CN104202167B - The system and method for authentication is realized based on external authentication module and personal identification number - Google Patents
The system and method for authentication is realized based on external authentication module and personal identification number Download PDFInfo
- Publication number
- CN104202167B CN104202167B CN201410476460.1A CN201410476460A CN104202167B CN 104202167 B CN104202167 B CN 104202167B CN 201410476460 A CN201410476460 A CN 201410476460A CN 104202167 B CN104202167 B CN 104202167B
- Authority
- CN
- China
- Prior art keywords
- authentication
- module
- identification number
- personal identification
- security module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The present invention relates to a kind of system that authentication is realized based on external authentication module and personal identification number, the system includes authentication management client, security module and external authentication module;The invention further relates to a kind of method that authentication is realized based on external authentication module and personal identification number, check results that external authentication module that authentication management client forwards according to security module is drawn optionally order described security module and external authentication module is bound, certification and unbinding.Using the system and method that authentication is realized based on external authentication module and personal identification number of the present invention, authentication is carried out by means of the safe encryption mechanism of external authentication module high intensity, avoid the stolen existing security risk of password, even if PIN code is stolen, there is no special-shaped smart card to activate SE modules, it is ensured that the account safety of user, to be provided a great convenience to carry out authentication on the mobile apparatus, using simplicity, there is wider application.
Description
Technical field
The present invention relates to authentication field on information security field, more particularly to the equipment of near field communication (NFC) function, specifically
Refer to a kind of method that authentication is realized based on external authentication module and personal identification number.
Background technology
As mobile Internet develops rapidly and NFC (Near Field Communication, near-field communication) technology
Maturation, such as intelligent mobile communication terminal, smart mobile phone turn into the near field means of payment that people are commonly used.The shifting of prior art
Dynamic payment transaction follows 13.56MHZ wireless communication protocol standards mostly, is used to adapt to different user, chip manufacturer opens
NFC-SIM (the Subscriber Identity of band hardware security module (SE modules, Security Module) are sent out
Module, user identity identification) card or NFC block entirely.The safety of existing Mobile payment terminal equipment is dependent on the hardware in terminal
Security module (SE modules), this SE modules can use SIM (Subscriber Identity Module, user identity identification)
The forms such as the independent safety chip on card or embedded terminal mainboard.
SE modules when user is paid using the smart mobile phone with NFC function on mobile phone need to carry out body to user
Part identification and checking, currently a popular authentication mode are all based on greatly that " what you know " authentication mode, i.e., user is in APP
PIN code (Personal Identification Number, personal identity number are inputted in (Application, application program)
Code) or gesture password be authenticated the identity of user because SE modules are constantly in state of activation, once APP is held as a hostage, it is black
Visitor can shift the transfer of initiation fund at any time, and loss is brought to user.
The content of the invention
The purpose of the present invention is the shortcomings that overcoming above-mentioned prior art, there is provided one kind can be achieved with outside and recognize
The safe encryption mechanism of card module high intensity carries out authentication, avoids the stolen existing security risk of password, ensures user's
Account safety, the method that authentication is realized based on external authentication module and personal identification number with broader applications scope.
To achieve these goals, the system of the invention that authentication is realized based on external authentication module and personal identification number
And method has following form:
This realizes the system of authentication based on external authentication module and personal identification number, and it is mainly characterized by, and described is
System includes:
Authentication management client, to send personal identification number checking instruction to security module, and according to described safe mould
The check results of block forwarding optionally order described security module and external authentication module is bound, certification and releasing are tied up
It is fixed;
Security module, described personal identification number checking instruction is forwarded into external authentication module, and will be described it is outer
The check results of portion's authentication module feedback are forwarded to described authentication management client;
External authentication module, to verify described personal identification number checking instruction and described check results are fed back into institute
The security module stated.
Further, described external authentication module includes certification memory cell, certification execution unit and certification communication unit
Member, wherein:
Described certification memory cell, to store apparatus figure certificate and personal identification number for certification;
Described certification execution unit, to personal close described in the personal identification number verification in described memory cell
Code checking instruction, and instructed according to the certification of described authentication management client and be authenticated with described security module;
Described certification communication unit, to be communicated with described security module.
Further, described security module includes secure storage unit, performs authentication unit and secure communication unit, its
In:
Described secure storage unit, to store the apparatus figure certificate that described external authentication module is sent;
Described execution authentication unit, to according to the certification of described authentication management client instruction and described outside
Authentication module is authenticated;
Described secure communication unit, to be communicated with described external authentication module.
Further, described authentication management client includes information acquisition unit and interface display unit, wherein:
Described information acquisition unit, to obtain the personal identification number information and authentication interface operation information of user's input;
Described interface display unit, to show authentication interface and all kinds of promptings.
Wherein, communicated between described security module and external authentication module by NFC technique, described outside is recognized
Demonstrate,prove the special-shaped card that module is ring shape..
In addition, the present invention also provides a kind of identity binding method realized based on external authentication module and personal identification number, its
It is mainly characterized by, described method comprises the following steps:
(1) the authentication management client described in sends described personal identification number checking instruction to described security module;
(2) described personal identification number checking instruction is forwarded to described external authentication module by the security module described in;
(3) the personal identification number checking described in the verification of external authentication module described in instructs and feeds back described check results
To described security module;
(4) described check results are forwarded to described authentication management client by the security module described in;
(5) the authentication management client described in is according to described check results optionally by described security module and institute
The external authentication module stated is bound.
Further, described authentication management client according to described check results optionally by described safe mould
Block and described external authentication module are bound, and are comprised the following steps:
(5.1) the authentication management client described in judges whether described check results are personal identification number authentication failed;
(5.2) if a determination be made that check results are personal identification number authentication failed, then continue step (5.3), otherwise after
Continuous step (5.4);
(5.3) the authentication management client described in shows the prompt message of personal identification number input error;
(5.4) the authentication management client described in sends digital certificate and reads instruction to described security module;
(5.5) described digital certificate is read instruction and is forwarded to described external authentication module by the security module described in;
(5.6) external authentication module described in is by the described number for reading apparatus figure certificate corresponding to digital certificate instruction
According to transmission to described security module;
(5.7) security module described in is by the data forwarding of described apparatus figure certificate to described authentication management client
End;
(5.8) the authentication management client described in writes the data of described apparatus figure certificate described safe mould
Block.
In addition, the present invention also provides a kind of identity identifying method realized based on external authentication module and personal identification number, its
It is mainly characterized by, described method comprises the following steps:
(a) the authentication management client described in sends described personal identification number checking instruction to described security module;
(b) described personal identification number checking instruction is forwarded to described external authentication module by the security module described in;
(c) the personal identification number checking described in the verification of external authentication module described in instructs and feeds back described check results
To described security module;
(d) described check results are forwarded to described authentication management client by the security module described in;
(e) authentication management client described according to described check results optionally order described security module with
Described external authentication module is authenticated.
Further, described authentication management client optionally orders described safety according to described check results
Module is authenticated with described external authentication module, is comprised the following steps:
(e.1) the authentication management client described in judges whether described check results are personal identification number authentication failed;
(e.2) if a determination be made that check results are personal identification number authentication failed, then continue step (e.3), otherwise after
Continuous step (e.4);
(e.3) the authentication management client described in shows the prompt message of personal identification number input error;
(e.4) the authentication management client described in sends certification and instructed to described security module;
(e.5) described certification instruction is forwarded to described external authentication module by the security module described in;
(e.6) the external authentication module described in sends authentication data corresponding to described certification instruction to described safety
Module;
(e.7) the apparatus figure certificate that the security module described in has been bound according to inside verifies described authentication data;
(e.8) security module described in optionally activates secure payment function according to check results.
Further, described security module optionally activates secure payment function according to check results, including with
Lower step:
(e.8.1) security module described in judges whether described check results are user authentication success, if it is, after
Continuous step (e.8.2), otherwise continues step (e.8.3);
(e.8.2) the security module activation secure payment function described in;
(e.8.3) security module described in sends the information of user authentication failure to described authentication management client;
(e.8.4) the authentication management client described in shows the prompt message of user authentication failure.
Further, it is further comprising the steps of before described step (a):
Security module described in (0.a) judges to whether there is described external authentication module in default scoping, if
Then continue step (0.b), otherwise repeat step (0.a);
Security module described in (0.b) sends display interface instruction to described authentication management client;
Authentication management client described in (0.c) shows described authentication interface.
Further, it is further comprising the steps of after described step (e):
(f) security module described in judges described external authentication module in default scoping whether also be present, if it is,
Then repeat step (f), otherwise continue step (g);
(g) security module described in is sent interface instructions are closed to described authentication management client;
(h) the authentication management client described in closes described authentication interface.
Meanwhile the present invention also provides a kind of unbinding method realized based on external authentication module and personal identification number, its
It is mainly characterized by, described method comprises the following steps:
(A) the authentication management client described in sends described unbinding instruction to described security module;
(B) data of security module apparatus figure certificate according to corresponding to deleting described unbinding instruction described in.
The system and method that authentication is realized based on external authentication module and personal identification number in the invention is employed, is had
Have the advantages that:
(1) in order to which the security hidden trouble for overcoming the above-mentioned modules of SE in the prior art " often online " and drawing, the present invention carry
The auth method of NFC mobile phone double factor is realized based on external authentication module and personal identification number (PIN code) for one kind, wherein wrapping
Include the subscriber authentication that personal identification number (PIN) verification mode is carried out to described external authentication module.Password authentification by rear,
Security module (SE) inside NFC smart mobile phones to described external authentication module, (mark by such as special-shaped contactless smart card or RFID
Label) it is authenticated using challenge responses mode (using symmetrically or non-symmetrically AES), when the certification for completing the two steps
After could complete authentication, the payment function of NFC mobile phone internal security module is activated, by means of external authentication module high intensity
Safe encryption mechanism carry out authentication, avoid the stolen existing security risk of personal identification number, even if PIN code is stolen, do not have
There is special-shaped smart card to activate SE modules, it is ensured that the account safety of user.
(2) for the ease of carrying, external authentication module can be encapsulated in the form of special-shaped card, and the present invention, which uses, recognizes outside
Card module is encapsulated in ring, during using logging in APP during the present invention, as long as being stopped with the holding with the special-shaped card of ring intelligence
Machine, input PIN code can complete authentication, it is not necessary to extra " swiping the card " action, be tested to carry out identity on the mobile apparatus
Card provides a great convenience, and has wider application.
Brief description of the drawings
Fig. 1 is the structure chart of the system that authentication is realized based on external authentication module and personal identification number of the present invention.
Fig. 2 is the flow chart of identity binding method of the realization based on external authentication module and personal identification number of the present invention.
Fig. 3 is the flow chart of identity identifying method of the realization based on external authentication module and personal identification number of the present invention.
Fig. 4 is the knot of the embodiment of the system that authentication is realized based on external authentication module and personal identification number of the present invention
Composition.
Fig. 5 is the external authentication module of the present invention and the binding flow chart of mobile phone SE modules.
Fig. 6 is the double factor flow for authenticating ID figure of the present invention.
Embodiment
In order to more clearly describe the technology contents of the present invention, carried out with reference to specific embodiment further
Description.
Referring to Fig. 1, in one embodiment, it is of the invention that identity is realized based on external authentication module and personal identification number
The system of checking includes:
Authentication management client, to send personal identification number checking instruction to security module, and according to described safe mould
The check results of block forwarding optionally order described security module and external authentication module is bound, certification and releasing are tied up
It is fixed;
Security module, described personal identification number checking instruction is forwarded into external authentication module, and will be described it is outer
The check results of portion's authentication module feedback are forwarded to described authentication management client;
External authentication module, to verify described personal identification number checking instruction and described check results are fed back into institute
The security module stated.
In a preferred embodiment, described external authentication module includes certification memory cell, certification performs list
Member and certification communication unit, wherein:
Described certification memory cell, to store apparatus figure certificate and personal identification number for certification;
Described certification execution unit, to personal close described in the personal identification number verification in described memory cell
Code checking instruction, and instructed according to the certification of described authentication management client and be authenticated with described security module;
Described certification communication unit, to be communicated with described security module.
In a preferred embodiment, described security module include secure storage unit, perform authentication unit and
Secure communication unit, wherein:
Described secure storage unit, to store the apparatus figure certificate that described external authentication module is sent;
Described execution authentication unit, to according to the certification of described authentication management client instruction and described outside
Authentication module is authenticated;
Described secure communication unit, to be communicated with described external authentication module.
In a preferred embodiment, described authentication management client includes information acquisition unit and interface display
Unit, wherein:
Described information acquisition unit, to obtain the personal identification number information and authentication interface operation information of user's input;
Described interface display unit, to show authentication interface and all kinds of promptings.
Wherein, communicated between described security module and external authentication module by NFC technique, described outside is recognized
Demonstrate,prove the special-shaped card that module is ring shape..
In addition, the present invention also provides a kind of identity binding method realized based on external authentication module and personal identification number, such as
Shown in Fig. 2, it is mainly characterized by, and described method comprises the following steps:
(1) the authentication management client described in sends described personal identification number checking instruction to described security module;
(2) described personal identification number checking instruction is forwarded to described external authentication module by the security module described in;
(3) the personal identification number checking described in the verification of external authentication module described in instructs and feeds back described check results
To described security module;
(4) described check results are forwarded to described authentication management client by the security module described in;
(5) the authentication management client described in is according to described check results optionally by described security module and institute
The external authentication module stated is bound.
In a preferred embodiment, described authentication management client according to described check results optionally
Described security module and described external authentication module are bound, comprised the following steps:
(5.1) the authentication management client described in judges whether described check results are personal identification number authentication failed;
(5.2) if a determination be made that check results are personal identification number authentication failed, then continue step (5.3), otherwise after
Continuous step (5.4);
(5.3) the authentication management client described in shows the prompt message of personal identification number input error;
(5.4) the authentication management client described in sends digital certificate and reads instruction to described security module;
(5.5) described digital certificate is read instruction and is forwarded to described external authentication module by the security module described in;
(5.6) external authentication module described in is by the described number for reading apparatus figure certificate corresponding to digital certificate instruction
According to transmission to described security module;
(5.7) security module described in is by the data forwarding of described apparatus figure certificate to described authentication management client
End;
(5.8) the authentication management client described in writes the data of described apparatus figure certificate described safe mould
Block.
In addition, the present invention also provides a kind of identity identifying method realized based on external authentication module and personal identification number, such as
Shown in Fig. 3, it is mainly characterized by, and described method comprises the following steps:
(a) the authentication management client described in sends described personal identification number checking instruction to described security module;
(b) described personal identification number checking instruction is forwarded to described external authentication module by the security module described in;
(c) the personal identification number checking described in the verification of external authentication module described in instructs and feeds back described check results
To described security module;
(d) described check results are forwarded to described authentication management client by the security module described in;
(e) authentication management client described according to described check results optionally order described security module with
Described external authentication module is authenticated.
In a preferred embodiment, described authentication management client according to described check results optionally
The described security module of order is authenticated with described external authentication module, is comprised the following steps:
(e.1) the authentication management client described in judges whether described check results are personal identification number authentication failed;
(e.2) if a determination be made that check results are personal identification number authentication failed, then continue step (e.3), otherwise after
Continuous step (e.4);
(e.3) the authentication management client described in shows the prompt message of personal identification number input error;
(e.4) the authentication management client described in sends certification and instructed to described security module;
(e.5) described certification instruction is forwarded to described external authentication module by the security module described in;
(e.6) the external authentication module described in sends authentication data corresponding to described certification instruction to described safety
Module;
(e.7) the apparatus figure certificate that the security module described in has been bound according to inside verifies described authentication data;
(e.8) security module described in optionally activates secure payment function according to check results.
In a kind of preferred embodiment, described security module optionally activates safety support according to check results
Function is paid, is comprised the following steps:
(e.8.1) security module described in judges whether described check results are user authentication success, if it is, after
Continuous step (e.8.2), otherwise continues step (e.8.3);
(e.8.2) the security module activation secure payment function described in;
(e.8.3) security module described in sends the information of user authentication failure to described authentication management client;
(e.8.4) the authentication management client described in shows the prompt message of user authentication failure.
In a preferred embodiment, it is further comprising the steps of before described step (a):
Security module described in (0.a) judges to whether there is described external authentication module in default scoping, if
Then continue step (0.b), otherwise repeat step (0.a);
Security module described in (0.b) sends display interface instruction to described authentication management client;
Authentication management client described in (0.c) shows described authentication interface.
It is further comprising the steps of after described step (e) in a kind of preferred embodiment:
(f) security module described in judges described external authentication module in default scoping whether also be present, if it is,
Then repeat step (f), otherwise continue step (g);
(g) security module described in is sent interface instructions are closed to described authentication management client;
(h) the authentication management client described in closes described authentication interface.
Meanwhile the present invention also provides a kind of unbinding method realized based on external authentication module and personal identification number, its
It is mainly characterized by, described method comprises the following steps:
(A) the authentication management client described in sends described unbinding instruction to described security module;
(B) data of security module apparatus figure certificate according to corresponding to deleting described unbinding instruction described in.
The present invention relates to user, whether checking user's identity closes on the Intelligent mobile equipment for supporting near field communication (NFC) function
The field of method, especially relate to the technical fields such as NFC mechanicss of communication, cryptography, information security field.
To achieve these goals, in actual applications, authentication management client is to be installed on intelligent mobile terminal
Application software, provide a user personal identification number inputting interface and the mobile phone application of external authentication module management function is provided;Safety
Module is to support NFC technique and need that to the completion certification of outside authentication module the mobile payment security certification core used could be activated
Piece, it is arranged in the circuit board of intelligent mobile terminal, more preferably, card reader pattern and snap gauge simulation models can be supported simultaneously and can be with
Switch between two patterns;External authentication module is the contactless smart chip based on NFC technique, can be encapsulated into ring
In the special-shaped card of profile, it is easy to user to carry and use.
Wherein, the external authentication module includes:Certification memory cell, pass through on-chip memory storage certification number of devices
Word certificate and individual subscriber password;Certification execution unit, for performing personal identification number checking and being recognized each other with security module
Card;Certification communication unit, for supporting that the intelligent mobile terminal of NFC technique is communicated.
The security module includes:Secure communication unit, for sending instruction to the external authentication module of support NFC technique
And receive its response;Authentication unit is performed, for performing the certification to outside authentication module;Secure storage unit, by piece
Memory storage certification key (the apparatus figure certificate after encrypting).
The authentication management client includes:Information module is obtained, obtains the personal identification number and menu setecting of user's input
Operation;User's display module, for showing external authentication module management menu and authentication result, certification is successfully to show successfully,
Authentification failure is prompted accordingly according to the error situation code of return to user.
The method that authentication is realized based on external authentication module and personal identification number, it is main to include binding and two portions of certification
Point, more preferably, unbinding part can be included again, idiographic flow is as follows:
1) bind
User runs the authentication management client on mobile phone, and selects bindings;
Authentication management client prompts the personal identification number that user inputs external authentication module in personal identification number inputting interface;
NFC communication interface (the i.e. secure communication that personal identification number checking instruction is passed through security module by authentication management client
The NFC communication interface of unit) it is sent to external authentication module;
The personal identification number and back-checking result that the verification of external authentication module receives;
If personal identification number verification failure, authentication management Client-Prompt individual subscriber Password Input mistake;
If personal identification number verifies successfully, authentication management client will read digital certificate instruction and pass through security module
NFC communication interface is sent to external authentication module;
External authentication module returns to the apparatus figure certificate issued by publisher;
The apparatus figure certificate of external authentication module is write security module by authentication management client, and binding procedure terminates.
2) certification
When the communication unit of security module detects external authentication module close to intelligent mobile terminal, activating and authenticating management
The personal identification number inputting interface of client, user is prompted to input the personal identification number of external authentication module;
Personal identification number checking instruction is sent to outside by the NFC communication interface of security module and recognized by authentication management client
Demonstrate,prove module;
The personal identification number and back-checking result that the verification of external authentication module receives;
If personal identification number verification failure, authentication management Client-Prompt individual subscriber Password Input mistake;
If personal identification number verifies successfully, certification is instructed and connect by the NFC communication of security module by authentication management client
Mouth is sent to external authentication module;
External authentication module receives certification instruction return authentication data;
Security module verifies authentication data using the digital certificate of the external authentication module of binding;
If authentification failure, authentication management Client-Prompt user authentication failure;
If certification success, activate the mobile security payment function of security module and prompt to use in authentication management client
Family certification success.
Wherein, when the communication module of security module detects external authentication module not in the range of NFC action of radio, no matter
Whether transaction is completed, and stops current payment transaction process and closes payment function, customer transaction is prompted in authentication management client
Stop.
3) it is unbinding
User runs the authentication management client on mobile phone, and selects unbinding operation;
More preferably, it is necessary to first complete identifying procedure, if certification success, security module are deleted and are stored in its storage inside mould
Apparatus figure certificate in block, release the binding with external authentication module.
In order that present invention solves the technical problem that, embodiment, advantage become apparent from, with reference to system example and
The above method is described in detail, the system provided by the invention that authentication is realized based on external authentication module and personal identification number
Embodiment as shown in figure 4, system includes external authentication module, mobile phone safe module (i.e. security module) and external authentication module
Management client applies (authentication authorization and accounting management client).
External authentication module is the contactless smart chip based on NFC technique, including:Memory cell, by being deposited on piece
Reservoir authentication storage apparatus figure certificate, device private and individual subscriber password, memory space are no more than 2K bytes;Certification
Execution unit, including cipher code arithmetic assisting processor and CPU (Central Processing Unit, central processing unit), are used for
Perform personal identification number checking and be authenticated with mobile phone safe module;Communication unit, including support ISO14443 is non-to connect smart card
The interface and antenna of communication protocol, antenna receive radiofrequency field caused by NFC device in addition to for transmitting corresponding data
(RF-field) powered for digital processing, ensure that the encryption of information and NFC communication units send reception in external authentication module
The complete procedure of data.
As long as user is held when being authenticated using external authentication module with the hand with ring shape external authentication module
Mobile phone can be operated, and the characteristic such as distinctive safe and efficient convenience of NFC near-field communications ensure that Consumer's Experience.
Said external authentication module management client application is a kind of mobile APP softwares for running on Android platform, bag
Data obtaining module and user's display module are included, wherein, data obtaining module is used for the personal identification number and dish for obtaining user's input
Single selection operation;User's display module, for showing external authentication module management menu and authentication result, certification is successfully display
Success;Authentification failure is prompted accordingly according to the error situation code of return to user.
In embodiment, the method for realizing authentication based on external authentication module and personal identification number includes two critical flows
Journey:
1st, the binding flow of external authentication module and mobile phone SE modules is as follows referring to Fig. 5, step:
(1) user starts cell phone application (i.e. external authentication module management client application);
(2) user card punching is prompted;
(3) PIN (Personal Identification Number) code (i.e. personal identification number) of user's input is verified;
(4) if external authentication module checking PIN code is by into next step;If PIN code mistake and mistake more than 6
It is secondary, prompt Bind Failed;
(5) device certificate in external authentication module is read;
(6) device certificate is saved in mobile phone SE;
(7) binding flow terminates.
2nd, double factor flow for authenticating ID such as Fig. 6, step are as follows:
(1) user starts cell phone application;
(2) user card punching is prompted;
(3) PIN code of user's input is verified;
(4) if external authentication module checking PIN code is by into next step;If PIN code mistake and mistake more than 6
It is secondary, prompt authentification failure;
(5) certification instruction is sent to outside authentication module, the initial data for certification is included in instruction;
(6) external authentication module is digitally signed with the internal private key preserved to the certification initial data received;
(7) mobile phone SE verifies the digital signature of external authentication module, if the verification passes then certification success, and otherwise certification is lost
Lose;
(8) authentication flow terminates.
The system and method that authentication is realized based on external authentication module and personal identification number in the invention is employed, is had
Have the advantages that:
(1) in order to which the security hidden trouble for overcoming the above-mentioned modules of SE in the prior art " often online " and drawing, the present invention carry
The auth method of NFC mobile phone double factor is realized based on external authentication module and personal identification number (PIN code) for one kind, wherein wrapping
Include the subscriber authentication that personal identification number (PIN) verification mode is carried out to described external authentication module.Password authentification by rear,
Security module (SE) inside NFC smart mobile phones to described external authentication module, (mark by such as special-shaped contactless smart card or RFID
Label) it is authenticated using challenge responses mode (using symmetrically or non-symmetrically AES), when the certification for completing the two steps
After could complete authentication, the payment function of NFC mobile phone internal security module is activated, by means of external authentication module high intensity
Safe encryption mechanism carry out authentication, avoid the stolen existing security risk of personal identification number, even if PIN code is stolen, do not have
There is special-shaped smart card to activate SE modules, it is ensured that the account safety of user.
(2) for the ease of carrying, external authentication module can be encapsulated in the form of special-shaped card, and the present invention, which uses, recognizes outside
Card module is encapsulated in ring, during using logging in APP during the present invention, as long as being stopped with the holding with the special-shaped card of ring intelligence
Machine, input PIN code can complete authentication, it is not necessary to extra " swiping the card " action, be tested to carry out identity on the mobile apparatus
Card provides a great convenience, and has wider application.
Claims (12)
- A kind of 1. system that authentication is realized based on external authentication module and personal identification number, it is characterised in that described system Including:Authentication management client, turn to send personal identification number checking instruction to security module, and according to described security module The check results of hair optionally order described security module and external authentication module is bound, certification and unbinding;Security module, described personal identification number checking instruction is forwarded into external authentication module, and described outside is recognized The check results of card module feedback are forwarded to described authentication management client;External authentication module, to verify described personal identification number checking instruction and feed back to described check results described Security module,Described security module includes secure storage unit, performs authentication unit and secure communication unit, wherein:Described secure storage unit, to store the apparatus figure certificate that described external authentication module is sent;Described execution authentication unit, to according to the certification of described authentication management client instruction and described external authentication Module is authenticated;Described secure communication unit, to be communicated with described external authentication module.
- 2. the system according to claim 1 that authentication is realized based on external authentication module and personal identification number, its feature It is, described external authentication module includes certification memory cell, certification execution unit and certification communication unit, wherein:Described certification memory cell, to store apparatus figure certificate and personal identification number for certification;Described certification execution unit, to personal close described in the personal identification number verification in described certification memory cell Code checking instruction, and instructed according to the certification of described authentication management client and be authenticated with described security module;Described certification communication unit, to be communicated with described security module.
- 3. the system according to claim 1 that authentication is realized based on external authentication module and personal identification number, its feature It is, described authentication management client includes information acquisition unit and interface display unit, wherein:Described information acquisition unit, to obtain the personal identification number information and authentication interface operation information of user's input;Described interface display unit, to show authentication interface and all kinds of promptings.
- 4. according to any one of claim 1 to 3 realize authentication based on external authentication module and personal identification number System, it is characterised in that communicated between described security module and external authentication module by NFC technique.
- 5. the system according to claim 4 that authentication is realized based on external authentication module and personal identification number, its feature It is, described external authentication module is the special-shaped card of ring shape.
- 6. a kind of system using any one of claims 1 to 33 is realized based on external authentication module and personal identification number Identity binding method, it is characterised in that described method comprises the following steps:(1) the authentication management client described in sends described personal identification number checking instruction to described security module;(2) described personal identification number checking instruction is forwarded to described external authentication module by the security module described in;(3) the personal identification number checking described in the verification of external authentication module described in instructs and described check results is fed back into institute The security module stated;(4) described check results are forwarded to described authentication management client by the security module described in;(5) authentication management client described in is according to described check results optionally by described security module and described External authentication module is bound.
- 7. identity binding method of the realization based on external authentication module and personal identification number according to claim 6, its feature It is, described authentication management client is according to described check results optionally by described security module and described outer Portion's authentication module is bound, and is comprised the following steps:(5.1) the authentication management client described in judges whether described check results are personal identification number authentication failed;(5.2) if a determination be made that check results are personal identification number authentication failed, then continue step (5.3), otherwise continue to walk Suddenly (5.4);(5.3) the authentication management client described in shows the prompt message of personal identification number input error;(5.4) the authentication management client described in sends digital certificate and reads instruction to described security module;(5.5) described digital certificate is read instruction and is forwarded to described external authentication module by the security module described in;(5.6) data that the external authentication module described in reads described digital certificate in apparatus figure certificate corresponding to instruction are sent out Deliver to described security module;(5.7) security module described in is by the data forwarding of described apparatus figure certificate to described authentication management client;(5.8) the authentication management client described in writes the data of described apparatus figure certificate described security module.
- 8. a kind of method using described in claim 6 realizes the authentication side based on external authentication module and personal identification number Method, it is characterised in that described method comprises the following steps:(a) the authentication management client described in sends described personal identification number checking instruction to described security module;(b) described personal identification number checking instruction is forwarded to described external authentication module by the security module described in;(c) the personal identification number checking described in the verification of external authentication module described in instructs and described check results is fed back into institute The security module stated;(d) described check results are forwarded to described authentication management client by the security module described in;(e) authentication management client described according to described check results optionally order described security module with it is described External authentication module be authenticated;Described authentication management client according to described check results optionally order described security module with it is described External authentication module is authenticated, and is comprised the following steps:(e.1) the authentication management client described in judges whether described check results are personal identification number authentication failed;(e.2) if a determination be made that check results are personal identification number authentication failed, then continue step (e.3), otherwise continue to walk Suddenly (e.4);(e.3) the authentication management client described in shows the prompt message of personal identification number input error;(e.4) the authentication management client described in sends certification and instructed to described security module;(e.5) described certification instruction is forwarded to described external authentication module by the security module described in;(e.6) the external authentication module described in sends authentication data corresponding to described certification instruction to described safe mould Block;(e.7) the apparatus figure certificate that the security module described in has been bound according to inside verifies described authentication data;(e.8) security module described in optionally activates secure payment function according to the check results of authentication data.
- 9. identity binding method of the realization based on external authentication module and personal identification number according to claim 8, its feature It is, described security module optionally activates secure payment function, including following step according to the check results of authentication data Suddenly:(e.8.1) security module described in judges whether the check results of described authentication data are user authentication success, if It is then to continue step (e.8.2), otherwise continues step (e.8.3);(e.8.2) the security module activation secure payment function described in;(e.8.3) security module described in sends the information of user authentication failure to described authentication management client;(e.8.4) the authentication management client described in shows the prompt message of user authentication failure.
- 10. identity binding method of the realization based on external authentication module and personal identification number according to claim 8, its feature It is, it is further comprising the steps of before described step (a):Security module described in (0.a) judges to whether there is described external authentication module in default scoping, if it is after Continue step (0.b), otherwise repeat step (0.a);Security module described in (0.b) sends display interface instruction to described authentication management client;Authentication management client described in (0.c) shows described authentication interface.
- 11. identity binding method of the realization based on external authentication module and personal identification number according to claim 10, it is special Sign is, further comprising the steps of after described step (e):(f) security module described in judges described external authentication module in default scoping whether also be present, if it is, weight Multiple step (f), otherwise continues step (g);(g) security module described in is sent interface instructions are closed to described authentication management client;(h) the authentication management client described in closes described authentication interface.
- 12. a kind of method using described in claim 8 realizes the unbinding side based on external authentication module and personal identification number Method, it is characterised in that described method comprises the following steps:(A) the authentication management client described in sends unbinding instruction to described security module;(B) data of security module apparatus figure certificate according to corresponding to deleting described unbinding instruction described in.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410476460.1A CN104202167B (en) | 2014-09-18 | 2014-09-18 | The system and method for authentication is realized based on external authentication module and personal identification number |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410476460.1A CN104202167B (en) | 2014-09-18 | 2014-09-18 | The system and method for authentication is realized based on external authentication module and personal identification number |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104202167A CN104202167A (en) | 2014-12-10 |
CN104202167B true CN104202167B (en) | 2018-04-06 |
Family
ID=52087397
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410476460.1A Active CN104202167B (en) | 2014-09-18 | 2014-09-18 | The system and method for authentication is realized based on external authentication module and personal identification number |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104202167B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105721164A (en) * | 2016-02-18 | 2016-06-29 | 四川长虹电器股份有限公司 | Mobile phone identity authentication system and method of sim card |
CN112669043A (en) * | 2021-03-17 | 2021-04-16 | 中国银联股份有限公司 | Card binding method, terminal device, authentication server and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102497465A (en) * | 2011-10-26 | 2012-06-13 | 潘铁军 | High-secrecy mobile information safety system and safety method for distributed secret keys |
CN103501191A (en) * | 2013-08-21 | 2014-01-08 | 王越 | Mobile payment device and method thereof based on NFC technology |
CN103745254A (en) * | 2013-12-20 | 2014-04-23 | 北京握奇数据系统有限公司 | Mobile payment intelligent card |
CN103945381A (en) * | 2014-04-28 | 2014-07-23 | 公安部第三研究所 | System and method for achieving identity verification based on external security module in mobile terminal |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2509322A (en) * | 2012-12-28 | 2014-07-02 | Securenvoy Plc | Time-based two factor authentication |
-
2014
- 2014-09-18 CN CN201410476460.1A patent/CN104202167B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102497465A (en) * | 2011-10-26 | 2012-06-13 | 潘铁军 | High-secrecy mobile information safety system and safety method for distributed secret keys |
CN103501191A (en) * | 2013-08-21 | 2014-01-08 | 王越 | Mobile payment device and method thereof based on NFC technology |
CN103745254A (en) * | 2013-12-20 | 2014-04-23 | 北京握奇数据系统有限公司 | Mobile payment intelligent card |
CN103945381A (en) * | 2014-04-28 | 2014-07-23 | 公安部第三研究所 | System and method for achieving identity verification based on external security module in mobile terminal |
Also Published As
Publication number | Publication date |
---|---|
CN104202167A (en) | 2014-12-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101615322B (en) | Mobile terminal payment method and mobile terminal payment system for realizing magnetic payment function | |
US20130311313A1 (en) | Nfc transaction processing systems and methods | |
US20150339599A1 (en) | System, mobile device and method for electronic ticket peer to peer secure transferring by near field communication (nfc) technology | |
CN101809977A (en) | Updating mobile devices with additional elements | |
JP5385419B2 (en) | Mobile terminal authentication system and method | |
KR101272600B1 (en) | Method and System for Mobile Payment by Using Near Field Communication | |
CN105868978A (en) | NFC mobile payment method and system thereof | |
CN101256694A (en) | Method for automatically charging for electronic purse of near-field communication terminal | |
KR20090109979A (en) | Method for Processing Payment Statement of Wholesale Affilate Store, Wholesale Affilate Store Payment Terminal and Recording Medium | |
CN106355385B (en) | The novel two dimensional code method of payment for electronic scale | |
CN109714297A (en) | Safe verification method, system and user terminal and application platform | |
CN104202167B (en) | The system and method for authentication is realized based on external authentication module and personal identification number | |
WO2013016962A1 (en) | Method, system, and device for sharing ic card information | |
CN106779672A (en) | The method and device that mobile terminal safety pays | |
EP2850572A1 (en) | Nfc transaction processing systems and methods | |
KR20180006602A (en) | Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Radio Signal Device | |
KR20180001647A (en) | Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Radio Signal Device | |
CN106254378A (en) | The method of controlling security of a kind of short-range communication NFC mobile terminal and system | |
KR101445001B1 (en) | Method and System for Providing End-To-End Security Payment by using Near Field Communication | |
KR102179428B1 (en) | Method for Accumulating a Value Data in Reverse by using Near Field Communication | |
KR102149550B1 (en) | Method for Providing Duplex Interchange of Information by using Near Field Communication | |
KR20180006601A (en) | Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Radio Signal Device | |
KR20180001651A (en) | Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Radio Signal Device | |
KR20180001649A (en) | Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Radio Signal Device | |
KR20180001653A (en) | Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Radio Signal Device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |