WO2015101273A1 - Security verification method, and related device and system - Google Patents

Security verification method, and related device and system Download PDF

Info

Publication number
WO2015101273A1
WO2015101273A1 PCT/CN2014/095467 CN2014095467W WO2015101273A1 WO 2015101273 A1 WO2015101273 A1 WO 2015101273A1 CN 2014095467 W CN2014095467 W CN 2014095467W WO 2015101273 A1 WO2015101273 A1 WO 2015101273A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
information
verification
user
wearable device
Prior art date
Application number
PCT/CN2014/095467
Other languages
French (fr)
Chinese (zh)
Inventor
杨小伟
Original Assignee
腾讯科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 腾讯科技(深圳)有限公司 filed Critical 腾讯科技(深圳)有限公司
Publication of WO2015101273A1 publication Critical patent/WO2015101273A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • the present invention relates to the field of Internet technologies, and in particular, to a security verification method, related device, and system.
  • the authentication method is to authenticate by SMS verification code, and the SMS verification code is established on the mobile phone channel. If the mobile phone cannot receive the short message normally, the payment behavior cannot be completed normally; if the mobile phone is lost, the security verification cannot be performed in a short time, and It may happen that another person uses the lost mobile phone to perform SMS verification, thereby counterfeiting the user for business processing, resulting in security risks of the user's assets or personal information.
  • the embodiment of the invention provides a security verification method, a related device and a system, which can be verified by using the verification information stored in the wearable device of the user, so that the service processing for the service request is more secure and convenient.
  • an embodiment of the present invention provides a security verification method, where the method includes:
  • the service terminal acquires user authentication information pre-stored in the wearable device from the wearable device of the user by using a short-range communication manner;
  • the service terminal sends a service request to the service server, where the service request includes service information and the user verification information;
  • the service server performs verification on the user verification information, and if the verification succeeds, performs service processing on the service request.
  • the embodiment of the present invention further provides a security verification method, where the method includes:
  • the service terminal acquires user authentication information pre-stored in the wearable device from the wearable device of the user by using a short-range communication manner;
  • the service terminal sends a service request to the service server, where the service request includes the service information and the user verification information, so that the service server checks the user verification information, and if the verification is successful, the service terminal
  • the service server performs business processing on the service request.
  • an embodiment of the present invention further provides a security verification method, where the method includes:
  • the wearable device sends the user authentication information pre-stored in the wearable device to the service terminal in a short-distance communication manner, so that the service terminal sends a service request to the service server, where the service request includes service information and The user verification information, the service server performs verification on the user verification information, and if the verification is successful, performs service processing on the service request.
  • the embodiment of the present invention further provides a secure payment method, where the secure payment method includes:
  • the payment terminal acquires user verification information pre-stored in the wearable device from the wearable device of the user by using a short-range communication manner;
  • the payment terminal sends a payment request to the payment server, where the payment request includes order information and the user verification information;
  • the payment server verifies the user verification information, and if the verification is successful, performs payment processing on the payment request.
  • an embodiment of the present invention further provides a service terminal, where the service terminal includes a memory, and one or more programs, where one or more programs are stored in a memory and configured to be one or more
  • the processor executes instructions included in the one or more programs for performing the following methods:
  • an embodiment of the present invention further provides a wearable device, where the wearable device includes a memory, and one or more programs, wherein one or more programs are stored in the memory and configured to be one or More than one processor executes instructions included in the one or more programs for performing the following methods:
  • the service server verifies the user verification information, and if the verification is successful, performs service processing on the service request.
  • the embodiment of the present invention obtains the user verification information pre-stored in the wearable device from the wearable device of the user, and sends a service request to the service server, where the service request includes the service information and the user.
  • the verification information is used to enable the service server to verify the user verification information. If the verification is successful, the service request is processed, and the verification information stored in the user's wearable device can be used for service verification. Make business processing safer and more convenient.
  • FIG. 1 is a schematic flow chart of a security verification method according to an embodiment of the present invention.
  • FIG. 2 is a schematic flow chart of a security verification method in another embodiment of the present invention.
  • FIG. 3 is a schematic flow chart of a security verification method in another embodiment of the present invention.
  • FIG. 4 is a schematic flow chart of a security verification method in another embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a service terminal according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a service terminal according to another embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of a wearable device according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a wearable device according to another embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of a security verification system in an embodiment of the present invention.
  • FIG. 10 is a schematic structural diagram of a secure payment system according to an embodiment of the present invention.
  • FIG. 11 is a schematic structural diagram of a service terminal according to another embodiment of the present invention.
  • FIG. 12 is a schematic structural diagram of a wearable device according to an embodiment of the present invention.
  • the service terminal in the embodiment of the present invention may include an Internet device such as a personal computer, a tablet computer, a smart phone, an e-reader, and an in-vehicle terminal, and can log in to the service server to perform an online payment service by using a user account.
  • a wearable device that can be worn directly on the user or integrated into the user's clothing or accessories, can include a smart bracelet, a smart wristband, a smart watch, smart glasses, and various smart accessories.
  • the service terminal is used for secure payment.
  • the security verification method in this embodiment may include:
  • the service terminal acquires user verification information pre-stored in the wearable device from the wearable device of the user by using a short-range communication manner.
  • the user can initiate an online payment request through the service terminal.
  • the service terminal can initiate the establishment according to the payment instruction input by the user.
  • the short-range communication connection with the wearable device specifically, a Bluetooth connection, a NFC (Near Field Communication) connection, etc., for example, after the user clicks “confirm payment”, the service terminal turns on the Bluetooth function and performs the Bluetooth device. Searching, the user wearable device keeps the Bluetooth on state by default, and can automatically establish a Bluetooth connection with the wearable device after the service terminal searches for the user's wearable device.
  • the user verification information pre-stored in the wearable device may be acquired from the wearable device by using the established short-range communication connection, where the user
  • the verification information may include a user digital certificate or other user's payment verification password, password, and the like.
  • the user authentication information obtained by the service terminal from the wearable device may be that the wearable device encrypts according to the preset user private key.
  • the obtained user verification information may also be in advance.
  • Verification by the service terminal encryption or service server encryption and then stored in the wearable device
  • the information service terminal cannot decrypt the user verification information in the process of obtaining the user verification information and using the user verification information, thereby ensuring the security of the user verification information in the payment transmission process.
  • the service terminal sends a service request to a service server, where the service request includes service information and the user verification information.
  • the service terminal may send a service request to the service server, where the service request may include service information and user authentication information obtained from the user's wearable device, and the service request.
  • the service information may include payment information such as a transaction order and a payment amount, and may also include login information such as a login account and a login password for logging in to the service server using the user account, and the like.
  • the service server performs verification on the user verification information, and if the verification succeeds, performs service processing on the service request.
  • the service server may perform verification on the user verification information in the service request, and if the verification succeeds, perform service processing on the service request.
  • the user authentication information obtained by the preferred service terminal from the wearable device may be encrypted by using a preset user private key, and the service server may use the user public key corresponding to the user to authenticate the encrypted user.
  • the information is decrypted, and the decrypted user verification information is verified according to the pre-stored reference user verification information. If the verification is successful, the service request is subjected to subsequent service processing, that is, the service information in the service request is obtained (such as transaction orders, payment amounts and other information), for subsequent business processing (such as online payment processing, etc.); if the verification fails, the business server can directly reject the current business request.
  • the service terminal of the present embodiment obtains the user authentication information pre-stored in the wearable device by using the proximity communication method from the user's wearable device, and sends a service request to the service server, where the service request includes the service information and the The user verification information is used to enable the service server to verify the user verification information. If the verification is successful, the service request is processed, and the verification information stored in the user's wearable device can be used for calibration. To make business processing for business requests safer and more convenient.
  • the security verification method in this embodiment may include the following steps:
  • the service terminal acquires the device identifier of the user's wearable device by using the short-range communication manner.
  • the user can wear a smart phone, a smart wristband, a smart watch, a smart glasses or various smart accessories devices through a business terminal such as a personal computer, a tablet computer, a smart phone, an e-reader or an in-vehicle terminal.
  • the device obtains the device identifier of the wearable device, and the device identifier uniquely identifies the wearable device, and may be an identifier of the wearable device or the like.
  • the user can initiate an online payment request through the service terminal, confirm the goods to be purchased when browsing the e-commerce website, and log in to the service server to perform online payment after confirming the order.
  • the service terminal can initiate establishment and the user according to the payment instruction input by the user.
  • the data connection of the wearable device may be a Bluetooth connection or an NFC connection, and obtain the device identifier of the wearable device through the established data connection.
  • the Bluetooth connection is used, and the service terminal can perform Bluetooth device search and wearable.
  • the device performs Bluetooth pairing to establish a Bluetooth connection with the wearable device.
  • the service terminal may also establish a Bluetooth connection with the wearable device according to the Bluetooth identifier of the wearable device pre-stored in the service terminal. Then, the device identification of the wearable device can be obtained through the established Bluetooth connection.
  • the service terminal sends the device identifier of the wearable device to the service server.
  • the service server performs binding verification according to the device identifier and the identifier information of the service terminal.
  • the service server may perform binding verification according to the device identifier and the identifier information of the service terminal, where the identifier information of the service terminal may be sent by the service terminal.
  • the online payment is used as an example, or the service server obtains the service from the service terminal at any time after the service terminal logs in to the service server.
  • the identification information of the service terminal where the identification information of the service terminal can uniquely identify the service terminal, and can be an identity identification code of the service terminal.
  • the identifier information can also be a login account of the login service server. .
  • the service server may pre-store the binding relationship between the device identifier of the wearable device and the identification information of the service terminal, and determine whether a binding relationship between the wearable device and a service terminal is established, and the binding relationship is established.
  • the process can be referred to the related content below, and the service server obtains the wearable
  • the device may be configured to check whether the wearable device and the service terminal establish a binding relationship, and if the wearable device is verified, Establishing a binding relationship with the service terminal, determining that the service terminal is a terminal that is commonly used by the user, and further performing a process of sending device relationship confirmation information to the service terminal; and if the wearable device and the service terminal are If it is not bound, the service server may refuse to send device relationship confirmation information to the service terminal.
  • the service terminal may send the binding request information to the service server, where the binding request information may carry the device identifier of the wearable device and the identification information of the service terminal, so that the service server Establishing a binding relationship between the wearable device and the service terminal, for example, the user may send the registration request information to the service server by using the service terminal, where the registration request information may carry the device identifier of the wearable device and the identification information of the service terminal.
  • the service server performs registration processing on the registration request information to associate the wearable device with the service terminal (ie, establish a binding relationship). Further, the service server may establish a binding relationship between the wearable device and the multiple service terminals according to the binding request information, that is, the user may set multiple common service terminals.
  • the service server sends the device relationship confirmation information to the service terminal.
  • the service server may send the device relationship confirmation information to the service terminal, where the device relationship confirmation information may be determining the wearable device and The service terminal is confirmation information of a binding relationship.
  • the service terminal acquires user authentication information of the wearable device by using a short-range communication manner.
  • the service terminal may obtain the user verification information of the wearable device by establishing a data connection with the wearable device, where the user verification information may include a user digital certificate. Or other users pay for verified passwords, passwords, and other information.
  • the user authentication information obtained by the service terminal from the wearable device may be that the wearable device encrypts according to the preset user private key.
  • the obtained user verification information may also be in advance.
  • the service terminal sends a service request to the service server, where the service request includes the service information and the user verification information, and carries the device relationship confirmation information.
  • the service terminal may send a service request to the service server, where the service request may include the service information and the user verification information obtained from the user's wearable device, and carry The device relationship confirmation information, wherein the service information may include payment information such as a transaction order and a payment amount, and may also include login information such as a login account and a login password for logging in to the service server using the user account, and the like.
  • the service information may include payment information such as a transaction order and a payment amount, and may also include login information such as a login account and a login password for logging in to the service server using the user account, and the like.
  • the service server checks the received user authentication information and the device relationship confirmation information, and if the verification is successful, performs service processing on the service request.
  • the user authentication information obtained by the service terminal from the wearable device may be the authentication information that is encrypted by using the preset user private key, and the service server may use the service request after receiving the service request sent by the service terminal. Decrypting the encrypted user authentication information by the user public key corresponding to the user, and verifying the decrypted user authentication information and the device relationship confirmation information carried by the service request respectively, if the decryption is performed If the obtained user authentication information and the device relationship confirmation information are both verified successfully, the service server may perform service processing on the service request, that is, through the service information (such as transaction order, payment amount, and the like) in the service request. Perform subsequent business processing (such as online payment processing, etc.).
  • the service server may perform service processing on the service request, that is, through the service information (such as transaction order, payment amount, and the like) in the service request. Perform subsequent business processing (such as online payment processing, etc.).
  • the processing manner of the foregoing step 207 may further include: the service server decrypts the encrypted user verification information by using the user public key corresponding to the user, and performs the decryption of the user verification information according to the pre-stored reference user verification information. Test.
  • the reference user verification information may be user authentication information that is pre-stored by the user in the service server by using the terminal, and the reference user verification information may include information such as a user digital certificate or a password, password, and the like of other user payment verification.
  • the service server may decrypt the encrypted user verification information by using the user public key corresponding to the user, and obtain the decrypted user verification information, and then the service server. You can extract the device relationship confirmation information carried in the service request and search for the device relationship confirmation information stored in the service server. If you find the service, please If the device relationship confirmation information is found, the binding relationship between the wearable device and the service terminal may be determined. At this time, the service server may extract the user verification information carried in the service request, and pre-stored with the service server. If the user authentication information in the service request is the same as the pre-stored user authentication information, the verification may be successful. In this case, the service server may perform service processing on the service request, otherwise, the verification is performed. Failure, at this point, the business server can refuse to respond to the business request.
  • the service server of the present embodiment performs binding verification according to the identification information of the service terminal and the device identifier of the wearable device sent by the service terminal, and if the verification succeeds, the device relationship confirmation information is sent to the service terminal, and the further service terminal obtains the After the user authentication information of the device is received, the service request is sent to the service server, where the service request includes the service information and the user verification information, and the device relationship confirmation information is carried, and after receiving the service request, the service server The user verification information and the device relationship confirmation information are verified. If the verification is successful, the service request is processed by the service server, and the service server may be sent according to the device identifier of the wearable device of the user and the identification information of the service terminal. The device relationship confirmation information and the verification information stored in the wearable device are verified, so that the business process for the service request is safer and more convenient.
  • FIG. 3 is a schematic flowchart of a security verification method in another embodiment of the present invention.
  • the security verification method described in this embodiment is mainly described from three sides of a wearable device, a service terminal, and a service server.
  • the security verification method in this embodiment may include the following steps:
  • the service terminal acquires third-party verification information of the service server.
  • the service terminal may obtain third-party verification information of the service server, where the third-party verification information may include information such as a digital certificate or a password, a password, and the like for payment verification.
  • the third-party verification information obtained by the service terminal from the service server may be the verification information that the service server encrypts by using the third-party private key, and the service terminal cannot decrypt the third-party verification information, thereby ensuring the The security of the three-party authentication information in the payment transmission process.
  • the service terminal sends the third-party verification information of the service server to the wearable device by using a short-range communication manner.
  • the service terminal may establish the obtained data connection with the wearable device, and the The obtained third party verification information of the service server is sent to the wearable device, and the data connection may be a Bluetooth connection or an NFC connection or the like.
  • the wearable device checks the third-party verification information.
  • the wearable device may perform verification on the third-party verification information, and if the verification is successful, perform a process of sending user verification information to the service terminal; If the verification is unsuccessful, the wearable device may refuse to send the user authentication information to the service terminal.
  • the third party authentication information obtained by the service terminal from the service server may be the authentication information that is encrypted by the service server by using the third-party private key, and the wearable device may use the first corresponding to the service server.
  • the third-party public key decrypts the encrypted third-party verification information, and the third-party verification information obtained by the decryption is verified according to the pre-stored reference third-party verification information, wherein the reference third-party verification information may be a pre-generation generated by the service server.
  • the third-party verification information stored in the wearable device, and the reference third-party verification information may include information such as a digital certificate or a payment verification password, a password, and the like.
  • the wearable device may decrypt the encrypted third-party verification information by using a third-party public key corresponding to the service server, and obtain the decrypted Third-party verification information, and then the service server can compare the decrypted third-party verification information with the pre-stored third-party verification information in the service server, if the decrypted third-party verification information and the pre-stored reference third party If the verification information is the same, you can confirm that the verification is successful, otherwise the verification fails.
  • the user verification information may be sent to the service terminal by using the data connection, where the user verification information may include a user digital certificate or a password for other user payment verification. , password and other information.
  • the user authentication information obtained by the service terminal from the wearable device may be that the wearable device encrypts according to the preset user private key.
  • the obtained user verification information may also be in advance. After the service terminal encrypts or encrypts the service server, and then stores the verification information in the wearable device, the service terminal cannot obtain the user verification information in the process of subsequently obtaining the user verification information and using the user verification information. Line decryption ensures the security of the user authentication information during the payment transmission process.
  • the service terminal sends a service request to the service server, where the service request includes service information and the user verification information.
  • the service terminal sends a service request to the service server, where the service request may include service information and the user verification information, etc., the service request may be a payment request, and the service information may include a transaction order and a payment amount, etc.
  • the information may also include login information such as a login account and a login password for logging in to the service server using the user account, and the like.
  • the service server performs verification on the received user authentication information, and if the verification succeeds, performs service processing on the service request.
  • the service server may perform verification on the user verification information in the service request, and if the verification succeeds, perform service processing on the service request.
  • the user authentication information obtained by the service terminal from the wearable device may be the authentication information that is encrypted by using the preset user private key, and the service server may use the user public key pair corresponding to the user to be encrypted.
  • the user authentication information is decrypted, and the decrypted user verification information is verified according to the pre-stored reference user verification information. If the verification is successful, the service request is processed, that is, the service information in the service request is passed. (such as transaction orders, payment amount and other information), for subsequent business processing (such as online payment processing, etc.); if the verification fails, the business server can directly reject the current business request.
  • the service server may decrypt the encrypted user verification information by using the user public key corresponding to the user, and obtain the decrypted user verification information, and then the service server.
  • the user verification information carried in the service request may be extracted and compared with the reference user verification information pre-stored in the service server. If the user verification information in the service request is the same as the pre-stored reference user verification information, the verification success may be determined.
  • the service server may perform service processing on the service request, otherwise the verification fails. At this time, the service server may refuse to respond to the service request.
  • the wearable device of the embodiment checks the third-party authentication information of the service server sent by the service terminal, and if the verification succeeds, sends the user verification information to the service terminal, and the further service terminal sends a service request to the service server, where the service is sent.
  • the request includes the service information and the user verification information, so that the service server checks the user verification information, and if the verification is successful, the The service request is processed by the service, and the third-party verification information of the service server and the verification information stored in the user's wearable device can be used for verification, so that the service processing for the service request is more secure and convenient.
  • FIG. 4 is a schematic flowchart of a security verification method in another embodiment of the present invention.
  • the security verification method described in this embodiment is described in detail by using an online payment process as an example, mainly from a wearable device, a service terminal, and a service server.
  • the service terminal in this embodiment is a payment terminal, and the service server is a payment server.
  • the security verification method in this embodiment may include the following steps:
  • the payment terminal performs a Bluetooth device search to establish a Bluetooth connection with the wearable device.
  • the payment terminal can perform a Bluetooth device search to establish a Bluetooth connection with a user's wearable device such as a smart bracelet, a smart wristband, a smart watch, smart glasses, or various smart accessory devices, wherein the payment terminal can be a personal computer or a tablet.
  • a user's wearable device such as a smart bracelet, a smart wristband, a smart watch, smart glasses, or various smart accessory devices, wherein the payment terminal can be a personal computer or a tablet.
  • the wearable device has enabled the Bluetooth function, that is, in a searchable state, when the user initiates an online payment request through the payment terminal, the payment terminal may perform a Bluetooth device search and perform Bluetooth pairing with the wearable device. Thereby establishing a Bluetooth connection with the wearable device.
  • the payment terminal may also establish a Bluetooth connection with the wearable device according to a Bluetooth identification code of the wearable device pre-stored in the payment terminal.
  • the payment terminal acquires the device identifier of the wearable device from the wearable device by using the Bluetooth connection.
  • the device identifier of the wearable device may be obtained from the wearable device by using the Bluetooth connection, where the device identifier uniquely identifies the wearable device, and may be the wearable device Identification code, etc.
  • the payment terminal sends the device identifier of the wearable device to a payment server.
  • the payment server performs binding verification according to the device identifier of the wearable device and the identifier information of the payment terminal.
  • the payment server may perform binding verification according to the device identifier of the received wearable device and the identification information of the payment terminal. If the verification is passed, the payment server may determine that the payment terminal is a terminal commonly used by the user, and then perform the The payment terminal sends a device relationship confirmation information processing process; if the verification fails, the payment server may refuse to send the device relationship to the payment terminal. Recognize information.
  • the identification information of the payment terminal may be a login account of the login payment server, and may be an identity identification code of the payment terminal.
  • the identifier information may also be a login account of the login payment server.
  • the identification information of the payment terminal may be the identification information that is sent to the payment server when the payment device sends the device identifier of the wearable device.
  • the online payment is used as an example, and the identifier information of the payment terminal may also be in the service terminal. At any time after logging in to the service server, the service server obtains the identification information of the service terminal from the service terminal.
  • the service terminal may send the binding request information to the service server, where the binding request information may carry the device identifier of the wearable device and the identification information of the service terminal, so that the service server Establishing a binding relationship between the wearable device and the service terminal, for example, the user may send the registration request information to the payment server by using the payment terminal, where the registration request information may carry the device identifier of the wearable device and the identification information of the service terminal.
  • the payment server performs registration processing on the registration request information to associate the wearable device with the payment terminal.
  • the service server may establish a binding between the wearable device and the multiple payment terminals according to the binding request information, that is, the service server may set multiple common service terminals for the user.
  • the payment server may send the device relationship confirmation information to the payment terminal, where the device relationship confirmation information may be determining the wearable device and The payment terminal is information of a binding relationship.
  • the payment terminal acquires third-party verification information of the payment server.
  • the payment terminal may further obtain third-party verification information of the payment server, where the third-party verification information may include a digital certificate or a password, password, and the like for verification.
  • the third-party verification information obtained by the payment terminal from the payment server may be the verification information that the payment server encrypts using the third-party private key, and the payment terminal cannot decrypt the third-party verification information, thereby ensuring the The security of the three-party authentication information in the payment transmission process.
  • the payment terminal sends third-party verification information of the payment server to the wearable device.
  • the payment terminal can set the obtained payment server by establishing a Bluetooth connection
  • the three-party authentication information is sent to the wearable device.
  • the wearable device decrypts and verifies the third-party verification information by using a third-party public key.
  • the wearable device may perform verification on the third-party verification information, and if the verification is successful, perform a process of sending user verification information to the payment terminal; If the verification is unsuccessful, the wearable device may refuse to send the user authentication information to the payment terminal.
  • the third party authentication information obtained by the payment terminal from the service server may be encrypted by using the third party private key, and the wearable device may use the third party corresponding to the payment server.
  • the key decrypts the encrypted third-party verification information, and verifies the decrypted third-party verification information according to the pre-stored reference third-party verification information.
  • the wearable device may decrypt the encrypted third-party verification information by using a third-party public key corresponding to the payment server, and obtain the decrypted Third-party verification information, and then the payment server can compare the decrypted third-party verification information with the pre-stored third-party verification information in the payment server, if the decrypted third-party verification information and the pre-stored reference third party If the verification information is the same, you can confirm that the verification is successful, otherwise the verification fails.
  • the user verification information may be sent to the payment terminal through the data connection, where the user verification information may include a password of the user digital certificate or other user payment verification. , password and other information.
  • the user authentication information obtained by the payment terminal from the wearable device may be that the wearable device encrypts according to the preset user private key.
  • the obtained user verification information may also be After the service terminal encrypts or encrypts the service server, and then stores the verification information in the wearable device, the payment terminal cannot decrypt the user verification information in the process of acquiring the user verification information and using the user verification information. The security of the user authentication information during the payment transmission process.
  • the payment terminal sends a payment request to the payment server, where the payment request includes payment information and the user verification information, and carries the device relationship confirmation information.
  • the payment terminal sends a payment request to the payment server, where the payment request may include payment information and the user verification information, etc., and the payment information may be a transaction order, a payment amount, and the like.
  • the payment server performs verification on the received user verification information, and if the verification is successful, performs payment processing on the payment request.
  • the payment server may verify the user verification information in the payment request, and if the verification is successful, perform payment processing on the payment request.
  • the user authentication information obtained by the payment terminal from the wearable device may be the authentication information encrypted by the preset user private key, and the payment server may encrypt the user public key corresponding to the user.
  • the user authentication information is decrypted, and the decrypted user verification information is verified according to the pre-stored reference user verification information. If the verification is successful, the payment request is processed, that is, the service information in the service request is passed. (such as transaction orders, payment amount and other information), for subsequent business processing (such as online payment processing, etc.). If the verification fails, the payment server can directly reject the payment request.
  • the device may also carry the device relationship confirmation information, and the corresponding process may be: the payment server performs verification on the received user verification information and the device relationship confirmation information, and if the verification is successful, The payment request performs business processing.
  • the payment server may decrypt the encrypted user verification information by using the user public key corresponding to the user, and obtain the decrypted user verification information, and then the payment server.
  • the device relationship confirmation information carried in the payment request may be extracted, and the device relationship confirmation information pre-stored in the payment server is searched for, and if the device relationship confirmation information in the payment request is found, the wearable device and the payment terminal may be determined. The binding relationship is established.
  • the payment server can extract the user verification information carried in the payment request, and compare with the pre-stored reference user verification information in the payment server, if the user verification information in the payment request and the pre-stored reference If the user authentication information is the same, the verification succeeds.
  • the payment server may perform service processing on the payment request, otherwise the verification fails.
  • the payment server may refuse to respond to the payment request.
  • the payment terminal of the embodiment establishes a Bluetooth connection with the wearable device of the user, and sends the device identifier of the wearable device acquired through the Bluetooth connection to the payment server, and then the payment server according to the device of the wearable device Identification and payment terminal identification information return device relationship confirmation
  • the information, the wearable device checks the third-party verification information of the payment server sent by the payment terminal, and if the verification succeeds, sends the user verification information to the payment terminal, and the further payment terminal sends a payment request to the payment server, where the payment request is And including the payment information and the user verification information, and carrying the device relationship confirmation information, so that the payment server checks the user verification information and the device relationship confirmation information, and if the verification is successful, the payment is performed.
  • the payment processing is requested, and the payment verification by using the third-party verification information of the payment server and the verification information stored in the user's wearable device makes the online payment more secure and convenient.
  • FIG. 5 is a schematic structural diagram of a service terminal according to an embodiment of the present invention.
  • the service terminal in the embodiment of the present invention may include an Internet device such as a personal computer, a tablet computer, a smart phone, an e-reader, and an in-vehicle terminal, and may use the user.
  • the account is logged in to the service server to perform the online payment service.
  • the service terminal 500 in this embodiment may include:
  • the first receiving unit 510 is configured to acquire user authentication information pre-stored in the wearable device from a wearable device of the user by using a short-range communication manner, where the wearable device may include a smart bracelet, a smart wristband, and an intelligent device.
  • the user authentication information may include a user digital certificate or a password, a password, and the like of the user's payment verification, such as a watch, smart glasses, or various smart accessories devices.
  • the service terminal may initiate a short-distance communication connection with the wearable device according to the payment instruction input by the user, which may be a Bluetooth connection, a NFC (Near Field Communication) connection, etc., for example, when the user clicks
  • the service terminal turns on the Bluetooth function and performs the Bluetooth device search.
  • the user wearable device keeps the Bluetooth enabled state by default, and the Bluetooth connection with the wearable device can be automatically established after the service terminal searches for the user's wearable device.
  • the first receiving unit 510 can obtain the user verification information pre-stored in the wearable device from the wearable device by using the established short-range communication connection.
  • the user authentication information may include a user digital certificate or a password, a password, and the like of other user payment verification.
  • the user authentication information obtained by the service terminal from the wearable device may be that the wearable device encrypts according to the preset user private key.
  • the obtained user verification information may also be in advance. After the service terminal encrypts or encrypts the service server, and further stores the verification information in the wearable device, the service terminal cannot decrypt the user verification information in the process of acquiring the user verification information and using the user verification information. Guaranteed the user's test The security of the information in the payment transmission process.
  • the second sending unit 520 is configured to send a service request to the service server, where the service request includes the service information and the user verification information received by the first receiving unit 510, so that the service server verifies the user information. The verification is performed. If the verification is successful, the service server performs service processing on the service request.
  • the service request may be a payment request
  • the service information may include payment information such as a transaction order and a payment amount, and may also include login information such as a login account and a login password for logging in to the service server using the user account. and many more.
  • the first receiving unit 510 is further configured to perform short-range communication before acquiring user authentication information pre-stored in the wearable device from the wearable device of the user by using the short-range communication manner. Obtaining a device identifier of the wearable device, where the device identifier uniquely identifies the wearable device, and may be an identifier of the wearable device, and the like;
  • the second sending unit 520 is further configured to send the device identifier of the wearable device acquired by the first receiving unit 510 to the service server, so that the service server according to the device identifier and the service The identification information of the terminal is verified by binding;
  • the identification information of the service terminal may be the same as the service terminal, and may be an identity identification code of the service terminal.
  • the identifier information may also be a login account of the login service server.
  • the identification information of the service terminal may be the identification information that is sent to the service server when the service terminal sends the device identifier of the wearable device.
  • the online payment is used as an example, and the identification information of the service terminal may also be in the service terminal.
  • the service server obtains the identification information of the service terminal from the service terminal.
  • the service terminal 500 further includes:
  • the second receiving unit 530 is configured to obtain device relationship confirmation information from the service server when the binding verification by the service server is passed;
  • the service request further includes the device relationship confirmation information
  • the second sending unit 520 is further configured to send, to the service server, a service request that carries the device relationship confirmation information received by the second receiving unit 530.
  • the service server performs verification on the user authentication information and the device relationship confirmation information, and if the verification is successful, performs service processing on the service request.
  • the service terminal 500 further includes:
  • a first sending unit 540 configured to send third-party verification information of the service server to the wearable device by using a short-range communication manner, so that the wearable device performs verification on the third-party verification information, where
  • the third-party verification information may include a digital certificate or a password, a password, and the like for verifying the verification;
  • the first receiving unit 510 acquires the user verification information from the wearable device by using a close communication method when the wearable device successfully verifies the third party verification information.
  • the first sending unit 540 sends the third-party authentication information to the wearable device to be encrypted by using the third-party private key by the service server;
  • the verifying, by the wearable device, the third-party verification information includes:
  • the wearable device decrypts the encrypted third-party verification information by using a third-party public key corresponding to the service server, and performs verification on the decrypted third-party verification information according to the pre-stored reference third-party verification information. .
  • the first receiving unit 510 acquires user authentication information pre-stored in the wearable device from the user's wearable device as authentication information encrypted by the user private key, where the user verification information
  • the information may be encrypted by the wearable device according to the preset user private key, or may be verified by the service terminal encryption or the service server, and then stored in the wearable device, and the service terminal 500 obtains the user verification subsequently.
  • the information and the use of the user verification information cannot decrypt the user verification information, thereby ensuring the security of the user verification information in the payment transmission process;
  • the verifying, by the service server, the user verification information includes:
  • the service server decrypts the encrypted user verification information by using the user public key corresponding to the user, and performs verification of the decrypted user verification information according to the pre-stored reference user verification information.
  • the service terminal further includes:
  • a Bluetooth search unit 550 configured to perform a Bluetooth device search, thereby establishing a Bluetooth connection with the wearable device
  • the wearable device has enabled the Bluetooth function by default, that is, when the user can initiate the online service request through the service terminal, the Bluetooth search unit 550 can perform the Bluetooth device search and perform the Bluetooth device search with the wearable device.
  • Bluetooth pairing to establish a Bluetooth connection with the wearable device
  • the Bluetooth search unit 550 can also establish a Bluetooth connection with the wearable device according to the Bluetooth identification code of the wearable device pre-stored in the payment terminal.
  • the service terminal of the embodiment obtains user authentication information pre-stored in the wearable device from the wearable device of the user, and sends a service request to the service server, where the service request includes the service information and the user verification information.
  • the service server In order to enable the service server to verify the user verification information, if the verification is successful, perform service processing on the service request, and perform verification by using the verification information stored in the user's wearable device, so that Business processing of business requests is safer and more convenient.
  • FIG. 6 is a schematic structural diagram of a service terminal according to another embodiment of the present invention.
  • the service terminal 600 may include: at least one processor 601, such as a CPU, at least one network interface 603, a memory 604, and a communication bus. 602.
  • the communication bus 602 is used to implement connection communication between these components.
  • the first network interface 603 of the service terminal 600 in the embodiment of the present invention may include a standard wired interface, a wireless interface (such as a WI-FI interface), and is used for communicating with a server through the Internet, and the second network interface 605 may be a close communication.
  • a network interface such as a Bluetooth connection interface or an NFC interface, for communicating with the wearable device.
  • the memory 604 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory.
  • the memory 604 can optionally also be at least one storage device located remotely from the aforementioned processor 601.
  • a set of program codes is stored in the memory 604, and the processor 601 is configured to call the program code stored in the memory 604 for performing the following operations:
  • the short-range communication manner may include a Bluetooth connection or NFC, etc., for example, when the user clicks After the "confirm payment", the service terminal turns on the Bluetooth function and performs the Bluetooth device search.
  • the user wearable device keeps the Bluetooth enabled state by default, and the Bluetooth connection with the wearable device can be automatically established after the service terminal searches for the user's wearable device;
  • processor 601 invoking the program code stored in the memory 604 may also perform the following operations:
  • the service terminal obtains the device relationship confirmation information from the service server, where the identification information of the service terminal can uniquely identify the service terminal, and can be an identity identification code of the service terminal, etc., optionally, the identifier
  • the information can also be the login account of the login service server.
  • the identification information of the service terminal may be the identification information that is sent to the service server when the service terminal sends the device identifier of the wearable device.
  • the online payment is used as an example, and the identification information of the service terminal may also be in the service terminal.
  • the service server obtains the identification information of the service terminal from the service terminal at any time after the login to the service server;
  • the device relationship confirmation information is carried, so that the service server checks the user verification information and the device relationship confirmation information, and if both are verified Upon success, the business request is processed.
  • the processor 601 calls the program code stored in the memory 604 to obtain the user verification information pre-stored in the wearable device from the wearable device of the user through the second network interface 605, specifically:
  • processor 601 invoking the program code stored in the memory 604 may also perform the following operations:
  • a Bluetooth device search is performed to establish a Bluetooth connection with the wearable device.
  • the service terminal introduced in this embodiment may be used to implement some or all of the processes in the security verification method embodiment introduced in the foregoing with reference to FIG. 1 to FIG.
  • the wearable device 700 in this embodiment may include:
  • the sending unit 710 is configured to send the user verification information pre-stored in the wearable device to the service terminal by using a short-range communication manner, so that the service terminal sends a service request to the service server, where the service request may be Including the service information and the user verification information, the service information may include payment information such as a transaction order and a payment amount, and may also include login information such as a login account and a login password for logging in to the service server using a user account.
  • the user authentication information may include a user digital certificate or a password, a password, and the like of the user payment verification, and the service server performs verification on the user verification information, and if the verification succeeds, performs service on the service request. deal with.
  • the sending unit 710 is further configured to send the user verification information pre-stored in the wearable device to the service terminal by using a short-range communication manner.
  • the service terminal sends the device identifier of the wearable device, where the device identifier uniquely identifies the wearable device, and may be an identifier of the wearable device, etc., so that the service terminal will be the wearable device
  • the device identifier is sent to the service server, and the service server performs binding verification according to the device identifier and the identification information of the service terminal, and if the verification succeeds, sends device relationship confirmation information to the service terminal, where the service terminal
  • the device relationship confirmation information is carried, so that the service server checks the user verification information and the device relationship confirmation information, and if the verification is successful, the service is Request for business processing.
  • the wearable device 700 further includes:
  • the receiving unit 720 is configured to obtain third-party verification information of the service server that is sent by the service terminal by using a short-distance communication method, where the third-party verification information may include a digital certificate or a password, a password, and the like for verifying the payment;
  • the verification unit 730 is configured to check the third-party verification information. If the verification is successful, the sending unit 710 is notified to send the user verification information to the service terminal by using a short-range communication manner.
  • the third-party authentication information is encrypted by using the third-party private key by the service server;
  • the verification unit 730 is configured to decrypt the encrypted third-party verification information by using a third-party public key corresponding to the service server, and decrypt the obtained third-party verification information according to the pre-stored reference third-party verification information. Check it out.
  • the wearable device of the embodiment may send user authentication information to the service terminal, so that the service server checks the user authentication information sent by the service terminal, and if the verification succeeds, performs service on the service request sent by the service terminal. Processing makes the process of business processing safer and more convenient.
  • FIG. 8 is a schematic structural diagram of a wearable device according to another embodiment of the present invention.
  • the wearable device 800 may include: at least one processor 801, such as a CPU, at least one network interface 803, and a memory 804.
  • Communication bus 802. the communication bus 802 is used to implement connection communication between these components.
  • the network interface 803 of the wearable device 800 in the embodiment of the present invention may include a short-range communication network interface for communicating with the server through the Internet.
  • the memory 804 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory.
  • the memory 804 can also optionally be at least one storage device located remotely from the aforementioned processor 801.
  • a set of program codes is stored in the memory 804, and the processor 801 is configured to call the program code stored in the memory 804 for performing the following operations:
  • the network interface 803 Transmitting, by the network interface 803, the user authentication information pre-stored in the wearable device to the service terminal in a short-range communication manner, so that the service terminal sends a service request to the service server, where the service request may include service information.
  • the service server checks the user verification information, and if the verification is successful, performs service processing on the service request.
  • processor 801 invoking the program code stored in the memory 804 may also perform the following operations:
  • the device identifier of the wearable device is sent to the service terminal in a short-distance communication manner, so that The service terminal sends the device identifier of the wearable device to the service server, and the service server performs binding verification according to the device identifier and the identification information of the service terminal, and if the verification passes, the service is sent to the service.
  • the terminal sends device relationship confirmation information, When the service terminal sends a service request to the service server, the device relationship confirmation information is carried, so that the service server checks the user verification information and the device relationship confirmation information, and if the verification is successful, the device The business request is for business processing.
  • the processor 801 calls the program code stored in the memory 804 to send the user verification information pre-stored in the wearable device to the service terminal through the network interface 803, which is specifically:
  • the third-party verification information is verified by the network interface 803. If the verification is successful, the pre-stored user verification information is sent to the service terminal in a short-distance communication manner.
  • the third-party verification information is encrypted by using the third-party private key by the service server, and the processor 801 performs verification on the third-party verification information, specifically:
  • the encrypted third-party authentication information is decrypted by using a third-party public key corresponding to the service server, and the decrypted third-party verification information is verified according to the pre-stored reference third-party verification information.
  • the wearable device introduced in this embodiment may be used to implement some or all of the processes in the security verification method embodiment introduced in the foregoing with reference to FIG. 1 to FIG.
  • FIG. 9 is a schematic structural diagram of a security verification system according to an embodiment of the present invention.
  • the security verification system in the embodiment of the present invention includes a service terminal 901, a wearable device 902, and a service server 903, where:
  • the service terminal 901 communicates with the wearable device 902 in a short-range communication manner, and is configured to acquire, from the wearable device 902, user authentication information pre-stored in the wearable device 902, to the service server.
  • 903 Send a service request, where the service request includes service information and the user verification information;
  • the service server 903 is configured to perform verification on the user verification information, and if the verification is successful, perform service processing on the service request.
  • the service terminal 901 is further configured to acquire the wearable before acquiring the user verification information pre-stored in the wearable device 902 from the wearable device 902 of the user.
  • the device identifier of the device 902, the device identifier of the wearable device 902 is sent to the service server 903;
  • the service server 903 is further configured to perform binding verification according to the device identifier and the identifier information of the service terminal, and send the device relationship confirmation information to the service terminal 901 if the verification succeeds;
  • the service terminal 901 carries the device relationship confirmation information when the service request is sent to the service server 903, and the service server 903 checks the user verification information and the device relationship confirmation information. Then, the business request is processed.
  • the obtaining, by the service terminal 901, the user verification information pre-stored in the wearable device 902 from the wearable device 902 of the user includes:
  • the service terminal 901 acquires the third party verification information of the service server 903 and sends the third party verification information of the service server 903 to the wearable device 902;
  • the wearable device 902 is configured to check the third-party verification information, and if the verification is successful, send the pre-stored user verification information to the service terminal 901.
  • the third-party authentication information sent by the service terminal 901 to the wearable device 902 is encrypted by using the third-party private key by the service server 903;
  • the verification of the third-party verification information by the wearable device 902 includes:
  • the wearable device 902 decrypts the encrypted third-party verification information by using a third-party public key corresponding to the service server 903, and performs decrypted third-party verification information according to the pre-stored reference third-party verification information. check.
  • the service terminal 901 obtains user authentication information pre-stored in the wearable device 902 from the wearable device 902 of the user as being encrypted by the user private key;
  • the verifying the user verification information by the service server 903 includes:
  • the service server 903 decrypts the encrypted user verification information by using the user public key corresponding to the user, and verifies the decrypted user verification information according to the pre-stored reference user verification information.
  • the short-range communication mode may include a Bluetooth connection or NFC, etc., for example, after the user clicks “confirm payment”, the service terminal turns on the Bluetooth function and performs a Bluetooth device search, and the user wearable device keeps the Bluetooth by default. In the on state, the Bluetooth connection to the wearable device can be automatically established after the service terminal searches for the user's wearable device.
  • the service terminal 901 is further configured to perform a Bluetooth device search before acquiring the user verification information pre-stored in the wearable device 902 from the wearable device 902 of the user, thereby The wearable device 902 establishes a Bluetooth connection.
  • the service server of the embodiment can verify the user authentication information stored in the wearable device of the user sent by the service terminal, and if the verification succeeds, perform service processing on the service request sent by the service terminal, so that the process of the service processing is further Safe and convenient.
  • FIG. 10 is a schematic structural diagram of a secure payment system according to an embodiment of the present invention.
  • the security verification system in the embodiment of the present invention includes a payment terminal 1001, a wearable device 1002, and a payment server 1003, where:
  • the payment terminal 1001 communicates with the wearable device 1002 in a short-range communication manner, and is configured to acquire, from the wearable device 1002, user authentication information pre-stored in the wearable device 1002, to the payment server. 1003. Send a payment request, where the payment request includes payment information and the user verification information;
  • the payment server 1003 is configured to check the user verification information, and if the verification is successful, perform payment processing on the payment request.
  • the payment terminal 1001 is configured to acquire the device of the wearable device 1002 before acquiring the user verification information pre-stored in the wearable device 1002 from the wearable device 1002 of the user. Identifying, sending the device identifier of the wearable device 1002 to the payment server 1003;
  • the payment server 1003 is further configured to perform binding verification according to the device identifier and the identifier information of the payment terminal, and send the device relationship confirmation information to the payment terminal 1001 if the verification succeeds;
  • the payment terminal 1001 carries the device relationship confirmation information when the payment request is sent to the payment server 1003, and the payment server 1003 checks the user verification information and the device relationship confirmation information. Then, payment processing is performed on the payment request.
  • the obtaining, by the payment terminal 1001, the user verification information pre-stored in the wearable device 1002 from the wearable device 1002 of the user includes:
  • the payment terminal 1001 obtains the third party verification information of the payment server 1003 and sends the third party verification information of the payment server 1003 to the wearable device 1002;
  • the wearable device 1002 is configured to check the third-party verification information, and if the verification is successful, send the pre-stored user verification information to the payment terminal 1001.
  • the third-party verification information sent by the payment terminal 1001 to the wearable device 1002 is encrypted by the payment server 1003 using a third-party private key;
  • the verification of the third-party verification information by the wearable device 1002 includes:
  • the wearable device 1002 decrypts the encrypted third-party verification information by using a third-party public key corresponding to the payment server 1003, and performs decrypted third-party verification information according to the pre-stored reference third-party verification information. check.
  • the short-range communication mode may include a Bluetooth connection or NFC, etc., for example, after the user clicks “confirm payment”, the service terminal turns on the Bluetooth function and performs a Bluetooth device search, and the user wearable device keeps the Bluetooth by default. In the on state, the Bluetooth connection to the wearable device can be automatically established after the service terminal searches for the user's wearable device.
  • the payment terminal 1001 obtains user authentication information pre-stored in the wearable device 1002 from the wearable device 1002 of the user as being encrypted by the user private key;
  • the verifying, by the payment server 1003, the user verification information includes:
  • the payment server 1003 decrypts the encrypted user verification information by using the user public key corresponding to the user, and verifies the decrypted user verification information according to the pre-stored reference user verification information.
  • the payment terminal 1001 is further configured to perform a Bluetooth device search before acquiring the user verification information pre-stored in the wearable device 1002 from the wearable device 1002 of the user, thereby The wearable device 1002 establishes a Bluetooth connection.
  • the payment server of the embodiment can verify the user verification information stored in the wearable device of the user sent by the payment terminal, and if the verification succeeds, perform payment processing on the payment request sent by the payment terminal, so that the online payment is safer and more convenient. .
  • FIG. 11 is a schematic structural diagram of a service terminal according to an embodiment of the present application.
  • the service terminal may be used to implement the security verification method provided in the foregoing embodiment. Specifically:
  • the service terminal 2000 may include a communication unit 2110, a memory 2120 including one or more computer readable storage media, an input unit 2130, a display unit 2140, a sensor 2150, an audio circuit 2160, and a WIFI (Wireless Fidelity) module 2170. Including one or One or more processing core processor 2180, and power supply 2190 and other components. It will be understood by those skilled in the art that the service terminal structure shown in the figure does not constitute a limitation of the service terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements. among them:
  • the communication unit 2110 can be used for transmitting and receiving information or receiving and transmitting signals during a call.
  • the communication unit 2110 can be an RF (Radio Frequency) circuit, a router, a modem, or the like.
  • RF circuits as communication units include, but are not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, and a LNA (Low Noise Amplifier, low).
  • SIM Subscriber Identity Module
  • the communication unit 2110 can also communicate with the network and other devices through wireless communication.
  • the wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System of Mobile communication), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access). , Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), e-mail, SMS (Short Messaging Service), and the like.
  • the memory 2120 can be used to store software programs and modules, and the processor 2180 executes various functional applications and data processing by running software programs and modules stored in the memory 2120.
  • the memory 2120 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to Data created by the use of the business terminal 2000 (such as audio data, phone book, etc.).
  • memory 2120 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 2120 can also include a memory controller to provide access to the memory 2120 by the processor 2180 and the input unit 2130.
  • the input unit 2130 can be configured to receive input numeric or character information and to generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function controls.
  • the input unit 2130 can include a touch-sensitive surface 2131 as well as other input devices 2132.
  • Touch-sensitive surface 2131 also referred to as a touch display or trackpad, can collect touch operations on or near the user (eg, the user uses a finger, stylus, etc., on any suitable object or accessory on touch-sensitive surface 2131 or The operation near the touch-sensitive surface 2131) and driving the corresponding connecting device according to a preset program.
  • the sensitive surface 2131 can include two portions of a touch detection device and a touch controller.
  • the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
  • the processor 2180 is provided and can receive commands from the processor 2180 and execute them.
  • the touch sensitive surface 2131 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves.
  • the input unit 2130 can also include other input devices 2132.
  • other input devices 2132 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
  • the display unit 2140 can be used to display information entered by the user or information provided to the user and various graphical user interfaces of the service terminal 2000, which can be composed of graphics, text, icons, video, and any combination thereof.
  • the display unit 2140 may include a display panel 2141.
  • the display panel 2141 may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like.
  • the touch-sensitive surface 2131 can cover the display panel 2141, and when the touch-sensitive surface 2131 detects a touch operation thereon or nearby, it is transmitted to the processor 2180 to determine the type of the touch event, and then the processor 2180 according to the touch event The type provides a corresponding visual output on the display panel 2141.
  • touch-sensitive surface 2131 and display panel 2141 are implemented as two separate components to implement input and input functions, in some embodiments, touch-sensitive surface 2131 can be integrated with display panel 2141 for input. And output function.
  • the service terminal 2000 can also include at least one type of sensor 2150, such as a light sensor, motion sensor, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 2141 according to the brightness of the ambient light, and the proximity sensor may close the display panel 2141 and/or when the service terminal 2000 moves to the ear.
  • Backlighting As a kind of motion sensor, the gravity acceleration sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity.
  • the gesture of the mobile phone can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; as for the business terminal 2000 can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, here No longer.
  • An audio circuit 2160, a speaker 2161, and a microphone 2162 can provide an audio interface between the user and the service terminal 2000.
  • the audio circuit 2160 can transmit the converted electrical data of the received audio data to the speaker 2161, and convert it into a sound signal output by the speaker 2161; on the other hand, the microphone 2162
  • the collected sound signal is converted into an electrical signal, which is received by the audio circuit 2160 and converted into audio data, and then processed by the audio data output processor 2180, sent to the other service terminal via the RF circuit 2110, or output the audio data.
  • the audio circuit 2160 may also include an earbud jack to provide communication of the peripheral earphones with the service terminal 2000.
  • the service terminal may be configured with a wireless communication unit 2170, which may be a WIFI module.
  • WIFI is a short-range wireless transmission technology.
  • the service terminal 2000 can help users to send and receive emails, browse web pages, and access streaming media through the wireless communication unit 2170, which provides wireless broadband Internet access for users.
  • the wireless communication unit 2170 is shown in the drawing, it can be understood that it does not belong to the essential configuration of the service terminal 2000, and may be omitted as needed within the scope of not changing the essence of the disclosure.
  • the processor 2180 is the control center of the service terminal 2000, which connects various portions of the entire handset using various interfaces and lines, by running or executing software programs and/or modules stored in the memory 2120, and recalling data stored in the memory 2120.
  • the various functions and processing data of the service terminal 2000 are executed to perform overall monitoring of the mobile phone.
  • the processor 2180 may include one or more processing cores; preferably, the processor 2180 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
  • the modem processor primarily handles wireless communications. It can be understood that the above modem processor may not be integrated into the processor 2180.
  • the service terminal 2000 further includes a power source 2190 (such as a battery) for supplying power to various components.
  • the power source can be logically connected to the processor 2180 through a power management system to manage functions such as charging, discharging, and power management through the power management system.
  • the power supply 2190 may also include any one or more of a DC or AC power source, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
  • the service terminal 2000 may further include a camera, a Bluetooth module, and the like, and details are not described herein.
  • the service terminal includes a memory, and one or more programs, wherein one or more programs are stored in the memory and configured to execute the one or more programs by one or more processors Instructions for doing the following:
  • the method before the obtaining the user verification information pre-stored in the wearable device from the wearable device of the user by using the short-range communication manner, the method further includes:
  • the sending a service request to the service server includes:
  • the obtaining the user verification information pre-stored in the wearable device from the wearable device of the user by using the short-range communication manner includes:
  • the short-range communication mode includes a Bluetooth mode or an NFC mode.
  • the method before the obtaining the user verification information pre-stored in the wearable device from the wearable device of the user by using the short-range communication manner, the method further includes:
  • a Bluetooth device search is performed to establish a Bluetooth connection with the wearable device.
  • the service terminal of the embodiment obtains user authentication information pre-stored in the wearable device from the wearable device of the user, and sends a service request to the service server, where the service request includes the service information and the user verification information.
  • the service server In order to enable the service server to verify the user verification information, if the verification is successful, perform service processing on the service request, and perform verification by using the verification information stored in the user's wearable device, so that Business processing of business requests is safer and more convenient.
  • FIG. 12 is a schematic structural diagram of a wearable device according to an embodiment of the present application.
  • the wearable device can be used to implement the security verification method provided in the foregoing embodiment. Specifically:
  • the wearable device 3000 can include a communication unit 3110 including one or more computers A memory 3120 of a readable storage medium, an input unit 3130, a display unit 3140, a sensor 3150, an audio circuit 3160, a WIFI (Wireless Fidelity) module 3170, a processor 3180 including one or more processing cores, and a power supply 3190 and other components.
  • a communication unit 3110 including one or more computers
  • a memory 3120 of a readable storage medium an input unit 3130, a display unit 3140, a sensor 3150, an audio circuit 3160, a WIFI (Wireless Fidelity) module 3170, a processor 3180 including one or more processing cores, and a power supply 3190 and other components.
  • WIFI Wireless Fidelity
  • the communication unit 3110 can be used for transmitting and receiving information and receiving and transmitting signals during a call.
  • the communication unit 3110 can be an RF (Radio Frequency) circuit, a router, a modem, or the like.
  • RF circuits as communication units include, but are not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, and a LNA (Low Noise Amplifier, low).
  • SIM Subscriber Identity Module
  • the communication unit 3110 can also communicate with the network and other devices through wireless communication.
  • the wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System of Mobile communication), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access). , Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), e-mail, SMS (Short Messaging Service), and the like.
  • the memory 3120 can be used to store software programs and modules, and the processor 3180 executes various functional applications and data processing by running software programs and modules stored in the memory 3120.
  • the memory 3120 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to Data created by the use of the wearable device 3000 (such as audio data, phone book, etc.), and the like.
  • memory 3120 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, memory 3120 can also include a memory controller to provide access to memory 3120 by processor 3180 and input unit 3130.
  • the input unit 3130 can be configured to receive input numeric or character information and to generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function controls.
  • the input unit 3130 can include a touch-sensitive surface 3131 as well as other input devices 3132.
  • Touch sensitive surface 3131 Also known as a touch display or trackpad, it can collect touch operations on or near the user (eg, the user uses a finger, stylus, etc., any suitable object or accessory on or near the touch-sensitive surface 3131) Operation) and drive the corresponding connection device according to a preset program.
  • the touch sensitive surface 3131 can include two portions of a touch detection device and a touch controller.
  • the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
  • the processor 3180 is provided and can receive commands from the processor 3180 and execute them.
  • the touch sensitive surface 3131 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves.
  • the input unit 3130 can also include other input devices 3132.
  • other input devices 3132 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
  • Display unit 3140 can be used to display information entered by the user or information provided to the user and various graphical user interfaces of wearable device 3000, which can be composed of graphics, text, icons, video, and any combination thereof.
  • the display unit 3140 may include a display panel 3141.
  • the display panel 3141 may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like.
  • the touch-sensitive surface 3131 can cover the display panel 3141, and when the touch-sensitive surface 3131 detects a touch operation thereon or nearby, it is transmitted to the processor 3180 to determine the type of the touch event, and then the processor 3180 according to the touch event The type provides a corresponding visual output on display panel 3141.
  • touch-sensitive surface 3131 and display panel 3141 are implemented as two separate components to implement input and input functions, in some embodiments, touch-sensitive surface 3131 can be integrated with display panel 3141 to effect input. And output function.
  • the wearable device 3000 can also include at least one type of sensor 3150, such as a light sensor, motion sensor, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 3141 according to the brightness of the ambient light, and the proximity sensor may close the display panel 3141 and/or when the wearable device 3000 moves to the ear. Or backlight.
  • the gravity acceleration sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity. It can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.
  • other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor, etc. This will not be repeated here.
  • An audio circuit 3160, a speaker 3161, and a microphone 3162 can provide an audio interface between the user and the wearable device 3000.
  • the audio circuit 3160 can transmit the converted electrical data of the received audio data to the speaker 3161, and convert it into a sound signal output by the speaker 3161; on the other hand, the microphone 3162 converts the collected sound signal into an electrical signal, by the audio circuit 3160. After receiving, it is converted into audio data, and then processed by the audio data output processor 3180, transmitted to the, for example, another wearable device via the RF circuit 3110, or outputted to the memory 3120 for further processing.
  • the audio circuit 3160 may also include an earbud jack to provide communication of the peripheral earphones with the wearable device 3000.
  • the wearable device may be configured with a wireless communication unit 3170, which may be a WIFI module.
  • WIFI belongs to short-range wireless transmission technology, and the wearable device 3000 can help users to send and receive emails, browse web pages, and access streaming media through the wireless communication unit 3170, which provides wireless broadband Internet access for users.
  • the wireless communication unit 3170 is shown in the drawings, it can be understood that it does not belong to the essential configuration of the wearable device 3000, and may be omitted as needed within the scope of not changing the essence of the disclosure.
  • the processor 3180 is the control center of the wearable device 3000, connecting various portions of the entire handset with various interfaces and lines, by running or executing software programs and/or modules stored in the memory 3120, and recalling stored in the memory 3120. Data, performing various functions and processing data of the wearable device 3000, thereby performing overall monitoring of the mobile phone.
  • the processor 3180 may include one or more processing cores; preferably, the processor 3180 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
  • the modem processor primarily handles wireless communications. It can be understood that the above modem processor may not be integrated into the processor 3180.
  • the wearable device 3000 further includes a power source 3190 (such as a battery) for powering various components.
  • the power source can be logically connected to the processor 3180 through a power management system to manage charging, discharging, and power management through the power management system.
  • the power supply 3190 may also include any one or more of a DC or AC power source, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
  • the wearable device 3000 may further include a camera, a Bluetooth module, and the like, and details are not described herein.
  • the wearable device includes a memory, and one or more programs, wherein one or more programs are stored in the memory and configured to execute the one or more programs by one or more processors Contains instructions for making the following methods:
  • the service terminal sends a service request to the service server, where the service request includes the service information and the user verification information, and the service server checks the user verification information, and if the verification succeeds, the service is The business request is for business processing.
  • the method before the sending, by the near-end communication mode, the pre-stored user authentication information to the service terminal, the method further includes:
  • the identification information is used for binding verification, and if the verification is passed, the device relationship confirmation information is sent to the service terminal, and the service terminal sends a service request carrying the device relationship confirmation information to the service server, so that the service is performed.
  • the server verifies the user verification information and the device relationship confirmation information, and if the verification is successful, performs service processing on the service request.
  • the sending the user verification information pre-stored locally to the service terminal by using the short-range communication manner includes:
  • the third-party verification information is verified, and if the verification is successful, the pre-stored user verification information is sent to the service terminal by using the short-range communication method.
  • the third-party verification information is encrypted by using the third-party private key by the service server;
  • the verifying the third-party verification information includes:
  • the encrypted third-party authentication information is decrypted by using a third-party public key corresponding to the service server, and the decrypted third-party verification information is verified according to the pre-stored reference third-party verification information.
  • the wearable device of the embodiment may send user authentication information to the service terminal, so that the service server checks the user authentication information sent by the service terminal, and if the verification succeeds, performs service on the service request sent by the service terminal. Processing makes the process of business processing safer and more convenient.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Abstract

Disclosed are a security verification method, and a related device and system. The security verification method comprises: acquiring from a wearable device of a user, by a service terminal, user verification information pre-stored in the wearable device in a near-field communication manner; sending, by the service terminal, a service request to a service server, the service request comprising service information and the user verification information; and checking, by the service server, the user verification information, and if checking is successful, conducting service processing on the service request. By means of the present invention, checking can be conducted using verification information stored in a wearable device of a user, so that service processing with respect to a service request is more secure and convenient.

Description

一种安全验证方法、相关设备和系统Safety verification method, related equipment and system
本申请要求于2013年12月30日提交中国专利局、申请号为201310746079.8、发明名称为“一种安全验证方法、相关设备和系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. 201310746079.8, entitled "A Security Verification Method, Related Equipment and Systems", filed on December 30, 2013, the entire contents of In this application.
技术领域Technical field
本发明涉及互联网技术领域,尤其涉及一种安全验证方法、相关设备和系统。The present invention relates to the field of Internet technologies, and in particular, to a security verification method, related device, and system.
背景技术Background technique
随着互联网技术的发展,用户经常在线处理一些日常业务,而一些涉及到用户个人资产或私密信息的业务在处理过程中需要对用户身份进行严格的认证,例如在线交易、支付等场景,最常用的认证方式为通过短信验证码进行认证,而短信验证码建立在手机渠道之上,如果手机不能正常接收短信,那支付行为则无法正常完成;如果手机丢失,短时间内无法进行安全验证,并且可能会发生他人利用丢失的手机进行短信验证,从而仿冒该用户进行业务处理,导致该用户的资产或个人信息的安全隐患。With the development of Internet technology, users often process some daily business online, and some services involving personal assets or private information of the user need to strictly authenticate the user identity during processing, such as online transactions, payment, etc. The authentication method is to authenticate by SMS verification code, and the SMS verification code is established on the mobile phone channel. If the mobile phone cannot receive the short message normally, the payment behavior cannot be completed normally; if the mobile phone is lost, the security verification cannot be performed in a short time, and It may happen that another person uses the lost mobile phone to perform SMS verification, thereby counterfeiting the user for business processing, resulting in security risks of the user's assets or personal information.
发明内容Summary of the invention
本发明实施例提供一种安全验证方法、相关设备和系统,可利用用户的可穿戴设备中存储的验证信息进行校验,让针对业务请求的业务处理更为安全便捷。The embodiment of the invention provides a security verification method, a related device and a system, which can be verified by using the verification information stored in the wearable device of the user, so that the service processing for the service request is more secure and convenient.
第一方面,本发明实施例提供一种安全验证方法,所述方法包括:In a first aspect, an embodiment of the present invention provides a security verification method, where the method includes:
业务终端通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息;The service terminal acquires user authentication information pre-stored in the wearable device from the wearable device of the user by using a short-range communication manner;
所述业务终端向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息; The service terminal sends a service request to the service server, where the service request includes service information and the user verification information;
所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理。The service server performs verification on the user verification information, and if the verification succeeds, performs service processing on the service request.
第二方面,本发明实施例还提供了一种安全验证方法,所述方法包括:In a second aspect, the embodiment of the present invention further provides a security verification method, where the method includes:
业务终端通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息;The service terminal acquires user authentication information pre-stored in the wearable device from the wearable device of the user by using a short-range communication manner;
所述业务终端向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,以使所述业务服务器对所述用户验证信息进行校验,若校验成功,则所述业务服务器对所述业务请求进行业务处理。The service terminal sends a service request to the service server, where the service request includes the service information and the user verification information, so that the service server checks the user verification information, and if the verification is successful, the service terminal The service server performs business processing on the service request.
第三方面,本发明实施例还提供一种安全验证方法,所述方法包括:In a third aspect, an embodiment of the present invention further provides a security verification method, where the method includes:
可穿戴设备通过近距通讯方式向所述业务终端发送预先存储在所述可穿戴设备中的用户验证信息,以使所述业务终端向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理。The wearable device sends the user authentication information pre-stored in the wearable device to the service terminal in a short-distance communication manner, so that the service terminal sends a service request to the service server, where the service request includes service information and The user verification information, the service server performs verification on the user verification information, and if the verification is successful, performs service processing on the service request.
第四方面,本发明实施例还提供一种安全支付方法,所述安全支付方法包括:In a fourth aspect, the embodiment of the present invention further provides a secure payment method, where the secure payment method includes:
支付终端通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息;The payment terminal acquires user verification information pre-stored in the wearable device from the wearable device of the user by using a short-range communication manner;
所述支付终端向支付服务器发送支付请求,所述支付请求中包括订单信息和所述用户验证信息;The payment terminal sends a payment request to the payment server, where the payment request includes order information and the user verification information;
所述支付服务器对所述用户验证信息进行校验,若校验成功,则对所述支付请求进行支付处理。The payment server verifies the user verification information, and if the verification is successful, performs payment processing on the payment request.
第五方面,本发明实施例还提供一种业务终端,所述业务终端包括存储器,以及一个或者一个以上的程序,其中一个或者一个以上程序存储于存储器中,且经配置以由一个或者一个以上处理器执行所述一个或者一个以上程序包含的用于进行以下方法的指令:In a fifth aspect, an embodiment of the present invention further provides a service terminal, where the service terminal includes a memory, and one or more programs, where one or more programs are stored in a memory and configured to be one or more The processor executes instructions included in the one or more programs for performing the following methods:
通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息;Acquiring user authentication information pre-stored in the wearable device from a wearable device of the user by using a short-range communication manner;
向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,以使所述业务服务器对所述用户验证信息进行校验,若校验成功,则所述业务服务器对所述业务请求进行业务处理。 Sending a service request to the service server, where the service request includes the service information and the user verification information, so that the service server checks the user verification information, and if the verification succeeds, the service server is The business request is for business processing.
第六方面,本发明实施例还提供一种可穿戴设备,所述可穿戴设备包括存储器,以及一个或者一个以上的程序,其中一个或者一个以上程序存储于存储器中,且经配置以由一个或者一个以上处理器执行所述一个或者一个以上程序包含的用于进行以下方法的指令:In a sixth aspect, an embodiment of the present invention further provides a wearable device, where the wearable device includes a memory, and one or more programs, wherein one or more programs are stored in the memory and configured to be one or More than one processor executes instructions included in the one or more programs for performing the following methods:
通过近距通讯方式向所述业务终端发送预先存储在本地的用户验证信息,以使所述业务终端向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理。Sending the user authentication information stored in advance to the service terminal in a short-range communication manner, so that the service terminal sends a service request to the service server, where the service request includes the service information and the user verification information, The service server verifies the user verification information, and if the verification is successful, performs service processing on the service request.
本发明实施例通过从用户的可穿戴设备通过近距通讯方式获取预先存储在所述可穿戴设备中的用户验证信息,向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,以使所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理,可利用用户的可穿戴设备中存储的验证信息进行业务验证,让业务处理更为安全便捷。The embodiment of the present invention obtains the user verification information pre-stored in the wearable device from the wearable device of the user, and sends a service request to the service server, where the service request includes the service information and the user. The verification information is used to enable the service server to verify the user verification information. If the verification is successful, the service request is processed, and the verification information stored in the user's wearable device can be used for service verification. Make business processing safer and more convenient.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图1是本发明实施例的一种安全验证方法的流程示意图;1 is a schematic flow chart of a security verification method according to an embodiment of the present invention;
图2是本发明另一实施例中的安全验证方法的流程示意图;2 is a schematic flow chart of a security verification method in another embodiment of the present invention;
图3是本发明另一实施例中的安全验证方法的流程示意图;3 is a schematic flow chart of a security verification method in another embodiment of the present invention;
图4是本发明另一实施例中的安全验证方法的流程示意图;4 is a schematic flow chart of a security verification method in another embodiment of the present invention;
图5是本发明实施例中的一种业务终端的结构示意图;FIG. 5 is a schematic structural diagram of a service terminal according to an embodiment of the present invention; FIG.
图6是本发明另一实施例中的业务终端的结构示意图;6 is a schematic structural diagram of a service terminal according to another embodiment of the present invention;
图7是本发明实施例中的一种可穿戴设备的结构示意图;7 is a schematic structural diagram of a wearable device according to an embodiment of the present invention;
图8是本发明另一实施例中的可穿戴设备的结构示意图;FIG. 8 is a schematic structural diagram of a wearable device according to another embodiment of the present invention; FIG.
图9是本发明实施例中的一种安全验证系统的结构示意图;9 is a schematic structural diagram of a security verification system in an embodiment of the present invention;
图10是本发明实施例中的一种安全支付系统的结构示意图;FIG. 10 is a schematic structural diagram of a secure payment system according to an embodiment of the present invention; FIG.
图11是本发明另一实施例中的业务终端的结构示意图; 11 is a schematic structural diagram of a service terminal according to another embodiment of the present invention;
图12是本发明实施例中的一种可穿戴设备的结构示意图。FIG. 12 is a schematic structural diagram of a wearable device according to an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明实施例中的业务终端可以包括个人电脑、平板电脑、智能手机、电子阅读器以及车载终端等互联网设备,可以通过使用用户账号登录至业务服务器进行在线支付业务。可穿戴设备即可以直接穿戴在用户身上,或是整合到用户的衣服或配件的一种便携式设备,可以包括智能手环、智能腕带、智能手表、智能眼镜以及各种智能配饰设备,在本发明实施例中配合所述业务终端进行安全支付。The service terminal in the embodiment of the present invention may include an Internet device such as a personal computer, a tablet computer, a smart phone, an e-reader, and an in-vehicle terminal, and can log in to the service server to perform an online payment service by using a user account. A wearable device that can be worn directly on the user or integrated into the user's clothing or accessories, can include a smart bracelet, a smart wristband, a smart watch, smart glasses, and various smart accessories. In the embodiment of the invention, the service terminal is used for secure payment.
图1是本发明实施例的一种安全验证方法的流程示意图,如图1所示本实施例中的安全验证方法可以包括:1 is a schematic flowchart of a security verification method according to an embodiment of the present invention. The security verification method in this embodiment may include:
S101,业务终端通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息。S101. The service terminal acquires user verification information pre-stored in the wearable device from the wearable device of the user by using a short-range communication manner.
具体实现中,用户可以通过业务终端发起在线支付请求,例如在浏览电商网站时确认需要购买的商品,确认订单后登录业务服务器进行在线支付,这时业务终端可以根据用户输入的支付指令发起建立与所述可穿戴设备的近距通讯连接,具体可以为蓝牙连接,NFC(Near Field Communication,近场通信)连接等,例如在用户点击“确认支付”后,业务终端开启蓝牙功能并进行蓝牙设备搜索,用户可穿戴设备默认一直保持蓝牙开启状态,在业务终端搜索到用户的可穿戴设备后可以自动建立与可穿戴设备的蓝牙连接。在业务终端建立得到与可穿戴设备之间的近距通讯连接后,可以通过建立得到的近距通讯连接从可穿戴设备中获取预先存储在所述可穿戴设备中的用户验证信息,所述用户验证信息可以包括用户数字证书或其他用户支付验证的口令、密码等信息。较优的,业务终端从可穿戴设备获取到的用户验证信息可以是所述可穿戴设备根据预设的用户私钥进行加密的,可选的,所述获取到的用户验证信息也可以是预先经过业务终端加密或业务服务器加密,进而存储到所述可穿戴设备中的验证 信息,业务终端在后续获取所述用户验证信息和使用所述用户验证信息的过程中,无法对用户验证信息进行解密,保证了该用户验证信息在支付传输过程中的安全性。In a specific implementation, the user can initiate an online payment request through the service terminal. For example, when browsing the e-commerce website, the user needs to purchase the product, and after confirming the order, log in to the service server to perform online payment. At this time, the service terminal can initiate the establishment according to the payment instruction input by the user. The short-range communication connection with the wearable device, specifically, a Bluetooth connection, a NFC (Near Field Communication) connection, etc., for example, after the user clicks “confirm payment”, the service terminal turns on the Bluetooth function and performs the Bluetooth device. Searching, the user wearable device keeps the Bluetooth on state by default, and can automatically establish a Bluetooth connection with the wearable device after the service terminal searches for the user's wearable device. After the service terminal establishes a short-distance communication connection with the wearable device, the user verification information pre-stored in the wearable device may be acquired from the wearable device by using the established short-range communication connection, where the user The verification information may include a user digital certificate or other user's payment verification password, password, and the like. Preferably, the user authentication information obtained by the service terminal from the wearable device may be that the wearable device encrypts according to the preset user private key. Optionally, the obtained user verification information may also be in advance. Verification by the service terminal encryption or service server encryption, and then stored in the wearable device The information service terminal cannot decrypt the user verification information in the process of obtaining the user verification information and using the user verification information, thereby ensuring the security of the user verification information in the payment transmission process.
S102,所述业务终端向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息。S102. The service terminal sends a service request to a service server, where the service request includes service information and the user verification information.
业务终端从用户的可穿戴设备获取用户验证信息后,可以向业务服务器发送业务请求,所述业务请求中可以包括业务信息和从用户的可穿戴设备获取到的用户验证信息等,所述业务请求可以为支付请求,所述业务信息可以包括交易订单和支付金额等支付信息,也可以包括使用用户账号登录至业务服务器进行在线支付业务的登录账号和登录密码等登录信息,等等。After the service terminal obtains the user authentication information from the user's wearable device, the service terminal may send a service request to the service server, where the service request may include service information and user authentication information obtained from the user's wearable device, and the service request. For the payment request, the service information may include payment information such as a transaction order and a payment amount, and may also include login information such as a login account and a login password for logging in to the service server using the user account, and the like.
S103,所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理。S103: The service server performs verification on the user verification information, and if the verification succeeds, performs service processing on the service request.
业务服务器接收到业务终端发送的业务请求后,可以对所述业务请求中的用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理。After receiving the service request sent by the service terminal, the service server may perform verification on the user verification information in the service request, and if the verification succeeds, perform service processing on the service request.
具体的,较优的业务终端从可穿戴设备获取到的用户验证信息可以为经过预设的用户私钥进行加密的,则业务服务器可以使用所述用户对应的用户公钥对经过加密的用户验证信息进行解密,根据预先存储的基准用户验证信息对解密得到的用户验证信息进行校验,若校验成功,则对所述业务请求进行后续的业务处理,即通过该业务请求中的业务信息(如交易订单、支付金额等信息),进行后续的业务处理(如在线支付处理等);若校验失败,则业务服务器可以直接拒绝本次业务请求。Specifically, the user authentication information obtained by the preferred service terminal from the wearable device may be encrypted by using a preset user private key, and the service server may use the user public key corresponding to the user to authenticate the encrypted user. The information is decrypted, and the decrypted user verification information is verified according to the pre-stored reference user verification information. If the verification is successful, the service request is subjected to subsequent service processing, that is, the service information in the service request is obtained ( Such as transaction orders, payment amounts and other information), for subsequent business processing (such as online payment processing, etc.); if the verification fails, the business server can directly reject the current business request.
本实施例的业务终端通过从用户的可穿戴设备通过近距通讯方式获取预先存储在所述可穿戴设备中的用户验证信息,向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,以使所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理,可利用用户的可穿戴设备中存储的验证信息进行校验,让针对业务请求的业务处理更为安全便捷。The service terminal of the present embodiment obtains the user authentication information pre-stored in the wearable device by using the proximity communication method from the user's wearable device, and sends a service request to the service server, where the service request includes the service information and the The user verification information is used to enable the service server to verify the user verification information. If the verification is successful, the service request is processed, and the verification information stored in the user's wearable device can be used for calibration. To make business processing for business requests safer and more convenient.
图2是本发明另一实施例中的安全验证方法的流程示意图,本实施例所描 述的安全验证方法主要是从可穿戴设备、业务终端以及业务服务器三侧来进行描述的。如图2所示,本实施例中的安全验证方法可以包括以下步骤:2 is a schematic flow chart of a security verification method in another embodiment of the present invention, which is described in this embodiment. The security verification method described is mainly described from the three sides of the wearable device, the service terminal, and the service server. As shown in FIG. 2, the security verification method in this embodiment may include the following steps:
S201,业务终端通过近距通讯方式获取用户的可穿戴设备的设备标识。S201: The service terminal acquires the device identifier of the user's wearable device by using the short-range communication manner.
具体实现中,用户可以通过个人电脑、平板电脑、智能手机、电子阅读器或车载终端等业务终端向智能手环、智能腕带、智能手表、智能眼镜或各种智能配饰设备等用户的可穿戴设备获取所述可穿戴设备的设备标识,所述设备标识唯一标识所述可穿戴设备,可以为所述可穿戴设备的身份识别码等。In the specific implementation, the user can wear a smart phone, a smart wristband, a smart watch, a smart glasses or various smart accessories devices through a business terminal such as a personal computer, a tablet computer, a smart phone, an e-reader or an in-vehicle terminal. The device obtains the device identifier of the wearable device, and the device identifier uniquely identifies the wearable device, and may be an identifier of the wearable device or the like.
例如,用户可以通过业务终端发起在线支付请求,在浏览电商网站时确认需要购买的商品,确认订单后登录业务服务器进行在线支付,这时业务终端可以根据用户输入的支付指令发起建立与所述可穿戴设备的数据连接,具体可以为蓝牙连接或NFC连接等,并通过建立得到的数据连接获取可穿戴设备的设备标识,以蓝牙连接为例,业务终端可以进行蓝牙设备搜索,并与可穿戴设备进行蓝牙配对,从而与所述可穿戴设备建立蓝牙连接,可选的,业务终端也可以根据预先存储在所述业务终端中的可穿戴设备的蓝牙识别码与所述可穿戴设备建立蓝牙连接,然后,可以通过建立得到的蓝牙连接获取可穿戴设备的设备标识。For example, the user can initiate an online payment request through the service terminal, confirm the goods to be purchased when browsing the e-commerce website, and log in to the service server to perform online payment after confirming the order. At this time, the service terminal can initiate establishment and the user according to the payment instruction input by the user. The data connection of the wearable device may be a Bluetooth connection or an NFC connection, and obtain the device identifier of the wearable device through the established data connection. For example, the Bluetooth connection is used, and the service terminal can perform Bluetooth device search and wearable. The device performs Bluetooth pairing to establish a Bluetooth connection with the wearable device. Optionally, the service terminal may also establish a Bluetooth connection with the wearable device according to the Bluetooth identifier of the wearable device pre-stored in the service terminal. Then, the device identification of the wearable device can be obtained through the established Bluetooth connection.
S202,业务终端将所述可穿戴设备的设备标识发送至业务服务器。S202. The service terminal sends the device identifier of the wearable device to the service server.
S203,业务服务器根据所述设备标识和所述业务终端的标识信息进行绑定验证。S203. The service server performs binding verification according to the device identifier and the identifier information of the service terminal.
所述业务服务器接收到业务终端发送的可穿戴设备的设备标识后,可以根据所述设备标识和所述业务终端的标识信息进行绑定验证,所述业务终端的标识信息可以是业务终端发送可穿戴设备的设备标识时发送至业务服务器的,可选的,以在线支付为例,也可以是在业务终端登录所述业务服务器后的任意时刻,所述业务服务器从所述业务终端获取所述业务终端的标识信息,所述业务终端的标识信息可以唯一标识所述业务终端,可以为所述业务终端的身份识别码等,可选的,所述标识信息也可以为登录业务服务器的登录账号。具体的,业务服务器可以可以预先存储有可穿戴设备的设备标识和业务终端的标识信息的绑定关系,用于判断某可穿戴设备与某业务终端是否建立有绑定关系,建立上述绑定关系的处理过程可以参见下述相关内容,业务服务器得到所述可穿 戴设备的设备标识和所述业务终端的标识信息后,可以在上述绑定关系中查找,以验证所述可穿戴设备和所述业务终端是否建立有绑定关系,若验证所述可穿戴设备和所述业务终端建立有绑定关系,则确定所述业务终端是用户常用的终端,进而执行向所述业务终端发送设备关系确认信息的处理过程;若所述可穿戴设备和所述业务终端不是绑定的,则业务服务器可以拒绝向所述业务终端发送设备关系确认信息。After receiving the device identifier of the wearable device sent by the service terminal, the service server may perform binding verification according to the device identifier and the identifier information of the service terminal, where the identifier information of the service terminal may be sent by the service terminal. When the device identifier of the device is sent to the service server, the online payment is used as an example, or the service server obtains the service from the service terminal at any time after the service terminal logs in to the service server. The identification information of the service terminal, where the identification information of the service terminal can uniquely identify the service terminal, and can be an identity identification code of the service terminal. Optionally, the identifier information can also be a login account of the login service server. . Specifically, the service server may pre-store the binding relationship between the device identifier of the wearable device and the identification information of the service terminal, and determine whether a binding relationship between the wearable device and a service terminal is established, and the binding relationship is established. The process can be referred to the related content below, and the service server obtains the wearable After the device identifier of the device and the identifier information of the service terminal are used, the device may be configured to check whether the wearable device and the service terminal establish a binding relationship, and if the wearable device is verified, Establishing a binding relationship with the service terminal, determining that the service terminal is a terminal that is commonly used by the user, and further performing a process of sending device relationship confirmation information to the service terminal; and if the wearable device and the service terminal are If it is not bound, the service server may refuse to send device relationship confirmation information to the service terminal.
可选的,用户通过业务终端发起业务请求之前,业务终端可以向业务服务器发送绑定请求信息,所述绑定请求信息可以携带可穿戴设备的设备标识和业务终端的标识信息,以使业务服务器对所述可穿戴设备和所述业务终端建立绑定关系,例如用户可通过业务终端向业务服务器发送注册请求信息,所述注册请求信息可以携带可穿戴设备的设备标识和业务终端的标识信息,业务服务器针对所述注册请求信息进行注册处理,以使所述可穿戴设备和所述业务终端相关联(即建立绑定关系)。进一步可选的,业务服务器可以根据绑定请求信息建立所述可穿戴设备和多个业务终端之间的绑定关系,即用户可以设定多个常用业务终端。Optionally, before the user initiates the service request by using the service terminal, the service terminal may send the binding request information to the service server, where the binding request information may carry the device identifier of the wearable device and the identification information of the service terminal, so that the service server Establishing a binding relationship between the wearable device and the service terminal, for example, the user may send the registration request information to the service server by using the service terminal, where the registration request information may carry the device identifier of the wearable device and the identification information of the service terminal. The service server performs registration processing on the registration request information to associate the wearable device with the service terminal (ie, establish a binding relationship). Further, the service server may establish a binding relationship between the wearable device and the multiple service terminals according to the binding request information, that is, the user may set multiple common service terminals.
S204,若所述验证通过则业务服务器向所述业务终端发送设备关系确认信息。S204. If the verification is passed, the service server sends the device relationship confirmation information to the service terminal.
若对所述设备标识和所述业务终端的标识信息的绑定验证通过,则业务服务器可以向所述业务终端发送设备关系确认信息,所述设备关系确认信息可以是确定所述可穿戴设备和所述业务终端是绑定关系的确认信息。If the binding verification of the device identifier and the identification information of the service terminal is passed, the service server may send the device relationship confirmation information to the service terminal, where the device relationship confirmation information may be determining the wearable device and The service terminal is confirmation information of a binding relationship.
S205,业务终端通过近距通讯方式获取可穿戴设备的用户验证信息。S205. The service terminal acquires user authentication information of the wearable device by using a short-range communication manner.
业务终端接收到业务服务器发送的设备关系确认信息后,可以通过建立得到的与所述可穿戴设备的数据连接,获取所述可穿戴设备的用户验证信息,所述用户验证信息可以包括用户数字证书或其他用户支付验证的口令、密码等信息。较优的,业务终端从可穿戴设备获取到的用户验证信息可以是所述可穿戴设备根据预设的用户私钥进行加密的,可选的,所述获取到的用户验证信息也可以是预先经过业务终端加密或业务服务器加密,进而存储到所述可穿戴设备中的验证信息,其中,用户私钥可以是通过用户的相关信息生成的密码等,这样,业务终端在后续获取所述用户验证信息和使用所述用户验证信息的过程 中,无法对用户验证信息进行解密,保证了该用户验证信息在支付传输过程中的安全性。After receiving the device relationship confirmation information sent by the service server, the service terminal may obtain the user verification information of the wearable device by establishing a data connection with the wearable device, where the user verification information may include a user digital certificate. Or other users pay for verified passwords, passwords, and other information. Preferably, the user authentication information obtained by the service terminal from the wearable device may be that the wearable device encrypts according to the preset user private key. Optionally, the obtained user verification information may also be in advance. After the service terminal encrypts or encrypts the service server, the authentication information is stored in the wearable device, where the user private key may be a password generated by the related information of the user, and the service terminal subsequently obtains the user verification. Information and the process of using the user authentication information The user authentication information cannot be decrypted, and the security of the user authentication information in the payment transmission process is ensured.
S206,业务终端向所述业务服务器发送业务请求,所述业务请求包括业务信息和所述用户验证信息,并携带所述设备关系确认信息。S206. The service terminal sends a service request to the service server, where the service request includes the service information and the user verification information, and carries the device relationship confirmation information.
业务终端从用户的可穿戴设备获取用户验证信息后,可以向业务服务器发送业务请求,所述业务请求中可以包括业务信息和所述从用户的可穿戴设备获取到的用户验证信息等,并携带所述设备关系确认信息,其中所述业务信息可以包括交易订单和支付金额等支付信息,也可以包括使用用户账号登录至业务服务器进行在线支付业务的登录账号和登录密码等登录信息,等等。After the service terminal obtains the user authentication information from the user's wearable device, the service terminal may send a service request to the service server, where the service request may include the service information and the user verification information obtained from the user's wearable device, and carry The device relationship confirmation information, wherein the service information may include payment information such as a transaction order and a payment amount, and may also include login information such as a login account and a login password for logging in to the service server using the user account, and the like.
S207,业务服务器对接收到的用户验证信息和设备关系确认信息进行校验,若均校验成功则对所述业务请求进行业务处理。S207: The service server checks the received user authentication information and the device relationship confirmation information, and if the verification is successful, performs service processing on the service request.
具体的,较优的,业务终端从可穿戴设备获取到的用户验证信息可以为经过预设的用户私钥进行加密的验证信息,则业务服务器接收到业务终端发送的业务请求后,可以使用所述用户对应的用户公钥对所述经过加密的用户验证信息进行解密,并对所述解密得到的用户验证信息和所述业务请求携带的设备关系确认信息分别进行校验,若对所述解密得到的用户验证信息和所述设备关系确认信息均校验成功,则业务服务器可以对所述业务请求进行业务处理,即通过该业务请求中的业务信息(如交易订单、支付金额等信息),进行后续的业务处理(如在线支付处理等)。Specifically, the user authentication information obtained by the service terminal from the wearable device may be the authentication information that is encrypted by using the preset user private key, and the service server may use the service request after receiving the service request sent by the service terminal. Decrypting the encrypted user authentication information by the user public key corresponding to the user, and verifying the decrypted user authentication information and the device relationship confirmation information carried by the service request respectively, if the decryption is performed If the obtained user authentication information and the device relationship confirmation information are both verified successfully, the service server may perform service processing on the service request, that is, through the service information (such as transaction order, payment amount, and the like) in the service request. Perform subsequent business processing (such as online payment processing, etc.).
上述步骤207的处理方式还可以包括以下内容:业务服务器使用所述用户对应的用户公钥对经过加密的用户验证信息进行解密,根据预先存储的基准用户验证信息对解密得到的用户验证信息进行校验。The processing manner of the foregoing step 207 may further include: the service server decrypts the encrypted user verification information by using the user public key corresponding to the user, and performs the decryption of the user verification information according to the pre-stored reference user verification information. Test.
其中,基准用户验证信息可以是用户通过终端预先存储在业务服务器中的用户验证信息,基准用户验证信息可以包括用户数字证书或其他用户支付验证的口令、密码等信息。The reference user verification information may be user authentication information that is pre-stored by the user in the service server by using the terminal, and the reference user verification information may include information such as a user digital certificate or a password, password, and the like of other user payment verification.
在实施中,业务服务器接收到业务终端发送的业务请求后,可以使用所述用户对应的用户公钥对所述经过加密的用户验证信息进行解密,得到解密后的用户验证信息,然后,业务服务器可以提取业务请求中携带的设备关系确认信息,在业务服务器中预先存储的设备关系确认信息中查找,如果查找到业务请 求中的设备关系确认信息,则可以确定该可穿戴设备与该业务终端之间建立有绑定关系,此时,业务服务器可以提取业务请求中携带的用户验证信息,与业务服务器中预先存储的基准用户验证信息进行对比,如果业务请求中的用户验证信息与预先存储的基准用户验证信息相同,则可以确定校验成功,此时,业务服务器可以对所述业务请求进行业务处理,否则校验失败,此时,业务服务器可以拒绝对所述业务请求进行响应。In an implementation, after receiving the service request sent by the service terminal, the service server may decrypt the encrypted user verification information by using the user public key corresponding to the user, and obtain the decrypted user verification information, and then the service server. You can extract the device relationship confirmation information carried in the service request and search for the device relationship confirmation information stored in the service server. If you find the service, please If the device relationship confirmation information is found, the binding relationship between the wearable device and the service terminal may be determined. At this time, the service server may extract the user verification information carried in the service request, and pre-stored with the service server. If the user authentication information in the service request is the same as the pre-stored user authentication information, the verification may be successful. In this case, the service server may perform service processing on the service request, otherwise, the verification is performed. Failure, at this point, the business server can refuse to respond to the business request.
本实施例的业务服务器根据业务终端的标识信息和所述业务终端发送的可穿戴设备的设备标识进行绑定验证,若验证通过则向业务终端发送设备关系确认信息,进一步的业务终端获取到可穿戴设备的用户验证信息后,向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,并携带所述设备关系确认信息,业务服务器接收到所述业务请求后,对所述用户验证信息和所述设备关系确认信息进行验证,若均验证成功则对所述业务请求进行业务处理,可利用业务服务器根据用户的可穿戴设备的设备标识和业务终端的标识信息发送的设备关系确认信息和所述可穿戴设备中存储的验证信息进行校验,让针对业务请求的业务处理更为安全便捷。The service server of the present embodiment performs binding verification according to the identification information of the service terminal and the device identifier of the wearable device sent by the service terminal, and if the verification succeeds, the device relationship confirmation information is sent to the service terminal, and the further service terminal obtains the After the user authentication information of the device is received, the service request is sent to the service server, where the service request includes the service information and the user verification information, and the device relationship confirmation information is carried, and after receiving the service request, the service server The user verification information and the device relationship confirmation information are verified. If the verification is successful, the service request is processed by the service server, and the service server may be sent according to the device identifier of the wearable device of the user and the identification information of the service terminal. The device relationship confirmation information and the verification information stored in the wearable device are verified, so that the business process for the service request is safer and more convenient.
图3是本发明另一实施例中的安全验证方法的流程示意图,本实施例所描述的安全验证方法主要是从可穿戴设备、业务终端以及业务服务器三侧来进行描述的。如图3所示,本实施例中的安全验证方法可以包括以下步骤:3 is a schematic flowchart of a security verification method in another embodiment of the present invention. The security verification method described in this embodiment is mainly described from three sides of a wearable device, a service terminal, and a service server. As shown in FIG. 3, the security verification method in this embodiment may include the following steps:
S301,业务终端获取业务服务器的第三方验证信息。S301. The service terminal acquires third-party verification information of the service server.
业务终端获取用户的可穿戴设备的用户验证信息之前,可以获取业务服务器的第三方验证信息,所述第三方验证信息可以包括数字证书或支付验证的口令、密码等信息。较优的,业务终端从业务服务器获取到的第三方验证信息可以为所述业务服务器使用第三方私钥进行加密的验证信息,而业务终端无法对第三方验证信息进行解密,保证了所述第三方验证信息在支付传输过程中的安全性。Before obtaining the user authentication information of the wearable device of the user, the service terminal may obtain third-party verification information of the service server, where the third-party verification information may include information such as a digital certificate or a password, a password, and the like for payment verification. Preferably, the third-party verification information obtained by the service terminal from the service server may be the verification information that the service server encrypts by using the third-party private key, and the service terminal cannot decrypt the third-party verification information, thereby ensuring the The security of the three-party authentication information in the payment transmission process.
S302,业务终端将所述业务服务器的第三方验证信息通过近距通讯方式发送至可穿戴设备。S302. The service terminal sends the third-party verification information of the service server to the wearable device by using a short-range communication manner.
具体的,业务终端可以通过建立得到的与可穿戴设备的数据连接,将所述 获取到的业务服务器的第三方验证信息发送至可穿戴设备,所述数据连接可以是蓝牙连接或NFC连接等。Specifically, the service terminal may establish the obtained data connection with the wearable device, and the The obtained third party verification information of the service server is sent to the wearable device, and the data connection may be a Bluetooth connection or an NFC connection or the like.
S303,所述可穿戴设备对所述第三方验证信息进行校验。S303. The wearable device checks the third-party verification information.
所述可穿戴设备接收到所述业务终端发送的第三方验证信息后,可以对所述第三方验证信息进行校验,若校验成功,执行向所述业务终端发送用户验证信息的处理过程;若校验不成功,则可穿戴设备可以拒绝向所述业务终端发送用户验证信息。After receiving the third-party verification information sent by the service terminal, the wearable device may perform verification on the third-party verification information, and if the verification is successful, perform a process of sending user verification information to the service terminal; If the verification is unsuccessful, the wearable device may refuse to send the user authentication information to the service terminal.
具体的,较优的,业务终端从业务服务器获取到的第三方验证信息可以为所述业务服务器使用第三方私钥进行加密的验证信息,则可穿戴设备可以使用与所述业务服务器对应的第三方公钥对经过加密的第三方验证信息进行解密,根据预先存储的基准第三方验证信息对解密得到的第三方验证信息进行校验,其中,基准第三方验证信息可以是通过业务服务器生成的预先存储在可穿戴设备中的第三方验证信息,基准第三方验证信息可以包括数字证书或支付验证的口令、密码等信息。Specifically, the third party authentication information obtained by the service terminal from the service server may be the authentication information that is encrypted by the service server by using the third-party private key, and the wearable device may use the first corresponding to the service server. The third-party public key decrypts the encrypted third-party verification information, and the third-party verification information obtained by the decryption is verified according to the pre-stored reference third-party verification information, wherein the reference third-party verification information may be a pre-generation generated by the service server. The third-party verification information stored in the wearable device, and the reference third-party verification information may include information such as a digital certificate or a payment verification password, a password, and the like.
在实施中,所述可穿戴设备接收到所述业务终端发送的第三方验证信息后,可以使用与所述业务服务器对应的第三方公钥对经过加密的第三方验证信息进行解密,得到解密后的第三方验证信息,然后,业务服务器可以将解密得到的第三方验证信息,与业务服务器中预先存储的基准第三方验证信息进行对比,如果解密得到的第三方验证信息与预先存储的基准第三方验证信息相同,则可以确定校验成功,否则校验失败。In an implementation, after receiving the third-party verification information sent by the service terminal, the wearable device may decrypt the encrypted third-party verification information by using a third-party public key corresponding to the service server, and obtain the decrypted Third-party verification information, and then the service server can compare the decrypted third-party verification information with the pre-stored third-party verification information in the service server, if the decrypted third-party verification information and the pre-stored reference third party If the verification information is the same, you can confirm that the verification is successful, otherwise the verification fails.
S304,若可穿戴设备对所述第三方验证信息的校验成功,则通过近距通讯方式向所述业务终端发送用户验证信息。S304. If the verification of the third-party verification information by the wearable device is successful, send the user verification information to the service terminal by using a short-range communication manner.
若可穿戴设备对所述第三方验证信息的校验成功,则可以通过所述数据连接向所述业务终端发送用户验证信息,所述用户验证信息可以包括用户数字证书或其他用户支付验证的口令、密码等信息。较优的,业务终端从可穿戴设备获取到的用户验证信息可以是所述可穿戴设备根据预设的用户私钥进行加密的,可选的,所述获取到的用户验证信息也可以是预先经过业务终端加密或业务服务器加密,进而存储到可穿戴设备中的验证信息,而业务终端在后续获取所述用户验证信息和使用所述用户验证信息的过程中,无法对用户验证信息进 行解密,保证了该用户验证信息在支付传输过程中的安全性。If the verification of the third-party verification information by the wearable device is successful, the user verification information may be sent to the service terminal by using the data connection, where the user verification information may include a user digital certificate or a password for other user payment verification. , password and other information. Preferably, the user authentication information obtained by the service terminal from the wearable device may be that the wearable device encrypts according to the preset user private key. Optionally, the obtained user verification information may also be in advance. After the service terminal encrypts or encrypts the service server, and then stores the verification information in the wearable device, the service terminal cannot obtain the user verification information in the process of subsequently obtaining the user verification information and using the user verification information. Line decryption ensures the security of the user authentication information during the payment transmission process.
S305,业务终端向所述业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息。S305. The service terminal sends a service request to the service server, where the service request includes service information and the user verification information.
业务终端向所述业务服务器发送业务请求,所述业务请求中可以包括业务信息和所述用户验证信息等,所述业务请求可以为支付请求,所述业务信息可以包括交易订单和支付金额等支付信息,也可以包括使用用户账号登录至业务服务器进行在线支付业务的登录账号和登录密码等登录信息,等等。The service terminal sends a service request to the service server, where the service request may include service information and the user verification information, etc., the service request may be a payment request, and the service information may include a transaction order and a payment amount, etc. The information may also include login information such as a login account and a login password for logging in to the service server using the user account, and the like.
S306,业务服务器对接收到的用户验证信息进行校验,若校验成功则对所述业务请求进行业务处理。S306. The service server performs verification on the received user authentication information, and if the verification succeeds, performs service processing on the service request.
业务服务器接收到业务终端发送的业务请求后,可以对所述业务请求中的用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理。After receiving the service request sent by the service terminal, the service server may perform verification on the user verification information in the service request, and if the verification succeeds, perform service processing on the service request.
具体的,较优的,业务终端从可穿戴设备获取到的用户验证信息可以为经过预设的用户私钥进行加密的验证信息,则业务服务器可以使用所述用户对应的用户公钥对经过加密的用户验证信息进行解密,根据预先存储的基准用户验证信息对解密得到的用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理,即通过该业务请求中的业务信息(如交易订单、支付金额等信息),进行后续的业务处理(如在线支付处理等);若校验失败,则业务服务器可以直接拒绝本次业务请求。Specifically, the user authentication information obtained by the service terminal from the wearable device may be the authentication information that is encrypted by using the preset user private key, and the service server may use the user public key pair corresponding to the user to be encrypted. The user authentication information is decrypted, and the decrypted user verification information is verified according to the pre-stored reference user verification information. If the verification is successful, the service request is processed, that is, the service information in the service request is passed. (such as transaction orders, payment amount and other information), for subsequent business processing (such as online payment processing, etc.); if the verification fails, the business server can directly reject the current business request.
在实施中,业务服务器接收到业务终端发送的业务请求后,可以使用所述用户对应的用户公钥对所述经过加密的用户验证信息进行解密,得到解密后的用户验证信息,然后,业务服务器可以提取业务请求中携带的用户验证信息,与业务服务器中预先存储的基准用户验证信息进行对比,如果业务请求中的用户验证信息与预先存储的基准用户验证信息相同,则可以确定校验成功,此时,业务服务器可以对所述业务请求进行业务处理,否则校验失败,此时,业务服务器可以拒绝对所述业务请求进行响应。In an implementation, after receiving the service request sent by the service terminal, the service server may decrypt the encrypted user verification information by using the user public key corresponding to the user, and obtain the decrypted user verification information, and then the service server. The user verification information carried in the service request may be extracted and compared with the reference user verification information pre-stored in the service server. If the user verification information in the service request is the same as the pre-stored reference user verification information, the verification success may be determined. At this time, the service server may perform service processing on the service request, otherwise the verification fails. At this time, the service server may refuse to respond to the service request.
本实施例的可穿戴设备对业务终端发送的业务服务器的第三方验证信息进行校验,若校验成功则向业务终端发送用户验证信息,进一步的业务终端向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,以使所述业务服务器对所述用户验证信息进行校验,若校验成功则对所述 业务请求进行业务处理,可利用业务服务器的第三方验证信息和用户的可穿戴设备中存储的验证信息进行校验,让针对业务请求的业务处理更为安全便捷。The wearable device of the embodiment checks the third-party authentication information of the service server sent by the service terminal, and if the verification succeeds, sends the user verification information to the service terminal, and the further service terminal sends a service request to the service server, where the service is sent. The request includes the service information and the user verification information, so that the service server checks the user verification information, and if the verification is successful, the The service request is processed by the service, and the third-party verification information of the service server and the verification information stored in the user's wearable device can be used for verification, so that the service processing for the service request is more secure and convenient.
图4是本发明另一实施例中的安全验证方法的流程示意图,本实施例所描述的安全验证方法以在线支付流程为例进行详细介绍,主要是从可穿戴设备、业务终端以及业务服务器的角度进行描述的,本实施例中的业务终端即支付终端,业务服务器即支付服务器。如图4所示,本实施例中的安全验证方法可以包括以下步骤:4 is a schematic flowchart of a security verification method in another embodiment of the present invention. The security verification method described in this embodiment is described in detail by using an online payment process as an example, mainly from a wearable device, a service terminal, and a service server. The service terminal in this embodiment is a payment terminal, and the service server is a payment server. As shown in FIG. 4, the security verification method in this embodiment may include the following steps:
S401,支付终端进行蓝牙设备搜索,从而与可穿戴设备建立蓝牙连接。S401. The payment terminal performs a Bluetooth device search to establish a Bluetooth connection with the wearable device.
支付终端可以进行蓝牙设备搜索,从而与智能手环、智能腕带、智能手表、智能眼镜或各种智能配饰设备等用户的可穿戴设备建立蓝牙连接,其中所述支付终端可以为个人电脑、平板电脑、智能手机、电子阅读器或车载终端等。The payment terminal can perform a Bluetooth device search to establish a Bluetooth connection with a user's wearable device such as a smart bracelet, a smart wristband, a smart watch, smart glasses, or various smart accessory devices, wherein the payment terminal can be a personal computer or a tablet. Computer, smart phone, e-reader or car terminal.
具体的,所述可穿戴设备已开启蓝牙功能,即处于可被搜索状态,则用户通过支付终端发起在线支付请求时,支付终端可以进行蓝牙设备搜索,并与所述可穿戴设备进行蓝牙配对,从而与所述可穿戴设备建立蓝牙连接,可选的,支付终端也可以根据预先存储在所述支付终端中的可穿戴设备的蓝牙识别码与所述可穿戴设备建立蓝牙连接。Specifically, the wearable device has enabled the Bluetooth function, that is, in a searchable state, when the user initiates an online payment request through the payment terminal, the payment terminal may perform a Bluetooth device search and perform Bluetooth pairing with the wearable device. Thereby establishing a Bluetooth connection with the wearable device. Optionally, the payment terminal may also establish a Bluetooth connection with the wearable device according to a Bluetooth identification code of the wearable device pre-stored in the payment terminal.
S402,所述支付终端通过所述蓝牙连接从所述可穿戴设备获取所述可穿戴设备的设备标识。S402. The payment terminal acquires the device identifier of the wearable device from the wearable device by using the Bluetooth connection.
支付终端与所述可穿戴设备建立蓝牙连接后,可以通过所述蓝牙连接从可穿戴设备获取可穿戴设备的设备标识,所述设备标识唯一标识所述可穿戴设备,可以为所述可穿戴设备的身份识别码等。After the payment terminal establishes a Bluetooth connection with the wearable device, the device identifier of the wearable device may be obtained from the wearable device by using the Bluetooth connection, where the device identifier uniquely identifies the wearable device, and may be the wearable device Identification code, etc.
S403,所述支付终端将所述可穿戴设备的设备标识发送至支付服务器。S403. The payment terminal sends the device identifier of the wearable device to a payment server.
S404,支付服务器根据所述可穿戴设备的设备标识和所述支付终端的标识信息进行绑定验证。S404. The payment server performs binding verification according to the device identifier of the wearable device and the identifier information of the payment terminal.
支付服务器可以根据所述接收到的可穿戴设备的设备标识和所述支付终端的标识信息进行绑定验证,若验证通过,则支付服务器可以确定所述支付终端是用户常用的终端,进而执行向所述支付终端发送设备关系确认信息的处理过程;若验证不通过,则支付服务器可以拒绝向所述支付终端发送设备关系确 认信息。其中所述支付终端的标识信息可以唯一标识所述支付终端,可以为所述支付终端的身份识别码等,可选的,所述标识信息也可以为登录支付服务器的登录账号。所述支付终端的标识信息可以是支付终端发送可穿戴设备的设备标识时发送至支付服务器的标识信息,可选的,以在线支付为例,所述支付终端的标识信息也可以是在业务终端登录业务服务器后的任意时刻,所述业务服务器从所述业务终端获取所述业务终端的标识信息。The payment server may perform binding verification according to the device identifier of the received wearable device and the identification information of the payment terminal. If the verification is passed, the payment server may determine that the payment terminal is a terminal commonly used by the user, and then perform the The payment terminal sends a device relationship confirmation information processing process; if the verification fails, the payment server may refuse to send the device relationship to the payment terminal. Recognize information. The identification information of the payment terminal may be a login account of the login payment server, and may be an identity identification code of the payment terminal. Optionally, the identifier information may also be a login account of the login payment server. The identification information of the payment terminal may be the identification information that is sent to the payment server when the payment device sends the device identifier of the wearable device. Optionally, the online payment is used as an example, and the identifier information of the payment terminal may also be in the service terminal. At any time after logging in to the service server, the service server obtains the identification information of the service terminal from the service terminal.
可选的,用户通过业务终端发起业务请求之前,业务终端可以向业务服务器发送绑定请求信息,所述绑定请求信息可以携带可穿戴设备的设备标识和业务终端的标识信息,以使业务服务器对所述可穿戴设备和所述业务终端建立绑定关系,例如用户可通过支付终端向支付服务器发送注册请求信息,所述注册请求信息可以携带可穿戴设备的设备标识和业务终端的标识信息,支付服务器针对所述注册请求信息进行注册处理,以使所述可穿戴设备和所述支付终端相关联。进一步可选的,业务服务器可以根据绑定请求信息建立所述可穿戴设备和多个支付终端之间的绑定,即业务服务器可以为用户设置多个常用业务终端。Optionally, before the user initiates the service request by using the service terminal, the service terminal may send the binding request information to the service server, where the binding request information may carry the device identifier of the wearable device and the identification information of the service terminal, so that the service server Establishing a binding relationship between the wearable device and the service terminal, for example, the user may send the registration request information to the payment server by using the payment terminal, where the registration request information may carry the device identifier of the wearable device and the identification information of the service terminal. The payment server performs registration processing on the registration request information to associate the wearable device with the payment terminal. Further, the service server may establish a binding between the wearable device and the multiple payment terminals according to the binding request information, that is, the service server may set multiple common service terminals for the user.
S405,若所述验证通过则向所述支付终端发送设备关系确认信息。S405. Send the device relationship confirmation information to the payment terminal if the verification is passed.
若对所述设备标识和所述支付终端的标识信息的绑定验证通过,则支付服务器可以向所述支付终端发送设备关系确认信息,所述设备关系确认信息可以是确定所述可穿戴设备和所述支付终端是绑定关系的信息。And if the binding verification of the device identifier and the identifier information of the payment terminal is passed, the payment server may send the device relationship confirmation information to the payment terminal, where the device relationship confirmation information may be determining the wearable device and The payment terminal is information of a binding relationship.
S406,所述支付终端获取支付服务器的第三方验证信息。S406. The payment terminal acquires third-party verification information of the payment server.
所述支付终端接收到所述支付服务器发送的设备关系确认信息后,还可以获取支付服务器的第三方验证信息,所述第三方验证信息可以包括数字证书或支付验证的口令、密码等信息。较优的,支付终端从支付服务器获取到的第三方验证信息可以为所述支付服务器使用第三方私钥进行加密的验证信息,而支付终端无法对第三方验证信息进行解密,保证了所述第三方验证信息在支付传输过程中的安全性。After receiving the device relationship confirmation information sent by the payment server, the payment terminal may further obtain third-party verification information of the payment server, where the third-party verification information may include a digital certificate or a password, password, and the like for verification. Preferably, the third-party verification information obtained by the payment terminal from the payment server may be the verification information that the payment server encrypts using the third-party private key, and the payment terminal cannot decrypt the third-party verification information, thereby ensuring the The security of the three-party authentication information in the payment transmission process.
S407,所述支付终端将所述支付服务器的第三方验证信息发送至所述可穿戴设备。S407. The payment terminal sends third-party verification information of the payment server to the wearable device.
支付终端可以通过建立得到的蓝牙连接将所述获取到的支付服务器的第 三方验证信息发送至可穿戴设备。The payment terminal can set the obtained payment server by establishing a Bluetooth connection The three-party authentication information is sent to the wearable device.
S408,所述可穿戴设备使用第三方公钥对所述第三方验证信息进行解密并进行校验。S408. The wearable device decrypts and verifies the third-party verification information by using a third-party public key.
所述可穿戴设备接收到所述支付终端发送的第三方验证信息后,可以对所述第三方验证信息进行校验,若校验成功,执行向所述支付终端发送用户验证信息的处理过程;若校验不成功,则可穿戴设备可以拒绝向所述支付终端发送用户验证信息。After receiving the third-party verification information sent by the payment terminal, the wearable device may perform verification on the third-party verification information, and if the verification is successful, perform a process of sending user verification information to the payment terminal; If the verification is unsuccessful, the wearable device may refuse to send the user authentication information to the payment terminal.
具体的,较优的,支付终端从业务服务器获取到的第三方验证信息可以为所述支付服务器使用第三方私钥进行加密的,则可穿戴设备可以使用与所述支付服务器对应的第三方公钥对所述经过加密的第三方验证信息进行解密,根据预先存储的基准第三方验证信息对解密得到的第三方验证信息进行校验。Specifically, the third party authentication information obtained by the payment terminal from the service server may be encrypted by using the third party private key, and the wearable device may use the third party corresponding to the payment server. The key decrypts the encrypted third-party verification information, and verifies the decrypted third-party verification information according to the pre-stored reference third-party verification information.
在实施中,所述可穿戴设备接收到所述支付终端发送的第三方验证信息后,可以使用与所述支付服务器对应的第三方公钥对经过加密的第三方验证信息进行解密,得到解密后的第三方验证信息,然后,支付服务器可以将解密得到的第三方验证信息,与支付服务器中预先存储的基准第三方验证信息进行对比,如果解密得到的第三方验证信息与预先存储的基准第三方验证信息相同,则可以确定校验成功,否则校验失败。In an implementation, after receiving the third-party verification information sent by the payment terminal, the wearable device may decrypt the encrypted third-party verification information by using a third-party public key corresponding to the payment server, and obtain the decrypted Third-party verification information, and then the payment server can compare the decrypted third-party verification information with the pre-stored third-party verification information in the payment server, if the decrypted third-party verification information and the pre-stored reference third party If the verification information is the same, you can confirm that the verification is successful, otherwise the verification fails.
S409,若可穿戴设备对所述第三方验证信息的校验成功,则向所述支付终端发送所述用户验证信息。S409. If the verification of the third-party verification information by the wearable device is successful, send the user verification information to the payment terminal.
若可穿戴设备对所述第三方验证信息的校验成功,则可以通过所述数据连接向所述支付终端发送用户验证信息,所述用户验证信息可以包括用户数字证书或其他用户支付验证的口令、密码等信息。较优的,支付终端从可穿戴设备获取到的用户验证信息可以是所述可穿戴设备根据预设的用户私钥进行加密的,可选的,所述获取到的用户验证信息也可以是预先经过业务终端加密或业务服务器加密,进而存储到可穿戴设备中的验证信息,支付终端在后续获取所述用户验证信息和使用所述用户验证信息的过程中,无法对用户验证信息进行解密,保证了该用户验证信息在支付传输过程中的安全性。If the verification of the third-party verification information by the wearable device is successful, the user verification information may be sent to the payment terminal through the data connection, where the user verification information may include a password of the user digital certificate or other user payment verification. , password and other information. Preferably, the user authentication information obtained by the payment terminal from the wearable device may be that the wearable device encrypts according to the preset user private key. Optionally, the obtained user verification information may also be After the service terminal encrypts or encrypts the service server, and then stores the verification information in the wearable device, the payment terminal cannot decrypt the user verification information in the process of acquiring the user verification information and using the user verification information. The security of the user authentication information during the payment transmission process.
S410,支付终端向所述支付服务器发送支付请求,所述支付请求中包括支付信息和所述用户验证信息,并携带所述设备关系确认信息。 S410. The payment terminal sends a payment request to the payment server, where the payment request includes payment information and the user verification information, and carries the device relationship confirmation information.
支付终端向所述支付服务器发送支付请求,所述支付请求中可以包括支付信息和所述用户验证信息等,所述支付信息可以为交易订单和支付金额等。The payment terminal sends a payment request to the payment server, where the payment request may include payment information and the user verification information, etc., and the payment information may be a transaction order, a payment amount, and the like.
S411,支付服务器对接收到的用户验证信息进行校验,若校验成功则对所述支付请求进行支付处理。S411. The payment server performs verification on the received user verification information, and if the verification is successful, performs payment processing on the payment request.
支付服务器接收到支付终端发送的支付请求后,可以对所述支付请求中的用户验证信息进行校验,若校验成功,则对所述支付请求进行支付处理。After receiving the payment request sent by the payment terminal, the payment server may verify the user verification information in the payment request, and if the verification is successful, perform payment processing on the payment request.
具体的,较优的,支付终端从可穿戴设备获取到的用户验证信息可以为经过预设的用户私钥进行加密的验证信息,则支付服务器可以使用所述用户对应的用户公钥对经过加密的用户验证信息进行解密,根据预先存储的基准用户验证信息对解密得到的用户验证信息进行校验,若校验成功,则对所述支付请求进行支付处理,即通过该业务请求中的业务信息(如交易订单、支付金额等信息),进行后续的业务处理(如在线支付处理等)。;若校验失败,则支付服务器可以直接拒绝本次支付请求。Specifically, the user authentication information obtained by the payment terminal from the wearable device may be the authentication information encrypted by the preset user private key, and the payment server may encrypt the user public key corresponding to the user. The user authentication information is decrypted, and the decrypted user verification information is verified according to the pre-stored reference user verification information. If the verification is successful, the payment request is processed, that is, the service information in the service request is passed. (such as transaction orders, payment amount and other information), for subsequent business processing (such as online payment processing, etc.). If the verification fails, the payment server can directly reject the payment request.
可选地,支付请求中还可以携带有设备关系确认信息,则相应的上述处理过程可以为:支付服务器对接收到的用户验证信息和设备关系确认信息进行校验,若均校验成功则对所述支付请求进行业务处理。Optionally, the device may also carry the device relationship confirmation information, and the corresponding process may be: the payment server performs verification on the received user verification information and the device relationship confirmation information, and if the verification is successful, The payment request performs business processing.
在实施中,支付服务器接收到支付终端发送的支付请求后,可以使用所述用户对应的用户公钥对所述经过加密的用户验证信息进行解密,得到解密后的用户验证信息,然后,支付服务器可以提取支付请求中携带的设备关系确认信息,在支付服务器中预先存储的设备关系确认信息中查找,如果查找到支付请求中的设备关系确认信息,则可以确定该可穿戴设备与该支付终端之间建立有绑定关系,此时,支付服务器可以提取支付请求中携带的用户验证信息,与支付服务器中预先存储的基准用户验证信息进行对比,如果支付请求中的用户验证信息与预先存储的基准用户验证信息相同,则可以确定校验成功,此时,支付服务器可以对所述支付请求进行业务处理,否则校验失败,此时,支付服务器可以拒绝对所述支付请求进行响应。In an implementation, after receiving the payment request sent by the payment terminal, the payment server may decrypt the encrypted user verification information by using the user public key corresponding to the user, and obtain the decrypted user verification information, and then the payment server. The device relationship confirmation information carried in the payment request may be extracted, and the device relationship confirmation information pre-stored in the payment server is searched for, and if the device relationship confirmation information in the payment request is found, the wearable device and the payment terminal may be determined. The binding relationship is established. At this time, the payment server can extract the user verification information carried in the payment request, and compare with the pre-stored reference user verification information in the payment server, if the user verification information in the payment request and the pre-stored reference If the user authentication information is the same, the verification succeeds. At this time, the payment server may perform service processing on the payment request, otherwise the verification fails. At this time, the payment server may refuse to respond to the payment request.
本实施例的支付终端与用户的可穿戴设备建立蓝牙连接,并将通过所述蓝牙连接获取到的所述可穿戴设备的设备标识发送给支付服务器,进而支付服务器根据所述可穿戴设备的设备标识和支付终端的标识信息返回设备关系确认 信息,可穿戴设备对支付终端发送的支付服务器的第三方验证信息进行校验,若校验成功则向支付终端发送用户验证信息,进一步的支付终端向支付服务器发送支付请求,所述支付请求中包括支付信息和所述用户验证信息,并携带设备关系确认信息,以使所述支付服务器对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述支付请求进行支付处理,可利用支付服务器的第三方验证信息和用户的可穿戴设备中存储的验证信息进行支付验证,让在线支付更为安全便捷。The payment terminal of the embodiment establishes a Bluetooth connection with the wearable device of the user, and sends the device identifier of the wearable device acquired through the Bluetooth connection to the payment server, and then the payment server according to the device of the wearable device Identification and payment terminal identification information return device relationship confirmation The information, the wearable device checks the third-party verification information of the payment server sent by the payment terminal, and if the verification succeeds, sends the user verification information to the payment terminal, and the further payment terminal sends a payment request to the payment server, where the payment request is And including the payment information and the user verification information, and carrying the device relationship confirmation information, so that the payment server checks the user verification information and the device relationship confirmation information, and if the verification is successful, the payment is performed. The payment processing is requested, and the payment verification by using the third-party verification information of the payment server and the verification information stored in the user's wearable device makes the online payment more secure and convenient.
图5是本发明实施例中的一种业务终端的结构示意图,本发明实施例中的业务终端可以包括个人电脑、平板电脑、智能手机、电子阅读器以及车载终端等互联网设备,可以通过使用用户账号登录至业务服务器进行在线支付业务,如图所示本实施例中的业务终端500可以包括:FIG. 5 is a schematic structural diagram of a service terminal according to an embodiment of the present invention. The service terminal in the embodiment of the present invention may include an Internet device such as a personal computer, a tablet computer, a smart phone, an e-reader, and an in-vehicle terminal, and may use the user. The account is logged in to the service server to perform the online payment service. As shown in the figure, the service terminal 500 in this embodiment may include:
第一接收单元510,用于通过近距通信方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息,所述可穿戴设备可以包括智能手环、智能腕带、智能手表、智能眼镜或各种智能配饰设备等,所述用户验证信息可以包括用户数字证书或其他用户支付验证的口令、密码等信息。The first receiving unit 510 is configured to acquire user authentication information pre-stored in the wearable device from a wearable device of the user by using a short-range communication manner, where the wearable device may include a smart bracelet, a smart wristband, and an intelligent device. The user authentication information may include a user digital certificate or a password, a password, and the like of the user's payment verification, such as a watch, smart glasses, or various smart accessories devices.
具体实现中,业务终端可以根据用户输入的支付指令发起建立与所述可穿戴设备的近距通讯连接,具体可以为蓝牙连接,NFC(Near Field Communication,近场通信)连接等,例如在用户点击“确认支付”后,业务终端开启蓝牙功能并进行蓝牙设备搜索,用户可穿戴设备默认一直保持蓝牙开启状态,在业务终端搜索到用户的可穿戴设备后可以自动建立与可穿戴设备的蓝牙连接。在业务终端建立得到与可穿戴设备之间的近距通讯后,第一接收单元510可以通过建立得到的近距通讯连接从可穿戴设备中获取预先存储在所述可穿戴设备中的用户验证信息,所述用户验证信息可以包括用户数字证书或其他用户支付验证的口令、密码等信息。较优的,业务终端从可穿戴设备获取到的用户验证信息可以是所述可穿戴设备根据预设的用户私钥进行加密的,可选的,所述获取到的用户验证信息也可以是预先经过业务终端加密或业务服务器加密,进而存储到所述可穿戴设备中的验证信息,业务终端在后续获取所述用户验证信息和使用所述用户验证信息的过程中无法对用户验证信息进行解密,保证了该用户验 证信息在支付传输过程中的安全性。In a specific implementation, the service terminal may initiate a short-distance communication connection with the wearable device according to the payment instruction input by the user, which may be a Bluetooth connection, a NFC (Near Field Communication) connection, etc., for example, when the user clicks After confirming the payment, the service terminal turns on the Bluetooth function and performs the Bluetooth device search. The user wearable device keeps the Bluetooth enabled state by default, and the Bluetooth connection with the wearable device can be automatically established after the service terminal searches for the user's wearable device. After the service terminal establishes the near-field communication with the wearable device, the first receiving unit 510 can obtain the user verification information pre-stored in the wearable device from the wearable device by using the established short-range communication connection. The user authentication information may include a user digital certificate or a password, a password, and the like of other user payment verification. Preferably, the user authentication information obtained by the service terminal from the wearable device may be that the wearable device encrypts according to the preset user private key. Optionally, the obtained user verification information may also be in advance. After the service terminal encrypts or encrypts the service server, and further stores the verification information in the wearable device, the service terminal cannot decrypt the user verification information in the process of acquiring the user verification information and using the user verification information. Guaranteed the user's test The security of the information in the payment transmission process.
第二发送单元520,用于向业务服务器发送业务请求,所述业务请求中包括业务信息和所述第一接收单元510接收到的用户验证信息,以使所述业务服务器对所述用户验证信息进行校验,若校验成功,则所述业务服务器对所述业务请求进行业务处理。The second sending unit 520 is configured to send a service request to the service server, where the service request includes the service information and the user verification information received by the first receiving unit 510, so that the service server verifies the user information. The verification is performed. If the verification is successful, the service server performs service processing on the service request.
其中,所述业务请求可以为支付请求,所述业务信息可以包括交易订单和支付金额等支付信息,也可以包括使用用户账号登录至业务服务器进行在线支付业务的登录账号和登录密码等登录信息,等等。The service request may be a payment request, and the service information may include payment information such as a transaction order and a payment amount, and may also include login information such as a login account and a login password for logging in to the service server using the user account. and many more.
在可选实施例中,所述第一接收单元510在通过近距通信方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息之前,还用于通过近距通信方式获取所述可穿戴设备的设备标识,所述设备标识唯一标识所述可穿戴设备,可以为所述可穿戴设备的身份识别码等;In an optional embodiment, the first receiving unit 510 is further configured to perform short-range communication before acquiring user authentication information pre-stored in the wearable device from the wearable device of the user by using the short-range communication manner. Obtaining a device identifier of the wearable device, where the device identifier uniquely identifies the wearable device, and may be an identifier of the wearable device, and the like;
所述第二发送单元520,还用于将所述第一接收单元510获取到的可穿戴设备的设备标识发送至所述业务服务器,以使所述业务服务器根据所述设备标识和所述业务终端的标识信息进行绑定验证;The second sending unit 520 is further configured to send the device identifier of the wearable device acquired by the first receiving unit 510 to the service server, so that the service server according to the device identifier and the service The identification information of the terminal is verified by binding;
其中,所述业务终端的标识信息可以唯一标识所述业务终端,可以为所述业务终端的身份识别码等,可选的,所述标识信息也可以为登录业务服务器的登录账号。所述业务终端的标识信息可以是业务终端发送可穿戴设备的设备标识时发送至业务服务器的标识信息,可选的,以在线支付为例,所述业务终端的标识信息也可以是在业务终端登录业务服务器后的任意时刻,所述业务服务器从所述业务终端获取所述业务终端的标识信息。The identification information of the service terminal may be the same as the service terminal, and may be an identity identification code of the service terminal. Optionally, the identifier information may also be a login account of the login service server. The identification information of the service terminal may be the identification information that is sent to the service server when the service terminal sends the device identifier of the wearable device. Optionally, the online payment is used as an example, and the identification information of the service terminal may also be in the service terminal. At any time after logging in to the service server, the service server obtains the identification information of the service terminal from the service terminal.
所述业务终端500还包括:The service terminal 500 further includes:
第二接收单元530,用于在所述业务服务器进行的绑定验证通过时,从所述业务服务器获取设备关系确认信息;The second receiving unit 530 is configured to obtain device relationship confirmation information from the service server when the binding verification by the service server is passed;
所述业务请求中还包括所述设备关系确认信息,所述第二发送单元520,还用于向所述业务服务器发送携带有所述第二接收单元530接收到的设备关系确认信息的业务请求,以使所述业务服务器对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述业务请求进行业务处理。The service request further includes the device relationship confirmation information, and the second sending unit 520 is further configured to send, to the service server, a service request that carries the device relationship confirmation information received by the second receiving unit 530. The service server performs verification on the user authentication information and the device relationship confirmation information, and if the verification is successful, performs service processing on the service request.
在可选实施例中,所述业务终端500还包括: In an optional embodiment, the service terminal 500 further includes:
第一发送单元540,用于将所述业务服务器的第三方验证信息通过近距通信方式发送至所述可穿戴设备,以使所述可穿戴设备对所述第三方验证信息进行校验,其中所述第三方验证信息可以包括数字证书或支付验证的口令、密码等信息;a first sending unit 540, configured to send third-party verification information of the service server to the wearable device by using a short-range communication manner, so that the wearable device performs verification on the third-party verification information, where The third-party verification information may include a digital certificate or a password, a password, and the like for verifying the verification;
所述第一接收单元510在所述可穿戴设备对所述第三方验证信息进行校验成功时通过近距通信方式从所述可穿戴设备获取所述用户验证信息。The first receiving unit 510 acquires the user verification information from the wearable device by using a close communication method when the wearable device successfully verifies the third party verification information.
进而在可选的实施例中,所述第一发送单元540向所述可穿戴设备发送所述第三方验证信息为经过所述业务服务器使用第三方私钥加密的;In an optional embodiment, the first sending unit 540 sends the third-party authentication information to the wearable device to be encrypted by using the third-party private key by the service server;
进一步的,所述可穿戴设备对所述第三方验证信息进行校验包括:Further, the verifying, by the wearable device, the third-party verification information includes:
所述可穿戴设备使用与所述业务服务器对应的第三方公钥对所述经过加密的第三方验证信息进行解密,根据预先存储的基准第三方验证信息对解密得到的第三方验证信息进行校验。The wearable device decrypts the encrypted third-party verification information by using a third-party public key corresponding to the service server, and performs verification on the decrypted third-party verification information according to the pre-stored reference third-party verification information. .
在可选实施例中,所述第一接收单元510从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息为经过用户私钥加密的验证信息,其中所述用户验证信息可以是可穿戴设备根据预设的用户私钥进行加密的,也可以是预先经过业务终端加密或业务服务器加密,进而存储到可穿戴设备中的验证信息,业务终端500在后续获取所述用户验证信息和使用所述用户验证信息过程中无法对用户验证信息进行解密,保证了该用户验证信息在支付传输过程中的安全性;In an optional embodiment, the first receiving unit 510 acquires user authentication information pre-stored in the wearable device from the user's wearable device as authentication information encrypted by the user private key, where the user verification information The information may be encrypted by the wearable device according to the preset user private key, or may be verified by the service terminal encryption or the service server, and then stored in the wearable device, and the service terminal 500 obtains the user verification subsequently. The information and the use of the user verification information cannot decrypt the user verification information, thereby ensuring the security of the user verification information in the payment transmission process;
进一步的,所述业务服务器对所述用户验证信息进行校验包括:Further, the verifying, by the service server, the user verification information includes:
所述业务服务器使用所述用户对应的用户公钥对所述经过加密的用户验证信息进行解密,根据预先存储的基准用户验证信息对解密得到的用户验证信息进行校验。The service server decrypts the encrypted user verification information by using the user public key corresponding to the user, and performs verification of the decrypted user verification information according to the pre-stored reference user verification information.
在可选实施例中,所述业务终端还包括:In an optional embodiment, the service terminal further includes:
蓝牙搜索单元550,用于进行蓝牙设备搜索,从而与所述可穿戴设备建立蓝牙连接;a Bluetooth search unit 550, configured to perform a Bluetooth device search, thereby establishing a Bluetooth connection with the wearable device;
具体的,所述可穿戴设备默认已开启蓝牙功能,即处于可被搜索状态,则用户通过业务终端发起在线业务请求时,蓝牙搜索单元550可以进行蓝牙设备搜索,并与所述可穿戴设备进行蓝牙配对,从而与所述可穿戴设备建立蓝牙连 接,可选的,蓝牙搜索单元550也可以根据预先存储在所述支付终端中的可穿戴设备的蓝牙识别码与所述可穿戴设备建立蓝牙连接。Specifically, the wearable device has enabled the Bluetooth function by default, that is, when the user can initiate the online service request through the service terminal, the Bluetooth search unit 550 can perform the Bluetooth device search and perform the Bluetooth device search with the wearable device. Bluetooth pairing to establish a Bluetooth connection with the wearable device Alternatively, the Bluetooth search unit 550 can also establish a Bluetooth connection with the wearable device according to the Bluetooth identification code of the wearable device pre-stored in the payment terminal.
本实施例的业务终端通过从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息,并向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,以使所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理,可利用用户的可穿戴设备中存储的验证信息进行校验,让针对业务请求的业务处理更为安全便捷。The service terminal of the embodiment obtains user authentication information pre-stored in the wearable device from the wearable device of the user, and sends a service request to the service server, where the service request includes the service information and the user verification information. In order to enable the service server to verify the user verification information, if the verification is successful, perform service processing on the service request, and perform verification by using the verification information stored in the user's wearable device, so that Business processing of business requests is safer and more convenient.
图6是本发明另一实施例中的业务终端的结构示意图,如图6所示,该业务终端600可以包括:至少一个处理器601,例如CPU,至少一个网络接口603,存储器604,通信总线602。其中,通信总线602用于实现这些组件之间的连接通信。本发明实施例中业务终端600的第一网络接口603可以包括标准的有线接口、无线接口(如WI-FI接口),用于通过互联网与服务器进行通信,第二网络接口605可以是近距通讯网络接口,如蓝牙连接接口或NFC接口,用于与可穿戴设备进行通信。存储器604可以是高速RAM存储器,也可以是非易失性存储器(non-volatile memory),例如至少一个磁盘存储器。存储器604可选的还可以是至少一个位于远离前述处理器601的存储装置。存储器604中存储一组程序代码,且处理器601用于调用存储器604中存储的程序代码,用于执行以下操作:FIG. 6 is a schematic structural diagram of a service terminal according to another embodiment of the present invention. As shown in FIG. 6, the service terminal 600 may include: at least one processor 601, such as a CPU, at least one network interface 603, a memory 604, and a communication bus. 602. Among them, the communication bus 602 is used to implement connection communication between these components. The first network interface 603 of the service terminal 600 in the embodiment of the present invention may include a standard wired interface, a wireless interface (such as a WI-FI interface), and is used for communicating with a server through the Internet, and the second network interface 605 may be a close communication. A network interface, such as a Bluetooth connection interface or an NFC interface, for communicating with the wearable device. The memory 604 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory. The memory 604 can optionally also be at least one storage device located remotely from the aforementioned processor 601. A set of program codes is stored in the memory 604, and the processor 601 is configured to call the program code stored in the memory 604 for performing the following operations:
通过第二网络接口605通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息,所述近距通讯方式可以包括蓝牙连接或NFC等,例如在用户点击“确认支付”后,业务终端开启蓝牙功能并进行蓝牙设备搜索,用户可穿戴设备默认一直保持蓝牙开启状态,在业务终端搜索到用户的可穿戴设备后可以自动建立与可穿戴设备的蓝牙连接;Acquiring user authentication information pre-stored in the wearable device from the wearable device of the user through the second network interface 605, the short-range communication manner may include a Bluetooth connection or NFC, etc., for example, when the user clicks After the "confirm payment", the service terminal turns on the Bluetooth function and performs the Bluetooth device search. The user wearable device keeps the Bluetooth enabled state by default, and the Bluetooth connection with the wearable device can be automatically established after the service terminal searches for the user's wearable device;
通过第一网络接口603向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,以使所述业务服务器对所述用户验证信息进行校验,若校验成功,则所述业务服务器对所述业务请求进行业务处理。Sending a service request to the service server by using the first network interface 603, where the service request includes the service information and the user verification information, so that the service server checks the user verification information, and if the verification succeeds, The service server performs business processing on the service request.
在可选实施例中,处理器601调用存储器604中存储的程序代码还可以执行以下操作: In an alternative embodiment, the processor 601 invoking the program code stored in the memory 604 may also perform the following operations:
通过第二网络接口605从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息之前,获取所述可穿戴设备的设备标识;Acquiring the device identifier of the wearable device before acquiring the user verification information pre-stored in the wearable device from the wearable device of the user by using the second network interface 605;
通过第一网络接口603将所述可穿戴设备的设备标识发送至所述业务服务器,以使所述业务服务器根据所述设备标识和所述业务终端的标识信息进行绑定验证,若验证通过则所述业务终端从所述业务服务器获取设备关系确认信息,其中所述业务终端的标识信息可以唯一标识所述业务终端,可以为所述业务终端的身份识别码等,可选的,所述标识信息也可以为登录业务服务器的登录账号。所述业务终端的标识信息可以是业务终端发送可穿戴设备的设备标识时发送至业务服务器的标识信息,可选的,以在线支付为例,所述业务终端的标识信息也可以是在业务终端登录业务服务器后的任意刻,所述业务服务器从所述业务终端获取所述业务终端的标识信息;Sending, by the first network interface 603, the device identifier of the wearable device to the service server, so that the service server performs binding verification according to the device identifier and the identifier information of the service terminal, and if the verification is passed, The service terminal obtains the device relationship confirmation information from the service server, where the identification information of the service terminal can uniquely identify the service terminal, and can be an identity identification code of the service terminal, etc., optionally, the identifier The information can also be the login account of the login service server. The identification information of the service terminal may be the identification information that is sent to the service server when the service terminal sends the device identifier of the wearable device. Optionally, the online payment is used as an example, and the identification information of the service terminal may also be in the service terminal. The service server obtains the identification information of the service terminal from the service terminal at any time after the login to the service server;
通过第一网络接口603向所述业务服务器发送业务请求时携带所述设备关系确认信息,以使所述业务服务器对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述业务请求进行业务处理。When the service request is sent to the service server by using the first network interface 603, the device relationship confirmation information is carried, so that the service server checks the user verification information and the device relationship confirmation information, and if both are verified Upon success, the business request is processed.
在可选实施例中,处理器601调用存储器604中存储的程序代码通过第二网络接口605从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息具体为:In an alternative embodiment, the processor 601 calls the program code stored in the memory 604 to obtain the user verification information pre-stored in the wearable device from the wearable device of the user through the second network interface 605, specifically:
通过第一网络接口603获取所述业务服务器的第三方验证信息并将所述业务服务器的第三方验证信息通过第二网络接口605发送至所述可穿戴设备,以使所述可穿戴设备对所述第三方验证信息进行校验,若校验成功则通过第二网络接口605从所述可穿戴设备获取所述用户验证信息。Obtaining the third-party verification information of the service server by using the first network interface 603, and sending the third-party verification information of the service server to the wearable device through the second network interface 605, so that the wearable device is The third-party verification information is verified, and if the verification is successful, the user verification information is obtained from the wearable device through the second network interface 605.
在可选实施例中,处理器601调用存储器604中存储的程序代码还可以执行以下操作:In an alternative embodiment, the processor 601 invoking the program code stored in the memory 604 may also perform the following operations:
通过第二网络接口605从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息之前,进行蓝牙设备搜索,从而与所述可穿戴设备建立蓝牙连接。Before the user authentication information pre-stored in the wearable device is acquired from the wearable device of the user through the second network interface 605, a Bluetooth device search is performed to establish a Bluetooth connection with the wearable device.
具体的,本实施例中介绍的业务终端可以用以实施本发明前文结合图1~图5介绍的安全验证方法实施例中的部分或全部流程。 Specifically, the service terminal introduced in this embodiment may be used to implement some or all of the processes in the security verification method embodiment introduced in the foregoing with reference to FIG. 1 to FIG.
图7是本发明实施例中的一种可穿戴设备的结构示意图,可穿戴设备即可以直接穿戴在用户身上,或是整合到用户的衣服或配件的一种便携式设备,可以包括智能手环、智能腕带、智能手表、智能眼镜以及各种智能配饰设备,如图所示本实施例中的可穿戴设备700可以包括:7 is a schematic structural diagram of a wearable device according to an embodiment of the present invention. The wearable device can be directly worn on a user or a portable device integrated into a user's clothes or accessories, and can include a smart bracelet. The smart wristband, the smart watch, the smart glasses, and the various smart accessories devices, as shown in the figure, the wearable device 700 in this embodiment may include:
发送单元710,用于通过近距通讯方式向所述业务终端发送预先存储在所述可穿戴设备中的用户验证信息,以使所述业务终端向业务服务器发送业务请求,所述业务请求中可以包括业务信息和所述用户验证信息等,所述业务信息可以包括交易订单和支付金额等支付信息,也可以包括使用用户账号登录至业务服务器进行在线支付业务的登录账号和登录密码等登录信息等,所述用户验证信息可以包括用户数字证书或其他用户支付验证的口令、密码等信息,所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理。The sending unit 710 is configured to send the user verification information pre-stored in the wearable device to the service terminal by using a short-range communication manner, so that the service terminal sends a service request to the service server, where the service request may be Including the service information and the user verification information, the service information may include payment information such as a transaction order and a payment amount, and may also include login information such as a login account and a login password for logging in to the service server using a user account. The user authentication information may include a user digital certificate or a password, a password, and the like of the user payment verification, and the service server performs verification on the user verification information, and if the verification succeeds, performs service on the service request. deal with.
在可选实施例中,所述发送单元710在通过近距通讯方式向所述业务终端发送预先存储在所述可穿戴设备中的用户验证信息之前,还用于通过近距通讯方式向所述业务终端发送所述可穿戴设备的设备标识,所述设备标识唯一标识所述可穿戴设备,可以为所述可穿戴设备的身份识别码等,以使所述业务终端将所述可穿戴设备的设备标识发送至所述业务服务器,所述业务服务器根据所述设备标识和所述业务终端的标识信息进行绑定验证,若验证通过则向所述业务终端发送设备关系确认信息,所述业务终端向所述业务服务器发送业务请求时携带所述设备关系确认信息,以使所述业务服务器对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述业务请求进行业务处理。In an optional embodiment, the sending unit 710 is further configured to send the user verification information pre-stored in the wearable device to the service terminal by using a short-range communication manner. The service terminal sends the device identifier of the wearable device, where the device identifier uniquely identifies the wearable device, and may be an identifier of the wearable device, etc., so that the service terminal will be the wearable device The device identifier is sent to the service server, and the service server performs binding verification according to the device identifier and the identification information of the service terminal, and if the verification succeeds, sends device relationship confirmation information to the service terminal, where the service terminal When the service request is sent to the service server, the device relationship confirmation information is carried, so that the service server checks the user verification information and the device relationship confirmation information, and if the verification is successful, the service is Request for business processing.
在可选实施例中,所述可穿戴设备700还包括:In an optional embodiment, the wearable device 700 further includes:
接收单元720,用于通过近距通讯方式获取所述业务终端发送的所述业务服务器的第三方验证信息,所述第三方验证信息可以包括数字证书或支付验证的口令、密码等信息;The receiving unit 720 is configured to obtain third-party verification information of the service server that is sent by the service terminal by using a short-distance communication method, where the third-party verification information may include a digital certificate or a password, a password, and the like for verifying the payment;
校验单元730,用于对所述第三方验证信息进行校验,若校验成功,则通知所述发送单元710通过近距通讯方式向所述业务终端发送所述用户验证信息。 The verification unit 730 is configured to check the third-party verification information. If the verification is successful, the sending unit 710 is notified to send the user verification information to the service terminal by using a short-range communication manner.
在可选实施例中,所述第三方验证信息为经过所述业务服务器使用第三方私钥加密的;In an optional embodiment, the third-party authentication information is encrypted by using the third-party private key by the service server;
所述校验单元730用于使用与所述业务服务器对应的第三方公钥对所述经过加密的第三方验证信息进行解密,根据预先存储的基准第三方验证信息对解密得到的第三方验证信息进行校验。The verification unit 730 is configured to decrypt the encrypted third-party verification information by using a third-party public key corresponding to the service server, and decrypt the obtained third-party verification information according to the pre-stored reference third-party verification information. Check it out.
本实施例的可穿戴设备可向业务终端发送用户验证信息,以使业务服务器对接收到所述业务终端发送的用户验证信息进行校验,若校验成功则对业务终端发送的业务请求进行业务处理,让业务处理的过程更为安全便捷。The wearable device of the embodiment may send user authentication information to the service terminal, so that the service server checks the user authentication information sent by the service terminal, and if the verification succeeds, performs service on the service request sent by the service terminal. Processing makes the process of business processing safer and more convenient.
图8是本发明另一实施例中的可穿戴设备的结构示意图,如图8所示,该可穿戴设备800可以包括:至少一个处理器801,例如CPU,至少一个网络接口803,存储器804,通信总线802。其中,通信总线802用于实现这些组件之间的连接通信。本发明实施例中可穿戴设备800的网络接口803可以包括近距通讯网络接口,用于通过互联网与服务器进行通信。存储器804可以是高速RAM存储器,也可以是非易失性存储器(non-volatile memory),例如至少一个磁盘存储器。存储器804可选的还可以是至少一个位于远离前述处理器801的存储装置。存储器804中存储一组程序代码,且处理器801用于调用存储器804中存储的程序代码,用于执行以下操作:FIG. 8 is a schematic structural diagram of a wearable device according to another embodiment of the present invention. As shown in FIG. 8, the wearable device 800 may include: at least one processor 801, such as a CPU, at least one network interface 803, and a memory 804. Communication bus 802. Among them, the communication bus 802 is used to implement connection communication between these components. The network interface 803 of the wearable device 800 in the embodiment of the present invention may include a short-range communication network interface for communicating with the server through the Internet. The memory 804 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory. The memory 804 can also optionally be at least one storage device located remotely from the aforementioned processor 801. A set of program codes is stored in the memory 804, and the processor 801 is configured to call the program code stored in the memory 804 for performing the following operations:
通过网络接口803以近距通讯方式向所述业务终端发送预先存储在所述可穿戴设备中的用户验证信息,以使所述业务终端向业务服务器发送业务请求,所述业务请求中可以包括业务信息和所述用户验证信息等,所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理。Transmitting, by the network interface 803, the user authentication information pre-stored in the wearable device to the service terminal in a short-range communication manner, so that the service terminal sends a service request to the service server, where the service request may include service information. And the user verification information and the like, the service server checks the user verification information, and if the verification is successful, performs service processing on the service request.
在可选实施例中,处理器801调用存储器804中存储的程序代码还可以执行以下操作:In an alternative embodiment, the processor 801 invoking the program code stored in the memory 804 may also perform the following operations:
通过网络接口803以近距通讯方式向所述业务终端发送预先存储在所述可穿戴设备中的用户验证信息之前,以近距通讯方式向所述业务终端发送所述可穿戴设备的设备标识,以使所述业务终端将所述可穿戴设备的设备标识发送至所述业务服务器,所述业务服务器根据所述设备标识和所述业务终端的标识信息进行绑定验证,若验证通过则向所述业务终端发送设备关系确认信息,所述 业务终端向所述业务服务器发送业务请求时携带所述设备关系确认信息,以使所述业务服务器对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述业务请求进行业务处理。Before the user authentication information pre-stored in the wearable device is sent to the service terminal by using the network interface 803, the device identifier of the wearable device is sent to the service terminal in a short-distance communication manner, so that The service terminal sends the device identifier of the wearable device to the service server, and the service server performs binding verification according to the device identifier and the identification information of the service terminal, and if the verification passes, the service is sent to the service. The terminal sends device relationship confirmation information, When the service terminal sends a service request to the service server, the device relationship confirmation information is carried, so that the service server checks the user verification information and the device relationship confirmation information, and if the verification is successful, the device The business request is for business processing.
在可选实施例中,处理器801调用存储器804中存储的程序代码通过网络接口803向所述业务终端发送预先存储在所述可穿戴设备中的用户验证信息具体为:In an alternative embodiment, the processor 801 calls the program code stored in the memory 804 to send the user verification information pre-stored in the wearable device to the service terminal through the network interface 803, which is specifically:
通过网络接口803以近距通讯方式获取所述业务终端发送的所述业务服务器的第三方验证信息;Obtaining third-party verification information of the service server sent by the service terminal by using the network interface 803 in a short-distance communication manner;
通过网络接口803对所述第三方验证信息进行校验,若校验成功,则以近距通讯方式向所述业务终端发送预先存储的用户验证信息。The third-party verification information is verified by the network interface 803. If the verification is successful, the pre-stored user verification information is sent to the service terminal in a short-distance communication manner.
在可选实施例中,所述第三方验证信息为经过所述业务服务器使用第三方私钥加密的,处理器801对所述第三方验证信息进行校验具体为:In an optional embodiment, the third-party verification information is encrypted by using the third-party private key by the service server, and the processor 801 performs verification on the third-party verification information, specifically:
使用与所述业务服务器对应的第三方公钥对所述经过加密的第三方验证信息进行解密,根据预先存储的基准第三方验证信息对解密得到的第三方验证信息进行校验。The encrypted third-party authentication information is decrypted by using a third-party public key corresponding to the service server, and the decrypted third-party verification information is verified according to the pre-stored reference third-party verification information.
具体的,本实施例中介绍的可穿戴设备可以用以实施本发明前文结合图1~图5介绍的安全验证方法实施例中的部分或全部流程。Specifically, the wearable device introduced in this embodiment may be used to implement some or all of the processes in the security verification method embodiment introduced in the foregoing with reference to FIG. 1 to FIG.
图9是本发明实施例中的一种安全验证系统的结构示意图,如图9所示本发明实施例中的安全验证系统包括业务终端901、可穿戴设备902以及业务服务器903,其中:FIG. 9 is a schematic structural diagram of a security verification system according to an embodiment of the present invention. As shown in FIG. 9, the security verification system in the embodiment of the present invention includes a service terminal 901, a wearable device 902, and a service server 903, where:
所述业务终端901通过近距通讯方式与所述可穿戴设备902进行通信,用于从所述可穿戴设备902获取预先存储在所述可穿戴设备902中的用户验证信息,向所述业务服务器903发送业务请求,所述业务请求中包括业务信息和所述用户验证信息;The service terminal 901 communicates with the wearable device 902 in a short-range communication manner, and is configured to acquire, from the wearable device 902, user authentication information pre-stored in the wearable device 902, to the service server. 903: Send a service request, where the service request includes service information and the user verification information;
所述业务服务器903用于对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理。The service server 903 is configured to perform verification on the user verification information, and if the verification is successful, perform service processing on the service request.
在可选实施例中,所述业务终端901,在从用户的可穿戴设备902获取预先存储在所述可穿戴设备902中的用户验证信息之前,还用于获取所述可穿戴 设备902的设备标识,将所述可穿戴设备902的设备标识发送至所述业务服务器903;In an optional embodiment, the service terminal 901 is further configured to acquire the wearable before acquiring the user verification information pre-stored in the wearable device 902 from the wearable device 902 of the user. The device identifier of the device 902, the device identifier of the wearable device 902 is sent to the service server 903;
所述业务服务器903,还用于根据所述设备标识和所述业务终端的标识信息进行绑定验证,若验证通过则向所述业务终端901发送设备关系确认信息;The service server 903 is further configured to perform binding verification according to the device identifier and the identifier information of the service terminal, and send the device relationship confirmation information to the service terminal 901 if the verification succeeds;
所述业务终端901向所述业务服务器903发送业务请求时携带所述设备关系确认信息,所述业务服务器903对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述业务请求进行业务处理。The service terminal 901 carries the device relationship confirmation information when the service request is sent to the service server 903, and the service server 903 checks the user verification information and the device relationship confirmation information. Then, the business request is processed.
在可选实施例中,所述业务终端901从用户的可穿戴设备902获取预先存储在所述可穿戴设备902中的用户验证信息包括:In an optional embodiment, the obtaining, by the service terminal 901, the user verification information pre-stored in the wearable device 902 from the wearable device 902 of the user includes:
所述业务终端901获取所述业务服务器903的第三方验证信息并将所述业务服务器903的第三方验证信息发送至所述可穿戴设备902;The service terminal 901 acquires the third party verification information of the service server 903 and sends the third party verification information of the service server 903 to the wearable device 902;
所述可穿戴设备902,用于对所述第三方验证信息进行校验,若校验成功,则向所述业务终端901发送预先存储的用户验证信息。The wearable device 902 is configured to check the third-party verification information, and if the verification is successful, send the pre-stored user verification information to the service terminal 901.
在可选实施例中,所述业务终端901向所述可穿戴设备902发送的第三方验证信息为经过所述业务服务器903使用第三方私钥加密的;In an optional embodiment, the third-party authentication information sent by the service terminal 901 to the wearable device 902 is encrypted by using the third-party private key by the service server 903;
所述可穿戴设备902对所述第三方验证信息进行校验包括:The verification of the third-party verification information by the wearable device 902 includes:
所述可穿戴设备902使用与所述业务服务器903对应的第三方公钥对所述经过加密的第三方验证信息进行解密,根据预先存储的基准第三方验证信息对解密得到的第三方验证信息进行校验。The wearable device 902 decrypts the encrypted third-party verification information by using a third-party public key corresponding to the service server 903, and performs decrypted third-party verification information according to the pre-stored reference third-party verification information. check.
在可选实施例中,所述业务终端901从用户的可穿戴设备902获取预先存储在所述可穿戴设备902中的用户验证信息为经过用户私钥加密的;In an optional embodiment, the service terminal 901 obtains user authentication information pre-stored in the wearable device 902 from the wearable device 902 of the user as being encrypted by the user private key;
所述业务服务器903对所述用户验证信息进行校验包括:The verifying the user verification information by the service server 903 includes:
所述业务服务器903使用所述用户对应的用户公钥对所述经过加密的用户验证信息进行解密,根据预先存储的基准用户验证信息对解密得到的用户验证信息进行校验。The service server 903 decrypts the encrypted user verification information by using the user public key corresponding to the user, and verifies the decrypted user verification information according to the pre-stored reference user verification information.
在可选实施例中,所述近距通信方式可以包括蓝牙连接或NFC等,例如在用户点击“确认支付”后,业务终端开启蓝牙功能并进行蓝牙设备搜索,用户可穿戴设备默认一直保持蓝牙开启状态,在业务终端搜索到用户的可穿戴设备后可以自动建立与可穿戴设备的蓝牙连接。 In an alternative embodiment, the short-range communication mode may include a Bluetooth connection or NFC, etc., for example, after the user clicks “confirm payment”, the service terminal turns on the Bluetooth function and performs a Bluetooth device search, and the user wearable device keeps the Bluetooth by default. In the on state, the Bluetooth connection to the wearable device can be automatically established after the service terminal searches for the user's wearable device.
在可选实施例中,所述业务终端901,在从用户的可穿戴设备902获取预先存储在所述可穿戴设备902中的用户验证信息之前,还用于进行蓝牙设备搜索,从而与所述可穿戴设备902建立蓝牙连接。In an optional embodiment, the service terminal 901 is further configured to perform a Bluetooth device search before acquiring the user verification information pre-stored in the wearable device 902 from the wearable device 902 of the user, thereby The wearable device 902 establishes a Bluetooth connection.
本实施例的业务服务器可对业务终端发送的用户的可穿戴设备中存储的用户验证信息进行校验,若校验成功则对业务终端发送的业务请求进行业务处理,让业务处理的过程更为安全便捷。The service server of the embodiment can verify the user authentication information stored in the wearable device of the user sent by the service terminal, and if the verification succeeds, perform service processing on the service request sent by the service terminal, so that the process of the service processing is further Safe and convenient.
图10是本发明实施例中的一种安全支付系统的结构示意图,如图10所示本发明实施例中的安全验证系统包括支付终端1001、可穿戴设备1002以及支付服务器1003,其中:FIG. 10 is a schematic structural diagram of a secure payment system according to an embodiment of the present invention. As shown in FIG. 10, the security verification system in the embodiment of the present invention includes a payment terminal 1001, a wearable device 1002, and a payment server 1003, where:
所述支付终端1001通过近距通讯方式与所述可穿戴设备1002进行通信,用于从所述可穿戴设备1002获取预先存储在所述可穿戴设备1002中的用户验证信息,向所述支付服务器1003发送支付请求,所述支付请求中包括支付信息和所述用户验证信息;The payment terminal 1001 communicates with the wearable device 1002 in a short-range communication manner, and is configured to acquire, from the wearable device 1002, user authentication information pre-stored in the wearable device 1002, to the payment server. 1003. Send a payment request, where the payment request includes payment information and the user verification information;
所述支付服务器1003用于对所述用户验证信息进行校验,若校验成功,则对所述支付请求进行支付处理。The payment server 1003 is configured to check the user verification information, and if the verification is successful, perform payment processing on the payment request.
在可选实施例中,所述支付终端1001,在从用户的可穿戴设备1002获取预先存储在所述可穿戴设备1002中的用户验证信息之前,还用于获取所述可穿戴设备1002的设备标识,将所述可穿戴设备1002的设备标识发送至所述支付服务器1003;In an optional embodiment, the payment terminal 1001 is configured to acquire the device of the wearable device 1002 before acquiring the user verification information pre-stored in the wearable device 1002 from the wearable device 1002 of the user. Identifying, sending the device identifier of the wearable device 1002 to the payment server 1003;
所述支付服务器1003,还用于根据所述设备标识和所述支付终端的标识信息进行绑定验证,若验证通过则向所述支付终端1001发送设备关系确认信息;The payment server 1003 is further configured to perform binding verification according to the device identifier and the identifier information of the payment terminal, and send the device relationship confirmation information to the payment terminal 1001 if the verification succeeds;
所述支付终端1001向所述支付服务器1003发送支付请求时携带所述设备关系确认信息,所述支付服务器1003对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述支付请求进行支付处理。The payment terminal 1001 carries the device relationship confirmation information when the payment request is sent to the payment server 1003, and the payment server 1003 checks the user verification information and the device relationship confirmation information. Then, payment processing is performed on the payment request.
在可选实施例中,所述支付终端1001从用户的可穿戴设备1002获取预先存储在所述可穿戴设备1002中的用户验证信息包括:In an optional embodiment, the obtaining, by the payment terminal 1001, the user verification information pre-stored in the wearable device 1002 from the wearable device 1002 of the user includes:
所述支付终端1001获取所述支付服务器1003的第三方验证信息并将所述支付服务器1003的第三方验证信息发送至所述可穿戴设备1002; The payment terminal 1001 obtains the third party verification information of the payment server 1003 and sends the third party verification information of the payment server 1003 to the wearable device 1002;
所述可穿戴设备1002,用于对所述第三方验证信息进行校验,若校验成功,则向所述支付终端1001发送预先存储的用户验证信息。The wearable device 1002 is configured to check the third-party verification information, and if the verification is successful, send the pre-stored user verification information to the payment terminal 1001.
在可选实施例中,所述支付终端1001向所述可穿戴设备1002发送的第三方验证信息为经过所述支付服务器1003使用第三方私钥加密的;In an optional embodiment, the third-party verification information sent by the payment terminal 1001 to the wearable device 1002 is encrypted by the payment server 1003 using a third-party private key;
所述可穿戴设备1002对所述第三方验证信息进行校验包括:The verification of the third-party verification information by the wearable device 1002 includes:
所述可穿戴设备1002使用与所述支付服务器1003对应的第三方公钥对所述经过加密的第三方验证信息进行解密,根据预先存储的基准第三方验证信息对解密得到的第三方验证信息进行校验。The wearable device 1002 decrypts the encrypted third-party verification information by using a third-party public key corresponding to the payment server 1003, and performs decrypted third-party verification information according to the pre-stored reference third-party verification information. check.
在可选实施例中,所述近距通信方式可以包括蓝牙连接或NFC等,例如在用户点击“确认支付”后,业务终端开启蓝牙功能并进行蓝牙设备搜索,用户可穿戴设备默认一直保持蓝牙开启状态,在业务终端搜索到用户的可穿戴设备后可以自动建立与可穿戴设备的蓝牙连接。In an alternative embodiment, the short-range communication mode may include a Bluetooth connection or NFC, etc., for example, after the user clicks “confirm payment”, the service terminal turns on the Bluetooth function and performs a Bluetooth device search, and the user wearable device keeps the Bluetooth by default. In the on state, the Bluetooth connection to the wearable device can be automatically established after the service terminal searches for the user's wearable device.
在可选实施例中,所述支付终端1001从用户的可穿戴设备1002获取预先存储在所述可穿戴设备1002中的用户验证信息为经过用户私钥加密的;In an optional embodiment, the payment terminal 1001 obtains user authentication information pre-stored in the wearable device 1002 from the wearable device 1002 of the user as being encrypted by the user private key;
所述支付服务器1003对所述用户验证信息进行校验包括:The verifying, by the payment server 1003, the user verification information includes:
所述支付服务器1003使用所述用户对应的用户公钥对所述经过加密的用户验证信息进行解密,根据预先存储的基准用户验证信息对解密得到的用户验证信息进行校验。The payment server 1003 decrypts the encrypted user verification information by using the user public key corresponding to the user, and verifies the decrypted user verification information according to the pre-stored reference user verification information.
在可选实施例中,所述支付终端1001,在从用户的可穿戴设备1002获取预先存储在所述可穿戴设备1002中的用户验证信息之前,还用于进行蓝牙设备搜索,从而与所述可穿戴设备1002建立蓝牙连接。In an optional embodiment, the payment terminal 1001 is further configured to perform a Bluetooth device search before acquiring the user verification information pre-stored in the wearable device 1002 from the wearable device 1002 of the user, thereby The wearable device 1002 establishes a Bluetooth connection.
本实施例的支付服务器可对支付终端发送的用户的可穿戴设备中存储的用户验证信息进行校验,若校验成功则对支付终端发送的支付请求进行支付处理,让在线支付更为安全便捷。The payment server of the embodiment can verify the user verification information stored in the wearable device of the user sent by the payment terminal, and if the verification succeeds, perform payment processing on the payment request sent by the payment terminal, so that the online payment is safer and more convenient. .
请参考图11,其示出了本申请实施例所涉及的业务终端的结构示意图,该业务终端可以用于实施上述实施例中提供的安全验证方法。具体来讲:Please refer to FIG. 11 , which is a schematic structural diagram of a service terminal according to an embodiment of the present application. The service terminal may be used to implement the security verification method provided in the foregoing embodiment. Specifically:
业务终端2000可以包括通信单元2110、包括有一个或一个以上计算机可读存储介质的存储器2120、输入单元2130、显示单元2140、传感器2150、音频电路2160、WIFI(Wireless Fidelity,无线保真)模块2170、包括有一个或 者一个以上处理核心的处理器2180、以及电源2190等部件。本领域技术人员可以理解,图中示出的业务终端结构并不构成对业务终端的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。其中:The service terminal 2000 may include a communication unit 2110, a memory 2120 including one or more computer readable storage media, an input unit 2130, a display unit 2140, a sensor 2150, an audio circuit 2160, and a WIFI (Wireless Fidelity) module 2170. Including one or One or more processing core processor 2180, and power supply 2190 and other components. It will be understood by those skilled in the art that the service terminal structure shown in the figure does not constitute a limitation of the service terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements. among them:
通信单元2110可用于收发信息或通话过程中,信号的接收和发送,该通信单元2110可以为RF(Radio Frequency,射频)电路、路由器、调制解调器、等网络通信设备。特别地,当通信单元2110为RF电路时,将基站的下行信息接收后,交由一个或者一个以上处理器2180处理;另外,将涉及上行的数据发送给基站。通常,作为通信单元的RF电路包括但不限于天线、至少一个放大器、调谐器、一个或多个振荡器、用户身份模块(SIM)卡、收发信机、耦合器、LNA(Low Noise Amplifier,低噪声放大器)、双工器等。此外,通信单元2110还可以通过无线通信与网络和其他设备通信。所述无线通信可以使用任一通信标准或协议,包括但不限于GSM(Global System of Mobile communication,全球移动通讯系统)、GPRS(General Packet Radio Service,通用分组无线服务)、CDMA(Code Division Multiple Access,码分多址)、WCDMA(Wideband Code Division Multiple Access,宽带码分多址)、LTE(Long Term Evolution,长期演进)、电子邮件、SMS(Short Messaging Service,短消息服务)等。存储器2120可用于存储软件程序以及模块,处理器2180通过运行存储在存储器2120的软件程序以及模块,从而执行各种功能应用以及数据处理。存储器2120可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据业务终端2000的使用所创建的数据(比如音频数据、电话本等)等。此外,存储器2120可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。相应地,存储器2120还可以包括存储器控制器,以提供处理器2180和输入单元2130对存储器2120的访问。The communication unit 2110 can be used for transmitting and receiving information or receiving and transmitting signals during a call. The communication unit 2110 can be an RF (Radio Frequency) circuit, a router, a modem, or the like. Specifically, when the communication unit 2110 is an RF circuit, the downlink information of the base station is received, and then processed by one or more processors 2180; in addition, data related to the uplink is transmitted to the base station. Generally, RF circuits as communication units include, but are not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, and a LNA (Low Noise Amplifier, low). Noise amplifier), duplexer, etc. In addition, the communication unit 2110 can also communicate with the network and other devices through wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System of Mobile communication), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access). , Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), e-mail, SMS (Short Messaging Service), and the like. The memory 2120 can be used to store software programs and modules, and the processor 2180 executes various functional applications and data processing by running software programs and modules stored in the memory 2120. The memory 2120 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to Data created by the use of the business terminal 2000 (such as audio data, phone book, etc.). Moreover, memory 2120 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 2120 can also include a memory controller to provide access to the memory 2120 by the processor 2180 and the input unit 2130.
输入单元2130可用于接收输入的数字或字符信息,以及产生与用户设置以及功能控制有关的键盘、鼠标、操作杆、光学或者轨迹球信号输入。优选地,输入单元2130可包括触敏表面2131以及其他输入设备2132。触敏表面2131,也称为触摸显示屏或者触控板,可收集用户在其上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触敏表面2131上或在触敏表面2131附近的操作),并根据预先设定的程式驱动相应的连接装置。可选的,触 敏表面2131可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器2180,并能接收处理器2180发来的命令并加以执行。此外,可以采用电阻式、电容式、红外线以及表面声波等多种类型实现触敏表面2131。除了触敏表面2131,输入单元2130还可以包括其他输入设备2132。优选地,其他输入设备2132可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)、轨迹球、鼠标、操作杆等中的一种或多种。The input unit 2130 can be configured to receive input numeric or character information and to generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function controls. Preferably, the input unit 2130 can include a touch-sensitive surface 2131 as well as other input devices 2132. Touch-sensitive surface 2131, also referred to as a touch display or trackpad, can collect touch operations on or near the user (eg, the user uses a finger, stylus, etc., on any suitable object or accessory on touch-sensitive surface 2131 or The operation near the touch-sensitive surface 2131) and driving the corresponding connecting device according to a preset program. Optional The sensitive surface 2131 can include two portions of a touch detection device and a touch controller. Wherein, the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information. The processor 2180 is provided and can receive commands from the processor 2180 and execute them. In addition, the touch sensitive surface 2131 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves. In addition to the touch-sensitive surface 2131, the input unit 2130 can also include other input devices 2132. Preferably, other input devices 2132 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
显示单元2140可用于显示由用户输入的信息或提供给用户的信息以及业务终端2000的各种图形用户接口,这些图形用户接口可以由图形、文本、图标、视频和其任意组合来构成。显示单元2140可包括显示面板2141,可选的,可以采用LCD(Liquid Crystal Display,液晶显示器)、OLED(Organic Light-Emitting Diode,有机发光二极管)等形式来配置显示面板2141。进一步的,触敏表面2131可覆盖显示面板2141,当触敏表面2131检测到在其上或附近的触摸操作后,传送给处理器2180以确定触摸事件的类型,随后处理器2180根据触摸事件的类型在显示面板2141上提供相应的视觉输出。虽然在图示中,触敏表面2131与显示面板2141是作为两个独立的部件来实现输入和输入功能,但是在某些实施例中,可以将触敏表面2131与显示面板2141集成而实现输入和输出功能。The display unit 2140 can be used to display information entered by the user or information provided to the user and various graphical user interfaces of the service terminal 2000, which can be composed of graphics, text, icons, video, and any combination thereof. The display unit 2140 may include a display panel 2141. Alternatively, the display panel 2141 may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like. Further, the touch-sensitive surface 2131 can cover the display panel 2141, and when the touch-sensitive surface 2131 detects a touch operation thereon or nearby, it is transmitted to the processor 2180 to determine the type of the touch event, and then the processor 2180 according to the touch event The type provides a corresponding visual output on the display panel 2141. Although in the illustration, touch-sensitive surface 2131 and display panel 2141 are implemented as two separate components to implement input and input functions, in some embodiments, touch-sensitive surface 2131 can be integrated with display panel 2141 for input. And output function.
业务终端2000还可包括至少一种传感器2150,比如光传感器、运动传感器以及其他传感器。光传感器可包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示面板2141的亮度,接近传感器可在业务终端2000移动到耳边时,关闭显示面板2141和/或背光。作为运动传感器的一种,重力加速度传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别手机姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等;至于业务终端2000还可配置的陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。The service terminal 2000 can also include at least one type of sensor 2150, such as a light sensor, motion sensor, and other sensors. The light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 2141 according to the brightness of the ambient light, and the proximity sensor may close the display panel 2141 and/or when the service terminal 2000 moves to the ear. Backlighting. As a kind of motion sensor, the gravity acceleration sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity. It can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; as for the business terminal 2000 can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, here No longer.
音频电路2160、扬声器2161,传声器2162可提供用户与业务终端2000之间的音频接口。音频电路2160可将接收到的音频数据转换后的电信号,传输到扬声器2161,由扬声器2161转换为声音信号输出;另一方面,传声器2162 将收集的声音信号转换为电信号,由音频电路2160接收后转换为音频数据,再将音频数据输出处理器2180处理后,经RF电路2110以发送给比如另一业务终端,或者将音频数据输出至存储器2120以便进一步处理。音频电路2160还可能包括耳塞插孔,以提供外设耳机与业务终端2000的通信。An audio circuit 2160, a speaker 2161, and a microphone 2162 can provide an audio interface between the user and the service terminal 2000. The audio circuit 2160 can transmit the converted electrical data of the received audio data to the speaker 2161, and convert it into a sound signal output by the speaker 2161; on the other hand, the microphone 2162 The collected sound signal is converted into an electrical signal, which is received by the audio circuit 2160 and converted into audio data, and then processed by the audio data output processor 2180, sent to the other service terminal via the RF circuit 2110, or output the audio data. To memory 2120 for further processing. The audio circuit 2160 may also include an earbud jack to provide communication of the peripheral earphones with the service terminal 2000.
为了实现无线通信,该业务终端上可以配置有无线通信单元2170,该无线通信单元2170可以为WIFI模块。WIFI属于短距离无线传输技术,业务终端2000通过无线通信单元2170可以帮助用户收发电子邮件、浏览网页和访问流式媒体等,它为用户提供了无线的宽带互联网访问。虽然图中示出了无线通信单元2170,但是可以理解的是,其并不属于业务终端2000的必须构成,完全可以根据需要在不改变公开的本质的范围内而省略。In order to implement wireless communication, the service terminal may be configured with a wireless communication unit 2170, which may be a WIFI module. WIFI is a short-range wireless transmission technology. The service terminal 2000 can help users to send and receive emails, browse web pages, and access streaming media through the wireless communication unit 2170, which provides wireless broadband Internet access for users. Although the wireless communication unit 2170 is shown in the drawing, it can be understood that it does not belong to the essential configuration of the service terminal 2000, and may be omitted as needed within the scope of not changing the essence of the disclosure.
处理器2180是业务终端2000的控制中心,利用各种接口和线路连接整个手机的各个部分,通过运行或执行存储在存储器2120内的软件程序和/或模块,以及调用存储在存储器2120内的数据,执行业务终端2000的各种功能和处理数据,从而对手机进行整体监控。可选的,处理器2180可包括一个或多个处理核心;优选的,处理器2180可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器2180中。The processor 2180 is the control center of the service terminal 2000, which connects various portions of the entire handset using various interfaces and lines, by running or executing software programs and/or modules stored in the memory 2120, and recalling data stored in the memory 2120. The various functions and processing data of the service terminal 2000 are executed to perform overall monitoring of the mobile phone. Optionally, the processor 2180 may include one or more processing cores; preferably, the processor 2180 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like. The modem processor primarily handles wireless communications. It can be understood that the above modem processor may not be integrated into the processor 2180.
业务终端2000还包括给各个部件供电的电源2190(比如电池),优选的,电源可以通过电源管理系统与处理器2180逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。电源2190还可以包括一个或一个以上的直流或交流电源、再充电系统、电源故障检测电路、电源转换器或者逆变器、电源状态指示器等任意组件。The service terminal 2000 further includes a power source 2190 (such as a battery) for supplying power to various components. Preferably, the power source can be logically connected to the processor 2180 through a power management system to manage functions such as charging, discharging, and power management through the power management system. . The power supply 2190 may also include any one or more of a DC or AC power source, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
尽管未示出,业务终端2000还可以包括摄像头、蓝牙模块等,在此不再赘述。在本实施例中,业务终端包括存储器,以及一个或者一个以上的程序,其中一个或者一个以上程序存储于存储器中,且经配置以由一个或者一个以上处理器执行所述一个或者一个以上程序包含的用于进行以下方法的指令:Although not shown, the service terminal 2000 may further include a camera, a Bluetooth module, and the like, and details are not described herein. In this embodiment, the service terminal includes a memory, and one or more programs, wherein one or more programs are stored in the memory and configured to execute the one or more programs by one or more processors Instructions for doing the following:
通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息;Acquiring user authentication information pre-stored in the wearable device from a wearable device of the user by using a short-range communication manner;
向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,以使所述业务服务器对所述用户验证信息进行校验,若校验成功,则 所述业务服务器对所述业务请求进行业务处理。Sending a service request to the service server, where the service request includes service information and the user verification information, so that the service server performs verification on the user verification information, and if the verification succeeds, The service server performs business processing on the service request.
可选地,所述通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息之前还包括:Optionally, before the obtaining the user verification information pre-stored in the wearable device from the wearable device of the user by using the short-range communication manner, the method further includes:
通过近距通讯方式获取所述可穿戴设备的设备标识;Acquiring the device identifier of the wearable device by using a short-range communication method;
将所述可穿戴设备的设备标识发送至所述业务服务器,以使所述业务服务器根据所述设备标识和本地的标识信息进行绑定验证,若验证通过则从所述业务服务器获取设备关系确认信息;Sending the device identifier of the wearable device to the service server, so that the service server performs binding verification according to the device identifier and the local identifier information, and if the verification succeeds, obtains the device relationship confirmation from the service server. information;
所述向业务服务器发送业务请求,包括:The sending a service request to the service server includes:
向所述业务服务器发送携带有设备关系确认信息的业务请求,以使所述业务服务器对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述业务请求进行业务处理。Sending, by the service server, a service request carrying the device relationship confirmation information, so that the service server checks the user verification information and the device relationship confirmation information, and if the verification is successful, the service request is performed. Conduct business processing.
可选地,所述通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息包括:Optionally, the obtaining the user verification information pre-stored in the wearable device from the wearable device of the user by using the short-range communication manner includes:
获取所述业务服务器的第三方验证信息并将所述业务服务器的第三方验证信息通过近距通讯方式发送至所述可穿戴设备,以使所述可穿戴设备对所述第三方验证信息进行校验,若校验成功则通过近距通讯方式从所述可穿戴设备获取预先存储的用户验证信息。Obtaining third-party verification information of the service server, and sending the third-party verification information of the service server to the wearable device by using a short-range communication manner, so that the wearable device performs the third-party verification information If the verification is successful, the pre-stored user verification information is obtained from the wearable device by using the short-range communication method.
可选地,所述近距通讯方式包括蓝牙方式或NFC方式。Optionally, the short-range communication mode includes a Bluetooth mode or an NFC mode.
可选地,所述通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息之前还包括:Optionally, before the obtaining the user verification information pre-stored in the wearable device from the wearable device of the user by using the short-range communication manner, the method further includes:
进行蓝牙设备搜索,从而与所述可穿戴设备建立蓝牙连接。A Bluetooth device search is performed to establish a Bluetooth connection with the wearable device.
本实施例的业务终端通过从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息,并向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,以使所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理,可利用用户的可穿戴设备中存储的验证信息进行校验,让针对业务请求的业务处理更为安全便捷。The service terminal of the embodiment obtains user authentication information pre-stored in the wearable device from the wearable device of the user, and sends a service request to the service server, where the service request includes the service information and the user verification information. In order to enable the service server to verify the user verification information, if the verification is successful, perform service processing on the service request, and perform verification by using the verification information stored in the user's wearable device, so that Business processing of business requests is safer and more convenient.
请参考图12,其示出了本申请实施例所涉及的可穿戴设备的结构示意图,该可穿戴设备可以用于实施上述实施例中提供的安全验证方法。具体来讲:Please refer to FIG. 12 , which is a schematic structural diagram of a wearable device according to an embodiment of the present application. The wearable device can be used to implement the security verification method provided in the foregoing embodiment. Specifically:
可穿戴设备3000可以包括通信单元3110、包括有一个或一个以上计算机 可读存储介质的存储器3120、输入单元3130、显示单元3140、传感器3150、音频电路3160、WIFI(Wireless Fidelity,无线保真)模块3170、包括有一个或者一个以上处理核心的处理器3180、以及电源3190等部件。本领域技术人员可以理解,图中示出的可穿戴设备结构并不构成对可穿戴设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。其中:The wearable device 3000 can include a communication unit 3110 including one or more computers A memory 3120 of a readable storage medium, an input unit 3130, a display unit 3140, a sensor 3150, an audio circuit 3160, a WIFI (Wireless Fidelity) module 3170, a processor 3180 including one or more processing cores, and a power supply 3190 and other components. It will be understood by those skilled in the art that the wearable device structure shown in the drawings does not constitute a limitation on the wearable device, may include more or less components than the illustration, or combine some components, or different component arrangements. . among them:
通信单元3110可用于收发信息或通话过程中,信号的接收和发送,该通信单元3110可以为RF(Radio Frequency,射频)电路、路由器、调制解调器、等网络通信设备。特别地,当通信单元3110为RF电路时,将基站的下行信息接收后,交由一个或者一个以上处理器3180处理;另外,将涉及上行的数据发送给基站。通常,作为通信单元的RF电路包括但不限于天线、至少一个放大器、调谐器、一个或多个振荡器、用户身份模块(SIM)卡、收发信机、耦合器、LNA(Low Noise Amplifier,低噪声放大器)、双工器等。此外,通信单元3110还可以通过无线通信与网络和其他设备通信。所述无线通信可以使用任一通信标准或协议,包括但不限于GSM(Global System of Mobile communication,全球移动通讯系统)、GPRS(General Packet Radio Service,通用分组无线服务)、CDMA(Code Division Multiple Access,码分多址)、WCDMA(Wideband Code Division Multiple Access,宽带码分多址)、LTE(Long Term Evolution,长期演进)、电子邮件、SMS(Short Messaging Service,短消息服务)等。存储器3120可用于存储软件程序以及模块,处理器3180通过运行存储在存储器3120的软件程序以及模块,从而执行各种功能应用以及数据处理。存储器3120可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据可穿戴设备3000的使用所创建的数据(比如音频数据、电话本等)等。此外,存储器3120可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。相应地,存储器3120还可以包括存储器控制器,以提供处理器3180和输入单元3130对存储器3120的访问。The communication unit 3110 can be used for transmitting and receiving information and receiving and transmitting signals during a call. The communication unit 3110 can be an RF (Radio Frequency) circuit, a router, a modem, or the like. Specifically, when the communication unit 3110 is an RF circuit, the downlink information of the base station is received, and then processed by one or more processors 3180; in addition, data related to the uplink is transmitted to the base station. Generally, RF circuits as communication units include, but are not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, and a LNA (Low Noise Amplifier, low). Noise amplifier), duplexer, etc. In addition, the communication unit 3110 can also communicate with the network and other devices through wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System of Mobile communication), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access). , Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), e-mail, SMS (Short Messaging Service), and the like. The memory 3120 can be used to store software programs and modules, and the processor 3180 executes various functional applications and data processing by running software programs and modules stored in the memory 3120. The memory 3120 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to Data created by the use of the wearable device 3000 (such as audio data, phone book, etc.), and the like. Moreover, memory 3120 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, memory 3120 can also include a memory controller to provide access to memory 3120 by processor 3180 and input unit 3130.
输入单元3130可用于接收输入的数字或字符信息,以及产生与用户设置以及功能控制有关的键盘、鼠标、操作杆、光学或者轨迹球信号输入。优选地,输入单元3130可包括触敏表面3131以及其他输入设备3132。触敏表面3131, 也称为触摸显示屏或者触控板,可收集用户在其上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触敏表面3131上或在触敏表面3131附近的操作),并根据预先设定的程式驱动相应的连接装置。可选的,触敏表面3131可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器3180,并能接收处理器3180发来的命令并加以执行。此外,可以采用电阻式、电容式、红外线以及表面声波等多种类型实现触敏表面3131。除了触敏表面3131,输入单元3130还可以包括其他输入设备3132。优选地,其他输入设备3132可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)、轨迹球、鼠标、操作杆等中的一种或多种。The input unit 3130 can be configured to receive input numeric or character information and to generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function controls. Preferably, the input unit 3130 can include a touch-sensitive surface 3131 as well as other input devices 3132. Touch sensitive surface 3131, Also known as a touch display or trackpad, it can collect touch operations on or near the user (eg, the user uses a finger, stylus, etc., any suitable object or accessory on or near the touch-sensitive surface 3131) Operation) and drive the corresponding connection device according to a preset program. Alternatively, the touch sensitive surface 3131 can include two portions of a touch detection device and a touch controller. Wherein, the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information. The processor 3180 is provided and can receive commands from the processor 3180 and execute them. In addition, the touch sensitive surface 3131 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves. In addition to the touch-sensitive surface 3131, the input unit 3130 can also include other input devices 3132. Preferably, other input devices 3132 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
显示单元3140可用于显示由用户输入的信息或提供给用户的信息以及可穿戴设备3000的各种图形用户接口,这些图形用户接口可以由图形、文本、图标、视频和其任意组合来构成。显示单元3140可包括显示面板3141,可选的,可以采用LCD(Liquid Crystal Display,液晶显示器)、OLED(Organic Light-Emitting Diode,有机发光二极管)等形式来配置显示面板3141。进一步的,触敏表面3131可覆盖显示面板3141,当触敏表面3131检测到在其上或附近的触摸操作后,传送给处理器3180以确定触摸事件的类型,随后处理器3180根据触摸事件的类型在显示面板3141上提供相应的视觉输出。虽然在图示中,触敏表面3131与显示面板3141是作为两个独立的部件来实现输入和输入功能,但是在某些实施例中,可以将触敏表面3131与显示面板3141集成而实现输入和输出功能。 Display unit 3140 can be used to display information entered by the user or information provided to the user and various graphical user interfaces of wearable device 3000, which can be composed of graphics, text, icons, video, and any combination thereof. The display unit 3140 may include a display panel 3141. Alternatively, the display panel 3141 may be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like. Further, the touch-sensitive surface 3131 can cover the display panel 3141, and when the touch-sensitive surface 3131 detects a touch operation thereon or nearby, it is transmitted to the processor 3180 to determine the type of the touch event, and then the processor 3180 according to the touch event The type provides a corresponding visual output on display panel 3141. Although in the illustration, touch-sensitive surface 3131 and display panel 3141 are implemented as two separate components to implement input and input functions, in some embodiments, touch-sensitive surface 3131 can be integrated with display panel 3141 to effect input. And output function.
可穿戴设备3000还可包括至少一种传感器3150,比如光传感器、运动传感器以及其他传感器。光传感器可包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示面板3141的亮度,接近传感器可在可穿戴设备3000移动到耳边时,关闭显示面板3141和/或背光。作为运动传感器的一种,重力加速度传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别手机姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等;至于可穿戴设备3000还可配置的陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。 The wearable device 3000 can also include at least one type of sensor 3150, such as a light sensor, motion sensor, and other sensors. The light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 3141 according to the brightness of the ambient light, and the proximity sensor may close the display panel 3141 and/or when the wearable device 3000 moves to the ear. Or backlight. As a kind of motion sensor, the gravity acceleration sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity. It can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc. As for the wearable device 3000, other sensors such as gyroscope, barometer, hygrometer, thermometer, infrared sensor, etc. This will not be repeated here.
音频电路3160、扬声器3161,传声器3162可提供用户与可穿戴设备3000之间的音频接口。音频电路3160可将接收到的音频数据转换后的电信号,传输到扬声器3161,由扬声器3161转换为声音信号输出;另一方面,传声器3162将收集的声音信号转换为电信号,由音频电路3160接收后转换为音频数据,再将音频数据输出处理器3180处理后,经RF电路3110以发送给比如另一可穿戴设备,或者将音频数据输出至存储器3120以便进一步处理。音频电路3160还可能包括耳塞插孔,以提供外设耳机与可穿戴设备3000的通信。An audio circuit 3160, a speaker 3161, and a microphone 3162 can provide an audio interface between the user and the wearable device 3000. The audio circuit 3160 can transmit the converted electrical data of the received audio data to the speaker 3161, and convert it into a sound signal output by the speaker 3161; on the other hand, the microphone 3162 converts the collected sound signal into an electrical signal, by the audio circuit 3160. After receiving, it is converted into audio data, and then processed by the audio data output processor 3180, transmitted to the, for example, another wearable device via the RF circuit 3110, or outputted to the memory 3120 for further processing. The audio circuit 3160 may also include an earbud jack to provide communication of the peripheral earphones with the wearable device 3000.
为了实现无线通信,该可穿戴设备上可以配置有无线通信单元3170,该无线通信单元3170可以为WIFI模块。WIFI属于短距离无线传输技术,可穿戴设备3000通过无线通信单元3170可以帮助用户收发电子邮件、浏览网页和访问流式媒体等,它为用户提供了无线的宽带互联网访问。虽然图中示出了无线通信单元3170,但是可以理解的是,其并不属于可穿戴设备3000的必须构成,完全可以根据需要在不改变公开的本质的范围内而省略。In order to implement wireless communication, the wearable device may be configured with a wireless communication unit 3170, which may be a WIFI module. WIFI belongs to short-range wireless transmission technology, and the wearable device 3000 can help users to send and receive emails, browse web pages, and access streaming media through the wireless communication unit 3170, which provides wireless broadband Internet access for users. Although the wireless communication unit 3170 is shown in the drawings, it can be understood that it does not belong to the essential configuration of the wearable device 3000, and may be omitted as needed within the scope of not changing the essence of the disclosure.
处理器3180是可穿戴设备3000的控制中心,利用各种接口和线路连接整个手机的各个部分,通过运行或执行存储在存储器3120内的软件程序和/或模块,以及调用存储在存储器3120内的数据,执行可穿戴设备3000的各种功能和处理数据,从而对手机进行整体监控。可选的,处理器3180可包括一个或多个处理核心;优选的,处理器3180可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器3180中。The processor 3180 is the control center of the wearable device 3000, connecting various portions of the entire handset with various interfaces and lines, by running or executing software programs and/or modules stored in the memory 3120, and recalling stored in the memory 3120. Data, performing various functions and processing data of the wearable device 3000, thereby performing overall monitoring of the mobile phone. Optionally, the processor 3180 may include one or more processing cores; preferably, the processor 3180 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like. The modem processor primarily handles wireless communications. It can be understood that the above modem processor may not be integrated into the processor 3180.
可穿戴设备3000还包括给各个部件供电的电源3190(比如电池),优选的,电源可以通过电源管理系统与处理器3180逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。电源3190还可以包括一个或一个以上的直流或交流电源、再充电系统、电源故障检测电路、电源转换器或者逆变器、电源状态指示器等任意组件。The wearable device 3000 further includes a power source 3190 (such as a battery) for powering various components. Preferably, the power source can be logically connected to the processor 3180 through a power management system to manage charging, discharging, and power management through the power management system. Features. The power supply 3190 may also include any one or more of a DC or AC power source, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
尽管未示出,可穿戴设备3000还可以包括摄像头、蓝牙模块等,在此不再赘述。在本实施例中,可穿戴设备包括存储器,以及一个或者一个以上的程序,其中一个或者一个以上程序存储于存储器中,且经配置以由一个或者一个以上处理器执行所述一个或者一个以上程序包含的用于进行以下方法的指令:Although not shown, the wearable device 3000 may further include a camera, a Bluetooth module, and the like, and details are not described herein. In this embodiment, the wearable device includes a memory, and one or more programs, wherein one or more programs are stored in the memory and configured to execute the one or more programs by one or more processors Contains instructions for making the following methods:
通过近距通讯方式向所述业务终端发送预先存储在本地的用户验证信息, 以使所述业务终端向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理。Sending user authentication information stored in advance to the service terminal in a short-range communication manner, The service terminal sends a service request to the service server, where the service request includes the service information and the user verification information, and the service server checks the user verification information, and if the verification succeeds, the service is The business request is for business processing.
可选地,所述通过近距通讯方式向所述业务终端发送预先存储在本地的用户验证信息之前还包括:Optionally, before the sending, by the near-end communication mode, the pre-stored user authentication information to the service terminal, the method further includes:
通过近距通讯方式向所述业务终端发送本地的设备标识,以使所述业务终端将所述本地的设备标识发送至所述业务服务器,所述业务服务器根据所述设备标识和所述业务终端的标识信息进行绑定验证,若验证通过则向所述业务终端发送设备关系确认信息,所述业务终端向所述业务服务器发送携带有所述设备关系确认信息的业务请求,以使所述业务服务器对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述业务请求进行业务处理。Sending a local device identifier to the service terminal in a short-range communication manner, so that the service terminal sends the local device identifier to the service server, where the service server is configured according to the device identifier and the service terminal. The identification information is used for binding verification, and if the verification is passed, the device relationship confirmation information is sent to the service terminal, and the service terminal sends a service request carrying the device relationship confirmation information to the service server, so that the service is performed. The server verifies the user verification information and the device relationship confirmation information, and if the verification is successful, performs service processing on the service request.
可选地,所述通过近距通讯方式向所述业务终端发送预先存储在本地的用户验证信息包括:Optionally, the sending the user verification information pre-stored locally to the service terminal by using the short-range communication manner includes:
通过近距通讯方式获取所述业务终端发送的所述业务服务器的第三方验证信息;Obtaining third-party verification information of the service server sent by the service terminal by using a short-range communication manner;
对所述第三方验证信息进行校验,若校验成功,则通过近距通讯方式向所述业务终端发送预先存储的用户验证信息。The third-party verification information is verified, and if the verification is successful, the pre-stored user verification information is sent to the service terminal by using the short-range communication method.
可选地,所述第三方验证信息为经过所述业务服务器使用第三方私钥加密的;Optionally, the third-party verification information is encrypted by using the third-party private key by the service server;
所述对所述第三方验证信息进行校验包括:The verifying the third-party verification information includes:
使用与所述业务服务器对应的第三方公钥对所述经过加密的第三方验证信息进行解密,根据预先存储的基准第三方验证信息对解密得到的第三方验证信息进行校验。The encrypted third-party authentication information is decrypted by using a third-party public key corresponding to the service server, and the decrypted third-party verification information is verified according to the pre-stored reference third-party verification information.
本实施例的可穿戴设备可向业务终端发送用户验证信息,以使业务服务器对接收到所述业务终端发送的用户验证信息进行校验,若校验成功则对业务终端发送的业务请求进行业务处理,让业务处理的过程更为安全便捷。The wearable device of the embodiment may send user authentication information to the service terminal, so that the service server checks the user authentication information sent by the service terminal, and if the verification succeeds, performs service on the service request sent by the service terminal. Processing makes the process of business processing safer and more convenient.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。 其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。One of ordinary skill in the art can understand that all or part of the process of implementing the foregoing embodiments can be completed by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium. When executed, the flow of an embodiment of the methods as described above may be included. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
以上所揭露的仅为本发明较佳实施例而已,当然不能以此来限定本发明之权利范围,因此依本发明权利要求所作的等同变化,仍属本发明所涵盖的范围。 The above is only the preferred embodiment of the present invention, and the scope of the present invention is not limited thereto, and thus equivalent changes made in the claims of the present invention are still within the scope of the present invention.

Claims (26)

  1. 一种安全验证方法,其特征在于,所述安全验证方法包括:A security verification method, characterized in that the security verification method comprises:
    业务终端通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息;The service terminal acquires user authentication information pre-stored in the wearable device from the wearable device of the user by using a short-range communication manner;
    所述业务终端向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息;The service terminal sends a service request to the service server, where the service request includes service information and the user verification information;
    所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理。The service server performs verification on the user verification information, and if the verification succeeds, performs service processing on the service request.
  2. 如权利要求1所述的安全验证方法,其特征在于,所述业务终端通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息之前还包括:The security verification method according to claim 1, wherein the service terminal further includes: before acquiring the user verification information pre-stored in the wearable device from the wearable device of the user by using the short-range communication method:
    所述业务终端通过近距通讯方式获取所述可穿戴设备的设备标识;Obtaining, by the service terminal, the device identifier of the wearable device by using a short-range communication manner;
    所述业务终端将所述可穿戴设备的设备标识发送至所述业务服务器;Transmitting, by the service terminal, a device identifier of the wearable device to the service server;
    所述业务服务器根据所述设备标识和所述业务终端的标识信息进行绑定验证,若验证通过则向所述业务终端发送设备关系确认信息;The service server performs binding verification according to the device identifier and the identification information of the service terminal, and sends the device relationship confirmation information to the service terminal if the verification succeeds;
    所述业务请求中还包括所述设备关系确认信息,所述方法还包括:The service request further includes the device relationship confirmation information, and the method further includes:
    所述业务服务器对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述业务请求进行业务处理。The service server performs verification on the user authentication information and the device relationship confirmation information, and if the verification is successful, performs service processing on the service request.
  3. 如权利要求1所述的安全验证方法,其特征在于,所述业务终端通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息包括:The security verification method according to claim 1, wherein the obtaining, by the service terminal, the user verification information pre-stored in the wearable device from the wearable device of the user by the proximity communication method comprises:
    所述业务终端获取所述业务服务器的第三方验证信息,并将所述业务服务器的第三方验证信息通过近距通讯方式发送至所述可穿戴设备;The service terminal acquires third-party verification information of the service server, and sends the third-party verification information of the service server to the wearable device by using a short-range communication manner;
    所述可穿戴设备对所述第三方验证信息进行校验,若校验成功,则通过近距通讯方式向所述业务终端发送预先存储的用户验证信息。The wearable device checks the third-party verification information, and if the verification is successful, sends the pre-stored user verification information to the service terminal by using the short-distance communication method.
  4. 如权利要求3所述的安全验证方法,其特征在于,所述业务终端通过近距通讯方式向所述可穿戴设备发送所述第三方验证信息为经过所述业务服务器 使用第三方私钥加密的;The security verification method according to claim 3, wherein the service terminal sends the third-party verification information to the wearable device in a short-range communication manner to pass through the service server. Encrypted using a third-party private key;
    所述可穿戴设备对所述第三方验证信息进行校验,包括:The wearable device performs verification on the third-party verification information, including:
    所述可穿戴设备使用与所述业务服务器对应的第三方公钥对经过加密的第三方验证信息进行解密,根据预先存储的基准第三方验证信息对解密得到的第三方验证信息进行校验。The wearable device decrypts the encrypted third-party verification information by using a third-party public key corresponding to the service server, and performs verification on the decrypted third-party verification information according to the pre-stored reference third-party verification information.
  5. 如权利要求1所述的安全验证方法,其特征在于,所述业务终端从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息为经过用户私钥加密的;The security verification method according to claim 1, wherein the service terminal acquires user authentication information pre-stored in the wearable device from the wearable device of the user as being encrypted by the user private key;
    所述业务服务器对所述用户验证信息进行校验包括:The verifying, by the service server, the user verification information includes:
    所述业务服务器使用所述用户对应的用户公钥对经过加密的用户验证信息进行解密,根据预先存储的基准用户验证信息对解密得到的用户验证信息进行校验。The service server decrypts the encrypted user verification information by using the user public key corresponding to the user, and verifies the decrypted user verification information according to the pre-stored reference user verification information.
  6. 如权利要求1~5中任一项所述的安全验证方法,其特征在于,所述近距通讯方式包括蓝牙方式或NFC(Near Field Communication,近场通信)方式。The security verification method according to any one of claims 1 to 5, wherein the short-range communication method comprises a Bluetooth mode or a NFC (Near Field Communication) mode.
  7. 如权利要求6所述的安全验证方法,其特征在于,所述业务终端通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息之前还包括:The security verification method according to claim 6, wherein the service terminal further includes: before the user terminal obtains the user verification information pre-stored in the wearable device from the wearable device of the user by using the short-range communication method:
    所述业务终端进行蓝牙设备搜索,从而与所述可穿戴设备建立蓝牙连接。The service terminal performs a Bluetooth device search to establish a Bluetooth connection with the wearable device.
  8. 一种安全验证方法,其特征在于,所述方法包括:A security verification method, the method comprising:
    业务终端通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息;The service terminal acquires user authentication information pre-stored in the wearable device from the wearable device of the user by using a short-range communication manner;
    所述业务终端向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,以使所述业务服务器对所述用户验证信息进行校验,若校验成功,则所述业务服务器对所述业务请求进行业务处理。The service terminal sends a service request to the service server, where the service request includes the service information and the user verification information, so that the service server checks the user verification information, and if the verification is successful, the service terminal The service server performs business processing on the service request.
  9. 如权利要求8所述的安全验证方法,其特征在于,所述业务终端通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证 信息之前还包括:The security verification method according to claim 8, wherein the service terminal acquires user authentication pre-stored in the wearable device from a wearable device of the user by using a short-range communication method. The information also includes:
    所述业务终端通过近距通讯方式获取所述可穿戴设备的设备标识;Obtaining, by the service terminal, the device identifier of the wearable device by using a short-range communication manner;
    所述业务终端将所述可穿戴设备的设备标识发送至所述业务服务器,以使所述业务服务器根据所述设备标识和所述业务终端的标识信息进行绑定验证,若验证通过则所述业务终端从所述业务服务器获取设备关系确认信息;The service terminal sends the device identifier of the wearable device to the service server, so that the service server performs binding verification according to the device identifier and the identification information of the service terminal, and if the verification is successful, the The service terminal acquires device relationship confirmation information from the service server;
    所述业务终端向业务服务器发送业务请求,包括:The service terminal sends a service request to the service server, including:
    所述业务终端向所述业务服务器发送携带有设备关系确认信息的业务请求,以使所述业务服务器对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述业务请求进行业务处理。The service terminal sends a service request carrying the device relationship confirmation information to the service server, so that the service server checks the user verification information and the device relationship confirmation information, and if the verification is successful, The service requests for business processing.
  10. 如权利要求8所述的安全验证方法,其特征在于,所述业务终端通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息包括:The security verification method according to claim 8, wherein the obtaining, by the service terminal, the user verification information pre-stored in the wearable device from the wearable device of the user by the proximity communication method comprises:
    所述业务终端获取所述业务服务器的第三方验证信息并将所述业务服务器的第三方验证信息通过近距通讯方式发送至所述可穿戴设备,以使所述可穿戴设备对所述第三方验证信息进行校验,若校验成功则所述业务终端通过近距通讯方式从所述可穿戴设备获取预先存储的用户验证信息。The service terminal acquires third-party verification information of the service server, and sends the third-party verification information of the service server to the wearable device in a short-distance communication manner, so that the wearable device is to the third party. The verification information is verified. If the verification is successful, the service terminal acquires pre-stored user verification information from the wearable device by using a short-range communication manner.
  11. 如权利要求8~10中任一项所述的安全验证方法,其特征在于,所述近距通讯方式包括蓝牙方式或NFC(Near Field Communication,近场通信)方式。The security verification method according to any one of claims 8 to 10, wherein the short-range communication method comprises a Bluetooth mode or a NFC (Near Field Communication) mode.
  12. 如权利要求11所述的安全验证方法,其特征在于,所述业务终端通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息之前还包括:The security verification method according to claim 11, wherein the service terminal further includes: before the user terminal obtains the user verification information pre-stored in the wearable device from the wearable device of the user by using the short-range communication method:
    所述业务终端进行蓝牙设备搜索,从而与所述可穿戴设备建立蓝牙连接。The service terminal performs a Bluetooth device search to establish a Bluetooth connection with the wearable device.
  13. 一种安全验证方法,其特征在于,所述方法包括:A security verification method, the method comprising:
    可穿戴设备通过近距通讯方式向所述业务终端发送预先存储在所述可穿戴设备中的用户验证信息,以使所述业务终端向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理。 The wearable device sends the user authentication information pre-stored in the wearable device to the service terminal in a short-distance communication manner, so that the service terminal sends a service request to the service server, where the service request includes service information and The user verification information, the service server performs verification on the user verification information, and if the verification is successful, performs service processing on the service request.
  14. 如权利要求13所述的安全验证方法,其特征在于,所述可穿戴设备通过近距通讯方式向所述业务终端发送预先存储在所述可穿戴设备中的用户验证信息之前还包括:The security verification method according to claim 13, wherein the wearable device further includes: before transmitting the user verification information pre-stored in the wearable device to the service terminal by using the short-range communication method:
    所述可穿戴设备通过近距通讯方式向所述业务终端发送所述可穿戴设备的设备标识,以使所述业务终端将所述可穿戴设备的设备标识发送至所述业务服务器,所述业务服务器根据所述设备标识和所述业务终端的标识信息进行绑定验证,若验证通过则向所述业务终端发送设备关系确认信息,所述业务终端向所述业务服务器发送携带有所述设备关系确认信息的业务请求,以使所述业务服务器对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述业务请求进行业务处理。Transmitting, by the wearable device, the device identifier of the wearable device to the service terminal by using a short-range communication manner, so that the service terminal sends the device identifier of the wearable device to the service server, where the service The server performs binding verification according to the device identifier and the identification information of the service terminal, and if the verification succeeds, sends the device relationship confirmation information to the service terminal, where the service terminal sends the device relationship to the service server. And confirming the service request of the information, so that the service server checks the user verification information and the device relationship confirmation information, and if the verification is successful, performs service processing on the service request.
  15. 如权利要求13所述的安全验证方法,其特征在于,所述可穿戴设备通过近距通讯方式向所述业务终端发送预先存储在所述可穿戴设备中的用户验证信息包括:The security verification method of claim 13, wherein the sending, by the wearable device, the user authentication information pre-stored in the wearable device to the service terminal by using the short-range communication method includes:
    所述可穿戴设备通过近距通讯方式获取所述业务终端发送的所述业务服务器的第三方验证信息;Obtaining, by the wearable device, third-party verification information of the service server sent by the service terminal by using a short-distance communication manner;
    所述可穿戴设备对所述第三方验证信息进行校验,若校验成功,则通过近距通讯方式向所述业务终端发送预先存储的用户验证信息。The wearable device checks the third-party verification information, and if the verification is successful, sends the pre-stored user verification information to the service terminal by using the short-distance communication method.
  16. 如权利要求15所述的安全验证方法,其特征在于,所述第三方验证信息为经过所述业务服务器使用第三方私钥加密的;The security verification method according to claim 15, wherein the third party authentication information is encrypted by the service server using a third party private key;
    所述可穿戴设备对所述第三方验证信息进行校验包括:The verifying, by the wearable device, the third-party verification information includes:
    所述可穿戴设备使用与所述业务服务器对应的第三方公钥对所述经过加密的第三方验证信息进行解密,根据预先存储的基准第三方验证信息对解密得到的第三方验证信息进行校验。The wearable device decrypts the encrypted third-party verification information by using a third-party public key corresponding to the service server, and performs verification on the decrypted third-party verification information according to the pre-stored reference third-party verification information. .
  17. 一种安全支付方法,其特征在于,所述安全支付方法包括:A secure payment method, characterized in that the secure payment method comprises:
    支付终端通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息;The payment terminal acquires user verification information pre-stored in the wearable device from the wearable device of the user by using a short-range communication manner;
    所述支付终端向支付服务器发送支付请求,所述支付请求中包括订单信息 和所述用户验证信息;The payment terminal sends a payment request to the payment server, where the payment request includes order information And the user verification information;
    所述支付服务器对所述用户验证信息进行校验,若校验成功,则对所述支付请求进行支付处理。The payment server verifies the user verification information, and if the verification is successful, performs payment processing on the payment request.
  18. 一种业务终端,其特征在于,所述业务终端包括存储器,以及一个或者一个以上的程序,其中一个或者一个以上程序存储于存储器中,且经配置以由一个或者一个以上处理器执行所述一个或者一个以上程序包含的用于进行以下方法的指令:A service terminal, characterized in that the service terminal comprises a memory, and one or more programs, wherein one or more programs are stored in the memory and configured to execute the one by one or more processors Or an instruction included in more than one program to perform the following methods:
    通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息;Acquiring user authentication information pre-stored in the wearable device from a wearable device of the user by using a short-range communication manner;
    向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,以使所述业务服务器对所述用户验证信息进行校验,若校验成功,则所述业务服务器对所述业务请求进行业务处理。Sending a service request to the service server, where the service request includes the service information and the user verification information, so that the service server checks the user verification information, and if the verification succeeds, the service server is The business request is for business processing.
  19. 如权利要求18所述的业务终端,其特征在于,所述通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息之前还包括:The service terminal according to claim 18, wherein the obtaining, before the user authentication information pre-stored in the wearable device by the wearable device of the user by the short-range communication, further comprises:
    通过近距通讯方式获取所述可穿戴设备的设备标识;Acquiring the device identifier of the wearable device by using a short-range communication method;
    将所述可穿戴设备的设备标识发送至所述业务服务器,以使所述业务服务器根据所述设备标识和本地的标识信息进行绑定验证,若验证通过则从所述业务服务器获取设备关系确认信息;Sending the device identifier of the wearable device to the service server, so that the service server performs binding verification according to the device identifier and the local identifier information, and if the verification succeeds, obtains the device relationship confirmation from the service server. information;
    所述向业务服务器发送业务请求,包括:The sending a service request to the service server includes:
    向所述业务服务器发送携带有设备关系确认信息的业务请求,以使所述业务服务器对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述业务请求进行业务处理。Sending, by the service server, a service request carrying the device relationship confirmation information, so that the service server checks the user verification information and the device relationship confirmation information, and if the verification is successful, the service request is performed. Conduct business processing.
  20. 如权利要求18所述的业务终端,其特征在于,所述通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息包括:The service terminal according to claim 18, wherein the obtaining the user verification information pre-stored in the wearable device from the wearable device of the user by using the short-range communication method comprises:
    获取所述业务服务器的第三方验证信息并将所述业务服务器的第三方验证信息通过近距通讯方式发送至所述可穿戴设备,以使所述可穿戴设备对所述第三方验证信息进行校验,若校验成功则通过近距通讯方式从所述可穿戴设备获 取预先存储的用户验证信息。Obtaining third-party verification information of the service server, and sending the third-party verification information of the service server to the wearable device by using a short-range communication manner, so that the wearable device performs the third-party verification information If the verification is successful, the short-distance communication method is obtained from the wearable device. Take pre-stored user authentication information.
  21. 如权利要求18~20中任一项所述的业务终端,其特征在于,所述近距通讯方式包括蓝牙方式或NFC方式。The service terminal according to any one of claims 18 to 20, wherein the short-range communication method comprises a Bluetooth mode or an NFC mode.
  22. 如权利要求21所述的业务终端,其特征在于,所述通过近距通讯方式从用户的可穿戴设备获取预先存储在所述可穿戴设备中的用户验证信息之前还包括:The service terminal according to claim 21, wherein before the obtaining, by the proximity device, the user authentication information pre-stored in the wearable device by the wearable device of the user, the method further comprises:
    进行蓝牙设备搜索,从而与所述可穿戴设备建立蓝牙连接。A Bluetooth device search is performed to establish a Bluetooth connection with the wearable device.
  23. 一种可穿戴设备,其特征在于,所述可穿戴设备包括存储器,以及一个或者一个以上的程序,其中一个或者一个以上程序存储于存储器中,且经配置以由一个或者一个以上处理器执行所述一个或者一个以上程序包含的用于进行以下方法的指令:A wearable device, comprising: a memory, and one or more programs, wherein one or more programs are stored in a memory and configured to be executed by one or more processors An instruction contained in one or more programs for performing the following methods:
    通过近距通讯方式向所述业务终端发送预先存储在本地的用户验证信息,以使所述业务终端向业务服务器发送业务请求,所述业务请求中包括业务信息和所述用户验证信息,所述业务服务器对所述用户验证信息进行校验,若校验成功,则对所述业务请求进行业务处理。Sending the user authentication information stored in advance to the service terminal in a short-range communication manner, so that the service terminal sends a service request to the service server, where the service request includes the service information and the user verification information, The service server verifies the user verification information, and if the verification is successful, performs service processing on the service request.
  24. 如权利要求23所述的可穿戴设备,其特征在于,所述通过近距通讯方式向所述业务终端发送预先存储在本地的用户验证信息之前还包括:The wearable device according to claim 23, wherein the transmitting the pre-stored local user authentication information to the service terminal by using the short-range communication method further comprises:
    通过近距通讯方式向所述业务终端发送本地的设备标识,以使所述业务终端将所述本地的设备标识发送至所述业务服务器,所述业务服务器根据所述设备标识和所述业务终端的标识信息进行绑定验证,若验证通过则向所述业务终端发送设备关系确认信息,所述业务终端向所述业务服务器发送携带有所述设备关系确认信息的业务请求,以使所述业务服务器对所述用户验证信息和所述设备关系确认信息进行校验,若均校验成功则对所述业务请求进行业务处理。Sending a local device identifier to the service terminal in a short-range communication manner, so that the service terminal sends the local device identifier to the service server, where the service server is configured according to the device identifier and the service terminal. The identification information is used for binding verification, and if the verification is passed, the device relationship confirmation information is sent to the service terminal, and the service terminal sends a service request carrying the device relationship confirmation information to the service server, so that the service is performed. The server verifies the user verification information and the device relationship confirmation information, and if the verification is successful, performs service processing on the service request.
  25. 如权利要求23所述的安全验证方法,其特征在于,所述通过近距通讯方式向所述业务终端发送预先存储在本地的用户验证信息包括:The method of claim 23, wherein the transmitting the user authentication information pre-stored locally to the service terminal by using the short-range communication method comprises:
    通过近距通讯方式获取所述业务终端发送的所述业务服务器的第三方验证 信息;Obtaining third-party verification of the service server sent by the service terminal by using short-range communication information;
    对所述第三方验证信息进行校验,若校验成功,则通过近距通讯方式向所述业务终端发送预先存储的用户验证信息。The third-party verification information is verified, and if the verification is successful, the pre-stored user verification information is sent to the service terminal by using the short-range communication method.
  26. 如权利要求25所述的可穿戴设备,其特征在于,所述第三方验证信息为经过所述业务服务器使用第三方私钥加密的;The wearable device according to claim 25, wherein said third party authentication information is encrypted by said service server using a third party private key;
    所述对所述第三方验证信息进行校验包括:The verifying the third-party verification information includes:
    使用与所述业务服务器对应的第三方公钥对所述经过加密的第三方验证信息进行解密,根据预先存储的基准第三方验证信息对解密得到的第三方验证信息进行校验。 The encrypted third-party authentication information is decrypted by using a third-party public key corresponding to the service server, and the decrypted third-party verification information is verified according to the pre-stored reference third-party verification information.
PCT/CN2014/095467 2013-12-30 2014-12-30 Security verification method, and related device and system WO2015101273A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310746079.8 2013-12-30
CN201310746079.8A CN104601327B (en) 2013-12-30 2013-12-30 A kind of safe verification method, relevant device and system

Publications (1)

Publication Number Publication Date
WO2015101273A1 true WO2015101273A1 (en) 2015-07-09

Family

ID=53126857

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/095467 WO2015101273A1 (en) 2013-12-30 2014-12-30 Security verification method, and related device and system

Country Status (2)

Country Link
CN (1) CN104601327B (en)
WO (1) WO2015101273A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108604341A (en) * 2016-11-21 2018-09-28 华为技术有限公司 Method of commerce, payment devices, calibration equipment and server
CN111242605A (en) * 2018-11-29 2020-06-05 中国移动通信集团广东有限公司 Mobile payment method
CN111641505A (en) * 2020-04-20 2020-09-08 广东乐心医疗电子股份有限公司 Information processing method and device, electronic equipment and readable storage medium
TWI747287B (en) * 2020-05-15 2021-11-21 華南商業銀行股份有限公司 Transaction verification system and method
CN113784295A (en) * 2021-11-09 2021-12-10 深圳市伦茨科技有限公司 Anti-lost method and system for portable article
CN113869074A (en) * 2021-09-09 2021-12-31 维沃移动通信(杭州)有限公司 Service code-based service processing method and device and electronic equipment
CN114944922A (en) * 2022-05-19 2022-08-26 中国银行股份有限公司 Data processing method, device, equipment and storage medium
TWI789972B (en) * 2020-05-15 2023-01-11 華南商業銀行股份有限公司 Transaction verification system and method capable of suspending connection
TWI789971B (en) * 2020-05-15 2023-01-11 華南商業銀行股份有限公司 Transaction verification system and method for cross validation

Families Citing this family (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104951938A (en) * 2015-05-07 2015-09-30 高科技术有限公司 NFC (near-field communication) secured transaction method and system
CN105678553A (en) 2015-08-05 2016-06-15 腾讯科技(深圳)有限公司 Method, device and system for processing order information
CN105765614A (en) * 2015-09-23 2016-07-13 深圳还是威健康科技有限公司 Payment method and intelligent wristband
CN105162605A (en) * 2015-09-28 2015-12-16 东南大学 Digital signature and authentication method
CN106603237B (en) * 2015-10-16 2022-02-08 中兴通讯股份有限公司 Safe payment method and device
CN106789852B (en) * 2015-11-24 2021-03-30 创新先进技术有限公司 Registration and authentication method and device
CN105719138A (en) * 2016-01-19 2016-06-29 宇龙计算机通信科技(深圳)有限公司 Payment processing method, payment processing device, payment processing terminal, and payment processing system
JP6013660B1 (en) * 2016-02-18 2016-10-25 株式会社E3 Emergency call system
CN107196890A (en) * 2016-03-14 2017-09-22 阿里巴巴集团控股有限公司 Implementation method and device that implementation method and device, the account of account authorization are authenticated
CN107220828B (en) * 2016-03-22 2020-09-08 阿里巴巴集团控股有限公司 Method, system and device for payment authorization and payment through wearable device
CN107295052B (en) 2016-04-11 2020-06-09 阿里巴巴集团控股有限公司 Service processing method and device
CN105956644A (en) * 2016-04-12 2016-09-21 上海海漾软件技术有限公司 Coding method and coding device of wearable device, data synchronization method, data synchronization device, and coding system
CN105871867B (en) 2016-04-27 2018-01-16 腾讯科技(深圳)有限公司 Identity identifying method, system and equipment
CN107358419B (en) * 2016-05-09 2020-12-11 阿里巴巴集团控股有限公司 Airborne terminal payment authentication method, device and system
CN107370711B (en) * 2016-05-11 2021-05-11 创新先进技术有限公司 Identity verification method and system and intelligent wearable device
CN108377563B (en) * 2016-11-08 2021-08-20 北京京东尚科信息技术有限公司 Method for managing wearable equipment, server and client
CN106533695B (en) * 2016-11-15 2019-10-25 北京华大智宝电子系统有限公司 A kind of safety certifying method and equipment
CN108154364A (en) * 2016-12-06 2018-06-12 上海方付通商务服务有限公司 Wearable device and payment system and method for payment with the wearable device
CN106713890A (en) * 2016-12-09 2017-05-24 宇龙计算机通信科技(深圳)有限公司 Image processing method and device
CN106981003B (en) * 2016-12-30 2020-08-25 中国银联股份有限公司 Transaction method, device and system for virtual reality environment
CN107194696A (en) * 2017-05-25 2017-09-22 深圳可戴设备文化发展有限公司 Article method of payment, device and computer-readable recording medium
CN107294987A (en) * 2017-06-30 2017-10-24 江西博瑞彤芸科技有限公司 Information processing method
CN107491966A (en) * 2017-08-04 2017-12-19 北京小米移动软件有限公司 Method of payment, apparatus and system, storage medium
CN108737442B (en) * 2018-06-12 2019-05-10 北京多采多宜网络科技有限公司 A kind of cryptographic check processing method
CN109274726B (en) * 2018-08-31 2020-07-07 阿里巴巴集团控股有限公司 Binding method, migration method, binding device, migration device, computing equipment and storage medium
CN109544159A (en) * 2018-11-12 2019-03-29 东莞市大易产业链服务有限公司 A kind of method of quick authority to pay
CN109379388B (en) * 2018-12-17 2021-04-06 福建联迪商用设备有限公司 Identity recognition method, terminal and wearable device
CN110995454A (en) * 2019-11-08 2020-04-10 厦门网宿有限公司 Service verification method and system
CN112215598A (en) * 2019-12-12 2021-01-12 华为技术有限公司 Voice payment method and electronic equipment
EP4106357A4 (en) * 2020-03-09 2023-07-12 Huawei Technologies Co., Ltd. Method for logging into on-board computer system and related device
CN111835869B (en) * 2020-07-30 2023-06-16 上海茂声智能科技有限公司 Method, system, equipment and storage medium for centralized control of terminal content

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101770619A (en) * 2008-12-31 2010-07-07 中国银联股份有限公司 Multiple-factor authentication method for online payment and authentication system
US20130009756A1 (en) * 2011-07-07 2013-01-10 Nokia Corporation Verification using near field communications
CN103310142A (en) * 2013-05-22 2013-09-18 复旦大学 Man-machine fusion security authentication method based on wearable equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101770619A (en) * 2008-12-31 2010-07-07 中国银联股份有限公司 Multiple-factor authentication method for online payment and authentication system
US20130009756A1 (en) * 2011-07-07 2013-01-10 Nokia Corporation Verification using near field communications
CN103310142A (en) * 2013-05-22 2013-09-18 复旦大学 Man-machine fusion security authentication method based on wearable equipment

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108604341B (en) * 2016-11-21 2022-04-12 华为技术有限公司 Transaction method, payment device, verification device and server
CN108604341A (en) * 2016-11-21 2018-09-28 华为技术有限公司 Method of commerce, payment devices, calibration equipment and server
CN111242605A (en) * 2018-11-29 2020-06-05 中国移动通信集团广东有限公司 Mobile payment method
CN111242605B (en) * 2018-11-29 2023-09-19 中国移动通信集团广东有限公司 Mobile payment method
CN111641505A (en) * 2020-04-20 2020-09-08 广东乐心医疗电子股份有限公司 Information processing method and device, electronic equipment and readable storage medium
CN111641505B (en) * 2020-04-20 2023-04-25 广东乐心医疗电子股份有限公司 Information processing method, information processing device, electronic equipment and readable storage medium
TWI747287B (en) * 2020-05-15 2021-11-21 華南商業銀行股份有限公司 Transaction verification system and method
TWI789972B (en) * 2020-05-15 2023-01-11 華南商業銀行股份有限公司 Transaction verification system and method capable of suspending connection
TWI789971B (en) * 2020-05-15 2023-01-11 華南商業銀行股份有限公司 Transaction verification system and method for cross validation
CN113869074A (en) * 2021-09-09 2021-12-31 维沃移动通信(杭州)有限公司 Service code-based service processing method and device and electronic equipment
CN113784295B (en) * 2021-11-09 2022-04-15 深圳市伦茨科技有限公司 Anti-lost method and system for portable article
CN113784295A (en) * 2021-11-09 2021-12-10 深圳市伦茨科技有限公司 Anti-lost method and system for portable article
CN114944922A (en) * 2022-05-19 2022-08-26 中国银行股份有限公司 Data processing method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN104601327A (en) 2015-05-06
CN104601327B (en) 2019-01-29

Similar Documents

Publication Publication Date Title
WO2015101273A1 (en) Security verification method, and related device and system
US20210336780A1 (en) Key updating method, apparatus, and system
US11488234B2 (en) Method, apparatus, and system for processing order information
US11057376B2 (en) Method, apparatus, and system for controlling intelligent device, and storage medium
JP6576555B2 (en) Service processing method, device and system
CN111066284B (en) Service certificate management method, terminal and server
WO2018176781A1 (en) Information sending method, information receiving method, apparatus, and system
US9635018B2 (en) User identity verification method and system, password protection apparatus and storage medium
WO2017041599A1 (en) Service processing method and electronic device
US9710846B2 (en) Method, terminal, and server for submitting and processing order
CN110417543B (en) Data encryption method, device and storage medium
EP3401864A1 (en) Method for selecting transaction application, and terminal
US20150302215A1 (en) Sensitive operation verification method, terminal device, server, and verification system
WO2017084288A1 (en) Method and device for verifying identity
CN104954126B (en) Sensitive operation verification method, device and system
WO2014000652A1 (en) Browser plug-in installation method, device and terminal
WO2018108123A1 (en) Identity authentication method, device and system
CN106255102B (en) Terminal equipment identification method and related equipment
WO2016192511A1 (en) Method and apparatus for remotely deleting information
WO2019128179A1 (en) Method and apparatus for data transmission between mobile terminals, and mobile terminal
CN108475304A (en) A kind of method, apparatus and mobile terminal of affiliate application and biological characteristic
WO2018108062A1 (en) Method and device for identity verification, and storage medium
WO2015101254A1 (en) Information interaction method, apparatus and system
WO2017166976A1 (en) Method, device, and system for distributing and verifying application service
CN108737341B (en) Service processing method, terminal and server

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14876557

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14876557

Country of ref document: EP

Kind code of ref document: A1