CN103747012B - Safe verification method, the apparatus and system of network trading - Google Patents
Safe verification method, the apparatus and system of network trading Download PDFInfo
- Publication number
- CN103747012B CN103747012B CN201410033383.2A CN201410033383A CN103747012B CN 103747012 B CN103747012 B CN 103747012B CN 201410033383 A CN201410033383 A CN 201410033383A CN 103747012 B CN103747012 B CN 103747012B
- Authority
- CN
- China
- Prior art keywords
- transaction information
- request message
- quick response
- client
- response code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 36
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000004044 response Effects 0.000 claims abstract description 101
- 238000000605 extraction Methods 0.000 claims abstract description 31
- 230000005540 biological transmission Effects 0.000 claims description 31
- 238000005516 engineering process Methods 0.000 claims description 12
- 239000000284 extract Substances 0.000 claims description 8
- 238000004891 communication Methods 0.000 abstract description 7
- 238000012790 confirmation Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 230000011664 signaling Effects 0.000 description 5
- 238000010200 validation analysis Methods 0.000 description 3
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 2
- 235000013399 edible fruits Nutrition 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Safe verification method, the apparatus and system of network trading provided by the invention, it is related to the communications field, the request message of the carrying Transaction Information sent including receiving client, obtain the trading password for being used to verify the request message corresponding with request message of user's input;Receiving the checking instruction corresponding with request message of user's input(That is equipment protection password)Afterwards, the Transaction Information and trading password that extraction solicited message includes, and the Transaction Information is digitally signed, the essential information of Transaction Information is encrypted and/or obtained to trading password, Quick Response Code is generated according to the result of above-mentioned steps and shown, so as to the client scan Quick Response Code, and obtain the Transaction Information of its carrying, send it to server, so that server performs subsequent transaction flow, wherein, using sound wave and Quick Response Code as Medium Exchange Transaction Information in the present invention, avoid generally using wired or wirelessly exchange Transaction Information, caused compatibility, the problem of convenience is relatively low.
Description
Technical field
The present invention relates to the communications field, safe verification method, apparatus and system in particular to network trading.
Background technology
With the development of mobile Internet, people generally carry out network friendship using the client of mobile Internet application system
Easily.
Correlation technique uses U-shield(USBKEY or U-KEY can also be used)Safety verification, such as Fig. 1 are carried out to network trading
It is shown, be specially:When user needs to carry out online transaction, service system is first logged into, into transaction interface, is selected in transaction
Hold, now, system can prompt user to carry out safety verification using the said equipment, when user is connected the said equipment and client
After connecing(Can be by wired(Data wire or tone frequency channel wire)It is or wireless(WIFI or bluetooth)Mode connect), system will can hand over
Easy information is sent on the said equipment, and the said equipment shows the Transaction Information, when user clicks on ACK button on the above-described equipment
After confirmation, Transaction Information can be digitally signed by the said equipment, obtain signed data, and signed data is sent into client
End, client receive the signed data of the said equipment transmission, and the signed data is sent into server, and server receives the label
After name data, the signed data is verified, when the result meets preparatory condition, performs subsequent transaction flow.
But in correlation technique, it is above-mentioned wired or wirelessly widely use, thus system using above-mentioned wired or
Bad adaptability when person is wirelessly sent transaction information on the said equipment, the said equipment is hindered in mobile device(Hand
Machine, tablet personal computer etc.)On widely use.
The content of the invention
It is an object of the invention to provide the safe verification method of network trading, apparatus and system, to solve above-mentioned ask
Topic.
A kind of safe verification method of network trading is provided in an embodiment of the present invention, including:
The request message for being used to ask network trading that client is sent is received, request message is using sound wave as transmission medium;
Wherein, request message includes Transaction Information;
If receiving the checking instruction corresponding with request message of user's input, Transaction Information is extracted, and transaction is believed
Breath is digitally signed;
According to the result of digital signature, Quick Response Code is generated;
Two-dimensional code display, so as to client scan Quick Response Code, and the Transaction Information of Quick Response Code carrying is obtained, and to server
Transaction Information is sent, so that server is verified to Transaction Information, and performs subsequent transaction flow.
Further, if before receiving the checking instruction corresponding with request message that user inputs, in addition to:
Obtain the checking password for checking request message corresponding with request message of user's input.
A kind of safe verification method of network trading is additionally provided in an embodiment of the present invention, including:
The request message for being used to ask network trading that client is sent is received, request message is using sound wave as transmission medium;
Wherein, request message includes Transaction Information;
Obtain the trading password for checking request message corresponding with request message of user's input;
If receiving the checking instruction corresponding with request message of user's input, Transaction Information and trading password are extracted;
Transaction Information is digitally signed;
Trading password is encrypted, obtains trading password ciphertext;And/or obtain the essential information of Transaction Information;
According to the result of digital signature, trading password ciphertext and/or essential information, Quick Response Code is generated;
Two-dimensional code display, so as to client scan Quick Response Code, and the Transaction Information of Quick Response Code carrying is obtained, and to server
Transaction Information is sent, so that server is verified to Transaction Information, and performs subsequent transaction flow.
A kind of safety verification device of network trading is provided in an embodiment of the present invention, including:
Receiving unit, for receiving the request message for being used to ask network trading of client transmission, request message is with sound
Ripple is transmission medium;Wherein, request message includes Transaction Information;
Extraction unit, it is connected with receiving unit, for when the request received with receiving unit for receiving user's input
Corresponding to message during checking instruction, Transaction Information is extracted;
Digital signature unit, is connected with extraction unit, for being digitally signed to the Transaction Information that extraction unit extracts;
Generation unit, it is connected with digital signature unit, for the result of the digital signature obtained according to digital signature unit,
Generate Quick Response Code;
Display unit, it is connected with generation unit, for showing the Quick Response Code of generation unit generation, so as to client scan two
Code is tieed up, and obtains the Transaction Information of Quick Response Code carrying, and Transaction Information is sent to server, so that server enters to Transaction Information
Row checking, and perform subsequent transaction flow.
Further, the device also includes:
Acquiring unit, it is connected with receiving unit, for obtaining the request message received with receiving unit of user's input
The corresponding checking password for checking request message.
A kind of safety verification device of network trading is additionally provided in an embodiment of the present invention, including:
Receiving unit, for receiving the request message for being used to ask network trading of client transmission, request message is with sound
Ripple is transmission medium;Wherein, request message includes Transaction Information;
First acquisition unit, it is connected with receiving unit, for obtaining the request received with receiving unit of user's input
It is used for the trading password of checking request message corresponding to message;
Extraction unit, it is connected with receiving unit and first acquisition unit, disappearing with request for user's input is received for working as
Verified corresponding to breath when instructing, the trading password that the Transaction Information and first acquisition unit that extraction receiving unit receives obtain;
Digital signature unit, is connected with extraction unit, for being digitally signed to the Transaction Information that extraction unit extracts;
Ciphering unit, it is connected with extraction unit, for the trading password that extraction unit extracts to be encrypted, is merchandised
Cryptographic secret;And/or
Second acquisition unit, it is connected with extraction unit, the essential information of the Transaction Information for obtaining extraction unit extraction;
Generation unit, connected with digital signature unit, ciphering unit, and/or second acquisition unit, for being signed according to numeral
The result of digital signature that name unit obtains, ciphering unit encrypt obtained trading password, and/or second acquisition unit obtains
Essential information, generate Quick Response Code;
Display unit, for two-dimensional code display, so as to client scan Quick Response Code, and obtain the transaction letter of Quick Response Code carrying
Breath, and Transaction Information is sent to server, so that server is verified to Transaction Information, and perform subsequent transaction flow.
A kind of security authentication systems of network trading are provided in an embodiment of the present invention, including:Client, server
And sound wave two-dimensional code electronic cipher key;Wherein,
Client, for sending the request message for being used for asking network trading, request message is using sound wave as transmission medium;Its
In, request message includes Transaction Information;Quick Response Code is scanned, and obtains the Transaction Information of Quick Response Code carrying;Send and hand over to server
Easy information;
Sound wave two-dimensional code electronic cipher key, for receive client transmission be used for ask the request of network trading to disappear
Breath, request message is using sound wave as transmission medium;Wherein, request message includes Transaction Information;If receive user input with please
Checking instruction corresponding to message is asked, then extracts Transaction Information, and Transaction Information is digitally signed;According to the knot of digital signature
Fruit, generate Quick Response Code;
Server, for receiving the Transaction Information of client transmission, and Transaction Information is verified, it is follow-up to perform
Transaction flow.
Safe verification method, the apparatus and system of network trading provided in an embodiment of the present invention, receive and are utilized by client
Sound wave sends the request message of user's input, wherein, request message includes Transaction Information, is receiving disappearing with request for user's input
Checking instruction corresponding to breath(Equipment protection password)Afterwards, Transaction Information is extracted, and the Transaction Information is digitally signed, to handing over
Easy password is encrypted, and/or obtains the essential information of request message, according to the result after the result of digital signature, encryption,
And/or essential information generates Quick Response Code and shown, so as to the client scan Quick Response Code, and the transaction of Quick Response Code carrying is obtained
Information, and Transaction Information is sent to server, so that server is verified to Transaction Information, and subsequent transaction flow is performed,
With in the prior art, client is widely used by way of wired or Transaction Information wirelessly is sent into U-shield, therefore
It is poor for applicability, mobile device can not be widely used in(Such as mobile phone, tablet personal computer).
Brief description of the drawings
Fig. 1 shows the signaling diagram of the method for the safety verification for the network trading that correlation technique provides;
Fig. 2 shows a kind of structural representation of the security authentication systems of network trading provided in an embodiment of the present invention;
Fig. 3 shows a kind of signaling diagram of the safe verification method of network trading provided in an embodiment of the present invention;
Fig. 4 shows a kind of signaling diagram of the safe verification method of network trading provided in an embodiment of the present invention;
Fig. 5 shows a kind of signaling diagram of the safe verification method of network trading provided in an embodiment of the present invention;
Fig. 6 shows a kind of signaling diagram of the safe verification method of network trading provided in an embodiment of the present invention;
Fig. 7 shows a kind of structural representation of the safety verification device of network trading provided in an embodiment of the present invention;
Fig. 8 shows a kind of structural representation of the safety verification device of network trading provided in an embodiment of the present invention;
Fig. 9 shows a kind of structural representation of the safety verification device of optimal network transaction provided in an embodiment of the present invention
Figure;
Figure 10 shows the structural representation of sound wave two-dimensional code electronic cipher key provided in an embodiment of the present invention.
Embodiment
The present invention is described in further detail below by specific examples of the implementation and with reference to accompanying drawing.
For ease of understanding the present embodiment, the communication connecting system being based on first to the present embodiment is carried out briefly
It is bright.As shown in Fig. 2 the security authentication systems of network trading involved in the present invention, including:Server 101, client 102 with
And sound wave two-dimensional code electronic cipher key 103, data communications context can be established between three.And in embodiments of the present invention,
Above-mentioned client 102 can be the electric terminal with communication function such as smart mobile phone, tablet personal computer or other communication electricity
Sub- product, also, these electric terminals need to set loudspeaker, and sound wave two-dimensional code electronic cipher key 103 needs setting can
Receive the microphone of sound wave.
Embodiment 1
A kind of safe verification method of network trading is present embodiments provided, as shown in figure 3, including:
101st, the request message for being used to ask network trading that client is sent is received, request message is situated between by transmission of sound wave
Matter;Wherein, request message includes Transaction Information.
In the present embodiment, the transmission means of the sound wave based on air, using the sound wave of specific frequency, request message is sent
Give sound wave two-dimensional code electronic cipher key.Wherein, specific frequency can be by client and sound wave two-dimensional code electronic cipher key two
The operator of person voluntarily selects to set;Specifically, the loudspeaker sounding sound that client is set by it, to transmit sound wave, with
Just sound wave two-dimensional code electronic cipher key receives the sound wave, the microphone that sound wave two-dimensional code electronic cipher key is set by it with
The sound wave that specific frequency reception client is sent, and do subsequent treatment.
The Transaction Information specifically, request message includes but is not limited to transfer accounts, paid the bill etc., wherein the specifying information transferred accounts can be with
Including:It is transferred to account, transfer amounts, cryptographic secret and trading signature etc..
Wherein, request message can also be generated into Quick Response Code using planar bar code technology, transmission, which is somebody's turn to do, in the form of Quick Response Code asks
Seek message.Occur in subsequent embodiment with this step identical technical scheme, can be replaced with this method, this step is carried
The scheme of confession includes but is not limited to the alternative scheme.
102nd, the checking instruction corresponding with request message of user's input is received.
The Transaction Information illustrated on sound wave two-dimensional code electronic cipher key in step display 101, when user confirms
Information touches the confirmation module of the display screen display of sound wave two-dimensional code electronic cipher key, so as to sound wave Quick Response Code without mistaking
Electronics Cryptographic Keys are digitally signed to Transaction Information, wherein checking instruction protects password for user input equipment.
Confirm specifically, the mode of reception is user directly on sound wave two-dimensional code electronic cipher key, or to use
Family input validation information on the keyboard of sound wave two-dimensional code electronic cipher key, the confirmation, can be password or other
Authentication information.
103rd, Transaction Information is extracted, and Transaction Information is digitally signed.
In the present embodiment, sound wave two-dimensional code electronic cipher key parses to request message, extracts transaction letter therein
Breath, this method are the method for encapsulation and the decapsulation of message commonly used in the trade, and the present embodiment is not illustrating.
Specifically, same agreement and algorithm that sound wave two-dimensional code electronic cipher key and service end use, by sound wave two
Dimension code Electronics Cryptographic Keys are digitally signed to Transaction Information, the knot by service end according to the agreement and algorithm to digital signature
Fruit is verified, so as to extract entrained Transaction Information.Wherein, sound wave two-dimensional code electronic cipher key enters to Transaction Information
A kind of asymmetric arithmetic should be comprised at least during row digital signature(Such as RSA, ECC, SM2)With a kind of digest algorithm(As MD5,
SHA1, SHA-256, SM3 etc.).It should be noted that above-mentioned cipher mode is the common technology means encrypted in the industry, this implementation
This is not illustrated in example.
104th, according to the result of digital signature, Quick Response Code is generated.
Specifically, using planar bar code technology, according to the result of digital signature, Quick Response Code is generated.Wherein, the Quick Response Code of use
Type can be Quick Response Code, color code or the three-dimension code of standard, or off-gauge Quick Response Code, color code or three-dimension code etc..
Wherein, can also be according to the result of digital signature, the association that the result is signed in the form of a sound wave and with step 101
The specific frequency of sound wave used in view is transmitted, and so that client receives the sound wave, and the sound wave is parsed, extraction
Its Transaction Information carried, and Transaction Information is sent to server, so that server is verified to Transaction Information, and after execution
Continuous transaction flow.It should be noted that or the part identical with this step occurred in subsequent embodiment is identical or technology is similar
Technical scheme, it can be replaced with this method, the scheme that this step is provided includes but is not limited to the alternative scheme.
105th, two-dimensional code display, so as to client scan Quick Response Code, and the Transaction Information of Quick Response Code carrying is obtained, and to clothes
Business device sends Transaction Information, so that server is verified to Transaction Information, and performs subsequent transaction flow.
Specifically, client can prompt scanning input Quick Response Code, and the Quick Response Code is parsed using planar bar code technology, wherein,
The technology for parsing generation Quick Response Code in the process and previous step of Quick Response Code is mutual inverse process;So as to obtain Transaction Information, and will
The Transaction Information got is sent to server.As a result of planar bar code technology, confirmation, behaviour are manually entered without user
Make it is more convenient, when also breaching user in addition and manually entering, it is desirable to which input content limits and the brief limitation of content.
Specifically, in the prior art, it is necessary to which user is in client input validation password, sound wave two-dimensional code electronic cipher key
Input validation password is so as to greatly strengthen the safety verification of network trading on a security device.Wherein, server internet is handed over
Easy system, it is specifically as follows Mobile banking, flat board bank, Third-party payment, on-line shopping system etc..
A kind of safe verification method of network trading provided in an embodiment of the present invention, receive and sent by client using sound wave
The request message of user's input, wherein, request message includes Transaction Information, is receiving the corresponding with request message of user's input
Checking instruction(Equipment protection password)Afterwards, Transaction Information is extracted, and the Transaction Information is digitally signed, then according to numeral
The result generation Quick Response Code of signature is simultaneously shown, so as to the client scan Quick Response Code, and obtains the transaction letter of Quick Response Code carrying
Breath, and Transaction Information is sent to server, so that server is verified to Transaction Information, and subsequent transaction flow is performed, with
In the prior art, client is widely used by way of wired or Transaction Information wirelessly is sent into U-shield, therefore suitable
It is poor with property, mobile device can not be widely used in(Such as mobile phone, tablet personal computer).
Embodiment 2
Further, as shown in figure 4, the present embodiment additionally provides a kind of safe verification method of network trading, including:
201st, the request message for being used to ask network trading that client is sent is received, request message is situated between by transmission of sound wave
Matter;Wherein, request message includes Transaction Information.
202nd, the trading password for checking request message corresponding with request message of user's input is obtained.
Specifically, setting trading password on the server in advance, the password is voluntarily set by user, and only user oneself knows
Road.When user carries out network trading confirmation using sound wave two-dimensional code electronic cipher key, it is necessary to which user is in sound wave Quick Response Code electricity
The trading password is inputted on the keyboard of sub- cipher key, just can proceed with network trading, so as to enhance safety of network trade
Property.
203rd, the checking instruction corresponding with request message of user's input is received.
204th, Transaction Information is extracted, and Transaction Information is digitally signed.
205th, according to the result of digital signature, Quick Response Code is generated.
206th, two-dimensional code display, so as to client scan Quick Response Code, and the Transaction Information of Quick Response Code carrying is obtained, and to clothes
Business device sends Transaction Information, so that server is verified to Transaction Information, and performs subsequent transaction flow.
A kind of safe verification method of network trading provided in an embodiment of the present invention, receive and sent by client using sound wave
The request message of user's input, wherein, request message includes Transaction Information, is receiving the corresponding with request message of user's input
Checking instruction(Equipment protection password)Afterwards, Transaction Information is extracted, and the Transaction Information is digitally signed, according to digital signature
Result, generation Quick Response Code simultaneously show, so as to the client scan Quick Response Code, and obtain the Quick Response Code carrying Transaction Information,
And Transaction Information is sent to server, and so that server is verified to Transaction Information, and subsequent transaction flow is performed, it is and existing
In technology, client is widely used by way of wired or Transaction Information wirelessly is sent into U-shield, therefore applicability
Difference, mobile device can not be widely used in(Such as mobile phone, tablet personal computer).
Embodiment 3
A kind of safe verification method of network trading is additionally provided in embodiments of the invention as shown in figure 5, including:
301st, the request message for being used to ask network trading that client is sent is received, request message is situated between by transmission of sound wave
Matter;Wherein, request message includes Transaction Information.
302nd, the trading password for checking request message corresponding with request message of user's input is obtained.
303rd, the checking instruction corresponding with request message of user's input is received.
304th, Transaction Information is extracted.
305th, Transaction Information is digitally signed.
306th, trading password is encrypted, obtains trading password ciphertext.
In the present embodiment, using trading password, trading password is encrypted, obtains trading password ciphertext, can be strengthened
The safety guarantee dynamics of Quick Response Code.Specifically, the mode of symmetric cryptography and asymmetric encryption can be used to carry out request message
Encryption.Wherein, trading password can be user password, bank card password etc..
307th, according to the result of digital signature and trading password ciphertext, Quick Response Code is generated.
308th, two-dimensional code display, so as to client scan Quick Response Code, and the Transaction Information of Quick Response Code carrying is obtained, and to clothes
Business device sends Transaction Information, so that server is verified to Transaction Information, and performs subsequent transaction flow.
A kind of safe verification method of network trading provided in an embodiment of the present invention, receive and sent by client using sound wave
The request message of user's input, wherein, request message includes Transaction Information, is receiving the corresponding with request message of user's input
Checking instruction(Equipment protection password)Afterwards, Transaction Information is extracted, and the Transaction Information is digitally signed, trading password is entered
Row encryption, generated and Quick Response Code and shown according to the result of digital signature and the result of encryption, so as to the client scan Quick Response Code,
And the Transaction Information of Quick Response Code carrying is obtained, and Transaction Information is sent to server, so that server is carried out to Transaction Information
Checking, and performs subsequent transaction flow, and in the prior art, client passes through wired or wirelessly send out Transaction Information
The mode for giving U-shield widely uses, therefore poor for applicability, can not be widely used in mobile device(Such as mobile phone, tablet personal computer).
Embodiment 4
The present embodiment also provides a kind of safe verification method of optimal network transaction, as shown in fig. 6, including:
501st, the request message for being used to ask network trading that client is sent is received, request message is situated between by transmission of sound wave
Matter;Wherein, request message includes Transaction Information.
502nd, the trading password for checking request message corresponding with request message of user's input is obtained.
503rd, the checking instruction corresponding with request message of user's input is received.
504th, Transaction Information is extracted.
505th, Transaction Information is digitally signed.
506th, request message trading password is encrypted, obtains trading password ciphertext.
507th, the essential information of Transaction Information is obtained.
In the present embodiment, the safety guarantee of network trading can be strengthened by increasing the essential information generation Quick Response Code of Transaction Information
Dynamics.Specifically, the essential information of Transaction Information can be sequence information;Its specific cipher mode is the same as step in embodiment one
The mode that 103 pairs of Transaction Informations are digitally signed.
508th, according to the result of digital signature, trading password ciphertext and essential information, Quick Response Code is generated.
509th, two-dimensional code display, so as to client scan Quick Response Code, and the Transaction Information of Quick Response Code carrying is obtained, and to clothes
Business device sends Transaction Information, so that server is verified to Transaction Information, and performs subsequent transaction flow.
A kind of safe verification method of network trading provided in an embodiment of the present invention, receive and sent by client using sound wave
The request message of user's input, wherein, request message includes Transaction Information, is receiving the corresponding with request message of user's input
Checking instruction(Equipment protection password)Afterwards, Transaction Information is extracted, and the Transaction Information is digitally signed, trading password is entered
Its essential information is encrypted and obtained to row, and Quick Response Code is generated simultaneously according to the result after the result of digital signature, encryption and essential information
It has been shown that, so as to client scan Quick Response Code, and the Transaction Information of Quick Response Code carrying is obtained, and Transaction Information is sent to server,
So that server is verified to Transaction Information, and perform subsequent transaction flow, and in the prior art, client by wired or
The mode that Transaction Information is wirelessly sent to U-shield by person widely uses, therefore poor for applicability, can not be widely used in movement and set
It is standby(Such as mobile phone, tablet personal computer).
Embodiment 5
A kind of safety verification device of network trading is provided in an embodiment of the present invention, as shown in fig. 7, comprises:
Receiving unit 81, be used to ask the request message of network trading for receive client transmission, request message with
Sound wave is transmission medium;Wherein, request message includes Transaction Information.
Extraction unit 82, it is connected with receiving unit 81, being received with receiving unit 81 for user's input is received for working as
Request message corresponding to checking instruction when, extract Transaction Information.
Digital signature unit 83, it is connected with extraction unit 82, the Transaction Information for being extracted to extraction unit 82 enters line number
Word is signed.
Generation unit 84, it is connected with digital signature unit 83, for the digital signature obtained according to digital signature unit 83
Result, generate Quick Response Code.
Display unit 85, it is connected with generation unit 84, the Quick Response Code generated for showing generation unit 84, so as to client
The Quick Response Code is scanned, and obtains the Transaction Information of Quick Response Code carrying, and Transaction Information is sent to server, so as to server pair
Transaction Information is verified, and performs subsequent transaction flow.
A kind of safety verification device of network trading provided in an embodiment of the present invention, receive and sent by client using sound wave
The request message of user's input, wherein, request message includes Transaction Information, is receiving the corresponding with request message of user's input
Checking instruction(Equipment protection password)Afterwards, Transaction Information is extracted, and the Transaction Information is digitally signed, then according to numeral
The result generation Quick Response Code of signature is simultaneously shown, so as to the client scan Quick Response Code, and obtains the transaction letter of Quick Response Code carrying
Breath, and Transaction Information is sent to server, so that server is verified to Transaction Information, and subsequent transaction flow is performed, with
In the prior art, client is widely used by way of wired or Transaction Information wirelessly is sent into U-shield, therefore suitable
It is poor with property, mobile device can not be widely used in(Such as mobile phone, tablet personal computer).
Embodiment 6
Further, as shown in figure 8, the device also includes:
Acquiring unit 86, it is connected with receiving unit 81, for obtaining being asked with what receiving unit 81 received for user's input
Seek the checking password for being used for checking request message corresponding to message.
A kind of safety verification device of network trading provided in an embodiment of the present invention, receive and sent by client using sound wave
The request message of user's input, wherein, request message includes Transaction Information, is receiving the corresponding with request message of user's input
Checking instruction(Equipment protection password)Afterwards, Transaction Information is extracted, and the Transaction Information is digitally signed, then according to numeral
The result generation Quick Response Code of signature is simultaneously shown, so as to the client scan Quick Response Code, and obtains the transaction letter of Quick Response Code carrying
Breath, and Transaction Information is sent to server, so that server is verified to Transaction Information, and subsequent transaction flow is performed, with
In the prior art, client is widely used by way of wired or Transaction Information wirelessly is sent into U-shield, therefore suitable
It is poor with property, mobile device can not be widely used in(Such as mobile phone, tablet personal computer).
Embodiment 7
A kind of safety verification device of optimal network transaction is present embodiments provided, as shown in figure 9, including:
Receiving unit 91, be used to ask the request message of network trading for receive client transmission, request message with
Sound wave is transmission medium;Wherein, request message includes Transaction Information.
First acquisition unit 92, it is connected with receiving unit 91, for obtaining being received with receiving unit 91 for user's input
Request message corresponding to be used for checking request message trading password.
Extraction unit 93, be connected with receiving unit 91 and first acquisition unit 92, for when receive user input with
Verified corresponding to request message when instructing, what the Transaction Information and first acquisition unit 92 that extraction receiving unit 91 receives obtained
Trading password.
94 yuan of digital signature unit, is connected with extraction unit 93, and the Transaction Information for being extracted to extraction unit 93 is carried out
Digital signature.
Ciphering unit 95, it is connected with extraction unit 93, the trading password for being extracted to extraction unit 93 is encrypted, and obtains
To trading password ciphertext.
Second acquisition unit 96, it is connected with extraction unit 93, the base of the Transaction Information for obtaining the extraction of extraction unit 93
This information.
Generation unit 97, it is connected with digital signature unit 94, ciphering unit 95 and second acquisition unit 96, for according to number
The result for the digital signature that word signature unit 94 obtains, the encryption of ciphering unit 95 obtain trading password ciphertext and second acquisition unit
96 essential informations obtained, generate Quick Response Code.
Display unit 98, it is connected with generation unit 97, the Quick Response Code generated for showing generation unit 97, so as to client
The Quick Response Code is scanned, and obtains the Transaction Information of Quick Response Code carrying, and Transaction Information is sent to server, so as to server pair
Transaction Information is verified, and performs subsequent transaction flow.
A kind of safety verification device of network trading provided in an embodiment of the present invention, receive and sent by client using sound wave
The request message of user's input, wherein, request message includes Transaction Information, is receiving the corresponding with request message of user's input
Checking instruction(Equipment protection password)Afterwards, Transaction Information is extracted, and the Transaction Information is digitally signed, trading password is entered
Essential information therein is encrypted and obtained to row, generates Quick Response Code according to the result after digital signature, encryption and essential information and shows
Show, so as to the client scan Quick Response Code, and obtain the Transaction Information of Quick Response Code carrying, and transaction letter is sent to server
Breath, so that server is verified to Transaction Information, and performs subsequent transaction flow, and in the prior art, client is by having
Transaction Information is wirelessly sent to the mode of U-shield and widely used by line, therefore poor for applicability, can not be widely used in shifting
Dynamic equipment(Such as mobile phone, tablet personal computer).
Embodiment 8
A kind of security authentication systems of network trading are provided in an embodiment of the present invention, as shown in Fig. 2 including:Visitor
Family end 102, server 101 and sound wave two-dimensional code electronic cipher key 103;Wherein,
Client 102, the request message for asking network trading is sent, request message is using sound wave as transmission medium;Its
In, request message includes Transaction Information;The Quick Response Code that sound wave two-dimensional code electronic cipher key is sent is received, and scans Quick Response Code,
And obtain the Transaction Information of Quick Response Code carrying;The Transaction Information is sent to server.
Sound wave two-dimensional code electronic cipher key 103, the request message for being used to ask network trading that client is sent is received,
Request message is using sound wave as transmission medium;Wherein, request message includes Transaction Information;If receive disappearing with request for user's input
Checking instruction, then extract Transaction Information, and Transaction Information is digitally signed corresponding to breath;According to the result of digital signature,
Generate Quick Response Code.
Server 101, the Transaction Information that client is sent is received, and Transaction Information is verified, it is follow-up to perform
Transaction flow.
A kind of security authentication systems of network trading provided in an embodiment of the present invention, receive and sent by client using sound wave
The request message of user's input, wherein, request message includes Transaction Information, is receiving the corresponding with request message of user's input
After checking instruction, Transaction Information is extracted, and the Transaction Information is digitally signed, two dimension is generated according to the result of digital signature
Code is simultaneously shown, so as to the client scan Quick Response Code, and obtains the Transaction Information of Quick Response Code carrying, and send and hand over to server
Easy information, so that server is verified to Transaction Information, and subsequent transaction flow is performed, and in the prior art, client is led to
Mode wired or that Transaction Information is wirelessly sent to U-shield is crossed to widely use, thus it is poor for applicability, can not extensive utilization
In mobile device(Such as mobile phone, tablet personal computer).
Embodiment 9
As shown in Figure 10, sound wave two-dimensional code electronic cipher key includes:Support COS1001, the hardware security mould of Quick Response Code
Block 1002, input module 1003, output module 1004 and power module 1005.
Specifically, input module 1003 includes microphone, for receiving the information of acoustic wave of client transmission;Keyboard, it is used for
Receive checking password and confirmation of user's input etc.;
Hardware security module 1002 is that sound wave two-dimensional code electronic cipher key must include, the hardware security module
(HSM)Specific implementation can use various types of safety chips.Wherein, hardware security module 1002 at least supports one kind or one
Kind more asymmetric algorithm(Such as RSA, ECC, SM2), a kind of and more than one digest algorithms(As MD5, SHA1, SHA-256,
SM3 etc.), support hardware security module in unsymmetrical key to generation and safety store, support hardware security module in base
In digital signature of private key etc..
Sound wave two-dimensional code electronic cipher key in the present invention can not only be used for all kinds of passwords(Such as trading password)Input
Equipment, can also be as the digital signature device of transaction.Therefore the purposes of sound wave two-dimensional code electronic cipher key can be as needed
It is combined, such as the input equipment only as password is used, only used as digital signature device, or simultaneously as password
Input equipment and signature device use, or are only used as confirmation equipment.
In addition, sound wave two-dimensional code electronic cipher key, can also support many communication modes, include but is not limited to such as mobile network
Network, wireless network, Ethernet, USB, bluetooth, infrared, NFC.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should be included in the scope of the protection.
Claims (3)
- A kind of 1. safe verification method of network trading, it is characterised in that including:Receive the request message for being used to ask network trading that client is sent;The request message is the client to set The sound wave of frequency is transmission medium transmission, or, it is that the client advances with planar bar code technology and gives birth to the request message Into client Quick Response Code, and transmitted in the form of the client Quick Response Code;The request message includes Transaction Information;It is described Transaction Information includes:The essential information and cipher-text information of transaction;Obtain the trading password for being used to verify the request message corresponding with the request message of user's input;If the checking instruction corresponding with the request message of user's input is received, from the request message described in extraction Transaction Information;The equipment protection password that the checking instruction inputs for user;The Transaction Information is digitally signed;The trading password is encrypted, obtains trading password ciphertext;Obtain the essential information of the Transaction Information;According to the result of the digital signature, the trading password ciphertext and the essential information, key Quick Response Code is generated;The key Quick Response Code is shown, so as to key Quick Response Code described in client scan, and the key Quick Response Code is obtained and carries Transaction Information, and send the Transaction Information to server, so that the server is verified to the Transaction Information, and Perform subsequent transaction flow.
- A kind of 2. safety verification device of network trading, it is characterised in that including:Receiving unit, for receiving the request message for being used to ask network trading of client transmission;The request message is institute Client is stated using the sound wave of setpoint frequency as transmission medium transmission, or, it is that the client advances with planar bar code technology The request message is generated into client Quick Response Code, and transmitted in the form of the client Quick Response Code;The request message bag Include Transaction Information;The Transaction Information includes:The essential information and cipher-text information of transaction;First acquisition unit, it is used to verify the request message for obtaining the corresponding with the request message of user's input Trading password;Extraction unit, for receive user input it is corresponding with the request message checking instruction when, from the reception The Transaction Information is extracted in the request message that unit receives;The checking instruction is close for the equipment protection of user's input Code;Digital signature unit, the Transaction Information for being extracted to the extraction unit are digitally signed;Ciphering unit, the trading password for being obtained to the first acquisition unit are encrypted, and it is close to obtain trading password Text;Second acquisition unit, the essential information of the Transaction Information for obtaining the extraction unit extraction;Generation unit, for the result according to the digital signature, the trading password ciphertext and the essential information, generate key Spoon Quick Response Code;Display unit, for showing the key Quick Response Code, so as to key Quick Response Code described in the client scan, and obtain institute The Transaction Information of key Quick Response Code carrying is stated, and the Transaction Information is sent to server, so that the server is to the friendship Easy information is verified, and performs subsequent transaction flow.
- A kind of 3. security authentication systems of network trading, it is characterised in that including:Client, server and sound wave Quick Response Code Electronics Cryptographic Keys;Wherein,Client, for sending the request message for being used for asking network trading;The request message is the client to set The sound wave of frequency sends for transmission medium, or, it is that the client advances with planar bar code technology and gives birth to the request message Into client Quick Response Code, and sent in the form of the client Quick Response Code;The request message includes Transaction Information;With And the key Quick Response Code that scanning sound wave two-dimensional code electronic cipher key is shown, obtain the transaction letter that the key Quick Response Code carries Breath, and send the Transaction Information to server;Sound wave two-dimensional code electronic cipher key, for receive client transmission be used for ask the request of network trading to disappear Breath;Wherein, the request message includes Transaction Information;The Transaction Information includes:The essential information and cipher-text information of transaction;Obtain Take the trading password for being used to verify the request message corresponding with the request message of family input;If it is defeated to receive user The checking instruction corresponding with the request message entered, then extract the Transaction Information from the request message;To the friendship Easy information is digitally signed;The trading password is encrypted, obtains trading password ciphertext;Obtain the Transaction Information Essential information;According to the result of the digital signature, the trading password ciphertext and the essential information, key Quick Response Code is generated And shown;The equipment protection password that the checking instruction inputs for user;Server, the Transaction Information sent for receiving the client, and the Transaction Information is verified, and hold Row subsequent transaction flow.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410033383.2A CN103747012B (en) | 2013-08-01 | 2014-01-23 | Safe verification method, the apparatus and system of network trading |
Applications Claiming Priority (7)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201320465886 | 2013-08-01 | ||
| CN2013204658891 | 2013-08-01 | ||
| CN201320465889 | 2013-08-01 | ||
| CN201320465886.8 | 2013-08-01 | ||
| CN2013204658868 | 2013-08-01 | ||
| CN201320465889.1 | 2013-08-01 | ||
| CN201410033383.2A CN103747012B (en) | 2013-08-01 | 2014-01-23 | Safe verification method, the apparatus and system of network trading |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103747012A CN103747012A (en) | 2014-04-23 |
| CN103747012B true CN103747012B (en) | 2017-12-19 |
Family
ID=50503999
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410033383.2A Active CN103747012B (en) | 2013-08-01 | 2014-01-23 | Safe verification method, the apparatus and system of network trading |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103747012B (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103839160B (en) * | 2014-03-20 | 2015-09-02 | 武汉信安珞珈科技有限公司 | A kind of network trading digital signature method and device |
| CN104301105A (en) * | 2014-06-24 | 2015-01-21 | 齐亚斌 | Digital certificate signing method based on mobile device with communication function, and equipment for realizing the same |
| CN104113416B (en) * | 2014-06-26 | 2017-08-25 | 北京天诚安信科技股份有限公司 | 2 D code verification method and system based on electronic signature |
| CN104159224A (en) * | 2014-07-22 | 2014-11-19 | 上海众人科技有限公司 | Mobile terminal digital certification system and method |
| CN104268780A (en) * | 2014-10-21 | 2015-01-07 | 中国建设银行股份有限公司 | Trade order confirmation method and device and server |
| CN105844520A (en) * | 2015-01-13 | 2016-08-10 | 伍彬 | Electronic receipt generating and verifying method |
| CN105117905A (en) * | 2015-07-21 | 2015-12-02 | 北京邮电大学 | Wireless Key payment system based on visible light communications and payment method |
| CN105515783B (en) * | 2016-02-05 | 2019-02-15 | 中金金融认证中心有限公司 | Identity identifying method, server and certification terminal |
| CN106169091B (en) * | 2016-07-03 | 2019-11-08 | 恒宝股份有限公司 | A kind of fiscard and its application method |
| CN107688836A (en) * | 2016-08-05 | 2018-02-13 | 上海景禧医纺科技有限公司 | A kind of medical textile management method and system |
| CN106452763B (en) * | 2016-12-01 | 2019-07-30 | 中孚信息股份有限公司 | One kind using cipher key method by remote dummy USB device |
| CN106911689A (en) * | 2017-02-20 | 2017-06-30 | 深圳怡化电脑股份有限公司 | Exchange information processing method and system, financial transaction apparatus and terminal |
| TWI651656B (en) * | 2017-03-29 | 2019-02-21 | 楊建綱 | Multidimensional barcode action identity authentication method, digital certificate device |
| CN109388982A (en) * | 2017-08-04 | 2019-02-26 | 武汉矽感科技有限公司 | The method and and server that a kind of pair of trading activity is traced |
| CN108809442A (en) * | 2018-04-19 | 2018-11-13 | 佛山市顺德区中山大学研究院 | A kind of sonic transmissions 2 D code system based on intelligent terminal, method and apparatus |
| CN111064692B (en) * | 2018-10-16 | 2022-06-14 | 中兴通讯股份有限公司 | Data communication method, terminal and storage medium |
| EP3684004A1 (en) * | 2019-01-21 | 2020-07-22 | Ngrave bvba | Offline interception-free interaction with a cryptocurrency network using a network-disabled device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436280A (en) * | 2008-12-15 | 2009-05-20 | 北京华大智宝电子系统有限公司 | Method and system for implementing electronic payment of mobile terminal |
| CN102387142A (en) * | 2011-10-20 | 2012-03-21 | 北京天地融科技有限公司 | Tool, authentication method and system for electronic signature |
| CN102868688A (en) * | 2012-09-05 | 2013-01-09 | 天地融科技股份有限公司 | Certification system and method and electronic signature tool |
| CN102903044A (en) * | 2012-09-03 | 2013-01-30 | 中国工商银行股份有限公司 | Banking mobile terminal data signature device, banking mobile terminal data signature method and safety authentication system |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2164053A1 (en) * | 2008-09-11 | 2010-03-17 | Gemplus | Standalone counterattack method in response to one or several physical aggressions, and associated device |
| EP2339493A1 (en) * | 2009-12-22 | 2011-06-29 | Gemalto SA | Authenticating human interface device |
| CN102971758A (en) * | 2010-04-14 | 2013-03-13 | 诺基亚公司 | Method and apparatus for providing automated payment |
| CN101820346B (en) * | 2010-05-04 | 2012-06-27 | 飞天诚信科技股份有限公司 | Secure digital signature method |
| CN102655507A (en) * | 2012-04-17 | 2012-09-05 | 上海众人网络安全技术有限公司 | Information safety device and system and implementation method |
| CN103218565A (en) * | 2012-10-24 | 2013-07-24 | 东信和平科技股份有限公司 | Novel USB (universal serial bus) key and transaction method adopting same |
-
2014
- 2014-01-23 CN CN201410033383.2A patent/CN103747012B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436280A (en) * | 2008-12-15 | 2009-05-20 | 北京华大智宝电子系统有限公司 | Method and system for implementing electronic payment of mobile terminal |
| CN102387142A (en) * | 2011-10-20 | 2012-03-21 | 北京天地融科技有限公司 | Tool, authentication method and system for electronic signature |
| CN102903044A (en) * | 2012-09-03 | 2013-01-30 | 中国工商银行股份有限公司 | Banking mobile terminal data signature device, banking mobile terminal data signature method and safety authentication system |
| CN102868688A (en) * | 2012-09-05 | 2013-01-09 | 天地融科技股份有限公司 | Certification system and method and electronic signature tool |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103747012A (en) | 2014-04-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103747012B (en) | Safe verification method, the apparatus and system of network trading | |
| CN105684344B (en) | A kind of cipher key configuration method and apparatus | |
| CN105337740B (en) | A kind of auth method, client, trunking and server | |
| CN101800639A (en) | Method, system and device for realizing ebanking services | |
| JP2017503253A (en) | Authentication system and method using QR code | |
| CN107784499B (en) | Secure payment system and method of near field communication mobile terminal | |
| CN108599925A (en) | A kind of modified AKA identity authorization systems and method based on quantum communication network | |
| CN102045715B (en) | Method, device and system for realizing mobile signature | |
| TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
| CN104935441B (en) | A kind of authentication method and relevant apparatus, system | |
| JP6430544B2 (en) | O2O secure settlement method and O2O secure settlement system | |
| CN102036236A (en) | Method and device for authenticating mobile terminal | |
| CN103037323B (en) | Based on random code verification system and the verification method thereof of mobile terminal | |
| US20160381011A1 (en) | Network security method and network security system | |
| CN103839160B (en) | A kind of network trading digital signature method and device | |
| CN101944216A (en) | Two-factor online transaction safety authentication method and system | |
| CN104077690A (en) | One-time password generation method and device, authentication method and authentication system | |
| JP2015201844A5 (en) | ||
| CN106656993B (en) | Dynamic verification code verification method and device | |
| CN105323063B (en) | The auth method of mobile terminal and fixed intelligent terminal based on two dimensional code | |
| US20100005519A1 (en) | System and method for authenticating one-time virtual secret information | |
| CN103793819B (en) | transaction system and method | |
| CN102869009B (en) | Communication encryption application process and communication system | |
| CN105741116A (en) | Fast payment method, apparatus and system | |
| WO2015109958A1 (en) | Data processing method based on negotiation key, and mobile phone |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210427 Address after: 100082 101-505, 5 / F, building 18, east yard, No. 10, northwest Wangdong Road, Haidian District, Beijing Patentee after: Beijing Yunhe Network Technology Co.,Ltd. Address before: 6, building 1, building 26, 518009 Beidou Road, Shenzhen, Guangdong, 502, Luohu District Patentee before: Dai Linqiao Patentee before: Luo Yong |
|
| TR01 | Transfer of patent right |