CN103856323A - Network security verification method for examining identities by means of user positions - Google Patents

Network security verification method for examining identities by means of user positions Download PDF

Info

Publication number
CN103856323A
CN103856323A CN201210496721.7A CN201210496721A CN103856323A CN 103856323 A CN103856323 A CN 103856323A CN 201210496721 A CN201210496721 A CN 201210496721A CN 103856323 A CN103856323 A CN 103856323A
Authority
CN
China
Prior art keywords
individual
use terminal
server
take
authentication server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201210496721.7A
Other languages
Chinese (zh)
Other versions
CN103856323B (en
Inventor
P·史柏格
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Laiyi Digital Technology Co., Ltd.
Original Assignee
Keypasco AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Keypasco AB filed Critical Keypasco AB
Priority to CN201210496721.7A priority Critical patent/CN103856323B/en
Publication of CN103856323A publication Critical patent/CN103856323A/en
Application granted granted Critical
Publication of CN103856323B publication Critical patent/CN103856323B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a network security verification method for examining identities by means of user positions, which is applied to a verification server and involves cooperation with a use terminal, a personal portable device and a content provider server. The network security verification method comprises: making a comparison between the hardware scanning data of the user terminal and the personal portable device and a database set in advance, and determining whether the preset database exists, the user terminal and the personal portable device needing to accord with the association of similar geographical position operation; and if the two does not accord with the association of the similar geographical position operation, a verification server determining that there is an abnormal operation state and transmitting an examination result back to the content provider server or the use terminal. The method provided by the invention can save processing cost, and can avoid attacks or illegal operation of remote-end hackers by counterfeiting identities.

