CN103944877A - Method and system for safely logging on bank website based on two-dimension code - Google Patents
Method and system for safely logging on bank website based on two-dimension code Download PDFInfo
- Publication number
- CN103944877A CN103944877A CN201410071353.0A CN201410071353A CN103944877A CN 103944877 A CN103944877 A CN 103944877A CN 201410071353 A CN201410071353 A CN 201410071353A CN 103944877 A CN103944877 A CN 103944877A
- Authority
- CN
- China
- Prior art keywords
- bank
- quick response
- response code
- client
- website
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a method and system for safely logging on a bank website based on a two-dimension code. The method includes the following steps that a user visits a certain bank website through a first client and selects to log on the bank website through a two-dimension code, the bank website will display a two-dimension code, the user logs on an account for managing an application through a mobile terminal of the user to scan and decode the two-dimension code, information contained in the two-dimension code is acquired after the two-dimension code is decoded, the application turns to a bound bank card interface which is already authorized by the account of the user, a certain bank card is selected from the interface, then, the card number of the bank card and the information contained in the two-dimension code are encrypted and sent to a bank server by the application, identity authentication is performed on the user through the card number and the information contained in the two-dimension code after the card number and the information contained in the two-dimension code are decrypted by the bank server, and after the authentication succeeds, the user can log on the bank website. Through the method and system, when the user logs on the bank website, input information is little, and the method and system are easy and convenient to operate, good in user experience and high in safety.
Description
Technical field
The present invention relates to communication technical field, particularly a kind of method and system that realize website of bank secure log based on Quick Response Code.
Background technology
At present, when people login website of bank, in each login process, need to input a series of bank card number or user name, password, and need input validation code, the cost of user's memory bank card card number or user name, password is very high for this reason, and user experiences poor.Also having a kind of method of logining website of bank is to use mobile digital certificate, password etc. to login, but its portability is not that easily cost is higher again.
In addition, login once user is strayed into fishing website, or equipment infects by trojan horse, the bank card number of input, the risk that password is stolen existence, therefore fail safe is very low.And on public computer, login is used, and may make the confidential datas such as digital certificate fall into other people hand, thereby directly make online identity recognition system be broken, and Web bank's account is stolen.
Summary of the invention
The object of the present invention is to provide a kind of method and system that realize website of bank secure log based on Quick Response Code, it can be realized when user logins website of bank and inputting less, and easy and simple to handle, user experiences, safe.
In order to achieve the above object, the invention provides a kind of method that realizes website of bank secure log based on Quick Response Code, the method comprises:
Step 1, user, by a certain website of bank of the first client-access and while selecting Quick Response Code login, will show a Quick Response Code on this website of bank page;
The account of the App application program that step 2, described user login to its mobile terminal are installed, scans the described Quick Response Code showing in described the first client and decodes, and obtains the information that described Quick Response Code comprises after decoding;
Step 3, described App application program will response to the bank card interface that completes certification and binding of described account, in the time that this user selects a certain bank card in this interface described in App application program will from the data message of described bank card, extract the card number of this bank card;
After the information encryption that step 4, described App application program comprise the card number of described bank card and described Quick Response Code, be sent to bank server;
After step 5, the deciphering of described bank server, obtain the card number of described bank card and the information that described Quick Response Code comprises;
The information that step 6, described bank server comprise by card number and the described Quick Response Code of described bank card is carried out authentication to described user, and performs step 7 in the time of authentication success, otherwise execution step 8;
Step 7, described bank server send the successful result of authentication to described the first client, and described the first client is by extremely described website of bank of this result feedback, and described website of bank is carried out being redirected of the page according to this result;
Step 8, described bank server send the result of authentication failure to described App application program, described App application program by this result feedback to described user's described account.
Further, in described step 1, user is by a certain website of bank of the first client-access and select Quick Response Code when login, will on this website of bank page, show a Quick Response Code, specifically comprises:
When mode a, described user select Quick Response Code login in described website of bank, described website of bank will be asked for this time Quick Response Code of login to described bank server, described bank server will be recorded the address of described the first client, and generate unique identification string of this time login and be sent to described the first client with the form of Quick Response Code, described the first client feeds back to this Quick Response Code described website of bank and shows thereon, and the information that described Quick Response Code comprises is this identification string;
Or
When mode b, described user select Quick Response Code login in described website of bank, described website of bank will be asked for this time Quick Response Code of login to described bank server, described bank server will generate unique identification string of this time login and be sent to described the first client with the address of described the first client with the form of Quick Response Code, described the first client feeds back to this Quick Response Code described website of bank and shows thereon, and the information that described Quick Response Code comprises is the address of this identification string and this first client.
Further, described method also can further comprise: described the first client and ∕ or described website of bank or its plug-in unit are intercepted on the address of described the first client.
Further, before described step 3, also comprise: described user's login to the described account of described App application program completes the binding authentication to described bank card, and described account can be bound multiple bank cards.
Further, described user completes the binding authentication of described bank card is specifically comprised:
Card number, name in an account book and the phone number of required binding authentication bank card inputted in described user's login to the described account of described App application program;
Described App application program is sent to described bank server after bank card number, name in an account book and the phone number of this user's input are encrypted;
After described bank server deciphering, obtain described bank card number, described name in an account book and described phone number;
Described bank server utilizes the bank card account information that this card number of its data base querying is corresponding and utilizes the correctness of name in an account book and described phone number described in described bank card account authentification of message, and by authentication result notice to described App application program;
When authentication result is successfully time, described App application program will send mobile phone dynamic password to the mobile phone of described phone number;
When this user inputs after correct mobile phone dynamic password, complete the binding authentication to described bank card.
Further, in described step 6, the information that described bank server comprises by card number and the described Quick Response Code of described bank card is carried out authentication to described user, specifically comprises:
When described website of bank is asked for the Quick Response Code of this time login to described bank server, the described identification string generating is saved to its database by described bank server, in the time that described App application program sends the card number of described bank card and information that described Quick Response Code comprises, described bank server utilizes its data base querying whether to have the described this time consistent described identification string of login banner string in the information comprising with described Quick Response Code, and inquiry further judges whether bank corresponding to described website of bank has the bank card account information that described bank card number is corresponding while existence, be authentication success if having, if do not meet arbitrary condition, it is authentification failure.
Further, in described step 7, described bank server sends the successful result of authentication to described the first client, specifically comprises:
If that described step 1 is carried out is mode a, described bank server is saved to its database together with the described identification string of the address of described the first client of recording and generation, in the time that described bank server is successful to described authenticating user identification, described bank server sends this result by corresponding described the first client address preserved of described identification string to described the first client;
If that described step 1 is carried out is mode b, described the first client address in the information that described bank server comprises by described Quick Response Code sends this result to described the first client.
Further, described step 7 also can further comprise: described bank server sends the successful result of authentication to described the first client, described the first client is by extremely described website of bank of this result feedback, described website of bank is inputted the described user of prompting in the password of described bank card, when described user inputs after described password by described the first client, described website of bank will be sent to described bank server after the password encryption of this user's input;
Described bank server utilizes bank card account information corresponding to bank card number described in its data base querying, and whether the password that judges this input is consistent with the bank card password in described bank card account information, and judged result is sent to described the first client;
Described judged result is fed back to described website of bank by described the first client, if website of bank is carried out being redirected of the page according to this result described in when described judged result is consistent, otherwise interface prompt login failed for user.
The present invention also provides a kind of system that realizes website of bank secure log based on Quick Response Code, and this system comprises:
The first client, be used for making user to pass through its access bank website, and ask for this time Quick Response Code of login to bank server, and receive the Quick Response Code of described bank server transmission and show, and the identity authentication result sending according to described bank server is carried out being redirected of the described website of bank page;
Bank server, belong to bank's internal server, have database, for generating this time unique identification string of login, and this time Quick Response Code of login of generation, with described Quick Response Code is sent to described the first client, and the bank card number sending according to App application program and the information that comprises of Quick Response Code carries out authentication to user, and identity authentication result is sent to described the first client with ∕ or described App application program;
Mobile terminal, it,, for the hardware device of accessible the Internet, comprises camera, for scanning the Quick Response Code showing in described the first client;
App application program, realize the operation of website of bank Quick Response Code login by network environment, manage for the bank card that user account and account has been completed to certification and binding, possesses Quick Response Code decoding function, and be sent to described bank server after the information encryption that the Quick Response Code of the card number of the selected bank card of this login user and decode two dimensional codes acquisition is comprised, and the identity authentication result sending according to described bank server feeds back in described user's described account;
Network, comprises the Internet or mobile Internet.
Further, described mobile terminal is smart mobile phone, panel computer or the personal digital assistant that can move described App application program.
Additional aspect of the present invention and advantage in the following description part provide, and part will become obviously from the following description, or recognize by practice of the present invention.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of realizing website of bank safe login method based on Quick Response Code of the present invention.
Fig. 2 is the schematic flow sheet that user of the present invention completes bank card binding authentication method.
Fig. 3 is the principle schematic that realizes website of bank Security Login System based on Quick Response Code of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the present invention will be further described, for convenience of explanation, only shows the part relevant to the embodiment of the present invention.But it will be appreciated by those skilled in the art that the specific embodiment that this place is described, only for explaining the present invention, not in order to limit the present invention.
As shown in Figure 1, the method that realizes website of bank secure log based on Quick Response Code of the present invention, the method comprises the following steps.
Step 1, user, by a certain website of bank of the first client-access and while selecting Quick Response Code login, will show a Quick Response Code on this website of bank page.
Wherein, the first client can be the equipment such as PC or notebook, and the Quick Response Code showing is by bank server process encryption transmission, avoids malicious user to forge the falseness of Quick Response Code, has improved fail safe.
Wherein, in described step 1, user is by a certain website of bank of the first client-access and select Quick Response Code when login, will on this website of bank page, show a Quick Response Code, specifically comprises:
When mode a, described user select Quick Response Code login in described website of bank, described website of bank will be asked for this time Quick Response Code of login to described bank server, described bank server will be recorded the address of described the first client, and generate unique identification string of this time login and be sent to described the first client with the form of Quick Response Code, described the first client feeds back to this Quick Response Code described website of bank and shows thereon, and the information that described Quick Response Code comprises is this identification string;
Or when mode b, described user select Quick Response Code login in described website of bank, described website of bank will be asked for this time Quick Response Code of login to described bank server, described bank server will generate unique identification string of this time login and be sent to described the first client with the address of described the first client with the form of Quick Response Code, described the first client feeds back to this Quick Response Code described website of bank and shows thereon, and the information that described Quick Response Code comprises is the address of this identification string and this first client.
The account of the App application program that step 2, described user login to its mobile terminal are installed, scans the described Quick Response Code showing in described the first client and decodes, and obtains the information that described Quick Response Code comprises after decoding.
Wherein, mobile terminal is smart mobile phone, panel computer or the personal digital assistant that can move App application program, and comprises camera, for scanning the Quick Response Code showing in the first client, and is connected with bank server by mobile Internet.
Step 3, described App application program will response to the bank card interface that completes certification and binding of described account, in the time that this user selects a certain bank card in this interface described in App application program will from the data message of described bank card, extract the card number of this bank card.
Wherein, the data message of the bank card of App application program management at least comprises bank of deposit, bank card number, name in an account book and bank card type etc., these data messages are in the time that user completes the binding authentication of bank card, to offer App application program by bank server, and check and understand the essential information of binding authentication bank card for user.
In one of them embodiment of the present invention, in the information that Quick Response Code comprises, also can comprise the identification information of the corresponding bank of website of bank, for example in two-dimension code image encoded packets containing the name identification information of " certain so-and-so bank ", for example there is again the modes such as the logo identification information of certain so-and-so bank in the centre of two-dimension code image, in the time of App application scan two-dimension code image, can distinguish fast like this true and false of Quick Response Code, again can be in the time that App application response to user account have completed the bank card interface of certification and binding, the bank card of this bank is come to list front end or only show the bank card of this bank, facilitate user to select fast.This only just as a reference, in specific implementation process, can implement on demand, also can not implement.
After the information encryption that step 4, described App application program comprise the card number of described bank card and described Quick Response Code, be sent to bank server.
Wherein, in described step 4, the technology that App application program is encrypted these information can adopt 3DES encryption technology or rsa encryption technique, and it is also feasible certainly adopting other encryption technology, and the present invention is not restricted this.And should be understood that the information of all logins transmission of the present invention is all through encryption.
After step 5, the deciphering of described bank server, obtain the card number of described bank card and the information that described Quick Response Code comprises.
The information that step 6, described bank server comprise by card number and the described Quick Response Code of described bank card is carried out authentication to described user, and performs step 7 in the time of authentication success, otherwise execution step 8.
Wherein, in described step 6, the information that described bank server comprises by card number and the described Quick Response Code of described bank card is carried out authentication to described user, specifically comprises:
When described website of bank is asked for the Quick Response Code of this time login to described bank server, the described identification string generating is saved to its database by described bank server, in the time that described App application program sends the card number of described bank card and information that described Quick Response Code comprises, described bank server utilizes its data base querying whether to have the described this time consistent described identification string of login banner string in the information comprising with described Quick Response Code, and inquiry further judges whether bank corresponding to described website of bank has the bank card account information that described bank card number is corresponding while existence, be authentication success if having, if do not meet arbitrary condition, it is authentification failure.
Step 7, described bank server send the successful result of authentication to described the first client, and described the first client is by extremely described website of bank of this result feedback, and described website of bank is carried out being redirected of the page according to this result.
Wherein, in described step 7, described bank server sends the successful result of authentication to described the first client, specifically comprises:
If that described step 1 is carried out is mode a, described bank server is saved to its database together with the described identification string of the address of described the first client of recording and generation, in the time that described bank server is successful to described authenticating user identification, described bank server sends this result by corresponding described the first client address preserved of described identification string to described the first client;
If that described step 1 is carried out is mode b, described the first client address in the information that described bank server comprises by described Quick Response Code sends this result to described the first client.
In one of them embodiment of the present invention, the successful result of authentication that bank server sends also can comprise described website of bank user's user name, or name in an account book in bank card account information corresponding to described bank card, or obligate information in bank card account information corresponding to described bank card, and show after page reorientation, can help user further to confirm whether this website of bank is trusty.If what show is correct information, explanation is website of bank trusty, otherwise this website of bank is closed in user's shut-down operation immediately, and reflects to associated mechanisms or center.
Step 8, described bank server send the result of authentication failure to described App application program, described App application program by this result feedback to described user's described account.
By method of the present invention, while no longer needing user to login website of bank, input relevant bank card number or user name, password etc. at every turn, effectively reduce the running cost of user's login, promote user's experience.Only need in website of bank, select Quick Response Code login, this PC or laptop devices will show a Quick Response Code, user utilizes mobile phone, the mobile terminals such as panel computer are logined to the account of App application program management and are scanned this Quick Response Code and decode, after decoding, obtain the information that Quick Response Code comprises, App application response is selected a certain bank card to the Bing Gai interface, bank card interface that completes certification and binding of user account, after the information encryption that App application program comprises the card number of this bank card and Quick Response Code afterwards, be sent to bank server, the information comprising by this card number and this Quick Response Code after bank server deciphering is carried out authentication to user, and in the time of authentication success, realize the login of website of bank.
Meanwhile, can effectively reduce by fishing, wooden horse and steal user account information, bank card information equivalent risk by method of the present invention, ensure the safety of user account and bank card information.And ratio use mobile digital certificate etc. are more efficient, convenient, and safer, even if carry out the login of website of bank on unility computer equipment, also can guarantee that logined website of bank is under safety, prerequisite trusty, safety successfully realizes login.
Wherein, the address of described the first client is to make bank server orient the mark of this equipment, it can be unique IP address that represents this first client itself, can be also that other can make bank server orient the mark of this first client, and the present invention is not restricted this.
Wherein, this time identification string of login that bank server generates be one group by any character with character string or numeric string that ∕ or numeral form.
In one of them embodiment of the present invention, described identification string only retains 5 minutes in bank server database, exceed 5 minutes, described identification string will cease to be in force automatically and delete, and in the time that needs are logined again, bank server will regenerate an identification string, the fail safe while having improved the login of user's Quick Response Code.In specific implementation process, the time that described identification string retains can rationally be set according to actual conditions, and the present invention is not restricted this.
In one of them embodiment of the present invention, method of the present invention also can further comprise: the first client and ∕ or website of bank or its plug-in unit are intercepted on the address of the first client.Intercept and can obtain in time the information of being returned by bank server, thereby complete login process.And that intercept on the IP address of the first client is the network terminal slogan PORT that bank server is sent to the first client, and the first client is by its IP address and network terminal slogan PORT, sets up network be connected with bank server.
In one of them embodiment of the present invention, described step 7 also can further comprise: described bank server sends the successful result of authentication to described the first client, described the first client is by extremely described website of bank of this result feedback, described website of bank is inputted the described user of prompting in the password of described bank card, when described user inputs after described password by described the first client, described website of bank will be sent to described bank server after the password encryption of this user's input;
Described bank server utilizes bank card account information corresponding to bank card number described in its data base querying, and whether the password that judges this input is consistent with the bank card password in described bank card account information, and judged result is sent to described the first client;
Described judged result is fed back to described website of bank by described the first client, if website of bank is carried out being redirected of the page according to this result described in when described judged result is consistent, otherwise interface prompt login failed for user.
Wherein, the keyboard input that user can carry by this equipment by the first client input bank card password, or pass through the first client display screen demonstration dynamic password keyboard and mouse click or touch to click to input.
Wherein, bank card account information comprises the record data all about this bank card such as bank of deposit, bank card number, bank card password, name in an account book, account holder's identity information and contact method, account balance, obligate information, bank card business dealing record.
In one of them embodiment of the present invention, if bank server determines the password of user input and the password of bank card when inconsistent, prompting user is re-entered to described password, if and user repeatedly inputs after password mistake, bank server will send the result of login failure to the first client, and bank card is locked, before this bank card release, can not again login, ensure the safety that user's bank card uses.
Wherein, before the described step 3 of the method for the invention, also comprise: described user's login to the described account of described App application program completes the binding authentication to described bank card, and described account can be bound multiple bank cards.As shown in Figure 2, user completes the method to described bank card binding certification, and the method specifically comprises:
Step 21, user login card number, name in an account book and the phone number of inputting required binding authentication bank card to the account of App application program;
Step 22, App application program are sent to bank server after the bank card number of user's input, name in an account book and phone number are encrypted;
After step 23, bank server deciphering, obtain described bank card number, described name in an account book and described phone number;
Step 24, bank server utilize the bank card account information that this card number of its data base querying is corresponding and utilize the correctness of name in an account book and described phone number described in described bank card account authentification of message, and notify the application program to App by authentication result;
Step 25, when authentication result is successfully time, App application program will send mobile phone dynamic password to the mobile phone of described phone number;
Step 26, when user inputs after correct mobile phone dynamic password, complete the binding authentication to described bank card.
As shown in Figure 3, the system that realizes website of bank secure log based on Quick Response Code of the present invention, this system comprises:
The first client, be used for making user to pass through its access bank website, and ask for this time Quick Response Code of login to bank server, and receive the Quick Response Code of described bank server transmission and show, and the identity authentication result sending according to described bank server is carried out being redirected of the described website of bank page;
Bank server, belong to bank's internal server, have database, for generating this time unique identification string of login, and this time Quick Response Code of login of generation, with described Quick Response Code is sent to described the first client, and the bank card number sending according to App application program and the information that comprises of Quick Response Code carries out authentication to user, and identity authentication result is sent to described the first client with ∕ or described App application program;
Mobile terminal, it,, for the hardware device of accessible the Internet, comprises camera, for scanning the Quick Response Code showing in described the first client;
App application program, realize the operation of website of bank Quick Response Code login by network environment, manage for the bank card that user account and account has been completed to certification and binding, possesses Quick Response Code decoding function, and be sent to described bank server after the information encryption that the Quick Response Code of the card number of the selected bank card of this login user and decode two dimensional codes acquisition is comprised, and the identity authentication result sending according to described bank server feeds back in described user's described account;
Network, comprises the Internet or mobile Internet.
Wherein, mobile terminal is smart mobile phone, panel computer or the personal digital assistant that can move App application program.
Wherein, the first client also comprises input equipment and display screen, and described input equipment comprises touch-screen with ∕ or keyboard, mouse, for clickthrough or input network address conduct interviews website of bank, input log-on message and carry out login after operation; The redirected page of described display screen for showing that the Quick Response Code that login is required and the identity authentication result sending according to described bank server show.
In one of them embodiment of the present invention, system of the present invention also can further comprise: the first client and ∕ or website of bank or its plug-in unit are intercepted on the address of the first client.Intercept and can obtain in time the information of being returned by bank server, thereby complete login process.And that intercept on the IP address of the first client is the network terminal slogan PORT that bank server is sent to the first client, and the first client is by its IP address and network terminal slogan PORT, sets up network be connected with bank server.
It should be noted that, in this manual, the schematic statement of " one of them embodiment " etc. is not necessarily referred to identical embodiment.And specific features, structure, material or the feature of description can be with suitable mode combination in any one or more embodiment.
Although illustrated and described embodiments of the invention, for the ordinary skill in the art, be appreciated that without departing from the principles and spirit of the present invention, can carry out multiple variation, amendment, replacement and modification to these embodiment, scope of the present invention is by claims and is equal to and limits.
Claims (10)
1. a method that realizes website of bank secure log based on Quick Response Code, is characterized in that, the method comprises:
Step 1, user, by a certain website of bank of the first client-access and while selecting Quick Response Code login, will show a Quick Response Code on this website of bank page;
The account of the App application program that step 2, described user login to its mobile terminal are installed, scans the described Quick Response Code showing in described the first client and decodes, and obtains the information that described Quick Response Code comprises after decoding;
Step 3, described App application program will response to the bank card interface that completes certification and binding of described account, in the time that this user selects a certain bank card in this interface described in App application program will from the data message of described bank card, extract the card number of this bank card;
After the information encryption that step 4, described App application program comprise the card number of described bank card and described Quick Response Code, be sent to bank server;
After step 5, the deciphering of described bank server, obtain the card number of described bank card and the information that described Quick Response Code comprises;
The information that step 6, described bank server comprise by card number and the described Quick Response Code of described bank card is carried out authentication to described user, and performs step 7 in the time of authentication success, otherwise execution step 8;
Step 7, described bank server send the successful result of authentication to described the first client, and described the first client is by extremely described website of bank of this result feedback, and described website of bank is carried out being redirected of the page according to this result;
Step 8, described bank server send the result of authentication failure to described App application program, described App application program by this result feedback to described user's described account.
2. method according to claim 1, is characterized in that, in described step 1, user is by a certain website of bank of the first client-access and select Quick Response Code when login, will on this website of bank page, show a Quick Response Code, specifically comprises:
When mode a, described user select Quick Response Code login in described website of bank, described website of bank will be asked for this time Quick Response Code of login to described bank server, described bank server will be recorded the address of described the first client, and generate unique identification string of this time login and be sent to described the first client with the form of Quick Response Code, described the first client feeds back to this Quick Response Code described website of bank and shows thereon, and the information that described Quick Response Code comprises is this identification string;
Or
When mode b, described user select Quick Response Code login in described website of bank, described website of bank will be asked for this time Quick Response Code of login to described bank server, described bank server will generate unique identification string of this time login and be sent to described the first client with the address of described the first client with the form of Quick Response Code, described the first client feeds back to this Quick Response Code described website of bank and shows thereon, and the information that described Quick Response Code comprises is the address of this identification string and this first client.
3. method according to claim 1 and 2, is characterized in that, described method also can further comprise:
Described the first client and ∕ or described website of bank or its plug-in unit are intercepted on the address of described the first client.
4. method according to claim 1, it is characterized in that, before described step 3, also comprise: described user's login to the described account of described App application program completes the binding authentication to described bank card, and described account can be bound multiple bank cards.
5. according to the method described in claim 1-4 any one, it is characterized in that, described user completes the binding authentication of described bank card is specifically comprised:
Card number, name in an account book and the phone number of required binding authentication bank card inputted in described user's login to the described account of described App application program;
Described App application program is sent to described bank server after bank card number, name in an account book and the phone number of this user's input are encrypted;
After described bank server deciphering, obtain described bank card number, described name in an account book and described phone number;
Described bank server utilizes the bank card account information that this card number of its data base querying is corresponding and utilizes the correctness of name in an account book and described phone number described in described bank card account authentification of message, and by authentication result notice to described App application program;
When authentication result is successfully time, described App application program will send mobile phone dynamic password to the mobile phone of described phone number;
When this user inputs after correct mobile phone dynamic password, complete the binding authentication to described bank card.
6. method according to claim 1 and 2, is characterized in that, in described step 6, the information that described bank server comprises by card number and the described Quick Response Code of described bank card is carried out authentication to described user, specifically comprises:
When described website of bank is asked for the Quick Response Code of this time login to described bank server, the described identification string generating is saved to its database by described bank server, in the time that described App application program sends the card number of described bank card and information that described Quick Response Code comprises, described bank server utilizes its data base querying whether to have the described this time consistent described identification string of login banner string in the information comprising with described Quick Response Code, and inquiry further judges whether bank corresponding to described website of bank has the bank card account information that described bank card number is corresponding while existence, be authentication success if having, if do not meet arbitrary condition, it is authentification failure.
7. method according to claim 1 and 2, is characterized in that, in described step 7, described bank server sends the successful result of authentication to described the first client, specifically comprises:
If that described step 1 is carried out is mode a, described bank server is saved to its database together with the described identification string of the address of described the first client of recording and generation, in the time that described bank server is successful to described authenticating user identification, described bank server sends this result by corresponding described the first client address preserved of described identification string to described the first client;
If that described step 1 is carried out is mode b, described the first client address in the information that described bank server comprises by described Quick Response Code sends this result to described the first client.
8. method according to claim 1, is characterized in that, described step 7 also can further comprise:
Described bank server sends the successful result of authentication to described the first client, described the first client is by extremely described website of bank of this result feedback, described website of bank is inputted the described user of prompting in the password of described bank card, when described user inputs after described password by described the first client, described website of bank will be sent to described bank server after the password encryption of this user's input;
Described bank server utilizes bank card account information corresponding to bank card number described in its data base querying, and whether the password that judges this input is consistent with the bank card password in described bank card account information, and judged result is sent to described the first client;
Described judged result is fed back to described website of bank by described the first client, if website of bank is carried out being redirected of the page according to this result described in when described judged result is consistent, otherwise interface prompt login failed for user.
9. a system that realizes website of bank secure log based on Quick Response Code, is characterized in that, this system comprises:
The first client, be used for making user to pass through its access bank website, and ask for this time Quick Response Code of login to bank server, and receive the Quick Response Code of described bank server transmission and show, and the identity authentication result sending according to described bank server is carried out being redirected of the described website of bank page;
Bank server, belong to bank's internal server, have database, for generating this time unique identification string of login, and this time Quick Response Code of login of generation, with described Quick Response Code is sent to described the first client, and the bank card number sending according to App application program and the information that comprises of Quick Response Code carries out authentication to user, and identity authentication result is sent to described the first client with ∕ or described App application program;
Mobile terminal, it,, for the hardware device of accessible the Internet, comprises camera, for scanning the Quick Response Code showing in described the first client;
App application program, realize the operation of website of bank Quick Response Code login by network environment, manage for the bank card that user account and account has been completed to certification and binding, possesses Quick Response Code decoding function, and be sent to described bank server after the information encryption that the Quick Response Code of the card number of the selected bank card of this login user and decode two dimensional codes acquisition is comprised, and the identity authentication result sending according to described bank server feeds back in described user's described account;
Network, comprises the Internet or mobile Internet.
10. system according to claim 9, is characterized in that: described mobile terminal is smart mobile phone, panel computer or the personal digital assistant that can move described App application program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410071353.0A CN103944877A (en) | 2014-03-02 | 2014-03-02 | Method and system for safely logging on bank website based on two-dimension code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410071353.0A CN103944877A (en) | 2014-03-02 | 2014-03-02 | Method and system for safely logging on bank website based on two-dimension code |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103944877A true CN103944877A (en) | 2014-07-23 |
Family
ID=51192361
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410071353.0A Pending CN103944877A (en) | 2014-03-02 | 2014-03-02 | Method and system for safely logging on bank website based on two-dimension code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103944877A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104618356A (en) * | 2015-01-20 | 2015-05-13 | 广东欧珀移动通信有限公司 | Identity verification method and device |
| CN104869127A (en) * | 2015-06-24 | 2015-08-26 | 郑州悉知信息技术有限公司 | Website login method, code-scanning client and server |
| CN105933353A (en) * | 2016-07-05 | 2016-09-07 | 北京万维星辰科技有限公司 | Method and system for realizing secure login |
| CN106302486A (en) * | 2016-08-22 | 2017-01-04 | 北京北信源软件股份有限公司 | A kind of method that terminal scanning Quick Response Code is authenticated |
| CN106453327A (en) * | 2016-10-18 | 2017-02-22 | 北京深思数盾科技股份有限公司 | Method and mobile terminal for logging in computer application with demand for identity authentication |
| CN106934645A (en) * | 2015-12-29 | 2017-07-07 | 阿里巴巴集团控股有限公司 | The method and apparatus for providing, obtaining advertisement material |
| CN107016537A (en) * | 2017-04-12 | 2017-08-04 | 杭州纳戒科技有限公司 | Stored value card management method and device |
| CN108270764A (en) * | 2017-01-04 | 2018-07-10 | 腾讯科技(深圳)有限公司 | A kind of application login method, server and mobile terminal |
| CN110119973A (en) * | 2019-05-14 | 2019-08-13 | 李成 | A kind of virtual assets tripartite rent method and its system based on two dimensional code |
| CN111125668A (en) * | 2019-09-30 | 2020-05-08 | 武汉信安珞珈科技有限公司 | Method and system for enhancing login security of Linux operating system based on mobile terminal |
| CN111143207A (en) * | 2019-12-19 | 2020-05-12 | 北京智能工场科技有限公司 | Method for checking model training notice and training log at mobile terminal |
| CN113591069A (en) * | 2021-08-04 | 2021-11-02 | 中国农业银行股份有限公司山东省分行 | Identity authentication method, equipment and medium based on intelligent receipt machine |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101841416A (en) * | 2009-12-31 | 2010-09-22 | 北京握奇数据系统有限公司 | Method, device and system for realizing mobile phone bank |
| CN103023918A (en) * | 2012-12-26 | 2013-04-03 | 百度在线网络技术(北京)有限公司 | Method, system and device for uniformly providing login for multiple network services |
| CN103036902A (en) * | 2012-12-26 | 2013-04-10 | 百度在线网络技术(北京)有限公司 | Login control method and login control system based on two-dimension code |
-
2014
- 2014-03-02 CN CN201410071353.0A patent/CN103944877A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101841416A (en) * | 2009-12-31 | 2010-09-22 | 北京握奇数据系统有限公司 | Method, device and system for realizing mobile phone bank |
| CN103023918A (en) * | 2012-12-26 | 2013-04-03 | 百度在线网络技术(北京)有限公司 | Method, system and device for uniformly providing login for multiple network services |
| CN103036902A (en) * | 2012-12-26 | 2013-04-10 | 百度在线网络技术(北京)有限公司 | Login control method and login control system based on two-dimension code |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104618356B (en) * | 2015-01-20 | 2018-02-16 | 广东欧珀移动通信有限公司 | Auth method and device |
| CN104618356A (en) * | 2015-01-20 | 2015-05-13 | 广东欧珀移动通信有限公司 | Identity verification method and device |
| CN104869127B (en) * | 2015-06-24 | 2018-09-04 | 郑州悉知信息科技股份有限公司 | A kind of Website logging method, barcode scanning client and server |
| CN104869127A (en) * | 2015-06-24 | 2015-08-26 | 郑州悉知信息技术有限公司 | Website login method, code-scanning client and server |
| CN106934645A (en) * | 2015-12-29 | 2017-07-07 | 阿里巴巴集团控股有限公司 | The method and apparatus for providing, obtaining advertisement material |
| CN106934645B (en) * | 2015-12-29 | 2021-03-23 | 创新先进技术有限公司 | Method and device for providing and acquiring advertising materials |
| CN105933353A (en) * | 2016-07-05 | 2016-09-07 | 北京万维星辰科技有限公司 | Method and system for realizing secure login |
| CN106302486A (en) * | 2016-08-22 | 2017-01-04 | 北京北信源软件股份有限公司 | A kind of method that terminal scanning Quick Response Code is authenticated |
| CN106453327A (en) * | 2016-10-18 | 2017-02-22 | 北京深思数盾科技股份有限公司 | Method and mobile terminal for logging in computer application with demand for identity authentication |
| CN108270764A (en) * | 2017-01-04 | 2018-07-10 | 腾讯科技(深圳)有限公司 | A kind of application login method, server and mobile terminal |
| CN108270764B (en) * | 2017-01-04 | 2020-06-02 | 腾讯科技(深圳)有限公司 | Application login method, server and mobile terminal |
| CN107016537A (en) * | 2017-04-12 | 2017-08-04 | 杭州纳戒科技有限公司 | Stored value card management method and device |
| CN110119973A (en) * | 2019-05-14 | 2019-08-13 | 李成 | A kind of virtual assets tripartite rent method and its system based on two dimensional code |
| CN111125668A (en) * | 2019-09-30 | 2020-05-08 | 武汉信安珞珈科技有限公司 | Method and system for enhancing login security of Linux operating system based on mobile terminal |
| CN111143207A (en) * | 2019-12-19 | 2020-05-12 | 北京智能工场科技有限公司 | Method for checking model training notice and training log at mobile terminal |
| CN113591069A (en) * | 2021-08-04 | 2021-11-02 | 中国农业银行股份有限公司山东省分行 | Identity authentication method, equipment and medium based on intelligent receipt machine |
| CN113591069B (en) * | 2021-08-04 | 2023-11-07 | 中国农业银行股份有限公司山东省分行 | Identity authentication method, equipment and medium based on intelligent callback machine |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103944877A (en) | Method and system for safely logging on bank website based on two-dimension code | |
| US20220191016A1 (en) | Methods, apparatuses, and computer program products for frictionless electronic signature management | |
| CN104903904B (en) | Bar code authentication for resource request | |
| US9741265B2 (en) | System, design and process for secure documents credentials management using out-of-band authentication | |
| CN105099692B (en) | Security verification method and device, server and terminal | |
| KR101726348B1 (en) | Method and system of login authentication | |
| US8661254B1 (en) | Authentication of a client using a mobile device and an optical link | |
| KR101381789B1 (en) | Method for web service user authentication | |
| CN103778728A (en) | Method and system for realizing transaction without bank card through automatic teller machine | |
| CN104065621A (en) | Identify verification method for third-party service, client and system | |
| CN106888089A (en) | The method and system of Electronic Signature and the mobile communication terminal for Electronic Signature | |
| WO2019226115A1 (en) | Method and apparatus for user authentication | |
| CN104202162A (en) | System for login based on mobile phone and login method | |
| CN107809438A (en) | A kind of network authentication method, system and its user agent device used | |
| CN104253689A (en) | User identity module card generated dynamic password authentication method and system based on QR (quick response) code | |
| JP7422241B2 (en) | Password recovery methods, systems, cloud servers and electronic devices | |
| CN112887340A (en) | Password resetting method and device, service management terminal and storage medium | |
| TW201544983A (en) | Data communication method and system, client terminal and server | |
| CN109617703B (en) | Key management method and device, electronic equipment and storage medium | |
| CN101552671A (en) | Network identity authentication method based on U-disk and dynamic differential password and system thereof | |
| US20150350170A1 (en) | Secure authentication of mobile users with no connectivity between authentication service and requesting entity | |
| CN104092549A (en) | Dynamic password authentication implementation method and system and dynamic scrambler | |
| KR101221728B1 (en) | The certification process server and the method for graphic OTP certification | |
| CN106878018B (en) | Operation verification method and device | |
| CN115086090A (en) | Network login authentication method and device based on UKey |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140723 |