CN103747012A - Security verification method, device and system of network transaction - Google Patents

Security verification method, device and system of network transaction Download PDF

Info

Publication number
CN103747012A
CN103747012A CN201410033383.2A CN201410033383A CN103747012A CN 103747012 A CN103747012 A CN 103747012A CN 201410033383 A CN201410033383 A CN 201410033383A CN 103747012 A CN103747012 A CN 103747012A
Authority
CN
China
Prior art keywords
transaction information
request message
quick response
response code
digital signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410033383.2A
Other languages
Chinese (zh)
Other versions
CN103747012B (en
Inventor
戴林巧
罗勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Yunhe Network Technology Co ltd
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201410033383.2A priority Critical patent/CN103747012B/en
Publication of CN103747012A publication Critical patent/CN103747012A/en
Application granted granted Critical
Publication of CN103747012B publication Critical patent/CN103747012B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Computer And Data Communications (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a security verification method, device and system of network transaction and relates to the field of communication. The method comprises the steps of receiving a request message carrying transaction information sent from a client end and acquiring a transaction password, corresponding to the request message and input by a user, for verifying the request message; after a verification command (namely, an equipment protection password) input by the user and corresponding to the request message is received, extracting the transaction information and the transaction password contained in the request message, performing digital signature on the transaction information, encrypting the transaction password and/or obtaining the basic information of the transaction information, generating a two-dimensional code and displaying according to the steps, scanning the two-dimensional code by the client end, obtaining the transaction information carried by the two-dimensional code, and sending the transaction information to a server, so the server can conveniently execute the subsequent transaction flow. According to the security verification method, device and system of network transaction, the transaction information is exchanged by taking a sound wave and the two-dimensional code as mediums, and the problems of lower compatibility and convenience caused by the fact that the transaction information is exchanged by commonly using a wired or wireless mode is solved.

Description

The safe verification method of network trading, Apparatus and system
Technical field
The present invention relates to the communications field, in particular to safe verification method, the Apparatus and system of network trading.
Background technology
Along with the development of mobile Internet, people generally use the client of mobile Internet application system to carry out network trading.
Correlation technique is used U shield (also can use USBKEY or U-KEY) to carry out safety verification to network trading, as shown in Figure 1, user is specially: when need to carry out online transaction, first log-in service system, enter transaction interface, option dealing content, now, system can point out user to use the said equipment to carry out safety verification, after the said equipment being connected with client as user, (can connect by the mode of wired (data wire or tone frequency channel wire) or wireless (WIFI or bluetooth)), system can send to Transaction Information on the said equipment, the said equipment shows this Transaction Information, when user clicks after ACK button confirmation on the said equipment, the said equipment can carry out digital signature by Transaction Information, obtain signed data, and signed data is sent to client, the signed data that client the said equipment sends, and this signed data is sent to server, server is received after this signed data, this signed data is verified, when the result meets when pre-conditioned, carry out subsequent transaction flow process.
But, in correlation technique, above-mentioned wired or wireless mode is widely used, therefore bad adaptability when system is stated in the use wired or wireless mode Transaction Information is sent on the said equipment has hindered the said equipment being widely used on mobile device (mobile phone, panel computer etc.).
Summary of the invention
The object of the present invention is to provide safe verification method, the Apparatus and system of network trading, to solve the above problems.
The safe verification method that a kind of network trading is provided in an embodiment of the present invention, comprising:
Receive that client sends for asking the request message of network trading, request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information;
If receive the checking instruction corresponding with request message of user's input, extract Transaction Information, and Transaction Information is carried out to digital signature;
According to the result of digital signature, generate Quick Response Code;
Two-dimensional code display, so that client scan Quick Response Code, and obtains the Transaction Information that Quick Response Code carries, and sends Transaction Information to server, so that server verifies Transaction Information, and carries out subsequent transaction flow process.
Further, if before receiving the checking instruction corresponding with request message of user's input, also comprise:
Obtain the corresponding to request message verifying the authentication password of request message of user input.
A kind of safe verification method of network trading is also provided in an embodiment of the present invention, has comprised:
Receive that client sends for asking the request message of network trading, request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information;
Obtain the corresponding to request message verifying the trading password of request message of user input;
If receive the checking instruction corresponding with request message of user's input, extract Transaction Information and trading password;
Transaction Information is carried out to digital signature;
Trading password is encrypted, obtains trading password ciphertext; And/or, obtain the essential information of Transaction Information;
According to the result of digital signature, trading password ciphertext and/or essential information, generate Quick Response Code;
Two-dimensional code display, so that client scan Quick Response Code, and obtains the Transaction Information that Quick Response Code carries, and sends Transaction Information to server, so that server verifies Transaction Information, and carries out subsequent transaction flow process.
The safety verification device that a kind of network trading is provided in an embodiment of the present invention, comprising:
Receiving element, for receive that client sends for asking the request message of network trading, request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information;
Extraction unit, is connected with receiving element, for when receiving checking instruction corresponding to the request message receiving with receiving element of user input, extracts Transaction Information;
Digital signature unit, is connected with extraction unit, for the Transaction Information that extraction unit is extracted, carries out digital signature;
Generation unit, is connected with digital signature unit, for the result of the digital signature that obtains according to digital signature unit, generates Quick Response Code;
Display unit, is connected with generation unit, for the Quick Response Code that shows that generation unit generates, so that client scan Quick Response Code, and obtain the Transaction Information that Quick Response Code carries, and send Transaction Information to server, so that server is verified Transaction Information, and is carried out subsequent transaction flow process.
Further, this device also comprises:
Acquiring unit, is connected with receiving element, for obtain the request message receiving with receiving element of user input corresponding for verifying the authentication password of request message.
The safety verification device that a kind of network trading is also provided in an embodiment of the present invention, comprising:
Receiving element, for receive that client sends for asking the request message of network trading, request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information;
The first acquiring unit, is connected with receiving element, for obtain the request message receiving with receiving element of user input corresponding for verifying the trading password of request message;
Extraction unit, is connected with the first acquiring unit with receiving element, for when receiving the checking instruction corresponding with request message of user input, extracts the trading password that Transaction Information that receiving element receives and the first acquiring unit obtain;
Digital signature unit, is connected with extraction unit, for the Transaction Information that extraction unit is extracted, carries out digital signature;
Ciphering unit, is connected with extraction unit, for the trading password that extraction unit is extracted, is encrypted, and obtains trading password ciphertext; And/or,
Second acquisition unit, is connected with extraction unit, for obtaining the essential information of the Transaction Information of extraction unit extraction;
Generation unit, with digital signature unit, ciphering unit, and/or second acquisition unit connects, result for the digital signature that obtains according to digital signature unit, ciphering unit is encrypted the trading password obtain, and/or the essential information obtained of second acquisition unit, generates Quick Response Code;
Display unit, for two-dimensional code display, so that client scan Quick Response Code, and obtains the Transaction Information that Quick Response Code carries, and sends Transaction Information to server, so that server verifies Transaction Information, and carries out subsequent transaction flow process.
The security authentication systems that a kind of network trading is provided in an embodiment of the present invention, comprising: client, server and sound wave two-dimensional code electronic cipher key; Wherein,
Client, for sending for asking the request message of network trading, request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information; Scanning Quick Response Code, and obtain the Transaction Information that Quick Response Code carries; To server, send Transaction Information;
Sound wave two-dimensional code electronic cipher key, for receive that client sends for asking the request message of network trading, request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information; If receive the checking instruction corresponding with request message of user's input, extract Transaction Information, and Transaction Information is carried out to digital signature; According to the result of digital signature, generate Quick Response Code;
Server, the Transaction Information sending for receiving client, and Transaction Information is verified, in order to carry out subsequent transaction flow process.
The safe verification method of the network trading that the embodiment of the present invention provides, Apparatus and system, reception utilizes sound wave to send the request message of user's input by client, wherein, request message comprises Transaction Information, after receiving the checking instruction corresponding with request message (equipment protection password) of user's input, extract Transaction Information, and this Transaction Information is carried out to digital signature, trading password is encrypted, and/or obtain the essential information of request message, according to the result of digital signature, result after encryption, and/or essential information generates Quick Response Code and shows, so that this Quick Response Code of client scan, and obtain the Transaction Information that this Quick Response Code carries, and send Transaction Information to server, so that server is verified Transaction Information, and carry out subsequent transaction flow process, in prior art, client sends to the mode of U shield to be widely used Transaction Information by wired or wireless mode, therefore poor for applicability, cannot be widely used in mobile device (as mobile phone, panel computer etc.).
Accompanying drawing explanation
Fig. 1 shows the signaling diagram of method of the safety verification of the network trading that correlation technique provides;
Fig. 2 shows the structural representation of the security authentication systems of a kind of network trading that the embodiment of the present invention provides;
Fig. 3 shows the signaling diagram of the safe verification method of a kind of network trading that the embodiment of the present invention provides;
Fig. 4 shows the signaling diagram of the safe verification method of a kind of network trading that the embodiment of the present invention provides;
Fig. 5 shows the signaling diagram of the safe verification method of a kind of network trading that the embodiment of the present invention provides;
Fig. 6 shows the signaling diagram of the safe verification method of a kind of network trading that the embodiment of the present invention provides;
Fig. 7 shows the structural representation of the safety verification device of a kind of network trading that the embodiment of the present invention provides;
Fig. 8 shows the structural representation of the safety verification device of a kind of network trading that the embodiment of the present invention provides;
The structural representation of the safety verification device that a kind of optimal network that Fig. 9 shows the embodiment of the present invention to be provided is concluded the business;
Figure 10 shows the structural representation of the sound wave two-dimensional code electronic cipher key that the embodiment of the present invention provides.
Embodiment
Below by specific embodiment, also by reference to the accompanying drawings the present invention is described in further detail.
For ease of the present embodiment is understood, first to the present embodiment based on communication connecting system carry out brief description.As shown in Figure 2, the security authentication systems of network trading involved in the present invention, comprising: server 101, client 102 and sound wave two-dimensional code electronic cipher key 103, between three, can set up data communications context.And in embodiments of the present invention, above-mentioned client 102 can be the electric terminal with communication function for example smart mobile phone, panel computer or other communications electronics products, and, these electric terminals need to arrange loud speaker, and sound wave two-dimensional code electronic cipher key 103 needs to arrange the microphone that can receive sound wave.
Embodiment 1
The present embodiment provides a kind of safe verification method of network trading, as shown in Figure 3, comprising:
101, receive that client sends for asking the request message of network trading, request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information.
In the present embodiment, the transmission means of the sound wave based on air, the sound wave of use characteristic frequency, sends to sound wave two-dimensional code electronic cipher key by request message.Wherein, specific frequency can be selected to arrange by the operator of client and sound wave two-dimensional code electronic cipher key voluntarily; Concrete, client is by the loud speaker sounding sound of its setting, in order to transmit sound wave, so that sound wave two-dimensional code electronic cipher key receives this sound wave, sound wave two-dimensional code electronic cipher key receives with specific frequency the sound wave that client sends by the microphone of its setting, and does subsequent treatment.
Concrete, the Transaction Informations such as request message includes but not limited to transfer accounts, payment, the specifying information of wherein transferring accounts can comprise: proceed to account, the amount of money of transferring accounts, password ciphertext and trading signature etc.
Wherein, also can utilize planar bar code technology that request message is generated to Quick Response Code, with the form of Quick Response Code, transmit this request message.The technical scheme identical with this step occurring in subsequent embodiment, all can replace by the method, and the scheme that this step provides includes but not limited to this alternative scheme.
102, receive the checking instruction corresponding with request message of user's input.
The Transaction Information illustrating in step display 101 on sound wave two-dimensional code electronic cipher key; when user's confirmation is errorless; the confirmation module of the demonstration screen display of touching sound wave two-dimensional code electronic cipher key; so that sound wave two-dimensional code electronic cipher key carries out digital signature to Transaction Information, wherein verify that instruction is user input device protection password.
Concrete, receive mode is that user directly confirms on sound wave two-dimensional code electronic cipher key, or is user's input validation information on the keyboard of sound wave two-dimensional code electronic cipher key, this confirmation, can be password or other authentication information.
103, extract Transaction Information, and Transaction Information is carried out to digital signature.
In the present embodiment, sound wave two-dimensional code electronic cipher key is resolved request message, extracts Transaction Information wherein, and the method is the conventional in the industry encapsulation of message and the method for decapsulation, and the present embodiment is not illustrating.
Concrete, same agreement and algorithm that sound wave two-dimensional code electronic cipher key and service end are used, by sound wave two-dimensional code electronic cipher key, Transaction Information is carried out to digital signature, by service end, according to this agreement and algorithm, the result of digital signature is verified, thereby extracted entrained Transaction Information.When wherein, sound wave two-dimensional code electronic cipher key carries out digital signature to Transaction Information, should at least comprise a kind of asymmetric arithmetic (as RSA, ECC, SM2 etc.) and a kind of digest algorithm (as MD5, SHA1, SHA-256, SM3 etc.).It should be noted that, above-mentioned cipher mode is the common technology means of encrypting in the industry, in the present embodiment, this is not illustrated.
104,, according to the result of digital signature, generate Quick Response Code.
Concrete, utilize planar bar code technology, according to the result of digital signature, generate Quick Response Code.Wherein, the Quick Response Code type of employing can be the Quick Response Code of standard, color code or three-dimensional code, can be also off-gauge Quick Response Code, color code or three-dimensional code etc.
Wherein, also can be according to the result of digital signature, the specific frequency of sound wave using in the agreement that this result is signed with the form of sound wave with step 101 sends, so that this sound wave of client, and this sound wave is resolved, extract the Transaction Information that it carries, and send Transaction Information to server, so that server is verified Transaction Information, and is carried out subsequent transaction flow process.It should be noted that, occur in subsequent embodiment identical with this step or the technical scheme that part is identical or technology is similar, all can replace by the method, and the scheme that this step provides includes but not limited to this alternative scheme.
105, two-dimensional code display, so that client scan Quick Response Code, and obtains the Transaction Information that Quick Response Code carries, and sends Transaction Information to server, so that server verifies Transaction Information, and carries out subsequent transaction flow process.
Concrete, client can be pointed out scanning input Quick Response Code, and utilizes planar bar code technology to resolve this Quick Response Code, and wherein, the technology that generates Quick Response Code in the process of parsing Quick Response Code and previous step is reciprocal process; Thereby obtain Transaction Information, and the Transaction Information getting is sent to server.Owing to having adopted planar bar code technology, without the manual input validation information of user, it is more convenient operate, when also having broken through in addition user and inputting by hand, requires input content to limit and the brief restriction of content.
Concrete, in prior art, need user at client input validation password, thereby sound wave two-dimensional code electronic cipher key input validation password on safety means has strengthened the safety verification of network trading greatly.Wherein, server internet business system, is specifically as follows Mobile banking, dull and stereotyped bank, third party's payment, on-line shopping system etc.
The safe verification method of a kind of network trading that the embodiment of the present invention provides, reception utilizes sound wave to send the request message of user's input by client, wherein, request message comprises Transaction Information, after receiving the checking instruction corresponding with request message (equipment protection password) of user's input, extract Transaction Information, and this Transaction Information is carried out to digital signature, then according to the result of digital signature, generate Quick Response Code and show, so that this Quick Response Code of client scan, and obtain the Transaction Information that this Quick Response Code carries, and send Transaction Information to server, so that server is verified Transaction Information, and carry out subsequent transaction flow process, in prior art, client sends to the mode of U shield to be widely used Transaction Information by wired or wireless mode, therefore poor for applicability, cannot be widely used in mobile device (as mobile phone, panel computer etc.).
Embodiment 2
Further, as shown in Figure 4, the present embodiment also provides a kind of safe verification method of network trading, comprising:
201, receive that client sends for asking the request message of network trading, request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information.
202, obtain the corresponding to request message verifying the trading password of request message of user input.
Concrete, in advance trading password being set on server, this password is arranged voluntarily by user, and only user oneself knows.When user uses sound wave two-dimensional code electronic cipher key to carry out network trading confirmation, need user on the keyboard of sound wave two-dimensional code electronic cipher key, to input this trading password, just can proceed network trading, thereby strengthen network transaction safety.
203, receive the checking instruction corresponding with request message of user's input.
204, extract Transaction Information, and Transaction Information is carried out to digital signature.
205,, according to the result of digital signature, generate Quick Response Code.
206, two-dimensional code display, so that client scan Quick Response Code, and obtains the Transaction Information that Quick Response Code carries, and sends Transaction Information to server, so that server verifies Transaction Information, and carries out subsequent transaction flow process.
The safe verification method of a kind of network trading that the embodiment of the present invention provides, reception utilizes sound wave to send the request message of user's input by client, wherein, request message comprises Transaction Information, after receiving the checking instruction corresponding with request message (equipment protection password) of user's input, extract Transaction Information, and this Transaction Information is carried out to digital signature, according to the result of digital signature, generate Quick Response Code and show, so that this Quick Response Code of client scan, and obtain the Transaction Information that this Quick Response Code carries, and send Transaction Information to server, so that server is verified Transaction Information, and carry out subsequent transaction flow process, in prior art, client sends to the mode of U shield to be widely used Transaction Information by wired or wireless mode, therefore poor for applicability, cannot be widely used in mobile device (as mobile phone, panel computer etc.).
Embodiment 3
In embodiments of the invention, also provide a kind of safe verification method of network trading as shown in Figure 5, having comprised:
301, receive that client sends for asking the request message of network trading, request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information.
302, obtain the corresponding to request message verifying the trading password of request message of user input.
303, receive the checking instruction corresponding with request message of user's input.
304, extract Transaction Information.
305, Transaction Information is carried out to digital signature.
306, trading password is encrypted, obtains trading password ciphertext.
In the present embodiment, use trading password, trading password is encrypted, obtain trading password ciphertext, can strengthen the safety guarantee dynamics of Quick Response Code.Concrete, can use the mode of symmetric cryptography and asymmetric encryption to be encrypted request message.Wherein, trading password can be user password, bank card password etc.
307,, according to the result of digital signature and trading password ciphertext, generate Quick Response Code.
308, two-dimensional code display, so that client scan Quick Response Code, and obtains the Transaction Information that Quick Response Code carries, and sends Transaction Information to server, so that server verifies Transaction Information, and carries out subsequent transaction flow process.
The safe verification method of a kind of network trading that the embodiment of the present invention provides, reception utilizes sound wave to send the request message of user's input by client, wherein, request message comprises Transaction Information, after receiving the checking instruction corresponding with request message (equipment protection password) of user's input, extract Transaction Information, and this Transaction Information is carried out to digital signature, trading password is encrypted, according to the result of the result of digital signature and encryption, generate Quick Response Code and show, so that this Quick Response Code of client scan, and obtain the Transaction Information that this Quick Response Code carries, and send Transaction Information to server, so that server is verified Transaction Information, and carry out subsequent transaction flow process, in prior art, client sends to the mode of U shield to be widely used Transaction Information by wired or wireless mode, therefore poor for applicability, cannot be widely used in mobile device (as mobile phone, panel computer etc.).
Embodiment 4
The present embodiment also provides a kind of safe verification method of optimal network transaction, as shown in Figure 6, comprising:
501, receive that client sends for asking the request message of network trading, request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information.
502, obtain the corresponding to request message verifying the trading password of request message of user input.
503, receive the checking instruction corresponding with request message of user's input.
504, extract Transaction Information.
505, Transaction Information is carried out to digital signature.
506, request message trading password is encrypted, obtains trading password ciphertext.
507, obtain the essential information of Transaction Information.
In the present embodiment, the essential information that increases Transaction Information generates the safety guarantee dynamics that Quick Response Code can strengthen network trading.Concrete, the essential information of Transaction Information can be sequence information; Its concrete cipher mode carries out the mode of digital signature with step 103 pair Transaction Information in embodiment mono-.
508,, according to the result of digital signature, trading password ciphertext and essential information, generate Quick Response Code.
509, two-dimensional code display, so that client scan Quick Response Code, and obtains the Transaction Information that Quick Response Code carries, and sends Transaction Information to server, so that server verifies Transaction Information, and carries out subsequent transaction flow process.
The safe verification method of a kind of network trading that the embodiment of the present invention provides, reception utilizes sound wave to send the request message of user's input by client, wherein, request message comprises Transaction Information, after receiving the checking instruction corresponding with request message (equipment protection password) of user's input, extract Transaction Information, and this Transaction Information is carried out to digital signature, trading password is encrypted and obtains its essential information, according to the result of digital signature, result after encryption and essential information generate Quick Response Code and show, so that client scan Quick Response Code, and obtain the Transaction Information that Quick Response Code carries, and send Transaction Information to server, so that server is verified Transaction Information, and carry out subsequent transaction flow process, in prior art, client sends to the mode of U shield to be widely used Transaction Information by wired or wireless mode, therefore poor for applicability, cannot be widely used in mobile device (as mobile phone, panel computer etc.).
Embodiment 5
The safety verification device that a kind of network trading is provided in an embodiment of the present invention, as shown in Figure 7, comprising:
Receiving element 81, for receive that client sends for asking the request message of network trading, request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information.
Extraction unit 82, is connected with receiving element 81, for when receiving checking instruction corresponding to the request message receiving with receiving element 81 of user input, extracts Transaction Information.
Digital signature unit 83, is connected with extraction unit 82, for the Transaction Information that extraction unit 82 is extracted, carries out digital signature.
Generation unit 84, is connected with digital signature unit 83, for the result of the digital signature that obtains according to digital signature unit 83, generates Quick Response Code.
Display unit 85, be connected with generation unit 84, for the Quick Response Code that shows that generation unit 84 generates, so that this Quick Response Code of client scan, and obtain the Transaction Information that this Quick Response Code carries, and send Transaction Information to server, so that server verifies Transaction Information, and carry out subsequent transaction flow process.
The safety verification device of a kind of network trading that the embodiment of the present invention provides, reception utilizes sound wave to send the request message of user's input by client, wherein, request message comprises Transaction Information, after receiving the checking instruction corresponding with request message (equipment protection password) of user's input, extract Transaction Information, and this Transaction Information is carried out to digital signature, then according to the result of digital signature, generate Quick Response Code and show, so that this Quick Response Code of client scan, and obtain the Transaction Information that this Quick Response Code carries, and send Transaction Information to server, so that server is verified Transaction Information, and carry out subsequent transaction flow process, in prior art, client sends to the mode of U shield to be widely used Transaction Information by wired or wireless mode, therefore poor for applicability, cannot be widely used in mobile device (as mobile phone, panel computer etc.).
Embodiment 6
Further, as shown in Figure 8, this device also comprises:
Acquiring unit 86, is connected with receiving element 81, for obtain the request message receiving with receiving element 81 of user input corresponding for verifying the authentication password of request message.
The safety verification device of a kind of network trading that the embodiment of the present invention provides, reception utilizes sound wave to send the request message of user's input by client, wherein, request message comprises Transaction Information, after receiving the checking instruction corresponding with request message (equipment protection password) of user's input, extract Transaction Information, and this Transaction Information is carried out to digital signature, then according to the result of digital signature, generate Quick Response Code and show, so that this Quick Response Code of client scan, and obtain the Transaction Information that this Quick Response Code carries, and send Transaction Information to server, so that server is verified Transaction Information, and carry out subsequent transaction flow process, in prior art, client sends to the mode of U shield to be widely used Transaction Information by wired or wireless mode, therefore poor for applicability, cannot be widely used in mobile device (as mobile phone, panel computer etc.).
Embodiment 7
The present embodiment provides a kind of safety verification device of optimal network transaction, as shown in Figure 9, comprising:
Receiving element 91, for receive that client sends for asking the request message of network trading, request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information.
The first acquiring unit 92, is connected with receiving element 91, for obtain the request message receiving with receiving element 91 of user input corresponding for verifying the trading password of request message.
Extraction unit 93, is connected with the first acquiring unit 92 with receiving element 91, for when receiving the checking instruction corresponding with request message of user input, extracts the trading password that Transaction Information that receiving element 91 receives and the first acquiring unit 92 obtain.
94 yuan of digital signature unit, are connected with extraction unit 93, for the Transaction Information that extraction unit 93 is extracted, carry out digital signature.
Ciphering unit 95, is connected with extraction unit 93, for the trading password that extraction unit 93 is extracted, is encrypted, and obtains trading password ciphertext.
Second acquisition unit 96, is connected with extraction unit 93, for obtaining the essential information of the Transaction Information of extraction unit 93 extractions.
Generation unit 97, be connected with digital signature unit 94, ciphering unit 95 and second acquisition unit 96, for the result of the digital signature that obtains according to digital signature unit 94, ciphering unit 95 is encrypted and is obtained the essential information that trading password ciphertext and second acquisition unit 96 obtain, and generates Quick Response Code.
Display unit 98, be connected with generation unit 97, for the Quick Response Code that shows that generation unit 97 generates, so that this Quick Response Code of client scan, and obtain the Transaction Information that this Quick Response Code carries, and send Transaction Information to server, so that server verifies Transaction Information, and carry out subsequent transaction flow process.
The safety verification device of a kind of network trading that the embodiment of the present invention provides, reception utilizes sound wave to send the request message of user's input by client, wherein, request message comprises Transaction Information, after receiving the checking instruction corresponding with request message (equipment protection password) of user's input, extract Transaction Information, and this Transaction Information is carried out to digital signature, trading password is encrypted and obtains essential information wherein, according to digital signature, result after encryption and essential information generate Quick Response Code and show, so that this Quick Response Code of client scan, and obtain the Transaction Information that this Quick Response Code carries, and send Transaction Information to server, so that server is verified Transaction Information, and carry out subsequent transaction flow process, in prior art, client sends to the mode of U shield to be widely used Transaction Information by wired or wireless mode, therefore poor for applicability, cannot be widely used in mobile device (as mobile phone, panel computer etc.).
Embodiment 8
A kind of security authentication systems of network trading is provided in an embodiment of the present invention, as shown in Figure 2, has comprised: client 102, server 101 and sound wave two-dimensional code electronic cipher key 103; Wherein,
Client 102, sends for asking the request message of network trading, and request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information; Receive the Quick Response Code that sound wave two-dimensional code electronic cipher key sends, and scan Quick Response Code, and obtain the Transaction Information that Quick Response Code carries; To server, send described Transaction Information.
Sound wave two-dimensional code electronic cipher key 103, receive that client sends for asking the request message of network trading, request message be take sound wave as transmission medium; Wherein, request message comprises Transaction Information; If receive the checking instruction corresponding with request message of user's input, extract Transaction Information, and Transaction Information is carried out to digital signature; According to the result of digital signature, generate Quick Response Code.
Server 101, receives the Transaction Information that client sends, and Transaction Information is verified, in order to carry out subsequent transaction flow process.
The security authentication systems of a kind of network trading that the embodiment of the present invention provides, reception utilizes sound wave to send the request message of user's input by client, wherein, request message comprises Transaction Information, after receiving the checking instruction corresponding with request message of user's input, extract Transaction Information, and this Transaction Information is carried out to digital signature, according to the result of digital signature, generate Quick Response Code and show, so that this Quick Response Code of client scan, and obtain the Transaction Information that this Quick Response Code carries, and send Transaction Information to server, so that server is verified Transaction Information, and carry out subsequent transaction flow process, in prior art, client sends to the mode of U shield to be widely used Transaction Information by wired or wireless mode, therefore poor for applicability, cannot be widely used in mobile device (as mobile phone, panel computer etc.).
Embodiment 9
As shown in figure 10, sound wave two-dimensional code electronic cipher key comprises: COS1001, hardware security module 1002, input module 1003, output module 1004 and the power module 1005 of supporting Quick Response Code.
Concrete, input module 1003 comprises microphone, the information of acoustic wave sending for receiving client; Keyboard, for receiving the authentication password of user input and confirmation etc.;
Hardware security module 1002 is that sound wave two-dimensional code electronic cipher key must comprise, and the specific implementation of this hardware security module (HSM) can adopt various types of safety chips.Wherein, hardware security module 1002 at least supports unsymmetrical key in one or more asymmetric arithmetics (as RSA, ECC, SM2 etc.), a kind of and more than one digest algorithms (as MD5, SHA1, SHA-256, SM3 etc.), support hardware security module to generating and safe storage, the digital signature based on private key in support hardware security module etc.
Sound wave two-dimensional code electronic cipher key in the present invention both can be used as the input equipment of all kinds of passwords (as trading password etc.), also can be used as the digital signature device of transaction.Therefore the purposes of sound wave two-dimensional code electronic cipher key can combine as required, as only used, only use as digital signature device as the input equipment of password, or input equipment and the signature device as password used simultaneously, or only as confirmation equipment, uses.
In addition, sound wave two-dimensional code electronic cipher key, also can support a lot of communication modes, includes but not limited to as mobile network, wireless network, Ethernet, USB, bluetooth, infrared, NFC.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.

Claims (7)

1. a safe verification method for network trading, is characterized in that, comprising:
Receive that client sends for asking the request message of network trading, described request message be take sound wave as transmission medium; Wherein, described request message comprises Transaction Information;
If receive the checking instruction corresponding with described request message of user's input, extract described Transaction Information, and described Transaction Information is carried out to digital signature;
According to the result of described digital signature, generate Quick Response Code;
Show described Quick Response Code, so that client scan Quick Response Code, and obtain the Transaction Information that described Quick Response Code carries, and send described Transaction Information to server, so that described server verifies described Transaction Information, and carry out subsequent transaction flow process.
2. method according to claim 1, is characterized in that, before receiving the checking instruction corresponding with described request message of user's input, also comprises if described:
Obtain the corresponding to described request message verifying the authentication password of described request message of user input.
3. a safe verification method for network trading, is characterized in that, comprising:
Receive that client sends for asking the request message of network trading, described request message be take sound wave as transmission medium; Wherein, described request message comprises Transaction Information;
Obtain the corresponding to described request message verifying the trading password of described request message of user input;
If receive the checking instruction corresponding with described request message of user's input, extract described Transaction Information and described trading password;
Described Transaction Information is carried out to digital signature;
Described trading password is encrypted, obtains trading password ciphertext; And/or, obtain the essential information of described Transaction Information;
According to the result of described digital signature, described trading password ciphertext and/or described essential information, generate Quick Response Code;
Show described Quick Response Code, so that Quick Response Code described in client scan, and obtain the Transaction Information that described Quick Response Code carries, and send described Transaction Information to server, so that described server verifies described Transaction Information, and carry out subsequent transaction flow process.
4. a safety verification device for network trading, is characterized in that, comprising:
Receiving element, for receive that client sends for asking the request message of network trading, described request message be take sound wave as transmission medium; Wherein, described request message comprises Transaction Information;
Extraction unit, is connected with described receiving element, for when receiving checking instruction corresponding to the described request message receiving with described receiving element of user input, extracts described Transaction Information;
Digital signature unit, is connected with described extraction unit, for the described Transaction Information that described extraction unit is extracted, carries out digital signature;
Generation unit, is connected with described digital signature unit, for the result of the digital signature that obtains according to described digital signature unit, generates Quick Response Code;
Display unit, be connected with described generation unit, for the described Quick Response Code that shows that described generation unit generates, so that Quick Response Code described in described client scan, and obtain the Transaction Information that described Quick Response Code carries, and send described Transaction Information to server, so that described server verifies described Transaction Information, and carry out subsequent transaction flow process.
5. device according to claim 4, is characterized in that, also comprises:
Acquiring unit, is connected with described receiving element, for obtain the described request message receiving with described receiving element of user input corresponding for verifying the authentication password of described request message.
6. a safety verification device for network trading, is characterized in that, comprising:
Receiving element, for receive that client sends for asking the request message of network trading, described request message be take sound wave as transmission medium; Wherein, described request message comprises Transaction Information;
The first acquiring unit, is connected with described receiving element, for obtain the described request message receiving with described receiving element of user input corresponding for verifying the trading password of described request message;
Extraction unit, be connected with described the first acquiring unit with described receiving element, during for the checking instruction corresponding with described request message when receiving that user inputs, extract the described trading password that described Transaction Information that described receiving element receives and described the first acquiring unit obtain;
Digital signature unit, is connected with described extraction unit, for the described Transaction Information that described extraction unit is extracted, carries out digital signature;
Ciphering unit, is connected with described extraction unit, for the described trading password that described extraction unit is extracted, is encrypted, and obtains trading password ciphertext; And/or,
Second acquisition unit, is connected with described extraction unit, for obtaining the essential information of the described Transaction Information of described extraction unit extraction;
Generation unit, is connected with described digital signature unit, and for according to described digital signature, described trading password and/or described essential information, generate Quick Response Code;
Display unit, for showing described Quick Response Code, so that Quick Response Code described in described client scan, and obtain the Transaction Information that described Quick Response Code carries, and send described Transaction Information to server, so that described server verifies described Transaction Information, and carry out subsequent transaction flow process.
7. a security authentication systems for network trading, is characterized in that, comprising: client, server and sound wave two-dimensional code electronic cipher key; Wherein,
Client, for sending for asking the request message of network trading, described request message be take sound wave as transmission medium; Wherein, described request message comprises Transaction Information; The described Quick Response Code that scanning sound wave two-dimensional code electronic cipher key shows, and obtain the Transaction Information that described Quick Response Code carries; To server, send described Transaction Information;
Sound wave two-dimensional code electronic cipher key, for receive that client sends for asking the request message of network trading, described request message be take sound wave as transmission medium; Wherein, described request message comprises Transaction Information; If receive the checking instruction corresponding with described request message of user's input, extract described Transaction Information, and described Transaction Information is carried out to digital signature; According to the result of described digital signature, generate Quick Response Code;
Server, the described Transaction Information sending for receiving described client, and described Transaction Information is verified, and carry out subsequent transaction flow process.
CN201410033383.2A 2013-08-01 2014-01-23 Safe verification method, the apparatus and system of network trading Active CN103747012B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410033383.2A CN103747012B (en) 2013-08-01 2014-01-23 Safe verification method, the apparatus and system of network trading

Applications Claiming Priority (7)

Application Number Priority Date Filing Date Title
CN2013204658868 2013-08-01
CN201320465886.8 2013-08-01
CN201320465889 2013-08-01
CN2013204658891 2013-08-01
CN201320465889.1 2013-08-01
CN201320465886 2013-08-01
CN201410033383.2A CN103747012B (en) 2013-08-01 2014-01-23 Safe verification method, the apparatus and system of network trading

Publications (2)

Publication Number Publication Date
CN103747012A true CN103747012A (en) 2014-04-23
CN103747012B CN103747012B (en) 2017-12-19

Family

ID=50503999

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410033383.2A Active CN103747012B (en) 2013-08-01 2014-01-23 Safe verification method, the apparatus and system of network trading

Country Status (1)

Country Link
CN (1) CN103747012B (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103839160A (en) * 2014-03-20 2014-06-04 武汉信安珞珈科技有限公司 Network transaction digital signing method and device
CN104113416A (en) * 2014-06-26 2014-10-22 北京天威诚信电子商务服务有限公司 Two-dimensional code verification method and system based on electronic signature
CN104159224A (en) * 2014-07-22 2014-11-19 上海众人科技有限公司 Mobile terminal digital certification system and method
CN104268780A (en) * 2014-10-21 2015-01-07 中国建设银行股份有限公司 Trade order confirmation method and device and server
CN104301105A (en) * 2014-06-24 2015-01-21 齐亚斌 Digital certificate signing method based on mobile device with communication function, and equipment for realizing the same
CN105117905A (en) * 2015-07-21 2015-12-02 北京邮电大学 Wireless Key payment system based on visible light communications and payment method
CN105515783A (en) * 2016-02-05 2016-04-20 中金金融认证中心有限公司 Identity authentication method, server and authentication terminal
CN105844520A (en) * 2015-01-13 2016-08-10 伍彬 Electronic receipt generating and verifying method
CN106169091A (en) * 2016-07-03 2016-11-30 恒宝股份有限公司 A kind of fiscard and using method thereof
CN106452763A (en) * 2016-12-01 2017-02-22 中孚信息股份有限公司 Method for employing cipher key through remote virtual USB device
CN106911689A (en) * 2017-02-20 2017-06-30 深圳怡化电脑股份有限公司 Exchange information processing method and system, financial transaction apparatus and terminal
CN107688836A (en) * 2016-08-05 2018-02-13 上海景禧医纺科技有限公司 A kind of medical textile management method and system
CN108809442A (en) * 2018-04-19 2018-11-13 佛山市顺德区中山大学研究院 A kind of sonic transmissions 2 D code system based on intelligent terminal, method and apparatus
JP2018186495A (en) * 2017-03-29 2018-11-22 建綱 楊 Identity authentication using barcode
CN109388982A (en) * 2017-08-04 2019-02-26 武汉矽感科技有限公司 The method and and server that a kind of pair of trading activity is traced
CN111064692A (en) * 2018-10-16 2020-04-24 中兴通讯股份有限公司 Data communication method, terminal and storage medium
CN113302876A (en) * 2019-01-21 2021-08-24 恩格雷夫Io公司 Offline non-interception interaction with cryptocurrency network using network-disabled devices

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436280A (en) * 2008-12-15 2009-05-20 北京华大智宝电子系统有限公司 Method and system for implementing electronic payment of mobile terminal
EP2164053A1 (en) * 2008-09-11 2010-03-17 Gemplus Standalone counterattack method in response to one or several physical aggressions, and associated device
CN101820346A (en) * 2010-05-04 2010-09-01 北京飞天诚信科技有限公司 Secure digital signature method
EP2339493A1 (en) * 2009-12-22 2011-06-29 Gemalto SA Authenticating human interface device
WO2011128499A1 (en) * 2010-04-14 2011-10-20 Nokia Corporation Method and apparatus for providing automated payment
CN102387142A (en) * 2011-10-20 2012-03-21 北京天地融科技有限公司 Tool, authentication method and system for electronic signature
CN102655507A (en) * 2012-04-17 2012-09-05 上海众人网络安全技术有限公司 Information safety device and system and implementation method
CN102868688A (en) * 2012-09-05 2013-01-09 天地融科技股份有限公司 Certification system and method and electronic signature tool
CN102903044A (en) * 2012-09-03 2013-01-30 中国工商银行股份有限公司 Banking mobile terminal data signature device, banking mobile terminal data signature method and safety authentication system
CN103218565A (en) * 2012-10-24 2013-07-24 东信和平科技股份有限公司 Novel USB (universal serial bus) key and transaction method adopting same

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2164053A1 (en) * 2008-09-11 2010-03-17 Gemplus Standalone counterattack method in response to one or several physical aggressions, and associated device
CN101436280A (en) * 2008-12-15 2009-05-20 北京华大智宝电子系统有限公司 Method and system for implementing electronic payment of mobile terminal
EP2339493A1 (en) * 2009-12-22 2011-06-29 Gemalto SA Authenticating human interface device
WO2011128499A1 (en) * 2010-04-14 2011-10-20 Nokia Corporation Method and apparatus for providing automated payment
CN101820346A (en) * 2010-05-04 2010-09-01 北京飞天诚信科技有限公司 Secure digital signature method
CN102387142A (en) * 2011-10-20 2012-03-21 北京天地融科技有限公司 Tool, authentication method and system for electronic signature
CN102655507A (en) * 2012-04-17 2012-09-05 上海众人网络安全技术有限公司 Information safety device and system and implementation method
CN102903044A (en) * 2012-09-03 2013-01-30 中国工商银行股份有限公司 Banking mobile terminal data signature device, banking mobile terminal data signature method and safety authentication system
CN102868688A (en) * 2012-09-05 2013-01-09 天地融科技股份有限公司 Certification system and method and electronic signature tool
CN103218565A (en) * 2012-10-24 2013-07-24 东信和平科技股份有限公司 Novel USB (universal serial bus) key and transaction method adopting same

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103839160B (en) * 2014-03-20 2015-09-02 武汉信安珞珈科技有限公司 A kind of network trading digital signature method and device
CN103839160A (en) * 2014-03-20 2014-06-04 武汉信安珞珈科技有限公司 Network transaction digital signing method and device
CN104301105A (en) * 2014-06-24 2015-01-21 齐亚斌 Digital certificate signing method based on mobile device with communication function, and equipment for realizing the same
CN104113416A (en) * 2014-06-26 2014-10-22 北京天威诚信电子商务服务有限公司 Two-dimensional code verification method and system based on electronic signature
CN104113416B (en) * 2014-06-26 2017-08-25 北京天诚安信科技股份有限公司 2 D code verification method and system based on electronic signature
CN104159224A (en) * 2014-07-22 2014-11-19 上海众人科技有限公司 Mobile terminal digital certification system and method
CN104268780A (en) * 2014-10-21 2015-01-07 中国建设银行股份有限公司 Trade order confirmation method and device and server
CN105844520A (en) * 2015-01-13 2016-08-10 伍彬 Electronic receipt generating and verifying method
CN105117905A (en) * 2015-07-21 2015-12-02 北京邮电大学 Wireless Key payment system based on visible light communications and payment method
CN105515783A (en) * 2016-02-05 2016-04-20 中金金融认证中心有限公司 Identity authentication method, server and authentication terminal
CN105515783B (en) * 2016-02-05 2019-02-15 中金金融认证中心有限公司 Identity identifying method, server and certification terminal
CN106169091A (en) * 2016-07-03 2016-11-30 恒宝股份有限公司 A kind of fiscard and using method thereof
CN106169091B (en) * 2016-07-03 2019-11-08 恒宝股份有限公司 A kind of fiscard and its application method
CN107688836A (en) * 2016-08-05 2018-02-13 上海景禧医纺科技有限公司 A kind of medical textile management method and system
CN106452763A (en) * 2016-12-01 2017-02-22 中孚信息股份有限公司 Method for employing cipher key through remote virtual USB device
CN106452763B (en) * 2016-12-01 2019-07-30 中孚信息股份有限公司 One kind using cipher key method by remote dummy USB device
CN106911689A (en) * 2017-02-20 2017-06-30 深圳怡化电脑股份有限公司 Exchange information processing method and system, financial transaction apparatus and terminal
JP2018186495A (en) * 2017-03-29 2018-11-22 建綱 楊 Identity authentication using barcode
CN109388982A (en) * 2017-08-04 2019-02-26 武汉矽感科技有限公司 The method and and server that a kind of pair of trading activity is traced
CN108809442A (en) * 2018-04-19 2018-11-13 佛山市顺德区中山大学研究院 A kind of sonic transmissions 2 D code system based on intelligent terminal, method and apparatus
CN111064692A (en) * 2018-10-16 2020-04-24 中兴通讯股份有限公司 Data communication method, terminal and storage medium
CN111064692B (en) * 2018-10-16 2022-06-14 中兴通讯股份有限公司 Data communication method, terminal and storage medium
CN113302876A (en) * 2019-01-21 2021-08-24 恩格雷夫Io公司 Offline non-interception interaction with cryptocurrency network using network-disabled devices

Also Published As

Publication number Publication date
CN103747012B (en) 2017-12-19

Similar Documents

Publication Publication Date Title
CN103747012A (en) Security verification method, device and system of network transaction
TWI792284B (en) Methods for validating online access to secure device functionality
CN109150548B (en) Digital certificate signing and signature checking method and system and digital certificate system
CN112953970B (en) Identity authentication method and identity authentication system
JP2017503253A (en) Authentication system and method using QR code
CN102045715B (en) Method, device and system for realizing mobile signature
CN107784499B (en) Secure payment system and method of near field communication mobile terminal
CN105634737B (en) Data transmission method, terminal and system
CN103297403A (en) Method and system for achieving dynamic password authentication
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
CN103297231A (en) Identity authentication method and system
WO2015161689A1 (en) Data processing method based on negotiation key
CN103839160B (en) A kind of network trading digital signature method and device
US20160381011A1 (en) Network security method and network security system
CN104202163A (en) Password system based on mobile terminal
CN105719131A (en) Server, client and paying-for-another method of e-payment
CN101944216A (en) Two-factor online transaction safety authentication method and system
US20100005519A1 (en) System and method for authenticating one-time virtual secret information
CN104753675A (en) Information verification method, and electronic payment method, terminal, server and system
WO2015109958A1 (en) Data processing method based on negotiation key, and mobile phone
US20150310441A1 (en) Transaction system method, electronic signature tool, and network bank server authentication
CN105323063A (en) Identity verification method of mobile terminal and fixed intelligent terminal based on two-dimensional code
CN104506509B (en) A kind of authentication method based on multifunctional safe certification terminal
WO2016086708A1 (en) Payment verification method, apparatus and system
CN104159224A (en) Mobile terminal digital certification system and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20210427

Address after: 100082 101-505, 5 / F, building 18, east yard, No. 10, northwest Wangdong Road, Haidian District, Beijing

Patentee after: Beijing Yunhe Network Technology Co.,Ltd.

Address before: 6, building 1, building 26, 518009 Beidou Road, Shenzhen, Guangdong, 502, Luohu District

Patentee before: Dai Linqiao

Patentee before: Luo Yong

TR01 Transfer of patent right