CN103258265B - A kind of ID authentication method indicated based on bar code - Google Patents
A kind of ID authentication method indicated based on bar code Download PDFInfo
- Publication number
- CN103258265B CN103258265B CN201310125357.8A CN201310125357A CN103258265B CN 103258265 B CN103258265 B CN 103258265B CN 201310125357 A CN201310125357 A CN 201310125357A CN 103258265 B CN103258265 B CN 103258265B
- Authority
- CN
- China
- Prior art keywords
- bar code
- server
- certification
- user
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Telephone Function (AREA)
- Cash Registers Or Receiving Machines (AREA)
- Telephonic Communication Services (AREA)
Abstract
The bar code for being generated/being indicated User ID using mobile phone completes the various processing for needing ID to authenticate of e-payment etc. in e-commerce by ID represented by bar code.Since bar code must be indicated by picture, no image of Buddha NFC communication or other communication modes equally establish exit passageway (Secure Channel).And be to prevent ID from being pretended, usual way is to input PIN code by user further to be confirmed.In the present invention, the method for having used dynamic authentication codes, authenticates instead of PIN.The dynamic authentication codes guarantee within the scope of only certain time that effectively user only needs the not stolen safety for ensuring that ID certification of the bar code for protecting oneself within a certain period of time.To simplify certification formality and required time, and it ensure that the same above safety.Irreversible cryptographic Hash is used in the transmission of dynamic authentication codes, guarantees that the authentication information for including in authentication code will not be replicated.
Description
Technical field
The present invention relates to e-commerce field more particularly to the safety certification application fields of e-commerce.
Background technique
1. background
Based on the payment for the smart phone for carrying NFC chip, since SecureElement equal-specification is not yet unified, mobile phone
Manufacturer and operation vendor specifications standard be not also identical, therefore brings very big difficulty to importing and commercial operation.In this background
Under, market needs a kind of easier method, in the phase at dawn of NFC smart phone, start the e-payment based on mobile phone, with
It takes the lead in obtaining market support.
2. subject invention
Using the expression of bar code, the certification of ID is completed, and solve bar code to establish exit passageway (Secure
Channel), it is but necessary to ensure that the project of safety simultaneously.
Summary of the invention
By smart phone, in the form of bar code, the ID of user is indicated, and by authentication code relevant with ID, complete
ID certification.And bar code is generated using the dynamic authentication codes of certain timeliness, quilt is easy during indicating to solve bar code
The project of duplication.
Progressive of the invention is:
1. importing the electronic payment mode based on smart phone in advance before NFC mobile phone is universal.
2. it is compared to, what Ebay Inc was proposed, U.S. Patent Application No. US2012185317, Mobile Barcode
Generation and Payment (generation and payment of mobile telephone bar code), the solution of the present invention use dynamic strip-shaped code, solution
It has determined due to bar code display and the safe project of bring.
Detailed description of the invention
Fig. 1 system constructs synoptic diagram
Fig. 2 mobile-phone payment program division regimental commander figure
The composition of the dynamic strip-shaped code of Fig. 3
The generation method of the dynamic strip-shaped code of Fig. 4
Payment flow of the Fig. 5 based on bar code
Fig. 6 authentication method
The application of the different types of bar code of Fig. 7
Specific embodiment
In the ID bar code described in U.S. Patent Application No. US2012185317 patent, increase the letter that certification needs
Breath.The authentication information, using the method for dynamic authentication codes, so that each bar code expression is different from.Accordingly even when item
Code information is stolen leakage, also can not maliciously be used.
Fig. 1 system constructs synoptic diagram
The system comprises:
1. mobile phone 1 disposes the program based on bar code authentication, for generating/indicating bar code 7 in the mobile phone.
2. network 2, internet transmit data by agreements such as HTTPs, its LAN also can be used as same displacement,
And the Socket communication mode using bottom.
3. central server 3, for recording electronic money, or commodity discount cupon, the member of the similar electronic money of processing
Coupons, the derivative electronical record of other electronic money such as purchase by group member, exchange ticket.The server is with CPU, storage, NIC
General physical server, be also possible to the imaginary virtual server based on physical server.Bar code is disposed in server 3
Authentication procedure 31, the bar code authentication method illustrated according to the present invention carry out authentication processing.
The functions such as cash register are completed at the end 4.POS end 4.POS terminal end be with CPU, memory, storage, OS, computing device.?
The relevant program of commodity selling is disposed on the OS.
5. bar code device 5, ID suggested by mobile phone, is the general standard device of city dealer for identification.
In actual implementation, POS terminal end 4 and ID identification device 5 can be intensive in a device, actual treatment and
It constitutes identical as separate type.
The mobile phone has display screen, CPU and storage unit, disposes Android in the memory unitTMEtc. general purpose Os S.
In the mobile phone of the structure, according to following figure deployment program:
Fig. 2 is based on bar code authentication program deployment diagram
In the general purpose O S of the mobile phone, program 10 based on bar code authentication is disposed, it is described based on bar code authentication
Program 10 includes bar code generation module 101 and other function module 102
The bar code generation module, the method described using following sections, generates dynamic strip-shaped code;The other function
Module 102 realizes electronic money or electronic money derivative required function, in the present invention without accompanying claims.
Conventional barcode (barcode) and 2 (for illustrative ease, are tieed up code Matrix by the method for the bar code display
(2D) barcodes is referred to as bar code), due to bar code must by picture indicate can just be read, can not and NFC
Communication equally establishes Secure Chanel and carries out secret communication.In this case bar code indicates, it is necessary to anti-using other
Only be stolen the mode being copied.The generation method of disposable bar code is used in the present invention.
The composition of the disposable bar code of Fig. 3
The information of bar code includes
1. User ID 110, the User ID is not encrypted, and indicates to transmit as general readable information (plaintext)
2. certification dynamic authentication codes (dynamic AuthCode) 111, the dynamic authentication codes information content include,
Password 1111, variable part 1112.To guarantee bar code during expression, information is not leaked, using MD5, SHA series
Cryptographic Hash.Further, the realization content that can be easy using HMAC function.
It is easy for narration, using the mode in secret signal.
AuthCode: user authentication code
UID: User ID 110,
Pwd: password 1111, the present invention in, using common secret cryptographic key, the common secret cryptographic key be stored in mobile phone plus
Close field.
△ T: variable part 1112, as example, wherein T uses current time.In view of the current time at mobile phone terminal end 1
With the current time in server 3, it is understood that there may be error, therefore in the present invention using △ T as variable part, wherein △ T
= Tcurrent –Tduration TcurrentFor current time, TdurationFor Fuzzy Time section.
For ease of understanding, practical example is further lifted, when obscuring such as current time for 2013/4/10 11:08:34.234
Between section be 10 minutes, then
△T’ = 2013/4/10 11:08:34.234 - 0000/00/00 00:08:34.234 = 2013/4/10
11:00:00.000 finally, using the format of character string
△T = 201304101100
This example is only to describe implementation method, can have other deriving methods under equal design thought, variable part includes
But it is not limited only to the time.
AuthCode=Hash (UID ⊕ P ⊕ △ T), wherein Hash function can use MD, the Kazakhstan of SHA series
Uncommon function.
BarCode = {UID, AuthCode}
Similarly, AuthCode can be used HMAC mode and handle to enhance safety, principle and the hash mode
It is identical.According to following formula, HMAC value is calculated.
Wherein,
H hash function also can be used as with reference to the compound hash function for using MD5 (SHA-1) in the present invention
Any others hash function is as same replacement.
Pwd- is password 1111,
△ T is variable part 1112, therefore the result of each AuthCode is all different
Opad be fixed number 0x36, continuous 64 times
Ipad be fixed number 0x5C, continuous 64 times
For XOR ethics and calculating
Actual code can refer to --- and http://www.atoam.com/payment/hmac, HMAC are RFC-2104
Defined cryptographic methods, so the mathematics demonstration of its security intensity can refer to correlative theses.Bellare, (1996)
Keying hash functions for message authentication
Due to the irreversibility of MD5 and SHA-1, HMAC ensure thatK(m) in transmission, authentication code by POS, but POS without
Method interprets the password that AuthCode is included, in recent years about the Security Vulnerability of MD5 research shows that simple MD5's rushes
Prominent property makes, and it is no longer safe that MD5 is used alone, therefore the compound hash function of MD5 (SHA-1) is used in the present invention.
The generation step of the dynamic strip-shaped code of Fig. 4
Dynamic strip-shaped code generates processing routine and is deployed in mobile phone terminal, generation step are as follows:
G1 obtains User ID (110)
G2 obtains password 1111
G3 calculates variable part 1112
G4 generates dynamic authentication codes using hash function, this step can also can be with the pad filling mode of HMAC function
Increase security intensity.
G5 links above content, generates the image of bar code.The bar code image generation method, at present there are many
Core Generator, such as in androidTMUnder platform, there is the bar codes such as Zxing library that can directly utilize.
The bar code image of generation is shown on the screen of mobile phone, and controls the time of display, is more than fixed when the time
When the period, stop the bar code image.And according to the above method, the bar code image of next period is regenerated.From
And guaranteeing each bar code time-effectiveness, the bar code of no longer effective property cannot function as certification of the ID by server end.
ID authentication processing process of the Fig. 5 based on bar code
By taking electronic money payment is handled as an example, comprising barcode recognizer 5, POS terminal end 4, server 3 system in,
ID authentication processing process based on bar code is as shown in the figure:
A1 user shows bar code by mobile phone;Barcode recognizer 5 reads shown bar code;
A2 barcode recognizer, converting read image is character string
Character string is transmitted in POS terminal 4 by A3 barcode recognizer;
Character string is transmitted in server 3 by A4 POS terminal 4
A5 server 3 authenticates character string according to the authentication method of following sections
Authentication result is transmitted in POS by A6 server 3
A7 POS is paid successfully by picture image, sound notification user.
Above-mentioned steps illustrate authentication processing process based on bar code and number of patent application US2012185317 institute not
It is same, using short time effective bar code, the method for PIN confirmation is inputted in payment process instead of user.Such place
Reason can reduce the time required for paying under the premise of same safe coefficient.PIN confirmation step can also be added as option
Suddenly, to further increase security intensity.
Wherein step A3 is to be connect in split type equipment by USB, bluetooth etc. in barcode recognizer 5, POS4
Mouth connection passes through the data transfer method that OS is provided and exchanges data in integrated situation.
Fig. 6 authentication method
In server 3, bar code authentication processing routine 31 is disposed, the method for authentication processing is as shown in the figure:
A51 obtains certification character string { ID, AuthCode }
A52 obtains and keeps ID and AuthCode, the AuthCode is used in the next steps from certification character string
In comparing
A53 obtains password from server
A54, according to present moment, calculates variable part from server in the same way
A55 generates dynamic authentication codes according to same method from server, and saves as AuthCode '
A56 compares the AuthCode obtained from barcode recognizer and the calculated AuthCode ' of server
If A57 result is consistent, it is set as certification and passes through
If A58 result is inconsistent, result is set as authentification failure
In the step A53~A55, processing method is identical with the certification code generating method of mobile phone terminal.Due to mobile phone terminal and
Server end saves identical common secret cryptographic key, therefore under the premise of secret cryptographic key secrecy, no third party can be given birth to
At identical authentication code.Simultaneously because using irreversible hash function, therefore information leakage will not occur on the way in transmission
Safety problem, to realize safety same with Secure Channel.
In the case where the step A58 is as a result inconsistent, it may be possible to which the failure of authentication code timeliness considers availability, can
It is compromised with selection to a upper time quantum end, recalculates, judge authentication result.
By above-mentioned processing, the generation and authentication processing of dynamic strip-shaped code are completed.In practical applications, the present invention is utilized
Provided bar code ID authentication mode, can be used electronic money and the relevant coupons of electronic money, exchange ticket,
In the authentication processings of applications such as commodity points.
In practical applications, different examples is had using various bar codes.
The application of the different types of bar code of Fig. 7
For using QR code as the 2D bar code 71 of representative, a general bar code can indicate 7089 numbers, or
4296 characters, such bar code one can include ID and dynamic authentication code.
The global unified traditional one-dimensional bar code 72 for meeting 15420 standard of ISO/IEC for UPC, due to a bar shaped
Code can only indicate 13 numbers, therefore dynamic authentication code also needs to carry out Hex number conversion, and cuts down a certain amount of number
It can be expressed.In order to guarantee safety, the present invention indicates ID and dynamic authentication codes using two sections of bar codes, at this time,
Indicate ID bar code be it is fixed, expressions dynamic authentication codes be the variable bar code with timeliness.
By the above implementation method, the present invention is realized by mobile phone in the way of bar code, complete ID identification and
Certification.
Specific embodiments of the present invention are described in specific case used above, and the explanation of the embodiment is only used
Method and core concept of the invention are understood in help;Simultaneously for those of ordinary skill in the art, think of according to the present invention
Think, has change in specific embodiments and applications and change place, such as
1. micro- modification structure of the invention, the insignificant unit of increase/reduction is intensive or independently of correlation unit by its;
2. merging barcode recognizer and POS, using integrated equipment, but structure is identical with processing method;
3. same processing method is placed in other servers, it is not intended to which free burial ground for the destitute is separated;
4. the micro-adjustment of implementation steps sequence, such as the processing of not no sequencing is exchanged;
5. cancelling encryption or necessary safe handling, unsafe service inferior is merely provided;
6. replacing the name of Component units, such as electronic money server is changed to exchange ticket server without technology contents
Variation.
Therefore, the contents of this specification are not to be construed as limiting the invention, all within the spirits and principles of the present invention
Made any modification, the improvement for replacing, deleting additional step on an equal basis, are all contained in scope of the invention.
Claims (2)
1. a kind of ID authentication method indicated based on bar code, comprising steps of
Step 1. user generated using payment mechanism/indicate bar code,
Bar code described in step 2. is read by the apparatus for reading of bar code on sales end end,
Step 3. sales end end is transmitted to the server of service provider using network,
Step 4. server completes the ID certification that bar code indicates,
It is characterized in that, bar code described in the step 1 is included in decoded content:
User ID and dynamic authentication codes, dynamic authentication codes be can not the calculated coding of inverse function, can not be solved from authentication code
It is close go out original content, and length is to fix, and the certification coding generated every time is not identical;
Step 1. user generated using payment mechanism/indicate bar code comprising the steps of:
User ID is obtained,
User password is obtained,
Variable part is calculated,
Using can not inverse function generate dynamic authentication codes,
Link above content, generates the image of bar code;
The variable part includes admissible time value, and allowing time value is △ T=Tcurrent–TdurationIts TcurrentFor
Current time, TdurationFor Fuzzy Time section;
Step 4. server completes the ID certification that bar code indicates comprising the steps of:
It obtains and authenticates character string, { ID, AuthCode },
From certification character string, ID and AuthCode are obtained and keep,
Password is obtained from server,
According to present moment from server, variable part is calculated in the same way,
Dynamic authentication codes are generated according to same method from server, and save as AuthCode ',
Compare the AuthCode obtained from barcode recognizer and the calculated AuthCode ' of server,
If result is consistent, it is set as certification and passes through,
If result is inconsistent, result is set as authentification failure.
2. the ID authentication method indicated as described in claim 1 based on bar code, it is characterised in that it is described can not inverse function are as follows:
Wherein,
H hash function,
Pwd is password,
△ T is variable part,
Opad is fixed number,
Ipad is fixed number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310125357.8A CN103258265B (en) | 2013-04-11 | 2013-04-11 | A kind of ID authentication method indicated based on bar code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310125357.8A CN103258265B (en) | 2013-04-11 | 2013-04-11 | A kind of ID authentication method indicated based on bar code |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103258265A CN103258265A (en) | 2013-08-21 |
| CN103258265B true CN103258265B (en) | 2019-04-05 |
Family
ID=48962166
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310125357.8A Active CN103258265B (en) | 2013-04-11 | 2013-04-11 | A kind of ID authentication method indicated based on bar code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103258265B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103729765B (en) | 2014-01-15 | 2016-02-17 | 腾讯科技(深圳)有限公司 | A kind of authentication control method, terminal, server, terminal device and system |
| US20200034835A1 (en) * | 2015-06-08 | 2020-01-30 | Ebay Korea Co., Ltd. | Payment system for user non-repudiation using user terminal and method thereof |
| CN104933587A (en) * | 2015-06-29 | 2015-09-23 | 南京航空航天大学 | Barcode generation system based on Hash function |
| DE102016100929A1 (en) * | 2016-01-20 | 2017-07-20 | Erich Utsch Ag | Packaging containers for license plates; Method for operating an embossing press using the packaging container and embossing press |
| CN107451501B (en) * | 2017-07-03 | 2020-03-06 | 阿里巴巴集团控股有限公司 | Method and device for realizing dynamic graphic coding |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345898A (en) * | 2007-07-11 | 2009-01-14 | 北京方维银通科技有限公司 | Electronic warrant payment platform, system and method |
| CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
| CN102750510A (en) * | 2012-06-19 | 2012-10-24 | 袁开国 | Credible two-dimensional code scheme based on public key infrastructure (PKI) and HASH algorithm |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10839384B2 (en) * | 2008-12-02 | 2020-11-17 | Paypal, Inc. | Mobile barcode generation and payment |
| CN101702223A (en) * | 2009-11-27 | 2010-05-05 | 吴剑 | Mobile phone POS payment method and system |
| CN102842081A (en) * | 2011-06-23 | 2012-12-26 | 上海易悠通信息科技有限公司 | Method for generating two-dimensional code and implementing mobile payment by mobile phone |
| CN103020818B (en) * | 2013-01-09 | 2016-04-20 | 重庆钱阿宝电子科技有限公司 | Dynamic Two-dimensional identifying code payment system |
-
2013
- 2013-04-11 CN CN201310125357.8A patent/CN103258265B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345898A (en) * | 2007-07-11 | 2009-01-14 | 北京方维银通科技有限公司 | Electronic warrant payment platform, system and method |
| CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
| CN102750510A (en) * | 2012-06-19 | 2012-10-24 | 袁开国 | Credible two-dimensional code scheme based on public key infrastructure (PKI) and HASH algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103258265A (en) | 2013-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10333955B2 (en) | Method and system to protect software-based network-connected devices from advanced persistent threat | |
| JP6401278B2 (en) | How to authenticate a transaction | |
| CN107077670B (en) | Method and apparatus for transmitting and processing transaction message, computer readable storage medium | |
| US9071963B2 (en) | Methods, systems, and computer readable media for secure near field communication of a non-secure memory element payload | |
| US9721237B2 (en) | Animated two-dimensional barcode checks | |
| CN103258265B (en) | A kind of ID authentication method indicated based on bar code | |
| Chang | A secure operational model for mobile payments | |
| JP5869733B2 (en) | Authentication server, authentication system, authentication method, and program | |
| KR20140140553A (en) | Using bar-codes in an asset storage and transfer system | |
| CN104282091A (en) | Bill data generating/transmitting/storing/authenticating method | |
| CN103997408A (en) | Authentication method and system for transmitting authentication data by use of graphs and images | |
| KR101205863B1 (en) | System and Method For Transferring Money Using OTP And QR-code | |
| TW201349127A (en) | Dynamic barcode verification system and its verification method | |
| CN112202794A (en) | Transaction data protection method and device, electronic equipment and medium | |
| CN103475623A (en) | Dynamic barcode certification system and its certification method | |
| CN109640277A (en) | SMS processing and device applied to usim card | |
| CA2859074C (en) | Method for pairing electronic apparatuses | |
| CN106960345B (en) | Internet of things card and working method thereof | |
| Akande et al. | ADAPTATION AND USABILITY OF QUICK RESPONSE CODES FOR SUBSCRIPTION TO MOBILE NETWORK OPERATORS’SERVICES | |
| Cruz | Nfc and mobile payments today | |
| CN109816359B (en) | Service calling method and system | |
| KR20230171427A (en) | Systems and methods for secure transactions | |
| Tran | Mobile Payment Security: A case study of Digital Wallet MOMO | |
| TWM552137U (en) | Online banking service system | |
| Tao-Ku | A Secure Operational Model for Mobile Payments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |