CN103258265A - ID authentication method based on representation of barcode - Google Patents
ID authentication method based on representation of barcode Download PDFInfo
- Publication number
- CN103258265A CN103258265A CN2013101253578A CN201310125357A CN103258265A CN 103258265 A CN103258265 A CN 103258265A CN 2013101253578 A CN2013101253578 A CN 2013101253578A CN 201310125357 A CN201310125357 A CN 201310125357A CN 103258265 A CN103258265 A CN 103258265A
- Authority
- CN
- China
- Prior art keywords
- authentication
- bar code
- server
- barcode
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
A barcode which is generated by a mobile phone or represents an ID of a user is used. Various treatment which needs ID authentication such as electronic payment in electronic commerce is finished through the ID represented by the barcode. Due to the fact that the barcode needs to be represented through a picture, a secure channel cannot be set up just like NFC or other communication methods. In order to prevent the ID from being masked, a usual method comprises the step that the user inputs a PIN to further carry out confirmation. In the ID authentication method based on the representation of the barcode, the authentication of the PIN is replaced by the method using a dynamic authentication code. The dynamic authentication code is guaranteed to be effective only in a certain time range. The user just needs to prevent the own barcode from being stolen in the certain time, and then safety of the ID authentication can be guaranteed, so that authentication procedures are simplified and the needed time is shortened, and the above equal safety is guaranteed. An irreversible Hash value is adopted in the process of transmission of the dynamic authentication code, and the phenomenon that authentication information contained in an authentication code cannot be copied is guaranteed.
Description
Technical field
The present invention relates to e-commerce field, relate in particular to the safety certification application of ecommerce.
Background technology
1. background
Based on the payment of the smart mobile phone that carries the NFC chip, owing to specifications such as SecureElement are unified as yet, cell phone manufacturer and operation manufacturer specification standards are also inequality, therefore importing and commercial operation have been brought very big difficulty.Under this background, a kind of easier method of market demand in the phase at dawn of NFC smart mobile phone, starts the E-Payment based on mobile phone, obtains market to take the lead in and supports.
2. invention target
Utilize the expression of bar code, finish the authentication of ID, and solve bar code and can not set up escape way (Secure Channel), but need to guarantee the problem of security simultaneously.
Summary of the invention
By smart mobile phone, with the form of bar code, expression user's ID, and by the authentication code relevant with ID, finish the ID authentication.And use certain ageing dynamic authentication codes to generate bar code, to solve the problem that bar code is replicated easily in the expression process.
Progressive of the present invention is:
1. before the NFC mobile phone is popularized, import the electronic payment mode based on smart mobile phone in advance.
2. be compared to, Ebay Inc proposes, Application No. US2012185317, Mobile Barcode Generation and Payment (generation of mobile telephone bar code and payment), the solution of the present invention adopts dynamic strip-shaped sign indicating number, has solved owing to bar code shows the safe problem of bringing.
Description of drawings
Fig. 1 system structure synoptic diagram
Fig. 2 mobile-phone payment program division regimental commander figure
The composition of the dynamic strip-shaped sign indicating number of Fig. 3
The generation method of the dynamic strip-shaped sign indicating number of Fig. 4
Fig. 5 is based on the payment flow of bar code
Fig. 6 authentication method
The application of the different types of bar code of Fig. 7
Embodiment
In the ID bar code of in Application No. US2012185317 patent, narrating, increase the information that authentication needs.Described authentication information, the method for use dynamic authentication codes, it is all inequality to make that each bar code is represented.Even the bar code information leakage that is stolen so also can't be used by malice.
Fig. 1 system structure synoptic diagram
Described system comprises:
1. mobile phone 1, disposes the program based on bar code authentication in described mobile phone, is used for generating/expression bar code 7.
2. network 2, and the internet transmits data by agreements such as HTTPs, also can use its LAN as equal displacement, and the Socket communication mode that utilizes bottom.
3. central server 3, are used for the recorded electronic currency, perhaps handle similar electronic money commodity discount cupon, member's coupons, purchase by group other electronic money such as member, exchange ticket electronical record of deriving.Described server is the general physical server with CPU, storage, NIC, also can be based on the imaginary virtual server of physical server.Dispose bar code authentication program 31 in server 3, the bar code authentication method of explanation is carried out authentication processing according to the present invention.
4.POS functions such as cash register are finished at end end 4.POS end end is to have CPU, internal memory, storage, OS, calculation element.Peddle relevant program at described OS deploy commodity.
5. bar code device 5, are used for the suggested ID of identification mobile phone, are city dealer's general standard device.
When reality was implemented, POS end end 4 and ID recognition device 5 can be intensive in a table apparatus, and its actual treatment is identical with separate type with formation.
Described mobile phone has display screen, CPU and storage unit, disposes Android in storage unit
TMEtc. general purpose O S.In the mobile phone of described structure, according to figure below deployment program:
Fig. 2 is based on bar code authentication program deployment diagram
In the general purpose O S of described mobile phone, dispose the program 10 based on bar code authentication, described program 10 based on bar code authentication comprises bar code and generates module 101 and other functional modules 102
Described bar code generates module, utilizes the method for follow-up chapters and sections narration, generates dynamic strip-shaped sign indicating number; Described other functional modules 102 realize electronic money or electronic money derivant required function, do not have the related right requirement in the present invention.
The method that described bar code shows, (be illustrative ease, abbreviate conventional barcode (barcode) and 2 dimension sign indicating number Matrix (2D) barcodes as bar code), because bar code must represent just can be read by picture, therefore can't communicate by letter with NFC and equally set up Secure Chanel and carry out the communication of secret.Bar code is represented in this case, must adopt other modes that prevent from being stolen and be copied.Adopt the generation method of disposable bar code among the present invention.
The composition of the disposable bar code of Fig. 3
The information of bar code comprises
1. user ID 110, and described user ID is not encrypted, and expression transmits as general readable information (plaintext)
2. authenticate with dynamic authentication codes (dynamic AuthCode) 111, the described dynamic authentication codes information content comprises, password 1111, variable part 1112.For guaranteeing bar code in the expression process, its information is not revealed, and adopts MD5, the cryptographic hash of SHA series.Further, utilize the described content of realization that the HMAC function can be easy.
Easy for narrating, adopt the pattern in the secret signal.
AuthCode: user's authentication code
UID: user ID 110,
Pwd: password 1111, among the present invention, adopt common secret cryptographic key, described common secret cryptographic key is stored in the field of encryption of mobile phone.
△ T: variable part 1112, as an example, wherein T adopts current time.Consider the current time at mobile phone end end 1 and the current time in the server 3, may have error, therefore adopt △ T as variable part in the present invention, wherein △ T=T
Current– T
DurationT
CurrentBe the current time, T
DurationBe the Fuzzy Time section.
For ease of understanding, lift practical example further, be that 2013/4/10 11:08:34.234 Fuzzy Time section is 10 minutes as current time, then
△ T '=2013/4/10 11:08:34.234-0000/00/00 00:08:34.234=2013/4/10 11:00:00.000, last, the form of employing text line
△T?=?201304101100
This example only is, the narration implementation method can have other deriving methods under the equal design philosophy, and variable part includes but are not limited to the time.
AuthCode=Hash (UID ⊕ P ⊕ △ T), wherein the Hash function can adopt MD, the hash function of SHA series.
BarCode?=?{UID,?AuthCode}
Similarly, AuthCode can use the HMAC mode to handle to strengthen security, and its principle is identical with described hash mode.According to following formula, calculate the HMAC value.
Wherein,
The h hash function adopts the compound hash function of MD5 (SHA-1) as a reference in the present invention, also can use arbitrarily other hash function to replace as equal.
Pwd-is password 1111,
△ T is variable part 1112, and the result of therefore each AuthCode is different
Opad is fixed number 0x36, continuous 64 times
Ipad is fixed number 0x5C, continuous 64 times
Actual code can reference---http://www.atoam.com/payment/hmac, HMAC be the defined cryptographic methods of RFC-2104, so the theoretical card of the number of its security intensity can be with reference to relevant paper.Bellare,?(1996)?Keying?hash?functions?for?message?authentication
Because the nonreversibility of MD5 and SHA-1 has guaranteed HMAC
K(m) in transmission, authentication code passes through POS, but POS can't solution read the password that AuthCode comprises, in recent years the conflict property that studies show that simple MD5 about the Security Vulnerability of MD5 makes, use MD5 no longer safe separately, therefore use the compound hash function of MD5 (SHA-1) in the present invention.
The generation step of the dynamic strip-shaped sign indicating number of Fig. 4
Dynamic strip-shaped sign indicating number generates handling procedure and is deployed in the mobile phone end, and its generation step is:
G1 obtains user ID (110)
G2 obtains password 1111
G3 calculates variable part 1112
G4 uses hash function to generate dynamic authentication codes, and this step also can increase security intensity with the pad filling mode of HMAC function.
G5 links foregoing, generates the image of bar code.Described bar code image generation method, existing multiple Core Generator at present is as at android
TMUnder the platform, there are bar code storehouses such as Zxing directly to utilize.
The bar code image that generates shows at the screen of mobile phone, and time of showing of control, when the time surpasses the fixed time period, ends this bar code image.And according to said method, regenerate the bar code image of next time period.Thereby guarantee all effective property of each bar code, the bar code of no longer effective property can not be as the authentication of ID by server end.
Fig. 5 is based on the ID authentication processing flow process of bar code
Be treated to example with electronic money payment, in the system that comprises barcode recognizer 5, POS end end 4, server 3, based on the ID authentication processing flow process of bar code as shown in the figure:
A1 user is by mobile phone, show bar shape code; Barcode recognizer 5 reads shown bar code;
The A2 barcode recognizer, transforming the image that reads is text line
The A3 barcode recognizer is transmitted in POS end 4 with text line;
A7 POS pays successfully by picture image, sound notification user.
Above-mentioned steps has illustrated that authentication processing flow process and the number of patent application US2012185317 difference based on bar code is, adopts effective bar code of short time, replaces the user to import the method that PIN confirms in payment process.Such processing can reduce the needed time of payment under the prerequisite of equal safe coefficient.Also can add PIN as option and confirm step, with further increase security intensity.
Wherein steps A 3, in barcode recognizer 5, POS4 are split type equipment, connect by interfaces such as USB, bluetooth, and under integrated situation, the data transfer method swap data that provides by OS.
Fig. 6 authentication method
At server 3, dispose bar code authentication handling procedure 31, the method for authentication processing as shown in the figure:
A51 access authentication text line { ID, AuthCode}
A52 obtains and keeps ID and AuthCode from the authentication text line, and described AuthCode is used for relatively in subsequent step
A53 obtains password from server
A54 according to present moment, calculates variable part with same method from server
A55 generates dynamic authentication codes according to same method from server, and saves as AuthCode '
The AuthCode ' that the AuthCode that A56 relatively obtains from barcode recognizer and server calculate
If A57 is unanimity as a result, be set at authentication and pass through
If A58 result is inconsistent, the setting result is authentification failure
At described steps A 53~A55, the authentication code generating method of disposal route and mobile phone end is identical.Because the mobile phone end has been preserved identical common secret cryptographic key with server end, therefore under the prerequisite that secret cryptographic key is maintained secrecy, there is not the third party can generate identical authentication code.Simultaneously owing to adopted irreversible hash function, therefore the safety problem of information leakage can not take place, thereby realize the security same with Secure Channel in the transmission way.
In described steps A 58, under the inconsistent situation of result, may be the inefficacy of authentication code timeliness, consider availability, can select to compromise to a last time quantum end, recomputate, judge authentication result.
By above-mentioned processing, finished generation and the authentication processing of dynamic strip-shaped sign indicating number.In actual applications, utilize bar code ID authentication mode provided by the present invention, can use at electronic money, and relevant coupons, exchange ticket, the commodity of electronic money are counted etc. in the authentication processing of using.
In actual applications, use the bar code of various kinds to have different examples.
The application of the different types of bar code of Fig. 7
For being the 2D bar code 71 of representative with QR code, a general bar code can be represented 7089 numerals, and perhaps 4296 characters, one of such bar code just can comprise ID and authentication code dynamically.
Meet global unified traditional one-dimensional bar code 72 of ISO/IEC 15420 standards for UPC, because a bar code can only be represented 13 numerals, therefore dynamic authentication code also needs to carry out the Hex digital conversion, and cuts down a certain amount of numeral and can be expressed.In order to guarantee security, the present invention adopts two sections bar codes to represent ID, and dynamic authentication codes, at this time, the expression ID bar code fix, the expression dynamic authentication codes be to have ageing variable bar shape code.
By above implementation method, the present invention has realized utilizing mobile phone to adopt the mode of bar code, finishes identification and the authentication of ID.
More than used specific case that specific embodiments of the invention are described, the explanation of this embodiment just is used for helping to understand method of the present invention and core concept; For one of ordinary skill in the art, according to thought of the present invention, all have change in specific embodiments and applications and change part simultaneously, such as
1. little modification structure of the present invention increases/reduces non-significant element, and it is intensive or be independent of correlation unit;
2. merge barcode recognizer and POS, adopt integrated equipment, but structure is identical with disposal route;
3. same disposal route is positioned over other servers, separates meaninglessly;
4. the inching of implementation step order will not be as will there being the processing transposing of sequencing;
5. cancellation is encrypted or the necessary security processing, and unsafe service inferior merely is provided;
6. change the name that constitutes the unit, as electronic money server being changed into the variation of no technology contents such as exchange ticket server.
Therefore, this description should not be construed as limitation of the present invention, and all any modifications of doing within the spirit and principles in the present invention, the improvement of replacing, deleting additional step on an equal basis all are included in of the present invention comprising in the scope.
Claims (9)
1. one kind is utilized mobile phone to represent bar code, finishes the system of authentication by bar code, it is characterized in that described Verification System, comprises
(1) user mobile phone is used for generating, representing bar code
(2) network is used for communicating by letter of server and POS terminal
(3) server is used for preserving electronical records such as electronic money, carries out bar code authentication and handles
(4) POS terminal is used for finishing functions such as payment
(5) barcode recognizer is used for the identification bar code.
2. user mobile phone according to claim 1 is characterized in that comprising display screen, CPU, storage as hardware, and standard OS is as software platform.
3. server according to claim 1 is characterized in that comprising CPU, internal memory, storage, NIC as hardware, and standard OS is as the software platform.
4. barcode recognizer and POS terminal according to claim 1 is characterized in that having independent and intensive in two kinds of forms of one respectively.
5. generation/the method for expressing of a bar code, the generation/method for expressing of described bar code is characterized in that, generates module and realizes by being deployed in bar code in the mobile phone.
6. as bar code as described in the claim 5, it is characterized in that comprising user ID and dynamic authentication codes, described dynamic authentication codes is characterized in that having ageing, and the authentication code of no longer effective property can't be used for the user ID authentication.
7. as dynamic authentication codes as described in the claim 6, be further characterized in that and comprise the common secret cryptographic key encrypted by hash function and the information of variable part in the described authentication code, described dynamic authentication codes has irreversible feature, can't recover the information such as common secret cryptographic key that transmit from authentication code.
8. the authentication method of a bar code, the authentication method of described bar code is characterized in that realizing by the bar code authentication program that is deployed in server.
9. the authentication method as bar code as described in the claim 8 is characterized in that, comprises following steps
(1) access authentication text line, { ID, AuthCode}
(2) from the authentication text line, obtain and keep ID and AuthCode
(3) from server, obtain password
(4) from server according to present moment, calculate variable part with same method
(5) from server, generate dynamic authentication codes according to same method, and save as AuthCode '
(6) AuthCode ' that the AuthCode that relatively obtains from barcode recognizer and server calculate
(7) if unanimity as a result is set at authentication and passes through
(8) if the result is inconsistent, the setting result is authentification failure.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310125357.8A CN103258265B (en) | 2013-04-11 | 2013-04-11 | A kind of ID authentication method indicated based on bar code |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310125357.8A CN103258265B (en) | 2013-04-11 | 2013-04-11 | A kind of ID authentication method indicated based on bar code |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103258265A true CN103258265A (en) | 2013-08-21 |
CN103258265B CN103258265B (en) | 2019-04-05 |
Family
ID=48962166
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310125357.8A Active CN103258265B (en) | 2013-04-11 | 2013-04-11 | A kind of ID authentication method indicated based on bar code |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103258265B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103729765A (en) * | 2014-01-15 | 2014-04-16 | 腾讯科技(深圳)有限公司 | Verification control method and system, terminal, server, terminal equipment |
CN104933587A (en) * | 2015-06-29 | 2015-09-23 | 南京航空航天大学 | Barcode generation system based on Hash function |
CN107690667A (en) * | 2015-06-08 | 2018-02-13 | 亿贝韩国有限公司 | Use the payment system and its method for user's non-repudiation of user terminal |
CN108473228A (en) * | 2016-01-20 | 2018-08-31 | 埃里希乌奇股份公司 | The packing container of license plate;The method and marking press of marking press are run using packing container |
EP3620948A4 (en) * | 2017-07-03 | 2020-04-29 | Alibaba Group Holding Limited | Method and apparatus for achieving dynamic graphical code |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101345898A (en) * | 2007-07-11 | 2009-01-14 | 北京方维银通科技有限公司 | Electronic warrant payment platform, system and method |
CN101702223A (en) * | 2009-11-27 | 2010-05-05 | 吴剑 | Mobile phone POS payment method and system |
US20100138344A1 (en) * | 2008-12-02 | 2010-06-03 | Ebay Inc. | Mobile barcode generation and payment |
CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
CN102750510A (en) * | 2012-06-19 | 2012-10-24 | 袁开国 | Credible two-dimensional code scheme based on public key infrastructure (PKI) and HASH algorithm |
CN102842081A (en) * | 2011-06-23 | 2012-12-26 | 上海易悠通信息科技有限公司 | Method for generating two-dimensional code and implementing mobile payment by mobile phone |
CN103020818A (en) * | 2013-01-09 | 2013-04-03 | 重庆新亚盟电子科技有限公司 | Payment system utilizing dynamic two-dimensional verification codes |
-
2013
- 2013-04-11 CN CN201310125357.8A patent/CN103258265B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101345898A (en) * | 2007-07-11 | 2009-01-14 | 北京方维银通科技有限公司 | Electronic warrant payment platform, system and method |
US20100138344A1 (en) * | 2008-12-02 | 2010-06-03 | Ebay Inc. | Mobile barcode generation and payment |
CN102232225A (en) * | 2008-12-02 | 2011-11-02 | 电子湾有限公司 | Mobile barcode generation and payment |
CN101702223A (en) * | 2009-11-27 | 2010-05-05 | 吴剑 | Mobile phone POS payment method and system |
CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
CN102842081A (en) * | 2011-06-23 | 2012-12-26 | 上海易悠通信息科技有限公司 | Method for generating two-dimensional code and implementing mobile payment by mobile phone |
CN102750510A (en) * | 2012-06-19 | 2012-10-24 | 袁开国 | Credible two-dimensional code scheme based on public key infrastructure (PKI) and HASH algorithm |
CN103020818A (en) * | 2013-01-09 | 2013-04-03 | 重庆新亚盟电子科技有限公司 | Payment system utilizing dynamic two-dimensional verification codes |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103729765A (en) * | 2014-01-15 | 2014-04-16 | 腾讯科技(深圳)有限公司 | Verification control method and system, terminal, server, terminal equipment |
CN103729765B (en) * | 2014-01-15 | 2016-02-17 | 腾讯科技(深圳)有限公司 | A kind of authentication control method, terminal, server, terminal device and system |
US9734497B2 (en) | 2014-01-15 | 2017-08-15 | Tencent Technology (Shenzhen) Company Limited | Method, terminal, server, device, and system of verification control |
US10055730B2 (en) | 2014-01-15 | 2018-08-21 | Tencent Technology (Shenzhen) Company Limited | Method, terminal, server, device, and system of verification control |
CN107690667A (en) * | 2015-06-08 | 2018-02-13 | 亿贝韩国有限公司 | Use the payment system and its method for user's non-repudiation of user terminal |
CN104933587A (en) * | 2015-06-29 | 2015-09-23 | 南京航空航天大学 | Barcode generation system based on Hash function |
CN108473228A (en) * | 2016-01-20 | 2018-08-31 | 埃里希乌奇股份公司 | The packing container of license plate;The method and marking press of marking press are run using packing container |
CN108473228B (en) * | 2016-01-20 | 2020-07-28 | 埃里希乌奇股份公司 | A packaging container for a license plate; method for operating a stamping press with packaging containers and stamping press |
EP3620948A4 (en) * | 2017-07-03 | 2020-04-29 | Alibaba Group Holding Limited | Method and apparatus for achieving dynamic graphical code |
US10943160B2 (en) | 2017-07-03 | 2021-03-09 | Advanced New Technologies Co., Ltd. | Dynamic graphic code implementation method and apparatus |
Also Published As
Publication number | Publication date |
---|---|
CN103258265B (en) | 2019-04-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6629952B2 (en) | Method and apparatus for securing mobile applications | |
US9864983B2 (en) | Payment method, payment server performing the same and payment system performing the same | |
US9613365B2 (en) | Methods, systems, and computer readable media for secure near field communication of a non-secure memory element payload | |
US8478990B2 (en) | Mobile transaction methods and devices with three-dimensional colorgram tokens | |
US9646296B2 (en) | Mobile-to-mobile transactions | |
EP3039627B1 (en) | Method for authenticating transactions | |
EP3017580B1 (en) | Signatures for near field communications | |
CN112823335A (en) | System and method for password authentication of contactless cards | |
Fan et al. | Secure authentication protocol for mobile payment | |
CN112602104A (en) | System and method for password authentication of contactless cards | |
CN110290134A (en) | A kind of identity identifying method, device, storage medium and processor | |
CN103258265A (en) | ID authentication method based on representation of barcode | |
CN104282091A (en) | Bill data generating/transmitting/storing/authenticating method | |
CN104038924A (en) | Method and system for achieving resource exchange information processing | |
CN103997408A (en) | Authentication method and system for transmitting authentication data by use of graphs and images | |
KR101205863B1 (en) | System and Method For Transferring Money Using OTP And QR-code | |
KR101585601B1 (en) | Method for Embodying Once Authentication Code by using Multiple Media Division Authentication | |
US9990167B2 (en) | Mobile authentication for enabling host device functions | |
CN104320261B (en) | Identity authentication method, financial smart card and terminal are realized on financial smart card | |
EP3507756B1 (en) | Generation and verification of a temporary card security code for use in card based transactions | |
EP3996323A1 (en) | Digital signing of a data structure | |
CN105427102A (en) | Financial IC card based authentication method and corresponding device and system | |
KR20200064017A (en) | Method for generating fido2.o public key and private key based on blockchain | |
CN103475623A (en) | Dynamic barcode certification system and its certification method | |
KR20120087788A (en) | System and method for authentication using barcodes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |