searching the registered voiceprint recognition vector of the client in the database of the voiceprint recognition vectors of the bank client according to the client.
In a third aspect, the present invention provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the transaction authentication method when executing the program.
In a fourth aspect, the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of a method of transaction authentication.
From the above description, it can be seen that the transaction authentication method and apparatus provided by the present invention separate the transaction authentication apparatus from the transaction terminal, display and tamper-proof verification are performed on the key information of the transaction, and the voice recognition and voiceprint authentication techniques are used in combination, so that the key information of the transaction is prevented from being recognized and tampered by malicious programs such as trojan horse and the like at the client, and the security of online shopping payment is improved. Specifically, the method includes the steps that transaction key information is participated in a verification code generation process through a transaction short signature implementation mode, so that the verification code can only be used for the transaction, and if the transaction is tampered or the verification code is used for other transactions, a bank server cannot verify the transaction; the short signature ensures that the transaction data cannot be tampered, plays a role in transaction non-repudiation and improves the security of transaction authentication. Meanwhile, the anti-tampering short signature verification code is combined with the voice recognition technology and the voiceprint authentication technology, so that the operation of a client is further simplified, and the experience of the client is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a first flowchart illustrating a transaction authentication method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a second exemplary embodiment of a transaction authentication method;
FIG. 3 is a third flowchart illustrating a transaction authentication method according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating step 203 in an embodiment of the present invention;
FIG. 5 is a flowchart illustrating step 206 according to an embodiment of the present invention;
FIG. 6 is a flow chart illustrating a transaction authentication method according to an embodiment of the present invention;
FIG. 7 is a first schematic diagram illustrating a transaction authentication device according to an embodiment of the present invention;
FIG. 8 is a second schematic diagram of a transaction authentication device according to an embodiment of the present invention;
FIG. 9 is a third schematic view of a transaction authentication device according to an embodiment of the present invention;
FIG. 10 is a schematic diagram illustrating a structure of an exemplary verification code comparison unit;
fig. 11 is a schematic structural diagram of an electronic device in an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In view of the prior art, online shopping has the following problems that, on one hand, a client does not see key information of transaction when conducting transaction, only displays amount, a payee and a payer, does not display detailed information of an order, including information such as an order number, a commodity, a receiver and a receiving address, and the order information cannot be found in time after being tampered, and on the other hand, even if the detailed information of the displayed order is increased, malicious programs such as trojans and the like are utilized to separate the display and the confirmation submission on the client, data actually confirmed and submitted can be inconsistent with data displayed to the client, and the situation that the client replaces the user to buy the order can still occur. Based on this, the embodiment of the present invention provides a specific implementation of a transaction authentication method applicable to a client, and referring to fig. 1, the method specifically includes the following steps:
step 100: a customer verification code is generated based on the customer transaction information.
In a specific implementation of step 100, a password generation algorithm (such as a digest algorithm and a symmetric encryption algorithm) may be used to generate the customer verification code according to the customer transaction information. The customer transaction information includes: payee, amount, order number, merchandise, recipient, and shipping address.
Step 200: and acquiring a payment account number of the client and voice data of the client reading the client verification code.
Step 200 may be described in the following specific scenario, where the verification code in step 100 is prompted to the client, the client may be prompted to read the verification code in a text prompt or voice prompt manner, and voice data of the verification code is collected by the client through a voice collecting device, where the voice collecting device may include a sound pickup, a gain amplifier, a filter, and the like.
Step 300: and encrypting the client transaction information, the payment account and the voice data by using a preset bank public key, and sending an encryption result to the bank server so that the bank server generates feedback information based on the encryption result.
From the above description, it can be seen that the transaction authentication method provided by the present invention separates the transaction authentication device from the transaction terminal, displays and verifies the key information of the transaction against tampering, and combines the voice recognition and voiceprint authentication technologies, so as to avoid the key information of the transaction from being recognized and tampered by malicious programs such as trojan horse and the like at the client, thereby improving the security of online shopping payment. Specifically, the method includes the steps that transaction key information is participated in a verification code generation process through a transaction short signature implementation mode, so that the verification code can only be used for the transaction, and if the transaction is tampered or the verification code is used for other transactions, a bank server cannot verify the transaction; the short signature ensures that the transaction data cannot be tampered, plays a role in transaction non-repudiation and improves the security of transaction authentication. Meanwhile, the anti-tampering short signature verification code is combined with the voice recognition technology and the voiceprint authentication technology, so that the operation of a client is further simplified, and the experience of the client is improved.
In one embodiment, referring to fig. 2, after step 100, the transaction authentication method further comprises:
step 400: and displaying the transaction information and the client verification code to the client, and prompting the client to read the client verification code.
The embodiment of the present invention further provides a specific implementation manner of a transaction authentication method suitable for a bank server, and referring to fig. 3, the method specifically includes the following steps:
step 201: and respectively receiving the customer transaction information, the payment account number, the voice data of the customer reading customer verification code and the merchant transaction information sent by the customer and the merchant.
It can be understood that, in step 201, the client (client authentication device) is separated from the merchant terminal, so that the possibility that the transaction key information is maliciously operated by a malicious program such as trojan horse and the like on the client is avoided, and the security of online shopping payment data can be improved.
Step 202: generating a merchant verification code according to the merchant transaction information; the merchant transaction information includes: payee, amount, order number, merchandise, recipient, and shipping address.
It is understood that the merchant transaction information in step 202 and the customer transaction information in step 100 should be consistent without being tampered with by a malicious program, and specifically, the merchant verification code is generated from the merchant transaction information by using the same password generation algorithm (such as a digest algorithm, a symmetric encryption algorithm, etc.) as in step 100.
Step 203: decrypting the encrypted data acquired from the client by using a preset bank private key to obtain client transaction information, a payment account and voice data; the encrypted data is obtained by encrypting the client transaction information, the payment account number and the voice data by the client.
It will be appreciated that the bank private key in step 203 corresponds to the bank public key in step 300, and further that
The encrypted data in step 203 includes the customer transaction information and the voice data of the customer reading the customer verification code, which is identical to the voice data in step 200.
Step 204: and identifying the client verification code according to the voice data.
By parsing the voice data, the digital form of the verification code in the voice data is obtained.
Step 205: the merchant passcode is compared to the customer passcode.
Step 206: and if the comparison is consistent, acquiring the registered voiceprint recognition vector of the client in a preset bank client voiceprint recognition vector database according to the payment account.
In step 206, if the merchant verification code is consistent with the customer verification code, the transaction authentication is considered to pass primarily, and if not, the transaction failure result information is returned to the client and the merchant server.
Step 207: the voiceprint recognition vector of the speech data is compared with the registered voiceprint recognition vector of the client.
Step 208: and if the comparison is consistent, sending the successful transaction authentication information to the client and the merchant server.
It is understood that, if the comparison result in step 207 is consistent, the transaction authentication is considered to be finally passed, and the account number is subjected to accounting processing, so that the transaction is completed. Otherwise, returning the information of the transaction failure result to the client and the merchant server.
In an embodiment, referring to fig. 4, step 203 specifically includes:
step 2031: and comparing whether the order number in the merchant transaction information is consistent with the order number in the customer transaction information.
Step 2032: if so, the merchant verification code is compared with the customer verification code.
It is understood that steps 2031 to 2032 are the preliminary verification of the transaction between the customer and the merchant, that is, if the order number sent by the merchant is not consistent with the order number sent by the customer, there is a possibility of the transaction being tampered by trojan and malicious programs (the order information is tampered by the malicious programs such as trojan or trojan, etc. being separated from the display and confirmation submission on the customer, the actual confirmation submission data can be inconsistent with the data displayed to the customer, which results in the customer buying the order for others).
In one embodiment, referring to fig. 5, step 206 specifically includes:
step 2061: and searching the client to which the payment account belongs according to the payment account.
Step 2062: and searching the registered voiceprint identification vector of the client in a database of the voiceprint identification vectors of the bank clients according to the client.
From the above description, it can be seen that the transaction authentication method provided by the present invention separates the transaction authentication device from the transaction terminal, displays and verifies the key information of the transaction against tampering, and combines the voice recognition and voiceprint authentication technologies, so as to avoid the key information of the transaction from being recognized and tampered by malicious programs such as trojan horse and the like at the client, thereby improving the security of online shopping payment. Specifically, the method includes the steps that transaction key information is participated in a verification code generation process through a transaction short signature implementation mode, so that the verification code can only be used for the transaction, and if the transaction is tampered or the verification code is used for other transactions, a bank server cannot verify the transaction; the short signature ensures that the transaction data cannot be tampered, plays a role in transaction non-repudiation and improves the security of transaction authentication. Meanwhile, the anti-tampering short signature verification code is combined with the voice recognition technology and the voiceprint authentication technology, so that the operation of a client is further simplified, and the experience of the client is improved.
To further illustrate the present solution, the present invention provides a specific application example of the transaction authentication method, which specifically includes the following contents, see fig. 6.
S0: and acquiring the transaction information and the payment account number of the client.
The customer transaction information in step S0 may be acquired in a two-dimensional code and one-dimensional code scanning manner or a wireless manner, and the customer transaction information includes: payee, amount, order number, merchandise, recipient, and shipping address.
S1: and generating a client verification code according to the client transaction information and the password generation algorithm.
The client authentication code may be generated based on the client transaction information and a password generation algorithm (e.g., a digest algorithm, a symmetric encryption algorithm, or the like).
S2: the customer transaction information is presented to the customer and the customer is prompted to read the customer verification code.
S3: and acquiring voice data of the client reading the client verification code.
S4: and encrypting the client transaction information, the payment account number and the voice data.
Specifically, the preset bank public key is used for encrypting the client transaction information, the payment account number and the voice data, and the encrypted result is sent to the bank server, so that the bank server generates feedback information based on the encrypted result. It is understood that steps S0 through S4 may be performed by the client.
S5: and respectively receiving the customer transaction information, the payment account number, the voice data and the merchant transaction information sent by the customer and the merchant.
The merchant transaction information includes: payee, amount, order number, merchandise, recipient, and shipping address. It will be appreciated that the customer transaction information and merchant transaction information should be consistent without malicious program tampering.
S6: and generating a merchant verification code according to the merchant transaction information.
Specifically, according to the merchant transaction information and the password generation algorithm (such as a digest algorithm, a symmetric encryption algorithm, or the like), the password generation algorithm needs to be the same as the password generation algorithm in step S1, so as to generate a merchant verification code, and associate the verification code with the order number in the merchant transaction information.
S7: and decrypting the encrypted data acquired from the client by using a preset bank private key to obtain the client transaction information, the payment account and the client verification code.
It should be noted that the encrypted data in step S7 is obtained by encrypting the client transaction information and the voice data of the client authentication code read by the client.
S8: and comparing whether the merchant order number is consistent with the customer order number in the customer transaction information.
Specifically, the order number is matched with the verification code associated with the order number, if the matching is successful, the subsequent processing is continued, and otherwise, the information of the transaction failure result is returned to the client and the merchant server.
S9: the merchant passcode is compared to the customer passcode.
It will be appreciated that the voice data may also need to be parsed before S9 to obtain the digital form of the customer verification code. If the comparison result of step S8 is consistent, the merchant verification code is compared with the customer verification code.
S10: and acquiring a registered voiceprint recognition vector of the client in a preset bank client voiceprint recognition vector database according to the payment account.
It can be understood that, if the comparison result in step S9 is consistent, the client is identified by the decrypted payment account and the registered voiceprint identification vector of the client is obtained, then the voiceprint identification vector of the decrypted voice data is compared with the registered voiceprint identification vector to determine whether the transaction is a personal operation, if the comparison is passed, the payment account is subjected to accounting processing and transaction processing result information is fed back to the merchant server and the client, otherwise, transaction failure result information is returned to the client and the merchant server, where the payment account is in one-to-one correspondence with the client and the registered voiceprint identification vector of the client. It is understood that steps S5 through S10 may be performed by the bank server.
From the above description, it can be seen that the transaction authentication method provided by the present invention separates the transaction authentication device from the transaction terminal, displays and verifies the key information of the transaction against tampering, and combines the voice recognition and voiceprint authentication technologies, so as to avoid the key information of the transaction from being recognized and tampered by malicious programs such as trojan horse and the like at the client, thereby improving the security of online shopping payment. Specifically, the method includes the steps that transaction key information is participated in a verification code generation process through a transaction short signature implementation mode, so that the verification code can only be used for the transaction, and if the transaction is tampered or the verification code is used for other transactions, a bank server cannot verify the transaction; the short signature ensures that the transaction data cannot be tampered, plays a role in transaction non-repudiation and improves the security of transaction authentication. Meanwhile, the anti-tampering short signature verification code is combined with the voice recognition technology and the voiceprint authentication technology, so that the operation of a client is further simplified, and the experience of the client is improved.
Based on the same inventive concept, the embodiment of the present application further provides a transaction authentication device, which can be used to implement the methods described in the above embodiments, such as the following embodiments. Because the principle of the transaction authentication device for solving the problems is similar to the transaction authentication method, the transaction authentication device can be implemented by the transaction authentication method, and repeated details are not repeated. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. While the system described in the embodiments below is preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.
An embodiment of the present invention provides a specific implementation of a transaction authentication device suitable for a client, which is capable of implementing a transaction authentication method, and referring to fig. 7, the transaction authentication device suitable for the client specifically includes the following contents:
a client verification code generating unit 10 for generating a client verification code based on client transaction information, the client transaction information including: payee, amount, order number, commodity, receiver, and receiver address;
a voice data acquiring unit 20, configured to acquire a payment account of a client and voice data of a client verification code read by the client;
the voice data encryption unit 30 is configured to encrypt the client transaction information, the payment account and the voice data by using a preset public key of the bank, and send an encryption result to the bank server, so that the bank server generates feedback information based on the encryption result.
In one embodiment, referring to fig. 8, the transaction authentication device for the client further includes:
and the verification code display device 40 is used for displaying the transaction information and the client verification code to the client and prompting the client to read the client verification code.
The embodiment of the present invention further provides a specific implementation manner of a transaction authentication device suitable for a bank server, which is capable of implementing a transaction authentication method, and referring to fig. 9, the transaction authentication device suitable for the bank server specifically includes the following contents:
the transaction information receiving device 201 is used for respectively receiving the client transaction information, the payment account number, the voice data of the client reading client verification code and the merchant transaction information sent by the client and the merchant;
a merchant verification code generating unit 202, configured to generate a merchant verification code according to merchant transaction information; the merchant transaction information includes: payee, amount, order number, merchandise, recipient, and shipping address.
The encrypted data decryption unit 203 is used for decrypting the encrypted data acquired from the client by using a preset bank private key to obtain client transaction information, a payment account and voice data; the encrypted data is obtained by encrypting the client transaction information, the payment account number and the voice data by the client.
A client authentication code recognition unit 204 for recognizing a client authentication code based on the voice data;
a verification code comparison unit 205, configured to compare the merchant verification code with the customer verification code;
a voiceprint acquisition unit 206, configured to acquire a registered voiceprint identification vector of a client from a preset bank client voiceprint identification vector database according to a payment account;
a voiceprint recognition vector comparison unit 207 for comparing the voiceprint recognition vector of the voice data with the registered voiceprint recognition vector of the client;
and an authentication success sending unit 208, configured to send transaction authentication success information to the client and the merchant server.
In one embodiment, referring to fig. 10, the verification code comparison unit 205 includes:
and an order number comparison module 2051 for comparing whether the merchant order number is consistent with the customer order number in the customer transaction information.
A verification code comparison module 2052 configured to compare the merchant verification code with the customer verification code.
From the above description, it can be seen that the transaction authentication device provided by the present invention separates the transaction authentication device from the transaction terminal, displays and verifies the key information of the transaction against tampering, and combines the voice recognition and voiceprint authentication technologies, so as to avoid the key information of the transaction from being recognized and tampered by malicious programs such as trojan horse and the like at the client, and improve the security of online shopping payment. Specifically, the method includes the steps that transaction key information is participated in a verification code generation process through a transaction short signature implementation mode, so that the verification code can only be used for the transaction, and if the transaction is tampered or the verification code is used for other transactions, a bank server cannot verify the transaction; the short signature ensures that the transaction data cannot be tampered, plays a role in transaction non-repudiation and improves the security of transaction authentication. Meanwhile, the anti-tampering short signature verification code is combined with the voice recognition technology and the voiceprint authentication technology, so that the operation of a client is further simplified, and the experience of the client is improved.
An embodiment of the present application further provides a specific implementation manner of an electronic device, which is capable of implementing all steps in the transaction authentication method in the foregoing embodiment, and referring to fig. 11, the electronic device specifically includes the following contents:
a processor (processor)1201, a memory (memory)1202, a communication interface 1203, and a bus 1204;
the processor 1201, the memory 1202 and the communication interface 1203 complete communication with each other through the bus 1204; the communication interface 1203 is configured to implement information transmission between related devices, such as a server-side device, a sound collection device, and a client device.
The processor 1201 is used to call the computer program in the memory 1202, and the processor executes the computer program to implement all the steps in the transaction authentication method in the above embodiments, for example, the processor executes the computer program to implement the following steps:
step 201: and respectively receiving the customer transaction information, the payment account number, the voice data of the customer reading customer verification code and the merchant transaction information sent by the customer and the merchant.
Step 202: generating a merchant verification code according to the merchant transaction information; the merchant transaction information includes: payee, amount, order number, merchandise, recipient, and shipping address.
Step 203: decrypting the encrypted data acquired from the client by using a preset bank private key to obtain client transaction information, a payment account and voice data; the encrypted data is obtained by encrypting the client transaction information, the payment account number and the voice data by the client.
Step 204: and identifying the client verification code according to the voice data.
Step 205: the merchant passcode is compared to the customer passcode.
Step 206: and if the comparison is consistent, acquiring the registered voiceprint recognition vector of the client in a preset bank client voiceprint recognition vector database according to the payment account.
Step 207: comparing the voiceprint recognition vector of the voice data with the registered voiceprint recognition vector of the client;
step 208: and if the comparison is consistent, sending the successful transaction authentication information to the client and the merchant server.
As can be seen from the above description, in the electronic device in the embodiment of the present application, the transaction authentication device is separated from the transaction terminal, the key information of the transaction is displayed and verified against tampering, and the voice recognition and voiceprint authentication technologies are used in combination, so that the key information of the transaction is prevented from being recognized and tampered by malicious programs such as trojans at the client, and the security of online shopping payment is improved. Specifically, the method includes the steps that transaction key information is participated in a verification code generation process through a transaction short signature implementation mode, so that the verification code can only be used for the transaction, and if the transaction is tampered or the verification code is used for other transactions, a bank server cannot verify the transaction; the short signature ensures that the transaction data cannot be tampered, plays a role in transaction non-repudiation and improves the security of transaction authentication. Meanwhile, the anti-tampering short signature verification code is combined with the voice recognition technology and the voiceprint authentication technology, so that the operation of a client is further simplified, and the experience of the client is improved.
Embodiments of the present application also provide a computer-readable storage medium capable of implementing all steps in the transaction authentication method in the above embodiments, where a computer program is stored on the computer-readable storage medium, and when executed by a processor, the computer program implements all steps of the transaction authentication method in the above embodiments.
Step 201: and respectively receiving the customer transaction information, the payment account number, the voice data of the customer reading customer verification code and the merchant transaction information sent by the customer and the merchant.
Step 202: generating a merchant verification code according to the merchant transaction information; the merchant transaction information includes: payee, amount, order number, merchandise, recipient, and shipping address.
Step 203: decrypting the encrypted data acquired from the client by using a preset bank private key to obtain client transaction information, a payment account and voice data; the encrypted data is obtained by encrypting the client transaction information, the payment account number and the voice data by the client.
Step 204: and identifying the client verification code according to the voice data.
Step 205: the merchant passcode is compared to the customer passcode.
Step 206: and if the comparison is consistent, acquiring the registered voiceprint recognition vector of the client in a preset bank client voiceprint recognition vector database according to the payment account.
Step 207: the voiceprint recognition vector of the speech data is compared with the registered voiceprint recognition vector of the client.
Step 208: and if the comparison is consistent, sending the successful transaction authentication information to the client and the merchant server.
As can be seen from the above description, in the computer-readable storage medium in the embodiment of the present application, the transaction authentication device is separated from the transaction terminal, the key information of the transaction is displayed and verified against tampering, and the voice recognition and voiceprint authentication technologies are used in combination, so that the key information of the transaction is prevented from being recognized and tampered by a malicious program such as a trojan horse at the client, and the security of online shopping payment is improved. Specifically, the method includes the steps that transaction key information is participated in a verification code generation process through a transaction short signature implementation mode, so that the verification code can only be used for the transaction, and if the transaction is tampered or the verification code is used for other transactions, a bank server cannot verify the transaction; the short signature ensures that the transaction data cannot be tampered, plays a role in transaction non-repudiation and improves the security of transaction authentication. Meanwhile, the anti-tampering short signature verification code is combined with the voice recognition technology and the voiceprint authentication technology, so that the operation of a client is further simplified, and the experience of the client is improved.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the hardware + program class embodiment, since it is substantially similar to the method embodiment, the description is simple, and the relevant points can be referred to the partial description of the method embodiment.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Although the present application provides method steps as in an embodiment or a flowchart, more or fewer steps may be included based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or client product executes, it may execute sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) according to the embodiments or methods shown in the figures.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (12)
1. A transaction authentication method, comprising:
generating a customer verification code based on customer transaction information, the customer transaction information including: payee, amount, order number, commodity, receiver, and receiver address;
acquiring a payment account number of the client and voice data of reading the client verification code by the client;
and encrypting the client transaction information, the payment account and the voice data by using a preset bank public key, and sending an encryption result to a bank server so that the bank server generates feedback information based on the encryption result.
2. The transaction authentication method of claim 1, further comprising, after generating a customer verification code based on the transaction information:
and displaying the transaction information and the client verification code to the client, and prompting the client to read the client verification code.
3. A transaction authentication method, comprising:
respectively receiving customer transaction information, a payment account number, voice data of a customer reading customer verification code and merchant transaction information sent by a customer and a merchant;
generating a merchant verification code according to the merchant transaction information; the merchant transaction information includes: payee, amount, order number, commodity, receiver, and receiver address;
decrypting encrypted data acquired from a client by using a preset bank private key to obtain the client transaction information, the payment account and the voice data; the encrypted data is obtained by encrypting the client transaction information, the payment account and the voice data by the client;
identifying a customer verification code according to the voice data;
comparing the merchant passcode to the customer passcode;
if the comparison is consistent, acquiring a registered voiceprint recognition vector of the client in a preset bank client voiceprint recognition vector database according to the payment account;
comparing the voiceprint recognition vector of the voice data with the registered voiceprint recognition vector of the client;
and if the comparison is consistent, sending successful transaction authentication information to the client and the merchant server.
4. The transaction authentication method of claim 3, wherein said comparing the merchant verification code to the customer verification code comprises:
comparing whether the order number in the merchant transaction information is consistent with the order number in the customer transaction information;
and if the merchant verification code and the customer verification code are consistent, comparing the merchant verification code with the customer verification code.
5. The transaction authentication method as claimed in claim 3, wherein said obtaining the registered voiceprint recognition vector of the customer from the preset database of voiceprint recognition vectors of the bank customer according to the payment account number comprises:
searching a client to which the payment account belongs according to the payment account;
and searching the registered voiceprint recognition vector of the client in the database of the voiceprint recognition vectors of the bank clients according to the client.
6. A transaction authentication device, comprising:
a customer verification code generating unit for generating a customer verification code based on customer transaction information, the customer transaction information including: payee, amount, order number, commodity, receiver, and receiver address;
the voice data acquisition unit is used for acquiring the payment account number of the client and the voice data of the client reading the client verification code;
and the voice data encryption unit is used for encrypting the client transaction information, the payment account and the voice data by using a preset bank public key and sending an encryption result to a bank server so that the bank server generates feedback information based on the encryption result.
7. The transaction authentication device of claim 6, further comprising:
and the verification code display device is used for displaying the transaction information and the client verification code to the client and prompting the client to read the client verification code.
8. A transaction authentication device, comprising:
the transaction information receiving device is used for respectively receiving the client transaction information, the payment account number, the voice data of the client reading client verification code and the merchant transaction information which are sent by the client and the merchant;
the merchant verification code generating unit is used for generating a merchant verification code according to the merchant transaction information; the merchant transaction information includes: payee, amount, order number, commodity, receiver, and receiver address;
the encrypted data decryption unit is used for decrypting encrypted data acquired from a client by using a preset bank private key to obtain the client transaction information, the payment account and the voice data; the encrypted data is obtained by encrypting the client transaction information, the payment account and the voice data by the client;
the client identifying unit is used for identifying the client identifying code according to the voice data;
the verification code comparison unit is used for comparing the merchant verification code with the customer verification code;
the voice print acquisition unit is used for acquiring a registered voice print identification vector of the client in a preset bank client voice print identification vector database according to the payment account;
a voiceprint recognition vector comparison unit, configured to compare a voiceprint recognition vector of the voice data with a registered voiceprint recognition vector of the client;
and the authentication success sending unit is used for sending the transaction authentication success information to the client and the merchant server.
9. The transaction authentication device of claim 8, wherein the verification code comparison unit comprises:
the order number comparison module is used for comparing whether the order number of the merchant is consistent with the order number of the customer in the customer transaction information;
and the verification code comparison module is used for comparing the merchant verification code with the customer verification code.
10. The transaction authentication device according to claim 8, wherein the voiceprint acquisition unit includes:
the client searching module is used for searching a client to which the payment account belongs according to the payment account;
and the voiceprint recognition vector searching module is used for searching the registered voiceprint recognition vector of the client in the bank client voiceprint recognition vector database according to the client.
11. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the transaction authentication method according to any one of claims 1 to 5 are carried out when the program is executed by the processor.
12. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the transaction authentication method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910931981.4A CN110675151A (en) | 2019-09-29 | 2019-09-29 | Transaction authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910931981.4A CN110675151A (en) | 2019-09-29 | 2019-09-29 | Transaction authentication method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110675151A true CN110675151A (en) | 2020-01-10 |
Family
ID=69080045
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910931981.4A Pending CN110675151A (en) | 2019-09-29 | 2019-09-29 | Transaction authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110675151A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111784549A (en) * | 2020-07-23 | 2020-10-16 | 嘉兴长润线业有限公司 | Real estate information interaction system and method thereof |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102819911A (en) * | 2012-07-17 | 2012-12-12 | 武汉天喻信息产业股份有限公司 | Ticket buying and checking method and movie ticket service system |
| CN103353973A (en) * | 2013-06-17 | 2013-10-16 | 上海方付通商务服务有限公司 | Banking transaction authentication method based on video verification, and banking transaction authentication system based on video verification |
| CN104168117A (en) * | 2014-08-20 | 2014-11-26 | 中国农业银行股份有限公司苏州分行 | Voice digital signature method |
| CN109255621A (en) * | 2018-09-30 | 2019-01-22 | 中国银行股份有限公司 | A kind of information processing method and system |
| CN109993512A (en) * | 2019-04-10 | 2019-07-09 | 湖北随行易付网络科技有限公司 | It is a kind of without netting very fast small amount payment secured account system and method |
-
2019
- 2019-09-29 CN CN201910931981.4A patent/CN110675151A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102819911A (en) * | 2012-07-17 | 2012-12-12 | 武汉天喻信息产业股份有限公司 | Ticket buying and checking method and movie ticket service system |
| CN103353973A (en) * | 2013-06-17 | 2013-10-16 | 上海方付通商务服务有限公司 | Banking transaction authentication method based on video verification, and banking transaction authentication system based on video verification |
| CN104168117A (en) * | 2014-08-20 | 2014-11-26 | 中国农业银行股份有限公司苏州分行 | Voice digital signature method |
| CN109255621A (en) * | 2018-09-30 | 2019-01-22 | 中国银行股份有限公司 | A kind of information processing method and system |
| CN109993512A (en) * | 2019-04-10 | 2019-07-09 | 湖北随行易付网络科技有限公司 | It is a kind of without netting very fast small amount payment secured account system and method |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111784549A (en) * | 2020-07-23 | 2020-10-16 | 嘉兴长润线业有限公司 | Real estate information interaction system and method thereof |
| CN111784549B (en) * | 2020-07-23 | 2024-02-02 | 嘉兴长润线业有限公司 | Real estate information interaction system and method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10341123B2 (en) | User identification management system and method | |
| TWI716056B (en) | Identity authentication, number storage and sending, and number binding method, device and equipment | |
| CA2945703C (en) | Systems, apparatus and methods for improved authentication | |
| CN107251595B (en) | Secure authentication of users and mobile devices | |
| US9847997B2 (en) | Server based biometric authentication | |
| CN104767735B (en) | information security processing method, processing server and processing client | |
| US20200382306A1 (en) | Biometric verification process using certification token | |
| CN110930147B (en) | Offline payment method and device, electronic equipment and computer-readable storage medium | |
| WO2017000479A1 (en) | Identity information authentication method, user terminal, service terminal, authentication server, and service system | |
| US20120254041A1 (en) | One-time credit card numbers | |
| EP4114062A1 (en) | Activation of an application session based on authentication of a user device and a characteristic of the user device | |
| JP6657265B2 (en) | Method and apparatus for service authentication | |
| CN110929237A (en) | Identity verification system, method and device and information verification system | |
| US11037146B2 (en) | Managing product returns associated with a user device | |
| CN110675151A (en) | Transaction authentication method and device | |
| CN110675158A (en) | Transaction payment method and device | |
| CN107947934B (en) | Fingerprint identification and authentication system and method of mobile terminal based on bank system | |
| CN114245374B (en) | Security authentication method, system and related equipment | |
| CN106533685B (en) | Identity authentication method, device and system | |
| CN110740112B (en) | Authentication method, apparatus and computer readable storage medium | |
| KR101639548B1 (en) | Systems and methods for object processing | |
| US20200286072A1 (en) | Information processing apparatus, information processing system, and information processing method, and program | |
| CN112395579A (en) | Electronic signature generation method and device based on face recognition and cloud certificate | |
| CN111340484A (en) | Payment verification method, device, system, storage medium and computer equipment | |
| CN110351302B (en) | Bank account login method, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200110 |
|
| RJ01 | Rejection of invention patent application after publication |