Summary of the invention
The object of the invention is to propose a kind of authenticate device, system and method based on electronic transaction, in order to improve the security of electronic transaction, and user's stored value card information leakage while avoiding electronic transaction.
For reaching this object, the present invention by the following technical solutions:
An electronic trade method based on authentication, comprises step:
S1, when user uses the Stored Value device store the user profile of having encrypted to carry out electronic transaction, the user profile of having encrypted described in reading also authenticates described user profile of having encrypted, when authentication success, execution step S2, otherwise Fail Transaction, finishes;
S2, obtain active user's transaction service data, and by network send described transaction service data to network trading platform to obtain pre-stored in described network trading platform and trade information that current transaction system is corresponding, according to described trade information, described user profile of having encrypted is decrypted;
S3, according to described transaction service data, described user profile of having deciphered is carried out to alignment processing, and the user profile after processing is authenticated; When authentication success, encrypt the user profile after described processing, upgrade user profile corresponding in described Stored Value device;
Wherein, described user profile at least comprises: subscriber identity information and corresponding Stored Value information.
Wherein, described step S1 comprises:
S11, when user uses the Stored Value device store the user profile of having encrypted to carry out electronic transaction, whether the user profile of having encrypted described in detection correct, when being, reads the user profile of having encrypted in described Stored Value device; Otherwise Fail Transaction, finishes;
S12, described user profile of having encrypted is authenticated, if authentication success is carried out S13; Otherwise Fail Transaction, finishes;
Whether the described user profile of having encrypted of S13, detection authentication success is correct, when being, and execution step S2, otherwise Fail Transaction, finishes.
Wherein, described step S3 comprises:
S31, according to described transaction service data, described user profile of having deciphered is carried out to alignment processing;
S32, the user profile after processing is authenticated; When authentication success, encrypt the user profile after described processing; Otherwise Fail Transaction, finishes;
S33, the user profile after the processing of having encrypted is write to described Stored Value device, upgrade user profile corresponding in described Stored Value device.
A system for the described electronic trade method based on authentication, comprising:
Stored Value device, is encrypted for storing subscriber information and to described user profile;
Authenticate device, for reading the user profile that described Stored Value device encrypted and described user profile of having encrypted being authenticated, and is transferred to transaction system by the user profile of having encrypted of authentication success;
Transaction system, for receiving after the user profile of having encrypted of described authenticate device transmission, reads active user's transaction service data, and by network, described transaction service data is sent to network trading platform;
Network trading platform, for search the database of setting up in advance according to described transaction service data, obtains the trade information corresponding with described transaction system, and described trade information is returned to described transaction system;
Described transaction system also for, according to described trade information, the described user profile of having encrypted receiving is decrypted, and the user profile of having deciphered described in processing according to described transaction service data, and the user profile after processing is returned to authenticate device;
Described authenticate device also for, the user profile after described processing is authenticated; And the user profile after the processing of authentication success is encrypted, and the user profile after the described processing after encrypting is write to described Stored Value device;
Wherein, described user profile at least comprises: subscriber identity information and corresponding Stored Value information.
Wherein, described Stored Value device comprises:
The first storage unit, for storing subscriber information;
The first ciphering unit, is connected with described the first storage unit, for described user profile is encrypted;
The first linkage unit, for the user profile of having encrypted to described authenticate device transmission.
Wherein, described Stored Value device also comprises:
The first detecting unit, be connected with described the first linkage unit with described the first ciphering unit, for before sending the user profile encrypted, whether the user profile of having encrypted described in detection is correct, when being, trigger the user profile of having encrypted described in described the first linkage unit transmission.
Wherein, described authenticate device comprises:
The second linkage unit, for communicating to connect with described Stored Value device, receives the user profile of having encrypted in described Stored Value device, also for the user profile after the processing of having encrypted being write to described Stored Value device;
Main control unit, the user profile of having encrypted receiving for reading described the second linkage unit, and control authentication ' unit described user profile of having encrypted is authenticated;
Authentication ' unit, for the user profile of having encrypted of the described Stored Value device receiving is authenticated, also authenticates for the user profile after described transaction system is processed, and the user profile after the processing of authentication success is encrypted;
The 3rd linkage unit, for being transferred to transaction system by the described user profile of having encrypted of authentication success;
The second storage unit, for storing corresponding authentication procedure and encrypting and decrypting program.
Wherein, described authenticate device also comprises:
The second detecting unit, whether the user profile of having encrypted receiving for detection of described the second linkage unit is correct, when being, triggers the user profile that described main control unit has been encrypted described in starting to read;
The 3rd detecting unit, whether correct for detection of the user profile of having encrypted of authentication success, when being, triggering described the 3rd linkage unit and to transaction system, transmit the user profile of having encrypted of described authentication success.
Wherein, described authenticate device also comprises:
Security protection unit; for when the described user information authentication of having encrypted is failed; search pre-stored described Stored Value device and the contingency table of respective user, obtain subscriber phone corresponding to described Stored Value device, and to described subscriber phone, send the short message of authentification failure.
By electronic trade method and the system based on authentication of the present invention, its beneficial effect comprises: make electronic trading system increase new function, can authenticate respectively the Stored Value device of concluding the business and corresponding transaction system, improve the security of electronic transaction; Combining encryption decryption mechanisms user profile is transmitted with the form of ciphertext, has avoided user profile in electronic transaction process to leak; In addition, by Multiple detection mechanism and safety protecting mechanism, further improved the security of electronic transaction.
Embodiment
Below in conjunction with accompanying drawing and by embodiment, further illustrate technical scheme of the present invention.
Fig. 1 is a kind of main process flow diagram of electronic trade method based on authentication that the specific embodiment of the invention 1 provides.As shown in Figure 1, the electronic trade method based on authentication of the present embodiment comprises step:
S1, when user uses the Stored Value device store the user profile of having encrypted to carry out electronic transaction, the user profile of having encrypted described in reading also authenticates described user profile of having encrypted, when authentication success, execution step S2, otherwise Fail Transaction, finishes.
In the present embodiment, described user profile at least comprises: subscriber identity information and corresponding Stored Value information.Wherein, the concrete grammar that described user profile of having encrypted is authenticated can be set different authentication modes according to actual conditions, and as modes such as static password authentication, dynamic password authentication, biological characteristic authentications, the present invention is not construed as limiting this.In the present embodiment, also need in advance corresponding authentication procedure to be stored in corresponding electronic trading system.In like manner, the mode that the user profile in described Stored Value device is encrypted and deciphers also can be set according to actual conditions, and in advance corresponding encrypting and decrypting program is stored in corresponding electronic trading system.
S2, obtain active user's transaction service data, and by network send described transaction service data to network trading platform to obtain pre-stored in described network trading platform and trade information that current transaction system is corresponding, according to described trade information, described user profile of having encrypted is decrypted.
Wherein, in described transaction service data, at least comprise and can identify the data of current transaction system and corresponding user's operational order data (as user's query manipulation director data, the operational order data of transferring accounts, the operational order data of paying the fees, concrete dealing money etc.).And, need in described network trading platform, to set up in advance a database, for storing the trade information that described transaction system is corresponding (as identified the data of current transaction system and the schedule of dealing of correspondence, decruption key etc.), when user uses this transaction system to carry out electronic transaction, from described network trading platform, find out corresponding transaction consulting, and according to described trade information, described user profile of having encrypted is decrypted.If do not find out corresponding transaction consulting in described network trading platform, Fail Transaction.
S3, according to described transaction service data, described user profile of having deciphered is carried out to alignment processing; User profile after processing is authenticated; When authentication success, encrypt the user profile after described processing, and upgrade user profile corresponding in described Stored Value device.For example, when user uses stored value card to pay the fees, according to corresponding transaction service data, from the Stored Value total value of described user profile of having deciphered, deduct the corresponding amount of money; When user proceeds to fund by transaction system, according to corresponding transaction service data, on the Stored Value total value basis of described user profile of having deciphered, add the corresponding amount of money.
Preferably, described step S1 further comprises:
First, when user uses the Stored Value device store the user profile of having encrypted to carry out electronic transaction, whether the user profile of having encrypted described in detection correct, if the user profile of having encrypted described in detecting is incorrect, current Fail Transaction, finishes; When being, read the user profile of having encrypted in described Stored Value device; Whether the whether correct process of user profile of wherein, having encrypted described in described detection can comprise: detect the user profile encrypted and have or not loss of learning, be the form etc. of ciphertext.The user profile of having encrypted in described Stored Value device being detected incorrect (as described in the user profile user profile of having lost in ciphering process after partial information causes encrypting incomplete, or while encrypting, person's under attack interference causes the user profile after encryption to be easy to maliciously be identified), current Fail Transaction, can realize by the user profile in described Stored Value device being labeled as to the not mode such as readable state.
Secondly, described user profile of having encrypted is authenticated, if authentification failure, current Fail Transaction, finishes.If authentication success detects for the second time, whether the described user profile of having encrypted that detects authentication success is correct, when being, and execution step S2, otherwise Fail Transaction, finishes;
By above-mentioned twice testing process and verification process, effectively current user profile of carrying out electronic transaction is checked, avoid the generation of maloperation; And, when authentification failure, also can remind the user associated with current Stored Value device by the association of setting up in advance, so that user's current electronic transaction behavior of carrying out of confirmation in time, prevent that personal property from being usurped by other people.
Preferably, described step S3 further comprises:
First, the user profile after processing is authenticated; When authentication success, encrypt the user profile after described processing; Then, the user profile after described processing of having encrypted is written to described Stored Value device, upgrades the user profile in described Stored Value device.If authentification failure, stops current transaction, the user profile in described Stored Value device remains unchanged.Can further prevent that thus user's property is stolen, has improved the security of electronic transaction.
The electronic trade method based on authentication by above-described embodiment, makes electronic trading system increase new function: can authenticate respectively the Stored Value device of concluding the business and corresponding transaction system, improve the security of electronic transaction.
The electronic trade method based on authentication based on described in above-described embodiment, the present invention also provides a kind of embodiment that adopts the system of the described electronic trade method based on authentication, refer to Fig. 2, the structural representation of the preferred embodiment that Fig. 2 is system of the present invention, specifically comprises:
Stored Value device 100, is encrypted for storing subscriber information and to described user profile; Described Stored Value device 100 includes but not limited to storage card, accumulating card, credit card; Cipher mode wherein can be set according to actual conditions.
Authenticate device 200, for reading the user profile that described Stored Value device 100 encrypted and described user profile of having encrypted being authenticated, and is transferred to transaction system by the user profile of having encrypted of authentication success; Concrete authentication method can be the modes such as static password authentication, dynamic password authentication, biological characteristic authentication, and the present invention is not construed as limiting this, but need in advance corresponding authentication procedure be stored in described authenticate device, specifically as described in above-described embodiment.
Transaction system 300, for reading after the user profile of having encrypted of described authenticate device 200 transmission, obtains active user's transaction service data, and by network, described transaction service data is sent to network trading platform; In described transaction service data, at least comprise data and corresponding user's operational order data that can identify current transaction system, specifically as described in above-described embodiment.
Network trading platform 400, for search the database of setting up in advance according to described transaction service data, obtain the trade information corresponding with described transaction system, and described trade information is returned to described transaction system 30, wherein, described trade information is as described in above-described embodiment;
Described transaction system 300 also for, according to described trade information, described user profile of having encrypted is decrypted, and the user profile of having deciphered described in processing according to described transaction service data, and the user profile after processing is returned to authenticate device 200; The method of the user profile of wherein, having deciphered described in processing according to described transaction service data is as described in above-described embodiment.
Described authenticate device 200 also for, the user profile after described processing is authenticated; And the user profile after the processing of authentication success is encrypted, and the user profile after the described processing after encrypting is write to described Stored Value device; User profile in described Stored Value device is updated.
In the present embodiment, described user profile at least comprises: subscriber identity information and corresponding Stored Value information.
Preferably, as shown in Figure 3, described Stored Value device 100 specifically comprises:
The first storage unit 101, for storing subscriber information;
The first ciphering unit 102, is connected with described the first storage unit, for described user profile is encrypted;
The first linkage unit 104, for the user profile of having encrypted to described authenticate device transmission.
Further, continue referring to Fig. 3, described Stored Value device 100 also comprises:
Whether the first detecting unit 103, is connected with described the first linkage unit 104 with described the first ciphering unit 102, correct for detection of described user profile of having encrypted, and when being, triggers the user profile of having encrypted described in described the first linkage unit transmission.Its concrete detection mode is as described in above-described embodiment.
Preferably, as shown in Figure 4, described authenticate device 200 further comprises:
The second linkage unit 201, for communicating to connect with described Stored Value device, receives the information of encrypting user of described Stored Value device transmission, and the user profile after the processing of having encrypted is write to described Stored Value device;
Main control unit 203, the user profile of having encrypted receiving for reading described the second linkage unit, and control authentication ' unit described user profile of having encrypted is authenticated;
Authentication ' unit 204, for described user profile of having encrypted is authenticated, and is decrypted the user profile of having encrypted of authentication success; And the user profile after the processing of authentication success is encrypted.
The 3rd linkage unit 206, for being transferred to transaction system by the described user profile of having encrypted of authentication success;
The second storage unit 207, for storing corresponding authentication procedure and encrypting and decrypting program.
Preferably, continue referring to Fig. 4,, described authenticate device 200 also includes:
The second detecting unit 202, whether the user profile of having encrypted receiving for detection of described the second linkage unit is correct, when being, triggers the user profile that described main control unit has been encrypted described in starting to read; Specifically as described in above-described embodiment.
The 3rd detecting unit 205, whether correct for detection of the user profile of having encrypted of authentication success, when being, triggering described the 3rd linkage unit and to transaction system, transmit the user profile of having encrypted of described authentication success.Specifically as described in above-described embodiment.
Preferably, continue referring to Fig. 4, described authenticate device 200 also includes:
Security protection unit 208; for when the described user information authentication of having encrypted is failed; search pre-stored described Stored Value device and the contingency table of respective user, obtain subscriber phone corresponding to described Stored Value device, and to described subscriber phone, send the short message of authentification failure.So that the user of described Stored Value device can confirm current ongoing electronic transaction situation in time, avoid its personal property to be usurped by other people.
As can be seen here, by a kind of authenticate device, the system and method based on electronic transaction described in the above embodiment of the present invention, improved the security of electronic transaction; Can effectively avoid user profile in electronic transaction process to leak simultaneously.
Above are only preferred embodiment of the present invention, be anyly familiar with those skilled in the art in the technical scope that the present invention discloses, the variation that can expect easily or replacement, all should be encompassed in protection scope of the present invention in.