CN104601327B - A kind of safe verification method, relevant device and system - Google Patents

A kind of safe verification method, relevant device and system Download PDF

Info

Publication number
CN104601327B
CN104601327B CN201310746079.8A CN201310746079A CN104601327B CN 104601327 B CN104601327 B CN 104601327B CN 201310746079 A CN201310746079 A CN 201310746079A CN 104601327 B CN104601327 B CN 104601327B
Authority
CN
China
Prior art keywords
service
wearable device
authentication information
user
payment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310746079.8A
Other languages
Chinese (zh)
Other versions
CN104601327A (en
Inventor
杨小伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201310746079.8A priority Critical patent/CN104601327B/en
Priority to PCT/CN2014/095467 priority patent/WO2015101273A1/en
Publication of CN104601327A publication Critical patent/CN104601327A/en
Application granted granted Critical
Publication of CN104601327B publication Critical patent/CN104601327B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Abstract

The embodiment of the invention discloses a kind of safe verification method, relevant device and system, one of safe verification method includes: the user authentication information that service terminal is stored in advance in the wearable device by low coverage communication modes from the acquisition of the wearable device of user;The service terminal sends service request to service server, includes business information and the user authentication information in the service request;The service server verifies the user authentication information, if verifying successfully, carries out business processing to the service request.It using the present invention, is verified using the verification information stored in the wearable device of user, makes the business processing for service request safer convenient.

Description

A kind of safe verification method, relevant device and system
Technical field
The present invention relates to Internet technical field more particularly to a kind of safe verification methods, relevant device and system.
Background technique
With the development of internet technology, some routine works of the frequent online processing of user, and some it is related to user People's assets or the business of private information need to carry out user identity during processing stringent certification, such as online transaction, The scenes such as payment, most common authentication mode is short message verification code, and short message verification code is established on mobile phone marketing channel, if hand Machine cannot normally receive short message, that payment behavior can not then normally complete;If mobile phone is lost, safety can not be carried out in the short time Verifying, and other people may occur and carries out short-message verification using the mobile phone lost, so that the counterfeit user carries out business processing, Lead to the assets of the user or the security risk of personal information.
Summary of the invention
The technical problem to be solved by the embodiment of the invention is that providing a kind of safe verification method, relevant device and being System, verified using the verification information stored in the wearable device of user, allow for service request business processing more For safe and convenient.
In order to solve the above-mentioned technical problem, first aspect of the embodiment of the present invention provides a kind of safe verification method, described Method includes:
Service terminal is stored in advance in described wearable set from the acquisition of the wearable device of user by low coverage communication modes User authentication information in standby;
The service terminal sends service request to service server, includes business information in the service request and described User authentication information;
The service server verifies the user authentication information, if verifying successfully, to the service request Carry out business processing.
Correspondingly, second aspect of the embodiment of the present invention additionally provides a kind of safe verification method, which comprises
Service terminal is stored in advance in described wearable set from the acquisition of the wearable device of user by low coverage communication modes User authentication information in standby;
The service terminal sends service request to service server, includes business information in the service request and described User authentication information, so that the service server verifies the user authentication information, if verifying successfully, the industry Server be engaged in service request progress business processing.
Correspondingly, the third aspect of the embodiment of the present invention additionally provides a kind of safe verification method, which comprises
Wearable device is stored in advance in the wearable device to service terminal transmission by low coverage communication modes In user authentication information include in the service request so that the service terminal sends service request to service server Business information and the user authentication information, the service server verify the user authentication information, if verification at Function then carries out business processing to the service request.
Correspondingly, fourth aspect of the embodiment of the present invention additionally provides a kind of service terminal, and the service terminal includes:
First receiving unit, it is described for being stored in advance in by low coverage communication modes from the acquisition of the wearable device of user User authentication information in wearable device;
Second transmission unit includes business information in the service request for sending service request to service server With the user authentication information so that the service server verifies the user authentication information, if verifying successfully, The service server carries out business processing to the service request.
Correspondingly, the 5th aspect of the embodiment of the present invention additionally provides a kind of wearable device, and the wearable device includes:
Transmission unit, for being stored in advance in described wearable set to service terminal transmission by low coverage communication modes User authentication information in standby is wrapped in the service request so that the service terminal sends service request to service server Business information and the user authentication information are included, the service server verifies the user authentication information, if verification Success then carries out business processing to the service request.
Correspondingly, the 6th aspect of the embodiment of the present invention additionally provides a kind of security authentication systems, the security authentication systems Including service terminal, wearable device and service server, in which:
The service terminal is used to be stored in advance in by low coverage communication modes from the acquisition of the wearable device of user described User authentication information in wearable device sends service request to the service server, includes industry in the service request Information of being engaged in and the user authentication information;
The service server is for verifying the user authentication information, if verifying successfully, to the business Request carries out business processing.
Correspondingly, the 7th aspect of the embodiment of the present invention additionally provides a kind of safe payment method, the safe payment method Include:
Payment terminal is stored in advance in described wearable set from the acquisition of the wearable device of user by low coverage communication modes User authentication information in standby;
The payment terminal sends payment request to payment server, includes order information in the payment request and described User authentication information;
The payment server verifies the user authentication information, if verifying successfully, to the payment request Carry out payment processing.
Correspondingly, eighth aspect of the embodiment of the present invention additionally provides a kind of safety payment system, the safety payment system Including payment terminal, wearable device and payment server, in which:
The payment terminal is used to be stored in advance in by low coverage communication modes from the acquisition of the wearable device of user described User authentication information in wearable device sends payment request to the payment server, includes ordering in the payment request Single information and the user authentication information;
The payment server is for verifying the user authentication information, if verifying successfully, to the payment Request carries out payment processing.
The embodiment of the present invention is described by being stored in advance in from the wearable device of user by the acquisition of low coverage communication modes User authentication information in wearable device sends service request to service server, includes that business is believed in the service request Breath and the user authentication information, so that the service server verifies the user authentication information, if verifying successfully, Business processing then is carried out to the service request, business is carried out using the verification information stored in the wearable device of user and tests Card, makes business processing safer convenient.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of flow diagram of safe verification method of the embodiment of the present invention;
Fig. 2 is the flow diagram of the safe verification method in another embodiment of the present invention;
Fig. 3 is the flow diagram of the safe verification method in another embodiment of the present invention;
Fig. 4 is the flow diagram of the safe verification method in another embodiment of the present invention;
Fig. 5 is the structural schematic diagram of one of embodiment of the present invention service terminal;
Fig. 6 is the structural schematic diagram of the service terminal in another embodiment of the present invention;
Fig. 7 is the structural schematic diagram of one of embodiment of the present invention wearable device;
Fig. 8 is the structural schematic diagram of the wearable device in another embodiment of the present invention;
Fig. 9 is the structural schematic diagram of one of embodiment of the present invention security authentication systems;
Figure 10 is the structural schematic diagram of one of embodiment of the present invention safety payment system.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Service terminal in the embodiment of the present invention may include PC, tablet computer, smart phone, electronic reader And the internet devices such as car-mounted terminal, service server can be logged on to by using user account carries out on-line payment industry Business.Wearable device can be directly worn on user, or be integrated into user clothes or accessory one kind it is portable Equipment may include Intelligent bracelet, intelligent spire lamella, smartwatch, intelligent glasses and various intelligent accessories equipment, in the present invention The service terminal is cooperated to carry out secure payment in embodiment.
Fig. 1 is a kind of flow diagram of safe verification method of the embodiment of the present invention, in the present embodiment as shown in Figure 1 Safe verification method may include:
S101, service terminal are stored in advance in from the acquisition of the wearable device of user by low coverage communication modes and described can be worn Wear the user authentication information in equipment.
In the specific implementation, user can initiate on-line payment request by service terminal, such as when browsing electric business website Confirmation needs the commodity bought, and registering service server carries out on-line payment after confirming an order, and at this moment service terminal can basis The payment instruction of user's input is initiated to establish the low coverage communication connection with the wearable device, is specifically as follows bluetooth connection, NFC(Near Field Communication, near-field communication) connection etc., such as after user clicks " confirmation payment ", business Terminal opens Bluetooth function and carries out bluetooth equipment search, and user's wearable device default is always maintained at bluetooth open state, Service terminal can establish the bluetooth connection with wearable device after searching the wearable device of user automatically.In service terminal After foundation obtains the Near Field Communication between wearable device, it can be set by establishing the connection of obtained Near Field Communication from wearable The user authentication information that standby middle acquisition is stored in advance in the wearable device, the user authentication information may include user The information such as digital certificate or the password of other users payment verification, password.Preferably service terminal is got from wearable device User authentication information can be what the wearable device was encrypted according to preset private key for user, it is optionally, described to obtain The user authentication information got be also possible to it is pre- first pass through service terminal encryption or service server encryption, and then store to described In wearable device, service terminal can not believe user's checking in subsequent obtain in the user authentication information and use process Breath is decrypted, and ensure that safety of the user authentication information in payment transmission process.
S102, the service terminal send service request to service server, include business information in the service request With the user authentication information.
Service terminal can send business to service server after the wearable device of user acquisition user authentication information It requests, may include business information and the user's checking letter got from the wearable device of user in the service request Breath, the service request can be payment request, and the business information may include the disbursement letters such as trade order and payment amount Breath also may include the login account and login password for logging on to service server using user account and carrying out on-line payment business Etc. log-on messages, etc..
S103, the service server verify the user authentication information, if verifying successfully, to the business Request carries out business processing.
After service server receives the service request of service terminal transmission, the user in the service request can be tested Card information is verified, if verifying successfully, carries out business processing to the service request.
Specifically, the user authentication information that preferably service terminal is got from wearable device can be for by preset What private key for user was encrypted, then the corresponding client public key of the user can be used to the process encryption in service server User authentication information is decrypted, and the user authentication information obtained to decryption verifies, if verifying successfully, to the industry Business request carries out subsequent business processing;If verification failure, service server can directly refuse this service request.
The service terminal of the present embodiment from the wearable device of user by the acquisition of low coverage communication modes by being stored in advance User authentication information in the wearable device sends service request to service server, includes in the service request Business information and the user authentication information, so that the service server verifies the user authentication information, if school Test success, then to the service request carry out business processing, using the verification information stored in the wearable device of user into Row verification, makes the business processing for service request safer convenient.
Fig. 2 is the flow diagram of the safe verification method in another embodiment of the present invention, the described peace of the present embodiment Full verification method is mainly to be described from wearable device, service terminal and three side of service server.Such as Fig. 2 institute Show, the safe verification method in the present embodiment may comprise steps of:
S201, service terminal obtain the device identification of the wearable device of user by low coverage communication modes.
In the specific implementation, user can pass through PC, tablet computer, smart phone, electronic reader or vehicle-mounted end The service terminals such as end can to the users' such as Intelligent bracelet, intelligent spire lamella, smartwatch, intelligent glasses or various intelligent accessories equipment Wearable device obtains the device identification of the wearable device, wearable device described in the device identification unique identification, can be with For the identity code etc. of the wearable device.
For example, user can initiate on-line payment request by service terminal, when browsing electric business website, confirmation needs to purchase The commodity bought, registering service server carries out on-line payment after confirming an order, and at this moment service terminal can be inputted according to user Payment instruction is initiated to establish the data connection with the wearable device, is specifically as follows bluetooth wireless connection or NFC connection etc., And the device identification of wearable device is obtained by establishing obtained data connection.
The device identification of the wearable device is sent to service server by S202, service terminal.
S203, service server carry out binding validatation according to the identification information of the device identification and the service terminal.
It, can be according to described after the service server receives the device identification of the wearable device of service terminal transmission The identification information of device identification and the service terminal carries out binding validatation, and the identification information of the service terminal can be business Terminal is sent to service server when sending the device identification of wearable device, optionally, can also be with by taking on-line payment as an example It is any time after service terminal logs in the service server, the service server obtains institute from the service terminal The identification information of service terminal is stated, the identification information of the service terminal can be institute with service terminal described in unique identification The identity code etc. of service terminal is stated, optionally, the identification information may be the login account of registering service server. Specifically, service server can be verified according to the device identification of the wearable device and the identification information of the service terminal Whether the wearable device and the service terminal are bound, if verify the wearable device and the service terminal be binding , it is determined that the service terminal is the common terminal of user, and then executes and confirm to the service terminal sending device relationship Information;If the wearable device and the service terminal are not bindings, service server can be refused to the business Terminal sending device relationship confirmation message.
Optionally, user is by the way that before service terminal initiating business request, service terminal can be sent to service server Bind request information, the bind request information can carry the device identification of wearable device and the mark letter of service terminal Breath, so that service server establishes binding relationship to the wearable device and the service terminal, such as user can pass through industry Terminal of being engaged in sends registration information to service server, and the registration information can carry the equipment mark of wearable device Know the identification information with service terminal, service server carries out location registration process for the registration request, so that described wearable Equipment and the service terminal are associated.Further alternative, service server can be according to the foundation of bind request information Binding between wearable device and multiple service terminals, i.e. user can set multiple common service terminals.
S204, service server is to the service terminal sending device relationship confirmation message if described be verified.
If passing through to the binding validatation of the identification information of the device identification and the service terminal, service server can With to the service terminal sending device relationship confirmation message, it is described wearable that the device relationships confirmation message can be determination Equipment and the service terminal are the confirmation messages of binding relationship.
S205, service terminal obtain the user authentication information of wearable device by low coverage communication modes.
Service terminal receive service server transmission device relationships confirmation message after, can by establish obtain with The data connection of the wearable device obtains the user authentication information of the wearable device, and the user authentication information can To include the information such as password, the password of customer digital certificate or other users payment verification.Preferably service terminal is from wearable The user authentication information that equipment is got can be what the wearable device was encrypted according to preset private key for user, optional , the user authentication information got be also possible to it is pre- first pass through service terminal encryption or service server encryption, in turn It stores in the wearable device, service terminal can not be right in the user authentication information and use process in subsequent obtain User authentication information is decrypted, and ensure that safety of the user authentication information in payment transmission process.
S206, service terminal to the service server send service request, the service request include business information and The user authentication information, and carry the device relationships confirmation message.
Service terminal can send business to service server after the wearable device of user acquisition user authentication information It requests, may include business information and the user's checking letter got from the wearable device of user in the service request Breath, and the device relationships confirmation message is carried, wherein the business information may include the branch such as trade order and payment amount Information is paid, also may include login account and the login for logging on to service server using user account and carrying out on-line payment business Log-on messages such as password, etc..
S207, service server verifies the user authentication information and device relationships confirmation message that receive, if It verifies and business processing then successfully is carried out to the service request.
Specifically, the user authentication information that preferably service terminal is got from wearable device can be for by preset What private key for user was encrypted, then after service server receives the service request that service terminal is sent, the use can be used The user authentication information by encryption is decrypted in the corresponding client public key in family, and the user obtained to the decryption tests The device relationships confirmation message that card information and the service request carry is verified respectively, if to the user for decrypting and obtaining Verification information and the device relationships confirmation message verify success, then service server can carry out industry to the service request Business processing.
The service server of the present embodiment sends wearable according to the identification information of service terminal and the service terminal The device identification of equipment carries out binding validatation, to service terminal sending device relationship confirmation message if being verified, further Service terminal get the user authentication information of wearable device after, to service server send service request, the business Include business information and the user authentication information in request, and carry the device relationships confirmation message, service server connects After receiving the service request, the user authentication information and the device relationships confirmation message are verified, if verifying It is successful then to the service request carry out business processing, using service server according to the equipment mark of the wearable device of user The verification information knowing the device relationships confirmation message sent with the identification information of service terminal and being stored in the wearable device It is verified, makes the business processing for service request safer convenient.
Fig. 3 is the flow diagram of the safe verification method in another embodiment of the present invention, the described peace of the present embodiment Full verification method is mainly to be described from wearable device, service terminal and three side of service server.Such as Fig. 3 institute Show, the safe verification method in the present embodiment may comprise steps of:
S301, service terminal obtain the third-party authentication information of service server.
Before service terminal obtains the user authentication information of the wearable device of user, the of available service server Tripartite's verification information, the third-party authentication information may include the information such as the password of digital certificate or payment verification, password.Compared with The third-party authentication information that excellent service terminal is got from service server can use third party for the service server What private key was encrypted, third-party authentication information can not be decrypted in service terminal, ensure that the third-party authentication information Safety in payment transmission process.
S302, the third-party authentication information of the service server is sent to by service terminal by low coverage communication modes can Wearable device.
Specifically, service terminal can be by establishing getting with the data connection of wearable device by described of obtaining The third-party authentication information of service server is sent to wearable device, the data connection can be bluetooth wireless connection or NFC connection etc..
S303, the wearable device verify the third-party authentication information.
It, can be to the third after the wearable device receives the third-party authentication information that the service terminal is sent Square verification information is verified, if verifying successfully, is executed to the service terminal and is sent user authentication information;If verification not at Function, then wearable device can be refused to send user authentication information to the service terminal.
Specifically, the third-party authentication information that preferably service terminal is got from service server can be the business Server is encrypted using third party's private key, then third corresponding with the service server can be used in wearable device The third-party authentication information by encryption is decrypted in square public key, and carries out to the third-party authentication information that decryption obtains Verification.
S304, if wearable device to the verification of third-party authentication information success, by low coverage communication modes to The service terminal sends user authentication information.
If wearable device to the verification of third-party authentication information success, can be by the data connection to institute It states service terminal and sends user authentication information, the user authentication information may include customer digital certificate or other users payment The information such as password, the password of verifying.The user authentication information that preferably service terminal is got from wearable device can be institute State what wearable device was encrypted according to preset private key for user, optionally, the user authentication information got can also Be it is pre- first pass through service terminal encryption or service server encryption, and then store into wearable device, service terminal exists Subsequent obtain can not be decrypted user authentication information in the user authentication information and use process, ensure that the user tests Demonstrate,prove safety of the information in payment transmission process.
S305, service terminal send service request to the service server, include business information in the service request With the user authentication information.
Service terminal sends service request to the service server, includes business information in the service request and described User authentication information, the service request can be payment request, and the business information may include trade order and payment gold The payment informations such as volume also may include the login account for logging on to service server using user account and carrying out on-line payment business With the log-on messages such as login password, etc..
S306, service server verify the user authentication information received, to the business if verifying successfully Request carries out business processing.
After service server receives the service request of service terminal transmission, the user in the service request can be tested Card information is verified, if verifying successfully, carries out business processing to the service request.
Specifically, the user authentication information that preferably service terminal is got from wearable device can be for by preset What private key for user was encrypted, then the corresponding client public key of the user can be used to the process encryption in service server User authentication information is decrypted, and the user authentication information obtained to decryption verifies, if verifying successfully, to the industry Business request carries out business processing;If verification failure, service server can directly refuse this service request.
The third-party authentication information for the service server that the wearable device of the present embodiment sends service terminal carries out school It tests, sends user authentication information to service terminal if verifying successfully, further service terminal sends industry to service server Business is requested, and includes business information and the user authentication information in the service request, so that the service server is to described User authentication information is verified, and business processing is carried out to the service request if verifying successfully, using service server Third-party authentication information and user wearable device in the verification information that stores verify, allow industry for service request Business processing is safer convenient.
Fig. 4 is the flow diagram of the safe verification method in another embodiment of the present invention, the described peace of the present embodiment Full verification method describes in detail by taking on-line payment process as an example, mainly from wearable device, service terminal and business What the angle of server was described, service terminal, that is, payment terminal in the present embodiment, service server, that is, payment server. As shown in figure 4, the safe verification method in the present embodiment may comprise steps of:
S401, payment terminal carries out bluetooth equipment search, to establish bluetooth connection with wearable device.
Payment terminal can carry out bluetooth equipment search, thus with Intelligent bracelet, intelligent spire lamella, smartwatch, Brilliant Eyes The wearable device of the users such as mirror or various intelligent accessories equipment establishes bluetooth connection, wherein the payment terminal can be individual Computer, tablet computer, smart phone, electronic reader or car-mounted terminal etc..
Specifically, the wearable device has turned on Bluetooth function, i.e., in that can be searched state, then user passes through payment When terminal initiates on-line payment request, payment terminal can carry out bluetooth equipment search, and carry out indigo plant with the wearable device Tooth pairing, to establish bluetooth connection with the wearable device, optionally, payment terminal can also be according to being stored in advance in The bluetooth recognition code and the wearable device for stating the wearable device in payment terminal establish bluetooth connection.
S402, the payment terminal obtain the wearable device from the wearable device by the bluetooth connection Device identification.
After payment terminal and the wearable device establish bluetooth connection, it can be set by the bluetooth connection from wearable The standby device identification for obtaining wearable device, wearable device described in the device identification unique identification, can wear to be described Wear the identity code etc. of equipment.
The device identification of the wearable device is sent to payment server by S403, the payment terminal.
S404, payment server according to the identification information of the device identification of the wearable device and the payment terminal into Row binding validatation.
Payment server can be according to the device identification of the wearable device received and the mark of the payment terminal Know information and carry out binding validatation, if being verified, payment server can determine that the payment terminal is that user is commonly whole End, and then execute to the payment terminal sending device relationship confirmation message;If verifying does not pass through, payment server can be refused Absolutely to the payment terminal sending device relationship confirmation message.Wherein the identification information of the payment terminal can be with unique identification institute Payment terminal is stated, can be the identity code etc. of the payment terminal, optionally, the identification information may be to log in branch The login account of pay server.The identification information of the payment terminal can be the equipment mark that payment terminal sends wearable device It is sent to payment server when knowledge, optionally, by taking on-line payment as an example, is also possible in service terminal registering service server Any time afterwards, the service server obtain the identification information of the service terminal from the service terminal.
Optionally, user is by the way that before service terminal initiating business request, service terminal can be sent to service server Bind request information, the bind request information can carry the device identification of wearable device and the mark letter of service terminal Breath, so that service server establishes binding relationship to the wearable device and the service terminal, such as user can pass through branch It pays terminal and sends registration information to payment server, the registration information can carry the equipment mark of wearable device Know the identification information with service terminal, payment server carries out location registration process for the registration request, so that described wearable Equipment and the payment terminal are associated.Further alternative, service server can be according to the foundation of bind request information Binding between wearable device and multiple payment terminals, i.e. service server can be whole for the multiple common business of user setting End.
S405, to the payment terminal sending device relationship confirmation message if described be verified.
If passing through to the binding validatation of the identification information of the device identification and the payment terminal, payment server can With to the payment terminal sending device relationship confirmation message, it is described wearable that the device relationships confirmation message can be determination Equipment and the payment terminal are the information of binding relationship.
S406, the payment terminal obtain the third-party authentication information of payment server.
After the payment terminal receives the device relationships confirmation message that the payment server is sent, branch can also be obtained The third-party authentication information of pay server, the third-party authentication information may include digital certificate or payment verification password, The information such as password.The third-party authentication information that preferably payment terminal is got from payment server can be the payment services Device is encrypted using third party's private key, and third-party authentication information can not be decrypted in payment terminal, ensure that described Safety of tripartite's verification information in payment transmission process.
The third-party authentication information of the payment server is sent to described wearable set by S407, the payment terminal It is standby.
Payment terminal can be tested the third party of the payment server got by establishing obtained bluetooth connection Card information is sent to wearable device.
S408, the wearable device are decrypted the third-party authentication information using third party's public key and carry out school It tests.
It, can be to the third after the wearable device receives the third-party authentication information that the payment terminal is sent Square verification information is verified, if verifying successfully, is executed to the payment terminal and is sent user authentication information;If verification not at Function, then wearable device can be refused to send user authentication information to the payment terminal.
Specifically, the third-party authentication information that preferably payment terminal is got from service server can be the payment Server is encrypted using third party's private key, then third corresponding with the payment server can be used in wearable device The third-party authentication information by encryption is decrypted in square public key, and carries out to the third-party authentication information that decryption obtains Verification.
S409, if verification success of the wearable device to the third-party authentication information, sends to the payment terminal The user authentication information.
If wearable device to the verification of third-party authentication information success, can be by the data connection to institute It states payment terminal and sends user authentication information, the user authentication information may include customer digital certificate or other users payment The information such as password, the password of verifying.The user authentication information that preferably payment terminal is got from wearable device can be institute State what wearable device was encrypted according to preset private key for user, optionally, the user authentication information got can also Be it is pre- first pass through service terminal encryption or service server encryption, and then store into wearable device, payment terminal exists Subsequent obtain can not be decrypted user authentication information in the user authentication information and use process, ensure that the user tests Demonstrate,prove safety of the information in payment transmission process.
S410, payment terminal send payment request to the payment server, include payment information in the payment request With the user authentication information, and the device relationships confirmation message is carried.
Payment terminal sends payment request to the payment server, includes payment information in the payment request and described User authentication information, the payment information can be trade order and payment amount etc..
S411, payment server verify the user authentication information received, to the payment if verifying successfully Request carries out payment processing.
After payment server receives the payment request of payment terminal transmission, the user in the payment request can be tested Card information is verified, if verifying successfully, carries out payment processing to the payment request.
Specifically, the user authentication information that preferably payment terminal is got from wearable device can be for by preset What private key for user was encrypted, then the corresponding client public key of the user can be used to the process encryption in payment server User authentication information is decrypted, and the user authentication information obtained to decryption verifies, if verifying successfully, to the branch It pays request and carries out payment processing;If verification failure, payment server can directly refuse this payment request.
The payment terminal of the present embodiment and the wearable device of user establish bluetooth connection, and will pass through the bluetooth connection The device identification of the wearable device got is sent to payment server, and then payment server is according to described wearable The device identification of equipment and the identification information returning equipment relationship confirmation message of payment terminal, wearable device send out payment terminal The third-party authentication information of the payment server sent is verified, and sends user's checking letter to payment terminal if verifying successfully Breath, further payment terminal send payment request to payment server, include payment information in the payment request and described User authentication information, and Portable device relationship confirmation message, so that the payment server is to the user authentication information and institute It states device relationships confirmation message to be verified, payment processing is carried out to the payment request if verifying successfully, using branch The verification information stored in the third-party authentication information of pay server and the wearable device of user carries out payment verification, allows online It is safer convenient to pay.
Fig. 5 is the structural schematic diagram of one of embodiment of the present invention service terminal, and the business in the embodiment of the present invention is whole End may include the internet devices such as PC, tablet computer, smart phone, electronic reader and car-mounted terminal, can be with Service server is logged on to by using user account and carries out on-line payment business, the service terminal in the present embodiment as shown in the figure 500 may include:
First receiving unit 510, for being stored in advance in by Near Field Communication mode from the acquisition of the wearable device of user User authentication information in the wearable device, the wearable device may include Intelligent bracelet, intelligent spire lamella, intelligent hand Table, intelligent glasses or various intelligent accessories equipment etc., the user authentication information may include customer digital certificate or other use The information such as password, the password of family payment verification.
In the specific implementation, the payment instruction that service terminal can be inputted according to user is initiated to establish and the wearable device Low coverage communication connection, be specifically as follows bluetooth connection, NFC(Near Field Communication, near-field communication) connection Deng, such as after user clicks " confirmation payment ", service terminal opens Bluetooth function and carries out bluetooth equipment search, user can wear It wears equipment default and is always maintained at bluetooth open state, can be established automatically after the wearable device that service terminal searches user With the bluetooth connection of wearable device.After the Near Field Communication that service terminal establishes to obtain between wearable device, first is connect The Near Field Communication connection that receipts unit 510 can be obtained by foundation acquisition from wearable device is stored in advance in described wearable User authentication information in equipment, the user authentication information may include customer digital certificate or other users payment verification The information such as password, password.The user authentication information that preferably service terminal is got from wearable device can be described wear Wear what equipment was encrypted according to preset private key for user, optionally, the user authentication information got is also possible to pre- Service terminal encryption or service server encryption are first passed through, and then is stored into the wearable device, service terminal is rear Continuous obtain can not be decrypted user authentication information in the user authentication information and use process, ensure that the user's checking Safety of the information in payment transmission process.
Second transmission unit 520 includes that business is believed in the service request for sending service request to service server The user authentication information that breath and first receiving unit 510 receive, so that the service server is to the user's checking Information is verified, if verifying successfully, the service server carries out business processing to the service request.
Wherein, the service request can be payment request, and the business information may include trade order and payment gold The payment informations such as volume also may include the login account for logging on to service server using user account and carrying out on-line payment business With the log-on messages such as login password, etc..
In an alternative embodiment, first receiving unit 510 is being set by Near Field Communication mode from the wearable of user Standby obtain is stored in advance in front of the user authentication information in the wearable device, is also used to obtain by Near Field Communication mode The device identification of the wearable device, wearable device described in the device identification unique identification, can be described wearable The identity code etc. of equipment;
Second transmission unit 520 is also used to setting wearable device that first receiving unit 510 is got Standby mark is sent to the service server, so that the service server is according to the device identification and the service terminal Identification information carries out binding validatation;
Wherein, the identification information of the service terminal can be with service terminal described in unique identification, can be whole for the business The identity code etc. at end, optionally, the identification information may be the login account of registering service server.The business The identification information of terminal can be when service terminal sends the device identification of wearable device and be sent to service server, optional , by taking on-line payment as an example, any time being also possible to after service terminal registering service server, the service server The identification information of the service terminal is obtained from the service terminal.
The service terminal 500 further include:
Second receiving unit 530 when the binding validatation for carrying out in the service server passes through, takes from the business Business device obtains device relationships confirmation message;
Second transmission unit 520 carries second receiving unit when sending service request to the service server The 530 device relationships confirmation messages received, so that the service server closes the user authentication information and the equipment It is that confirmation message is verified, business processing is carried out to the service request if verifying successfully.
In an alternative embodiment, the service terminal 500 further include:
First transmission unit 540, for the third-party authentication information of the service server to be passed through Near Field Communication mode It is sent to the wearable device, so that the wearable device verifies the third-party authentication information, wherein described Third-party authentication information may include the information such as the password of digital certificate or payment verification, password;
First receiving unit 510 is when the wearable device verifies successfully the third-party authentication information The user authentication information is obtained from the wearable device by Near Field Communication mode.
And then in an alternate embodiment of the invention, first transmission unit 540 sends the third to the wearable device Square verification information is to use third party's private key encryption by the service server;
Further, the wearable device, which verify to the third-party authentication information, includes:
The wearable device is using third party's public key corresponding with the service server to the by encryption Tripartite's verification information is decrypted, and the third-party authentication information obtained to decryption verifies.
In an alternative embodiment, first receiving unit 510 is stored in advance in institute from the acquisition of the wearable device of user Stating the user authentication information in wearable device is to encrypt by private key for user, wherein can be can for the user authentication information Wearable device is encrypted according to preset private key for user, be also possible to it is pre- first pass through service terminal encryption or service server Encryption, and then store into wearable device, service terminal 500 obtains the user authentication information and use process subsequent In user authentication information can not be decrypted, ensure that the user authentication information payment transmission process in safety;
Further, the service server, which verify to the user authentication information, includes:
The service server is using the corresponding client public key of the user to the user authentication information by encryption It is decrypted, and the user authentication information obtained to decryption verifies.
In an alternative embodiment, the service terminal further include:
Bluetooth discovery unit 550 connects for carrying out bluetooth equipment search to establish bluetooth with the wearable device It connects;
Specifically, the wearable device default has turned on Bluetooth function, i.e., in that can be searched state, then user passes through When service terminal initiates online service request, bluetooth discovery unit 550 can carry out bluetooth equipment search, and with it is described wearable Equipment carries out Bluetooth pairing, to establish bluetooth connection with the wearable device, optionally, bluetooth discovery unit 550 can also It is blue to be established according to the bluetooth recognition code for the wearable device being stored in advance in the payment terminal and the wearable device Tooth connection.
The service terminal of the present embodiment is by being stored in advance in the wearable device from the acquisition of the wearable device of user In user authentication information, and send service request to service server, include business information in the service request and described User authentication information, so that the service server verifies the user authentication information, if verifying successfully, to described Service request carries out business processing, verifies, is allowed for industry using the verification information stored in the wearable device of user The business processing requested of being engaged in is safer convenient.
Fig. 6 is the structural schematic diagram of the service terminal in another embodiment of the present invention, as shown in fig. 6, the service terminal 600 It may include: at least one processor 601, such as CPU, at least one network interface 603, memory 604, communication bus 602. Wherein, communication bus 602 is for realizing the connection communication between these components.The of service terminal 600 in the embodiment of the present invention One network interface 603 may include standard wireline interface and wireless interface (such as WI-FI interface), for passing through internet and clothes Business device is communicated, and the second network interface 605 can be low coverage communication network interface, such as bluetooth connection interface or NFC interface, is used It is communicated in wearable device.Memory 604 can be high speed RAM memory, be also possible to nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.Memory 604 optionally can also be at least one It is located remotely from the storage device of aforementioned processor 601.Batch processing code is stored in memory 604, and processor 601 is for adjusting With the program code stored in memory 604, for performing the following operations:
Institute is stored in advance in from the acquisition of the wearable device of user by low coverage communication modes by the second network interface 605 State the user authentication information in wearable device, the low coverage communication modes may include bluetooth connection or NFC etc., such as with After " confirmation payment " is clicked at family, service terminal opens Bluetooth function and carries out bluetooth equipment search, user's wearable device default It is always maintained at bluetooth open state, can establish after the wearable device that service terminal searches user and be set with wearable automatically Standby bluetooth connection;
Service request is sent to service server by first network interface 603, includes that business is believed in the service request Breath and the user authentication information, so that the service server verifies the user authentication information, if verifying successfully, Then the service server carries out business processing to the service request.
In an alternative embodiment, processor 601 calls the program code stored in memory 604 that following behaviour can also be performed Make:
It is stored in advance in the wearable device by the second network interface 605 from the acquisition of the wearable device of user Before user authentication information, the device identification of the wearable device is obtained;
The device identification of the wearable device is sent to the service server by first network interface 603, with The service server is set to carry out binding validatation according to the identification information of the device identification and the service terminal, if verifying is logical Cross then the service terminal from the service server obtain device relationships confirmation message, wherein the mark of the service terminal is believed Breath can be able to be the identity code etc. of the service terminal with service terminal described in unique identification, optionally, the mark letter The login account of breath or registering service server.The identification information of the service terminal can be service terminal transmission can It is sent to service server when the device identification of wearable device, optionally, by taking on-line payment as an example, is also possible at business end Any quarter after holding registering service server, the service server obtain the mark of the service terminal from the service terminal Information;
The device relationships confirmation is carried when sending service request to the service server by first network interface 603 Information, so that the service server verifies the user authentication information and the device relationships confirmation message, if It verifies and business processing then successfully is carried out to the service request.
In an alternative embodiment, processor 601 calls the program code stored in memory 604 to pass through the second network interface 605 obtain the user authentication information being stored in advance in the wearable device from the wearable device of user specifically:
The third-party authentication information of the service server is obtained by first network interface 603 and by the business service The third-party authentication information of device is sent to the wearable device by the second network interface 605, so that the wearable device The third-party authentication information is verified, passes through the second network interface 605 if verifying successfully from the wearable device Obtain the user authentication information.
In an alternative embodiment, processor 601 calls the program code stored in memory 604 that following behaviour can also be performed Make:
It is stored in advance in the wearable device by the second network interface 605 from the acquisition of the wearable device of user Before user authentication information, bluetooth equipment search is carried out, to establish bluetooth connection with the wearable device.
Specifically, the service terminal introduced in the present embodiment can be to implement the present invention previously in conjunction with FIG. 1 to FIG. 5 introduction Safe verification method embodiment in some or all of process.
Fig. 7 is the structural schematic diagram of one of embodiment of the present invention wearable device, and wearable device can be direct It is worn on user, or is integrated into the clothes of user or a kind of portable device of accessory, may include Intelligent bracelet, intelligence Can wrist strap, smartwatch, intelligent glasses and various intelligent accessories equipment, the wearable device in the present embodiment as shown in the figure 700 may include:
Transmission unit 710 described can be worn for being stored in advance in by low coverage communication modes to service terminal transmission The user authentication information in equipment is worn, so that the service terminal sends service request, the service request to service server In include business information and the user authentication information, the business information may include trade order and payment amount etc. payment Information also may include logging on to service server using user account to carry out the login account of on-line payment business and log in close The log-on messages etc. such as code, the user authentication information may include customer digital certificate or other users payment verification password, The information such as password, the service server verify the user authentication information, if verifying successfully, ask to the business Seek carry out business processing.
In an alternative embodiment, the transmission unit 710 is being sent in advance by low coverage communication modes to the service terminal It is first stored in front of the user authentication information in the wearable device, is also used to whole to the business by low coverage communication modes End sends the device identification of the wearable device, and wearable device described in the device identification unique identification, can be described The identity code etc. of wearable device so that the service terminal device identification of the wearable device is sent to it is described Service server, the service server carry out binding according to the identification information of the device identification and the service terminal and test Card, to the service terminal sending device relationship confirmation message if being verified, the service terminal is to the business service Device carries the device relationships confirmation message when sending service request, so that the service server is to the user authentication information It is verified with the device relationships confirmation message, business processing is carried out to the service request if verifying successfully.
In an alternative embodiment, the wearable device 700 further include:
Receiving unit 720, for obtaining the service server that the service terminal is sent by low coverage communication modes Third-party authentication information, the third-party authentication information may include the password of digital certificate or payment verification, password etc. letter Breath;
Verification unit 730, if verifying successfully, notifies the hair for verifying to the third-party authentication information Unit 710 is sent to send the user authentication information to the service terminal by low coverage communication modes.
In an alternative embodiment, the third-party authentication information is to be added by the service server using third party's private key Close;
The verification unit 730 is for use third party's public key corresponding with the service server to described by encrypting Third-party authentication information be decrypted, and the obtained third-party authentication information of decryption is verified.
The wearable device of the present embodiment can send user authentication information to service terminal, so that service server is to reception The user authentication information sent to the service terminal is verified, the service request sent if verifying successfully to service terminal Business processing is carried out, makes the process of business processing safer convenient.
Fig. 8 is the structural schematic diagram of the wearable device in another embodiment of the present invention, as shown in figure 8, this wearable sets Standby 800 may include: at least one processor 801, such as CPU, at least one network interface 803, memory 804, communication is always Line 802.Wherein, communication bus 802 is for realizing the connection communication between these components.Wearable device in the embodiment of the present invention 800 network interface 803 may include low coverage communication network interface, for being communicated by internet with server.Storage Device 804 can be high speed RAM memory, be also possible to nonvolatile memory (non-volatile memory), for example, at least One magnetic disk storage.Memory 804 optionally can also be that at least one is located remotely from the storage of aforementioned processor 801 dress It sets.Batch processing code is stored in memory 804, and processor 801 is used to call the program code stored in memory 804, For performing the following operations:
Described wearable set is stored in advance in service terminal transmission by network interface 803 with low coverage communication modes User authentication information in standby is wrapped in the service request so that the service terminal sends service request to service server Business information and the user authentication information are included, the service server verifies the user authentication information, if verification Success then carries out business processing to the service request.
In an alternative embodiment, processor 801 calls the program code stored in memory 804 that following behaviour can also be performed Make:
Described wearable set is stored in advance in service terminal transmission by network interface 803 with low coverage communication modes Before user authentication information in standby, the equipment mark of the wearable device is sent to the service terminal with low coverage communication modes Know, so that the device identification of the wearable device is sent to the service server, the business clothes by the service terminal Device be engaged according to the identification information of the device identification and service terminal progress binding validatation, to the industry if being verified Business terminal sending device relationship confirmation message, when the service terminal sends service request to the service server described in carrying Device relationships confirmation message so that the service server to the user authentication information and the device relationships confirmation message into Row verification, carries out business processing to the service request if verifying successfully.
In an alternative embodiment, processor 801 calls the program code stored in memory 804 to pass through network interface 803 The user authentication information being stored in advance in the wearable device is sent to the service terminal specifically:
The of the service server that the service terminal is sent is obtained by network interface 803 with low coverage communication modes Tripartite's verification information;
The third-party authentication information is verified by network interface 803, if verifying successfully, with low coverage communication side Formula sends the user authentication information to the service terminal.
In an alternative embodiment, the third-party authentication information is to be added by the service server using third party's private key Close, processor 801 verifies the third-party authentication information specifically:
Using third party's public key corresponding with the service server to it is described by encryption third-party authentication information into Row decryption, and the third-party authentication information obtained to decryption verifies.
Specifically, the wearable device introduced in the present embodiment can be situated between to implement the present invention previously in conjunction with FIG. 1 to FIG. 5 Process some or all of in the safe verification method embodiment to continue.
Fig. 9 is the structural schematic diagram of one of embodiment of the present invention security authentication systems, and the present invention is implemented as shown in Figure 9 Security authentication systems in example include service terminal 901, wearable device 902 and service server 903, in which:
The service terminal 901 is communicated by low coverage communication modes with the wearable device 902, is used for from described Wearable device 902 obtains the user authentication information being stored in advance in the wearable device 902, to the service server 903 send service request, include business information and the user authentication information in the service request;
The service server 903 is for verifying the user authentication information, if verifying successfully, to the industry Business request carries out business processing.
In an alternative embodiment, the service terminal 901 is stored in advance in from the acquisition of the wearable device 902 of user Before user authentication information in the wearable device 902, it is also used to obtain the device identification of the wearable device 902, The device identification of the wearable device 902 is sent to the service server 903;
The service server 903 is also used to be carried out according to the identification information of the device identification and the service terminal Binding validatation, to the 901 sending device relationship confirmation message of service terminal if being verified;
The service terminal 901 carries the device relationships confirmation when sending service request to the service server 903 Information, the service server 903 verifies the user authentication information and the device relationships confirmation message, if school It tests and business processing then successfully is carried out to the service request.
In an alternative embodiment, the service terminal 901 is stored in advance in described from the acquisition of the wearable device 902 of user User authentication information in wearable device 902 includes:
The service terminal 901 obtains the third-party authentication information of the service server 903 and by the business service The third-party authentication information of device 903 is sent to the wearable device 902;
The wearable device 902, for being verified to the third-party authentication information, if verifying successfully, to institute It states service terminal 901 and sends the user authentication information.
In an alternative embodiment, the third-party authentication information that the service terminal 901 is sent to the wearable device 902 To use third party's private key encryption by the service server 903;
The wearable device 902 carries out verification to the third-party authentication information
902 use of wearable device third party's public key corresponding with the service server 903 to it is described by plus Close third-party authentication information is decrypted, and the third-party authentication information obtained to decryption verifies.
In an alternative embodiment, the service terminal 901 is stored in advance in described from the acquisition of the wearable device 902 of user User authentication information in wearable device 902 is to encrypt by private key for user;
The service server 903 carries out verification to the user authentication information
The service server 903 believes the user's checking by encryption using the corresponding client public key of the user Breath is decrypted, and the user authentication information obtained to decryption verifies.
In an alternative embodiment, the Near Field Communication mode may include bluetooth connection or NFC etc., such as click in user After " confirmation payment ", service terminal opens Bluetooth function and carries out bluetooth equipment search, and user's wearable device default is protected always Bluetooth open state is held, the indigo plant with wearable device can be established automatically after the wearable device that service terminal searches user Tooth connection.
In an alternative embodiment, the service terminal 901 is stored in advance in from the acquisition of the wearable device 902 of user It before user authentication information in the wearable device 902, is also used to carry out bluetooth equipment search, thus with described wearable Equipment 902 establishes bluetooth connection.
The user stored in the wearable device for the user that the service server of the present embodiment can send service terminal tests Card information is verified, and to the service request progress business processing of service terminal transmission if verify successfully, allows business processing Process is safer convenient.
Figure 10 is the structural schematic diagram of one of embodiment of the present invention safety payment system, and the present invention is real as shown in Figure 10 Applying the security authentication systems in example includes payment terminal 1001, wearable device 1002 and payment server 1003, in which:
The payment terminal 1001 is communicated by low coverage communication modes with the wearable device 1002, is used for from institute It states wearable device 1002 and obtains the user authentication information being stored in advance in the wearable device 1002, taken to the payment Business device 1003 sends payment request, includes payment information and the user authentication information in the payment request;
The payment server 1003 is for verifying the user authentication information, if verifying successfully, to described Payment request carries out payment processing.
In an alternative embodiment, the payment terminal 1001 is stored in advance from the acquisition of the wearable device 1002 of user Before the user authentication information in the wearable device 1002, it is also used to obtain the equipment mark of the wearable device 1002 Know, the device identification of the wearable device 1002 is sent to the payment server 1003;
The payment server 1003 is also used to be carried out according to the identification information of the device identification and the payment terminal Binding validatation, to the 1001 sending device relationship confirmation message of payment terminal if being verified;
It is true that the payment terminal 1001 carries the device relationships when sending payment request to the payment server 1003 Recognize information, the payment server 1003 verifies the user authentication information and the device relationships confirmation message, if It verifies and payment processing then successfully is carried out to the payment request.
In an alternative embodiment, the payment terminal 1001 is stored in advance in institute from the acquisition of the wearable device 1002 of user The user authentication information stated in wearable device 1002 includes:
The payment terminal 1001 obtains the third-party authentication information of the payment server 1003 and takes the payment The third-party authentication information of business device 1003 is sent to the wearable device 1002;
The wearable device 1002, for being verified to the third-party authentication information, if verifying successfully, to institute It states payment terminal 1001 and sends the user authentication information.
In an alternative embodiment, the third-party authentication letter that the payment terminal 1001 is sent to the wearable device 1002 Breath uses third party's private key encryption to pass through the payment server 1003;
The wearable device 1002 carries out verification to the third-party authentication information
1002 use of wearable device third party's public key corresponding with the payment server 1003 is to the process The third-party authentication information of encryption is decrypted, and the third-party authentication information obtained to decryption verifies.
In an alternative embodiment, the Near Field Communication mode may include bluetooth connection or NFC etc., such as click in user After " confirmation payment ", service terminal opens Bluetooth function and carries out bluetooth equipment search, and user's wearable device default is protected always Bluetooth open state is held, the indigo plant with wearable device can be established automatically after the wearable device that service terminal searches user Tooth connection.
In an alternative embodiment, the payment terminal 1001 is stored in advance in institute from the acquisition of the wearable device 1002 of user Stating the user authentication information in wearable device 1002 is to encrypt by private key for user;
The payment server 1003 carries out verification to the user authentication information
The payment server 1003 is using the corresponding client public key of the user to the user's checking by encryption Information is decrypted, and the user authentication information obtained to decryption verifies.
In an alternative embodiment, the payment terminal 1001 is stored in advance from the acquisition of the wearable device 1002 of user Before the user authentication information in the wearable device 1002, be also used to carry out bluetooth equipment search, thus with it is described can Wearable device 1002 establishes bluetooth connection.
The user stored in the wearable device for the user that the payment server of the present embodiment can send payment terminal tests Card information verified, if verify successfully to payment terminal transmission payment request progress payment processing, allow on-line payment more For safe and convenient.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..
The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly It encloses, therefore equivalent changes made in accordance with the claims of the present invention, is still within the scope of the present invention.

Claims (28)

1. a kind of safe verification method, which is characterized in that the safe verification method includes:
Service terminal obtains the third-party authentication information of service server and the third-party authentication information by the service server The wearable device of user is sent to by low coverage communication modes;
The wearable device verifies the third-party authentication information, if verifying successfully, passes through low coverage communication modes The user authentication information being stored in advance in the wearable device is sent to the service terminal;
The service terminal sends service request to service server, includes business information and the user in the service request Verification information;
The service server verifies the user authentication information, if verifying successfully, carries out to the service request Business processing.
2. safe verification method as described in claim 1, which is characterized in that the service terminal by low coverage communication modes from The wearable device acquisition of user is stored in advance in front of the user authentication information in the wearable device further include:
The service terminal obtains the device identification of the wearable device by low coverage communication modes;
The device identification of the wearable device is sent to the service server by the service terminal;
The service server carries out binding validatation according to the identification information of the device identification and the service terminal, if verifying By then to the service terminal sending device relationship confirmation message;
The service terminal carries the device relationships confirmation message when sending service request to the service server, so that institute Service server is stated to verify the user authentication information and the device relationships confirmation message, it is right if verifying successfully The service request carries out business processing.
3. safe verification method as described in claim 1, which is characterized in that the service terminal by low coverage communication modes to It is to use third party's private key encryption by the service server that the wearable device, which sends the third-party authentication information,;
The wearable device carries out verification to the third-party authentication information
The wearable device is using third party's public key corresponding with the service server to the third party by encryption Verification information is decrypted, and the third-party authentication information obtained to decryption verifies.
4. safe verification method as described in claim 1, which is characterized in that wearable device of the service terminal from user Obtaining the user authentication information being stored in advance in the wearable device is to encrypt by private key for user;
The service server carries out verification to the user authentication information
The service server carries out the user authentication information by encryption using the corresponding client public key of the user Decryption, and the user authentication information obtained to decryption verifies.
5. safe verification method as described in any one of claims 1 to 4, which is characterized in that the low coverage communication modes packet Include bluetooth connection or NFC.
6. safe verification method as claimed in claim 5, which is characterized in that in the low coverage communication modes be bluetooth connection In the case of, the service terminal is stored in advance in by low coverage communication modes from the acquisition of the wearable device of user described wearable Before user authentication information in equipment further include:
The service terminal carries out bluetooth equipment search, to establish bluetooth connection with the wearable device.
7. a kind of safe verification method, which is characterized in that the described method includes:
Service terminal obtains the third-party authentication information of service server and the third-party authentication information by the service server The wearable device of user is sent to by low coverage communication modes, so that the wearable device is to the third-party authentication information It is verified, the service terminal is stored in advance by low coverage communication modes from wearable device acquisition if verifying successfully User authentication information in the wearable device;
The service terminal sends service request to service server, includes business information and the user in the service request Verification information, so that the service server verifies the user authentication information, if verifying successfully, the business clothes Device be engaged in service request progress business processing.
8. safe verification method as claimed in claim 7, which is characterized in that the service terminal by low coverage communication modes from The wearable device acquisition of user is stored in advance in front of the user authentication information in the wearable device further include:
The service terminal obtains the device identification of the wearable device by low coverage communication modes;
The device identification of the wearable device is sent to the service server by the service terminal, so that the business takes Business device carries out binding validatation, the business if being verified according to the identification information of the device identification and the service terminal Terminal obtains device relationships confirmation message from the service server;
The service terminal carries the device relationships confirmation message when sending service request to the service server, so that institute Service server is stated to verify the user authentication information and the device relationships confirmation message, it is right if verifying successfully The service request carries out business processing.
9. safe verification method as claimed in claim 7 or 8, which is characterized in that the low coverage communication modes include that bluetooth connects It connects or NFC.
10. safe verification method as claimed in claim 9, which is characterized in that the low coverage communication modes be bluetooth connection In the case where, the service terminal is stored in advance in from the acquisition of the wearable device of user by low coverage communication modes and described can be worn Before wearing the user authentication information in equipment further include:
The service terminal carries out bluetooth equipment search, to establish bluetooth connection with the wearable device.
11. a kind of safe verification method, which is characterized in that the described method includes:
Wearable device obtains the third-party authentication information for the service server that service terminal is sent by low coverage communication modes;
The wearable device verifies the third-party authentication information, if verifying successfully, passes through low coverage communication modes Send the user authentication information that is stored in advance in the wearable device to the service terminal so that the service terminal to Service server sends service request, includes business information and the user authentication information, the business in the service request Server verifies the user authentication information, if verifying successfully, carries out business processing to the service request.
12. safe verification method as claimed in claim 11, which is characterized in that the wearable device passes through low coverage communication side Formula is sent to the service terminal before the user authentication information being stored in advance in the wearable device further include:
The wearable device sends the device identification of the wearable device by low coverage communication modes to the service terminal, So that the device identification of the wearable device is sent to the service server, the service server by the service terminal Binding validatation is carried out according to the identification information of the device identification and the service terminal, it is whole to the business if being verified Sending device relationship confirmation message is held, the service terminal carries the equipment when sending service request to the service server Relationship confirmation message, so that the service server carries out school to the user authentication information and the device relationships confirmation message It tests, business processing is carried out to the service request if verifying successfully.
13. safe verification method as claimed in claim 11, which is characterized in that the third-party authentication information is described in process Service server uses third party's private key encryption;
The wearable device carries out verification to the third-party authentication information
The wearable device is using third party's public key corresponding with the service server to the third party by encryption Verification information is decrypted, and the third-party authentication information obtained to decryption verifies.
14. a kind of service terminal, which is characterized in that the service terminal includes:
First transmission unit, for the third-party authentication information of service server to be sent to user's by low coverage communication modes Wearable device, so that the wearable device verifies the third-party authentication information;
First receiving unit, for passing through when the wearable device verifies successfully the third-party authentication information Low coverage communication modes obtain the user authentication information being stored in advance in the wearable device from wearable device;
Second transmission unit includes business information and institute in the service request for sending service request to service server User authentication information is stated, so that the service server verifies the user authentication information, it is described if verifying successfully Service server carries out business processing to the service request.
15. service terminal as claimed in claim 14, which is characterized in that
First receiving unit, by low coverage communication modes from the acquisition of the wearable device of user be stored in advance in it is described can Before user authentication information in wearable device, it is also used to obtain the equipment mark of the wearable device by low coverage communication modes Know;
Second transmission unit is also used to the device identification of the wearable device being sent to the service server, with The service server is set to carry out binding validatation according to the identification information of the device identification and the service terminal;
The service terminal further include:
Second receiving unit obtains when the binding validatation for carrying out in the service server passes through from the service server Take device relationships confirmation message;
Second transmission unit carries the device relationships confirmation message when sending service request to the service server, with Verify the service server to the user authentication information and the device relationships confirmation message, if verifying successfully Business processing then is carried out to the service request.
16. the service terminal as described in claims 14 or 15, which is characterized in that the low coverage communication modes include bluetooth connection Or NFC.
17. service terminal as claimed in claim 16, which is characterized in that in the feelings that the low coverage communication modes are bluetooth connection Under condition, the service terminal further include:
Bluetooth discovery unit, for carrying out bluetooth equipment search, to establish bluetooth connection with the wearable device.
18. a kind of wearable device, which is characterized in that the wearable device includes:
Receiving unit, for obtaining the third-party authentication letter for the service server that service terminal is sent by low coverage communication modes Breath;
Verification unit, for being verified to the third-party authentication information;
Transmission unit, for being led to by low coverage when the verification unit verifies successfully the third-party authentication information News mode sends the user authentication information being stored in advance in the wearable device to the service terminal, so that the business Terminal sends service request to service server, includes business information and the user authentication information, institute in the service request It states service server to verify the user authentication information, if verifying successfully, the service request is carried out at business Reason.
19. wearable device as claimed in claim 18, which is characterized in that
The transmission unit is being stored in advance in the wearable device to service terminal transmission by low coverage communication modes In user authentication information before, be also used to send the wearable device to the service terminal by low coverage communication modes Device identification, so that the device identification of the wearable device is sent to the service server by the service terminal, it is described Service server according to the identification information of the device identification and the service terminal carry out binding validatation, if being verified to The service terminal sending device relationship confirmation message, the service terminal are taken when sending service request to the service server With the device relationships confirmation message, so that the service server confirms the user authentication information and the device relationships Information is verified, and carries out business processing to the service request if verifying successfully.
20. wearable device as claimed in claim 18, which is characterized in that the third-party authentication information is to pass through the industry Business server uses third party's private key encryption;
The verification unit is used for: using third party's public key corresponding with the service server to the third by encryption Square verification information is decrypted, and the third-party authentication information obtained to decryption verifies.
21. a kind of security authentication systems, which is characterized in that the security authentication systems include service terminal, wearable device with And service server, in which:
The service terminal, for obtaining the third-party authentication information of the service server and by the of the service server Tripartite's verification information is sent to the wearable device by low coverage communication modes;
The wearable device, if verifying successfully, is communicated for verifying to the third-party authentication information by low coverage Mode sends the user authentication information being stored in advance in the wearable device to the service terminal;
The service terminal, is also used to send service request to the service server, includes that business is believed in the service request Breath and the user authentication information;
The service server is for verifying the user authentication information, if verifying successfully, to the service request Carry out business processing.
22. security authentication systems as claimed in claim 21, which is characterized in that
The service terminal is obtaining the user's checking being stored in advance in the wearable device from the wearable device of user It before information, is also used to obtain the device identification of the wearable device, the device identification of the wearable device is sent to The service server;
The service server is also used to carry out binding according to the identification information of the device identification and the service terminal and tests Card, to the service terminal sending device relationship confirmation message if being verified;
The service terminal carries the device relationships confirmation message, the industry when sending service request to the service server Business server verifies the user authentication information and the device relationships confirmation message, to described if verifying successfully Service request carries out business processing.
23. security authentication systems as claimed in claim 21, which is characterized in that the service terminal is to the wearable device Sending the third-party authentication information is to use third party's private key encryption by the service server;
The wearable device carries out verification to the third-party authentication information
The wearable device is using third party's public key corresponding with the service server to the third party by encryption Verification information is decrypted, and the third-party authentication information obtained to decryption verifies.
24. security authentication systems as claimed in claim 21, which is characterized in that the service terminal is set from the wearable of user The standby user authentication information being stored in advance in the wearable device that obtains is to encrypt by private key for user;
The service server carries out verification to the user authentication information
The service server carries out the user authentication information by encryption using the corresponding client public key of the user Decryption, and the user authentication information obtained to decryption verifies.
25. the security authentication systems as described in any one of claim 21~24, which is characterized in that the low coverage communication modes Including bluetooth connection or NFC.
26. security authentication systems as claimed in claim 25, which is characterized in that the low coverage communication modes be bluetooth connection In the case where,
The service terminal is obtaining the user's checking being stored in advance in the wearable device from the wearable device of user It before information, is also used to carry out bluetooth equipment search, to establish bluetooth connection with the wearable device.
27. a kind of safe payment method, which is characterized in that the safe payment method includes:
Payment terminal obtains the third-party authentication information of payment server and the third-party authentication information by the payment server The wearable device of user is sent to by low coverage communication modes;
The wearable device verifies the third-party authentication information, if verifying successfully, passes through low coverage communication modes The user authentication information being stored in advance in the wearable device is sent to the payment terminal;
The payment terminal sends payment request to payment server, includes order information and the user in the payment request Verification information;
The payment server verifies the user authentication information, if verifying successfully, carries out to the payment request Payment processing.
28. a kind of safety payment system, which is characterized in that the safety payment system include payment terminal, wearable device with And payment server, in which:
The payment terminal is used to obtain the third-party authentication information of payment server and by the third party of the payment server Verification information is sent to the wearable device of user by low coverage communication modes;
The wearable device, if verifying successfully, is communicated for verifying to the third-party authentication information by low coverage Mode sends the user authentication information being stored in advance in the wearable device to the payment terminal;
The payment terminal is also used to send payment request to the payment server, includes order information in the payment request With the user authentication information;
The payment server is for verifying the user authentication information, if verifying successfully, to the payment request Carry out payment processing.
CN201310746079.8A 2013-12-30 2013-12-30 A kind of safe verification method, relevant device and system Active CN104601327B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201310746079.8A CN104601327B (en) 2013-12-30 2013-12-30 A kind of safe verification method, relevant device and system
PCT/CN2014/095467 WO2015101273A1 (en) 2013-12-30 2014-12-30 Security verification method, and related device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310746079.8A CN104601327B (en) 2013-12-30 2013-12-30 A kind of safe verification method, relevant device and system

Publications (2)

Publication Number Publication Date
CN104601327A CN104601327A (en) 2015-05-06
CN104601327B true CN104601327B (en) 2019-01-29

Family

ID=53126857

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310746079.8A Active CN104601327B (en) 2013-12-30 2013-12-30 A kind of safe verification method, relevant device and system

Country Status (2)

Country Link
CN (1) CN104601327B (en)
WO (1) WO2015101273A1 (en)

Families Citing this family (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104951938A (en) * 2015-05-07 2015-09-30 高科技术有限公司 NFC (near-field communication) secured transaction method and system
CN105678553A (en) * 2015-08-05 2016-06-15 腾讯科技(深圳)有限公司 Method, device and system for processing order information
CN105765614A (en) * 2015-09-23 2016-07-13 深圳还是威健康科技有限公司 Payment method and intelligent wristband
CN105162605A (en) * 2015-09-28 2015-12-16 东南大学 Digital signature and authentication method
CN106603237B (en) * 2015-10-16 2022-02-08 中兴通讯股份有限公司 Safe payment method and device
CN106789852B (en) * 2015-11-24 2021-03-30 创新先进技术有限公司 Registration and authentication method and device
CN105719138A (en) * 2016-01-19 2016-06-29 宇龙计算机通信科技(深圳)有限公司 Payment processing method, payment processing device, payment processing terminal, and payment processing system
EP3229215B1 (en) * 2016-02-18 2019-01-02 E3 Co., Ltd. Emergency notification system
CN107196890A (en) * 2016-03-14 2017-09-22 阿里巴巴集团控股有限公司 Implementation method and device that implementation method and device, the account of account authorization are authenticated
CN107220828B (en) * 2016-03-22 2020-09-08 阿里巴巴集团控股有限公司 Method, system and device for payment authorization and payment through wearable device
CN107295052B (en) 2016-04-11 2020-06-09 阿里巴巴集团控股有限公司 Service processing method and device
CN105956644A (en) * 2016-04-12 2016-09-21 上海海漾软件技术有限公司 Coding method and coding device of wearable device, data synchronization method, data synchronization device, and coding system
CN105871867B (en) 2016-04-27 2018-01-16 腾讯科技(深圳)有限公司 Identity identifying method, system and equipment
CN107358419B (en) * 2016-05-09 2020-12-11 阿里巴巴集团控股有限公司 Airborne terminal payment authentication method, device and system
CN113411317B (en) 2016-05-11 2023-05-26 创新先进技术有限公司 Identity verification method and system and intelligent wearable device
CN108377563B (en) * 2016-11-08 2021-08-20 北京京东尚科信息技术有限公司 Method for managing wearable equipment, server and client
CN106533695B (en) * 2016-11-15 2019-10-25 北京华大智宝电子系统有限公司 A kind of safety certifying method and equipment
CN108604341B (en) * 2016-11-21 2022-04-12 华为技术有限公司 Transaction method, payment device, verification device and server
CN108154364A (en) * 2016-12-06 2018-06-12 上海方付通商务服务有限公司 Wearable device and payment system and method for payment with the wearable device
CN106713890A (en) * 2016-12-09 2017-05-24 宇龙计算机通信科技(深圳)有限公司 Image processing method and device
CN106981003B (en) * 2016-12-30 2020-08-25 中国银联股份有限公司 Transaction method, device and system for virtual reality environment
CN107194696A (en) * 2017-05-25 2017-09-22 深圳可戴设备文化发展有限公司 Article method of payment, device and computer-readable recording medium
CN107294987A (en) * 2017-06-30 2017-10-24 江西博瑞彤芸科技有限公司 Information processing method
CN107491966A (en) * 2017-08-04 2017-12-19 北京小米移动软件有限公司 Method of payment, apparatus and system, storage medium
CN108737442B (en) * 2018-06-12 2019-05-10 北京多采多宜网络科技有限公司 A kind of cryptographic check processing method
CN109274726B (en) * 2018-08-31 2020-07-07 阿里巴巴集团控股有限公司 Binding method, migration method, binding device, migration device, computing equipment and storage medium
CN109544159A (en) * 2018-11-12 2019-03-29 东莞市大易产业链服务有限公司 A kind of method of quick authority to pay
CN111242605B (en) * 2018-11-29 2023-09-19 中国移动通信集团广东有限公司 Mobile payment method
CN109379388B (en) * 2018-12-17 2021-04-06 福建联迪商用设备有限公司 Identity recognition method, terminal and wearable device
CN110995454A (en) * 2019-11-08 2020-04-10 厦门网宿有限公司 Service verification method and system
CN112990909A (en) * 2019-12-12 2021-06-18 华为技术有限公司 Voice payment method and electronic equipment
KR20220150346A (en) * 2020-03-09 2022-11-10 후아웨이 테크놀러지 컴퍼니 리미티드 Methods and related devices for logging into in-vehicle systems
CN111641505B (en) * 2020-04-20 2023-04-25 广东乐心医疗电子股份有限公司 Information processing method, information processing device, electronic equipment and readable storage medium
TWI747287B (en) * 2020-05-15 2021-11-21 華南商業銀行股份有限公司 Transaction verification system and method
TWI789971B (en) * 2020-05-15 2023-01-11 華南商業銀行股份有限公司 Transaction verification system and method for cross validation
TWI789972B (en) * 2020-05-15 2023-01-11 華南商業銀行股份有限公司 Transaction verification system and method capable of suspending connection
CN111835869B (en) * 2020-07-30 2023-06-16 上海茂声智能科技有限公司 Method, system, equipment and storage medium for centralized control of terminal content
CN113869074A (en) * 2021-09-09 2021-12-31 维沃移动通信(杭州)有限公司 Service code-based service processing method and device and electronic equipment
CN113784295B (en) * 2021-11-09 2022-04-15 深圳市伦茨科技有限公司 Anti-lost method and system for portable article
CN114944922A (en) * 2022-05-19 2022-08-26 中国银行股份有限公司 Data processing method, device, equipment and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103310142A (en) * 2013-05-22 2013-09-18 复旦大学 Man-machine fusion security authentication method based on wearable equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101770619A (en) * 2008-12-31 2010-07-07 中国银联股份有限公司 Multiple-factor authentication method for online payment and authentication system
US20130009756A1 (en) * 2011-07-07 2013-01-10 Nokia Corporation Verification using near field communications

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103310142A (en) * 2013-05-22 2013-09-18 复旦大学 Man-machine fusion security authentication method based on wearable equipment

Also Published As

Publication number Publication date
CN104601327A (en) 2015-05-06
WO2015101273A1 (en) 2015-07-09

Similar Documents

Publication Publication Date Title
CN104601327B (en) A kind of safe verification method, relevant device and system
CN105741112B (en) Network-based authentication payment device, authentication payment method and authentication payment system
CN112199714B (en) Privacy protection method and device based on block chain and electronic equipment
EP2564308B1 (en) Secure and efficient login and transaction authentication using iphones and other smart mobile communication devices
CN104618314B (en) A kind of password remapping method, device and system
CN106878245B (en) Graphic code information providing and obtaining method, device and terminal
CA3010336A1 (en) Secure information transmitting system and method for personal identity authentication
RU2610419C2 (en) Method, server and system for authentication of person
CN110502887A (en) Electric paying method and device
CN104618315B (en) A kind of method, apparatus and system of verification information push and Information Authentication
US9471916B2 (en) Wireless establishment of identity via bi-directional RFID
CN104320779A (en) Near field communication authentication method based on U/SIM card authentication response and time-limited feedback
CZ20013012A3 (en) Telepayment method and system for implementing said method
CN103123706A (en) Management method, device and system of bill payment for another
JP2017514242A (en) O2O secure settlement method, O2O secure settlement system and POS terminal
CN105635168B (en) A kind of application method of offline transaction device and its security key
CN104753675B (en) Information Authentication method, electric paying method, terminal, server and system
CN110232568A (en) Method of mobile payment, device, computer equipment and readable storage medium storing program for executing
CN104778579A (en) Induction payment method and device based on electronic identity recognition carrier
CN108737080A (en) Storage method, device, system and the equipment of password
CN104883686A (en) Mobile terminal safety certificate method, device, system and wearable equipment
CN107040501A (en) It is the authentication method and device of service based on platform
CN106487758A (en) A kind of data safety endorsement method, service terminal and private key backup server
CN105743651B (en) The card in chip secure domain is using method, apparatus and application terminal
CN103108316B (en) Air card-writing authentication method, device and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant