Background technology
Sui the development of cybertimes, the user can by cordless communication network and by mobile intelligent terminal equipment just can realization and the dealing of bank, businessman settle accounts.At present, usually adopt the two-factor authentication system to realize quick payment, so-called two-factor authentication is exactly by the identity authorization system of competence exertion effect together of these two factor combinations that have with you known to you.For example, the bank card of withdrawing the money at ATM is exactly the example of a two-factor authentication mechanism, need to know that withdraw the money password and these two key elements of bank card are in conjunction with using.
The two-factor authentication system comprises two-factor authentication equipment, authentication proxy's software and certificate server.What two-factor authentication equipment was often referred to is exactly the two-factor authentication token, and the two-factor authentication system equipment of main flow has hardware token, SMS password, USB KEY, mixed type token (USBKEY+ dynamic password) at present.Wherein, hardware token, SMS password, coefficient of safety is not high, is difficult to guarantee the fail safe of mobile block trade.USB KEY equipment cost is higher, general one piece of tens of unit of needs.
Summary of the invention
The object of the present invention is to provide a kind of two-factor authentication system based on two-dimension code, provide economical and practical, safe two-dimension code two-factor authentication Payment System to the user.
In first aspect, the invention provides the method that intelligent terminal carries out the two-dimension code two-factor authentication.The method comprises: send authentication request, user name and user cipher to certificate server; Receive the two-dimension code positional information that certificate server returns; The two-dimension code of assigned address on the two-dimension code positional information scanning two-dimension code two-factor authentication card that returns according to certificate server; And the 2 D code information that scans is sent to certificate server, in order to receive the authentication result that certificate server returns.
In first aspect, the present invention also provides certificate server to carry out the method for two-dimension code two-factor authentication.The method comprises the authentication request that receives the intelligent terminal transmission, user name and user cipher; Operation user profile, and send on the current two-dimension code two-factor authentication card at random the two-dimension code positional information of appointment to intelligent terminal; Receive intelligent terminal and return the 2 D code information of scanning so that the user is carried out authentication; And authentication result is returned to intelligent terminal determine whether this time payment is effective.
In second aspect, the invention provides a kind of intelligent terminal.This equipment comprises: send authentication request, the module of user name and user cipher to certificate server; The module of the two-dimension code positional information that the reception certificate server returns; The module of the two-dimension code of assigned address on the two-dimension code positional information scanning two-dimension code dual factors card that returns according to certificate server; And the two bit code information that will scan are sent to certificate server, in order to receive the module of the authentication result that certificate server returns.
In second aspect, the present invention also provides a kind of certificate server.This server comprises: receive the authentication request that intelligent terminal sends, the module of user name and user cipher; Operation user profile, and send on the current two-dimension code two-factor authentication card at random the two-dimension code positional information of appointment to the module of intelligent terminal; Receive intelligent terminal and return the 2 D code information of scanning the user is carried out the module of authentication; And authentication result is returned to intelligent terminal determine whether effectively module of this time payment.
The present invention has improved the fail safe of mobile payment by adopting two-dimension code as the authenticating device of two-factor authentication Payment System, and protection wholesale mobile payment security has reduced the two-factor authentication equipment cost.
Embodiment
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Fig. 1 is the main flow chart according to the two-dimension code two-factor authentication method of the embodiment of the invention.
As shown in Figure 1, the main flow chart of the two-dimension code two-factor authentication method of this embodiment comprises and obtains the two-dimension code positional information and upload two processes of two-dimension code authentication, specifically comprises the steps:
When needs were paid, the user sent two-dimension code two-factor authentication request, user name and user cipher by intelligent terminal to certificate server.
Certificate server receives authentication request, user name and user cipher, and in database, find this user profile, consistent with providing user name and user cipher such as user profile, then certificate server can return on the current two-dimension code two-factor authentication of this user card two-dimension code positional information of appointment at random to intelligent terminal and store simultaneously the position two-dimension code positional information of this appointment within the time of setting.Inconsistent with a user name that provides and user cipher such as user profile, then certificate server does not return the two-dimension code positional information.As shown in Figure 2, the 2 D code information of intelligent terminal scanning assigned address has surpassed setting-up time, certificate server can ask to send according to the user two bit code positional informations of another appointment, then returns the two-dimension code positional information of reassigning to intelligent terminal.Certificate server sends the two-dimension code positional information number of times of appointment within system's prescribed limit.If surpass system's stipulated number, certificate server will no longer send two bit code positional informations of appointment, and namely the user this time applies for the failure of two-dimension code two-factor authentication.
Intelligent terminal is according to the two-dimension code positional information of the certificate server appointment two-dimension code by assigned address on the scanning of the camera on it two-dimension code dual factors card, and the 2 D code information of scanning is sent to certificate server.
Certificate server receives the 2 D code information of the scanning that intelligent terminal returns, and compares with the assigned address 2 D code information of before storage, if comparative result is consistent, then the user carries out the authentication success, i.e. this time payment effectively.If comparative result is inconsistent, then authenticating user identification failure, this pays invalid.
Fig. 3 is the two-dimension code two-factor authentication system diagram according to the embodiment of the invention.
As shown in Figure 3, the system diagram of this embodiment comprises two-dimension code two-factor authentication card, intelligent terminal and certificate server.
Two-dimension code two-factor authentication card is used for providing the two-dimension code position and scans for intelligent terminal.As shown in Figure 4, two-dimension code two-factor authentication card is collapsible separable hard cards, and the monolithic area is 90*55mm.Two-dimension code two-factor authentication card is printed on some pieces of ciphering two-dimension codes and correspondence position thereof, is convenient to the two-dimension code of intelligent terminal rapid scanning assigned address according to the position of setting.
Intelligent terminal is used for submitting to authentication request on the one hand, and the 2 D code information of user name and user cipher and scanning assigned address is used on the other hand receiving certificate server and returns the 2 D code information of assigned address and receive authentication result to certificate server.It can comprise the module that sends authentication request and user name to certificate server; The module of the two-dimension code positional information that the reception certificate server returns; The module of the two-dimension code of assigned address on the two-dimension code positional information scanning two-dimension code dual factors card that returns according to certificate server; And the two bit code information that will scan are sent to certificate server, in order to receive the module of the authentication result that certificate server returns.In an inventive embodiments, intelligent terminal is the movable equipment that camera is housed, and its inside is equipped with authentication proxy's software, and intelligent terminal sends authentication request to certificate server and realizes by its internal authentication agent software.
Certificate server is used for receiving the authentication request that intelligent terminal sends on the one hand, the 2 D code information of user name and user cipher and reception scanning assigned address, be used on the other hand operation user profile, send on the current two-dimension code two-factor authentication card result after at random the two-dimension code positional information of appointment and transmission authentication to intelligent terminal.It can comprise the authentication request of reception intelligent terminal transmission and the module of user name; Operation user profile, and send on the current two-dimension code two-factor authentication card at random the two-dimension code positional information of appointment to the module of intelligent terminal; Receive intelligent terminal and return the 2 D code information of scanning the user is carried out the module of authentication; And authentication result is returned to intelligent terminal determine whether effectively module of this time payment.In an inventive embodiments, certificate server is provided with time window, allows the two-dimension code at this time window interscan assigned address, and its time window is dynamically to adjust.2 D code information such as intelligent terminal scanning assigned address has surpassed setting-up time, certificate server can send according to request two bit code positional informations of another appointment, and wherein certificate server sends the two-dimension code positional information number of times of appointment within system's prescribed limit.
Wherein, intelligent terminal and certificate server are to realize communicating with one another therebetween by wireless-transmission network.
Intelligent terminal is submitted user authentication request to, user name and user cipher are to certificate server, certificate server receives authentication request, user name and user cipher, operation user profile, and return on the current two-dimension code two-factor authentication of this user card at random the two-dimension code positional information of appointment to intelligent terminal, intelligent terminal is according to the two-dimension code of positional information scanning assigned address, and the 2 D code information that scans is sent to certificate server, the 2 D code information that certificate server receives scanning carries out authentication to the user, and determines according to authentication result whether this time payment is effective.
The present invention has improved the fail safe of mobile payment by adopting two-dimension code as the authenticating device of two-factor authentication Payment System, and protection wholesale mobile payment security has reduced the two-factor authentication equipment cost.
Above-described embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is the specific embodiment of the present invention; the protection range that is not intended to limit the present invention; within the spirit and principles in the present invention all, any modification of making, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.