CN104657856A - Position certification based intelligent mobile client payment method and server system - Google Patents
Position certification based intelligent mobile client payment method and server system Download PDFInfo
- Publication number
- CN104657856A CN104657856A CN201510107347.0A CN201510107347A CN104657856A CN 104657856 A CN104657856 A CN 104657856A CN 201510107347 A CN201510107347 A CN 201510107347A CN 104657856 A CN104657856 A CN 104657856A
- Authority
- CN
- China
- Prior art keywords
- user
- mobile client
- authentication
- module
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention provides a position certification based intelligent mobile client payment method and a server system. Te mobile client generates position information including city grade; when generating an order, on the basis of identity authentication, the intelligent mobile client is required to upload the position information to the server system at the same time, the server system performs position certification by an algorithm, directly finishes the electronic order of the mobile client for a credible position, and asks a user to perform identity authentication of a higher grade for incredible position; if the position information is hard to acquire due to problem during payment, the mobile client inquires the position information used before, if the timestamp is in an acceptable range, the mobile client uploads the remembered position information to the server, otherwise, the mobile client determines that the position certification fails and asks the client to perform identity authentication of a higher grade. By utilizing the payment method, the payment security of the intelligent mobile client can be improved.
Description
Technical field
The present invention relates to network security communication field, be specifically related to a kind of intelligent mobile client method of payment and server system of position-based certification.
Background technology
The main task of information security provides following 5 kinds of security services: identity authentication service, access control service, data confidentiality service, data integrity sex service and resisting denying service.Wherein one of identity authentication service critical services realizing network security, it is the first line of defence in network application system, is the door of safe network system.The each side relating to network service must prove their identity by the ID authentication mechanism of certain form.The identification authentication mode of current main flow has 3 kinds, a kind of is the Basic Authentication mode of traditional " user name+password ", that last one is the two-factor authentication mode based on " password+hardware encipher equipment (as dynamic password card, USBKEY) " based on the authentication mode of biological characteristic as the fingerprint of people and an iris.Its password of authentication mode of traditional " user name+password " is easy to be intercepted, and security is very low.Although very high based on the authentication mode security of biological characteristic, because its application of reason of cost and technology is limited.Therefore the two-factor authentication mode based on " password+hardware encipher equipment " is the ID authentication mechanism extensively adopted in current e-commerce and e-government
In recent years the mobile payment along with smart mobile phone is more and more universal, and safety problem becomes a significant challenge.On the one hand due to impacts such as mobile phone viruses, fishing link, payment circumstance complication, quick payment verification link simplification, use the authentication based on account password can not provide enough safety guarantee, in payment process, on the basis of account number cipher, add position-based certification, the security of payment can be improved.Smart mobile phone is open system on the other hand, and the app on mobile phone may distort forgery positional information, to needing the service of actual position to impact, especially may cheat location-based authentication application.
Summary of the invention
The present invention is directed to the technical matters existed in above-mentioned prior art, a kind of intelligent mobile client method of payment and server system of position-based certification are provided, extensibility and the reusability of system are increased considerably, in payment process, on the basis of account number cipher, add position-based certification, effectively can improve the security of payment.
For achieving the above object, the technical solution adopted in the present invention is as follows:
A kind of intelligent mobile client method of payment of position-based certification, produced by mobile client and comprise other positional information of City-level, during generation order on the basis of authentication, intelligent mobile client needs simultaneously to server system upload location information, server system carries out location-authentication by algorithm, directly can complete the electronic order of mobile client for believable position, for incredible position, then require that user carries out the authentication of higher level; Cause temporarily being difficult to obtain its positional information if encountered problems when paying, then used positional information before mobile client inquiry, if timestamp is in tolerance interval, then upload this memory area information to server, otherwise, think and location-authentication failure require that client carries out more senior authentication.
The concrete grammar that described server system carries out location-authentication by algorithm is: take this dynamic factor of clock T, in the starting stage of location-authentication, when user to log in client and sends resource access request to Resource Server, system prompts user inputs user name ID and password PW, produce system clock T simultaneously, then RSA Algorithm (RSA public key algorithm is a kind of generally acknowledged foolproof public key algorithm) is called, M=H (ID is calculated with the private spoon Ke of oneself, PW, T), again by data (ID, M) server end is sent to, after server end receives data M, query subscriber database, obtain user cipher PW ' and the public spoon Kd of user, simultaneity factor adopts above-mentioned same procedure to calculate time factor T ', then RSA Algorithm is called, with the public spoon Kd of user M is decrypted and obtains ID, PW and T, again by PW and PW ', T and T ' compares respectively, only has the authentication just by client when they all mate time.
Described timestamp is no more than 5min.
A server system for the intelligent mobile client payment of position-based certification, for completing the location-authentication of above-mentioned method of payment, comprising and forming with lower module:
-location-authentication module
To the positional information of server, certification is carried out for client upload, and for generate a global session Session by the user of location-authentication.
Location-authentication module also will realize server end watcher thread, and the client for each request authentication uses a thread specially, all affairs of process and relative client.
-system management module
System management module mainly realizes a server main thread, processes corresponding affairs;
System creates an independent thread for the user that each connects, after user is by the authentication of server, a global session Session can be produced, reside in server memory, can with reference to the information in Session during some services request of this user of server process;
Session comprises user ID, User IP, user name, creation-time, life span, access rights etc.;
System management module also achieves the interface to system management.Its major function has: database interface, and setting data storehouse connects, so that and background data base communication.Create data form and generate corresponding data;
-line module
User account management, comprises increase, deletion, amendment user account number, Modify password, amendment secret key, the amendment secret key term of validity, the functions such as amendment authority;
User management wherein mainly comprises the content of two aspects, is respectively: new user's registration and user profile upgrade.
These information are saved in a database, in order to system call;
In addition line module also serves as the role of CA, is used for providing certificate to user;
-RSA module: RSA module is one of nucleus module of system, mainly completes Large-number operation, RSA Algorithm, the encrypting and decrypting of text;
-CA module
Certificate is provided to user;
When user's registration, the valid period of certificate expired or the private spoon of certificate leaks time, user must apply for certificate again, and CA provides new certificate to user again after examining.If the certificate request produced due to the private spoon leakage of user, after so upgrading, the content of certificate is the same with old certificate, and just CA carries out digital signature with the new private key of oneself to it;
-database management module
Safeguard the basic module communicated with backstage MySQL database;
Its primary interface comprises: data cube computation, the connection of foundation and maintenance and backstage MySQL database.Its major function has connection data storehouse server, reconnects database server, selects database;
-log audit module
A conventional basic module of server system, almost call by every other module;
Its main interface has generation corresponding event log recording, and parameter mainly comprises: the time, state, event type, user, time-triggered protocol object etc.
The present invention adopts technique scheme, and the beneficial effect brought is as follows:
The present age, the mobile payment of smart mobile phone was more and more universal, and safety problem is a significant challenge.Due to mobile phone viruses, fishing link, pay the impact such as circumstance complication, quick payment verification link simplification, use the authentication based on account password can not provide enough safety guarantee, the intelligent mobile client method of payment of a kind of position-based certification proposed in the present invention and server system, in payment process, on the basis of account number cipher, add position-based certification, effectively can improve the security of payment.Mobile client is produced and is comprised other positional information of City-level, during generation order on the basis of authentication, intelligent mobile client needs simultaneously to server system upload location information, server system carries out location-authentication by algorithm, the server system that the intelligent mobile client that major constituents goes out a kind of position-based certification pays, adopt OO software building technology, adopt the thought of modular design, thus increased considerably extensibility and the reusability of system.
Accompanying drawing explanation
By reading the detailed description done non-limiting example with reference to the following drawings, other features, objects and advantages of the present invention will become more obvious:
Fig. 1 is location-authentication process flow diagram flow chart of the present invention;
Fig. 2 is present system construction module composition frame chart;
Fig. 3 is Revest-Shamir-Adleman Algorithm (RSA) authentication system reduced graph;
Fig. 4 is Revest-Shamir-Adleman Algorithm (RSA) authentication basic agreement block diagram.
Embodiment
Below in conjunction with specific embodiment, the present invention is described in detail.Following examples will contribute to those skilled in the art and understand the present invention further, but not limit the present invention in any form.It should be pointed out that to those skilled in the art, without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.
The mobile client method of payment of position-based certification provided by the present invention, particular content is as follows:
Intelligent mobile equipment periodically longer when little (such as), long-time compartment of terrain send positional information frame to server, for avoiding privacy leakage, mobile client can be produced and be comprised other positional information of City-level.During generation order on the basis of authentication, smart mobile phone mobile client needs simultaneously to server system upload location information, whether server system is credible by this positional information of Algorithm Analysis, the electronic order of cell-phone customer terminal directly can be completed for believable position, for incredible position, then require that user carries out the authentication (verification mode such as routine mobile phone dynamic verification code) of higher level.If run into the problems such as Internet Transmission difficulty when paying to cause temporarily being difficult to obtain its positional information, then mobile client used positional information before can inquiring about, if timestamp generally can not more than 5min in tolerance interval, then upload this memory area information to server, otherwise, think and location-authentication failure require that client carries out more senior authentication.Location-authentication process as shown in Figure 1.
Server system in the mobile client method of payment of position-based certification provided by the present invention, it realizes thought is adopt OO software building technology, adopts the thought of modular design, has increased considerably extensibility and the reusability of system.Server system comprises location-authentication module, system management module, line module, rsa encryption module, database management module and log audit module six main modular.
In order to carry out reliable client location certification, and carrying out safe transmission, in system server, adding distinctive location-authentication module and RSA module.As shown in Figure 2, wherein RSA module is the basic module of system to the whole modular structure of server system, is mainly used to realize the function such as Large-number operation, rsa encryption deciphering, often can call by other modules.Database management module is used for processing in the relevant certain operations of number of users, also can by other modules basic call.The nucleus module of system is system management module, and it is mainly used to loading service, coordinates the funcall between other modules.
Need when carrying out location-authentication between client and server to carry out authentication by RSA module, ensured the security that data are transmitted on this basis.Using at present the security strategy based on public keys to carry out authentication on internet must have third-party proofs mandate (CA) center to sign and issue proof of identification for client.Client and server respectively prove since CA obtains, and trust this proof authorization center.First exchange proof of identification when session and communication, wherein contain and give the other side by respective PKI, then just use the digital signature of public key verifications the other side of the other side, exchange the encryption key etc. of communication.When determining whether the proof of identification accepting the other side, also need to check concerned server, to confirm that whether this proof is effective.The RSA location-authentication system construction drawing simplified as shown in Figure 3.
Simplify PKI mechanism in this system, CA mechanism is included in system server, becomes a functional module of server, and its effect is used to as user provides certificate.Client and server end has only carried out twice information transmission altogether, achieves disposable authentication, simple and fast, but may there is the possibility of security deficiency.In order to improve security, in system, take this dynamic factor of clock T.
In the starting stage of location-authentication, client calculates time factor T according to current system time, then calls RSA Algorithm, calculates M=H (ID, PW, T), then data (ID, M) are sent to server end with the private spoon Ke of oneself.After server end receives data M, query subscriber database, obtain user cipher PW ' and the public spoon Kd of user, calculate time factor T ' simultaneously, then call RSA Algorithm, with the public spoon Kd of user M is decrypted and obtains ID, PW and T, again by PW and PW ', T and T ' compare respectively, only have the authentication just by client when they all mate time.Basic agreement as shown in Figure 4.
Above specific embodiments of the invention are described.It is to be appreciated that the present invention is not limited to above-mentioned particular implementation, those skilled in the art can make various distortion or amendment within the scope of the claims, and this does not affect flesh and blood of the present invention.
Claims (9)
1. the intelligent mobile client method of payment of a position-based certification, it is characterized in that, produced by mobile client and comprise other positional information of City-level, during generation order on the basis of authentication, intelligent mobile client needs simultaneously to server system upload location information, and server system carries out location-authentication by algorithm, directly can complete the electronic order of mobile client for believable position, for incredible position, then require that user carries out the authentication of higher level; Cause temporarily being difficult to obtain its positional information if encountered problems when paying, then used positional information before mobile client inquiry, if timestamp is in tolerance interval, then upload this memory area information to server, otherwise, think and location-authentication failure require that client carries out more senior authentication.
2. the intelligent mobile client method of payment of position-based certification according to claim 1, it is characterized in that, the concrete grammar that described server end carries out location-authentication by algorithm is: take this dynamic factor of clock T, in the starting stage of location-authentication, when user to log in client and sends resource access request to Resource Server, system prompts user inputs user name ID and password PW, produce system clock T simultaneously, then RSA Algorithm is called, M=H (ID is calculated with the private spoon Ke of oneself, PW, T), again by data (ID, M) server end is sent to, after server end receives data M, query subscriber database, obtain user cipher PW ' and the public spoon Kd of user, calculate time factor T ' simultaneously, then RSA Algorithm is called, with the public spoon Kd of user M is decrypted and obtains ID, PW and T, again by PW and PW ', T and T ' compares respectively, only has the authentication just by client when they all mate time.
3. the intelligent mobile client method of payment of position-based certification according to claim 1, it is characterized in that, described timestamp is no more than 5min.
4. a server system for the intelligent mobile client payment of position-based certification, is characterized in that, for completing the location-authentication of method of payment as claimed in claim 1 or 2, comprising and forming with lower module:
-location-authentication module: to the positional information of server, certification is carried out for client upload, and for generate a global session Session by the user of location-authentication;
-system management module: system management module mainly realizes a server main thread, processes corresponding affairs, and realize the interface to system management;
-line module: carry out user account management;
-RSA module: one of nucleus module of system, mainly completes Large-number operation, RSA Algorithm, the encrypting and decrypting of text;
-CA module: provide certificate to user;
-database management module: safeguard the basic module communicated with backstage MySQL database;
-log audit module: call by every other module.
5. the server system of the intelligent mobile client payment of position-based certification according to claim 4, it is characterized in that, described location-authentication module is also for realizing server end watcher thread, client for each request authentication uses a thread specially, all affairs of process and relative client.
6. the server system of the intelligent mobile client payment of position-based certification according to claim 5, it is characterized in that, described system management module creates an independent thread for the user that each connects, with reference to the information in described Session during the services request of this user of server process.
7. the server system of the intelligent mobile client payment of position-based certification according to claim 6, it is characterized in that, described Session comprises user ID, User IP, user name, creation-time, life span, access rights.
8. the server system of the intelligent mobile client payment of position-based certification according to claim 5, it is characterized in that, described line module carries out the content that user account management mainly comprises two aspects, be respectively: new user's registration and user profile upgrade, these information are saved in a database, in order to system call.
9. the server system of the intelligent mobile client payment of position-based certification according to claim 8, it is characterized in that, described line module also serves as the role of CA, is used for providing certificate to user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510107347.0A CN104657856A (en) | 2015-03-11 | 2015-03-11 | Position certification based intelligent mobile client payment method and server system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510107347.0A CN104657856A (en) | 2015-03-11 | 2015-03-11 | Position certification based intelligent mobile client payment method and server system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104657856A true CN104657856A (en) | 2015-05-27 |
Family
ID=53248944
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510107347.0A Pending CN104657856A (en) | 2015-03-11 | 2015-03-11 | Position certification based intelligent mobile client payment method and server system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104657856A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106600258A (en) * | 2016-10-14 | 2017-04-26 | 惠州Tcl移动通信有限公司 | Payment location notification method and system, and server |
| CN106910057A (en) * | 2016-06-23 | 2017-06-30 | 阿里巴巴集团控股有限公司 | The safety certifying method and device of mobile terminal and mobile terminal side |
| CN107580001A (en) * | 2017-10-20 | 2018-01-12 | 珠海市魅族科技有限公司 | Using login and authentication information method to set up, device, computer installation and storage medium |
| WO2018054065A1 (en) * | 2016-09-23 | 2018-03-29 | 惠州Tcl移动通信有限公司 | Mobile terminal-based payment method and mobile terminal |
| WO2018232667A1 (en) * | 2017-06-21 | 2018-12-27 | 深圳支点电子智能科技有限公司 | Network payment method and system |
| CN111510862A (en) * | 2020-04-24 | 2020-08-07 | 支付宝(杭州)信息技术有限公司 | Terminal area positioning method and device and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101373528A (en) * | 2007-08-21 | 2009-02-25 | 联想(北京)有限公司 | Electronic payment system, device and method based on position authentication |
| CN102685093A (en) * | 2011-12-08 | 2012-09-19 | 陈易 | Mobile-terminal-based identity authentication system and method |
| CN103138921A (en) * | 2011-11-22 | 2013-06-05 | 阿里巴巴集团控股有限公司 | Method and system for verifying identity information |
| CN103532797A (en) * | 2013-11-06 | 2014-01-22 | 网之易信息技术(北京)有限公司 | Abnormity monitoring method and device for user registration |
-
2015
- 2015-03-11 CN CN201510107347.0A patent/CN104657856A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101373528A (en) * | 2007-08-21 | 2009-02-25 | 联想(北京)有限公司 | Electronic payment system, device and method based on position authentication |
| CN103138921A (en) * | 2011-11-22 | 2013-06-05 | 阿里巴巴集团控股有限公司 | Method and system for verifying identity information |
| CN102685093A (en) * | 2011-12-08 | 2012-09-19 | 陈易 | Mobile-terminal-based identity authentication system and method |
| CN103532797A (en) * | 2013-11-06 | 2014-01-22 | 网之易信息技术(北京)有限公司 | Abnormity monitoring method and device for user registration |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106910057A (en) * | 2016-06-23 | 2017-06-30 | 阿里巴巴集团控股有限公司 | The safety certifying method and device of mobile terminal and mobile terminal side |
| WO2018054065A1 (en) * | 2016-09-23 | 2018-03-29 | 惠州Tcl移动通信有限公司 | Mobile terminal-based payment method and mobile terminal |
| CN106600258A (en) * | 2016-10-14 | 2017-04-26 | 惠州Tcl移动通信有限公司 | Payment location notification method and system, and server |
| WO2018232667A1 (en) * | 2017-06-21 | 2018-12-27 | 深圳支点电子智能科技有限公司 | Network payment method and system |
| CN107580001A (en) * | 2017-10-20 | 2018-01-12 | 珠海市魅族科技有限公司 | Using login and authentication information method to set up, device, computer installation and storage medium |
| CN111510862A (en) * | 2020-04-24 | 2020-08-07 | 支付宝(杭州)信息技术有限公司 | Terminal area positioning method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102117584B1 (en) | Local device authentication | |
| Adavoudi-Jolfaei et al. | Lightweight and anonymous three-factor authentication and access control scheme for real-time applications in wireless sensor networks | |
| US11882442B2 (en) | Handset identifier verification | |
| US10469492B2 (en) | Systems and methods for secure online credential authentication | |
| US8819437B2 (en) | Cryptographic device that binds an additional authentication factor to multiple identities | |
| CN102448061B (en) | Method and system for preventing phishing attack on basis of mobile terminal | |
| CN104657856A (en) | Position certification based intelligent mobile client payment method and server system | |
| CN108235805A (en) | Account unifying method and device and storage medium | |
| CN110324287A (en) | Access authentication method, device and server | |
| CN102413464B (en) | GBA (General Bootstrapping Architecture)-based secret key negotiation system and method of telecommunication capability open platform | |
| CN109618326A (en) | User's dynamic identifier generation method and service registration method, login validation method | |
| CN102685749B (en) | Wireless safety authentication method orienting to mobile terminal | |
| US9608971B2 (en) | Method and apparatus for using a bootstrapping protocol to secure communication between a terminal and cooperating servers | |
| CN105743916A (en) | Information processing method, system and device for enhancing access security | |
| CN105099690A (en) | OTP and user behavior-based certification and authorization method in mobile cloud computing environment | |
| CN101401387A (en) | Access control protocol for embedded devices | |
| CN101686127A (en) | Novel USBKey secure calling method and USBKey device | |
| CN110659467A (en) | Remote user identity authentication method, device, system, terminal and server | |
| CN108282779A (en) | Incorporate Information Network low time delay anonymous access authentication method | |
| US20070186097A1 (en) | Sending of public keys by mobile terminals | |
| CN103401686B (en) | A kind of user's OTP WEB Authentication System and application process thereof | |
| CN106790138A (en) | A kind of method of government affairs cloud application User logs in double factor checking | |
| KR20130042266A (en) | Authentification method based cipher and smartcard for wsn | |
| CN116668190A (en) | Cross-domain single sign-on method and system based on browser fingerprint | |
| Pampori et al. | Securely eradicating cellular dependency for e-banking applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150527 |