Description

By the network security verification method of user's location test identity
Technical field
The present invention relates to a kind of network security verification method, particularly relate to a kind of network security verification method by user's location test identity.
Background technology
Along with the epoch are progressive, the Internet universal, network bandwidth adds that wireless technology is omnipresent, the individual such as smart mobile phone, panel computer is popularizing of equipment with oneself, add the fast development of high in the clouds service, allow everyone life, within 24 hours, all be unable to do without these modern science and technology.In addition, credit card is in the Internet or sell end points (Point of Sale, be called for short POS) the stolen brush of system, emerge in an endless stream in the problem of the stolen neck of Automatic Teller Machine (ATM), is all also the safe not result of authentication.
But the modern science and technology that these have whenever and wherever possible, except various benefits, also there is its negative impact: if there is no safe authentication, various valuable online services are all difficult to provide via network, not so to emit very large risk and loss, for example: individual privacy, confidential data, cash in banks, or the credit card abuse that all can be stolen at any time.
Line verification product in decades is also not suitable for the various product and services with rapid changepl. never-ending changes and improvements in present the Internet, is not that safety is exactly that cost is too high not, uses inconvenient and cannot popularize in an all-round way.New thinking, new technology and product just can meet today and following demand.
User carries out the object of transaction in network, for example: internet content provider (InternetContent Provider, be called for short ICP), in order to examine the existing transaction verification technology of user's identity, its disappearance comprises: the authentication hardware of essential distribution entity is to user, but also must consider material and the management cost of the authentication hardware of entity, and process the human cost of related service; In addition, confirm user's identity, the network hacker attack with rapid changepl. never-ending changes and improvements that still cannot solve far-end with the data of code and password.
Summary of the invention
Therefore, the object of the invention is providing a kind of network security verification method by user's location test identity that solves aforementioned disappearance.
Networking security verification method of the present invention is to be applied to an authentication server, and coordinating a use terminal, a people can take device and content provider's server, this network security verification method comprises the steps: that (a) this this authentication server of content provider's server requirement checks identity for this user; (b) this authentication server is obtained this use terminal and this individual and can take the hardware scanning data of device, and can take device for this use terminal and this individual and position; And (c) this authentication server can be taken the hardware scanning data of device by this use terminal and this individual and compares with the data bank building in advance, judge whether to exist the data bank that builds in advance can take device whether by user is had to determine this use terminal and this individual, and this use terminal and this individual can take device, and the two need meet the association that close geographical position operates, if do not meet the association of close geographical position operation, be judged as abnormal operation state, and examination result is returned to maybe this use terminal of this content provider's server.
In the first embodiment of network security verification method of the present invention, step (b) comprises following sub-step: carry out one first proving program by this authentication server or by this use terminal of this content provider's server notification, this first proving program is the first scanning data that scans the hardware element identification code combination of these hardware elements that obtain for the plural hardware element of this use terminal, and the location of this use terminal is represented to this use terminal the first navigation data of position at that time to obtain one, this use terminal and transmit this first scanning data and this first navigation data give this authentication server, and this authentication server or this content provider's server or user drive this individual can take preset software in device to carry out one second proving program, this second proving program is that the device of plural hardware element can take to(for) this individual scans to obtain a second scanning data with the hardware element identification code combination of plural hardware element, and can take device to this individual and locate to obtain one and represent that this individual can take device one second navigation data of position at that time, this individual can take device and transmit this second scanning data and this second navigation data give this authentication server, and step (c) this first scanning data and this second scanning data that to be this authentication server can take device by this use terminal and this individual are compared with the data bank building in advance, judge whether to exist the data bank that builds in advance can take device whether by this user is had to determine this use terminal and this individual, and judge whether to there is the association that close geographical position operates according to this first navigation data and this second navigation data, if do not meet, be judged as abnormal operation state, and examination result is returned to maybe this use terminal of this content provider's server by this authentication server.
Preferably, the associated judgment rule of the close geographical position operation of the first embodiment is: this use terminal and this individual can take device and have identical GPS position location, or this use terminal and this individual can take device and share consolidated network address, or this use terminal and this individual can take device and share the position on same mobile communication network.
In the second embodiment of network security verification method of the present invention, step (b) comprises following sub-step: carry out one first proving program by this authentication server or this use terminal of this content provider's server notification, this first proving program is the first scanning data that scans the hardware element identification code combination of these hardware elements that obtain for the plural hardware element of this use terminal, and this use terminal is positioned to obtain one represent this use terminal navigation data of position at that time, this authentication server or this content provider's server or user drive preset software in this use terminal to carry out one second proving program, this second proving program is that this individual of this use terminal judges can take near whether position this use terminal of device, if, this use terminal and this individual can take device and connect, and scan to obtain a second scanning data with a hardware element identification code for the hardware element that this individual can take device, this use terminal also transmits this second scanning data to this authentication server, and step (c) to be this authentication server can take this first scanning data, this navigation data and this second scanning data of device by this use terminal and this individual compares with the data bank building in advance, judge whether to exist the data bank that builds in advance can take device whether by this user is had to determine this use terminal and this individual, and judge whether to meet according to this navigation data the association that close geographical position operates.
Preferably, the associated judgment rule of the close geographical position operation of the second embodiment is: this use terminal and this individual can take device and be connected to each other via near-field communication mode, or this use terminal and this individual can take device and share same short-distance radio network.This use terminal is by one first communication pipe and this content provider's line, and this use terminal is by second communication pipeline and this authentication server line that is different from this first communication pipe.
In the 3rd embodiment of networking security verification method of the present invention, to be applied to an authentication server, and coordinate a use terminal, a people can take device and content provider's server, this use terminal is that an Automatic Teller Machine or is sold end points, and this content provider's server is to provide the card issuer of user's one credit card or a bank card; This network security verification method comprises the steps: that (a) this this authentication server of content provider's server requirement provides this user's individual can take the geographical position of device; (b) this authentication server is obtained this individual and can be taken the hardware scanning data of device and can take device for this use terminal and this individual and position; (c) this authentication server can be taken the hardware scanning data of device by this individual and compares with the data bank building in advance, judge whether to exist the data bank that builds in advance can take device whether by user is had to determine this individual, if so, just this geographical position is given to this content provider's server; And (d) this content provider's server relatively this use terminal and this individual can take device the two need meet the association of close geographical position operation, if do not meet the association of close geographical position operation, be judged as abnormal operation state, and examination result is returned to this use terminal.
Preferably, the associated judgment rule of the close geographical position operation of the 3rd embodiment is: this use terminal and this individual can take device and be connected to each other via near-field communication mode, or this use terminal and this individual can take device and share same short-distance radio network.
The beneficial effect of network security verification method of the present invention is:
1. strengthen transaction security: the present invention adopts double verification technology, namely simultaneous verification user's two kinds of entity apparatus, coordinate authentication server to judge and use terminal and individual can take the association confirmation user identity whether device meets the operation of close geographical position, can avoid the network hacker of far-end to usurp the problem of identifying data.
2. save cost: user can be used as the required individual of double verification with existing running gear can take device, therefore, internet content provider does not need the authentication hardware of issuing entity to user, can save material and the management cost of the authentication hardware of entity, and process the human cost of related service.
Brief description of the drawings
Fig. 1 is the system block diagrams of the first preferred embodiment of explanation authentication server of the present invention and relevant apparatus;
Fig. 2 is the system block diagrams of the second preferred embodiment of explanation authentication server of the present invention and relevant apparatus;
Fig. 3 is the flow chart of the first embodiment of explanation network security verification method of the present invention;
Fig. 4 is the flow chart of the second embodiment of explanation network security verification method of the present invention; And
Fig. 5 is the flow chart of the 3rd embodiment of explanation network security verification method of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in detail.Before the present invention is described in detail, be noted that in the detailed description of following several preferred embodiments, similarly element is to represent with identical numbering.
Consult Fig. 1, network security verification method of the present invention is to be applied to an authentication server 1 (IdentityProvider, be called for short IDP), and coordinate a user 5 use terminal 11, the individual that a user uses in the time logining content provider's server can take device 12, and content provider (ICP) server 3, and authentication server 1, use terminal 11 and content provider's server 3 to be connected to each other by a communication network 500; In addition, use terminal 11 and content provider's server 3 by one first communication pipe line, and use terminal 11 and authentication server 1 by a second communication pipeline line that is different from the first communication pipe, separate to improve safe class by second communication pipeline and the first communication pipe, because the first communication pipe is only used in general networking certification (comprising authentication and numerical digit stamped signature), hacker also knows how to go to attack, the present invention adds second communication pipeline, and hacker is difficult to attack this second communication pipeline simultaneously.
Should be noted, the in this case geographical position of " quite approaching ", " the close geographical position " of the present embodiment, and can do different judgements by authentication server 1 by different situations, be after this all this meaning, no longer repeat specification.
The principle of the inventive method is: first, the website data that user 5 utilizes a browser view content supplier server 3 that uses terminal 11 to provide, and input data, namely used individual code name and password to login content provider's server 3.In the present embodiment, content provider's server 3, after judging that individual code name of the user 5 and password are correct, then requires authentication server 1 to carry out authentication to this user 5 via second communication pipeline.
Then, authentication server 1 is obtained the hardware scanning data that uses terminal 11 and individual can take device 12, hardware scanning data is to comprise the unique identifier that uses terminal 11 and individual can take the hardware element (as: motherboard, CPU or transport interface etc.) of device 12, and positions for using terminal 11 and individual can take device 12.
Then, authentication server 1 is compared with the data bank (not shown) building in advance using terminal 11 and individual can take the hardware scanning data of device 12, judge whether to exist the data bank that builds in advance can take device whether by this user is had to determine this use terminal and this individual, and the two need meet the association of close geographical position operation to use terminal 11 and individual can take device 12, if the two does not meet the association of close geographical position operation to use terminal 11 and individual can take device 12, be judged as abnormal operation state, and examination result is returned to content provider's server 3 or uses terminal 11.
What need explanation in advance is, the definition that can take device 12 as individual that Fig. 1 defines is to belong to any aggressive device (Active Device), wherein, aggressive device can be but be not limited to: notebook computer, smart mobile phone or panel computer, general reference one can be installed software program, and can transmit voluntarily data and can take device 12 to the individual of authentication server 1.The definition that can take device 12 as individual that Fig. 2 defines is to belong to any passive device (Passive Device) or any aggressive device, wherein, passive device can be (but being not limited to): conventional mobile phone, bank card, credit card or SIM card, mean: one cannot be installed any software program, the data of cannot transmitting is voluntarily to authentication server 1, but can connect and transmission data is used the individual of terminal 11 can take device 12; The definition of aggressive device is as aforementioned, in this not repeat specification.
Consult Fig. 1 and Fig. 3, in the first embodiment of network security verification method of the present invention, it is to be applicable to defined aggressive device in this specification that individual can take device 12, now the step of the first embodiment is described below.
Use terminal 11 to produce an input data and be transferred to content provider's server 3 (step S101); For example: user 5 utilizes and uses a browser of terminals 11 to watch the website data of the Internet bank that content provider's server 3 of a banker provides, and uses individual code name and password to login content provider's server 3.Then, content provider's server 3 is after judging that individual code name of the user 5 and password be correct, notice authentication server 1 is confirmed user's identity (step S102), and drives simultaneously and use the software of installing in advance in terminal to start to carry out one first proving program (step S103) via step S101 same communication pipeline.
In addition, authentication server is also notified individual can take device 12 and is carried out one second proving program (step S104).
The first proving program is to use the scanning imaging system that terminal 11 is installed to scan for the plural hardware element that uses terminal 11, and the hardware element identification code of these hardware elements that obtain is combined into one first scanning data, and, use terminal 11 one first navigation data of position at that time to using terminal 11 to position to obtain a representative, use terminal 11 and transmit the first scanning data and the first navigation data to this authentication server 1 (step S105).
The second proving program can be also that content provider's server 3 or this user drive this individual can take the interior preset software execution of device 12, individual can take scanning imaging system that device 12 installs and can take for individual the plural hardware element scanning of device 12, and the hardware element identification code of these hardware elements that obtain is combined into one second scanning data, and, can take device 12 to individual positions to obtain a representative individual and can take device 12 one second navigation data of position at that time, individual can take device 12 and transmit the second scanning data and the second navigation data to authentication server 1 (step S106).
Above-mentioned individual can take device 12 can be by three kinds of modes: authentication server 1, content provider's server 3 or driven scanning and data is delivered to authentication server 1 via second communication pipeline by this user.
Authentication server 1 or content provider's server 3 drive: for example smart mobile phone is driven the interior preset software scans of individual portable device able 12 and data is delivered to authentication server 1 via second communication pipeline by push function.
User drives scanning: for example embedded software is as an App program, and user is login simultaneously can the interior preset App program scanning of active drive authentication server 1 and data is delivered to authentication server 1 via second communication pipeline.
Above-mentioned is to be different from the first communication pipe (the step S101 using between terminal 11 and content provider's server 3 using the second communication pipeline (step S105) between terminal 11 and authentication server 1, S103), can further prevent hacker attacks like this.
The above-mentioned second communication pipeline (step S106) that can take between device 12 and authentication server 1 individual is to be different from individual can take the first communication pipe (step S104) between device 12 and authentication server 1, can further prevent hacker attacks like this.
Authentication server 1 performs step S107 after receiving the data of abovementioned steps S105 and step S106, step S107 comprises: the first scanning data and individual the second scanning data of device 12 of can taking that use terminal 11 are compared with the data bank building in advance, judge whether to exist the data bank that builds in advance to use terminal 11 and individual can take device 12 whether by user is had to determine, and according to the second navigation data that uses the first navigation data of terminal 11 and individual can take device 12 association that close geographical position operates that judges whether to conform to.
If authentication server 1 judgement does not meet, be judged as abnormal operation state, if judgement meets, be judged as normal operating state, and examination result is returned to content provider's server 3 (step S108), in the present embodiment, examination result is normal operating state, represent that user 5 identity is for passing through checking, therefore, content provider's server 3 and use terminal 11 can be set up the required encryption line (step S109) of transaction program, and then, content provider's server 3 can use the desired subsequent operation of terminal 11.In other embodiments, authentication server 1 also can directly return to examination result to use terminal 11, also belongs to the category of the inventive method.
In the first embodiment, be that the software of installing by authentication server 1 carries out the relevance checking in geographical position, and the associated judgment rule of its close geographical position operation is: foundation use terminal 11 and individual can take device 12 and have identical GPS position location, and the main reception gps satellite signal that utilizes positions; Or shared consolidated network address (IP add ress), can utilize the location technology of the network bit address of the Wi-Fi node of HTML5 specification; Or use terminal 11 and individual can take the position that device 12 shares on same mobile communication network, the location algorithm of mobile communication network is to utilize the signal strength signal intensity of radio base station and the position of radio base station to go weight proportion to distribute, and estimates action user's position; Above the positioning result in various close geographical position namely represent use terminal 11 and individual can take device 12 both this user have and be positioned at same geographical position, and then can be used as the voucher of exchange's need such as electronic signature, online payment.
In addition, the software that individual can take device 12 interior installations can be set in after start, automatically connects at set intervals authentication server 1 and scanning data and position are uploaded.Using terminal 11 while logining content provider's server 3, the position that authentication server 1 can individual portable device able 12 reports for the last time judges whether position rationally does and allows the foundation logined.
Consult Fig. 2 and Fig. 4, in the second embodiment of network security verification method of the present invention, individual can take passive device or the aggressive device that device 12 is aforementioned definitions, now the step of the second embodiment is described below.
Use terminal 11 to produce an input data and be transferred to content provider's server 3 (step S301); For example: user 5 utilizes and uses a browser of terminals 11 to watch the website data of the Internet bank that content provider's server 3 of a banker provides, and uses individual code name and password to login content provider's server 3.Then, content provider's server 3 is after judging that individual code name of the user 5 and password are correct, notice authentication server 1 is confirmed user's identity (step S302), and drives simultaneously and use the software of installing in advance in terminal to start to carry out one first proving program (step S303) via step S301 same communication pipeline.
The first proving program is to use the scanning imaging system that terminal 11 is installed to scan for the plural hardware element that uses terminal 11, and the hardware element identification code of these hardware elements that obtain is combined into one first scanning data, and notifies use terminal 11 can take device 12 for individual and carry out one second proving program.
In addition, use terminal 11 and obtaining after the notice of content provider's server 3, can take device 12 for individual and carry out one second proving program (step S304), the second proving program be use terminal 11 judge individual can take device 12 whether use terminal 11 near position (relevance of carrying out geographical position by the software that uses terminal 11 to install is verified), if, using terminal 11 and individual can take device 12 connects, and scan to obtain a second scanning data (step S305) with a hardware element identification code for the hardware element that individual can take device 12, then, use terminal 11 to transmit the first scanning data, the second scanning data and use terminal 11 and individual can take device 12 the two relevance the result in the operation of close geographical position, give authentication server 1 (step S306).
Above-mentioned is to be different from the first communication pipe (step S301, S303) using between terminal and content provider's server 3 using the second communication pipeline (step S306) between terminal 11 and authentication server 1, can further prevent hacker attacks like this.
This authentication server 1 can be taken the second scanning data of device 12 by this first scanning data of this use terminal 11 and this individual and compare with the data bank building in advance, judge whether to exist the data bank that builds in advance can take device 12 whether by this user is had to determine this use terminal 11 and this individual, and the two judge whether to meet at relevance the results of close geographical position operation the association (step S307) that close geographical position operates according to using terminal 11 and individual can take device 12.
If authentication server 1 judgement does not meet, be judged as abnormal operation state, if judgement meets, be judged as normal operating state, and examination result is returned to content provider's server 3 (step S308), in the present embodiment, examination result is normal operating state, represent that user 5 identity is for passing through checking, therefore, content provider's server 3 and use terminal 11 can be set up the required encryption line (step S309) of transaction program, and then, content provider's server 3 can use the desired subsequent operation of terminal 11.In other embodiments, authentication server 1 also can directly return to examination result to use terminal 11, also belongs to the category of the inventive method.
The difference of the second embodiment and the first embodiment is: the second embodiment is the relevance checking of carrying out geographical position by the software that uses terminal 11 to install, and the associated judgment rule of its close geographical position operation is: use terminal 11 and individual can take device 12 and be connected to each other via near-field communication mode, share same short-distance radio network, wherein, short-distance radio network can be to use terminal 11 and individual can take device 12 to be connected to each other via near-field communication (NFC) mode, or share same short-distance radio network (as: Bluetooth communication, Wi-Fi communication), namely represent that using terminal 11 and individual can take device 12 is both positioned at same geographical position, and then can be used as electronic signature, the voucher that the exchanges such as online payment need.
Consult Fig. 5, in the 3rd embodiment of network security verification method of the present invention, mainly to be applied to a terminal 11 for user's operation, one content provider's server 3, and one the individual who is carried by this user in the time logining this content provider's server 3 can take device 12, in the present embodiment, this use terminal 11 is that an Automatic Teller Machine or is sold end points, individual can take passive device or the aggressive device that device 12 is aforementioned definitions, content provider's server 3 is to provide the card issuer of user's one credit card or a bank card, now the step of the 3rd embodiment is described below.
Using terminal 11 to produce an input data includes and uses the geographical position of terminal 11 to be transferred to content provider's server 3 (step S401), for example: user's credit card or bank card are withdrawn the money or paid at ATM or sale end points, and use personal identification number to login content provider's server 3.Then, content provider's server 3 is after judging that user's personal credit card or bank card and password are correct, and notice authentication server 1 requires its geographical position (step S402) for personal device that should user.
Authentication server 1 is being obtained after the requirement of content provider's server 3, can take device 12 for individual and carry out a proving program, drive individual can take the interior preset scanning imaging system of device 12 its hardware element is scanned to obtain an one scan data with a hardware element identification code, and, can take device 12 to individual and position to obtain a representative individual and can take device 12 navigation data of position (step S403) at that time, individual can take device 12 and transmit scanning data and navigation data to authentication server 1 (step S404).Authentication server 1 can be taken the scanning data of device 12 by individual and compares with the data bank building in advance, judges whether to exist the data bank that builds in advance can take device 12 whether by user is had (step S405) to determine individual.If result is correct, just content provider's server 3 (step S406) is passed in the just individual geographical position that can take device 12 of authentication server 1.Content provider's server 3 is just according to the association (step S407) that uses the navigation data of terminal 11 and navigation data that individual can take device 12 to judge whether to conform to the operation of close geographical position.
If 3 judgements of content provider's server do not meet, be judged as abnormal operation state, if judgement meets, be judged as normal operating state, and examination result is returned to and uses terminal 11 (step S408), in the present embodiment, examination result is normal operating state, represent that user's identity is for passing through checking, therefore, content provider's server 3 can use the desired subsequent operation of terminal 11.
In addition, content provider's server 3 by the positioning result representative in this close geographical position use terminal 11 and individual can take device 12 both this user have and be positioned at same geographical position, and then be used as user's electronic signature or the required voucher of payment transaction.Again, the software that individual can take device 12 interior installations can be set in after start, automatically connect at set intervals authentication server 1 and scanning data and position are uploaded, using terminal 11 while logining content provider's server 3, the position that authentication server 1 can individual portable device able 12 reports for the last time judges whether position rationally does and allows the foundation logined.
Mentioned various geographical position acquisition mode in the first embodiment, is applicable in the 3rd embodiment certainly; Various near field position discriminant approaches in the second identical embodiment are also applicable to, in the 3rd embodiment, not be repeated in this description at this.
Comprehensive the above, the beneficial effect of network security verification method of the present invention is:
1. strengthen transaction security: the present invention adopts double verification technology, namely simultaneous verification user's two kinds of entity apparatus, authentication server 1 uses terminal 11 and individual whether can take device 12 for this user has and whether meet the association confirmation user identity that close geographical position operates by judging, can avoid the network hacker of far-end to usurp the problem of identifying data.
2. save cost: user 5 can be used as the required individual of double verification with own existing mobile phone own or panel computer can take device 12, therefore, internet content provider does not just need the authentication hardware of re-issuing entity to user 5, can save material and the management cost of the authentication hardware of entity, and process the human cost of related service.
Only above-described content, be only preferred embodiment of the present invention, can not limit scope of the invention process with this, i.e. all simple equivalences of doing according to the present patent application the scope of the claims and invention description content change and modify, and all still remain within the scope of the patent.

Claims (10)

1. a network security verification method, is applied to an authentication server, and coordinates a use terminal, a people can take device and content provider's server, it is characterized in that: this network security verification method comprises the steps:
(a) this this authentication server of content provider's server requirement is checked identity for this user;
(b) this authentication server is obtained this use terminal and this individual and can take the hardware scanning data of device, and can take device for this use terminal and this individual and position; And
(c) this authentication server can be taken the hardware scanning data of device by this use terminal and this individual and compares with the data bank building in advance, judge whether to exist the data bank that builds in advance can take device whether by user is had to determine this use terminal and this individual, and this use terminal and this individual can take device, and the two need meet the association that close geographical position operates, if do not meet the association of close geographical position operation, be judged as abnormal operation state, and examination result is returned to maybe this use terminal of this content provider's server.
2. network security verification method as claimed in claim 1, is characterized in that:
Described step (b) comprises following sub-step:
This use terminal of this content provider's server notification is carried out one first proving program, this first proving program is the first scanning data that scans the hardware element identification code combination of the described hardware element obtaining for the plural hardware element of this use terminal, and the location of this use terminal is represented to this use terminal the first navigation data of position at that time to obtain one, this use terminal and transmit this first scanning data and this first navigation data give this authentication server, and
This authentication server or this content provider's server or user drive this individual can take preset software in device and carry out one second proving program, this second proving program is that the device of plural hardware element can take to(for) this individual scans to obtain a second scanning data with the hardware element identification code combination of plural hardware element, and can take device to this individual and locate to obtain one and represent that this individual can take device one second navigation data of position at that time, this individual can take device and transmit this second scanning data and this second navigation data to this authentication server; And
Step (c) this first scanning data and this second scanning data that to be this authentication server can take device by this use terminal and this individual are compared with the data bank building in advance, judge whether to exist the data bank that builds in advance can take device whether by user is had to determine this use terminal and this individual, and judge whether to there is the association that close geographical position operates according to this first navigation data and this second navigation data, if do not meet, be judged as abnormal operation state, and examination result is returned to maybe this use terminal of this content provider's server by this authentication server.
3. network security verification method as claimed in claim 1, it is characterized in that: the associated judgment rule of described close geographical position operation is: this use terminal and this individual can take device and have identical GPS position location, or this use terminal and this individual can take device and share consolidated network address, or this use terminal and this individual can take device and share the position on same mobile communication network.
4. network security verification method as claimed in claim 1, is characterized in that: described step (b) comprises following sub-step:
This use terminal of this content provider's server notification is carried out one first proving program, this first proving program is the first scanning data that scans the hardware element identification code combination of the described hardware element obtaining for the plural hardware element of this use terminal, and the location of this use terminal is represented to this use terminal navigation data of position at that time to obtain one, and
This use terminal is carried out one second proving program, this second proving program is that this individual of this use terminal judges can take near whether position this use terminal of device, if, this use terminal and this individual can take device and connect, and scan to obtain a second scanning data with a hardware element identification code for the hardware element that this individual can take device, this use terminal also transmits this second scanning data to this authentication server; And
To be this authentication server can take this first scanning data, this navigation data and this second scanning data of device by this use terminal and this individual to step (c) compares with the data bank building in advance, judge whether to exist the data bank that builds in advance can take device whether by user is had to determine this use terminal and this individual, and judge whether to meet according to this navigation data the association that close geographical position operates.
5. network security verification method as claimed in claim 1, it is characterized in that: the associated judgment rule of described close geographical position operation is: this use terminal and this individual can take device and be connected to each other via near-field communication mode, or this use terminal and this individual can take device and share same short-distance radio network.
6. the network security verification method as described in any one in claim 1 to 5, it is characterized in that: described use terminal is by one first communication pipe and this content provider's line, and this use terminal is by second communication pipeline and this authentication server line that is different from this first communication pipe.
7. the network security verification method as described in any one in claim 1 to 5, it is characterized in that: described individual can take the software of installing in device and can be set in after start, automatically connect at set intervals this authentication server and scanning data and position are uploaded, in the time that this use terminal is logined this content provider's server, the position that this authentication server can this individual's portable device able reports for the last time judges whether position rationally does and allows the foundation logined.
8. a network security verification method, to be applied to an authentication server, and coordinate a use terminal, a people can take device and content provider's server, this use terminal is that an Automatic Teller Machine or is sold end points, and this content provider's server is to provide the card issuer of user's one credit card or a bank card; It is characterized in that, this network security verification method comprises the steps:
(a) this this authentication server of content provider's server requirement provides this user's individual can take the geographical position of device;
(b) this authentication server is obtained this individual and can be taken the hardware scanning data of device and can take device for this use terminal and this individual and position;
(c) this authentication server can be taken the hardware scanning data of device by this individual and compares with the data bank building in advance, judge whether to exist the data bank that builds in advance can take device whether by user is had to determine this individual, if so, just this geographical position is given to this content provider's server; And
(d) relatively this use terminal and this individual can take device the two need meet the association of close geographical position operation this content provider's server, if do not meet the association of close geographical position operation, be judged as abnormal operation state, and examination result is returned to this use terminal.
9. network security verification method as claimed in claim 8, it is characterized in that: the associated judgment rule of described close geographical position operation is: this use terminal and this individual can take device and be connected to each other via near-field communication mode, or this use terminal and this individual can take device and share same short-distance radio network; This content provider's server by the positioning result in this close geographical position represent this use terminal and this individual can take device both this user have and be positioned at same geographical position, and then be used as this user's electronic signature or the required voucher of payment transaction.
10. network security verification method as claimed in claim 8, it is characterized in that: described individual can take the software of installing in device and can be set in after start, automatically connect at set intervals this authentication server and scanning data and position are uploaded, in the time that this use terminal is logined this content provider's server, the position that this authentication server can this individual's portable device able reports for the last time judges whether position rationally does and allows the foundation logined.
CN201210496721.7A 2012-11-28 2012-11-28 By the network security verification method of user's location test identity Active CN103856323B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210496721.7A CN103856323B (en) 2012-11-28 2012-11-28 By the network security verification method of user's location test identity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210496721.7A CN103856323B (en) 2012-11-28 2012-11-28 By the network security verification method of user's location test identity

Publications (2)

Publication Number Publication Date
CN103856323A true CN103856323A (en) 2014-06-11
CN103856323B CN103856323B (en) 2018-12-11

Family

ID=50863568

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210496721.7A Active CN103856323B (en) 2012-11-28 2012-11-28 By the network security verification method of user's location test identity

Country Status (1)

Country Link
CN (1) CN103856323B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040250074A1 (en) * 2003-06-05 2004-12-09 Roger Kilian-Kehr Securing access to an application service based on a proximity token
JP2009110098A (en) * 2007-10-26 2009-05-21 Nec Biglobe Ltd Authentication system
CN101464981A (en) * 2007-12-18 2009-06-24 黄金富 Bank card account security system and method through mobile phone orientation authentication card owner identification
CN101588577A (en) * 2008-05-19 2009-11-25 罗邵波 Safe system and method for bank transaction system
US20100235429A1 (en) * 2009-03-13 2010-09-16 Nokia Corporation A method, apparatus and computer program
CN201928293U (en) * 2010-10-25 2011-08-10 苏州彭华信息技术有限公司 Wireless positioning safety certificate system
CN102314733A (en) * 2011-04-29 2012-01-11 四川长虹电器股份有限公司 Method for preventing cashes in bank card from being falsely withdrawn
CN102346941A (en) * 2011-05-23 2012-02-08 北京播思软件技术有限公司 Financial transaction detection and prompting system and implementation method thereof
GB2492614A (en) * 2012-02-28 2013-01-09 Barclays Bank Plc Method for authenticating a payment transaction by verifying mobile device and authentication terminal locations

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040250074A1 (en) * 2003-06-05 2004-12-09 Roger Kilian-Kehr Securing access to an application service based on a proximity token
JP2009110098A (en) * 2007-10-26 2009-05-21 Nec Biglobe Ltd Authentication system
JP4888785B2 (en) * 2007-10-26 2012-02-29 Necビッグローブ株式会社 Authentication system
CN101464981A (en) * 2007-12-18 2009-06-24 黄金富 Bank card account security system and method through mobile phone orientation authentication card owner identification
CN101588577A (en) * 2008-05-19 2009-11-25 罗邵波 Safe system and method for bank transaction system
US20100235429A1 (en) * 2009-03-13 2010-09-16 Nokia Corporation A method, apparatus and computer program
CN201928293U (en) * 2010-10-25 2011-08-10 苏州彭华信息技术有限公司 Wireless positioning safety certificate system
CN102314733A (en) * 2011-04-29 2012-01-11 四川长虹电器股份有限公司 Method for preventing cashes in bank card from being falsely withdrawn
CN102346941A (en) * 2011-05-23 2012-02-08 北京播思软件技术有限公司 Financial transaction detection and prompting system and implementation method thereof
GB2492614A (en) * 2012-02-28 2013-01-09 Barclays Bank Plc Method for authenticating a payment transaction by verifying mobile device and authentication terminal locations

Also Published As

Publication number Publication date
CN103856323B (en) 2018-12-11

Similar Documents

Publication Publication Date Title
US8346672B1 (en) System and method for secure transaction process via mobile device
KR100885516B1 (en) System and method for facilitating transaction over a communication network
US9530165B2 (en) Financial transaction system
CN103403728A (en) Handling encoded information
CN108292334A (en) Wireless living things feature recognition Verification System and method
CN101221641B (en) On-line trading method and its safety affirmation equipment
WO2011077512A1 (en) User authentication method, user authentication system, and portable communications terminal
CN108141703A (en) For using the netted system and method routeing to determine position
CN105474574A (en) Systems and methods for authentication using a device identifier
US20120159598A1 (en) User authentication system and method using personal identification number
CN101841417A (en) Electronic signature device supporting short-distance wireless communication technology and method for ensuring safety of electronic transaction by applying same
CN106096947A (en) Half off-line anonymous method of payment based on NFC
CN102855560A (en) Method and system for mobile payment
CN104754568A (en) Identity recognition method and device based on NFC (Near Field Communication)
CN109496405A (en) Utilize the more device authentication processes and system of cryptographic technique
US20150188716A1 (en) Service providing system, service providing method, portable communication terminal and server
CN107274283A (en) A kind of aerial hair fastener method and device
KR101328993B1 (en) An authentication system using mobile phone and the authentication method
TWI531202B (en) Online authentication by proximity
CN103856323A (en) Network security verification method for examining identities by means of user positions
CN104769628A (en) Transaction fee negotiation for currency remittance
KR101498000B1 (en) System and method for managing patient management service in wireless communication network comprising patient management server node and communication service server node
CN102480706B (en) Short message authentication method
KR102163676B1 (en) Method for Multi Authentication by using One Time Division Code
CN106412881A (en) Terminal equipment and card management method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 25th Floor, 159 Songde Road, Xinyi District, Taipei City, Taiwan, China

Patentee after: Laiyi Digital Technology Co., Ltd.

Address before: Goteborg

Patentee before: KEYPASCO AB

CP03 Change of name, title or address